Asb

ASB 4/12 Page 1Printed: 9/17/2012 2:52:40 PM
Copyright 2012 Thomson Reuters/PPC. All Rights Reserved.

PPCS GUIDE TO
AUDITS OF
NONPUBLIC
COMPANIES
Authors:
Douglas R. Carmichael, Ph.D., CPA, CFE
Jerry Anderson, CPA
David L. Landsittel, CPA
Edward F. Rockman, CPA
L. Scott Spradling, CPA
Tammy Mooney, CPA
Mary Ann White, CPA
Janice Burns, CPA
L. Rick Call, CPA
Copyright 2012 Thomson Reuters/PPC
All Rights Reserved
This book, or parts thereof, may not be reproduced in another document or manuscript
in any form without the permission of the publisher.
This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is
sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If
legal advice or other expert assistance is required, the services of a competent professional person should be sought.From
a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and
Associations.
The following are registered trademarks filed with the United States Patent and Trademark Office:
Checkpointr Tools
PPCs Practice Aidst
PPCs Workpaperst
PPCs Engagement Letter Generatort
PPCs Interactive Disclosure Librariest
PPCs SMART Practice Aidst
ISSN 1056-9839
ISBN 978-0-7646-5886-7
PRODUCED IN THE UNITED STATES OF AMERICA
PREFACE
This Guide provides comprehensive, practical guidance on auditing the financial statements of a nonpublic company. The
information presented extends significantly beyond the matters presented in the professional literature that are part of
generally accepted auditing standards (GAAS). This material focuses on how auditors can apply GAAS using a practical
how-to-do-it approach so that audits can be conducted in an effective and efficient manner. The authors have attempted to
provide interpretive guidance, practical tools, and other aids that auditors can integrate into most audits of nonpublic
companies.
A key consideration of this Guide is the use of an audit approach that is predicated on the identification and assessment of
risks of material misstatement and the development of further audit procedures that are responsive to those assessed risks.
This approach allows the auditor to concentrate audit effort on those areas in the financial statements where there is a higher
risk of material misstatement and, accordingly, limit procedures in areas of lower risk.
This Guide also provides auditors of smaller nonpublic companies with a practical audit approach and tools based on the risk
characteristics and responses that are typical for such companies.
While this Guide addresses GAAS that are applicable to a wide variety of nonpublic entities, the unique characteristics and the
necessary audit responses and procedures that would apply to certain specialized industries or entities are not addressed
within this guidance. PPC offers Guides that specifically deal with the audit issues for a variety of specialized industries and
entities. In addition, this Guide is not intended to provide guidance for audits of public companies. PPCs Guide to PCAOB
Audits is available for audits of public companies. Those Guides may be ordered by calling (800) 431-9025 or by visiting
ppc.thomsonreuters.com.
Continuing Professional Education
A self-study CPE course is provided with this Guide. This course qualifies for either QAS or National Registry credit hours of
CPE. This CPE is a complete, stand-alone, course outside of the material presented in this Guide. The completion of this
course is entirely optional; however, there is a separate charge for grading and processing your answer sheet for the course.
Update Information
This Guide has been updated to include relevant technical developments as of April 2012. It is current as of Statement on
Auditing Standards No. 125, Alert That Restricts the Use of the Auditors Written Communication.
PEER REVIEW OF THIS GUIDE
To ensure that the quality control materials in this Guide are reliable aids to users in complying with professional standards
and to help users minimize the costs of their peer reviews, the Tax & Accounting business of Thomson Reuters has voluntarily
elected to undergo a peer review of its system for the development and maintenance of its quality control materials.
We received a peer review report rating of pass, and our report, which has been accepted by the National Peer Review
Committee of the AICPA, is reprinted following this paragraph. The report is valid for three years. If your firm is undergoing a
peer review, you should provide a copy of this report to the captain of your peer review team.
HOW TO USE THIS GUIDE
This Guide can be used: (a) as a LIBRARY Reference Source (it combines into one source the most current, authoritative
literature pertaining to a nonpublic company engagement), (b) as a FIELD PRACTICE Tool (it includes practice examples and
case studies, audit programs, confirmation and correspondence letters, and checklists that are ready to be used), (c) as a
FIRM MANUAL for Peer Review and Quality Control (included is a section to place your firm policies and procedures so the
Guide can be personalized and adopted as a firm manual), and (d) as a TRAINING TOOL (it includes numerous practice
examples, case studies, and practical suggestions).
Throughout this Guide, technical issues are referenced to the most current authoritative literature. Typically, these are
pronouncements found in Statements on Auditing Standards, AICPA Professional Standards, etc. It must be emphasized,
however, that this Guide is not a substitute for either individual study of authoritative literature or the use of sound professional
judgment.
Each paragraph in this Guide has been assigned a paragraph number. The first digit (or first two digits) relates to the chapter
number, the next two digits relate to the major topics discussed in each chapter, and the digits after the decimal relate to the
paragraph numbers within each major topic.
Topics can be found quickly by reference to paragraph numbers in the Table of Contents or by reference to the Index.
The Guide also includes Firm Policies (FP), Checklists (CX), Confirmation Letters (CL), Core Audit Programs (AP), Specified
Risk Audit Programs (AP-S), Initial Audit Programs (IA), and Interim Review Practice Aids (IR). The Firm Policy tab is included
so that the Guide may be customized as a firm manual. Practitioners are urged to carefully read the instructions and practical
considerations on the various checklists, confirmation letters, and audit programs as they use the material.
Your Comments and Suggestions
The authors encourage users of this Guide to contact the Tax & Accounting business of Thomson Reuters at
ppc.thomsonreuters.com to offer any comments or suggestions that they may have to improve the usefulness of future
editions. Of special interest are your comments about the usefulness of individual chapters and recommendations for
additions to the Guide.
ACKNOWLEDGMENTS
We express our appreciation to the many practitioners who provided input and advice during the development of this Guide.
In addition, we also thank those practitioners whose assistance was invaluable during the publication of PPCs Guide to
Risk-Based Audits, which provided a foundation for many of the concepts and practical guidance that appears throughout this
Guide. In particular, we thank Michael T. Umscheid, CPA, of Harbinger, PLC and Alan J. Winters, former Director of Auditing
Research of the AICPA, for their input during the development of this Guide. In addition, we would like to thank Dan L.
Goldwasser, J.D., formerly of Vedder, Price, Kaufman, Kammholz, P.C. for his contributions to the discussion on using the
engagement letter to limit the auditors legal liability.
We also express our appreciation to Cheryl A. Hartfield, CPA, Mary Lou Wurdack, CPA, and Stephen B. Eason, CPA, editors
of PPC products for the Tax & Accounting business of Thomson Reuters for their technical assistance during the development
of this Guide. In addition, we greatly appreciate the contributing authors for their considerable input into shaping this Guide.
We also sincerely thank the Content Management Department at the Tax & Accounting business of Thomson Reuters for
many dedicated hours spent in editing and producing this Guide.
And finally, we thank our family and friends for their patience and encouragement.
Douglas R. Carmichael
Jerry Anderson
David L. Landsittel
Edward F. Rockman
L. Scott Spradling
Tammy Mooney
Mary Ann White
Janice Burns
L. Rick Call
ACKNOWLEDGMENT OF COPYRIGHTS
PPCs Guide to Audits of Nonpublic Companies contains quotations from publications copyrighted by the American Institute
of Certified Public Accountants. Each quotation cites the documents section and paragraph number. The titles of publications
and year of copyright are listed below. Such passages have been reprinted with the permission of the American Institute of
Certified Public Accountants.
AICPA References:
SAS No. 45Omnibus Statement on Auditing Standards1983
SAS No. 107Audit Risk and Materiality in Conducting an Audit2006
Exhibit to SAS No. 122, Statements on Auditing Standards: Clarification and Recodification
AU-C 200Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally
Accepted Auditing Standards
AU-C 210Terms of Engagement
AU-C 230Audit Documentation
AU-C 240Consideration of Fraud in a Financial Statement Audit
AU-C 250Consideration of Laws and Regulations in an Audit of Financial Statements
AU-C 260The Auditors Communication With Those Charged With Governance
AU-C 315Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
AU-C 330Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
AU-C 450Evaluation of Misstatements Identified During the Audit
AU-C 500Audit Evidence
AU-C 501Audit EvidenceSpecific Considerations for Selected Items
AU-C 510Opening BalancesInitial Audit Engagements, Including Reaudit Engagements
AU-C 530Audit Sampling
AU-C 540Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
AU-C 580Written Representations
Statement on Quality Control Standards No. 8A Firms System of Quality Control (Redrafted)
AICPA Audit GuideAudit Sampling2008
AICPA Audit GuideAssessing and Responding to Audit Risk in a Financial Statement Audit2009
AICPA Independence Rule 101Interpretation 101-3
Rule 301 of the Code of Professional Conduct1988
Ethics Ruling No. 71 of the Code of Professional Conduct
Portions of various FASB documents, copyrighted by the Financial Accounting Standards Board, 401 Merritt 7, P.O. Box
5116, Norwalk, Connecticut 06856-5116, U.S.A., are reprinted with permission. Complete copies of these documents are
available from the FASB.
FASB References:
Statement of Financial Accounting Concepts No. 8, Conceptual Framework for FinancialChapter 3, Qualitative
Characteristics of Useful Financial Information 2010
FASB ASC Master Glossary
FASB ASC 740-10-30-7
FASB ASC 740-10-30-21 and 30-22
FASB ASC 740-10-55-17
FASB ASC 850-10-50-5
ABOUT THE AUTHORS . . .
Douglas R. Carmichael, Ph.D., CPA, CFE, is the Wollman Distinguished Professor of
Accountancy at Baruch College, City University of New York. From 2003 to 2006 he was
the Chief Auditor and Director of Professional Standards of the Public Company
Accounting Oversight Board (PCAOB) and the primary advisor to the PCAOB on policy
and technical issues related to auditing public companies. He was the founding Director
of the Center for Financial Integrity at Baruch College. Until 1983, he was Vice President,
Auditing, at the AICPA, where he participated in the standard-setting process for 13 years.
Mr. Carmichael is one of the countrys most prolific writers in the field of accountancy. He
is coauthor of PPCs Guide to Audit Risk Assessment (Implementing the Risk Assessment
Standards), PPCs Guide to Troubled Businesses and Bankruptcies, PPCs Guide to Fraud
Detection, PPCs Guide to Audits of Local Governments, PPCs Guide to Audits of
Nonprofit Organizations, PPCs Guide to Construction Contractors, PPCs Guide to
Homeowners Associations and Other Common Interest Realty Associations, PPCs Guide
to Audits of Employee Benefit Plans, PPCs Guide to Audits of Financial Institutions, PPCs
Guide to Litigation Support Services, PPCS Guide to International Standards on Auditing
and Related Services, and PPCs Guide to Small Business Consulting Engagements. He is
also author of numerous articles, continuing education courses, and books on a wide
variety of topics of interest to CPAs.
Jerry Anderson, CPA, is a sole practitioner who brings a wealth of practice experience
gained from over 40 years of audit experience with both large and small businesses in a
variety of industries. He is actively involved with continuing professional education as an
author and speaker throughout the United States, particularly in the area of effective and
efficient auditing, and has served on numerous accounting and auditing committees of
the Texas Society of CPAs and the AICPA. Mr. Anderson also consults with auditing firms
on matters related to audit effectiveness and efficiency. He is currently a shareholder with
Mayer, Hoffman, McCann P.C.
David L. Landsittel, CPA, is a consultant to auditing firms and others involved in the
accounting profession. After 34 years, he retired in 1997 as an audit partner from Arthur
Andersen, where he served in many leadership positions, including several years as
Managing DirectorAuditing Procedures. During his career, Mr. Landsittel has been
involved in outside professional activities, including serving as chairman of the AICPAs
Auditing Standards Board and President of the Illinois CPA Society. In addition, he served
as chairman of the ASBs fraud task force, which was responsible for developing SAS No.
99, Consideration of Fraud in a Financial Statement Audit. In 1996, he received the John J.
McCoy Award from the Public Oversight Board for outstanding contributions to auditing in
the United States. Mr. Landsittel is also a corporate director for three companies, serving
as chair of the audit committee for two of them.
Edward F. Rockman, CPA, is a former shareholder and director of quality control with
Alpern Rosenthal in Pittsburgh, PA. He is a frequent lecturer on accounting and auditing
subjects for the Tax and Accounting business of Thomson Reuters. Mr. Rockman has
been an active participant in the AICPAs peer review program, and was a member of the
Edward F. Rockman, CPA, is a former shareholder and director of quality control with
Alpern Rosenthal in Pittsburgh, PA. He is a frequent lecturer on accounting and auditing
subjects for the Tax and Accounting business of Thomson Reuters. Mr. Rockman has
been an active participant in the AICPAs peer review program, and was a member of the
Center for Public Company Audit Firms Peer Review Committee. He is a former member
of the AICPAs Auditing Standards Board, where he served on several task forces,
including the Audit Issues Task Force and the task forces on establishing an
understanding with the client and management representations. Mr. Rockman has also
served on the Financial Accounting Standards Advisory Council, the PCPS Executive
Committee, and the PCPS Technical Issues Committee.
L. Scott Spradling, CPA, is a senior director of product development for the Tax &
Accounting business of Thomson Reuters. He is coauthor of PPCs Guide to Compilation
and Review Engagements, PPCs Guide to Quality Control, PPCs Guide to Nontraditional
Engagements, PPCs Guide to Risks and Uncertainties, PPCs Guide to Start-up
Businesses, and PPCs Guide to Real Estate. Prior to joining PPC, Mr. Spradling was a
manager with KPMG Peat Marwick, where he was recognized as a statistical audit
specialist. His experience includes managing engagements ranging from compilations
and reviews of small businesses to audits of companies of all sizes. This background
provides Mr. Spradling with unique insights into risk assessments and materiality
judgments in audits of small businesses.
Tammy Mooney, CPA, is an executive editor of PPC products for the Tax & Accounting
business of Thomson Reuters. Prior to joining PPC, she was Vice President of Internal
Audit for Colonial Savings, F.A.; Chief Financial Officer for First American Savings Bank,
SSB; and in public practice for over four years with Coopers & Lybrand L.L.P, where her
experience included providing accounting, auditing, and other nontraditional services to
her clients. Ms. Mooney is coauthor of PPCs Guide to Audit Risk Assessment
(Implementing the Risk Assessment Standards) and PPCs Guide to Audits of Financial
Institutions, and a contributing author to PPCs Guide to Nontraditional Engagements,
PPCs Guide to Forecasts and Projections, and PPCs Guide to Auditors Reports.
Mary Ann White, CPA, is an executive editor of PPC products for the Tax & Accounting
business of Thomson Reuters, where she is currently responsible for the technical content
of a number of PPC guides. She is a coauthor of PPCs Guide to Audit Risk Assessment
(Implementing the Risk Assessment Standards), PPCs Guide to Related Parties (Including
Variable Interest Entities), and PPCs Guide to Fraud Risk Assessment, and a contributing
author of PPCs Guide to GAAP. Prior to joining PPC, she was Manager of Accounting
Policy, General Accounting and Financial Reporting for Union Pacific Resources Group
Inc., in Fort Worth, Texas. Prior to joining Union Pacific Resources, she spent several
years in public practice with PricewaterhouseCoopers (formerly Price Waterhouse & Co.),
where she provided audit services to a wide range of clients.
Janice Burns, CPA, is a senior technical editor of PPC products for the Tax & Accounting
business of Thomson Reuters. She is a coauthor of PPCs Guide to Audit Risk Assessment
(Implementing the Risk Assessment Standards), PPCs Guide to Religious Organizations,
PPCs Guide to Nonprofit Contributions, and PPCs Guide to Nonprofit Expenses and a
contributing author of PPCs Guide to Preparing Nonprofit Financial Statements, PPCs
Janice Burns, CPA, is a senior technical editor of PPC products for the Tax & Accounting
business of Thomson Reuters. She is a coauthor of PPCs Guide to Audit Risk Assessment
(Implementing the Risk Assessment Standards), PPCs Guide to Religious Organizations,
PPCs Guide to Nonprofit Contributions, and PPCs Guide to Nonprofit Expenses and a
contributing author of PPCs Guide to Preparing Nonprofit Financial Statements, PPCs
Nonprofit Financial Statement Illustrations and Trends, and PPCs Guide to Audits of Local
Governments. Prior to joining PPC, Ms. Burns was in public practice for over nine years
with KPMG LLP, where she was a senior manager specializing in nonprofit and
governmental clients. Her extensive experience includes providing a wide range of
accounting, auditing, and consulting services to clients in a variety of industries.
L. Rick Call, CPA, is a senior technical editor of PPC products for the Tax & Accounting
business of Thomson Reuters. He is a coauthor of PPCs Guide to Audit Risk Assessment
(Implementing the Risk Assessment Standards) and contributing author to PPCs Guide to
GAAP and PPCs Guide to Internal Control and Fraud Prevention. Before joining PPC, Mr.
Call had over twenty-five years of various public accounting and industry roles, which
included being an audit manager at Coopers & Lybrand LLP and assistant director of
national accounting center operations for Ernst & Young LLP. Mr. Call has also held
senior financial positions within industry, including chief financial officer and controller for
several corporations.
AND THE CONTRIBUTING AUTHORS . . .
Stephen D. Holton, CPA, has been in public practice, concentrating on the problems of
small businesses, for over 30 years. He is a stockholder in the firm of Martin, Dolan &
Holton, Ltd., a local firm in Richmond, VA. He is a former member of the AICPA Auditing
Standards Board, a former member of the FASB Emerging Issues Task Force, a former
chairman of the AICPA Accounting and Review Services Committee, and a former
chairman of the Virginia State Society Accounting and Auditing Procedures Committee.
Mr. Holton is a coauthor of several books for local practitioners, including PPCs Guide to
Preparing Financial Statements, PPCs Guide to Forecasts and Projections, PPCs Guide to
Accounting for Income Taxes, PPCs Guide to Real Estate, PPCs Guide to Dealerships,
Designing and Using Effective Analytical Procedures, PPCs Guide to Risks and
Uncertainties, PPCs Guide to Related Parties (Including Variable Interest Entities), and
PPCs Guide to Cash, Tax, and Other Bases of Accounting.
Fred L. Lilly, MBA, CPA, CISA, provides computer auditing services to CPA firms and
internal auditing organizations to assist them in evaluating internal controls and testing
computer-maintained data files. Mr. Lilly is a member of the Computer Auditing
Subcommittee of the AICPA and the Standards Board of the Information Systems Audit
and Control Association. He is a contributing editor of the Associations Journal and he
writes its Help Source column. Mr. Lilly has previously served as chairman of the AICPAs
Special Advisory Committee on Internal Controls in the Federal Government; EDP
Auditing Standards Subcommittee; and the task force that developed the Audit and
Accounting Guide, The Auditors Study and Evaluation of Internal Control in EDP Systems.
He also served as a member of the AICPAs Computer Services Executive Committee and
the task force that wrote the Audit and Accounting Guide, Audits of
Services-Center-Produced Records.
Scott McDonald, CPA, is a shareholder in the CPA firm of Davis, Kinard, & Co., P.C., in
Abilene, Texas. He is in charge of his firms audit practice and has more than 30 years of
experience auditing a variety of small business entities, including financial institutions,
manufacturers, retailers, and construction companies. He frequently speaks to
professional and industry groups regarding fraud, auditing, and professional liability. Mr.
McDonalds experience includes extensive litigation support in the areas of accountant,
director, and officer liability. He also has more than 14 years experience as a peer review
team captain. He is a former member of the AICPA Auditing Standards Board and served
as Chairman of the Audit Documentation Task Force, which produced Statement on
Auditing Standards No. 96, Audit Documentation. Mr. McDonald is currently serving on the
AICPA Joint Quality Control Standards Task Force, which is charged with the ongoing
responsibility of ensuring that the professions quality control standards remain current
and relevant. Additionally, he serves on the Texas Society of CPAs Financial Institution
Committee. His former committee service includes the Materiality Task Force of the
Auditing Standards Board, the AICPA Joint Task Force on Alternative Practice Structures,
and the Technical Standards Subcommittee of the AICPA Professional Ethics Committee.
Mr. McDonald is former president of the Abilene Chapter of the Texas Society of CPAs.
Ross Nelle, CPA, is a senior technical editor of PPC products for the Tax & Accounting
business of Thomson Reuters. He is a coauthor of PPCs Guide to Internal Control
Ross Nelle, CPA, is a senior technical editor of PPC products for the Tax & Accounting
business of Thomson Reuters. He is a coauthor of PPCs Guide to Internal Control
Communications Applying SAS No. 112 and a contributing author to PPCs Guide to
Audits of Nonprofit Organizations, PPCs Guide to Audits of Financial Institutions, and
PPCs Guide to Health Care Consulting. Mr. Nelle had over twenty years of industry and
public accounting experience before joining Thomson Tax & Accounting, most recently as
a technical manager for the AICPA developing accounting and auditing CPE courses. He
worked in public accounting with KPMG Peat Marwick LLP for five years and a national
firm for another two years providing a wide range of accounting and auditing services to
clients. For seven years, he was in internal audit roles for a national healthcare company
and a financial institution.
Meryl L. Reed, MBA, CPA, is a senior technical editor at of PPC products for the Tax &
Accounting business of Thomson Reuters, where she has been extensively involved in a
number of accounting, auditing, and consulting projects. She was formerly a manager
with the Auditing Standards Division of the AICPA and has had seven years of practice
experience with Arthur Andersen & Co. During her tenure with the AICPA, Ms. Reed was
involved in the development of numerous authoritative pronouncements, including ones
related to audit risk and materiality and governmental audits. She has coauthored several
books, including PPCs Guide to Audit Risk Assessment (Implementing the Risk
Assessment Standards), PPCs Guide to GAAS, PPCs Guide to Audits of Employee Benefit
Plans, PPCs Guide to Audits of Nonprofit Organizations, PPCs Guide to Troubled
Businesses and Bankruptcies, PPCs Guide to PCAOB Audits, and PPCs Guide to
Management Letter Comments: Operations and Control. She is also a contributing author
to PPCs Guide to Quality Control and a contributor to The PPC Accounting and Auditing
Update.
LIST OF SUBSTANTIVE CHANGES AND ADDITIONS
PPCs Guide to Audits of Nonpublic Companies
Thirtieth Edition (April 2012)
Highlights of this Edition
The following are some of the important new features in the 2012 Edition of PPCs Guide to Audits of Nonpublic Companies:
Clarified Auditing Standards. The AICPA has completed a large-scale project to revise all existing auditing
standards and to design a format under which all new standards will be issued (the Clarity Project). SAS No. 122,
Statements on Auditing Standards: Clarification and Recodification, which was issued in October 2011 and
supersedes all existing auditing standards, will be effective for audits of financial statements for periods ending on or
after December 15, 2012. In addition, SAS No. 123, Omnibus Statement on Auditing Standards2011, amends
certain standards, including SAS No. 118, Other Information in Documents Containing Audited Financial Statements,
as well as several sections of SAS No. 122. SAS No. 125, Alert That Restricts the Use of the Auditors Written
Communication, issued in December 2011, is also relevant to an audit of a nonpublic company. Your Guide has been
updated for those clarified standards. However, since early adoption of the clarified standards is generally not
allowed unless you also comply with existing standards, weve identified changes from the pre-clarified standards (or
in some cases, included dual guidance), so you can easily perform your June 30 and September 30 audits in
compliance with existing standards and your December 31 audits in compliance with the clarified standards.
New Guidance for Group Audits. The clarified auditing standards impose significant new requirements for audits
involving the use of other auditors, such as audits of entities that are consolidated or that have significant equity
method investments. Weve provided a complete section of text guidance, as well as a new set of audit procedures
and important new practice aids to help you address those requirements for periods ending on or after December 15,
2012, when the standards become effective.
Streamlined Audit Tools. In todays competitive environment, we understand how important it is for you to have the
latest tools to do your job well, without sacrificing efficiency. Weve continued to refine the audit tools in your Guide to
make them easier and more efficient to use while maintaining the in-depth coverage you require to ensure
compliance with generally accepted auditing standards. For example, weve combined and eliminated several
questions related to obtaining an understanding of the entity and documenting internal controls to help you complete
these forms faster and easier.
New Authoritative Literature. Your Guide has been updated for other new authoritative literature, including relevant
accounting and ethics pronouncements that affect your audits. Weve also fully integrated SQCS No. 8, A Firms
System of Quality Control (Redrafted), which is effective for a firms system of quality control as of January 1, 2012.
Updated Disclosure Checklist. Why risk your reputation by not using the most current disclosure checklist
available? Weve updated the checklist for new disclosures required by authoritative literature on fair value
measurements and numerous other standards.
Chapter Substantive Changes and Additions Reference
CHAPTER 1
Introduction and Overview 1. Added a discussion about the general form and content
of the clarified auditing standards.
Paragraph 101.9
2. Updated the discussion of quality control standards,
including a new quality control SAS issued as part of
the clarified auditing standards.
Paragraph 101.20
3. Added a general explanation about this years update of
the Guide, including the approach for implementing the
Paragraph 101.24
clarified auditing standards.
4. Added a discussion about significant changes in
auditor requirements as a result of the clarified auditing
standards.
Paragraph 101.28
5. Updated the list of professional standards recently
issued or soon to be effective.
Appendix 1A
6. Added a cross-reference from the clarified auditing
standards to the existing AU sections.
Appendix 1B
CHAPTER 2
Pre-engagement Activities 1. Added relevant clarified auditing standards to the list of
authoritative literature and updated the list for SQCS
No. 8, A Firms System of Quality Control (Redrafted).
Paragraph 200.3
2. Modified the discussion about objectives and
requirements of pre-engagement activities under the
clarified auditing standards. Expanded the list of
requirements to include references to the professional
literature and related PPC practice aids.
Section 201
3. Updated throughout to provide guidance for the
Sections 202,
203, and 205
4. Added a discussion about preconditions for an audit
under the clarified auditing standards.
Paragraphs
202.4.6
5. Added a discussion about a change in the time period
for required communication with a predecessor auditor
Paragraph 202.27
6. Updated the discussion of a PEEC exposure draft that
would amend Ethics Interpretation 101-3.
Paragraph 202.34
7. Added a discussion about addressing the engagement
letter.
Paragraph 203.7
8. Revised discussion about multi-year engagement
letters.
Paragraph 203.16
9. Added a discussion about changes in the terms of an
audit engagement under the clarified auditing
standards.
Paragraphs
203.18.24
CHAPTER 3
Risk Assessment
Procedures and Planning
Sections 300307
2. Revised and expanded the list of requirements under
the clarified auditing standards, including adding
references to the professional literature and related PPC
practice aids.
Section 300
3. Added relevant clarified auditing standards to the list of
authoritative literature.
Paragraph 300.3
4. Updated the list of required inquiries. Paragraphs
301.13 and
301.18
5. Added a discussion about related party inquiries and
consideration of related parties during the engagement
team discussion.
Paragraphs
301.24 and
301.59
6. Added a discussion about inquiries concerning
accounting estimates.
Paragraph 301.26
7. Added a discussion about inquiries concerning
compliance with laws and regulations.
Paragraph 301.27
8. Added a discussion about inquiries concerning fraud or
noncompliance with laws or regulations communicated
by a service organization.
Paragraph 301.28
9. Added a discussion about matters that may be
communicated by the engagement partner as part of
audit planning.
Paragraph 301.71
10. Added a discussion about obtaining an understanding
of the entitys accounting estimates.
Paragraph 302.35
11. Added a discussion about a COSO exposure draft that
would update the COSO internal control integrated
framework.
Paragraph 303.2
12. Added a discussion about obtaining an understanding
of the entitys use of a service organization.
Paragraph 303.35
13. Expanded the various discussions on determining
materiality and performance materiality (tolerable
misstatement).
Paragraphs
306.4.9 and
306.26.40
14. Added a discussion on the auditors consideration of
compliance with laws and regulations during audit
planning.
Section 308
CHAPTER 4
Assessing Risks and
Developing the Detailed
Audit Plan
1. Expanded the list of authoritative guidance and updated
it to include relevant clarified auditing standards.
Paragraph 400.2
practice aids.
Section 400
Sections 401405
4. Added a discussion of specialized considerations when
assessing risks relating to related party transactions
and accounting estimates.
Paragraphs
403.18.19
CHAPTER 5
Substantive Procedures 1. Updated throughout to provide guidance for the
Sections 500507
Paragraph 500.2
Section 501
practice aids.
4. Added a discussion of the basic types of substantive
procedures.
Paragraph 503.9
5. Added a discussion about selecting items for testing. Paragraph 504.3
6. Added a discussion about the necessary precision for a
substantive analytical procedure.
Paragraph 505.27
7. Revised the guidance on documenting substantive
analytical procedures.
Paragraphs
505.70.72
8. Revised the discussion about testing journal entries. Paragraphs
506.18.20
CHAPTER 6
Testing Internal Control 1. Updated throughout to provide guidance for the
Sections 600609
Paragraph 600.4
practice aids.
Section 601
4. Revised the discussion of indirect (or complimentary)
controls.
Paragraphs
604.10.14
CHAPTER 7
Sampling in an Audit
Engagement
Sections 700705
2. Added relevant clarified auditing standards to the
discussion of authoritative literature.
Paragraph 700.4
3. Added a discussion about the means of selecting items
for testing.
Paragraphs
700.6.10
4. Added a discussion about tolerable misstatement and
discussed how that term relates to the term
performance materiality.
Paragraph 700.13
5. Added discussions about statistical sampling and the
PPC approach to audit sampling.
Paragraphs
700.14.15
practice aids.
Section 701
7. Revised the discussion about basic procedures that
apply to all audit samples.
Paragraph 703.3
8. Added a discussion about considering the
completeness of the population.
Paragraph 703.7
9. Modified and expanded the discussion about
consideration of deviations and missing documents
when performing a sampling application.
Paragraphs
703.13.15 and
704.21
10. Added a discussion about factors to consider in
determining the sample size for substantive tests of
details and tests of controls.
Paragraphs 704.2
and 705.4.5
11. Updated for changes in the illustrated practice aid. Exhibits 7-16 and
7-17
CHAPTER 8
Audit Documentation 1. Updated the list of authoritative literature for relevant
Paragraph 800.3
Sections
800802,
804805, and 808
practice aids.
Section 801
4. Updated for SQCS No. 8. Paragraph 804.7
5. Modified the discussion about ownership of
engagement documentation.
Paragraph 805.1
6. Added a note about proposed revisions to Ethics
Interpretation 501-1, Response to Requests by Clients
and Former Clients for Records.
Paragraph 805.1
7. Added a list of documentation requirements under the
Appendix 8A-1
CHAPTER 9
Special Audit
Considerations
1. Updated to provide guidance for the clarified auditing
standards.
Sections 900,
904906, 908,
and 912
Paragraph 900.2
3. Added a note about the applicability of existing
guidance under the clarified auditing standards for
periods ending on or after December 15, 2012.
Sections 901903
practice aids.
Sections 904,
905, 906, and 910
5. Added a discussion about group audits for periods
ending on or after December 15, 2012.
Section 904
6. Added a discussion about fraud, noncompliance with
laws and regulations, and uncorrected misstatements at
service organizations.
Paragraph 905.7
7. Expanded the discussion about understanding how the
client uses a service organization.
Paragraph 905.8
8. Added a discussion of factors to consider when
determining how to obtain a sufficient understanding of
Paragraph 905.15
controls at a service organization.
9. Added separate discussions about using the work of an
auditors specialist, using the work of a managements
specialist, and using the work of specialists on the
engagement team for periods ending on or after
December 15, 2012.
Section 906
10. Added a note about the status of the clarified auditing
standard on using the work of internal auditors.
Paragraph 907.4
11. Clarified the applicability of the guidance for other
information in documents containing audited financial
statements.
Paragraph 908.3
12. Updated the system requirements for using data
extraction software
Exhibit 9-14
13. Added a summary of specific procedures that are
required to be performed on opening balances in initial
audits and considerations for determining the extent of
procedures.
Paragraphs
910.10.11
14. Added a discussion about misstatements in opening
balances in initial audits.
Paragraph 910.17
15. Expanded the discussion of alternative procedures if
beginning inventory was not observed by a
predecessor auditor.
Paragraph 910.71
16. Noted that a written report is required for reviews of
interim financial information for interim periods of fiscal
years beginning on or after December 15, 2012.
Paragraph 912.9
CHAPTER 10
Cash Balances 1. Updated to provide guidance for the clarified auditing
standards.
Section 1001
CHAPTER 11
Accounts Receivable and
Sales
1. Added guidance on revenue recognition considerations
under GAAP.
Paragraph 1100.3
2. Noted that FASB ASC 825 disclosures about
concentrations of credit risk are optional for certain
nonpublic companies.
Paragraph 1100.4
standards.
Section 1101
practice aids.
Section 1101
5. Added a discussion about the definition of accounts
receivable for purposes of accounts receivable
confirmation.
Paragraph
1101.19
6. Added a discussion about the definition of what
constitutes an external confirmation.
Paragraph
1101.22
7. Added a discussion about procedures when there are Paragraphs
7. Added a discussion about procedures when there are
doubts about the reliability of a confirmation.
Paragraphs
1101.25, 1101.37,
and 1103.3
8. Expanded the discussion about oral responses to
confirmation requests.
Paragraph
1101.35
9. Expanded the discussion about alternative forms of
confirmation.
Paragraph
1101.39
10. Updated for changes in the illustrated practice aid. Exhibits 11-4 and
11-5
CHAPTER 12
Inventory and Cost of
Sales
standards.
Section 1201
practice aids.
Section 1201
3. Added a discussion of procedures on the final inventory
listing.
Paragraph
1201.27
4. Added a discussion about inventory observed on a date
other than the balance sheet date.
Paragraph
1201.28
5. Added a discussion about circumstances when
observation of the physical inventory is not feasible.
Paragraphs
1201.29.32
6. Updated for changes in the illustrated practice aid. Exhibits 12-2,
12-3, and 12-4
CHAPTER 13
Property 1. Updated to provide guidance for the clarified auditing
standards.
Section 1301
CHAPTER 14
Other Assets 1. Noted the issuance of ASU 2011-08, Testing Goodwill
for Impairment, which simplifies how entities test
goodwill for impairment.
Paragraphs
1400.2 and
1401.61
2. Noted the issuance of ASU 2011-04, Amendments to
Achieve Common Fair Value Measurement and
Disclosure Requirements in U.S. GAAP and IFRS, which
clarifies and expands fair value accounting and
disclosure guidance.
Paragraph 1400.3
standards.
Section 1401
CHAPTER 15
Liabilities and Equity 1. Updated to provide guidance for the clarified auditing
standards.
Section 1501
CHAPTER 16
Income Taxes 1. Updated to provide guidance for the clarified auditing
standards.
Sections 1601
and 1603
2. Updated for tax Form 1125-A. Exhibit 16-1
CHAPTER 17
Income and Expenses 1. Noted the issuance of ASU 2011-05, Presentation of
Comprehensive Income, which eliminates the current
option of reporting comprehensive income in a
statement of changes in stockholders equity.
Paragraph 1700.4
standards.
Sections 1701
and 1702
CHAPTER 18
Concluding the Audit 1. Updated throughout to provide guidance for the
Sections
18001819
practice aids.
Sections
18021806,
18091812,
18141816, and
1818
Paragraphs
1800.3.4
4. Included a note with dual guidance for the pre-clarified
and clarified auditing standards regarding when the
auditor should obtain a lawyers letter.
Exhibit 18-2
5. Expanded the discussions on the auditors inability to
obtain a representation letter or verify representations.
Paragraph 1804.2
6. Added a discussion about an exposure draft of a
proposed SAS, The Auditors Consideration of an
Entitys Ability to Continue as a Going Concern, which
would redraft AU-C 570 for the ASBs clarity
conventions.
Paragraphs
1807.2.3
7. Updated discussion of the FASBs exposure draft on
going concern.
Paragraph
1807.16
8. Updated for SQCS No. 8 and expanded to include
guidance from clarified AU-C 220, Quality Control for an
Engagement Conducted in Accordance with Generally
Accepted Auditing Standards.
Paragraphs
1811.10.12,
1811.22, 1811.26,
and 1811.28
9. Expanded the discussion on different materiality levels
when evaluating audit differences.
Paragraphs
1812.21.22
10. Included dual guidance for drafting the auditors report
under the pre-clarified and clarified auditing standards.
Also included a new report illustration for reporting
Section 1813
11. Expanded the discussion on identifying and evaluating
control deficiencies.
Paragraphs
1814.5.25
12. Added a discussion on significant deficiencies and
material weaknesses previously communicated but not
remediated.
Paragraphs
1814.50.51
13. Added a discussion about requirement to communicate
other control deficiencies for audits of periods ending
Paragraphs
1814.65.68
other control deficiencies for audits of periods ending
on or after December 15, 2012 (i.e., under the clarified
auditing standards).
1814.65.68
14. Added a list of additional AU-C sections that include
requirements to communicate with those charged with
governance.
Paragraph
1815.30
CONFIRMATION AND
CORRESPONDENCE
LETTERS (ASB-CL)
Audit Engagement Letter 1. Updated throughout so the letters can be used under
either the pre-clarified auditing standards or the clarified
auditing standards, as applicable.
ASB-CL-1.1,
ASB-CL-1.2, and
ASB-CL-1.3
2. Added a discussion of requirements related to
multi-year engagement letters under the clarified
auditing standards.
ASB-CL-1.1
3. Revised the discussion about addressing the
engagement letter.
ASB-CL-1.1
4. Added practical considerations and illustrative language
that may be added to the engagement letter for a group
audit.
ASB-CL-1.1
5. Added a practical consideration and illustrative
language for modifying the letter to incorporate
additional understanding when the financial statements
are prepared in accordance with an OCBOA.
ASB-CL-1.1
6. Added a practical consideration about changes in the
level of service or in the terms of the engagement.
ASB-CL-1.1 and
ASB-CL-1.2
Management
Representation Letter
7. Updated the letter for use in audits of financial
statements for periods ending on or after December 15,
2012 (i.e., for use under the clarified auditing
standards).
ASB-CL-3.5
Management
When the Current Year
Financial Statements Have
Been Audited and the Prior
Year Financial Statements
Have Been Reviewed
8. Updated the letter for use in audits of financial
standards).
ASB-CL-3.2
Updating Management
9. Modified the language in the letter. ASB-CL-3.4
Management
Representation Letterfor
Audits of Periods Ending
before December 15, 2012
10. Changed the title to reflect that the letter should only be
used for audits of periods ending before December 15,
2012.
ASB-CL-3.5
Communication of Internal
Control Related Matters
Identified in an Audit
11. Revised to reflect the language in the clarified
standards and to add instructions for group audits (for
audits of periods ending on or after December 15,
2012).
ASB-CL-4.1,
ASB-CL-4.2, and
ASB-CL-4.3
12. Updated the body of the letter for a new requirement for
audits of periods ending on or after December 15, 2012
(i.e., under the clarified auditing standards) to
communicate an explanation of the potential effects of
any significant deficiencies and material weaknesses
identified during the audit.
ASB-CL-4.1,
ASB-CL-4.2, and
ASB-CL-4.3
13. Updated the practical considerations for a new
requirement for audits of periods ending on or after
December 15, 2012 (i.e., under the clarified auditing
standards) to communicate other deficiencies in
internal control (other than significant deficiencies and
material weaknesses) identified during the audit.
ASB-CL-4.1,
ASB-CL-4.2, and
ASB-CL-4.3
Communication with Those
Charged with Governance
During Planning
14. Revised letter regarding the timing of communication of
significant findings.
ASB-CL-5.1
15. Revised practical considerations to note the
requirements for documentation of oral communication.
ASB-CL-5.1
16. Added a practical consideration with instructions for
group audits (for audits of periods ending on or after
December 15, 2012).
ASB-CL-5.1
Communication with Those
at or Near the Conclusion
of the Audit
17. Modified the letter to address the overall neutrality,
consistency, and clarity of disclosures.
ASB-CL-5.2
18. Revised practical considerations to note the
requirements for documentation of oral communication.
ASB-CL-5.2
19. Added a practical consideration with instructions for
group audits (for audits of periods ending on or after
December 15, 2012).
ASB-CL-5.2
20. Added a practical consideration listing other standards
that provide requirements for communications to those
charged with governance.
ASB-CL-5.2
Negative Accounts
Receivable Confirmation
Request
21. Revised the practical consideration addressing when
the use of negative confirmations is appropriate.
ASB-CL-7.4
Confirmation of Inventories
Held by a Third
PartyListing of
Inventories Not Enclosed
22. Modified the confirmation request to address the
condition of the inventory.
ASB-CL-9.1
Confirmation of Inventories
Held by a Third
PartyListing of
Inventories Enclosed
23. Modified the confirmation request to address the
condition of the inventory.
ASB-CL-9.2
Related Party
Questionnaire
24. Revised practical considerations to address when it
may be appropriate to obtain written representations
from those charged with governance regarding related
parties.
ASB-CL-12.4
Request for Predecessor 25. Added a practical consideration to note a new ASB-CL-13.1
Request for Predecessor
Auditor to Release
Information to Successor
Auditor
25. Added a practical consideration to note a new
requirement for audits of periods ending on or after
December 15, 2012, (i.e., under the clarified auditing
standards) regarding when communication with a
predecessor is required.
ASB-CL-13.1
Letter Granting Successor
Auditors Access to
Workpapers
26. Revised the letter to reflect the illustrative language in
AU-C 510, Exhibit C (applicable for periods before and
after December 15, 2012).
ASB-CL-13.2
Request for
Representations from
Other Auditor Who
Performs Audit Procedures
on Certain Elements,
Accounts, or Items in
Non-group Financial
Statements
27. Modified the practical consideration regarding the
applicability of the letter.
ASB-CL-14.5
Request for
Component Auditor When
Reference Will Be
MadePeriods Ending on
or after December 15, 2012
28. Added a new letter for use in audits of group financial
standards).
ASB-CL-14.6
Request for
Component Auditor When
Responsibility Will Be
AssumedPeriods Ending
on or after December 15,
2012
standards).
ASB-CL-14.7
Letter of Instructions from
Group Auditor to
Component Auditors When
Reference Will Be
MadePeriods Ending on
standards).
ASB-CL-14.8
Letter of Instructions from
Group Auditor to
Component Auditors When
Responsibility Will Be
AssumedPeriods Ending
on or after December 15,
2012
standards).
ASB-CL-14.9
CHECKLISTS AND
PRACTICE AIDS (ASB-CX)
Application of Practice Aids
to Engagements
1. Updated for changes made to the practice aids. ASB-CX-0.1
Engagement Acceptance
and Continuance Form
2. Added practical considerations for clarified auditing
standards.
ASB-CX-1.1
3. Added new questions to Part II, Additional Acceptance
Considerations for Initial Audit Engagements.
ASB-CX-1.1
Considerations for Initial Audit Engagements.
Financial Statement
Materiality Worksheet for
Planning Purposes
4. Updated to incorporate the concept of performance
materiality.
ASB-CX-2
Component Materiality
Worksheet
5. Added a practice aid to determine and document
component materiality for use in group audits.
ASB-CX-2.2
Understanding the Entity
and Identifying Risks
6. Streamlined and consolidated the questions. ASB-CX-3.1
7. Revised for considerations under the clarified auditing
standards.
ASB-CX-3.1
8. Added a question about significant transactions or
transactions outside the normal course of business
occurring during the period.
ASB-CX-3.1
Engagement Team
Discussion
standards.
ASB-CX-3.2
10. Added a practical consideration about conducting the
discussion.
ASB-CX-3.2
Fraud Risk Inquiries Form 11. Modified the lists of required inquiries. ASB-CX-3.3
Audit Inquiries Summary
Form
12. Revised for changes in inquiries made in other practice
aids.
ASB-CX-3.4
Understanding the Design
and Implementation of
Internal Control
13. Streamlined and consolidated the questions. ASB-CX-4.1
standards.
ASB-CX-4.1
Financial Reporting
Documentation Forms
15. Revised the instructions for considerations under the
ASB-CX-4.2
Financial Reporting
System Documentation
FormFinancial Close and
Reporting/Significant
Transaction Classes
16. Added practical considerations concerning
documentation of internal control related to significant
estimates and the use of service organizations.
ASB-CX-4.2.1
Financial Reporting
System Documentation
FormIT Environment and
General Computer
Controls
17. Updated for considerations about how a service
organization is used.
ASB-CX-4.2.2
Entity Risk Factors 18. Added considerations for significant or unusual
transactions.
ASB-CX-6.1
Risk Assessment Summary
Form
19. Revised the instructions for considerations under the
ASB-CX-7.1
Sampling Planning and
Evaluation
FormSubstantive
Procedures
20. Revised to include consideration of whether the sample
provides a reasonable basis for drawing conclusions
about the population and modified the question about
changes in the audit plan based on sample results.
ASB-CX-8.2
Sampling Worksheet for
Testing Account Coding
ASB-CX-8.3
Testing Account Coding
and Classifications
about the population and added a question about
changes in the audit plan based on test results.
Substantive Analytical
Procedures Worksheet
standards.
ASB-CX-9.1
Test of Controls Form 23. Revised for considerations under the clarified auditing
standards.
ASB-CX-10.1
Test of Controls Sampling
Planning and Evaluation
Form
about the population and added a question about
changes in the audit plan based on test results.
ASB-CX-10.2
Documentation and
Analysis of Group
Components
25. Added new practice aid for use in audits of group
financial statements for periods ending on or after
December 15, 2012 (i.e., for use under the clarified
auditing standards).
ASB-CX-11.6
Closing Entry and Audit
Adjustment Form
standards.
ASB-CX-12.1
Audit Difference Evaluation
Form
27. Added section to document qualitative factors. ASB-CX-12.2
standards.
ASB-CX-12.2
Disclosure Checklist 29. Updated the checklist for disclosure requirements of
recently issued professional accounting standards.
ASB-CX-13
Supervision, Review, and
Approval Form
30. Expanded instructions to reflect the engagement quality
control review and revised to reflect changes for the
ASB-CX-14
Control Deficiency
Evaluation Worksheet
31. Changed title and revised for clarified auditing
standards.
ASB-CX-15.1
Control Deficiency
Comment and
Management Point
Development Worksheet
32. Revised for clarified auditing standards. ASB-CX-15.2
Going Concern Checklist 33. Added discussion of proposed auditing standard on
going concern guidance.
ASB-CX-16.1
Significant Estimates
Identification Checklist
34. Revised the instructions. ASB-CX-16.2
AUDIT
PROGRAMSCORE
(ASB-AP)
Audit Program for General
Planning Procedures
1. Revised various lead-in steps to provide for enhanced
functioning in the electronic environment.
ASB-AP-1
2. Updated throughout so the program can be used under
auditing standards.
ASB-AP-1
3. Moved a step for performing a retrospective review of
contracts and minutes from the general auditing
ASB-AP-1
procedures (ASB-AP-2) to the general planning
procedures. Expanded the step to include review of
correspondence with regulatory authorities.
4. Moved a step for performing a retrospective review of
prior year significant accounting estimates from the
general auditing procedures (ASB-AP-2) to the general
planning procedures.
ASB-AP-1
Other General Planning
Procedures
5. Added a new program area and related steps for audits
of group financial statements for periods ending on or
after December 15, 2012.
ASB-AP-1, Other
General Planning
Procedures
6. Added new program areas and related steps for using
specialists for periods ending on or after December 15,
2012.
ASB-AP-1, Other
General Planning
Procedures
Auditing and Completion
Procedures
functionality in an electronic environment.
ASB-AP-2
auditing standards.
ASB-AP-2
9. Modified procedures for significant estimates. ASB-AP-2
10. Expanded procedures for related parties, including
additional steps to address the situation when
previously undisclosed related parties or related party
transactions are identified.
ASB-AP-2
11. Modified procedures for summarizing and evaluating
misstatements and added additional practical
considerations.
ASB-AP-2
12. Added a step and practical consideration related to
evaluating the consistency of financial statements.
ASB-AP-2
Other General Auditing and
Completion Procedures
13. Modified procedures regarding potential fraud and
violations of laws and regulations.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
14. Added additional practical considerations related to
other information in documents containing audited
financial statements.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
15. Added a practical consideration in the steps for fair
value disclosures concerning ASU 2011-04,
Amendments to Achieve Common Fair Value
Measurement and Disclosure Requirements in U.S.
GAAP and IFRS.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
16. Added a new program area and related steps regarding
significant related party transactions outside the normal
course of business.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
omitted procedures and subsequent discovery of facts
ASB-AP-2, Other
General Auditing
omitted procedures and subsequent discovery of facts
for periods ending on or after December 15, 2012.
General Auditing
and Completion
Procedures
18. Added a new program area and related steps
addressing the circumstance when requested written
representations are not provided.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
a change in the terms of an audit engagement.
ASB-AP-2, Other
General Auditing
and Completion
Procedures
additional procedures to respond to significant risks in
ASB-AP-2, Other
General Auditing
and Completion
Procedures
Audit Programs for
Financial Statement Areas
ASB-AP-3
through
ASB-AP-14
functionality in an electronic environment.
ASB-AP-3
through
ASB-AP-14
23. Added practical considerations related to the reliability
of data used in performing analytical procedures and
the precision of the expectation.
ASB-AP-3
through
ASB-AP-14
Audit Program for Cash 24. Streamlined and consolidated the cash confirmation
procedures and expanded the practical considerations.
ASB-AP-3, Basic
Procedures
25. Moved extended procedures for cash receipts from the
audit program for accounts receivable and sales to the
cash program.
ASB-AP-3,
Extended
Procedures
Audit Program for
Sales
26. Added practical considerations to the receivables
confirmation procedures regarding circumstances when
a written response is required and considerations
related to the reliability of responses.
ASB-AP-4, Basic
Procedures
Other Audit Procedures for
Sales
managements refusal to allow external confirmations.
ASB-AP-4, Other
Audit Procedures
Audit Program for
Investments and
Derivatives
28. Added practical considerations related to audits of
group financial statements.
ASB-AP-8,
Extended
Procedures
Other Audit Procedures for
Other Assets
29. Added a practical consideration to the steps for
goodwill regarding ASU 2011-08, Testing Goodwill for
Impairment.
ASB-AP-9, Other
Audit Procedures
30. Expanded the list of factors that may indicate
impairment of goodwill.
ASB-AP-9, Other
Audit Procedures
Audit Program for Notes
Payable and Long-term
Debt
31. Added a step to perform alternative procedures on
nonreplies to confirmation requests for notes or
financing arrangements.
ASB-AP-11,
Extended
Procedures
32. Added practical considerations to the accounts payable
confirmation procedures regarding circumstances when
a written response is required and considerations
related to the reliability of responses.
ASB-AP-11,
Extended
Procedures
AUDIT
PROGRAMSSPECIFIED
RISK ASB-AP-S)
1. Revised risk considerations at the assertion level. ASB-AP-3-S,
ASB-AP-4-S,
ASB-AP-5-S,
ASB-AP-6-S,
ASB-AP-7-S,
ASB-AP-10-S,
ASB-AP-11-S,
and ASB-AP-13-S
Audit Program for
Inventory and Cost of
SalesSpecified Risk
2. Revised the general risk considerations to reflect higher
risk for application of direct labor and overhead to
manufactured inventories.
ASB-AP-5-S
Audit Program for
Investments and
DerivativesSpecified Risk
3. Revised the general risk considerations and risk
considerations at the assertion level to reflect that the
audit area is no longer included as a significant audit
area.
ASB-AP-8-S
Audit Program for Income
TaxesSpecified Risk
4. Revised the general risk considerations and risk
considerations at the assertion level to reflect that the
audit area is no longer included as a significant audit
area.
ASB-AP-12-S
INITIAL AUDIT
PROGRAMS (ASB-IA)
functioning in the electronic environment.
ASB-IA Series
auditing standards.
ASB-IA Series
Additional General
Planning Procedures for an
Initial Audit
3. Added procedures related to reading the predecessors
report.
ASB-IA-1
Additional General Auditing
and Completion
Procedures for an Initial
Audit
4. Added procedures related to consideration of the
application of accounting policies in opening balances,
consideration of evidence about opening balances
obtained from current year audit procedures, and
consideration of misstatements in opening balances.
ASB-IA-2
Additional Audit
Procedures for Property
Beginning Balance in Initial
Audit
5. Expanded the procedures for opening balances of
property accounts.
ASB-IA-7
INTERIM REVIEW
PRACTICE AIDS (ASB-IR)
1. Revised the engagement letter and related practical
considerations consistent with the core letter, adapted
as necessary for an interim review.
ASB-IR-1
2. Revised the interim review program so the program can
be used under either the pre-clarified auditing
standards or the clarified auditing standards.
ASB-IR-2
3. Revised the interim review inquiries checklist to provide ASB-IR-3
3. Revised the interim review inquiries checklist to provide
a separate section of required inquiries.
ASB-IR-3
4. Revised the misstatement evaluation form to add a
section for documenting qualitative factors.
ASB-IR-4
5. Updated the disclosure checklist. ASB-IR-5
6. Revised the management representation letter and
related practice aids consistent with the core letter,
adapted as necessary for an interim review.
ASB-IR-6
7. Expanded instructions to reflect the engagement quality
control review and revised to reflect changes for the
ASB-IR-7
CHAPTER 1: INTRODUCTION AND OVERVIEW
100 INTRODUCTION
100.1 The objective of an audit is to express an opinion about whether the financial statements are fairly presented in
conformity with the applicable financial reporting framework that is used by the entity.
1(1)
The auditor has a responsibility to
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material
misstatement, whether caused by error or fraud. The auditor plans, conducts, and reports the results of the audit in
accordance with generally accepted auditing standards (GAAS).
100.2 PPCs Guide to Audits of Nonpublic Companies (the Guide) provides a streamlined, technically sound audit approach
for nonpublic commercial entities. It provides auditors a flexible, adaptable audit process that is thorough, yet practical;
effective, yet efficient. The audit approach in this Guide enhances audit quality by ensuring compliance with GAAS. Further,
auditors can consistently apply this effective audit process across all nonpublic commercial audit engagements, which helps
to ensure compliance with the firms system of quality control and minimize firm risk and legal liability exposure.
100.3 The Guide includes:
Audit programs that can be easily tailored to address the risks associated with your individual audit
engagements.
2(2)
A complete, up-to-date set of easy-to-use practice aids.
Practical, how-to text guidance and answers to all your auditing questions.
100.4 This Guide shows the auditor of a nonpublic company how to plan and conduct effective audits that meet professional
standards without unnecessary and unproductive procedures.
101 AUTHORITATIVE LITERATURE
Generally Accepted Accounting Principles
101.1 FASB ASC 105, Generally Accepted Accounting Principles, establishes the Financial Accounting Standards Board
(FASB) Accounting Standards Codification as the source of generally accepted accounting principles for nongovernmental
entities. This Guide is updated for changes in accounting standards. To assist auditors in monitoring the status of professional
literature, Appendix 1A provides a list of significant accounting pronouncements applicable to nonpublic entities that were
issued between July 1, 2011, and December 31, 2011, took effect in late 2011, or will become effective during 2012 or
thereafter. PPCs Guide to Preparing Financial Statements provides detailed guidance on generally accepted accounting
principles.
Generally Accepted Auditing Standards for Audits of Periods Ending before December 15, 2012
101.2 Auditors of nonpublic entities should conduct their engagements in accordance with GAAS developed by the American
Institute of Certified Public Accountants (AICPA). SAS No. 95, as amended (AU 150), Generally Accepted Auditing Standards,
establishes three levels in the GAAS hierarchy:
a. Auditing standards.
b. Interpretive publications.
c. Other auditing publications.
101.3 Generally accepted auditing standards consist of the ten general, field work, and reporting standards and Statements
on Auditing Standards (SASs) issued by the AICPAs Auditing Standards Board (ASB). SASs are codified within the
framework of the ten standards. The AICPA Code of Professional Conduct requires members to comply with SASs.
101.4 The contents of the SASs contain professional requirements along with explanatory material.
3(3)
The auditors degree
of responsibility in complying with professional requirements can be identified through two categories.
Unconditional Requirements. Unconditional requirements are those that an auditor must follow in all cases if the
circumstances apply to the requirement. These requirements use the words must or is required.
Presumptively Mandatory Requirements. Auditors are also expected to comply with presumptively mandatory
requirements if the circumstances apply to the requirement; however, in rare situations, a departure from the
requirement is allowed if the auditor documents the justification and how alternative procedures that were performed
were sufficient to achieve the objectives of the requirement. Presumptively mandatory requirements are identified by
the word should. If a SAS uses the words should consider for a procedure, the consideration of the procedure is
presumptively mandatory.
101.5 Explanatory material represents material that provides additional guidance on professional requirements or identifies
other procedures or actions. An auditor is not required to perform other procedures or actions that are identified through
explanatory material. These items require understanding and professional judgment regarding their applicability. Explanatory
material is identified through the words may, might, and could.
101.6 Interpretive Publications. Interpretive publications are not auditing standards, but rather recommendations on
applying the SASs. Interpretive publications include Auditing Interpretations, appendices to the SASs, AICPA Audit and
Accounting Guides, and AICPA Auditing Statements of Position. Auditors should consider applicable interpretive publications.
If the auditor does not apply an interpretive publication, the auditor should be prepared to explain how he or she complied
with the underlying SAS provisions. The unconditional requirements and presumptively mandatory requirements are not
intended to apply to interpretive guidance issued by the AICPA.
101.7 Other Auditing Publications. Other auditing publications have no authoritative status but may help auditors
understand and apply the SASs. Other auditing publications include AICPA publications not referred to in paragraphs 101.3
and 101.6, articles in professional journals, continuing professional education programs, textbooks, guide books, audit
programs and checklists, and auditing literature published by state CPA societies and other organizations (for example, PPC
guides). If auditors apply the guidance in other auditing publications, they should satisfy themselves that the guidance is both
appropriate and relevant. Appropriateness refers to whether the guidance is technically sound. Relevance refers to whether
the guidance is applicable to the circumstances of a particular audit engagement. Indicators of appropriateness include the
extent to which the publication is recognized as being helpful and the professional qualifications of its author or issuer. There
is a presumption that other auditing publications reviewed by the AICPA Audit and Attest Standards staff (such as auditing
practice releases and AICPA risk alerts are appropriate.
101.8 The authors recommend that firms have a system in place to ensure staff members are informed about current
authoritative literature. This Guide is updated for changes in professional literature and includes guidance about how those
changes might affect audits of nonpublic companies. However, even when using the practice aids in this Guide, auditors are
responsible for awareness and timely implementation of new pronouncements.
Generally Accepted Auditing Standards for Audits of Periods Ending on or after December 15,
2012
101.9 Auditors of nonpublic entities should conduct their engagements in accordance with GAAS developed by the American
Institute of Certified Public Accountants (AICPA). The AICPA Code of Professional Conduct requires members to comply with
SASs.
101.10 Clarified Auditing Standards. In response to growing concerns about the complexity of auditing standards and to
converge U.S. GAAS with International Standards on Auditing (ISAs), the Auditing Standards Board has been working on the
Clarity Project to revise all existing standards and to design a format under which all new standards will be issued. In October
2011, the AICPA issued:
SAS No.122, Statements on Auditing Standards: Clarification and Recodification. This represents a completely new
set of auditing standards revised in format, structure, style, and content from the existing standards. It supersedes all
existing SASs through SAS No. 121, except:
SAS No. 51, Reporting on Financial Statements Prepared for Use in Other Countries. (Subsequently
superseded by SAS No.124.)
SAS No. 59, The Auditors Consideration of an Entitys Ability to Continue as a Going Concern. (Currently being
redrafted and will be superseded when the clarified version is issued. See discussion in section 1807.)
4(4)
SAS No. 65, The Auditors Consideration of the Internal Audit Function in an Audit of Financial Statements.
(Currently being redrafted and will be superseded when the clarified version is issued. See discussion in
section 907.)
4(5)
SAS No. 87, Restricting the Use of an Auditors Report. (Subsequently superseded by SAS No.125.)
SAS No. 117 on compliance audits and SAS Nos. 118120 on supplementary information. These standards
were previously issued in clarified format and are already effective.
4(6)
SAS No. 123, Omnibus Statement on Auditing Standards2011. Amends SAS Nos. 117, 118, and 122 to address
matters that arose after the clarified standards were finalized.
SAS No. 124, Financial Statements Prepared in Accordance with a Financial Reporting Framework Generally
Accepted in Another Country. This is the clarified and recodified version of SAS No. 51, Reporting on Financial
Statements Prepared for Use in Other Countries.
All auditing interpretations corresponding to a SAS were considered in the development of the clarified standards and
incorporated as necessary. Generally, the interpretations have been withdrawn, except for certain interpretations that were
retained and revised to reflect the issuance of SAS No. 122. Going forward, the ASB will continue to issue SASs to create,
amend, or supersede the auditing standards as necessary.
101.11 Effective Date. With a few exceptions, all of the clarified standards are effective for audits of financial statements for
periods ending on or after December 15, 2012. Generally early adoption of SAS Nos. 122125 is not permitted. However, an
auditor may implement aspects of SAS Nos. 122125 early as long as he or she continues to comply with existing standards.
See the discussion of the implementation approach in this Guide beginning at paragraph 101.25.
101.12 SAS No. 125. In December 2011, the ASB issued SAS No. 125, Alert That Restricts the Use of the Auditors Written
Communication. SAS No. 125 supersedes SAS No. 87 (AU 532), Restricting the Use of an Auditors Report, and amends,
among other standards, AU-C 260, The Auditors Communication With Those Charged With Governance, and AU-C 265,
Communicating Internal Control Related Matters Identified in an Audit. SAS No. 125 is effective for the auditors written
communications related to audits of financial statements for periods ending on or after December 15, 2012.
101.13 Form and Structure of the Standards. The clarified standards were developed using formatting techniques, such as
bulleted lists, that make them easier to read and understand. In addition, each clarified standard is divided into the following
topics:
Introduction. Includes matters such as the purpose and scope of the guidance, subject matter, effective date, and
other introductory material.
Objectives. Establishes objectives that allow the auditor to understand what he or she should achieve under the
standards. The auditor uses the objectives to determine whether additional procedures are necessary for their
achievement and to evaluate whether sufficient appropriate audit evidence has been obtained.
Definitions. Provides key definitions that are relevant to the standard.
Requirements. States the requirements that the auditor is to follow to achieve the objectives unless the standard is
not relevant or the requirement is conditional and the condition does not exist.
Application and Other Explanatory Material. Provides further guidance to the auditor in applying or understanding
the requirements. While this material does not in itself impose a requirement, auditors should understand this
guidance. How it is applied will depend on professional judgment in the circumstances considering the objectives of
the standard. The requirements section references the applicable application and explanatory material. Also, when
appropriate, considerations relating to smaller and less complex entities are included in this section.
101.14 A standard may also contain exhibits or appendices. Appendices to a standard are part of the application and other
explanatory material. The purpose and intended use of an appendix is explained in the standard or in the title and introduction
of the appendix. Exhibits to standards are interpretive publications. Interpretive publications are not auditing standards and do
not contain requirements. Rather, they are recommendations on applying the standards in particular circumstances that are
issued under the authority of the Auditing Standards Board. Auditors are required to consider applicable interpretive
publications when planning and performing the audit.
101.15 New AU Section Organization. Within the AICPA Professional Standards, the clarified standards (SAS Nos.
122125) use AU-C section numbers instead of AU section numbers. AU-C is being used temporarily to avoid confusion
with references to existing AU sections, which are still effective through 2013. The AU-C identifier will revert to AU in
2014, when the clarified standards are fully effective for all engagements. The organization of the new AU-C sections (which
aligns with the organization of the ISAs) is as follows:
Preface.
Glossary.
AU-C Section 200299: General Principles and Responsibilities.
AU-C Section 300499: Risk Assessment and Response to Assessed Risks.
AU-C Section 500599: Audit Evidence.
AU-C Section 600699: Using the Work of Others.
AU-C Section 700799: Audit Conclusions and Reporting.
AU-C Section 800899: Special Considerations.
AU-C Section 900999: Special Considerations in the United States
Exhibits and Appendixes.
101.16 An exhibit to SAS No. 122 contains a complete two-part cross-reference of AU-C and AU section numbers. One part
of the cross-reference shows which existing AU sections are encompassed by each new AU-C section. The other part of the
cross-reference shows, for each existing AU section, where the corresponding guidance can be found in the new AU-C
sections. Appendix 1B, List of AU-C Sections Designated by SAS No. 122, Statements on Auditing Standards: Clarification
and Recodification, Cross Referenced to List of AU Sections, reproduces part of that Exhibit.
101.17 Preface. AU-C PrefacePrinciples Underlying an Audit Conducted in Accordance With Generally Accepted Auditing
Standards, contains the principles underlying an audit conducted in accordance with generally accepted auditing standards
(the principles). These principles are not requirements and are not authoritative. They provide a framework that is helpful in
understanding and explaining an audit and are organized to provide a structure for the codification of SASs. The structure
addresses the purpose of an audit, responsibilities of the auditor, performance of the audit, and reporting.
101.18 Overall Objectives and Requirements. AU-C 200, Overall Objectives of the Independent Auditor and the Conduct of
an Audit in Accordance With Generally Accepted Auditing Standards, supersedes the 10 general, fieldwork, and reporting
standards and contains the auditors overall responsibilities in accordance with GAAS. The overall objectives of the auditor in
conducting an audit of financial statements are as follows:
Obtain reasonable assurance about whether the financial statements are free from material misstatement.
Report on the financial statements, and communicate as required by GAAS, in accordance with the auditors
findings.
101.19 The auditor must be independent of the entity when performing an engagement in accordance with GAAS unless (a)
GAAS provides otherwise, or (b) law or regulation requires accepting the engagement and reporting on the financial
statements. In addition, the auditor should follow the requirements in Exhibit 1-1 to achieve the objectives in paragraph
101.18. These overall requirements are discussed throughout the Guide as appropriate.
Exhibit 1-1
Requirements for Overall Objectives and the Conduct of an Audit in Accordance with Generally Accepted Auditing
Standards
Requirements Clarified AU-C
Reference
Be independent of the entity when performing an engagement in accordance with
GAAS unless (1) GAAS provides otherwise, or (2) law or regulation requires accepting
the engagement and reporting on the financial statements (must statement). If not
independent and neither (1) nor (2) apply, do not issue a report under GAAS.
AU-C 200.15
Follow relevant ethical requirements relating to financial statement audit engagements. AU-C 200.16
Maintain professional skepticism throughout the audit, recognizing the possibility that a
material misstatement of the financial statements may exist.
AU-C 200.17
Exercise professional judgment in planning and performing the audit. AU-C 200.18
To obtain reasonable assurance, obtain sufficient appropriate audit evidence to reduce
audit risk to an acceptably low level.
AU-C 200.19
Comply with all AU-C sections when the AU-C section is effective and the
circumstances addressed by the AU-C section exist.
AU-C 200.20
Understand the entire text of an AU-C section, including its application and other
explanatory material, to understand its objectives and to apply its requirements
properly.
AU-C 200.21
Do not represent compliance with GAAS in the auditors report unless the requirements
of AU-C 220 and all other relevant AU-C sections have been followed.
AU-C 200.22
In planning and performing the audit, use the objectives stated in the individual AU-C
sections to achieve the overall objectives of the auditor and to:
Determine whether any audit procedures in addition to those required by individual
AU-C sections are necessary.
Evaluate whether sufficient appropriate audit evidence has been obtained.
AU-C 200.23
Subject to AU-C 220.26, comply with each requirement of an AU-C section unless (1)
the entire AU-C section is not relevant or (2) the requirement is not relevant because it
is conditional and the condition does not exist.
AU-C 200.24
Requirements Clarified AU-C
Reference
Identify the auditors degree of responsibility in complying with professional
requirements according to the following categories:
a

Unconditional requirements. Requirements an auditor must follow in all cases if the
circumstances apply to the requirement. Auditing standards use the word must
to indicate an unconditional requirement.
Presumptively mandatory requirements. Requirements an auditor must follow in all
cases if the circumstances apply to the requirement, except in rare circumstances
discussed in AU-C 220.26. Auditing standards use the word should to indicate a
presumptively mandatory requirement.
AU-C 200.25
In rare situations, when the auditor determines it is necessary to depart from a relevant
presumptively mandatory requirement, perform alternative audit procedures to achieve
the intent of that requirement. It is expected that departure from a relevant
presumptively mandatory requirement will only occur when the requirement is for a
specific procedure to be performed and, in the specific circumstances of the audit, that
procedure would be ineffective in achieving the intent of the requirement.
AU-C 200.26
In planning and performing the audit, consider applicable interpretive publications. AU-C 200.27
In applying the auditing guidance included in other auditing publications, use
professional judgment and assess the relevance and appropriateness of such
guidance.
AU-C 200.28
Evaluate whether not achieving an objective in a relevant AU-C section prevents
achievement of the overall objectives of the engagement. If the overall objective of the
engagement is not achieved, modify the opinion or withdraw from the engagement
(when withdrawal is possible under applicable law or regulation). Document the failure
to achieve an objective as a significant finding or issue in accordance with AU-C 230.
AU-C 200.29
Note:
a
See discussion of the terms must and should at paragraph 101.29.
* * *
Quality Control
101.20 Statement on Quality Control Standards. Statement on Quality Control Standard No. 8, A Firms System of Quality
Control (Redrafted), establishes standards and provides guidance for a CPA firms responsibilities for its system of quality
control for its accounting and auditing practice. SQCS No. 8 comprehensively addresses the quality control processes over a
firms accounting and auditing practice. The standard places an unconditional obligation on the firm to establish a QC system
designed to provide reasonable assurance that the firm complies with professional standards and legal and regulatory
requirements, and that it issues reports that are appropriate in the circumstances. PPCs Guide to Quality Control provides
guidance and practice aids to assist firms in developing, implementing, and maintaining a system of quality control.
101.21 Quality Control Auditing Standard. AU-C 220, Quality Control for an Engagement Conducted in Accordance With
Generally Accepted Auditing Standards, provides requirements and application and other explanatory material to the auditor
and engagement partner as they implement each element of quality control during the performance of an audit of financial
statements. Thus, for every quality control element discussed in SQCS No. 8, AU-C 220 includes information that conveys
how the firm ensures that the requirements of SQCS No. 8 are met in an audit engagement. The responsibility to ensure
compliance with AU-C 220 is primarily placed on the audit engagement partner. However, certain requirements are also
imposed on the engagement team and, if applicable, engagement quality control reviewer. In meeting the requirements of the
quality control auditing standard, the engagement partner is permitted to delegate his or her responsibilities and to rely on the
firms quality control system.
101.22 The objective is for the auditor to implement quality control procedures at the engagement level that provide
reasonable assurance that
The audit complies with professional standards and applicable legal and regulatory requirements.
The auditors report is appropriate in the circumstances.
101.23 The requirements that should be followed to achieve that objective are summarized in Exhibit 1-2.
Exhibit 1-2
Requirements for Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing
Standards
Requirements Clarified
AU-C
Reference
Guide
Reference
Practice Aid
Leadership Responsibilities for Quality on Audits
The engagement partner should take responsibility for the overall quality on
each assigned audit engagement. The performance of certain procedures
may be delegated to other members of the engagement team and the
engagement partner may rely on the firms system of quality control.
AU-C 220.10 ASB-CX-14
Relevant Ethical Requirements
The engagement partner and other members of the engagement team
should remain alert for evidence of noncompliance with relevant ethical
requirements by members of the engagement team.
AU-C 220.11 ASB-AP-1
If there is indication that members of the engagement team have not
complied with relevant ethical requirements, the engagement partner, in
consultation with others in the firm as appropriate, should determine that
appropriate action has been taken.
AU-C 220.12 ASB-CX-14
To form a conclusion on compliance with independence requirements that
apply to the audit engagement, the engagement partner should
Obtain relevant information from the firm and, when applicable, network
firms to identify and evaluate circumstances and relationships that
create threats to independence.
Evaluate information that a breach of the firms independence policies
and procedures has occurred and determine whether the situation
creates a threat to independence for the audit.
Take appropriate action to eliminate any identified threats or to reduce
them to an acceptable level by applying safeguards. Report any inability
to resolve the matter promptly to the firm so that it may take appropriate
action.
AU-C 220.13 ASB-CX-1.1
Acceptance and Continuance of Client Relationships and Audit
Engagements
The engagement partner should determine that appropriate procedures
regarding the acceptance and continuance of client relationships and audit
AU-C 220.14 ASB-CX-1.1
AU-C
Reference
Guide
Reference
Practice Aid
engagements have been followed and all conclusions reached are
appropriate.
If the engagement partner obtains information that would have caused the
firm to decline the audit engagement had that information been available
earlier, the engagement partner should communicate that information
promptly to the firm and take the necessary action.
Assignment of Engagement Teams
The engagement partner should be satisfied that the audit engagement team
(including any external specialists) has the appropriate competence and
capabilities to (a) perform the audit engagement as required by professional
standards and applicable legal and regulatory requirements, and (b) enable
the issuance of an auditors report that is appropriate in the circumstances.
Engagement Performance
The engagement partner should take responsibility for the direction,
supervision, and performance of the audit engagement. The engagement
partner is charged with ensuring that (1) professional standards and
applicable legal and regulatory requirements and the firms policies and
procedures are followed and (2) the auditors report is appropriate in the
circumstances.
AU-C 220.17 ASB-CX-14
The engagement partner should ensure that reviews are being performed in
accordance with the firms review policies and procedures.
AU-C 220.18 ASB-CX-14
Based on the review of audit documentation and discussion with the
engagement team, on or before the date of the auditors report, the
engagement partner should be satisfied that sufficient appropriate audit
evidence has been gathered to support the conclusions reached and the
auditors report to be issued.
AU-C 220.19 ASB-CX-14
The engagement partner should take responsibility for the engagement team
undertaking appropriate consultation on difficult or contentious matters.
AU-C 220.20 ASB-CX-14
The engagement partner should be satisfied that
Members of the engagement team have followed consultation policies
during the course of the engagement.
The nature and scope of the consultation is agreed upon with the party
consulted and the conclusions resulting from such consultations are
understood by the party consulted.
The conclusions resulting from such consultations have been
implemented.
AU-C 220.20 ASB-CX-14
For those audit engagements, if any, for which the firm has determined that
an engagement quality control review (EQCR) is required, the engagement
partner should
Ascertain that an engagement quality control reviewer has been
appointed.
Discuss significant findings or issues that arose during the audit
engagement with the engagement quality control reviewer.
Ensure that the auditors report is not released before the EQCR is
completed.
AU-C 220.21 ASB-CX-14
The engagement quality control reviewer should perform an objective AU-C 220.22 ASB-CX-14
AU-C
Reference
Guide
Reference
Practice Aid
The engagement quality control reviewer should perform an objective
evaluation of the significant judgments made and the conclusions reached in
formulating the auditors report. This evaluation should involve
Discussing significant findings or issues with the engagement partner.
Reading the financial statements and the proposed report.
Reviewing selected audit documentation relating to the significant
judgments the engagement team made and the related conclusions it
reached.
Evaluating the conclusions reached in formulating the report and
considering whether the proposed report is appropriate.
AU-C 220.22 ASB-CX-14
When differences of opinion occur within the engagement team, with those
consulted, or between the engagement partner and the engagement quality
control reviewer, the engagement team should follow the firms policies and
procedures for resolving differences of opinion.
AU-C 220.23 ASB-CX-14
Monitoring
The engagement partner should consider the results of the firms monitoring
process and whether deficiencies noted in that information may affect the
audit engagement.
AU-C 220.24 ASB-CX-14
Documentation
The auditor should document:
Issues identified with respect to compliance with relevant ethical
requirements and how they were resolved.
Conclusions on compliance with independence requirements and any
relevant discussions with the firm that support these conclusions.
Conclusions reached regarding the acceptance and continuance of
client relationships and audit engagements.
The nature and scope of, and conclusions resulting from, consultations
undertaken during the engagement.
AU-C 220.25
AU-C 220.25
AU-C 220.25
AU-C 220.25
ASB-CX-1.1
ASB-CX-1.1
ASB-CX-1.1
ASB-CX-14
The engagement quality control reviewer should document:
That the procedures required by the firms policies on engagement
quality control review have been performed.
The date that the engagement quality control review was completed.
That the reviewer is not aware of any unresolved issues that would
cause him or her to believe that the significant judgments made and the
conclusions reached were not appropriate.
AU-C 200.26 ASB-CX-14
* * *
Implementation of the Clarified Auditing Standards
101.24 With a few exceptions, all of the clarified auditing standards are effective for audits of financial statements for periods
ending on or after December 15, 2012. Generally early adoption of SAS Nos. 122125 (the clarified standards) is not
permitted. However, an auditor may implement aspects of the clarified standards early as long as he or she continues to
comply with existing standards.
101.25 Implementation in this Guide. The majority of the requirements in the clarified standards are consistent with the
requirements in the pre-clarified standards. Thus, the changes to the standards, although extensive, do not create many
substantive changes in practice. Therefore, the discussions throughout this Guide, references to authoritative literature, and
practice aids have been updated for the clarified standards.
101.26 However, several areas exist, as discussed in the following paragraphs, where changes in practice are expected to
occur as a result of the clarified standards. If there has been a change in the standards that will cause a change in practice,
the authors have provided a text discussion of both the pre-clarified and clarified auditing standards, including appropriate
references to the pre-clarified authoritative literature. In addition, throughout the practice aids, the authors have indicated (by
dating or by providing practical considerations) where a requirement has changed. Therefore, unless a difference is
specifically highlighted, the auditor using the updated guidance in this Guide is also continuing to comply with existing
standards. As a result, auditors may use this edition of the Guide both before and after the effective date of the clarified
standards.
101.27 Major Changes in Practice. Reporting requirements and considerations when performing an audit of group financial
statements have changed significantly from existing standards. Section 1813 provides limited guidance on reporting. The
2012 edition of PPCs Guide to Auditors Reports will provide extensive guidance and reporting examples under the clarified
audit reporting standards. Guidance on performing group audits is provided in Chapter 9including separate guidance for
periods ending before December 15, 2012, and periods ending on or after that date. In addition, separate audit procedures
for the two periods are provided in the Audit Program for General Planning Procedures at ASB-AP-1.
101.28 Other Changes in Practice. Implementation of the clarified auditing standards could also result in other changes in
practice. The changes in practice may result from new requirements or from changes in existing requirements. In addition,
depending on how auditors apply existing requirements, changes in practice may occur as a result of added emphasis in the
clarified standards that makes existing requirements more explicit. The following changes are noted throughout the Guide and
in the practice aids, as appropriate:
AU-C 210, Terms of Engagement, clarifies procedures for engagement acceptance and results in changes in the
audit engagement letter. See section 203.
AU-C 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing
Standards, specifies quality control requirements at the engagement level that were not included in previous auditing
standards and includes specific documentation requirements. See section 101.
AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements, contains a requirement to
inspect correspondence with licensing or regulatory authorities. See sections 309 and 1816.
AU-C 265, Communicating Internal Control Related Matters Identified in an Audit, makes explicit some requirements
that were implicit in SAS No. 115. It also adds requirements to (1) communicate to management deficiencies other
than significant deficiencies and material weaknesses that are important enough to warrant managements attention
and (2) explain the potential effects of significant deficiencies and material weaknesses in the internal control
communication. See section 1814.
AU-C 300, Planning an Audit, contains an explicit requirement to document the audit strategy. See section 306.
AU-C 320, Materiality in Planning and Performing an Audit, introduces the term performance materiality. See section
306.
AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, requires inquiries of management
about its awareness of fraud, noncompliance with laws or regulations, or uncorrected misstatements at the service
organization that affect the user entitys financial statements. It also strengthens the requirements for using a service
auditors report and permits reference to the work of a service auditor in the auditors report on the financial
statements if necessary to explain a modification. See section 905.
AU-C 450, Evaluation of Misstatements, revises some terminology used in evaluating misstatements and modifies
the requirements for communicating and evaluating misstatements. See section 1812.
AU-C 501, Audit EvidenceSpecific Considerations for Selected Items, changes the requirement for when it is
necessary to send a letter of inquiry to the clients lawyers, making it a risk-based decision. See section 1803.
AU-C 505, External Confirmations, adds certain required procedures if management refuses to allow external
confirmations. See Chapter 11.
AU-C 510, Opening BalancesInitial Audit Engagements, Including Reaudit Engagements, clarifies that reviewing a
predecessors workpapers cannot be the only source of audit evidence about opening balances in an initial audit.
The clarified standard also states that communication with the predecessor is not required if the most recent audited
financial statements are more than one year before the beginning of the earliest period to be audited by the
successor. The pre-clarified standard had a two-year requirement. See section 910.
AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates and Related Disclosures,
makes explicit the need to obtain an understanding of accounting estimates, including related controls, during risk
assessment. The clarified standard also requires a retrospective review of estimates during risk assessment,
provides specific procedures for estimates that give rise to significant risks, and includes specific documentation
requirements. See section 1809.
AU-C 550, Related Parties, makes explicit the need to obtain an understanding of related party relationships and
transactions, including related controls, during risk assessment, adds a specific requirement to discuss related
parties during the engagement team discussion, requires treating significant related party transactions outside the
normal course of business as significant risks, and requires additional procedures (a) for significant related party
transactions outside the normal course of business, and (b) if related parties not disclosed by management are
identified. See section 1806.
AU-C 560, Subsequent Events and Subsequently Discovered Facts, expands certain requirements related to omitted
procedures and subsequently discovered facts. See section 1818.
AU-C 580, Written Representations, revises the wording of several required representations and results in changes in
the management representation letter. See section 1804.
AU-C 620, Using the Work of an Auditors Specialist, includes internal specialists in a field other than accounting or
auditing that are employed by the firm within the definition of an auditors specialist. Previously, those specialists
were considered members of the engagement team and were subject to less stringent requirements. See section
904.
AU-C 930, Interim Financial Information, requires the auditor to issue a written report when engaged to review interim
financial information. See section 911.
Appendix 8A-1, Audit Documentation Requirementsfor Audits of Financial Statements for Periods Ending on or after
December 15, 2012, summarizes audit documentation requirements under professional standards after the effective date of
the clarified auditing standards. Appendix 8A-2, Audit Documentation Requirementsfor Audits of Periods Ending before
December 15, 2012, summarizes audit documentation requirements under professional standards before the effective date
of the clarified auditing standards.
101.29 Use of the Terms Must and Should. The auditors degree of responsibility in complying with professional
requirements is identified through two categories as follows (AU-C 200.25):
Unconditional Requirements. Unconditional requirements are those that an auditor must follow in all cases if the
circumstances apply to the requirement. Auditing standards use the word must to indicate an unconditional
requirement.
Presumptively Mandatory Requirements. An auditor must comply with a presumptively mandatory requirement in all
cases in which such a requirement is relevant except in rare circumstances discussed in AU-C 200.26. Auditing
standards use the word should to indicate a presumptively mandatory requirement.
As discussed in paragraph 801.2, the auditor must document the justification for any necessary departure from a
presumptively mandatory requirement of GAAS, along with how alternative procedures performed sufficiently achieve the
intent of the requirement. Throughout this Guide, the authors use the terms must and should in accordance with AU-C 200.25.
The authors also use the term is required interchangeably with should.
102 THE PPC AUDIT PROCESS
102.1 Generally accepted auditing standards require auditors to use information gathered about the entity and its
environment (including internal control) to identify and assess the risks of material misstatement at both the overall financial
statement and relevant assertion levels, and to determine the nature, timing, and extent of further audit procedures needed to
respond to those risks. Further audit procedures are required to be performed to obtain audit evidence to support the
auditors opinion.
102.2 The authors have developed a practical approach to that audit process to address the requirements of authoritative
literature and have designed practice aids to assist auditors in meeting those requirements. PPCs audit approach is designed
to be flexible and adaptable, allowing auditors to better leverage their knowledge of the client to tailor their audit procedures.
The audit approach has been divided into the following broad steps:
Step 1 Perform procedures regarding acceptance/continuance of the client relationship, evaluate compliance with
ethical requirements (including independence), and establish an understanding with the client in an
engagement letter.
Step 2 Develop a preliminary audit strategy, establish planning materiality, and perform risk assessment procedures
to gather information about the entity and its environment that may be relevant in identifying risks of material
misstatement of the financial statements.
Step 3 Gather the information to understand and evaluate the design and implementation of the entitys internal
control system.
Step 4 Synthesize the information gathered, identify risks (both overall and specific) that could result in material
misstatement of the financial statements, and finalize the overall audit strategy.
Step 5 Assess the risks of material misstatement of the entitys financial statements.
Step 6 Develop and perform appropriate responses (further audit procedures) to the assessed risks of material
misstatement of the financial statements considering the overall audit strategy and planning materiality.
Step 7 Evaluate audit findings and evidence.
Step 8 Prepare required reports and communications.
102.3 Although the requirements and guidance may suggest a sequential process, the audit is a continuous process of
gathering, updating, and analyzing information about the fairness of presentation of amounts and disclosures in the clients
financial statements. Therefore, the audit process is an iterative, nonlinear process, whereby the required procedures may be
performed concurrently with other procedures. In addition, risks should be evaluated continuously throughout the audit.
Practice Aids
102.4 PPCs Guide to Audits of Nonpublic Companies contains practice aids that guide the auditor through the entire audit
process. The practice aids included in this Guide are discussed in the related text guidance. Section 1813 of this Guide
contains a discussion on drafting the financial statements and the auditors report and provides a standard report on GAAP
basis financial statements of a corporation for a single year. Detailed guidance on reporting is covered in PPCs Guide to
Auditors Reports.
102.5 PPC practice aids at the ASB-CX section of this Guide assist auditors in complying with professional standards and
achieving an efficient workflow. At ASB-CX-0.1, the authors have indicated which practice aids should be completed on each
engagement to ensure compliance with professional standards. Additionally, the authors have indicated which practice aids
generally, by themselves, do not fulfill a specific GAAS requirement and which practice aids assist auditor in situations that do
not occur on every audit.
102.6 The auditor may choose to document audit procedures in a memo or in another form rather than using a PPC practice
aid. To ensure that the alternative documentation meets the requirements of GAAS, the authors recommend that auditors read
the PPC practice aid for an indication of the matters to be considered and documented. As a general rule of thumb, the
alternative documentation should address the subtitles in the PPC practice aids, thereby indicating how all the major areas for
consideration in the practice aid are addressed. Case Study 2 in PPCs Guide to Audit Risk Assessment (Implementing the
Risk Assessment Standards) (Appendix B) illustrates the PPC audit process using a combination of completed PPC practice
aids and memos that replace certain practice aids.
103 ORGANIZATION OF THIS GUIDE
103.1 As previously noted, this Guide provides a step-by-step approach to providing audit services for nonpublic companies.
The following paragraphs discuss the organization of the Guide in more detail.
Chapter 2Pre-engagement Activities
103.2 Chapter 2 explains the activities that take place (a) before an engagement is accepted and (b) in the early planning
stages of an engagement.
Chapter 3Risk Assessment Procedures and Planning
103.3 Chapter 3s focus is on general planning decisions. General or preliminary planning can be distinguished from detailed
planning of audit proceduresthe subject of Chapter 4. Preliminary planning includes deciding on an overall strategy for the
audit, obtaining an understanding of the entity and its environment, including its internal control, making an initial assessment
of audit risk and materiality, and deciding on the overall timing of the engagement.
Chapter 4Assessing Risks and Developing the Detailed Audit Plan
103.4 Chapter 4 focuses on (a) assessing the risks identified by the auditor throughout the process of performing the risk
assessment procedures and (b) selecting responses that are appropriate to address those risks. The result of the auditors
risk assessment is the preparation of a detailed audit plan describing the nature, timing, and extent of further audit
procedures.
Chapter 5Substantive Procedures
103.5 Chapter 5 discusses substantive procedures, which consist of tests of details and substantive analytical procedures.
Included in the chapter is a discussion of substantive procedures that are required in every audit engagement.
Chapter 6Testing Internal Control
103.6 This chapter discusses tests of controls, including circumstances when tests of controls should be performed and
circumstances when testing would be unnecessary or inefficient. Chapter 6 discusses the nature of tests of controls, including
inquiry and observation, inspection of documents, walkthroughs, review of reconciliations and similar bookkeeping routines,
and reperformance of control activities.
Chapter 7Sampling in an Audit Engagement
103.7 Chapter 7 explains how to decide the extent of audit tests. Decisions about extent include decisions about
Number of locations or components to be tested.
Cutoff amounts for individually significant dollar items.
Sample sizes.
Chapter 8Audit Documentation
103.8 Chapter 8 focuses on the documentation necessary to comply with professional standards and on techniques and
approaches to efficient workpaper organization and preparation.
Chapter 9Special Audit Considerations
103.9 This chapter provides guidance on various audit considerations that are often unique to specific engagements. The
topics discussed in the chapter include the following matters:
Auditing consolidated or combined financial statements (for periods ending before December 15, 2012).
Audits of branches or divisions (for periods ending before December 15, 2012).
Using the work of other auditors (for periods ending before December 15, 2012).
Group audits (for periods ending on or after December 15, 2012).
Use of service organizations.
Using specialists.
Using the work of internal auditors.
Auditing supplementary information.
Using computerized data extraction techniques.
Initial audit engagements and reaudits.
Special client considerations.
Reviews of interim financial information.
Chapters 1017Specific Audit Areas
103.10 Chapters 1017 of this Guide discuss audit considerations for individual audit areas. Those chapters include
examples of specific responses for various types of risks that might be encountered.
Chapter 18Concluding the Audit
103.11 Chapter 18 discusses the general procedures that are necessary during the concluding phase of the audit. The
general procedures discussed in this chapter are as follows:
Procedures to search for commitments and contingencies, including obtaining lawyers letters and other procedures
relating to litigation claims, or assessments.
Obtaining written representations from management in a management representation letter.
Procedures to search for subsequent events.
Procedures to identify and evaluate the disclosure of related party relationships and transactions.
Evaluation of whether there is a substantial doubt about the entitys ability to continue as a going concern.
Procedures to identify and evaluate the disclosure of risks and uncertainties, including procedures for testing
Procedures to summarize and evaluate the overall results of audit tests, including the evaluation of uncorrected
misstatements.
Concluding on the form of opinion on the financial statements, and communicating that opinion and significant
conclusions and other matters in written and oral reports.
Practice Aids
103.12 These sections of the Guide include all of the practice aids the auditor needs to efficiently conduct an audit in
accordance with authoritative literature, including:
Firm policies (ASB-FP).
Checklists and practice aids (ASB-CX).
Confirmations and correspondence letters (ASB-CL).
Audit programs (ASB-AP, ASB-IA, ASB-AP-S).
Interim review practice aids (ASB-IR).
APPENDIX 1A: Professional Standards Recently Issued or Soon to Be Effective
The following is a list of significant professional pronouncements applicable for nonpublic entities that have been issued
between July 2011 and March 1, 2012, took effect in late 2011, or will become effective during 2012 or thereafter.
Pronouncement Effective Date
Financial Accounting Standards Board
a
ASU 2010-20 Receivables (Topic 310): Disclosures about the Credit Quality of Financing
Receivables and the Allowance for Credit Losses
PEOA 12/15/11
ASU 2010-26 Financial ServicesInsurance (Topic 944): Accounting for Costs
Associated with Acquiring or Renewing Insurance Contracts (a consensus
of the FASB Emerging Issues Task Force)
FYBA 12/15/11
ASU 2010-28 IntangiblesGoodwill and Other (Topic 350): When to Perform Step 2 of
the Goodwill Impairment Test for Reporting Units with Zero or Negative
Carrying Amounts (a consensus of the FASB Emerging Issues Task Force)
PBA 12/15/11
ASU 2011-02 Receivables (Topic 310): A Creditors Determination of Whether a
Restructuring is a Troubled Debt Restructuring
PEOA 12/15/12
ASU 2011-03 Transfers and Servicing (Topic 860): Reconsideration of Effective Control
for Repurchase Agreements
PBOA 12/15/11
ASU 2011-04 Fair Value Measurement (Topic 820): Amendments to Achieve Common
Fair Value Measurement and Disclosure Requirements in U.S. GAAP and
IFRSs
APBA 12/15/11
ASU 2011-05 Comprehensive Income (Topic 220): Presentation of comprehensive
Income
FYEA 12/15/12
b
ASU 2011-06 Other Expenses (Topic 720): Fees Paid to the Federal Government by
Health Insurers (a consensus of the FASB Emerging Issues Task Force)
CYBA 12/31/13
ASU 2011-07 Health Care Entities (Topic 954): Presentation and Disclosure of Patient
Service Revenue, Provision for Bad Debts, and the Allowance for Doubtful
Accounts for Certain Health Care Entities (a consensus of the FASB
Emerging Issues Task Force
FAPEA 12/15/12
ASU 2011-08 IntangiblesGoodwill and Other (Topic 350): Testing Goodwill for
Impairment
c
ASU 2011-09 CompensationRetirement BenefitsMultiemployer Plans (Subtopic
715-80): Disclosures about an Employers Participation in a Multiemployer
Plan
FYEA 12/15/12
ASU 2011-10 Property, Plant, and Equipment (Topic 360): Derecognition of in Substance
Real Estatea Scope Clarification (a consensus of the FASB Emerging
Issues Task Force)
FYEA 12/15/13
ASU 2011-11 Balance Sheet (Topic 210): Disclosures about Offsetting Assets and
Liabilities
PBOA 1/1/13
ASU 2011-12 Comprehensive Income (Topic 220): Deferral of the Effective Date for
Amendments to the Presentation of Reclassifications of Items Out of
Accumulated Other Comprehensive Income in Accounting Standards
Update No. 2011-05
b
Statements on Auditing Standards and Interpretations and Statements on Quality Control Standards
SAS 121 Revised Applicability of Statement on Auditing Standards No. 100, Interim
Financial Information
PBA 12/15/11
Pronouncement Effective Date
SAS 122 Clarification and Recodification
PEOA 12/15/12
d
SAS 123 Omnibus Statement on Auditing Standards2011 PEOA 12/15/12
SAS 124 Financial Statements Prepared in Accordance With a Financial Reporting
Framework Generally Accepted in Another Country
e
PEOA 12/15/12
SAS 125
Alert That Restricts the Use of the Auditors Written Communication
e PEOA 12/15/12
AU 551 Int. 1 Dating the Auditors Report on Supplementary Information
UI
e
SQCS 8 A Firms System of Quality Control (Redrafted) AO 1/1/12
Statements on Standards for Accounting and Review Services
SSARS 20 Revised Applicability of Statement on Standards for Accounting and Review
Services
PBA 12/15/11
AR 80 Int. 17 Required Supplementary Information That Accompanies Compiled
Financial Statements
UI
AR 90 Int. 11 Required Supplementary Information That Accompanies Reviewed
UI
Abbreviations
AO As of FYBA Fiscal Years Beginning After PEOA Periods Ending On or After
APBA Annual Periods Beginning After FYEA Fiscal Years Ending After UI Upon Issuance
CYBA Calendar Years Beginning After PBA Periods Beginning After
FAPEA First Annual Period Ending After PBOA Periods Beginning On or After
Notes:
a
Refer to the FASB ASU for a complete explanation of the effective date, as the ASU may specify a different effective date
for different aspects of the ASU.
b
ASU 2011-12 indefinitely deferred the effective date of the provisions of ASU 2011-05 relating to the presentation of
reclassification adjustments.
c
Effective for annual and interim goodwill impairment tests performed for fiscal years beginning after December 15, 2011.
d
SAS 122 recodifies and supersedes all outstanding SASs through SAS 121 except for SAS 117 through SAS 120 and
SAS 51, Reporting on Financial Statements Prepared for Use in Other Countries (see SAS 124); SAS 59, The Auditors
Consideration of an Entitys Ability to Continue as a Going Concern; SAS 65, The Auditors Consideration of the Internal
Audit Function in an Audit of the Financial Statements; and SAS 87, Restricting the Use of an Auditors Report (see SAS
125). SAS 124 supersedes SAS 51 and SAS 125 supersedes SAS 87.
e
Interpretation 1 to AU 551 was issued in July 2011 and subsequently recodified at AU-C 9725.01.
APPENDIX 1B: List of AU-C Sections Designated by SAS No. 122, Statements on Auditing
Standards: Clarification and Recodification, Cross Referenced to List of AU Sections
AU-C Sections Designated by SAS No. 122
a
AU Sections Superseded by SAS No. 122 (SAS Nos. 1121
except SAS Nos. 51, 59, 65, 87, and 117120)
AU-C
Section Title
AU
Section Title Paragraph
Preface Principles Underlying an Audit
Conducted in Accordance With
Generally Accepted Auditing
Standards
200299 General Principles and
Responsibilities
200 Overall Objectives of the
Independent Auditor and the
Conduct of an Audit in Accordance
With Generally Accepted Auditing
Standards
110 Responsibilities and Functions of the
Independent Auditor
All
120 Defining Professional Requirements
in Statements on Auditing Standards
All
150 Generally Accepted Auditing
Standards
All
201 Nature of the General Standards All
210 Training and Proficiency of the
Independent Auditor
All
220 Independence All
230 Due Professional Care in the
Performance of Work
All
210 Terms of Engagement 311 Planning and Supervision .08.10
315 Communications Between
Predecessor and Successor Auditors
.03.10 and
.14
220 Quality Control for an Engagement
Conducted in Accordance With
Generally Accepted Auditing
Standards
161 The Relationship of Generally
Accepted Auditing Standards to
Quality Control Standards
All
230 Audit Documentation 339 Audit Documentation All
240 Consideration of Fraud in a
Financial Statement Audit
316 Consideration of Fraud in a Financial
Statement Audit
All
250 Consideration of Laws and
Regulations in an Audit of Financial
Statements
317 Illegal Acts by Clients All
260 The Auditors Communication With
Those Charged With Governance
380 The Auditors Communication With
Those Charged With Governance
All
265 Communicating Internal Control
Related Matters Identified in an
Audit
325 Communicating Internal Control
Related Matters Identified in an Audit
All
300499 Risk Assessment and Response
to Assessed Risks
300 Planning an Audit 311 Planning and Supervision All except
.08.10
315 Understanding the Entity and Its
Environment and Assessing the
314 Understanding the Entity and Its
Environment and Assessing the
All
a
AU-C
Section Title
AU
Risks of Material Misstatement Risks of Material Misstatement
320 Materiality in Planning and
Performing an Audit
312
b Audit Risk and Materiality in
Conducting an Audit
All
330 Performing Audit Procedures in
Response to Assessed Risks and
Evaluating the Audit Evidence
Obtained
318 Performing Audit Procedures in
Response to Assessed Risks and
Evaluating the Audit Evidence
Obtained
All
402 Audit Considerations Relating to an
Entity Using a Service Organization
324
c Service Organizations All
450 Evaluation of Misstatements
Identified During the Audit
312
d Audit Risk and Materiality in
Conducting an Audit
All
500599 Audit Evidence
500 Audit Evidence 326 Audit Evidence All
501 Audit EvidenceSpecific
Considerations for Selected Items
331 Inventories All
332 Auditing Derivative Instruments,
Hedging Activities, and Investments
in Securities
All
337 Inquiry of a Clients Lawyer
Concerning Litigation, Claims, and
Assessments
All except
AU 337B
e
901
f Public WarehousesControls and
Auditing Procedures for Goods Held
All
505 External Confirmations 330 The Confirmation Process All
510 Opening BalancesInitial Audit
Engagements, Including Reaudit
Engagements
315 Communications Between
Predecessor and Successor Auditors
All except
.03.10 and
.14
520 Analytical Procedures 329 Analytical Procedures All
530 Audit Sampling 350 Audit Sampling All
540 Auditing Accounting Estimates,
Including Fair Value Accounting
Estimates, and Related Disclosures
328 Auditing Fair Value Measurements
and Disclosures
All
342 Auditing Accounting Estimates All
550 Related Parties 334 Related Parties All
560 Subsequent Events and
Subsequently Discovered Facts
508 Reports on Audited Financial
Statements
.71.73
530 Dating of the Independent Auditors
Report
.03.08
560 Subsequent Events All
561 Subsequent Discovery of Facts
Existing at the Date of the Auditors
Report
All
570
g The Auditors Consideration of an
Entitys Ability to Continue as a
Going Concern
341 The Auditors Consideration of an
Entitys Ability to Continue as a
Going Concern
All
580 Written Representations 333 Management Representations All
585 Consideration of Omitted
Procedures After the Report
390 Consideration of Omitted Procedures
After the Report Date
All
a
AU-C
Section Title
AU
Release Date
600699 Using the Work of Others
600 Special ConsiderationsAudits of
Group Financial Statements
(Including the Work of Component
Auditors)
Statements
.12.13
543 Part of Audit Performed by Other
Independent Auditors
All
610
h The Auditors Consideration of the
Internal Audit Function in an Audit
of Financial Statements
322 The Auditors Consideration of the
Internal Audit Function in an Audit of
All
620 Using the Work of an Auditors
Specialist
336 Using the Work of a Specialist All
700799 Audit Conclusions and Reporting
700 Forming an Opinion and Reporting
on Financial Statements
410 Adherence to Generally Accepted
Accounting Principles
All
530 Dating of the Independent Auditors
Report
.01.02
Statements
.01.11,
.14.15,
.19.32,
.35.52,
.58.70, and
.74.76
i
705 Modifications to the Opinion in the
Independent Auditors Report
431 Adequacy of Disclosure in Financial
Statements
All
Statements
.01.11,
.14.15,
.19.32,
.35.52,
.58.70, and
.74.76
j
706 Emphasis-of-Matter Paragraphs
and Other-Matter Paragraphs in the
Independent Auditors Report
Statements
.01.11,
.14.15,
.19.32,
.35.52,
.58.70, and
.74.76
k
708 Consistency of Financial
Statements
420 Consistency of Application of
Generally Accepted Accounting
Principles
All
Statements
.16.18 and
.53.57
720
l Other Information in Documents
Containing Audited Financial
Statements
550 Other Information in Documents
Containing Audited Financial
Statements
All
725
m Supplementary Information in
Relation to the Financial
551 Supplementary Information in
Relation to the Financial Statements
All
a
AU-C
Section Title
AU
Statements as a Whole as a Whole
730
n Required Supplementary
Information
558 Required Supplementary Information All
800899 Special Considerations
Financial Statements Prepared in
Accordance With Special Purpose
Frameworks
544 Lack of Conformity With Generally
Accepted Accounting Principles
All
623 Special Reports .01.10 and
.22.34
Single Financial Statements and
Specific Elements, Accounts, or
Items of a Financial Statement
Statements
.33.34
623 Special Reports .11.18
806 Reporting on Compliance With
Aspects of Contractual Agreements
or Regulatory Requirements in
Connection With Audited Financial
Statements
623 Special Reports .19.21
810 Engagements to Report on
Summary Financial Statements
552 Reporting on Condensed Financial
Statements and Selected Financial
Data
All
900999 Special Considerations in the
United States
905
o Restricting the Use of an Auditors
Report
532 Restricting the Use of an Auditors
Report
All
910 Financial Statements Prepared in
Accordance With a Financial
Reporting Framework Generally
Accepted in Another Country
534 Reporting on Financial Statements
Prepared for Use in Other Countries
All
915 Reports on Application of
Requirements of an Applicable
Financial Reporting Framework
625 Reports on the Application of
Accounting Principles
All
920 Letters for Underwriters and Certain
Other Requesting Parties
634 Letters for Underwriters and Certain
Other Requesting Parties
All
925 Filings With the U.S. Securities and
Exchange Commission Under the
Securities Act of 1933
711 Filings Under Federal Securities
Statutes
All
930 Interim Financial Information 722 Interim Financial Information All
935
p Compliance Audits 801 Compliance Audits All
504
q Association With Financial
Statements
All
Notes:
a
Statement on Auditing Standards (SAS) No. 122, Statements on Auditing Standards: Clarification and Recodification,
contains AU-C section numbers instead of AU section numbers. AU-C is a temporary identifier to avoid confusion
with references to existing AU sections, which remain effective through 2013. The AU-C identifier will revert to AU in
2014, by which time SAS No. 122 becomes fully effective for all engagements.
b
AU-C section 450, Evaluation of Misstatements Identified During the Audit, also supersedes AU section 312, Audit Risk
and Materiality in Conducting an Audit.
c
Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (AT sec.
801), also supersedes AU section 324, Service Organizations.
d
AU-C section 320, Materiality in Planning and Performing an Audit, also supersedes AU section 312.
e
AU-C section 501, Audit EvidenceSpecific Considerations for Selected Items, withdraws AU section 337B, Exhibit
IExcerpts From Financial Accounting Standards Board Accounting Standards Codification 450, Contingencies.
f
AU-C section 501 withdraws AU section 901, Public WarehousesControls and Auditing Procedures for Goods Held.
g
SAS No. 59, The Auditors Consideration of an Entitys Ability to Continue as a Going Concern, as amended, is currently
effective and codified as AU section 341. SAS No. 122 redesignates AU section 341 as AU-C section 570, which will be
superseded when it is redrafted for clarity and convergence with International Standard on Auditing (ISA) 570, Going
Concern, as part of the Clarification and Convergence Project of the Auditing Standards Board (ASB). Until such time,
AU-C section 570 has been conformed to reflect updated section and paragraph cross references, but has not otherwise
been subjected to a comprehensive review or revision.
h
SAS No. 65, The Auditors Consideration of the Internal Audit Function in an Audit of Financial Statements, is currently
effective and codified as AU section 322. SAS No. 122 redesignates AU section 322 as AU-C section 610, which will be
superseded when it is redrafted for clarity and convergence with ISA 610 (Revised), Using the Work of Internal Auditors,
as part of the Clarification and Convergence Project of the ASB. Until such time, AU-C section 610 has been conformed
to reflect updated section and paragraph cross references, but has not otherwise been subjected to a comprehensive
review or revision.
i
AU-C section 705, Modifications to the Opinion in the Independent Auditors Report, and AU-C section 706,
Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the Independent Auditors Report, also supersede
paragraphs .01.11, .14.15, .19.32, .35.52, .58.70, and .74.76 of AU section 508, Reports on Audited Financial
Statements.
j
AU-C section 700, Forming an Opinion and Reporting on Financial Statements, and AU-C section 706 also supersede
paragraphs .01.11, .14.15, .19.32, .35.52, .58.70, and .74.76 of AU section 508.
k
AU-C section 700 and AU-C section 705 also supersede paragraphs .01.11, .14.15, .19.32, .35.52, .58.70, and
.74.76 of AU section 508.
l
To address practice issues, SAS No. 118, Other Information in Documents Containing Audited Financial Statements, was
issued in February 2010 as a SAS resulting from the Clarification and Convergence Project of the ASB, and is effective
for audits of financial statements for periods beginning on or after December 15, 2010. SAS No. 118 was originally
codified as AU section 550. SAS No. 122 redesignates AU section 550 as AU-C section 720 but does not supersede SAS
No. 118. AU-C section 720 contains conforming changes necessary due to the issuance of SAS No. 122.
m
To address practice issues, SAS No. 119, Supplementary Information in Relation to the Financial Statements as a Whole,
was issued in February 2010 as a SAS resulting from the Clarification and Convergence Project of the ASB, and is
effective for audits of financial statements for periods beginning on or after December 15, 2010. SAS No. 119 was
originally codified as AU section 551. SAS No. 122 redesignates AU section 551 as AU-C section 725 but does not
supersede SAS No. 119. AU-C section 725 contains conforming changes necessary due to the issuance of SAS No. 122.
n
To address practice issues, SAS No. 120, Required Supplementary Information, was issued in February 2010 as a SAS
resulting from the Clarification and Convergence Project of the ASB, and is effective for audits of financial statements for
periods beginning on or after December 15, 2010. SAS No. 120 was originally codified as AU section 558. SAS No. 122
redesignates AU section 558 as AU-C section 730 but does not supersede SAS No. 120. AU-C section 730 contains
conforming changes necessary due to the issuance of SAS No. 122.
o
SAS No. 87, Restricting the Use of an Auditors Report, is currently effective and codified as AU section 532. SAS No.122
redesignates AU section 532 as AU-C section 905, which will be superseded when it is redrafted for clarity and
convergence as part of the Clarification and Convergence Project of the ASB. Until such time, AU-C section 905 has
been conformed to reflect updated section and paragraph cross references, but has not otherwise been subjected to a
comprehensive review or revision. (Subsequently superseded by SAS No. 125.)
p
To address practice issues, SAS No. 117, Compliance Audits, was issued in December 2009 as a SAS resulting from the
Clarification and Convergence Project of the ASB, and is effective for compliance audits for fiscal periods ending on or
after June 15, 2010. SAS No. 117 was originally codified as AU section 801. SAS No.122 redesignates AU section 801 as
AU-C section 935 but does not supersede SAS No. 117. AU-C section 935 contains conforming changes necessary due
to the issuance of SAS No. 122.
q
The ASB has withdrawn AU section 504, Association With Financial Statements, and addressed its content in AU-C
section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally
Accepted Auditing Standards, AU-C section 230, Audit Documentation, AU-C section 260, The Auditors Communication
With Those Charged With Governance, AU-C section 705, and AU-C section 915, Reports on Application of Requirements
of an Applicable Financial Reporting Framework, and through proposed amendments to Statements on Standards for
Accounting and Review Services to the extent needed.
CHAPTER 2: PRE-ENGAGEMENT ACTIVITIES
200 INTRODUCTION AND AUTHORITATIVE LITERATURE
Introduction
200.1 Most audits are performed as part of a continuing engagement with a client. This chapter explains the activities that
take place (a) before an engagement is accepted and (b) in the early planning stages of an engagement. Many of these
matters receive attention annually before the start of a continuing engagement. However, they are particularly important and
more extensive in the first audit of a new client. In addition to allowing the auditor to make a decision about the acceptance or
continuance of a client relationship, pre-engagement activities also provide the auditor with important information that directly
contributes to the assessment of risks and development of an audit strategy and detailed audit plan.
200.2 At the beginning of an audit, an auditor should perform engagement acceptance and continuance procedures,
evaluate compliance with applicable ethics requirements, and establish an understanding with the client about the services to
be performed. (AU-C 300.06)
Authoritative Literature
200.3 The authoritative pronouncements that establish requirements or provide guidance that most directly affects
pre-engagement activities are as follows:
a. AU-C 210, Terms of Engagement, establishes the auditors responsibilities in agreeing upon the terms of the audit
engagement with management and, when appropriate, those charged with governance. This includes determining
that certain preconditions for an audit, for which management and, when appropriate, those charged with
governance are responsible, are present. [Formerly SAS No. 84 (AU 315), Communications Between Predecessor
and Successor Auditors, and SAS No. 108 (AU 311), Planning and Supervision]
b. AU-C 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing
Standards, addresses the specific responsibilities of the auditor regarding quality control procedures for an audit of
financial statements. [Formerly SAS No. 25 (AU 161), The Relationship of Generally Accepted Auditing Standards to
Quality Control Standards]
c. AU-C 300, Planning an Audit, addresses the auditors responsibility to plan an audit of financial statements.
[Formerly SAS No. 108 (AU 311), Planning and Supervision]
d. AU-C 510, Opening BalancesInitial Audit Engagements, Including Reaudit Engagements, establishes the auditors
responsibilities relating to opening balances in an initial audit engagement, including a reaudit engagement.
[Formerly SAS No. 84 (AU 315), Communications Between Predecessor and Successor Auditors]
e. Statement on Quality Control Standards (SQCS) No. 8 (QC 10), A Firms System of Quality Control, describes the
quality control policies and procedures, including those that pertain to client acceptance and continuance, that a
member firms quality control system should encompass.
f. Interpretation 101-3 (ET 101.05), Performance of Nonattest Services, of the AICPAs Code of Professional Conduct,
provides guidance regarding an auditors independence in relationship to an attest client when performing nonattest
services.
In addition to the items listed, auditors need to comply with other ethical requirements of the AICPAs Code of Professional
Conduct
1(7)
when considering whether an engagement can be accepted or continued. The authoritative pronouncements
are explained further at the relevant points in the following discussion.
201 OBJECTIVES AND REQUIREMENTS
Objectives
201.1 The objectives of the auditor when performing pre-engagement activities are to:
Accept an engagement for a new or existing audit client only when the basis upon which the audit is to be
performed has been agreed upon by establishing whether the preconditions for an audit are met and confirming that
a common understanding of the terms of the audit engagement exists between the auditor, management, and, when
appropriate, those charged with governance. (AU-C 210.03)
Requirements
201.2 The requirements that should be followed to achieve those objectives are summarized in Exhibit 2-1.
Exhibit 2-1
Requirements for Pre-engagement Activities
a
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Terms of Engagement
Establish whether the preconditions for an audit are
present
Determine whether the financial reporting
framework to be applied in the preparation of
the financial statements is acceptable.
AU-C 210.6 Section 202 ASB-CX-1.1
Obtain the agreement of management that it
acknowledges and understands its
responsibility
AU-C 210.6 Section 203 ASB-CL-1.1
1. for the preparation and fair presentation
of the financial statements in accordance
with the financial reporting framework (for
example, GAAP),
2. for the design, implementation, and
maintenance of internal control relevant
to the preparation and fair presentation of
financial statements that are free from
material misstatement, whether due to
error or fraud, and
3. to provide the auditor with (1) access to
all information of which management is
aware that is relevant to the preparation
and fair presentation of the financial
statements (such as records,
documentation, and other matters); (2)
additional information that the auditor
may request from management for the
purpose of the audit; and (3) unrestricted
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
access to persons within the entity from
whom the auditor determines it necessary
to obtain audit evidence.
If a client-imposed limitation will result in
disclaiming an opinion on the financial statements
as a whole, do not accept such a limited
engagement as an audit engagement. (If the entity
is required by law or regulation to have an audit
and a disclaimer of opinion is acceptable under the
applicable law or to the regulator, determine
whether to accept the engagement.)
If preconditions for an audit are missing, discuss them
with management. Unless required by law or
regulation to do so, do not accept the proposed audit
engagement if it is determined that the financial
reporting framework to be applied in the preparation of
the financial statements is unacceptable or if an
agreement that management acknowledges and
understands its responsibilities has not been obtained.
Agree upon the terms of the audit engagement with
management or those charged with governance, as
appropriate.
Document the agreed-upon terms of the audit
engagement in an audit engagement letter or other
appropriate form of written agreement. Include
The objective and scope of the audit of the
The responsibilities of the auditor.
The responsibilities of management.
A statement that because of the inherent
limitations of an audit, combined with the inherent
limitations of internal control, an unavoidable risk
exists that some material misstatements may not
be detected, even though the audit is properly
planned and performed in accordance with
GAAS.
Identification of the financial reporting framework
(for example, GAAP) for the preparation of the
Reference to the expected form and content of
any reports to be issued by the auditor and a
statement that circumstances may arise in which
a report may differ from its expected form and
content.
Before accepting an engagement for an initial audit,
including a reaudit engagement, request that
management authorize the predecessor auditor to
AU-C 210.11 Section 202 ASB-IA-1
ASB-CL-13.1
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
respond fully to the auditors inquiries regarding
matters that will assist the auditor in determining
whether to accept the engagement.
If management refuses to authorize the predecessor
auditor to respond, or limits the response, inquire
about the reasons and consider the implications of
that refusal in deciding whether to accept the
engagement.
In determining whether to accept the engagement,
evaluate the predecessor auditors response or
consider the implications if the predecessor auditor
provides no response or a limited response.
On recurring audits, determine if circumstances
require the terms of the audit engagement to be
revised. If the terms of the prior engagement do not
need to be revised for the current engagement, remind
management of the terms of the engagement and
document the reminder.
Do not agree to a change in the terms of the audit
engagement when no reasonable justification for
doing so exists.
AU-C 210.14 Section 203 ASB-AP-2,
Change in the
Terms of an
Audit
Engagement
ASB-CL-1.2
If, prior to completing the audit engagement, a request
is received to change the audit engagement to an
engagement for which a lower level of assurance is
obtained (that is, a review or other service), determine
whether reasonable justification for doing so exists.
Change in the
Terms of an
Audit
Engagement
Agree with management on any new terms of the
engagement and document in an engagement letter or
other appropriate form of written agreement.
Change in the
Terms of an
Audit
Engagement
ASB-CL-1.2
If no reasonable justification for a change of the terms
of the audit engagement exists and management does
not allow the original audit engagement to continue:
(a) withdraw from the audit engagement when
possible under applicable law or regulation, (b)
communicate the circumstances to those charged with
governance, and (c) determine whether any obligation
(either legal, contractual, or otherwise) exists to report
the circumstances to other parties (such as owners or
regulators).
Change in the
Terms of an
Audit
Engagement
Planning an Audit
Perform continuance procedures for both the client AU-C 300.06 Section 202 ASB-CX-1.1
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
relationship and this audit engagement.
Evaluate compliance with applicable ethics
requirements.
Establish an understanding with the client about the
services to be performed.
For initial audits, perform client and engagement
acceptance procedures before starting the
engagement. If there has been a change of auditors,
communicate with the predecessor auditor.
ASB-CL-13.1
ASB-CL-13.4
Opening Balances in Initial Audits and Reaudits
Request management to authorize the predecessor
auditor to allow a review of the predecessors audit
documentation and to respond fully to the auditors
inquiries.
AU-C 510.07 Section 202 ASB-IA-1
ASB-CL-13.1
Note:
a
AU-C 220 provides requirements and application and other explanatory material to the auditor and engagement partner
as they relate to each element of quality control during the performance of an audit of financial statements, including
requirements for acceptance and continuance of client relationships and audit engagements. Chapter 1 includes the
requirements for AU-C 220 and section 202 discusses certain specific requirements.
* * *
202 CLIENT ACCEPTANCE AND CONTINUANCE
202.1 The auditors broad responsibilities under professional standards regarding client acceptance and continuance
decisions are as follows:
Establishing Policies and Procedures.
2(8)
According to SQCS No. 8 (QC 10.27), The firm should establish policies
and procedures for the acceptance and continuance of client relationships and specific engagements, designed to
provide the firm with reasonable assurance that it will undertake or continue relationships and engagements only
when the firm
a. is competent to perform the engagement and has the capabilities, including time and resources, to do so;
b. can comply with legal and relevant ethical requirements; and
c. has considered the integrity of the client and does not have information that would lead it to conclude that the
client lacks integrity.
Timing of Procedures. AU-C 300.06 and AU-C 300.A8 indicate that auditors should perform client acceptance and
continuance procedures, including evaluating compliance with ethical requirements, prior to performing significant
audit activities for the current engagement.
Establishing Preconditions for an Audit.
3(9)
AU-C 210 addresses the auditors responsibilities in agreeing on the
terms of an audit, which includes establishing that certain preconditions are present. AU-C 210.04 defines
preconditions for an audit as the use by management of an acceptable financial reporting framework in the
preparation and fair presentation of the financial statements and the agreement of management and, when
appropriate, those charged with governance, to the premise on which an audit is conducted. For audits of financial
statements for periods ending on or after December 15, 2012, if the preconditions for an audit are not met, the
auditor should discuss the matter with management. Unless the auditor is required by law or regulation to accept
the engagement, the auditor should not accept the proposed audit engagement. (AU-C 210.08)
Communicating with Previous Auditors. AU-C 210.11 notes that the successor auditor should request permission
from the prospective client to inquire of the predecessor auditor, prior to final acceptance of the engagement, about
matters that would assist in making the acceptance decision. In determining whether to accept the engagement, the
auditor should evaluate the predecessor auditors response or consider the implications if the predecessor auditor
provides no response or a limited response. See additional discussion on communicating with predecessor auditors
beginning at paragraph 202.19 and in section 205.
202.2 Client acceptance/continuance policies and procedures provide reasonable assurance that:
Engagements that are accepted can reasonably be expected to be completed with professional competence.
The risks associated with providing professional services in the particular circumstances are appropriately
considered.
Many auditors have traditionally viewed the client acceptance/continuance process as a means of gathering information that
will allow a decision about whether to accept or continue a client relationship or a specific engagement. However, the
information gathered generally has an impact on later steps in the audit process for those clients or engagements that are
accepted. For example, acceptance/continuance procedures often provide critical information that can be used by the auditor
when establishing an audit strategy, identifying and assessing risks, and developing a detailed audit plan, as well as for other
audit purposes. AU-C 500.A27 specifically notes that audit evidence includes information obtained from client acceptance and
continuance procedures.
202.3 If issues involving the acceptance or continuance of a client relationship or a specific engagement are identified and
the firm decides to accept or continue the client relationship or the specific engagement, SQCS No. 8 (QC 10.28) requires the
firm to consider whether any ethical requirements under Rule 102, Integrity and Objectivity, apply and to document how any
issues were resolved.
Preconditions for an Audit
202.4 Financial Reporting Framework. As a precondition for an audit, the auditor should determine whether the financial
reporting framework to be applied in the preparation of the financial statements is acceptable. As discussed in Chapter 1, the
applicable financial reporting framework is the set of accounting principles used by the entity to prepare its financial
statements. (This Guide assumes that entities are following U.S. generally accepted accounting principles.) According to
AU-C 210.A4, factors to consider to determine if the financial reporting framework is acceptable include
The nature of the entity (for example a business entity, governmental entity, or a nonprofit organization).
The purpose of the financial statements (for example whether they meet the common financial information needs of
a wide range of users).
The nature of the financial statements (for example whether they are a complete set of financial statements or a
single financial statement).
Whether law or regulation prescribes the applicable financial reporting framework.
That determination generally is made during the acceptance and continuance procedures. For many clients, the auditor may
presume that the applicable reporting framework is acceptable. (AU-C 210.A3)
202.5 Agreement of Management. Another precondition of an audit is to obtain the agreement of management that it
acknowledges and understands its responsibilities. That agreement generally is obtained through the use of an engagement
letter. Engagements letters are discussed in section 203.
202.6 Management-imposed Limitation on Scope under the Clarified Standards. AU-C 210.07 notes that there may be
circumstances when management or those charged with governance may impose a limitation on the scope of the auditors
work. If the auditor believes that the scope limitation would result in a disclaimer of opinion on the financial statements taken
as a whole, the auditor should not accept the engagement. However, if the entity is required by law or regulation to have an
audit and the scope limitation and disclaimer of opinion is acceptable under the applicable law or regulation, the auditor may,
but is not required, to accept the engagement. Note that the requirement in AU-C 210.07 is applicable for audits of financial
statements for periods ending on or after December 15, 2012. For audits of financial statements for periods ending before
December 15, 2012, the auditor should discuss with the client the possibility of a disclaimer of opinion before accepting or
continuing the engagement.
Risk-based Perspective
202.7 When deciding whether to accept or continue a client, the auditor considers the risks related to the engagement. This
is a very high-level consideration of whether the risk level related to the engagement and the overall financial statements is
greater than normal. For situations that pose greater than normal risk, firm policies determine when a new engagement is
declined and when the relationship with a continuing client is terminated.
202.8 If a client with greater than normal risk is accepted or continued, there has to be an appropriate audit response to the
risk level in the audit plan. A client with greater than normal risk poses a greater risk to the auditor from a business risk
perspective (the auditors own business risk) and also involves a greater risk of material misstatement of the financial
statements. Both AU-C 240.A27 and AU-C 315.07 note that the auditor considers whether procedures relating to the
acceptance and continuance of clients and engagements may be relevant in the identification of risks of material
misstatement.
202.9 For a new engagement, the auditor obtains a general understanding of managements reputation and integrity and of
the clients industry, operations, and financial condition through discussions with management, predecessor auditors, and
other knowledgeable parties. For a continuing engagement, the auditor considers the same factors, but also considers
whether there have been changes that affect the auditors continuance decision.
202.10 The engagement acceptance or continuance decision normally focuses on factors that increase overall financial
statement risk. What is the intended use of the financial statements? For example, if the financial statements are to be used in
a sale of the business and the sales price is dependent on financial statement amounts, there is greater risk. Do discussions
with the predecessor auditor, bankers, attorneys, or others raise any concerns about managements integrity? Are there
increased risks due to indications of pressures, opportunities, or incentives for fraudulent financial reporting on the part of
management? Is the company in a precarious financial position that creates a likelihood of bankruptcy? Consideration of this
information might cause the auditor to decline to accept the engagement or to terminate the client relationship, or might
cause the auditor to plan and perform the audit in a different manner.
202.11 The early identification of higher risk engagements can help ensure that audit personnel with adequate industry and
overall audit experience are assigned to the engagement and that sufficient involvement of the partner and manager occur at
all stages of the audit, but particularly during the risk assessment process. Also, the preliminary scheduling of audit work and
estimates of audit time (and often, fee estimates) will be affected by any risks that have been identified through client
acceptance or continuance. In addition, the reporting deadlines established need to allow sufficient time for dealing with the
anticipated risk level. In some cases, greater than normal involvement of a second partner in the engagement may be
advisable. Many of these matters are audit strategy issues. See the discussion of audit strategy in section 306.
Client Acceptance: Decision-making Process
202.12 Exhibit 2-2 presents a decision-making process for evaluating new client acceptance in an audit engagement. The
process depicted in the flowchart begins with certain decisions the firm makes regarding factors that impact the firms overall
practice and proceeds through specific client and engagement considerations.
202.13 As illustrated in Exhibit 2-2, before accepting a new client, an auditor naturally wants to consider the following items:
a. Whether there are any professional reasons not to provide services to the client.
b. What services are to be provided.
c. Whether the firm meets ethical requirements, including independence.
d. Whether professional standards and other relevant requirements can be met in providing those services.
After accepting a new client, auditors should consider whether their engagement acceptance procedures provide information
that may be relevant in identifying risks of material misstatement due to error or fraud. The annual evaluation for continuing
engagements is discussed further beginning at paragraph 202.73.
Exhibit 2-2
Evaluating New Client Acceptance
Notes:
a
For audits of financial statements for periods ending on or after December 15, 2012, if the audit is not required by law or
regulation, and management or those charged with governance has imposed a limitation on the scope of the audit such
that the limitation would result in the auditor disclaiming an opinion on the financial statements, the auditor should not
accept such an engagement. (AU-C 210.07)
b
As discussed at paragraph 202.3, if issues involving the acceptance or continuance of a client relationship or a specific
engagement are identified and the firm decides to accept or continue the client relationship or the specific engagement,
SQCS No. 8 requires that the firm document how the issues were resolved. (QC 10.28)
* * *
Prospective Clients Reputation
202.14 An auditor considers the reputation of the prospective client, its management, and those charged with governance.
Quality control standards require CPA firms to establish policies and procedures to minimize the likelihood of accepting or
continuing association with a client whose management lacks integrity (QC 10.27). One of the characteristics of many smaller
business entities is concentration of ownership or operational control in one or a few individuals. This means that a primary
consideration in client acceptance for those engagements is the general honesty and good faith of the owner/manager.
Consideration may also be given to whether
Management and those charged with governance are knowledgeable about the business.
Management and those charged with governance are committed to the application of appropriate accounting
principles.
The entity possesses an appropriate organizational structure, including the nature and purpose of related party
relationships.
Management and those charged with governance have an appropriate attitude about the financial reporting process,
including internal controls.
Management and those charged with governance reflect an appropriate attitude regarding the general nature of
audit procedures to be applied, time commitments and client resources, and level of effort necessary to complete
the audit.
202.15 In connection with the auditors initial or recurring retention, the auditor might discuss or correspond with
management about a significant issue, for example, a particular application of accounting principles or auditing standards.
Unless all of those charged with governance are involved in managing the entity, AU-C 260.14 indicates that significant issues
that were discussed or were the subject of correspondence with management should be communicated with those charged
with governance. Communicating with those charged with governance is more fully discussed in section 1815.
202.16 Sources of Information. Neither quality control standards nor generally accepted auditing standards provide specific
requirements on the depth of an investigation of a prospective client except for the requirement in AU-C 300.13 to
communicate with a predecessor auditor. If the prospective client is well known to the auditor, the only procedures could be
inquiry of the predecessor auditor and review of the prior financial statements and reports. Depending on the auditors
familiarity with the prospective client, the inquiry and analysis made before a client acceptance decision usually include the
following:
Specific inquiry of former accountants or auditors who have provided services to the client.
Specific inquiry of the prospective clients lawyer and banker.
Review of the prospective clients most recent interim or annual financial statements, income tax returns, and reports
to regulatory agencies.
Consideration of the composition, qualifications, and autonomy of those charged with governance.
202.17 In addition, the following might also be considered when assessing the prospective clientis reputation:
Managements response to suggestions made by predecessor auditors for improvements to internal controls.
Inquiry of commercial credit agencies and business groups or associations, such as the Better Business Bureau.
A background check performed by an investigative firm. The desirability of such a check might be suggested by
indicators such as frequent changes in auditors, bankers, or lawyers, or the results of inquiries, reviews, or
considerations previously listed.
202.18 When considered necessary based on the circumstances, a variety of online database services are available to assist
the firm in obtaining information about the prospective client and its management. Such service providers, a few of which are
summarized in Exhibit 2-3, allow the firm to search for bankruptcy records, litigation history, Dun & Bradstreet reports,
corporate filings, corporate affiliations, and newspapers or trade publications containing information on prospective clients
and their management. These searches can be performed from the office at a relatively low cost. However, it is a good idea to
check with legal counsel prior to performing a background check to determine if there are any federal, state, or local laws that
require permission from, or disclosure to, the prospective client. Prospective clients that limit access to their former auditors
need to be viewed with skepticism.
Exhibit 2-3
SOURCES OF BACKGROUND INFORMATION
INFORMATION SOURCE HOW TO CONTACT
Credit Rating Services
Dun & Bradstreet Corporation www.dnb.com
Equifax www.equifax.com
Experian www.experian.com
Moodys Investors Services www.moodys.com
National Association of Credit Management (NACM) www.nacm.org
Standard & Poors www.standardandpoors.com
TransUnion www.transunion.com
Online Database Services
Access Information www.access-information.com
CLEAR clear.thomsonreuters.com
Dialog www.dialog.com
Hoovers www.hoovers.com
LexisNexis www.lexisnexis.com
PUBLICDATA.com www.publicdata.com
Standard & Poors www.standardandpoors.com
General Business Information
AT&T Information www.anywho.com
Google Directory http://research.stlouisfed.org/publications/n
et
National White Pages www.switchboard.com
Yahoo Business Directory http://dir.yahoo.com/business_and_economy
* * *
Communication with a Predecessor
202.19 Communicating with the predecessor auditor is a necessary procedure because the predecessor auditor may be able
to provide information that will assist the successor auditor in determining whether to accept the engagement. The successor
auditor may discover that the predecessor auditor and the client have disagreed about accounting principles, auditing
procedures, or similarly significant matters. This means that a predecessor may have reached the conclusion that (a) the
client lacks integrity or (b) the client may be changing auditors because of a dispute with the predecessor about audit scope
or financial statement presentation. Naturally, this kind of information could influence an auditors decision on the desirability
of accepting a prospective client.
202.20 AU-C 510.05 defines the term predecessor auditor as an auditor from a different audit firm who reported on the most
recent audited financial statements or was engaged to perform but did not complete an audit of the financial statements. That
may include an auditor who was engaged to perform an initial audit but did not complete the audit. It may also include an
auditor who was engaged subsequent to the most recent audited financial statements (that is, a successor auditor) who did
not complete the audit. In the latter case, there may be two predecessor auditorsthe auditor who reported on the most
recent audited financial statements and the successor auditor who did not complete the audit. Communication about
management integrity and other matters (see paragraph 202.22) should be made of all predecessor auditors.
202.21 AU-C 210.A27 clarifies the timing of the communication with the predecessor by indicating that an auditor may make
a proposal before communicating with the predecessor. The communication, however, ought to happen before final
acceptance of the engagement. In other words, the predecessor is not expected to respond to inquiries until the successor
has been selected and has accepted the engagement subject to evaluation of the predecessors response.
202.22 The precise form of the communication with a predecessor is not specified by professional standards. For example, a
written communication is not requiredsimply talking with the predecessor is enough. The essential aspects of the
communication are as follows:
a. Client Permission. An auditor should ask the prospective client to authorize the predecessor to respond fully. (This is
necessary because of the ethical requirement for confidentiality.) (AU-C 210.11)
b. Specific Questions. An auditor may ask specifically about certain matters such as:
(1) Information that might bear on managements integrity.
(2) Disagreements with management on accounting principles, auditing procedures, or similar matters.
(3) Communications with those charged with governance regarding fraud and noncompliance with laws and
regulations by the entity.
(4) Communications with management and those charged with governance regarding internal control matters.
(5) The predecessors understanding of reasons for the change of auditors.
202.23 If the prospective client refuses permission to talk with the predecessor, an auditor should find out why. Such a
refusal is considered by many auditors to be sufficient reason to turn down an engagement. A drafting example of a request
for a predecessor to release information to a successor is presented at ASB-CL-13.1. As discussed in paragraph 202.22,
professional standards do not require a written communication between the predecessor auditor and the successor auditor.
In fact, many auditors prefer to make such communications orally. If the inquiries of the predecessor auditor are made orally,
the communication can be documented at Part II of the Engagement Acceptance and Continuance Form at ASB-CX-1.1 or
in a separate memo. However, if the auditor chooses to make the inquiries in writing, ASB-CL-13.4 presents a drafting form for
such a letter. Communications with a predecessor after acceptance are discussed in section 910.
202.24 As a result of making inquiries of the predecessor auditor, the auditor carefully considers the following situations
when making the decision whether to accept a client:
Disagreements occurred between the prospective client and the predecessor auditor over accounting principles or
practices, financial statement disclosures, or audit scope.
There is no clear reason for the cessation of the client relationship with the predecessor auditor.
Access to the predecessor auditors workpapers has been denied.
The prospective client has been denied service by other CPA firms.
202.25 Under AU-C 915, communication with a predecessor auditor may also be necessary in proposing for a new client.
AU-C 915 applies if a potential client requests that a written proposal include the proposing auditors opinion on the
application of the requirements of an applicable financial reporting framework to a specific transaction or on the type of
opinion that may be rendered on the specific entitys financial statements. Before the proposal is made, the auditor may ask
the predecessor auditor about the accounting or reporting issue and available facts relevant to forming a judgment about the
issue, including the form and substance of the transaction, how management has applied accounting principles to similar
transactions, and whether the predecessor auditor and potential client have disagreed about the facts or application of
relevant standards. A drafting example of a request for a predecessor to release information about a prospective client prior to
making a proposal for an engagement is presented at ASB-CL-13.5. Reports on the application of the requirements of an
applicable financial reporting framework are discussed in section 1312 of PPCs Guide to Auditors Reports.
202.26 If the predecessor has ceased operations, the auditor still attempts the required communications, according to an
AICPA Technical Practice Aid at TIS 8900.03. If the auditor cannot communicate with the predecessor, that fact is considered
in the acceptance decision. However, that does not mean the auditor automatically declines the engagement. The auditor
may be able to obtain sufficient information about client integrity and other matters from alternative sources (attorneys,
bankers, reading the predecessors prior audit reports and other communications, etc.) to make the acceptance decision.
202.27 Some nonpublic entities only have their financial statements audited on an as needed basis, or they may have a
policy to have their financial statements audited once every two or three years. AU-C 510.02 notes that its provisions
(including communicating with a predecessor) are not applicable if the most recent audited financial statements are more
than one year before the beginning of the earliest period to be audited by the successor. For example, if the period to be
audited by the successor begins January 1, 20X4 and the clients last audit was for the year ended December 31, 20X2, then
AU-C 510 is not applicable. However, for audits of periods ending before December 15, 2012, communication with
predecessor auditors is not required if the most recent audited financial statements are more than two years before the
beginning of the earliest period to be audited by the successor. The successor auditor may make inquiries and/or review
client documents (such as board of directors minutes or loan agreements) to determine if an audit has been performed within
the applicable period.
202.28 Pre-engagement activities for initial audits are discussed in section 205. Other considerations when performing an
initial audit, including a reaudit, are discussed in section 910.
Assessment of Services
202.29 A preliminary discussion with the prospective client is usually necessary to become familiar with the services that will
be provided. This allows the auditor to consider whether the firms resources are adequate to provide those services. It also
provides an opportunity to make sure the client understands the nature of the services to be provided. Subsequent fee
disputes can be avoided if the client clearly understands that additional fees will be charged for additional services that are
later requested.
202.30 The preliminary discussion may include consideration of the following:
a. Expected Use of Financial Statements. Are the financial statements needed to secure or meet requirements of a
bank loan, to meet the requirements of a government agency, for the information of absentee owners, for use in
negotiating a sale of the business, etc.?
b. Need for an Audit. Is an audit essential for the intended use of the financial statements? Does the prospective client
understand the differing scopes, levels of assurance, and costs associated with compilations, reviews, and audits?
c. Need for Other Services. If an audit is needed, are other services such as, preparation of tax returns or special
investigation of a particular area also needed?
d. Reporting Deadlines. Are audited financial statements needed at a particular date to meet the clients needs? Is this
date late enough to permit the necessary audit work?
202.31 The preliminary discussion with a prospective client includes the nature of an unmodified (unqualified) opinion and
the types of matters that might preclude such an opinion. This is particularly important if a prospective client proposes
something that would limit the scope of the audit. See discussion on scope limitations in paragraph 202.6.
Independence
202.32 The AICPA, state boards, the Securities and Exchange Commission, the PCAOB, the Department of Labor, and the
Government Accountability Office of the United States each have their own independence rules. Some of the AICPA
independence rules apply a team approach, which narrows the pool of those members of a firm who are subject to certain
independence requirements by focusing on covered members. Covered members are those who are members of an attest
engagement team or able to influence the engagement or attest engagement team. Under the AICPA rules, auditors may be
able to structure the engagement team so that independence is not impaired. PPCs Guide to GAAS provides a detailed
discussion of those and other independence rules. Some specific considerations in applying independence rules in audit
engagements for nonpublic entities are discussed in the remaining paragraphs of this section.
4(10)
202.33 Nonattest Services. For many nonpublic engagements, the most frequent concern about meeting independence
requirements is the effect of providing nonattest services, such as bookkeeping services, to the client. For example, an auditor
may be asked to provide manual or automated bookkeeping services to clients who are too small to employ an adequate
accounting staff. Concerns may arise that an auditors independence has been impaired in these circumstances.
202.34 According to Interpretation 101-3, Performance of Nonattest Services, of the AICPAs Code of Professional Conduct
(ET 101.05), before auditors perform nonattest services, they should determine that the requirements of Interpretation 101-3
have been met.
5(11)
Interpretation 101-3 requires the following with respect to the performance of nonattest services:
The auditor should not perform management functions or make management decisions for the attest client.
The client must agree to perform certain specific functions in connection with the nonattest services.
The auditor should document in writing the understanding with the client regarding the nonattest services and the
clients responsibilities.
202.35 Under the Interpretation, independence is considered to be impaired if an auditor (or his or her firm) performs
management functions or makes management decisions for an attest client. However, the auditor may assist management in
those functions or decisions. For the auditor to remain independent, the client should agree to perform all of the following
functions in connection with the engagement to perform nonattest services:
Make all management decisions and perform all management functions.
Designate an individual who possesses suitable skill, knowledge, or experience, preferably within senior
management, to oversee the services.
Evaluate the adequacy and results of the services performed.
Accept responsibility for the results of the services.
202.36 In addition, the auditor should be satisfied that the client will be able to meet all of these criteria and make an
informed judgment on the results of the nonattest services. In cases where the client is unable or unwilling to assume its
responsibilities, the auditors performance of the nonattest services would impair independence.
202.37 The Interpretation also requires the auditor to document in writing his or her understanding with the client regarding
the following:
Objectives of the engagement (i.e., the nonattest services).
Services to be performed.
Clients acceptance of its responsibilities.
Auditors responsibilities.
Any limitations of the engagement.
202.38 The Interpretation does not specify how the understanding is to be documented, so the auditor has flexibility. For
example, the understanding might be documented in a separate engagement letter, in the workpapers, in an internal memo,
or in the engagement letter obtained in conjunction with an audit engagement. The authors believe it is common in many
nonpublic audit engagements for auditors to also provide nonattest services, such as tax return preparation or bookkeeping
services. Therefore, the sample engagement letter at ASB-CL-1.1 includes the language necessary to meet the auditors
documentation requirements under Interpretation 101-3 (ET 101.05).
6(12)
If the auditor chooses to document the
understanding with the client about the performance of nonattest services other than in the engagement letter, the checklist at
ASB-CX-1.2, ET Interpretation 101-3 Documentation Form can be used.
202.39 Certain activities performed as part of a nonattest service are considered to be management functions and, therefore,
impair independence regardless of whether the auditor complies with the other requirements of Interpretation 101-3. The
Interpretation lists common nonattest service activities and notes whether they are or are not considered to impair
independence. The Interpretation specifically states that performance of the following general activities would impair an
auditors independence (that is, they would preclude the auditor from being independent):
Exercising authority on behalf of a client, such as authorizing, executing, or consummating a transaction, or having
the authority to do so.
Preparing source documents, in electronic or other form, that evidence the occurrence of a transaction.
Having custody of client assets.
Supervising client employees performing their normal recurring activities.
Determining which of the auditors recommendations should be implemented.
Reporting to the board of directors on behalf of management.
Serving as a clients stock transfer or escrow agent, registrar, or general counsel.
Establishing or maintaining internal controls, including performing ongoing monitoring activities for a client.
7(13)
Exhibit 2-4 provides a table adapted from Interpretation 101-3 that lists various types of nonattest services an auditor may
perform and addresses the impact of those services on the auditors independence.
Exhibit 2-4
Impact on Independence of Performing Nonattest Services
a
Type of Nonattest
Service
Independence Would Not Be Impaired Independence Would Be Impaired
Bookkeeping Record transactions for which
management has determined or
approved the appropriate account
classification, or post coded
transactions to a clients general
ledger.
Prepare financial statements
based on information in the trial
balance.
Post client-approved entries to a
clients trial balance.
Propose standard, adjusting, or
correcting journal entries or other
changes affecting the financial
statements to the client provided
the client reviews the entries and
the member is satisfied that
Determine or change journal entries,
account codings or classification for
transactions, or other accounting
records without obtaining client
approval.
Authorize or approve transactions.
Prepare source documents.
Make changes to source documents
without client approval.
Type of Nonattest
Service
management understands the
nature of the proposed entries
and the impact the entries have
on the financial statements.
Nontax disbursement Using payroll time records
provided and approved by the
client, generate unsigned checks,
or process clients payroll.
Transmit client-approved payroll
or other disbursement information
to a financial institution provided
the client has authorized the
member to make the transmission
and has made arrangements for
the financial institution to limit the
corresponding individual
payments as to amount and
payee. In addition, once
transmitted, the client must
authorize the financial institution
to process the information.
Accept responsibility to authorize
payment of client funds, electronically
or otherwise, except as specifically
provided for with respect to electronic
payroll tax payments.
Accept responsibility to sign or
co-sign client checks, even if only in
emergency situations.
Maintain a clients bank account or
otherwise have custody of a clients
funds or make credit or banking
decisions for the client.
Approve vendor invoices for payment.
Benefit plan
administration
b
Communicate summary plan data
to plan trustee.
Advise client management
regarding the application or
impact of provisions of the plan
document.
Process transactions (e.g.,
investment/benefit elections or
increase/decrease contributions
to the plan; data entry; participant
confirmations; and processing of
distributions and loans) initiated
by plan participants through the
members electronic medium,
such as an interactive voice
response system or Internet
connection or other media.
Prepare account valuations for
plan participants using data
collected through the members
electronic or other media.
Prepare and transmit participant
statements to plan participants
based on data collected through
the members electronic or other
medium.
Make policy decisions on behalf of
client management.
When dealing with plan participants,
interpret the plan document on behalf
of management without first obtaining
managements concurrence.
Make disbursements on behalf of the
plan.
Have custody of assets of a plan.
Serve a plan as a fiduciary as defined
by ERISA.
Investment
advisory or
Recommend the allocation of
funds that a client should invest in
Make investment decisions on behalf
of client management or otherwise
Type of Nonattest
Service
management various asset classes, depending
upon the clients desired rate of
return, risk tolerance, etc.
Perform recordkeeping and
reporting of clients portfolio
balances including providing a
comparative analysis of the
clients investments to third-party
benchmarks.
Review the manner in which a
clients portfolio is being managed
by investment account managers,
including determining whether the
managers are (1) following the
guidelines of the clients
investment policy statement; (2)
meeting the clients investment
objectives; and (3) conforming to
the clients stated investment
styles.
Transmit a clients investment
selection to a broker-dealer or
equivalent provided the client has
authorized the broker-dealer or
equivalent to execute the
transaction.
have discretionary authority over a
clients investments.
Execute a transaction to buy or sell a
clients investment.
Have custody of client assets, such as
taking temporary possession of
securities purchased by a client.
Corporate finance
consulting or
advisory
Assist in developing corporate
strategies.
Assist in identifying or introducing
the client to possible sources of
capital that meet the clients
specifications or criteria.
Assist in analyzing the effects of
proposed transactions including
providing advice to a client during
negotiations with potential buyers,
sellers, or capital sources.
Assist in drafting an offering
document or memorandum.
Participate in transaction
negotiations in an advisory
capacity.
Be named as a financial advisor in
a clients private placement
memoranda or offering
documents.
Commit the client to the terms of a
transaction or consummate a
transaction on behalf of the client.
Act as a promoter, underwriter,
broker-dealer, or guarantor of client
securities, or distributor of private
placement memoranda or offering
documents.
Maintain custody of client securities.
Executive or
employee search
Recommend a position
description or candidate
specifications.
Solicit and perform screening of
candidates and recommend
Commit the client to employee
compensation or benefit
arrangements.
Hire or terminate client employees.
Type of Nonattest
Service
candidates and recommend
qualified candidates to a client
based on the client-approved
criteria (e.g., required skills and
experience).
Participate in employee hiring or
compensation discussions in an
advisory capacity.
Business risk
consulting
Provide assistance in assessing
the clients business risks and
control processes.
Recommend a plan for making
improvements to a clients control
processes and assist in
implementing those
improvements.
Make or approve business risk
decisions.
Present business risk considerations
to the board or others on behalf of
management.
Information
systemsdesign,
installation or
integration
Install or integrate a clients
financial information system that
was not designed or developed
by the member (e.g., an
off-the-shelf accounting package).
Assist in setting up the clients
chart of accounts and financial
statement format with respect to
the clients financial information
system.
Design, develop, install, or
integrate a clients information
system that is unrelated to the
clients financial statements or
accounting records.
Provide training and instruction to
client employees on an
information and control system.
Design or develop a clients financial
information system.
Make other than insignificant
modifications to source code
underlying a clients existing financial
information system.
Supervise client personnel in the daily
operation of a clients information
system.
Operate a clients local area network
(LAN) system.
Notes:
a
This exhibit is adapted from AICPA Ethics Interpretation 101-3, Performance of Nonattest Services, as revised July 2007.
b
When auditing plans subject to the Employee Retirement Income Security Act (ERISA), Department of Labor (DOL)
regulations, which may be more restrictive, must be followed.
* * *
202.40 Interpretation 101-3 (ET 101.05) also addresses tax compliance services. Preparing a tax return and transmitting the
tax return and related payment, either electronically or in paper form, to a taxing authority does not impair independence as
long as the auditor does not have custody or control of the clients funds and the individual overseeing the tax services (a)
reviews and approves the return and payment and (b) signs the return prior to transmittal, if required for the filing. Signing and
filing a tax return impairs independence unless the auditor has legal authority to do so and
the taxing authority has prescribed procedures, allowing the taxpayer to permit the auditor to sign and file a return
on their behalf, that meet the standards for electronic return originators and officers outlined in IRS Form 8879, or
an individual in client management who is authorized to sign and file the tax return provides the auditor with a signed
statement that indicates
The return being filed.
That the individual is authorized to sign and file the return.
That the individual has reviewed the return, including accompanying schedules, and it is true, correct, and
complete to the best of their knowledge and belief.
That the individual authorizes the auditor to sign and file the return on behalf of the client.
The Interpretation also indicates that the auditors representation of the client in an administrative proceeding before a taxing
authority does not impair independence providing the auditor obtains the clients agreement prior to committing the client to a
specific resolution with the taxing authority. Independence is impaired if the auditor represents the client in court to resolve a
tax dispute.
202.41 In addition, under Interpretation 101-3 (ET 101.05), certain appraisal, valuation, or actuarial services are considered to
impair independence. Performing appraisal, valuation, or actuarial services impairs independence if the results are material to
the financial statements and the service involves significant subjectivity. For example, a material asset appraisal or business
valuation generally involves significant subjectivity, and therefore would impair independence if performed for financial
statement purposes. However, an actuarial valuation of a clients pension liabilities ordinarily does not require significant
subjectivity and, therefore, would not impair independence even if the amount was material.
202.42 Under Interpretation 101-3 certain types of forensic accounting services may impair independence. Independence is
impaired if an auditor conditionally or unconditionally agrees to provide expert witness testimony for a client. However, under
certain defined conditions, independence is not impaired if the auditor provides expert witness testimony for a large group of
plaintiffs or defendants that includes the auditors client. If the auditor provides litigation services where he or she is a trier of
fact, special master, court-appointed expert, or arbitrator in a matter involving a client, independence is impaired.
202.43 In some cases, the auditor may perform extended audit services for a client. Extended audit services may include
assistance with the clients internal audit function or an extension of audit services beyond the requirements of generally
accepted auditing standards. Interpretation 101-3 also addresses the impact of those services on the auditors independence.
According to the Interpretation, performance of internal audit assistance services does not impair the auditors independence
as long as the auditor is not an employee of the client or does not act in the capacity of management (for example,
determining the scope, risk, and frequency of internal audit activities). The auditor should be satisfied that the client
understands its responsibility for directing the internal audit function. The general requirements of the Interpretation discussed
previously (such as documenting the understanding with the client) also must be met. With respect to providing assistance
with the internal audit function, the auditor should be satisfied that the board of directors and/or audit committee (if one exists)
is fully informed of the engagement. Generally, performing procedures that are merely an extension of the auditors scope
applied in the audit of the clients financial statements (such as confirming accounts receivable) would not impair the auditors
independence even if the extent of testing exceeds the requirements of generally accepted auditing standards.
202.44 Should Proposing Journal Entries and Preparing Financial Statements in Connection with an Audit Be Viewed as
Bookkeeping and, Therefore, Nonattest Services? Interpretation 101-3 includes bookkeeping as an example of a nonattest
service. Rather than define bookkeeping, the Interpretation provides several examples of services that would be considered
bookkeeping. Two of those examples, which are listed in Exhibit 2-4, are (a) proposing standard, adjusting, or correcting
journal entries or other changes affecting the financial statements to the client and (b) preparing financial statements based
on information in the trial balance. Practice questions have arisen as to whether those examples mean that proposing journal
entries and preparing financial statements in connection with an audit should be viewed as bookkeeping and, therefore,
nonattest services subject to the Interpretation. As a practical matter, small and midsize nonpublic entities typically view
proposing journal entries and preparing financial statements as part of the audit, and, based on implementation guidance
provided in questions and answers published by the AICPA Professional Ethics Executive Committee (PEEC) during 2004 and
2005, the authors believe it is clear that PEEC did not intend for Interpretation 101-3 to view those services as separate from
the audit.
202.45 The authors view bookkeeping services as services that involve processing an entitys transactions or preparing an
entitys accounting records. For example, preparing an entitys accounting journals and ledgers by entering information
provided by management into Peachtreer or other accounting software is a bookkeeping service because it involves
preparing an entitys accounting records. Bookkeeping services that
a. Constitute management functions, such as authorizing or approving purchase orders or preparing sales invoices,
would impair independence.
b. Do not constitute management functions, such as recording disbursements approved by management, would not
impair independence provided the auditor obtained the understanding with the entity required by the Interpretation.
Failure to obtain the required understanding would impair independence. However, failure to comply with the
Interpretations requirement to document that understanding would not impair independence but would be a
violation of Rule 202, Compliance With Standards, of the AICPAs Code of Professional Conduct.
202.46 The authors believe performing procedures in connection with an audit that are designed to address audit risk arising
from the lack of control activities, such as reconciling carrying amounts of assets and liabilities with amounts reported by third
parties, would not be considered bookkeeping services. Similarly, preparing financial statements as part of an audit would not
be considered a bookkeeping service. Neither of those services involves processing the entitys transactions or preparing its
accounting records.
8(14)
202.47 Proposing adjustments of an entitys accounting records in connection with an audit also would not be considered a
bookkeeping service. To illustrate, assume that as part of the audit of the financial statements, the auditor proposes journal
entries to capitalize improvements recorded as repairs expense and to charge to expense repairs capitalized as
improvements; to record depreciation calculated using the auditors depreciation software; to convert the carrying amounts of
inventory and cost of sales from amounts determined using the first-in, first-out method to the last-in, first-out method based
on the auditors calculation of indexes and changes in layers; to recognize liabilities for subsequent disbursements; to record
the valuation allowance for customer account balances; and to record the current and deferred income tax provisions. Those
are adjustments of the accounting records prepared by the entity. Accordingly, the authors would not view them as
bookkeeping services and, therefore, would not view them as subject to the Interpretation.
202.48 Since the entity is required to accept responsibility for the fair presentation in the financial statements of financial
position, results of operations, and cash flows in conformity with generally accepted accounting principles, the authors
believe the number of journal entries proposed in connection with an audit is not relevant to whether that is a bookkeeping
service and, therefore, subject to the Interpretation. As a practical matter, however, the entitys accounting records may be in
such poor condition that the auditor cannot perform sufficient procedures to determine the journal entries needed to express
an unmodified (unqualified) opinion. To overcome the scope limitation, bookkeeping services may be performed to bring
those inadequate accounting records into substantial completion so that the auditor can perform sufficient procedures.
202.49 To illustrate, assume that an entity changed accounting software during the year and did not have sufficient controls
in place to ensure the proper transfer of accounting information and since the conversion, totals of subsidiary ledgers have
differed materially from the related general ledger account balances. In that situation, the auditor would be unable to perform
sufficient procedures to determine the journal entries needed to express an unmodified (unqualified) opinion. That scope
limitation could be overcome by having the entity, members of the auditors firm, or a bookkeeping service prepare adequate
accounting records for the period from just prior to the conversion through year-end.
202.50 Auditors who are unable to make a judgment as to whether they are providing bookkeeping services are not
prohibited from concluding that they are providing services subject to the Interpretation and following the Interpretations
requirements.
202.51 Additional Questions in Applying Interpretation 101-3. The following additional questions are likely to arise as auditors
apply the requirements of Interpretation 101-3 (ET 101.05). The responses reflect the authors views on such matters based
on the guidance in the Interpretation and the related nonauthoritative guidance published by the AICPA.
a. Providing Routine Advice to Clients.
QuestionIf a client calls the auditor and asks a technical question, would this be considered a nonattest service for
which ET Interpretation 101-3 would apply?
ResponseNo, routine activities performed by the auditor, such as providing advice and responding to clients
technical questions as part of the normal client relationship, are not considered nonattest services for which ET
Interpretation 101-3 would apply.
b. Inadvertent Noncompliance.
QuestionWhat if the auditor inadvertently fails to comply with the Interpretations requirement to document in
writing the auditors understanding with the client?
ResponseA failure to document the understanding with the client is not considered to impair a members
independence provided such understanding has been established. Rather, such a failure, regardless of whether it
was isolated or inadvertent, would be considered a failure to comply with an ethics standard under Rule 202,
Compliance with Standards.
c. Assessing Whether an Individual Possesses Suitable Skill, Knowledge, or Experience.
QuestionHow does an auditor assess whether a clients designated employee possesses suitable skill,
knowledge, or experience as required by the Interpretation?
ResponseIt is not intended that the client employee possess a level of technical expertise equal to the auditors.
The client employee need only understand the nonattest services enough to be able to provide general direction for
the services; understand the key issues the auditor identifies; make any required management decisions; and
evaluate the adequacy of, and accept responsibility for, the results of the auditors work. The designated individual
fulfills the competency requirement by possessing suitable skills, knowledge, and/or experience based on factors
such as his or her understanding of the service, knowledge of the clients business and industry, general business
knowledge and education, and position at the client. The relative importance of those factors is considered in
relation to the service being performed. The auditor may educate his or her client in order for them to assume these
responsibilities. For example, if the auditor performs routine bookkeeping services for an attest client, he or she
could ensure compliance with the requirements of the Interpretation by reviewing the proposed journal entries with
the client and explaining in general terms how each entry affects the financial statements. The client should then be
in a position to approve the journal entries and accept responsibility for the financial statements.
d. Nonattest Services Performed before the Client Becomes an Attest Client.
QuestionThe practitioner accepts an audit engagement for a client for whom he or she has previously provided
only bookkeeping services. Prior to accepting the audit engagement, the practitioner does not have a written
understanding with the client under Interpretation 101-3 (ET 101.05). Has the practitioner violated the requirements
of the Interpretation?
ResponseNo, the ET 101-3 documentation requirement does not apply to nonattest services performed before the
client becomes an attest client. The auditor would be permitted to prepare the required documentation upon
acceptance of an audit engagement, provided the auditor is able to demonstrate his or her compliance with the
other general requirements during the period covered by the financial statements, including the requirement to
establish an understanding with the client. As a practical matter, practitioners who are initially engaged to only
provide nonattest services but expect to subsequently be engaged to also provide attest services may consider
structuring the engagement so that performance of the nonattest services will not impair independence for the attest
services.
202.52 Illustrative Examples. Independence is much easier to define than to apply. An infinite variety of situations can occur
that raise questions about independence but are not necessarily impairment problems. The following paragraphs provide
several scenarios relating to accounting services in which auditors independence might be impaired. Also included with each
scenario are the authors views (considering the guidance in Interpretation 101-3 and related nonauthoritative guidance)
about whether or not the services are permitted under Interpretation 101-3 (that is, whether or not the services impair the
auditors independence).
Example 2-1: Auditor has authority to sign or co-sign checks.
Scenario: Auditors accept the responsibility of signing or co-signing a clients checks in emergency situations.
Is Independence Impaired? Yes, independence would be impaired because such activities are considered
management functions. Having the authorization to sign or co-sign checks on a clients bank account, even if such
activity is never performed, impairs independence.
Example 2-2: Auditor provides payroll services that include co-signing payroll checks.
Scenario: The auditor provides payroll services for a client that consist of calculating the payroll amounts, preparing
journal entries to record those amounts, preparing and co-signing payroll checks, making electronic payroll tax
payments, and preparing quarterly and annual payroll tax returns.
Is Independence Impaired? Yes, independence would be impaired because signing checks, or having the authority to
sign or co-sign checks, is a management function. Preparation and signing of payroll tax returns and transmitting
payment to a taxing authority does not impair independence as long as the requirements outlined in paragraph 202.40
are met.
Example 2-3: Auditor codes check stubs based on information provided by the client.
Scenario: When performing monthly accounting services for a client, the auditor codes the check stubs (that is,
determines the general ledger accounts to which the disbursements should be recorded and writes the appropriate
account numbers on each check stub) based on the description provided by the client on the check stubs.
Is Independence Impaired? No, independence is not impaired. Normally, coding check stubs will not impair the
auditors independence as long as the client provides sufficient detail to clearly identify the nature of each transaction.
Note that, in some cases, the auditor can determine the nature of a transaction based on the payee (for example, the
electric company, office supply company, etc.). However, the auditor needs to be careful not to assume the role of
management, thereby losing independence with respect to the client.
Example 2-4: Auditor records journal entries in the clients accounting system.
Scenario: An auditor records journal entries in the clients accounting system.
Is Independence Impaired? No, the auditors independence would not be impaired provided that the client
understands the nature and impact of the journal entries. For example, the auditor could provide the client with a
printout of proposed journal entries accompanied by clear explanations, ask the client to review the printout, and then
ask whether the client has any questions about the entries. Although not required, some auditors obtain the clients
written approval of the proposed journal entries by, for example, signing or initialing the journal entries or on a separate
journal entry approval form, such as the one included in this Guide at ASB-CX-12.1.
Example 2-5: Auditor installs pre-packaged accounting software.
Scenario: An auditor installs pre-packaged accounting software, such as QuickBooks, for his or her client and sets up
the chart of accounts and financial statement format defaults.
Is Independence Impaired? No, the auditors independence is not impaired. In its Background and Basis for
Conclusions, the Professional Ethics Executive Committee states that independence is not considered impaired, as this
type of service does not constitute designing a system, provided the auditor does not create or change the source
code(s) underlying the pre-packaged software.
The AICPA has an Ethics Hotline where members of the AICPAs Professional Ethics Team answer questions about
independence and other behavioral issues. The toll-free number for the Ethics Hotline is (888) 777-7077.
202.53 Staff Members on Loan. An independence problem that often arises concerns participation in the audit by staff
members on loan from another firm who have some prior involvement with the client, e.g., providing accounting or other
nonattest services. The AICPAs Code of Professional Conduct (ET 92) defines the term covered member for purposes of Rule
101 on independence. The definition makes clear that the independence requirements apply to all employees and all
contractors participating on the engagement team. (Specialists such as actuaries, appraisers, engineers, environmental
consultants, and geologists who do not directly participate in the audit, and persons performing only clerical functions, such
as typing, are not considered members of the engagement team.) This means that staff on loan from another firm become
covered members for purposes of determining independence, and if they have any relationship to the client that impairs their
independence, the firm engaged to perform the audit is not independent.
202.54 A related question is whether staff on loan from another firm are not independent of the client simply because a
partner of that other firm is not independent of the client. In other words, do the individual staff members of the other firm
carry a taint of nonindependence that arises solely from their regular employment by a firm that is not independent? Ruling
No. 71 (ET 191.142.143) clarifies that the use of the staff will impair independence, but that the use of the work of such
individuals in a manner similar to internal auditors is permissible provided that there is compliance with the Statements on
Auditing Standards. An auditor may make use of internal auditors to provide direct assistance in performing an audit as long
as the auditor (a) supervises, reviews, evaluates, and tests their work appropriately and (b) exercises his own judgment on
matters such as sufficiency of tests and materiality of misstatements. To be in conformity with Ruling No. 71, the authors
recommend that staff members on loan from a nonindependent firm be treated analogously to internal auditors. As long as
there is proper supervision of their work, their participation in the engagement generally will not create an independence
problem.
202.55 Unpaid Fees. An auditors independence can be impaired by unpaid fees. Specifically, Ruling No. 52 (ET
191.103.104) states that an auditors independence will be considered impaired if fees (billed or unbilled) or a note
receivable arising from such fees for professional services rendered more than one year prior to the date of the current years
report remain unpaid when that report is issued. (While Ruling No. 52 does not indicate that the unpaid fee needs to be of a
certain amount before it impairs independence, the authors believe that amounts that are clearly inconsequential would not
impair independence.) An accounts receivable aging may be reviewed periodically to monitor past due accounts. Auditors
need to ensure that all prior years fees are collected before the current years report is issued. In addition, if prior year fees
are unpaid, auditors need to consider the reasons why the fees might remain unpaid. Chances are that if past fees have not
been paid, future fees will also not be paid. Consequently, auditors ought to seriously consider not accepting a new client or
continuing an existing engagement if prior year fees are unpaid.
202.56 Client Employee. When an individual in the immediate family of an engagement team member is employed by the
client, independence violations can occur. However, Interpretation 101-1 (ET 101.02) of Rule 101 includes an exception
specifically allowing individuals in a covered members immediate family (spouse or dependent) to be employed by a client in
a position other than a key position. A key position includes one involving:
primary responsibility for significant accounting functions that support material financial statement components,
primary responsibility for financial statement preparation, or
the ability to exercise influence over financial statement content (such as by being a clients president; controller; or
chief executive, financial, operating, or accounting officer).
202.57 There are also independence concerns when a former auditor becomes an employee of a client. The primary
concerns are that auditors who leave the CPA firm to work for a client have close relationships with the engagement team,
know the audit approach, and could potentially circumvent audit tests. In addition, junior engagement team members might
have great respect for the former auditor and might not be able to objectively question him or her. According to Ethics
Interpretation 101-2 (ET 101.04), Employment or Association with Attest Clients, a firms independence will be considered to
be impaired when a former auditor becomes a key employee of a client unless all of the following conditions are met:
Amounts due the former auditor for his or her previous interest in the firm and for unfunded, vested retirement
benefits are not material to the firm, and the formula used to calculate the payout benefits is not variable.
The former auditor is not in a position to influence the firms operations or financial policies.
The former auditor does not participate or appear to participate in the firm once employment with the client has
commenced.
The audit engagement team considers the appropriateness of modifying the audit engagement procedures to
compensate for the risk that audit effectiveness could be reduced by the former auditors knowledge of the audit
plan.
The firm assesses whether the audit engagement team members have the appropriate experience and status to
effectively deal with the former auditor, if he or she will significantly interact with the audit team.
The audit workpapers are reviewed to ensure the engagement team maintained an appropriate level of skepticism
when evaluating the representations and work of the former auditor.
202.58 Financial Interests. An auditor who has a direct or material indirect financial interest in a client is not considered to
be independent. Similarly, auditors who have a material financial interest in nonclients related to clients through common
control or joint ventures are not considered to be independent.
202.59 Other Independence Requirements. Regulatory agencies, certain state CPA societies, and state boards of
accountancy may have established independence requirements applicable to CPAs under their jurisdiction that are more
restrictive than those of the AICPA. An auditor should, therefore, be aware of applicable requirements before accepting an
engagement.
Meeting Other Professional Standards and Requirements
202.60 Technical Expertise and Available Resources. Rule 201 of the AICPA Code of Professional Conduct indicates that
a firm should only undertake an engagement that can be reasonably expected to be completed with professional
competence. Before accepting a new engagement, therefore, an auditor considers whether resources available to the firm are
sufficient to meet the requirements of the engagement, including matters such as:
9(15)
a. Availability and qualifications of staff.
b. Locations to be covered.
c. Specialized accounting or auditing skills or knowledge needed.
An auditor does not have to possess all of the skills and knowledge that might be necessary to complete an audit before
accepting an engagement. However, it is a good idea to consider resources that will be needed for successful completion
before acceptance. In unusual cases, an auditor might want to seek the assistance of other auditors on an agency or
consulting basis. Participation of others may range from availability to provide advice, all the way to active participation in
parts of the engagement. However, if auditors from another firm participate in the engagement, it is important to consider
possible independence and objectivity issues. (See paragraphs 202.53 and 202.65.)
202.61 SQCS No. 8 (QC 10), A Firms System of Quality Control, requires firms to adopt quality control policies and
procedures that provide reasonable assurance that the engagement partner (or other individual responsible for supervising
the engagement and signing or authorizing someone else to sign the auditors report) has the necessary competencies for
the engagement. The necessary competencies will vary depending on the client, industry, or type of service being provided.
The quality control policies and procedures should also require that the engagement partner have the appropriate
capabilities, authority, and time to perform the role. Policies and procedures may include systems to monitor the workload
and availability of engagement partners so as to allow these individuals to have sufficient time to adequately perform their
responsibilities.
202.62 Condition of the Financial Reporting System. A company does not need a sophisticated financial reporting system
with elaborate internal controls to be auditable. In fact, one of the characteristics of many smaller businesses is limited
segregation of duties and functions within the financial reporting system. This usually precludes the degree of formalization of
accounting records and controls expected in a large company. However, the financial reporting system of even a small
business has to be sufficient to provide evidence to support that transactions have occurred and that all of them that need to
be recorded are, in fact, recorded.
202.63 For these reasons, an auditor needs to find out enough about the financial reporting system to consider whether an
audit is feasible before agreeing to do one.
10(16)
The knowledge of the financial reporting system needed for this purpose is
far less than is necessary to understand the entity and its environment and assess the risks of material misstatement as
discussed in Chapter 3. Essentially an auditor is concerned with what kind of formal financial reporting system exists and
whether there is sufficient use of documents and accountability for them to permit the application of audit procedures. Client
staff qualifications are also important because underqualified or overworked staff may be unable to provide the auditor with
the information needed to complete the engagement. Due to the condition of the financial reporting system, the auditor may
decide not to accept the client or engagement. In other situations, the auditor may determine that an audit can be performed,
but it is unlikely that an unmodified (unqualified) opinion can be expressed. See discussion on scope limitations in paragraph
202.6.
202.64 Integrity and Objectivity. Articles III and IV of the AICPA Code of Professional Conduct define integrity, objectivity,
and independence. According to the standards, members should perform professional responsibilities with integrity and
objectivity and should remain independent when performing auditing and attestation services.
202.65 Revised Ethics Ruling No. 112 (ET 191.224.225) under Rule 102, Integrity and Objectivity, requires that clients be
informed, preferably in writing, if the audit firm will outsource professional services to a third-party service provider. If the audit
firm intends to use a third-party service provider (that is, an entity not controlled by the audit firm or an individual not
employed by the audit firm), to perform portions of the audit, the client should be informed before confidential information is
shared with the service provider. If the client objects, the auditor should perform the services without using the third party or
should decline the engagement. The ethics ruling applies when another party is used, for example, to audit an element,
account, or item of the financial statements, to observe inventory, or to act as a specialist. The authors believe the ruling does
not apply when another audit firm performs a separate engagement, the results of which will be used by the auditor, for
example, when another firm audits a subsidiary or equity method investee. In addition, the client is not required to be
informed when a third party is used only for administrative support services, such as record storage or software application
hosting. The engagement letter at ASB-CL-1.1 includes suggested language that can be used to inform the client. Ethics
Ruling No. 1 (ET 391.001.002) under ET Section 300, Responsibilities to Clients, requires a contractual agreement between
the audit firm and the service provider to maintain the confidentiality of client information. This rule also requires members to
be reasonably assured that the service provider has procedures in place to prevent the unauthorized release of confidential
information.
202.66 SQCS No. 8 (QC 10), A Firms System of Quality Control, reiterates that the AICPA Code of Professional Conduct
establishes the fundamental principles of professional ethics.
11(17)
Those principles include:
Responsibilities.
The public interest.
Integrity.
Objectivity and independence.
Due care.
Scope and nature of services.
SQCS No. 8 requires firms to establish policies and procedures designed to provide reasonable assurance that the firm and
its personnel comply with relevant ethical requirements. PPCs Guide to Quality Control provides a detailed discussion of the
AICPAs quality control standard requirements.
202.67 Adequacy of Fees. The auditor needs to consider how low the fee is likely to have to be to obtain the engagement,
all else being equal, and, on that basis, consider whether the engagement is worth pursuing or accepting. To estimate
profitability, the auditor needs to obtain information about the scope of the engagement; condition of the financial reporting
system; required completion dates, such as whether the audit would occur in a slow period when staff otherwise would not be
incurring billable hours; provision for interim payments; and actual hours incurred on prior audits. A significant consideration
in determining fee adequacy is the likelihood the engagement will be renewed for a specific number of years with provision for
fee increases (or expected increased efficiencies) for subsequent years. In such cases, the auditor can evaluate fee adequacy
over an extended period.
202.68 Opportunity for Practice Development. An auditor might consider a potential engagement worth pursuing or
accepting in spite of the fee level if the accounting firm wishes to develop experience, expertise, and reputation in the industry
area as a basis for securing other engagements in that industry. Also, as previously mentioned, an accounting firm with a
highly seasonal audit or tax practice can benefit from improved staff utilization on an engagement that occurs during the
accounting firms slack season.
202.69 Specialized Procedures When Using the Work of Another Accountant. AU-C 600 provides guidance when
another auditor audits a division, branch, or subsidiary that is consolidated (either by a full consolidation or by the equity
method) into the financial statements audited by the group auditor. According to AU-C 600.22, when the group auditor makes
use of the work and report of another auditor, whether reference to the other auditor is or is not made, the group auditor is
required to obtain an understanding of the following:
a. Whether the component auditor understands and will comply with ethical requirements, in particular independence.
b. The component auditors professional competence.
The group auditor is also required to request communication from the component auditor indicating that he or she has
complied with relevant ethical requirements, including independence and professional competence. Thus, regardless of
whether the grpi[ auditor decides to make reference to the other auditor, an independence representation is
necessary.
12(18), 13(19)
(See ASB-CL-14.1, ASB-CL-14.6, and ASB-CL-14.7 for sample independence confirmation
requests.)
202.70 It must be acknowledged that AU-C 600 only applies to audits of group financial statements. AU-C 600 does not
apply to engagements where another auditor performs procedures on financial statements that are not group financial
statements. For example, if another auditor was engaged to observe inventory at an off-site location, AU-C 600 would not
apply, and technically the requirements set forth in paragraph 202.69 are not mandatory. However, the authors recommend
complying with the requirements of AU-C 600 whenever the work of another auditor is used.
202.71 Despite the lack of applicability of AU-C 600 to other auditors who perform procedures on financial statements that
are not group financial statements, it is doubtful that the auditor can justify not assuming full responsibility for the work of the
other auditor. Said another way, the other auditor who observes inventory is nothing more than a temporary member of the
engagement team. Accordingly, as a team member, the other auditor would be subject to quality control requirements even
though AU-C 600 technically does not apply. Therefore, the firm should have a quality control procedure that requires the
independence of another auditor to be confirmed any time another auditor is used, regardless of that use. The confirmation
should also consider the other auditors integrity (for example, based on the other auditors professional reputation). (See
ASB-CL-14.5 for a sample confirmation request.) In addition, the requirements of Ethics Ruling 112 under Rule 102, Integrity
and Objectivity (ET 191.224.225), which applies to the use of third-party service providers, may apply. See the discussion at
paragraph 202.65.
Engagement Acceptance Forms
202.72 Before accepting an engagement, some firms find it useful to complete checklists that summarize relevant
considerations. ASB-CX-1.1, Engagement Acceptance and Continuance Form, and ASB-CX-17.1, Client Billing
Information, are two checklists that can be used for this purpose. The authors recommend that the firm formally document
the acceptance decision-making process. Information gathered in the client acceptance process is considered when
identifying risks that could result in material misstatement of the financial statements. Therefore, when performing client
acceptance (and continuance) procedures, the auditor is alert for risks that could result in misstatements at the financial
statement level and at the relevant assertion level for classes of transactions, account balances, and disclosures. If the auditor
makes a decision to accept the engagement, those risks are considered on ASB-CX-3.1, Understanding the Entity and
Identifying Risks. Chapter 3 discusses risk assessment procedures; Chapter 4 discusses the process of assessing risks of
material misstatement.
Annual Evaluation for Continuing Engagement
202.73 The annual evaluation of clients and engagements generally is performed as part of the planning process for
continuing engagements. SQCS No. 8 and AU-C 220.14 require the firm to assess its continuing association with a client and
the engagement. The continuing auditor may consider the topics discussed in this section when reassessing the desire and
ability to retain the engagement. This reassessment is especially important if there has been a high degree of turnover in key
management positions. Other reasons to reevaluate whether to continue serving the client include significant changes in
ownership, financial condition, litigation status, nature of business, scope of the engagement, or other considerations that
would have caused the auditor to reject the client had the conditions existed at the time of the original acceptance. Moreover,
general economic conditions, industry risk factors, and other considerations may have changed since the initial client
acceptance decision. The assessment also considers matters such as (a) being aware of potential legal liability risks, (b)
avoiding conflict of interest problems, and (c) monitoring compliance with independence rules.
202.74 If the firm obtains information that would have caused it to decline an engagement had that information been available
previously, SQCS No. 8 (QC 10.30) notes that policies and procedures on continuance of the engagement and the client
relationship should include consideration of (a) the professional and legal responsibilities that apply to the circumstances and
(b) the possibility of withdrawing from the engagement or from both the engagement and the client relationship. In addition,
AU-C 220.15 requires the engagement partner to notify the firm promptly whenever information is obtained that would have
caused the firm to decline the engagement, so appropriate action can be taken. As part of making a withdrawal decision, the
firm considers whether there is a requirement to report the withdrawal decision to regulatory authorities. For those
engagements that will be continued, auditors consider whether their engagement continuance procedures provide
information that may be relevant in identifying risks of material misstatement due to error or fraud, as discussed in Chapter 3.
202.75 Once a client relationship has been established, the firm has more objective information to use in evaluating and
reassessing the conclusions reached for each factor considered when the initial client acceptance decision was made. The
review of factors affecting the continuance decision is made in light of the increased knowledge about the client obtained from
the prior audit(s) and consideration of changes that have occurred since the prior audit. This review generally is performed at
the beginning of an engagement to ensure that no circumstances have occurred since the last engagement that would cause
the firm to discontinue providing services to the client. A decision to discontinue services to a client generally is made before
work commences on the engagement.
202.76 The continuance decision may be documented by signing off the appropriate program step in the Audit Program for
General Planning Procedures at ASB-AP-1. The sign-off generally is done during the planning stage of the current year
engagement. The step instructs the auditor to complete or update the Engagement Acceptance and Continuance Form at
ASB-CX-1.1. Completion of ASB-CX-1.1 satisfies the professional requirements related to acceptance and continuance of
client relationships and specific engagements. In addition, information gathered in the client continuance process is
considered when identifying risks as noted in paragraph 202.72.
203 ESTABLISHING TERMS OF THE ENGAGEMENT
203.1 After a new or continuing engagement has been accepted, AU-C 210.09.10 states that the auditor should agree upon
the terms of the audit engagement with management or those charged with governance, as appropriate, and document that
agreement in an audit engagement letter or another form of written communication. Because the authoritative standards in
effect as of the date of this Guide require the use of an engagement letter and practice has been to obtain such a letter, the
process in this Guide assumes the use of an engagement letter (rather than another form of agreement). (Communicating
with those charged with governance is more fully discussed in section 1815.) The issuance of an engagement letter may
reduce the business risk to the auditor by clarifying the responsibilities of each party and the objectives and limitations of the
engagement.
Documenting the Understanding with the Client
203.2 AU-C 210.10 indicates that the engagement letter should include the following:
The objective and scope of the engagement.
Managements responsibilities.
The auditors responsibilities.
A statement that due to the inherent limitations of an audit, there is a risk that a material misstatement may not be
detected.
Identification of the applicable financial reporting framework.
Reference to the expected form and content of reports to be issued by the auditor and a statement that
circumstances may occur in which a report may differ from its expected form and content.
203.3 As discussed in section 202, one of the preconditions for an audit to is to obtain the agreement of management that
they acknowledge and understand their responsibilities. That agreement generally is obtained through the use of an
engagement letter.
203.4 The more specific matters that generally are included in engagement letters are as follows:
The Objective and Scope of the Engagement (i.e., the expression of an opinion on the financial statements).
Managements Responsibilities. Management is responsible for:
The financial statements and the selection and application of accounting policies;
Establishing and maintaining effective internal control over financial reporting;
Identifying and ensuring compliance with applicable laws and regulations;
The design and implementation of programs and controls to prevent and detect fraud;
Informing the auditor about all known or suspected fraud affecting the entity involving (1) management, (2)
employees who have significant roles in internal control, and (3) others where the fraud could have a material
effect on the financial statements;
Informing the auditor about their knowledge of any allegations of fraud or suspected fraud affecting the entity
received in communications from employees, former employees, regulators, or others;
Making all financial records and related information available to the auditor;
Providing unrestricted access to persons within the entity from whom the auditor determines it necessary to
obtain audit evidence;
Providing the auditor with a letter confirming certain representations made during the audit; and
Adjusting the financial statements to correct material misstatements and providing the auditor with a
representation that the effects of any uncorrected misstatements are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole.
Supplementary Information. Under AU-C 725, if the auditor was engaged to report on supplementary
information in relation to the financial statements as a whole, management should acknowledge and
understand that it is responsible for (a) preparing the supplementary information, (b) providing the auditor with
written representation concerning the supplementary information, (c) including the auditors report on the
supplementary information in any document that both contains the supplementary information and indicates
the auditor has reported on the supplementary information, and (d) either presenting the supplementary
information with the audited financial statements or, if the supplementary information will not be presented,
making the audited financial statements readily available to users of the supplementary information no later
than the date the supplementary information and auditors report thereon are issued.
Management also has certain responsibilities when the auditor provides nonattest services, such as bookkeeping or
tax return preparation. See the discussion beginning at paragraph 202.33.
The Auditors Responsibilities. The auditor is responsible for:
Conducting the audit in accordance with generally accepted auditing standards and
Ensuring that those charged with governance are aware of internal control related matters that are required to
be communicated under professional standards. (The communication of internal control related matters is
discussed in Chapter 18.)
The Limitations of the Engagement. The limitations of an audit conducted in accordance with generally accepted
auditing standards generally include that:
An audit is designed to obtain reasonable rather than absolute assurance about whether the financial
statements are free of material misstatement, whether caused by error or fraud (i.e., a material misstatement
may remain undetected);
An audit is not designed to detect immaterial errors or fraud;
The auditor may decline to express an opinion or to issue a report if he or she is unable to complete the audit
or to form an opinion; and
An audit is not designed to provide assurance about internal control or to identify deficiencies in internal
control.
In addition, auditors may include other matters as part of the understanding with the client. Some of the other matters auditors
may want to include are discussed beginning in paragraph 203.10.
Reasons for an Engagement Letter
203.5 When an auditor agrees to provide services to a client for a fee, a contract is created. The engagement letter allows the
auditor to reduce that contract to writing. Furthermore, engagement letters are an excellent tool for educating clients about
their own responsibilities and those of the auditor. If an engagement letter is properly written and explained to the client, it can
eliminate many misconceptions that business clients frequently have, such as about who has responsibility for the financial
statements.
203.6 The overriding reason to use an engagement letter is to fulfill the requirements under AU-C 210 (as discussed
beginning at paragraph 203.1) but it also helps to avoid misunderstandings with the client and the disagreements and
disputes that such misunderstandings can cause. The following additional reasons for using an engagement letter are
generally recognized:
a. To document the contractual duties agreed to by an auditor and client.
b. To protect an auditor from legal liability. In todays litigious environment, it is important that there is no
misunderstanding about the work to be performed, the clients responsibility for the financial statements, fees,
payment terms, etc.
c. To provide the staff assigned to the audit with an understanding of the work that is required.
203.7 Engagement letters are most effective when the client signs them before any services are rendered. AU-C 210.09
states that auditors should agree upon the terms of the engagement with management or those charged with governance, as
appropriate. Depending on the structure of the entity, the engagement letter may be addressed to management, those
charged with governance, or both. However, because one of the preconditions for an audit is to obtain agreement from
management that it acknowledges and understands its responsibilities, the authors believe management should always be
included. In addition, AU-C 260 states the auditor should communicate with those charged with governance the auditors
responsibilities with regard to the financial statement audit and the planned scope and timing of the audit. Those items can be
communicated through an engagement letter or separate communication. In most cases, the authors believe the items are
communicated through an engagement letter. Therefore, to accomplish all of the previously discussed objectives, the authors
recommend that the engagement letter be addressed to both management and those charged with governance. If there is no
separate group charged with governance (owner/manager), then the letter would only be addressed to management. If the
auditor chooses to communicate with those charged with governance in a separate communication, ASB-CL-5.1,
Communication with Those Charged with Governance during Planning provides a drafting illustration that can be used to
communicate such planning matters. See paragraph 202.15 and section 1815 for further discussion about communicating
with those charged with governance.
203.8 Overcoming Client Resistance. An auditor may encounter client resistance to an engagement letter in some
situations, particularly for smaller business engagements. The following steps usually can overcome anticipated client
resistance:
a. Explain that engagement letters are required for all audits.
b. Explain the reasons for an engagement letter and that it also benefits management.
c. Review the letter with the client personally. Explain that the engagement letter is intended to help the client fully
understand exactly what the auditor is doing. It lists any limitations of the auditors services so that the client will not
allow important functions to fall between the cracks.
Suggested Content of Engagement Letter
203.9 Drafting of engagement letters has been largely an individual undertaking. Because the engagement letter is
essentially a service contract, some auditors consult their attorneys when drafting it. In preparing the engagement letter, the
auditor considers the particular client circumstances, including the extent of screening prior to accepting the engagement, the
perceived riskiness of the engagement, client attitudes and expectations, etc. The auditor also balances the desire for
provisions that afford some protection against liability with potential adverse client reaction to language deemed too negative
or defensive. Section 204 further discusses the use of the engagement letter to limit liability.
203.10 Items that should be included in an engagement letter are discussed in paragraphs 203.2.3. Other key elements
commonly included in most engagement letters are:
a. Identification of the client.
b. Timing of the engagement.
c. Client assistance regarding the preparation of schedules.
d. Use of third-party service providers.
e. Explanation of how fees and expenses will be billed and payment terms.
f. Provisions related to suspension or termination of services.
g. Client signature.
203.11 Additional items that may be discussed in the engagement letter include responding to subpoenas and outside
inquiries requesting access to the auditors workpapers, limitations on the auditors legal liability (see section 204),
staffing,
14(20)
designation of client contacts, record retention, availability of documents, use of specialists or internal
auditors, arrangements involving predecessor auditors, alternative dispute resolution (see section 204), and requests for
additional services. [The documentation requirements under Interpretation 101-3 of the AICPAs Code of Professional
Conduct (ET 101.05) are discussed beginning in paragraph 202.33.] Using the engagement letter to improve client assistance
is discussed beginning in paragraph 203.13.
203.12 Additional services may be added to an engagement after the engagement has begun. When clients request
additional services, misunderstandings can be avoided by sending a letter or change order to the client detailing any
agreed-upon changes in fees and services. The letter or change order may indicate that the terms of the original engagement
letter apply to the additional services. See ASB-CL-1.2 for an engagement letter change order form when circumstances
necessitate additional procedures. If such a change order is used, the auditor considers whether the additional services are
nonattest services under Ethics Interpretation 101-3, Performance of Nonattest Services. If nonattest services are added to the
engagement, the auditor needs to meet the requirement in ET Interpretation 101-3 to document the understanding with the
client regarding performance of the nonattest services. If the scope of agreed-upon services changes significantly, the auditor
may want to consider issuing a separate engagement letter to cover the additional services.
Using the Engagement Letter to Improve Client Assistance
203.13 A key to effectively using client assistance to improve audit efficiency is to obtain an understanding with the client
about the level of assistance to be provided. Most clients are interested in providing assistance to the auditor in order to
minimize their audit fees. However, it is still important to make sure the client understands the nature and extent of the
assistance to be provided. To aid in this understanding, many firms include language in the engagement letter that discusses
the nature of assistance to be provided by the client and include the list of schedules to be prepared by the client as an
attachment to the engagement letter. By signing the acknowledgment of an engagement letter that includes such language
and an attached PBC list, the client is agreeing to provide the stated level of assistance. This agreement can be used by the
auditor as a basis for billing additional fees if the client fails to provide the agreed-upon assistance. Alternatively, ASB-CL-12.6,
Client Assistance Request Letter, can be used to request client assistance for the preparation of audit schedules, analyses,
confirmations, and other items that the auditor may request in connection with the performance of audit procedures.
203.14 The following is an example of a clause the firm can include in the engagement letter to address a situation where the
client does not provide the assistance initially committed:
We will schedule the engagement based in part on the availability of your key personnel, deadlines, and
working conditions. We will plan the engagement based on the assumption that your personnel will
cooperate and provide assistance by performing tasks such as preparing requested schedules (which are
listed in Appendix A), retrieving supporting documents, and preparing confirmations. If for whatever reason
your personnel are unavailable to provide the necessary assistance in a timely manner, it may substantially
increase the work we have to do to complete the engagement within the established deadlines, resulting in
an increase in fees over our original fee estimate.
203.15 In addition to the language in the preceding paragraph, some firms add the following language noting that the firm
will request written permission from the client before performing additional procedures necessitated by the clients failure to
provide the agreed-upon level of assistance:
We will not undertake any accounting services (including but not limited to reconciliation of accounts and
preparation of requested schedules included in Appendix A) without obtaining approval through a written
change order (Appendix B) for such additional work.
Presenting the client with a written change order may not result in the auditor billing additional fees. Instead, it may prompt the
client to provide the requested level of assistance. Either way, the firm is better off by either billing additional fees or avoiding
performing procedures for which it will not be compensated. ASB-CL-1.2 presents a drafting form for a written change order.
As noted in paragraph 203.12, if such a change order is used, the auditor considers whether the additional services are
nonattest services under Ethics Interpretation 101-3, Performance of Nonattest Services (ET 101.05).
Multi-year Engagement Letters
203.16 AU-C 210.10 requires the auditor to establish an understanding with the client for each engagement and to document
that agreement in an audit engagement letter. However, this does not preclude the use of engagement letters that cover more
than one year of services (for example, audits for the next three years). Some auditors have adopted the practice of including
provisions in their engagement letters that cover each annual engagement unless subsequently modified. These auditors
obtain a letter in the first year of a client relationship and do not require a new letter in each subsequent year. While this is a
legally permissible practice, it is not advisable from a loss limitation standpoint because a clients operations change over the
years, as can the scope of an auditors engagement. In addition, outdated engagement letters might omit many of the legal
protection clauses available to the auditor as discussed in section 204. In other situations, older engagement letters may not
reflect recent developments that are required by professional standards or regulatory bodies. The authors recommend
obtaining a new engagement letter each year. Obtaining a new letter each year forces the auditor to focus on the scope of
services that it will be providing. If a multi-year engagement letter is used, however, auditors may document consideration of
the understanding with the client in each year by signing-off the engagement letter step in the Audit Program for General
Planning Procedures at ASB-AP-1. Additionally, for audits of financial statements for periods ending on or after December
15, 2012, the auditor should assess each year whether circumstances require that the terms of the engagement letter be
revised. If the auditor does not issue a new engagement letter, he or she should remind management of the terms of the
engagement. That reminder, which may be either written or oral, should be documented. (AU-C 210.13)
Sample Engagement Letter
203.17 ASB-CL-1.1 presents a sample engagement letter with suggested wording for many of the topics discussed beginning
in paragraph 203.10.
Change in the Terms of an Audit EngagementPeriods Ending on or after December 15, 2012
203.18 AU-C 210.14 states that an auditor should not agree to a change in the terms of an engagement unless there is a
reasonable justification for doing so.
203.19 Change in the Level of Service. A client may request a change in the level of service (for example, from an audit to a
review) after an audit engagement has begun, due to:
A change in circumstances affecting the entitys requirement for an audit.
A misunderstanding as to the nature of an audit.
Both of those may be acceptable reasons for a change in the level of service and are considered a change in the terms of an
engagement.
203.20 Appendix 2F of PPCs Guide to Compilations and Review Engagements provides steps an auditor could take if they
were engaged to audit financial statements and the client requests a change in the level of service.
203.21 Unacceptable Change in the Level of Service. A restriction on the scope of the audit, whether imposed by the client
or caused by circumstances, generally is an unacceptable reason for a change in the level of service. Unless a reasonable
justification for a change in the terms of the engagement exists, the auditor should not agree to the change (AU-C 210.14). A
change may not be considered acceptable if it relates to information that is incorrect, incomplete, or otherwise unsatisfactory.
Examples where a change in the terms of the engagement may not be reasonable include when the auditor has been
prohibited from corresponding with the entitys legal counsel for purposes of obtaining evidence on litigation, claims, and
assessments; management (or owner) has refused to sign a client representation letter in connection with the audit; or the
auditor is unable to obtain sufficient, appropriate audit evidence and management asks for the change in terms of the
engagement to avoid a qualified opinion on the financial statements.
203.22 If the auditor concludes that there is not a reasonable justification for the change and management of the entity will
not permit the audit to continue, he or she should withdraw from the engagement, communicate the circumstances to those
charged with governance, and determine whether or not to report the circumstances to other parties, such as owners or
regulators (AU-C 210.17).
203.23 Change in Financial Reporting Framework. As discussed in section 202, as a precondition for an audit, the auditor
should determine whether the financial reporting framework to be applied in the preparation of the financial statements is
acceptable. During the audit, the auditor may determine that the framework used by the client is not acceptable. If
management decides to adopt another framework that is acceptable, the previously agreed-upon terms of the engagement
have changed (AU-C 210.A8).
203.24 Document Change in the Terms of an Engagement. If there is a reasonable justification for a change in the terms of
the engagement, the auditor and management should agree on and document that agreement in an engagement letter or
another form of written communication (AU-C 210.16).
Early Communication with Those Charged with Governance
203.25 As discussed more fully in section 1815, the communication with those charged with governance needs to be
sufficiently timely to enable those charged with governance to take appropriate action. The auditor should communicate
certain matters, such as auditor responsibility and the planned scope and timing of the audit, early in the engagement, or for
an initial engagement, as part of the terms of the engagement. ASB-CL-5.1, Communication with Those Charged with
Governance during Planning, provides a drafting illustration that can be used to communicate with those charged with
governance during the planning phase of the audit. As noted in paragraph 203.7, if the required matters are included in the
engagement letter, and the engagement letter is sent to those charged with governance, ASB-CL-5.1 does not need to be
sent.
204 USING THE ENGAGEMENT LETTER TO LIMIT LIABILITY
204.1 In addition to meeting professional requirements, the engagement letter is a business device for the auditors
protection. Consequently, the drafting of an engagement letter is largely an individual undertaking. A well-worded
engagement letter, describing the nature, extent, and limitations of the services to be provided in a way the client
understands, can greatly reduce the likelihood of developing an expectation gap. This section discusses some of the
methods auditors use to limit their liability through the engagement letter. However, a word of caution is in order. Auditors
need to balance their desire for provisions that afford some protection against liability with potential adverse client reaction to
legal protection clauses deemed too negative or defensive. An attorney may be consulted to determine the true benefit of a
specific provision in a particular situation.
Legal Protection Clauses
204.2 Loss Limitation and Indemnification Clauses. Some CPA firms include provisions in their engagement letters
attempting to limit the firms legal liability. Examples of such provisions include:
A limitation on the damages a firm may have to pay for negligent errors or omissions. (See paragraph 204.5.)
A release from liability if the firm fails to detect misstatements in the financial statements as a result of
misrepresentations made by management. (See paragraph 204.6.)
Indemnification by the client for amounts the firm may have to pay to third parties if misstatements are not detected
as a result of misrepresentations made by management. (See paragraph 204.8.)
204.3 AICPA Ethics Ruling No. 94 under Rule 101 (ET 191.188189) states that such clauses do not impair an auditors
independence. In September 2005 and September 2006, the AICPAs Professional Ethics Executive Committee (PEEC)
issued exposure drafts containing proposed ethics interpretations under Rule 101, Independence, addressing the impact that
certain indemnification and limitation of liability provisions may have on a members independence when included in
engagement letters or other client agreements. As a result of the diverse feedback received on these proposals, PEEC
decided not to issue a revised proposal under Rule 101. Instead, they issued an interpretation under Rule 501, Acts
Discreditable, reminding members that some regulators (including the SEC) prohibit the use of indemnification and limitation
of liability provisions, and that entering into such an agreement with a client that is subject to the regulators requirements
would be considered an act discreditable to the profession.
15(21)
Ethics Interpretation 501-8 (ET 501.09), Failure to Follow
Requirements of Governmental Bodies, Commissions, or Other Regulatory Agencies on Indemnification and Limitation of
Liability Provisions in Connection with Audit and Other Attest Services, requires members to comply with the requirements of
such regulators on the use of these provisions when providing audit or other attest services that are required by such
regulators. PEEC has indicated that the committee will continue to monitor events on this subject both nationally and
internationally and consider what, if any, additional guidance may be appropriate.
204.4 In addition to the matters discussed in paragraph 204.3, there is the question of whether loss limitation and
indemnification clauses would be enforced by a court and, if enforced, how they would be interpreted. Consequently, caution
needs to be exercised when an auditor considers using indemnification or limitation of liability provisions. The authors
recommend that auditors consult with their legal counsel and insurance carrier when assessing such language in the
engagement letter. The following paragraphs discuss each type of loss limitation and indemnification clause listed in
paragraph 204.2. ADR clauses are discussed beginning in paragraph 204.25.
204.5 One type of indemnification provision attempts to limit the damages that the firm may be required to pay. The wording
may limit damages to fees paid or a small multiple of the firms fees in conjunction with the engagement or to some specified
dollar amount. While some clients may raise a question about the inclusion in an engagement letter of a cap on damages
limited to fees paid, use of such a clause is typically met with little resistance. Client acceptance of the clause is particularly
favorable when gross negligence and willful misconduct is not excluded. In addition, the auditor can point to the fact that such
limitations are commonly employed in most commercial agreements. The following is an example of language that might be
used in this case:
You agree that our maximum liability to you for any negligent errors or omissions committed by us in the
performance of the engagement will be limited to [three times] the amount of our fees for this engagement,
except to the extent determined to result from our gross negligence or willful misconduct.
204.6 Some firms currently include provisions in their engagement letters requiring the client to release them from all losses
resulting from knowing misrepresentations made to the firm by members of the clients management. Such clauses
specifically address circumstances in which members of client management knowingly provide false or misleading
representations in connection with the services performed. For example, the company would be prevented from recovering
alleged losses from the auditor when the auditor fails to detect a material misstatement in the financial statements resulting
from the intentional acts of management that were concealed by management misrepresentations to the auditor. In other
words, the company bears the economic consequences of managements lying to the auditor. This type of clause has been
upheld by at least one court. The following is an example of language that might be used to release the auditor from claims
resulting from knowing misrepresentations made by the clients management:
During the course of our engagement, we will request information and explanations from management
regarding the companys operations, internal controls, future plans, specific transactions, and accounting
systems and procedures. At the conclusion of our engagement, we will require, as a precondition to the
issuance of our report, that management provide certain representations in a written representation letter.
The procedures we will perform in our engagement and the conclusions we reach as a basis for our report
will be heavily influenced by the written and oral representations that we receive from management. In view
of the foregoing, the company agrees to release our firm and its personnel from any liability and costs
relating to our services under this letter resulting from knowing misrepresentations made to us by any
member of the companys management.
204.7 Some auditors may contend that the preceding legal protection is fundamentally inconsistent with the responsibility of
the auditor to detect material misstatements due to fraud. However, it is important to recognize that the legal protection
offered by any engagement letter clause does not change the auditors responsibility under generally accepted auditing
standards, nor does it change the scope of the auditors work. Therefore, procedures aimed at corroborating managements
representations are necessary within the context that the auditors fraud detection responsibility is not a guarantee, but rather
is limited by the concept of reasonable assurance. As an alternative, the auditor may elect to add the following sentences in
place of the last sentence of the clause illustrated at paragraph 204.6:
Accordingly, false representations could cause us to expend unnecessary efforts or could cause a material
error or a fraud to go undetected by our procedures. In view of the foregoing, you agree that we shall not be
responsible for any misstatements in the companys financial statements that we may fail to detect as a
result of knowing misrepresentations that are made to us by management.
204.8 An auditor may wish to limit or eliminate liability to third parties through indemnification provisions. When a third-party
indemnification clause is deemed necessary and appropriate, it is usually included after the clause discussed beginning at
paragraph 204.6. For example, a sentence could be added to the end of the clause illustrated at paragraph 204.6, as follows:
In addition, the company further agrees to indemnify and hold us harmless for any liability and all
reasonable costs, including legal fees, that we may incur as a result of the services performed under this
engagement in the event there are knowing misrepresentations made to us by any member of the
companys management.
204.9 Time Limitation Clauses. Some firms have attempted to limit their liability by including a provision requiring that all
claims, with respect to services, be asserted within a specified period of time, such as one year from the date the subject
services were performed.
16(22)
This type of provision may protect the firm from a substantial portion of claims arising out of
defalcations. A sample of this provision follows:
Because there are inherent difficulties in recalling or preserving information as the period after an
engagement increases, you agree that, notwithstanding the statute of limitations of the State of [Fill in
clients state of domicile.] , any claim based on this engagement must be commenced within [12]
months after performance of our service, unless you have previously provided us with a written notice of a
specific defect in our services that forms the basis of the claim.
204.10 Undertaking-to-be-truthful Clause. Another type of engagement letter clause that can be helpful in litigation is an
agreement by the client to be truthful, accurate, and complete in making representations to the auditor. Sample language for
this type of clause is as follows:
You acknowledge that as a condition of our agreement to perform an audit, you agree to the best of your
knowledge and belief to be truthful, accurate, and complete in the representations you make to us during
the course of the audit and in the written representations provided to us at the completion of the audit.
204.11 If a client brings an action against an auditor alleging malpractice and breach of contract, in some states the auditor
would be able to defend the breach of contract claim if the client had breached its duty to provide truthful, accurate, and
complete representation. This defense could be asserted at the outset of the litigation via a motion to dismiss. In some states,
a misrepresentation, however, would not necessarily provide a defense to the clients malpractice claim unless it could be
shown that the clients misrepresentation actually interfered with the audit firms performance of its audit procedures. This
defense, however, would probably not be successful on a motion and would have to be asserted at trial.
204.12 A representation letter obtained from the client at the end of the engagement may not be regarded as a substitute for
an undertaking-to-be-truthful clause in the engagement letter. The engagement might be terminated before a representation
letter is obtained and the clients attorney might argue a representation letter was not a condition of the engagement.
204.13 Protecting the Statute of Limitations Defense. Auditors sued for professional malpractice can sometimes defeat a
claim by arguing that the claim was not brought within the time frame allowed by statute. Statutes of limitations vary by
jurisdiction and by type of legal theory (for example, the statute of limitations for a breach of contract claim may be different
than the statute for a negligence claim). Different jurisdictions also have different rules for determining when the statute begins
to run. In some cases, a statute of limitations may start running when a firm completes an engagement. In other states, the
statute of limitations starts when the client either incurs damages or discovers the auditors negligence.
204.14 To help protect a statute of limitations defense, auditors may specify in the engagement letter that the audit
engagement ends upon delivery of the audit report. A sample of such a statement is as follows:
Our audit engagement ends on delivery of our audit report. Any follow-up services will be a separate, new
engagement. The terms and conditions of that new engagement will be governed by a new, specific
engagement letter for that service.
17(23)
204.15 When the engagement letter states that the engagement includes preparation of the tax return, the auditor may also
want to add that the tax engagement will end upon delivery of the tax return. Where the end of an engagement may not be
clearly defined (such as when the auditor provides interim services), auditors may consider using a disengagement letter to
advise the client that an engagement has come to an end and that the auditor will be available for subsequent consultations
under subsequent engagements. The disengagement letter can be the transmittal letter that accompanies delivery of the audit
report.
204.16 Collection of Fees and Expenses Relating to Client Litigation When the Auditor Is Not a Party. A CPA firm may
be asked to retrieve and produce copies of its clients records and to give testimony in a deposition or trial. Occasionally, CPA
firms are also requested to provide information to regulatory authorities such as the Federal Deposit Insurance Corporation.
Whenever a CPA firm is drawn into a legal proceeding, there is always a possibility that the CPA firm itself may be named as a
party in the litigation. Therefore, any CPA firm placed in this position would be well advised to retain counsel and carefully
review the documentation that has been requested as well as the likely questions to be asked of the CPA firms personnel.
This is both time-consuming and expensive. Unfortunately, the CPA firm has little or no basis for being compensated for such
expenses other than the statutory witness fee, which does not even begin to cover the firms costs. Accordingly, a CPA firm
may consider including a clause in its engagement letters providing that any time it is requested to provide information about
its engagement for the client in a litigation or other legal proceeding in which the CPA firm is not a party, the CPA firms efforts
in responding will be deemed to be a separate engagement. The CPA firm will therefore be entitled to compensation for its
time and out-of-pocket expenses (including legal fees) incurred in responding to such requests. Language such as the
following may be used if the firm believes the risks warrant obtaining such protection:
As a result of our prior or future services to you, we might be requested or required to provide information or
documents to you or a third party in a legal, administrative, arbitration, or similar proceeding in which we are
not a party. If this occurs, our efforts in complying with such requests will be deemed billable to you as a
separate engagement. We shall be entitled to compensation for our time and reasonable reimbursement for
our expenses (including legal fees) in complying with the request. For all requests we will observe the
confidentiality requirements of our profession and will notify you promptly of the request.
204.17 The illustrative engagement letter at ASB-CL-1.1, including its practical considerations, includes other statements that
are intended to limit a firms liability. These include statements that (a) no report will be issued if, for any reason, the auditor is
unable to complete the engagement, (b) work may be suspended if billed fees become past due, and (c) additional services
relating to detection of immaterial fraud and other irregularities are not wanted. The first two statements are intended to
provide protection against a breach of contract claim if the auditor is forced to withdraw from the audit.
204.18 Reliance on Oral Advice or the Absence of Advice. In many cases, the auditor may provide written
recommendations to the client as a part of the audit engagement. In addition, auditors sometimes attempt to provide good
client service by offering oral advice on a variety of matters that are not directly a part of the engagement. However, a client
might misunderstand the scope of services the auditor is providing because of oral advice given as a byproduct of an
engagement. An auditor, for example, might make suggestions about tax planning based on completion of a tax savings
questionnaire done as a matter of client service rather than a contractual part of the engagement.
204.19 To avoid an implication that might be created by providing oral advice that the auditor has assumed responsibility for
being the clients adviser in a particular area, the engagement letter may include a clause such as the following:
We are available to provide you with business advice, but we are not obligated to do so unless you
specifically request us to perform a specific service. It is our policy to put all advice on which a client intends
to rely in writing. We believe that is necessary to avoid confusion and to make clear the specific nature and
limitations of our advice. You should not rely on any advice that has not been put in writing by our firm after
a full supervisory review.
204.20 Obtaining a Retainer. Generally, when a CPA firm obtains a retainer, that means all or a portion of the expected fee
is paid by the client in advance of services being provided. Retainers are commonly used in consulting and other nonattest
services, but they may also be obtained for audit engagements in limited circumstances, such as when providing audit
services to a financially troubled client.
204.21 An example of the language that might be used in a retainer clause is as follows:
The engagement will begin when we receive your check for advance payment of our fee of [State the dollar
amount of retainer] . As we spend time on the engagement and bill you for our services, the charges will be
applied against the advance payment, and periodically we will request that the advance payment be
refreshed to cover the anticipated final bill.
204.22 Compensation for Firm Employees Hired by Clients. A common occurrence in public accounting practice is for
employees to leave a CPA firm and join a client.
18(24)
In many cases, a CPA firm cooperates in placing an employee who
has decided to leave, or one who has been counseled to seek other employment, with a client. However, in circumstances
when a client hires away an employee, the CPA firm may have legitimate reason to believe the action merits compensation.
For example, when the CPA firm has loaned staff or provided outsourcing of internal audit or other accounting services, the
CPA firm is justified in seeking compensation for employees hired away by the client.
204.23 An example of a clause that might be used to have the client acknowledge a responsibility to compensate the firm for
loaned personnel is as follows:
We have provided staff to work within your organization as [Describe the positions for which staff have been
loaned.] . In the future, you may decide that you need the services of one or more full-time employees for
this work. At that time, we can assist you in identifying qualified individuals. However, because of the
knowledge that our staff have obtained of your organization, you may wish to hire one or more of them. If
this occurs, we will charge you a recruiting fee of twenty percent of the annual salary offered to our
employee to compensate us for the loss of our valued and extensively trained employee.
204.24 Notification of Report Reproduction. Some firms have adopted a practice of including within their engagement
letters a clause requiring the client to notify the firm and obtain permission to reproduce the firms report on the clients
financial statements. That clause is intended to give the firm an opportunity to make any changes necessitated by post-report
developments and to review the document in which the report is to be published to make sure there are no inconsistencies
between the firms report and the other disclosures contained in that document. Although those are good reasons for
inserting such a clause, they are likely to be outweighed by the possibility of compromising the defenses available to auditors
in some states. Accordingly, the authors do not generally recommend the use of this type of clause. However, some auditors,
after consultation with their legal counsel, might decide to use a clause such as the following:
You agree that you will notify us and obtain our consent before reproducing our report for any reason and in
any medium.
Alternative Dispute Resolution
204.25 Alternative dispute resolution (ADR) is a popular way of attempting to resolve client disputes without exposing the firm
to the cost and uncertainty of litigation. ADR generally takes less time than litigation and provides a better chance of
preserving the client/auditor relationship. ADR techniques apply primarily to client disputes (for example, fee disputes) rather
than third-party claims because the engagement letter is a two-party contract and does not bind third-party users.
204.26 Arbitration. Arbitration is perhaps the oldest form of ADR. It closely resembles litigation and is usually presided over
by an attorney. In an arbitration, the parties present their respective cases to an arbitrator (or panel of arbitrators) who renders
a verdict at the conclusion of the case. The arbitrator acts as both judge and jury by making evidentiary rulings, ordering
discovery, and imposing sanctions in addition to deciding the issues in the case.
204.27 While arbitration may sometimes represent an attractive alternative to litigation, it has some significant drawbacks.
First, arbitrators sometimes tend to simply split the difference between the two parties claims. Second, there is no guarantee
that a client who does not like the arbitrators decision cannot have it overturned in court. Third, and most importantly, a firms
agreement, without the consent of its insurance carrier, to submit to binding arbitration may limit the insurers ability to defend
the case and void the firms insurance coverage for that claim. Before adding language regarding arbitration or other
alternative dispute resolution methods to engagement letters, auditors ought to consult with their attorney and obtain a written
consent from their insurance carrier.
204.28 Mediation. Another well-known ADR technique is mediation. While mediation is often discussed along with
arbitration, it is a vastly different process. In mediation, no resolution is imposed on the disputing parties by a neutral party.
Instead, mediation is little more than voluntary settlement negotiations facilitated by a neutral party. Mediation is a highly
successful and satisfactory means of resolving disputes and is generally embraced by all professional liability insurers
because it usually results in a speedier and less costly resolution of liability claims.
204.29 Mediation frequently succeeds when negotiations fail for a number of reasons, including the following:
The parties are brought into the settlement discussions so they can hear first-hand (not through their attorneys) the
strengths and weaknesses of their opponents case.
The discussion takes place in a controlled atmosphere that prevents the parties from storming out of the discussions
at the first sign of disagreement.
Mediations are not about winning or losing, but rather about finding a resolution that is better than the result likely to
be achieved through litigation.
By communicating through the mediator, the parties are able to reach compromises that are not possible where
neither party is willing to blink first for fear of showing weakness.
Because mediation is about reaching agreement and because the parties spend little time together in face-to-face meetings,
there is an opportunity for the parties to resolve their differences without destroying their business relationship. One of the
main advantages of mediation is that it allows a CPA firm to resolve client claims without destroying the accountant-client
relationship.
204.30 The principal weakness of mediation is that it does not always resolve the claim. Exhibit 2-5 provides example
language for an engagement letter when the auditor wants to designate that mediation will be followed by arbitration if
mediation is not successful.
Exhibit 2-5
Example Alternative Dispute Resolution Language for an Engagement Letter
19(25)
The following language can be inserted into an engagement letter to provide for use of an alternative dispute resolution
method in cases where there is a dispute with a client. See the discussion beginning in paragraph 204.25.
If any dispute, controversy, or claim arises, either party may, upon written notice to the other party,
request that the matter be mediated. Such mediation will be conducted by a mediator appointed by
and pursuant to the Rules of the American Arbitration Association or such other neutral facilitator
acceptable to both parties. Both parties will exert their best efforts to discuss with each other in good
faith their respective positions in an attempt to finally resolve such dispute or controversy.
Each party may disclose any facts to the other party or to the mediator which it, in good faith,
considers necessary to resolve the matter. All such discussions, however, will be for the purpose of
assisting in settlement efforts and will not be admissible in any subsequent litigation against the
disclosing party. Except as agreed by both parties, the mediator will keep confidential all information
disclosed during negotiations. The mediator may not act as a witness for either party in any
subsequent arbitration between the parties.
The mediation proceedings will conclude within sixty days from receipt of the written notice unless
extended or terminated sooner by mutual consent. Each party will be responsible for its own
expenses. The fees and expenses of the mediator, if any, will be borne equally by the parties.
If any dispute, controversy, or claim cannot be resolved by mediation, then the dispute, controversy,
or claim will be settled by arbitration in accordance with the Rules of the American Arbitration
Association (AAA) for the Resolution of Accounting Firm Disputes. No prehearing discovery will be
permitted unless specifically authorized by the arbitration panel. The arbitration hearings will take
place in the city closest to the place where this agreement was performed in which the AAA maintains
an office, unless the parties agree to a different locale.
The award issued by the arbitration panel may be confirmed in a judgment by any federal or state
court of competent jurisdiction. All reasonable costs of both parties, as determined by the arbitrators,
including (1) the fees and expenses of the AAA and the arbitrators and (2) the costs, including
reasonable attorneys fees, necessary to confirm the award in court, will be borne entirely by the
non-prevailing party (to be designated by the arbitration panel in the award) and may not be allocated
between the parties by the arbitration panel.
Such arbitration shall be binding and final. In agreeing to arbitration, we both acknowledge that in the
event of a dispute over fees charged by the accountant, each of us is giving up the right to have the
dispute decided in a court of law before a judge or jury and instead we are accepting the use of
arbitration for resolution.
* * *
204.31 While mediation presents less of a risk than arbitration of voiding the firms insurance coverage, firms may
nevertheless consult their insurance carriers and obtain a written consent before including a mediation clause in an
engagement letter. Most insurance companies favor mediation and, in some situations, may even encourage it by offering to
waive deductibles.
204.32 Other ADR Techniques. While arbitration and mediation are the best known ADR techniques, others are available.
One example is a jury waiver clause in which the client agrees that the case will be decided by a judge rather than a jury.
Another involves the use of a retired judge to decide the case which, in essence, is similar to arbitration or mediation.
Whenever including ADR clauses in engagement letters, keep in mind two important points:
a. Make sure the client understands what is involved because with some ADR techniques, the client may be waiving a
legal right (for example, the right to trial by jury).
b. If the firm carries professional liability insurance, always get a written consent from the insurance carrier. Otherwise,
the firms insurance coverage could be jeopardized.
204.33 Effect on Independence. Interpretation 101-6 (ET 101.08) of the AICPA Code of Professional Conduct deals with the
impairment of an auditors independence when the auditor is involved in actual or threatened litigation against a client. Ethics
Rulings Nos. 95 and 96 (ET 191.190.193) address the effect of ADR techniques on an auditors independence. The first
clarifies that an agreement between the auditor or firm and the client to use ADR techniques does not impair the auditors
independence. The second clarifies that the commencement of an ADR proceeding does not impair the auditors
independencewith one exception. The exception applies when binding arbitration is used. Binding arbitration is considered
to be the equivalent of litigation, and, thus, the commencement of a binding arbitration proceeding impairs the auditors
independence.
204.34 Potential Drawbacks. While ADR might be an effective risk management tool in certain circumstances, some
auditors have found that ADR also has potential drawbacks. Some auditors feel it provides a free shot to a claimant since
there is little or no cost to bringing a claim. Also, there is no guarantee that the losing party might not choose to pursue the
claim in litigation. Auditors ought to consult with both legal counsel and their insurance carriers before including ADR clauses
in their engagement letters. (Paragraph 204.27 discusses some additional drawbacks related specifically to arbitration.)
205 SPECIAL PLANNING CONSIDERATIONS IN AN INITIAL ENGAGEMENT
205.1 AU-C 300.13 provides guidance on considerations for planning an initial audit engagement. Since the auditor generally
lacks experience with the client, additional planning procedures are generally necessary in order to develop the audit strategy
and audit plan. (Chapters 3 and 4 provide a detailed discussion of developing the audit strategy and detailed audit plan.) The
following matters are normally considered when beginning an initial audit:
The nature and extent of audit procedures that will be necessary to obtain sufficient appropriate audit evidence
about opening balances.
The nature and extent of audit procedures necessary to obtain reasonable assurance concerning the consistency of
application of accounting principles between the current year and the preceding year.
Significant issues that were discussed with management and others during the auditor retention process, their
impact on the audit strategy and audit plan, and any communication that may be necessary with those charged with
governance (see section 1815).
Arrangements regarding the review of a predecessor auditors workpapers, when applicable.
The competence and experience of firm personnel that are necessary to respond to anticipated significant risks.
Any other procedures for initial audit engagements that are mandated by the firms system of quality control, such
as an engagement quality control review
20(26)
of the audit strategy or reports that will be issued.
Replacing Predecessor Auditors
205.2 In the initial stages of an engagement, an auditor needs to do the following:
a. Obtain the Clients Consent to Review the Predecessors Workpapers and Files. This can be covered when
permission is obtained to communicate before acceptance. The drafting example at ASB-CL-13.1 includes a request
for permission to examine workpapers and copy files. Alternatively, the predecessor may ask the client to sign a
Client Consent and Acknowledgment Letter similar to the example at ASB-CL-13.3.
b. Arrange the Date, Location, and Conditions for Reviewing the Predecessor Auditors Workpapers. Some of the
conditions might include the specific workpapers that can be copied and the availability of the predecessor for
discussion. In addition, the predecessor may ask the successor auditor to sign a Letter Granting Successor
Auditors Access to Workpapers similar to the letter at ASB-CL-13.2. Chapter 9 discusses this letter further.
205.3 The cooperation of the predecessor is a normal professional courtesy. However, valid business reasons, e.g., unpaid
fees or litigation, may cause a predecessor to withhold workpapers. As explained in paragraph 805.2, however, withholding
workpapers is not ethical if they contain information that is normally part of the clients accounting records. Communicating
with a predecessor auditor is discussed beginning at paragraph 202.19.
Additional Guidance on Initial Audit
205.4 Chapter 9 provides additional guidance on the special considerations involved in designing audit programs in an initial
audit, including procedures to be performed on opening balances. Considerations regarding consistency of application of
accounting principles are discussed beginning in paragraph 910.18.
Pre-engagement Forms Related to Initial Audit
205.5 The following forms may be used to document the inquiries and related steps that may be necessary in an initial audit:
a. ASB-CL-13.1, Request for Predecessor Auditor to Release Information to Successor Auditor, may be used as a
drafting example of a request that expresses the clients authorization for the predecessor to respond to inquiries
and provide information. ASB-CL-13.2, Letter Granting Successor Auditors Access to Workpapers, is a letter the
predecessor may ask the successor to sign before the successor is allowed access to the predecessors
workpapers. The letter clarifies the nature of the successors use of the predecessors workpapers. ASB-CL-13.3,
Client Consent and Acknowledgment Letter, is a letter that the predecessor may ask the client to sign before
allowing access to his or her workpapers. It generally is used as an alternative to the letter at ASB-CL-13.1.
ASB-CL-13.4, Communication with Predecessor Auditor Prior to Final Engagement Acceptance, is a letter the
successor can use to make inquiries of the predecessor concerning management integrity and other matters.
ASB-CL-13.5, Communication with Predecessor Auditor Prior to Engagement Proposal, is a letter a prospective
successor can use to make inquiries about a prospective client of the predecessor prior to making a proposal for an
engagement.
b. Part II of ASB-CX-1.1, Engagement Acceptance and Continuance Form, among other things, provides for
documenting the predecessor auditors responses to specific inquiries on matters related to management integrity.
c. ASB-CX-3.1, Understanding the Entity and Identifying Risks, and ASB-CX-4.1, Understanding the Design and
Implementation of Internal Control, can be used to document the auditors understanding of the entity and its
environment when assessing the risk of material misstatement as discussed in Chapter 3. While the auditor will
apply risk assessment procedures each year to obtain or update this understanding, the extent of the procedures,
as well as the documentation effort, will normally be greater in an initial audit. In some cases, this effort will be
significantly greater depending on the clients size and complexity, and the extent of existing client documentation.
d. ASB-CX-3.3, Fraud Risk Inquiries Form, provides for documenting the inquiries of management and other
employees about their knowledge of the risks of fraud within the entity. The results of those inquiries may be
particularly useful in an initial engagement to provide information for the engagement team to consider when
discussing the susceptibility of the clients financial statements to fraud as well as information relevant to identifying
and assessing fraud risks.
e. ASB-IA-1, Additional General Planning Procedures for an Initial Audit, provides for documenting the performance
of the additional general planning procedures that may be necessary in an initial audit.
CHAPTER 3: RISK ASSESSMENT PROCEDURES AND
PLANNING
300.1 This chapter explains the start of an annual audit in a continuing engagement. The same suggested approach is used
for a new engagement, but it is supplemented by additional suggestions discussed in Chapters 2 and 9.
300.2 The focus of this chapter is general planning decisions. General or preliminary planning can be distinguished from
detailed planning of audit programsthe subject of Chapter 4. Preliminary planning includes deciding on an overall strategy
for the audit, obtaining an understanding of the entity and its environment, including its internal control, making an initial
assessment of audit risk and materiality, and deciding on the overall timing of the engagement.
300.3 The following establish key requirements and provide guidance that affect preliminary audit planning:
a. AU-C 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing
Standards, establishes specific quality control requirements to be performed as part of an audit.
b. AU-C 240, Consideration of Fraud in a Financial Statement Audit, establishes requirements for identifying and
assessing the risks of material misstatement due to fraud and determining the overall and specific responses to
those risks. [Formerly SAS No. 99 (AU 316)]
c. AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements, establishes requirements for
obtaining an understanding of the legal and regulatory framework relevant to the industry or sector in which the
entity operates and how the entity complies with that framework. [Formerly SAS No. 54 (AU 317)]
d. AU-C 260, The Auditors Communication With Those Charged With Governance, establishes requirements for the
auditor to communicate with those charged with governance. [Formerly included in SAS No. 114 (AU 380)]
e. AU-C 300, Planning an Audit, establishes requirements for audit planning, including development of an overall
strategy and audit plan, involvement of the engagement partner and team members, and consideration of whether
specialized skills are needed. [Formerly SAS No. 108 (AU 311)]
f. AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement,
establishes requirements for performing risk assessment procedures to provide a basis for identifying and assessing
risks of material misstatement and requires obtaining an understanding of various specific matters, including the
aspects of internal control relevant to the audit. [Formerly SAS No. 109 (AU 314)]
g. AU-C 320, Materiality in Planning and Performing an Audit, establishes requirements for determining materiality for
the financial statements as a whole and performance materiality for assessing the risks of material misstatement at
the assertion level, and determining the nature, timing, and extent of further audit procedures. [Formerly SAS No.
107 (AU 312)]
h. AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating Evidence Obtained,
establishes requirements for determining the nature, timing, and extent of further audit procedures (both tests of
controls and substantive procedures) in response to the assessed risks of material misstatement. [Formerly SAS No.
110 (AU 318)]
i. AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance on obtaining
an understanding of internal control of a client that uses a service organization. [Formerly SAS No. 70 (AU 324)]
j. AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,
establishes requirements relating to auditing accounting estimates. [Formerly SAS No. 57 (AU 342)]
k. AU-C 550, Related Parties, establishes specific additional audit requirements regarding related party relationships
and transactions. [Formerly SAS No. 45 (AU 334)]
The use of analytical procedures in audit planning, formerly included in SAS No. 59 (AU 329), is now included in AU-C 315.
AU-C 520, Analytical Procedures, which addresses the use of analytical procedures as substantive procedures and near the
end of the audit, is discussed in Chapter 5.
Objectives and Requirements
300.4 Objectives. The objectives of the auditor when planning the audit and performing risk assessment procedures are as
follows:
To plan the audit so that it will be performed in an effective manner.
To identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, at
the financial statement and relevant assertion levels by understanding the entity and its environment, including
internal control, as a basis for designing and implementing responses to the assessed risks of material
misstatement.
To obtain an understanding of related party relationships and transactions sufficient to recognize fraud risk factors, if
any, arising from those relationships and transactions that are relevant to the identification and assessment of risks
of material misstatement due to fraud.
When the entity uses the services of a service organization, to obtain an understanding of the nature and
significance of the services provided by the service organization and their effect on the user entitys internal control
relevant to the audit, sufficient to identify and assess the risks of material misstatement.
To communicate clearly with those charged with governance the auditors responsibilities and an overview of the
planned scope and timing of the audit.
To apply the concept of materiality appropriately in planning and performing the audit.
300.5 Requirements. The requirements that should be followed to achieve those objectives are summarized in Exhibit 3-1.
Exhibit 3-1
Requirements Related to Risk Assessment Procedures and Planning
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Planning an Audit
Involve the engagement partner and other key
engagement team members in the engagement
teams discussion and other audit planning
activities.
Establish an overall audit strategy by
Identifying the key characteristics that define
AU-C 300.07
AU-C 300.08
Section 306 ASB-AP-1
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Identifying the key characteristics that define
the scope of the engagement.
Determining the reporting objectives to
properly plan the timing of the audit and the
required communications.
Considering the significant factors that impact
the engagement teams efforts.
Considering the results of preliminary
engagement activities and, if applicable,
knowledge from other engagements
performed by the engagement partner for the
entity.
Determining the nature, timing, and extent of
resources needed to perform the audit.
AU-C 300.08
Update and modify the overall audit strategy and
audit plan, as necessary, throughout the
engagement.
AU-C 300.10 Section 306 ASB-AP-2
Document the overall audit strategy, the audit plan,
any significant changes made during the
engagement to the audit strategy or the audit plan,
and the reasons for those changes.
through
ASB-AP-14
Understanding the Entity and Its Environment
and Assessing the Risks of Material
Misstatement
Understanding the Entity and Its Environment
Perform risk assessment procedures to provide a
basis for identifying and assessing risks of material
misstatement at both the financial statement and
relevant assertion levels, including inquiries of
management and others within the entity that may
have relevant information, analytical procedures,
and observation and inspection.
AU-C 315.05
AU-C 315.06
ASB-CX-3.1
ASB-CX-3.2
ASB-CX-3.3
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-4.3
Consider the relevance of information obtained
during client acceptance or continuance when
identifying risks of material misstatement.
If the engagement partner has performed other
engagements for the entity, consider whether that
information is relevant to identifying risks of material
misstatement.
Consider the assessed risk of material
misstatement due to fraud with other information
obtained.
When intending to use information from previous
experience with the entity or audit procedures
performed in previous audits, determine whether
changes have occurred that affect its continued
relevance.
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-10.1
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Discuss (among the engagement partner and other
key engagement team members) the susceptibility
of the financial statements to material misstatement
and the application of GAAP to the entitys facts and
circumstances. Determine which matters to
communicate to engagement team members not
involved in the discussion.
ASB-CX-3.2
Obtain an understanding of
Relevant industry, regulatory, and other
external factors.
The nature of the entity, including its
operations, its ownership and governance
structures, its existing and future investments,
and its structure and financing to understand
the classes of transactions, account balances,
and disclosures expected in the financial
statements.
The entitys selection and application of
accounting policies and reasons for any
changes.
The entitys objectives and strategies and the
related business risks.
How the entity measures and reviews its
financial performance.
Obtain an understanding of internal control relevant
to the audit and evaluate the design of the controls.
Perform inquiry and other procedures to determine
whether the controls have been implemented.
AU-C 315.13
AU-C 315.14
Section 303 ASB-CX-4.1
ASB-CX-4.2
ASB-CX-4.3
ASB-CX-5
Obtain an understanding of the control environment
and evaluate whether management and those
charged with governance have created and
maintained a culture of honesty and ethical
behavior. Also evaluate whether the control
environment elements collectively provide support
for the other components of internal control and
whether those other components are undermined
by deficiencies in the control environment.
ASB-CX-5.1
Obtain an understanding of whether the entity has a
process for identifying and estimating the
significance of business risks related to financial
reporting objectives, assessing the likelihood of
their occurrence, and determining actions to
address those risks.
ASB-CX-5.2
Obtain an understanding of the entitys risk
assessment process, if one has been established,
and its results. If risks of material misstatement are
identified that management failed to identify,
evaluate whether an underlying risk existed that the
ASB-CX-5.2
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
entitys risk assessment process was expected to
identify. If such a risk exists, understand why that
process failed to identify the risk, evaluate whether
the process is appropriate to its circumstances, or
determine if a significant deficiency or material
weakness exists in internal control for the entitys
risk assessment process.
If a risk assessment process has not been
established or it is only an ad hoc process, ask
management if business risks that apply to financial
reporting objectives have been identified and, if so,
how they were addressed. In addition, evaluate
whether the lack of a documented process is
appropriate for the entity or determine whether it
represents a significant deficiency or material
weakness in internal control.
ASB-CX-5.2
Obtain an understanding of the information system
and the financial reporting processes, including:
The classes of transactions that are significant
to the financial statements.
The automated and/or manual procedures that
initiate, authorize, record, process, correct as
necessary, transfer to the general ledger, and
report those transactions in the financial
statements.
The manual or electronic accounting records
that support information and specific accounts
in the financial statements and are used to
initiate, authorize, record, process, and report
transactions.
How significant events and conditions other
than transactions are captured in the system.
How the financial statements, including
significant accounting estimates and
disclosures, are prepared.
The controls over standard and nonstandard
journal entries.
ASB-CX-4.2
ASB-CX-5.6
through
ASB-CX-5.17
Obtain an understanding of how financial reporting
roles and responsibilities and significant matters
relating to financial reporting are communicated,
including communications between management
and those charged with governance and external
communications.
ASB-CX-5.3

Obtain an understanding of control activities
relevant to the audit, including how detailed records
for material account balances are reconciled to the
general ledger.
ASB-CX-5.6
through
ASB-CX-5.17
Obtain an understanding of how the entity has
responded to IT-related risks.
AU-C 315.22 Sections 303 and
305
ASB-CX-4.2.2
ASB-CX-5.5
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
responded to IT-related risks. 305 ASB-CX-5.5
Obtain an understanding of how the entity monitors
internal control over financial reporting, including
monitoring the control activities relevant to the
audit, and how the entity takes action to correct any
deficiencies in controls.
ASB-CX-5.4
If the entity has an internal audit function, determine
if the internal audit function is likely to be relevant to
the audit by obtaining an understanding of the
nature of its responsibilities, how it fits in the entitys
organizational structure, and the activities it has
performed or will perform.
Using the Work
of Internal
Auditors
Obtain an understanding of the sources of the
information used for monitoring activities and why
management considers that information to be
sufficiently reliable.
ASB-CX-5.4
Assessing Risks of Material Misstatement
If a significant risk exists, obtain an understanding
of the manual or automated controls related to that
risk and, based on that understanding, evaluate
whether the controls are suitably designed and
implemented to mitigate such risks.
ASB-CX-4.2
ASB-CX-5
For risks judged as risks for which it is not possible
or practicable to obtain sufficient appropriate
evidence only from substantive procedures, obtain
an understanding of the controls over such risks
relevant to the audit.
ASB-CX-4.2
ASB-CX-5
Document the following:
Discussion among the engagement team
including the significant decisions reached,
how and when the discussion occurred, and
the audit team members who participated.
Key elements of the understanding obtained
for each aspect of the entity and its
environment and each internal control
component, the sources of information, and
the risk assessment procedures performed.
Identified and assessed risks of material
misstatement at the financial statement level
and at the relevant assertion level.
Significant risks and risks for which substantive
procedures alone are not sufficient and the
understanding obtained of the related controls.
AU-C 315.33 Sections 301,
302, 303, and 306
ASB-CX-3.1
ASB-CX-3.2
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-5
ASB-CX-7.1
Materiality in Planning and Performing an Audit
Determine materiality for the financial statements as
a whole. Also, determine a lesser materiality
level(s) to apply to specific classes of transactions,
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
account balances, or disclosures if misstatements
of lesser amounts could reasonably be expected to
affect the economic decisions of the users of the
Determine performance materiality to be used to
assess the risks of material misstatement and
determine the nature, timing, and extent of further
audit procedures.
Revise materiality for the financial statements as a
whole if information is identified during the audit
that would have caused a different amount to be
determined initially. If applicable, revisions may also
be necessary for the lesser materiality amount(s) for
specific classes of transactions, account balances,
or disclosures.
ASB-CX-2.1
Document the following amounts and the factors
considered in determining those amounts:
materiality for the financial statements as a whole; if
applicable, the materiality level(s) for specific
classes of transactions, account balances, or
disclosures; performance materiality; and any
revisions during the audit to the preceding
amounts.
Consideration of Fraud in a Financial Statement
Audit
Maintain professional skepticism throughout the
audit, recognizing the possibility that a material
misstatement due to fraud could exist.
307
ASB-AP-1
Unless there is a reason to believe otherwise,
accept client records and documents as genuine. If
conditions cause a belief that a document may not
be authentic or that terms in a document have been
modified but not disclosed, investigate further.
When responses to inquiries of management, those
charged with governance, or others are inconsistent
or otherwise unsatisfactory (for example, vague or
implausible), investigate the inconsistencies or
unsatisfactory responses further.
through
ASB-AP-14
ASB-CX-3.3
Have a discussion among the key engagement
team members about how and where the entitys
financial statements might be susceptible to
material misstatement due to fraud, how
management could perpetrate and conceal
fraudulent financial reporting, and how assets of the
entity could be misappropriated. Set aside the
belief that management and those charged with
governance are honest and have integrity and
307
ASB-CX-3.2
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
discuss the following:
Known external and internal factors affecting
the entity that may create an incentive or
pressure for management or others to commit
fraud, provide the opportunity for fraud to be
perpetrated, and indicate a culture or
environment that enables management or
others to rationalize committing fraud.
The risk of management override of controls.
Consideration of circumstances that might be
indicative of earnings management or
manipulation of other financial measures and
the practices that might be followed by
management to manage earnings or other
financial measures that could lead to
fraudulent financial reporting.
The importance of maintaining professional
skepticism throughout the audit regarding the
potential for material misstatement due to
fraud.
How the auditor might respond to the
susceptibility of the entitys financial
statements to material misstatement due to
fraud.
Continue the communication among the
engagement team members about the risks of
material misstatement due to fraud throughout the
audit.
Make inquiries of management regarding their
Assessment of the risk that the financial
statements may be materially misstated due to
fraud, including the nature, extent, and
frequency of their assessments.
Process for identifying, responding to, and
monitoring the risks of fraud, including any
specific risks of fraud that they have identified
or that have been brought to their attention; or
classes of transactions, account balances, or
disclosures for which a risk of fraud is likely to
exist.
Communication, if any, to those charged with
governance regarding the processes for
identifying and responding to the risks of
fraud.
Communication, if any, to employees
regarding their views on business practices
and ethical behavior.
Make inquiries of management and others within
the entity to determine whether they have
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
knowledge of any actual, suspected, or alleged
fraud affecting the entity.
Make inquiries of internal audit, if applicable, to
obtain their views about the risks of fraud and to
determine whether they have knowledge of any
actual, suspected, or alleged fraud; whether they
have performed any procedures to identify or detect
fraud during the year; and whether management
has satisfactorily responded to any findings
resulting from those procedures.
Unless all of those charged with governance are
involved in managing the entity, obtain an
understanding of how those charged with
governance exercise oversight of managements
processes for identifying and responding to the
risks of fraud and the internal control that
management has established to mitigate those
risks.
Unless all of those charged with governance are
involved in managing the entity, make inquiries of
those charged with governance (or the audit
committee or, at least, its chair) to determine their
views about the risks of fraud and whether they
have knowledge of any actual, suspected, or
alleged fraud.
Evaluate whether unusual or unexpected
relationships identified during analytical procedures
performed as part of risk assessment indicate risks
of material misstatement due to fraud. Those
analytical procedures, and evaluation thereof,
should include analytical procedures relating to
revenue accounts.
Consider whether other information obtained by the
auditor indicates risks of material misstatement due
to fraud.
Evaluate whether the information obtained from risk
assessment procedures indicates that one or more
fraud risk factors are present.
ASB-CX-6.2
Identify and assess the risks of material
misstatement due to fraud at the financial statement
level, and at the assertion level for classes of
transactions, account balances, and disclosures.
ASB-CX-7.1
Treat assessed risks of material misstatement due
to fraud as significant risks and obtain an
understanding of the entitys related controls,
including control activities, relevant to such fraud
risks. The understanding should include an
evaluation of whether those controls have been
ASB-CX-4.2
ASB-CX-5
ASB-CX-7.1
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
suitably designed and implemented to mitigate the
fraud risks.
Determine overall responses to address the
assessed risks of material misstatement due to
fraud at the financial statement level. In determining
overall responses
Assign and supervise personnel, taking into
account the knowledge, skill, and ability of the
individuals to be given significant engagement
responsibilities and the auditors assessment
of the risks of material misstatement due to
fraud.
Evaluate whether the entitys selection and
application of accounting policies, particularly
those related to subjective measurements and
complex transactions, may be indicative of
fraudulent financial reporting resulting from
managements effort to manage earnings, or a
bias that may create a material misstatement.
Incorporate an element of unpredictability in
the selection of the nature, timing, and extent
of audit procedures.
AU-C 240.28
AU-C 240.29
ASB-AP-2
ASB-CX-7.1
The significant decisions reached during the
discussion among the engagement team
regarding the susceptibility of the entitys
financial statements to material misstatement
due to fraud, how and when the discussion
occurred, and the audit team members who
participated.
The identified and assessed risks of material
misstatement due to fraud at the financial
statement level and at the assertion level.
307
ASB-CX-3.2
ASB-CX-7.1
Document the following as part of the auditors
responses to the assessed risks of material
misstatement:
The overall responses to the assessed risks of
material misstatement due to fraud at the
financial statement level and the nature, timing,
and extent of audit procedures, and the
linkage of those procedures with the assessed
risks of material misstatement due to fraud at
the assertion level.
The results of the audit procedures, including
those designed to address the risk of
management override of controls.
ASB-AP-2
ASB-CX-7.1
Document how the presumption that improper
revenue recognition is a fraud risk was overcome, if
applicable.
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Designing and Implementing Responses to
Assessed Risks
Design and implement overall responses to
address risks of material misstatement at the
financial statement level.
ASB-AP-2
through
ASB-AP-14
Consideration of Laws and Regulations in an
Audit of the Financial Statements
As part of obtaining an understanding of the entity
and its environment, obtain a general
understanding of the entitys legal and regulatory
framework and the industry or sector in which the
entity operates, and how the entity is complying
with the framework.
Inquire of management and those charged with
governance about whether the entity is in
compliance with laws and regulations and inspect
correspondence with relevant licensing or
regulatory authorities, if any.
ASB-CX-3.3
Auditing Accounting Estimates
Obtain an understanding of the following relating to
accounting estimates:
Requirements of GAAP relevant to accounting
estimates, including disclosures.
How management identifies transactions,
events, and conditions that may give rise to
new accounting estimates. In obtaining this
understanding, make inquiries of management
about changes in circumstances that could
affect accounting estimates.
How management makes accounting
estimates and the data on which the estimates
are based, including
Methods used, including models.
Relevant controls.
Whether a specialist has been used.
Assumptions underlying estimates.
Whether there has been, or ought to have
been, a change from the prior period in
methods or assumptions and, if so, why.
Whether estimation uncertainty has been
assessed and, if so, how.
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-5
Related Parties
In connection with the engagement team
discussion, include specific consideration of the
susceptibility of the financial statements to material
misstatement that could result from related party
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
relationships and transactions.
Inquire of management about
Identity of related parties, including changes
from the prior period.
Nature of the related party relationships.
Whether the entity has entered into
transactions with related parties during the
period and, if so, the type and purpose of the
transactions.
Inquire of management and others and perform risk
assessment procedures to obtain an understanding
of controls established to
Identify, account for, and disclose related party
Authorize and approve significant transactions
and arrangements with related parties.
Authorize and approve significant transactions
and arrangements outside the normal course
of business.
ASB-CX-4.2
ASB-CX-5
If fraud risk factors regarding related parties are
identified, consider the information in assessing
fraud risks.
ASB-CX-6.2
Service Organizations
Obtain an understanding of how the entity uses the
services of a service organization, including the
nature and significance of the services provided,
nature and materiality of the transactions processed
or accounts or financial reporting processes
affected, degree of interaction between the activities
of the service organization and those of the user
entity, and nature of the relationship between the
user entity and the service organization, including
relevant contractual terms.
AU-C 402.09 Section 303 ASB-CX-4.2.2
Inquire of management about whether a service
organization has reported to them, or whether they
are otherwise aware of, any fraud, noncompliance
with laws and regulations, or uncorrected
misstatements affecting the financial statements of
the user entity and evaluate how such matters, if
any, affect the nature, timing, and extent of further
audit procedures, including the effect on the user
auditors conclusions and report.
Quality Control for an Engagement Conducted in
Accordance with GAAS
For the engagement partner, take responsibility for
the direction, supervision, and performance of the
audit engagement.
AU-C 220.17 Section 301 ASB-CX-14
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
The Auditors Communication with Those
Communicate with those charged with governance
an overview of the planned scope and timing of the
audit.
ASB-CL-5.1
* * *
Nature of Audit Planning
300.6 Planning an audit, according to AU-C 300.02, involves establishing the overall strategy for the engagement and
developing an audit plan. Audit strategy is the auditors operational approach to achieving the objectives of the audit. It is a
high-level description of the audit scope. It includes matters such as identifying material locations and account balances,
identifying audit areas with a higher risk of material misstatement, the overall responses to those higher risks, and the planned
audit approach by area (for example, substantive procedures or a combined approach of substantive procedures and tests of
controls).
300.7 Auditors generally establish a preliminary audit strategy before performing extensive risk assessment procedures
based on knowledge from past experience with the client and the results of preliminary engagement activities discussed in
Chapter 2. As auditors gather additional information through the performance of risk assessment procedures, they complete
the overall audit strategy, including overall responses at the financial statement level. Audit strategy is discussed further in
section 306.
300.8 Obtaining an understanding of the entity and its environment, including its internal control, is an essential part of
planning the audit. An effectively planned audit is responsive to the assessment of the risks of material misstatement based on
the auditors understanding of the entity and its environment, including its internal control. The objective of the auditor,
according to AU-C 315.03, is to identify and assess the risks of material misstatement, whether due to fraud or error, at the
financial statement and relevant assertion levels through understanding the entity and its environment, including the entitys
internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
300.9 Audit planning also includes developing an audit plan (also called an audit program). The audit plan is more detailed
than the audit strategy and documents the nature, timing, and extent of procedures to be performed to obtain sufficient
appropriate audit evidence. (See Chapter 4.)
300.10 The nature, timing and extent of audit planning varies with the size and complexity of the entity and with the auditors
understanding of the entity and its environment, including internal control. However, audit planning always includes a risk
assessment process.
The Risk Assessment Process
300.11 The risk assessment process involves performing procedures, obtaining an understanding of various matters about
the entity and its environment, and making decisions and judgments about assessed risks and other matters based on the
understanding. The authors believe it is useful to classify the audit planning requirements related to planning in the following
categories:
Procedures performed.
Understanding obtained.
Decisions and judgments made.
300.12 Procedures Performed. Risk assessment procedures include inquiry, analytical procedures, inspection, and
observation as well as related planning activities and procedures, including preliminary engagement activities related to client
acceptance and continuance, and holding a discussion among the engagement team. As further discussed in section 301,
the auditor performs all of these procedures when planning the audit.
300.13 As noted in section 307, the auditors consideration of fraud in accordance with AU-C 240 is not separate from the
consideration of audit risk but is integrated into the overall risk assessment process. That is, the assessment of risks due to
error occurs simultaneously with the assessment of risks due to fraud. The key requirements of AU-C 240 are addressed at
relevant points throughout this chapter.
300.14 Understanding Obtained. As explained in detail in sections 302 and 303, risk assessment procedures are performed
to obtain an understanding of the entity and its environment, including its internal control. The auditor obtains information
about the following:
a. Industry, regulatory, and other external factors.
b. Nature of the entity.
c. Objectives and strategies and the related business risks that may result in a material misstatement of the financial
statements.
d. Measurement and review of the entitys financial performance.
e. Internal control, which includes the selection and application of accounting policies.
f. Fraud risk factors.
300.15 Decisions and Judgments Made. The information obtained by applying risk assessment procedures is used to
make the important decisions and judgments that are part of audit planning. These decisions and judgments include
determining materiality levels and assessing risks of material misstatement at the financial statement and relevant assertion
levels.
300.16 Summary of Risk Assessment Process. Exhibit 3-2 summarizes the various elements in the risk assessment
process in the categories of procedures performed, understanding obtained, and decisions and judgments made.
Exhibit 3-2
The Risk Assessment Process
Procedures Performed Understanding Obtained Decisions and Judgments Made
Preliminary engagement
activities.
Inquiries of management
and others.
Preliminary analytical
procedures.
Observation and inspection.
Discussion among the
Industry, regulatory, and
other external factors.
Nature of the entity.
Objectives, strategies, and
related business risks.
Measurement and review of
the entitys financial
performance.
Decisions at the Financial
Statement Level:
Materiality at the financial
statement level.
Materiality for particular
items of lesser amounts.
Risks of material
misstatement at the financial
engagement team. Internal control.
Selection and application of
accounting policies.
Fraud risk factors.
statement level.
Overall audit strategy.
Decisions at the Account
Balance, Transaction Class, and
Relevant Assertion Level:
Performance materiality.
Risks of material
misstatement at the relevant
assertion level, including
identification of significant
risks.
Nature, timing, and extent of
further audit procedures
(including tests of controls
and substantive procedures).
* * *
The Sequence of Audit Planning
300.17 Because an audit of financial statements is an iterative process, audit planning is not a discrete phase of the audit.
Audit planning continues throughout the audit even though many of the planning steps and procedures necessarily are
performed at the beginning of the audit process. Audit planning begins with engagement acceptance and continues
throughout the remainder of the audit. Also, many of the audit planning steps and procedures can be performed
simultaneously and tend to blend together. Nevertheless, having a logical sequence of steps and procedures provides a
useful framework. The authors approach is presented in Exhibit 3-3.
Exhibit 3-3
Steps in the Audit Process Related to Planning
Preliminary Engagement Activities
1. Perform procedures regarding acceptance or continuance of the client relationship and the specific audit engagement.
2. Evaluate compliance with ethical requirements, including independence.
3. Establish an understanding with the client and communicate in an engagement letter.
General Audit Planning at the Financial Statement Level
4. Establish preliminary audit strategy.
5. Determine the nature, timing, and extent of risk assessment procedures and perform the procedures.
6. Determine the materiality level for the financial statements taken as a whole (preliminary planning materiality) and
materiality for particular items of lesser amounts.
7. Perform preliminary analytical procedures (a risk assessment procedure).
8. Hold a discussion among the engagement team.
9. Identify fraud risk factors, areas where special audit consideration may be necessary, and other areas where there may
be higher risks of material misstatement.
10. Assess audit risk at the overall financial statement level.
11. Complete the overall audit strategy, including overall responses at the financial statement level.
Detailed Audit Planning at the Relevant Assertion Level for Account Balances, Transaction Classes, and Disclosures
12. Determine performance materiality (often in conjunction with Step 6).
13. Assess audit risk in relation to relevant assertions for transactions classes, account balances, and disclosures.
14. Develop a detailed audit plan for the nature, timing, and extent of further audit procedures.
* * *
300.18 Depending on the auditors knowledge and past experience with the client, as well as other factors, certain planning
steps might be performed at differing stages or sequences from one engagement to the next. For example, the sixth step,
determine the materiality level for the financial statements taken as a whole, and the twelfth step, determine performance
materiality, are often performed concurrently. For the eighth step, the discussion among the engagement team, the precise
timing of this meeting can vary with the circumstances. It is usually more efficient and effective if it occurs relatively early in
planning, but it need not occur in any particular sequence.
Organization of This Chapter
300.19 This chapter focuses on those portions of the risk assessment process relating to general audit planning, the
performance of risk assessment procedures, and the determination of the overall audit strategy. The concepts previously
introduced in this sectionthe risk assessment procedures, the understanding of the entity and its environment, and certain
of the decisions and judgments made by the auditorare discussed in greater depth in the following sections. Even though
performance materiality is applied at the account balance and transaction class level rather than at the financial statement
level, it is also addressed in this chapter because it is often determined concurrently with planning materiality. Specifically, this
chapter addresses steps 4 through 12 in Exhibit 3-3. Steps 1 through 3, the steps on preliminary engagement activities, are
addressed in Chapter 2, and steps 13 and 14, the steps for detailed audit planning in relation to relevant assertions for
transaction classes, account balances, and disclosures, are addressed in Chapter 4. Chapters 5 and 6 provide a more
detailed discussion of further audit procedures (that is, substantive procedures and tests of controls) and Chapter 18
addresses the evaluation of audit findings.
300.20 The organization of this chapter is as follows:
Section 301 discusses risk assessment and other planning procedures.
Section 302 discusses the understanding of entity and its environment (excluding internal control).
Section 303 discusses the general requirements for obtaining an understanding of internal control and provides a
suggested approach.
Section 304 discusses obtaining an understanding of entity-level controls, including the control environment, risk
assessment, information and communication (excluding the financial reporting system), and monitoring.
Section 305 discusses obtaining and understanding of activity-level controls, including the financial reporting
system, IT environment and general computer controls, and control activities.
Section 306 discusses the planning decisions and judgments made by the auditor culminating in the overall audit
strategy.
Section 307 discusses the auditors consideration of fraud and how it relates to the overall risk assessment process.
Section 308 discusses the auditors consideration of laws and regulations and how it relates to the overall risk
assessment process.
Section 309 discusses the auditors consideration of whether to perform substantive procedures before the balance
sheet date.
Section 310 discusses general planning procedures and forms.
Section 311 discusses planning the audit time estimate and documenting the time spent performing the audit.
301 RISK ASSESSMENT AND OTHER PLANNING PROCEDURES
301.1 AU-C 315.05 explains that the auditor should perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at both the financial statement and relevant assertion levels.
Risk assessment procedures alone do not provide sufficient appropriate audit evidence on which to base an opinion. In all
circumstances, further audit procedures are necessary to support an opinion.
301.2 Obtaining an understanding of the entity and its environment, including its internal control, is an essential aspect of the
consideration of risk. Thus, audit procedures performed to obtain that understanding are referred to as risk assessment
procedures because the information obtained by performing those procedures is used to support the auditors assessment of
the risk of material misstatement. Auditors normally consider the effectiveness of various types of risk assessment procedures
in identifying risks during the planning process. A variety of risk assessment procedures are used when obtaining an
understanding of the entity and its environment. For example, an auditor cannot limit his or her risk assessment procedures to
only inquiry.
301.3 In addition to providing information about the entity and its environment, including its internal control, the performance
of risk assessment procedures may provide audit evidence about relevant assertions related to account balances, transaction
classes, or disclosures, or about the operating effectiveness of controls. Therefore, risk assessment procedures may also
serve as tests of controls or substantive procedures, or may be performed concurrently with those procedures. However, as
mentioned in paragraph 301.1, risk assessment procedures by themselves do not provide sufficient appropriate audit
evidence to express an opinion on financial statements.
Types of Risk Assessment Procedures
301.4 AU-C 300 and 315 specifically identify the following audit procedures and activities as necessary risk assessment and
other planning procedures:
a. Preliminary engagement activities, including establishing an understanding with the client. (See Chapter 2.)
b. Inquiries of management and others within the entity and those charged with governance.
c. Analytical procedures.
d. Observation and inspection. [Examples of such procedures include visits to the entitys premises and tracing
transactions through the information system (that is, walkthroughs).]
e. Discussion among the engagement team.
All of the risk assessment procedures are performed when obtaining an understanding of the entity and its environment.
However, each of those procedures need not be performed for every component of the understanding outlined in section
302. Nevertheless, the standards are explicit in indicating that inquiry alone is not sufficient to evaluate the design and
implementation of internal control. Therefore, observation and inspection will most likely be coupled with inquiry procedures
when obtaining the understanding of internal control. The discussion among the engagement team about the susceptibility of
the entitys financial statements to material misstatement is required by AU-C 315.11, and AU-C 240.15 expands on the
discussion as it relates to brainstorming about susceptibility to material misstatement due to fraud.
301.5 Nature, Timing, and ExtentGeneral Considerations. The nature, timing, and extent of some risk assessment
procedures may be relatively consistent across audit engagements, but some procedures will need tailoring in response to
the information gathered. For example, in all audits the auditor will make inquires of management responsible for financial
reporting about accounting policies and other aspects of the financial reporting process. However, determining others within
the entity to whom related questions may be directed will depend on the circumstances and the specific information gathered
about the entity. For example, if initial inquiries reveal that sales terms are complex, the auditor will likely make further inquires
of sales and marketing personnel about contractual arrangements with customers and may also make related inquiries of
in-house legal counsel. Thus, performance of risk assessment procedures often can begin without extended consideration of
their nature, timing, and extent, but other aspects of the risk assessment procedures can only be determined after some
information is gathered about the entity and its environment.
301.6 Gathering Information Needed to Identify Fraud Risks. In connection with obtaining an understanding of the
companys business and the industry in which it operates (see section 302), auditors may become aware of information that is
relevant to identifying fraud risks. AU-C 240.17.24 explains that auditors should perform the following procedures to obtain
information that is used to identify fraud risks:
Inquire of management and others in the company about the risks of fraud and how they are addressed.
Consider the results of analytical procedures.
Consider the existence of fraud risk factors.
Consider certain other information.
301.7 Using the Results of Risk Assessment Procedures Performed in Prior Periods. Since professional standards
require the performance of risk assessment procedures to obtain an understanding of the entity and provide a basis for the
assessment of risks, can the auditor use information gathered from procedures performed in a prior period and limit the
extent of current year procedures? The answer is a qualified yes.
301.8 The process of understanding the clients business and industry is continual. For a new engagement, a basic level of
knowledge is needed to begin preliminary planning. However, a significant amount of knowledge is gained during the audit.
The auditors previous experience with the entity contributes to the understanding of the entity and its environment. Audit
procedures performed in previous audits ordinarily provide useful audit evidence about the following:
The entitys organizational structure, business, controls, and operations.
Past misstatements and whether they were corrected on a timely basis.
Significant changes from the prior period.
301.9 Information about past misstatements assists the auditor in assessing risks of material misstatement in the current
audit. Before using information obtained in prior periods, however, AU-C 315.10 indicates that the auditor should determine
whether changes have occurred since the previous audit that may affect its relevance to the current audit. The auditor is
interested in identifying changes in personnel; procedures; processes; contracts; products or services; contingencies;
facilities; nature of the business; ownership; management; financial condition; earnings pressures; conditions and events or
operating results that are relevant to the going concern assumption; loan covenant compliance; litigation status; control
environment or activities; fraud risks; management attitude toward, or pressures on, the auditors; scope of the engagement;
and any other internal or external conditions that might be of audit significance. These changes may change the clients
business risk or the auditors assessment of risks of material misstatement. Therefore, the auditor performs risk assessment
procedures in the current audit to determine whether changes have occurred that impact the relevance of information
gathered in previous audits. For example, auditors might perform inquiries of client management and key client personnel,
including accounting personnel outside the accounting department or other parties, supplemented by observation and
inspection (for example, review of interim financial reports and budgets and walkthroughs) to determine if changes have
occurred. (Paragraph 305.23 provides a further discussion on the frequency of performing walkthroughs.)
301.10 As a result, although the nature of the auditors procedures always includes inquiries, observation, and inspection, the
authors believe the extent of risk assessment procedures will often be considerably less in continuing engagements than in
initial engagements, consisting primarily of sufficient procedures to identify and evaluate changes. The extent of current
period risk assessment procedures may need to be increased, however, in response to the following:
The information relates directly to a past misstatement or risk of material misstatement identified in the prior year.
Other information obtained through risk assessment procedures indicates a possible significant change in the
current year.
There is a greater likelihood that significant changes will occur given the nature of the information.
The following paragraphs address the risk assessment procedures listed in paragraph 301.4 and their role in identifying and
assessing risk.
Inquiries of Management and Others
301.11 Inquiry of management and others is used extensively throughout the audit planning process. In many cases, it
serves as a foundation for the performance of other risk assessment procedures in that the responses obtained drive the need
for additional or corroborating procedures. Inquiry consists of several elementsposing a question or requesting information
on a matter, evaluating the response, and following up to obtain additional information as needed. As such, inquiry can be an
extremely effective procedure in identifying risks. For example, an auditor might ask management about the level of
technology for the entitys products as compared to the industry. The auditor would then evaluate the response obtained and
determine if a potential risk exists. In this case, the auditor is concerned about potential inventory obsolescence and, if so, a
possible writedown. If the auditor deems that there is an indication of this risk, additional inquiries might be posed to further
identify the risk and determine whether other risk assessment procedures are necessary.
301.12 Although inquiry is a critical risk assessment procedure, inquiry cannot be used alone when identifying and assessing
risks. As noted in paragraph 301.4, auditors use a combination of inquiry, analytical procedures, and observation and
inspection during the risk assessment process. Furthermore, as discussed in section 303, auditors are prohibited from only
using inquiry when evaluating the design and implementation of internal control.
301.13 Matters and Parties of Inquiry. Auditing standards require the auditor to inquire of management and others in the
entity about the following matters relevant to audit planning:
a. The entity and its environment as enumerated in AU-C 315 and explained in sections 302 and 303.
b. Fraud-related matters as enumerated in AU-C 240 and discussed beginning at paragraph 301.18 and in section 307.
c. Related parties and related party transactions as enumerated in AU-C 550 and discussed beginning at paragraph
301.24.
d. Accounting estimates as enumerated in AU-C 540 and discussed beginning at paragraph 301.26.
e. Compliance with laws and regulations as enumerated in AU-C 250 and discussed beginning at paragraph 301.27.
f. Communications from service organizations about fraud, noncompliance with laws or regulations, or uncorrected
misstatements at the service organization that affect the entitys financial statements, as enumerated in AU-C 402.19
and discussed beginning at paragraph 301.28.
301.14 Examples of the members of management that auditors may consider interviewing include:
The owner/manager in a small business.
The president or chief executive officer.
The controller.
The chief financial officer.
301.15 The auditor might decide that inquiries of others within and outside the entity, in addition to management and those
responsible for financial reporting, would be useful. Examples of other inquiries that might be made include the following:
a. Those Charged with Governance. Their involvement in the financial reporting process and how financial statements
are used. AU-C 240.21 requires the auditor to inquire directly of those charged with governance (or the audit
committee or at least its chair) about the risks of fraud and their knowledge of actual, suspected, or alleged fraud.]
b. Internal Audit. Activities concerning the design and effectiveness of internal control and managements responses to
any findings by the internal audit function. AU-C 240.19 requires inquiry of internal audit personnel about risks of
fraud, knowledge of fraud or suspected fraud, and activities concerning fraud detection, and whether management
satisfactorily responded to any findings.
c. Other Employees. Their role in the financial reporting process and additional or corroborating information to support
managements responses. AU-C 240.A18.A19 discusses the benefits of inquiry and provides examples of others
within the entity to whom the auditor may direct inquiries about the existence or suspicion of fraud. Auditors may
consider obtaining the perspective of employees from different functional areas and at varying levels of authority
when identifying risks of material misstatement. Examples of inquiries that may be made of other employees include:
(1) Financial Reporting Personnel. Appropriateness of the selection and application of accounting policies,
including the initiation, authorization, processing, or recording of complex or unusual transactions. AU-C
240.32 explicitly requires inquiries about knowledge of inappropriate or unusual activity relating to the
processing of journal entries and other adjustments.
(2) In-house Legal Counsel. Litigation, compliance with laws and regulations, knowledge of fraud or suspected
fraud, warranties, post-sales obligations, arrangements (such as joint ventures) with business partners, and the
meaning of contract terms.
(3) Marketing, Sales, or Production Personnel. Changes in marketing strategies, sales trends, production
strategies, or contractual arrangements with customers.
(4) IT Systems Users. Their role in identifying changes to IT systems, how frequently changes occur, effectiveness
of application and access controls, and excessive system downtime and other functional issues.
d. Parties Outside the Entity. Inquiries of parties outside the entity are not required but are procedures that might be
helpful. For example, the auditor might find it useful to make inquiries of external legal counsel or of valuation
experts that management has engaged. The auditor might also find it useful to make inquiries of customers,
suppliers, or regulators to better understand the nature of the entity and its operations.
301.16 When deciding which individuals within the entity to make inquiries of, it may be helpful to consider
Employees who may have additional knowledge of matters identified in discussions with management or those
charged with governance, or during the engagement team discussion.
Employees who may be able to corroborate information received from management or others.
Employees who may offer a unique or different perspective about the risks of material misstatement due to their
background, tenure, etc.
Employees who might provide information about the possibility of management override of controls.
301.17 In addition to those parties identified in paragraphs 301.14.15, examples of the types of individuals within the entity
that auditors may consider interviewing include
Employees at varying levels of authority within the entity, from low-level clerical employees to senior management,
including employees the auditor comes in contact with while obtaining an understanding of internal control,
observing inventory, or obtaining explanations for significant differences or fluctuations arising from analytical
procedures.
Employees outside the accounting department.
Operating personnel.
Employees involved in recording or processing journal entries.
Employees involved in initiating, recording, or processing complex or unusual transactions.
Employees in areas identified as vulnerable to the risk of fraud or error during the engagement team discussion.
Employees with key roles in internal control.
Employees referred to by other interviewees.
301.18 Fraud-related Inquiries. The consideration of fraud in a financial statement audit is an integral part of obtaining an
understanding of the entity and its environment and assessing the risks of material misstatement. AU-C 315.09 explains that
during planning the auditor should consider the results of the fraud risk assessment along with the other information obtained
as part of identifying the risks of material misstatements. AU-C 240.15 notes that the discussion among the engagement team
required by AU-C 315 should include fraud brainstorming, and AU-C 315.29 also notes that the auditor should consider fraud
risks in identifying significant risks. The inquiries of management made in audit planning, according to AU-C 240.17.18,
should include the following specific areas of inquiry:
Whether they have knowledge of any actual, suspected, or alleged fraud.
Managements process for identifying, responding to, and monitoring the risks of fraud in the entity.
The nature, extent, and frequency of managements assessment of fraud risk and the results of those assessments.
Any specific risks of fraud that management has identified or that have been brought to its attention.
The classes of transactions, account balances, or disclosures for which a fraud risk is likely to exist.
Managements communications, if any, to:
Those charged with governance on its process for identifying and responding to fraud risks.
Employees on its views on business practices and ethical behavior.
The areas of inquiry required by AU-C 240 include managements processes and assessment methods, as well as knowledge
of identified risks or actual, suspected, or alleged fraud. Naturally, auditors give more weight to information about risks and
knowledge of fraud if management has effective processes and assessment methods. However, as AU-C 240.A20 notes,
management is often in the best position to perpetrate fraud. Thus, the responses of members of senior management
concerning the likelihood of perpetration of fraud by them are far less meaningful than responses with respect to perpetration
by lower levels within the entity.
301.19 Exhibit 3-4 presents a list of questions about fraud the auditor might consider asking management or the
owner/manager.
Exhibit 3-4
Inquiries about Fraud Risks for Management or the Owner/Manager
Recommended Areas of Inquiry Possible Questions
Their knowledge of any actual fraud or suspicions of
Are you aware of any actual instances of fraud
within the company?
Do you have any reason to suspect fraud may be
occurring within the company? If so, where and
how?
Have you seen any changes in employee
behavior?
Their awareness of any allegations of fraud or
suspected fraud affecting the company.
Have you received any communications from
employees, former employees, regulators, or
others alleging fraud?
Their understanding of the risks of fraud within the
company, including any specific fraud risks the
company has identified or account balances or
transaction classes that may be susceptible to
fraud.
Which types of transactions, account balances,
financial statement classifications, or company
locations are most at risk for intentional
misstatement or theft?
Have you identified any specific risks of fraud
within the company?
What incentives or pressures exist to commit
fraud?
What opportunities are available for fraud to be
carried out?
Are you aware of any attitudes (or potential
rationalizations) on the part of employees that
might enable them to justify fraud?
What would be the easiest way for someone to
misstate the financial statements or steal assets
without getting caught?
If someone were going to overstate or understate
net income, how would they do it?
If someone were going to steal and cover it up,
how would they do it?
Does the company use source documents that
could be easily accessed and forged?
How could false entries be made to the
accounting system?
What departures from GAAP are most common in
your industry? What departures from GAAP are
most likely at your company?
Where are the weaknesses in the companys
internal controls?
Which controls can be bypassed or overridden?
Are there instances where controls have been
bypassed or overridden in the past?
Have there been any identified frauds that have
Recommended Areas of Inquiry Possible Questions
been common in your industry?
Have there been any changes within the industry
or the business that have created or changed
risks of fraud?
How they communicate to employees the
importance of ethical behavior and appropriate
business practices.
What instructions do you give to employees
about how they are expected to behave when
conducting business?
How do you make it clear to employees that
fraudulent or unethical behavior will not be
tolerated?
Processes for identifying, responding to, and
monitoring risks of fraud, including programs and
controls the company has implemented to address
identified fraud risks or otherwise help prevent,
deter, and detect fraud and how those programs
and controls are monitored.
What measures have you taken to address
specific risks of fraud within the company?
What controls have been implemented to prevent
one person from perpetrating and concealing a
fraud when segregation of duties is not possible?
What procedures are in place for initiating,
approving, and processing nonroutine
transactions?
How have employees who suspect fraud been
told to communicate their suspicions?
Are there any other programs and controls in
place to help prevent, deter, or detect fraud?
How do you monitor the companys antifraud
programs and controls to make sure they are
working as intended?
The nature and extent of monitoring multiple
locations or business segments and whether any of
them have a higher level of fraud risk.
Do fraud risks exist or are they more likely to exist
in particular company locations?
How do you monitor the companys operating
locations to reduce the likelihood of fraud
occurring and going undetected?
Whether they have reported to those charged with
governance about the process for identifying and
responding to fraud risks, including how the entitys
internal control serves to prevent, deter, and detect
material misstatements due to fraud.
Have you reported to the board of directors or
audit committee about how the companys
internal control serves to prevent, deter, and
detect material misstatements due to fraud?
* * *
301.20 AU-C 240.21 requires the auditor to inquire directly of those charged with governance (or the audit committee, or at
least its chair) about their views of the risks of fraud and whether they have knowledge of any actual, suspected, or alleged
instances of fraud. In addition, where applicable, AU-C 240.20 requires the auditor to obtain an understanding of the audit
committees role in overseeing the companys fraud risk assessment and monitoring process. AU-C 240.19 also requires
inquiries of internal auditors if the company has an internal audit function. Suggested inquiries of internal auditors are
presented in ASB-CX-3.3.
1(27)
301.21 In addition to inquiries of management, those charged with governance, and internal auditors, the auditor should
direct inquiries to other employees to determine whether they are aware of fraud that is occurring or have suspicions of
fraudulent activity. Deciding which employees to make inquiries of and the extent of those inquiries is a matter of professional
judgment that depends primarily on whether the auditor believes those employees may provide information that is relevant to
identifying fraud risks. The auditor might ask the following questions:
Are you aware of any actual fraud within the company?
Do you have any reason to suspect fraud is occurring within the company? If so, where and how?
Do you have any reason to suspect your superior is committing fraud?
See Exhibit 3-5 for additional illustrative questions that might be appropriate for employees of different levels and
departments. AU-C 240.32 requires that the auditor make specific inquiries of individuals involved in the financial reporting
process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments. The
authors believe that these inquiries might be combined with inquiries such as those in Exhibit 3-5 during audit planning, but
that the inquiries need to be followed up later by inquiries that cover the period through the end of the closing process and
preparation of financial statements.
Exhibit 3-5
Possible Inquiries about Fraud Risk for Company Employees
Suggested Questions Direct Inquiries to
Do you know of anyone who is stealing from the company?
Do you suspect that anyone is stealing from the company?
Do you know of anyone in the company who is manipulating the
accounts or records?
How could someone steal from the company without getting caught?
If I were to do [Indicate potential fraud.] , how would I get caught?
How would you describe the companys (and/or managements)
values and ethics?
What is it like to work here? How is the overall morale?
Are you upset with the company for any reason? Do you know of
anyone who is?
Have you ever been asked to ignore or override a policy or procedure
that is part of your job? Who asked you?
Have you ever seen another employee circumventing company
policies, procedures, or controls? What explanation did they give?
Have you noticed any unusual changes in the behavior or lifestyle of
management or any other employees?
Do you know of any employees who are under pressure to make ends
meet financially?
How do you think this company compares with others in terms of the
honesty of its employees?
Do you think your co-workers are honest?
Has anyone you work with ever asked you to do anything you thought
was illegal or unethical? What would you do if someone asked you?
Have you ever been asked to enter false information in the
(sales/purchasing/inventory/personnel) system or records?
Has anyone you work with ever asked you to withhold information
from the auditors or alter documents or records?
Has the entity communicated how to report suspected fraud? If so,
would you feel comfortable in reporting suspected fraud in this
manner? Do you believe that reporting suspected fraud would not be
held against you by management or others?
Is there anything else you would like to add, or anyone else we might
talk to?
All employees selected
I have one last question. Have you yourself done anything against the
company that was illegal or unethical?
What factors (such as market competition or changes in technology)
may threaten the companys ability to stay in business or earn a
profit?
How would reporting improved financial results help the company?
What pressure is put on employees to achieve the companys
financial goals, and by whom?
Have there been any recent changes in sales policies or terms offered
to customers? Has a customer been offered terms at variance with
company policies and established terms?
Were any large or unusual sales agreements entered into at or near
the end of the year?
What types of customer complaints do you typically receive?
Sales and marketing
How is management and/or the board compensated?
Has management exerted any pressure upon you or others to
override, modify, or falsify compensation awards, agreements, or
plans without sufficient justification and approval for the situation?
How are financial targets used to determine employees pay or
benefits? For example, do bonuses depend on sales or reported
earnings?
Has there been any significant turnover in personnel? In what
departments?
Are there any recent or planned layoffs or changes in pay rates or
benefit plans that have or could upset the workforce?
Have recent bonuses, raises, and promotions met employee
expectations? Is there anything planned in those areas that could
cause resentment among employees?
Have employees complained about work conditions, management
demands or style, or other matters that could lead to pressures or
incentives to commit fraud?
Have employees been punished or terminated for whistle-blowing or
otherwise bringing unethical or fraudulent practices to the attention of
appropriate internal or external parties?
Human resources
How active is management in supervising the accounting
department?
Does management (including senior finance executives) demonstrate
an attitude of shoot the messenger when learning of unfavorable
financial results or incidents?
What are the weaknesses in the companys internal controls?
Do any of the companys accounting policies seem inappropriate or
overly aggressive?
Does management always tend to favor amounts that are on the high
(low) side when developing accounting estimates, such as estimated
liabilities and valuation accounts?
Does management often use materiality to justify questionable
accounting practices?
Does it ever seem like the method of accounting for a transaction is
more important than the transaction itself? Can you give me an
example?
Does the owner/manager run personal expenses through the
Accounting and finance
business?
What aspect of the companys performance is management most
concerned about?
Are there any changes in procedures or improvements in controls that
could easily be made, but management has chosen not to?
Have there been any unusual changes in the way transactions are
processed?
Are there any third parties that have expectations about (or a stake in)
the companys performance? What are their needs or expectations?
Have you ever been asked to record any journal entries that seemed
unusual or lacked support?
Have you ever been asked to make false entries in the accounting
records?
Has the companys relationship with particular suppliers significantly
changed (improved or deteriorated) in the past year?
What types of vendor complaints do you typically receive?
Do any vendors have a close or unusual relationship with
management?
Purchasing
Is there any inventory you have been told not to count?
Has there been any unusual movement of goods at or near year-end?
Have there been any unusual changes in the way customer shipments
are handled?
Are there any inventories that you suspect are unjustly overvalued or
no longer salable?
Have you been asked to falsify inventory count sheets or records?
Production and inventory
* * *
301.22 Making inquiries of employees outside the accounting department or those at varying levels of authority may be
useful in providing a different perspective about the risks of fraud. Their responses may corroborate responses received from
management or the owner/manager, or may provide information about the possibility of management override of controls. For
example, an employee may indicate there has been an unusual change in the way transactions are processed. Inquiries of
employees outside the accounting department may also provide information about the effectiveness of managements or the
owner/managers communication and support of the companys values or ethics throughout the company.
301.23 Because management or the owner/manager is often in the best position to perpetrate and conceal fraud, the need
for professional skepticism in making the auditors inquiries of management cannot be overemphasized. Generally, it is
necessary to corroborate responses, especially those of management or the owner/manager. Also, additional audit evidence
may be necessary to resolve any inconsistencies among responses.
301.24 Related Party Inquiries. Although many related party transactions occur in the ordinary course of business, some
related party relationships and transactions may give rise to higher risks of material misstatement than transactions with
unrelated parties. As a result, the auditor is required to make specific inquiries of management and others regarding related
parties.
301.25 AU-C 550.14 requires the auditor to inquire of management about the following:
Identity of related parties, including changes from the prior period.
Nature of related party relationships.
Whether there were any transactions with those related parties during the period and, if so, the transaction types and
purposes.
In addition, auditors are required by AU-C 550.15 to inquire of management and others within the entity and perform other risk
assessment procedures as needed to understand the controls over related party relationships and transactions. See section
305 for a discussion on obtaining an understanding of internal control.
301.26 Inquiries about Accounting Estimates. Because of the nature of accounting estimates, there can be a high degree
of estimation uncertainty. As a result, AU-C 540.08 states that the auditor should make inquiries of management about
whether any changes in circumstances have occurred that may give rise to new accounting estimates or the need to revise
existing estimates. AU-C 540.A18 indicates that inquiries of management about such changes may include matters such as
whether
The entity has entered into new types of transactions that may give rise to accounting estimates.
Transaction terms that affect accounting estimates have changed.
Accounting policies relating to accounting estimates have changed as a result of changes to GAAP.
Regulatory or other changes have occurred that may require the revision of existing accounting estimates or new
estimates to be made.
New conditions or events have occurred that may give rise to new or revised estimates.
301.27 Inquiries about Compliance with Laws and Regulations. AU-C 250.14 requires the auditor to inquire of
management and those charged with governance about whether the entity is in compliance with laws and regulations that
may have a material indirect effect on the financial statements and to inspect relevant correspondence with licensing and
regulatory authorities. The focus of the auditors inquiries is on laws and regulations that do not have a direct effect on the
determination of the amounts and disclosures in the financial statements. However, compliance with those laws and
regulations may be fundamental to the operating aspects of the entity, fundamental to an entitys ability to continue as a going
concern, or necessary for the entity to avoid material penalties. Examples include compliance with an entitys operating
license and with laws or regulations related to occupational safety and health, food and drug administrations, etc. The auditor
may also inquire about the entitys policies and procedures regarding compliance with laws and regulations (including the
prevention of noncompliance); the policies or procedures adopted for identifying, evaluating, and accounting for litigation
claims; and the use of directives and periodic representations obtained from management at appropriate levels of authority
concerning compliance with laws and regulations.
301.28 Inquiries Related to Service Organizations. AU-C 402.19 requires the auditor to inquire of management about
whether a service organization has reported to them, or whether they are otherwise aware of, any fraud, noncompliance with
laws and regulations, or uncorrected misstatements at the service organization that affect the financial statements of the user
entity. The auditor should evaluate how such matters, if any, affect the nature, timing, and extent of further audit procedures. If
the auditor needs additional information to perform this evaluation, it may be necessary to ask the user entity to contact the
service organization to obtain the necessary information.
301.29 Documentation. There are no specific documentation requirements for inquiries made as risk assessment
procedures, but AU-C 230 provides pertinent guidance. AU-C 230.09 states that in documenting the nature, timing, and extent
of audit procedures, the auditor should record the identifying characteristics of the items or matters tested. AU-C 230.A14
suggests that, for a procedure involving inquiries of entity personnel, the auditor records the inquiries made, the dates of
inquiries, and the names and job designations of the personnel.
301.30 Sections 302 and 303 discuss the practice aids that can be used by the auditor in documenting the understanding of
the entity and its environment and the risk assessment procedures performed. The Fraud Risk Inquiries Form (ASB-CX-3.3)
can be used to document the auditors inquiries of management and others about their knowledge of the risks of fraud and
compliance with laws and regulations. In addition, certain written representations regarding fraud are required. (See Chapter
18.)
Analytical Procedures
301.31 AU-C 315.06 specifies that risk assessment procedures should include analytical procedures, and AU-C 315.A7 notes
that analytical procedures performed as risk assessment procedures may encompass both financial and nonfinancial
information (for example, the relationship between sales and square footage of selling space or volume of goods sold). AU-C
315.A8.A9 explains that unusual or unexpected relationships identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud, but when analytical procedures use data aggregated at
a high level, the results provide only a broad initial indication about whether a material misstatement may exist.
301.32 Knowledge of the client and the industry or industries in which it operates is interrelated with the use of analytical
procedures in audit planning. Performing effective preliminary analytical procedures requires the auditor to understand the
entitys business and industry to know what relationships would be expected to exist, what relationships would be considered
unusual or unlikely, and what plausible explanations might exist for observed relationships. That knowledge is also important
in assessing the significance of differences from expected relationships. For that reason, the auditor generally needs an
understanding of the entitys industry and operations before performing preliminary analytical procedures. The auditors
knowledge and understanding of the client can also be improved by applying preliminary analytical procedures in audit
planning. The use of particular analytical procedures is not required. The sophistication, extent, and timing of analytical
procedures may vary widely, depending on the size and complexity of the client. Analytical procedures might include
reviewing changes in account balances from the prior to the current year using the general ledger or the auditors preliminary
or unadjusted working trial balance or analysis of ratios or trends related to profitability, liquidity, solvency, and activity
combined with inquiries of financial and operating management.
301.33 Other than the analytical procedures performed to comply with AU-C 240, as discussed beginning at paragraph
301.44, analytical procedures used in the planning stage only need to be designed to point out audit areas that may be
indicative of potential risks and, thus, need special emphasis. In the audit of a small nonpublic business, simple comparisons
and ratios are ordinarily effective, and the auditor normally need not make use of complex mathematical or statistical models.
Depending on the facts and circumstances, analytical procedures may be limited to comparing the major account balances
shown in the unadjusted general ledger with the financial statements for the prior year. For example, information acquired in
prior audits may enable the auditor to make preliminary judgments about the inherent and control risks for assertions about
material accounts and about the substantive procedures that would reduce detection risk to the desired low level. In that
situation, the auditor would compare the unadjusted balances for this year with the adjusted balances for last year to identify
assertions that may require altering the planned substantive procedures. If the client operates in a specialized industry, useful
industry statistics may also be available for comparison purposes or the auditor may be able to identify some comparable
entities. For larger or more complex entities, however, more sophisticated preliminary analytical procedures, such as ratio or
trend analysis, may be used.
301.34 If ratio analysis is used, the auditor focuses on a few key relationships that provide an improved understanding of the
financial statements and significant operating or financial changes. An efficient auditor avoids the temptation to compute
every possible ratio. For example, accounts receivable turnover (net sales average accounts receivable), days sales in
receivables (360 days accounts receivable turnover), and the ratio of accounts receivable to sales all provide information
on essentially the same relationship. Computing all of them and comparing the ratios to the prior year and current budget is
generally a waste of time. The auditors discussions with management may help identify the ratios and relationships that
management considers important in running the business.
301.35 When using interim financial information in the analytical review, the auditor needs to be aware of factors, such as
seasonal trends, that might be considered in making comparisons. For example, if the auditor is using information as of the
end of November and the clients business is highly seasonal with substantial activity in December, a straight annualization of
interim information will not provide a meaningful comparison. Sometimes, particular accounting methods may make
comparisons less meaningful. For example, if the client uses the LIFO inventory method, comparison of gross profit ratios
might be improved by restoring LIFO reserves before computing the ratio. The auditor also ought to be aware of the
possibility of events such as strikes or changes in production methods that influence comparability.
301.36 The auditor needs to avoid merely making mechanical computations and comparisons. The auditor ought to bring as
much creativity and insight to the review as possible. Auditors might consider tailoring the procedures to the individual client
by determining which trends, ratios, and relationships are most relevant given the industry and other relevant conditions.
301.37 In the audits of most small and midsize nonpublic businesses, the auditor normally has a sufficient understanding of
the client and its operations to judgmentally consider the expected relationships. A precise quantification of these
relationships is not necessary and is often not a cost-effective approach. No matter which financial relationships are selected
for comparison purposes, the analytical review ought to include a knowledgeable scanning of the financial information to
identify unusual changes and unexpected relationships that indicate specific areas of risk of material misstatement. For
example, a material amount of other income when the auditors inquiries have not identified any new sources of income raises
a risk of overstatement.
301.38 Using Analytical Procedures When Large Audit Adjustments Are Expected. Analytical procedures may not be
very useful in audit planning when several large audit adjustments are expected. In that case, auditors might consider limiting
the analytical procedures used for audit planning as follows:
a. Look at Major Fluctuations in Financial Statement Line Items or Large Account Balances. This procedure can identify
areas that may call for additional audit attention. For example, large increases in a notes payable account may mean
there are new loans. Also, the auditor may identify large other income accounts that need detail testing. Auditors can
concentrate on fluctuations in accounts that have not typically needed adjustments in the past.
b. Look at Changes in Bottom Line Numbers. Fluctuations in bottom line numbers such as net income, working capital,
and stockholders equity can identify unfavorable trends and going concern problems.
c. Look at Ratios That Are Not Expected to Change. Examine areas where major adjustments are not expected. For
example, if the auditor does not expect major adjustments to accounts receivable, then aging statistics and turnover
ratios can be calculated in the planning phase to help determine the nature and extent of testing of the allowance.
301.39 Auditors need to remember that analytical procedures ought to be used to understand important relationships in the
clients financial and nonfinancial data and not be simply a mechanical exercise. Also, as noted in paragraph 300.17, audit
planning is not confined to the start of the engagement. AU-C 300.A2 observes that planning is not a discrete phase of an
audit, but rather begins shortly after completion of the previous audit and continues until the completion of the current audit
engagement. So analytical procedures also can be used for planning during fieldwork.
301.40 The Value of Preliminary Analytical Procedures in Risk Identification. To be effective in identifying potential risks
of material misstatement, analytical procedures need to be designed to identify the absence of an expected relationship or the
presence of an unexpected relationship. For example, there is normally a predictable relationship among sales, accounts
receivable, and bad debt expense based on historical patterns of the business. Also, the auditor would expect the relationship
to change in predictable ways in response to known changes in volume, product mix, customer composition, and the local
economy. Therefore, a key element in the performance of preliminary analytical procedures for the purpose of identifying
potential risks of material misstatement is the auditors development of expectations about plausible relationships that are
reasonably expected to exist. The expectations serve as the benchmark when comparing recorded amounts or ratios to
determine unusual or unexpected changes or the absence of expected changes that might be the result of misstatements.
301.41 Unusual or unexpected relationships can be anything out of the ordinary. They are relationships, account balances,
or transaction amounts that do not make sense. They may include trends and relationships that are at odds with comparable
industry data. Ratios may be too unusual or too unrealistic to be believable even if the client appears to have a logical
explanation. Account balances and transaction amounts may be too large or small, too high or low, or result in too much or
too little of something. Exhibit 3-6 provides examples of unusual or unexpected relationships and possible risks that may
exist.
Exhibit 3-6
Unusual or Unexpected Relationships and Potential Risks
Unusual or Unexpected Relationships from
Preliminary Analytical Procedures Potential Risks
Unusual financial statement relationships:
Increased revenues with decreased inventories. Improper revenue recognition.
Theft of inventory.
Inventory valuation issues.
Physical inventory observation errors.
Decreased revenues with increased receivables. Uncollectible receivables.
Decreased compensation expense with
increased revenues.
Payroll accrual recognition issues.
Improper cost allocation issues.
Increased net income with decreased cash flows. Uncollectible receivables.
Going concern considerations.
Sales or expense cutoff issues.
Increased inventory with decreased purchases or
payables to vendors.
Inventory obsolescence.
Inventory valuation issues.
Increased payables with decreased inventory. Going concern considerations.
Payable defalcation schemes.
Physical inventory observation errors.
Theft of inventory.
Decreased fixed assets with increased rental
expense.
Issues in recording capital leases.
Unusual fluctuations or trends in account balances or
ratios:
Unusual increases in miscellaneous income. Issues in classifying revenues.
Improper recognition of deferred revenue
or customer deposits.
Unusual items of operating expense. Issues in expense classification.
Improper expensing of capital acquisitions.
Misappropriation of assets.
Reductions in bad debt expense. Issues in estimating of allowance for
doubtful accounts.
Increasing trend in debt to equity ratios. Loan covenant risks.
Going concern considerations.
* * *
301.42 Well-designed preliminary analytical procedures based on appropriate expectations of plausible relationships can by
very effective in identifying risks of material misstatement during the risk assessment stage of audit planning. However,
because preliminary analytical procedures are ideally performed early in the planning process, the analytical procedures use
information that is aggregated at a relatively high level (for example, recent interim financial statements or, if financial
statements are not available, a general ledger trial balance). Information aggregated at a relatively high level is appropriate at
this stage because the auditor is attempting to identify potential audit problems, not to reach a conclusion on the
reasonableness of a specific balance. (However, the same analytical procedures might be appropriate for both purposes, as
discussed in Chapter 5.) When analytical procedures use data aggregated at high level, as explained in paragraph 301.31,
AU-C 315.A9 notes that the results of those analytical procedures provide only broad initial indications about whether a
material misstatement may exist. Accordingly, auditors need to consider the results of preliminary analytical procedures along
with other information gathered in identifying the risks of material misstatement. As illustrated in Exhibit 3-6, the unusual or
unexpected relationships noted through the performance of preliminary analytical procedures may provide a broad initial
indication of potential risks. As a result, the auditor may determine that it is necessary to apply other risk assessment
procedures to more precisely determine and identify the risks of material misstatement of the financial statements.
301.43 In addition, although the preliminary analytical review serves broader purposes, the analytical procedures performed
may identify declining trends in operations or significantly reduced liquidity or solvency that raise the issue of whether the
client can continue as a going concern in the foreseeable future. If there is substantial doubt about the clients ability to
continue as a going concern, the auditor determines an appropriate audit response. Normally, the auditor obtains additional
information about management plans and other potential mitigating factors in the course of the audit. The auditor also
considers whether the potential going-concern problem creates an increased risk of management intentionally misstating the
financial statements. Chapter 18 discusses other considerations related to doubt about the clients ability to continue as a
going concern.
301.44 Analytical Procedures Related to Revenue. In addition to the requirement in AU-C 315 to perform analytical
procedures as part of risk assessment procedures, AU-C 240.22 requires that, to the extent they are not already included,
analytical procedures should include procedures related to revenue. Auditors perform preliminary analytical procedures
related to revenue to identify unusual or unexpected relationships that may indicate fraudulent financial reporting. Ordinarily,
comparison of current and prior-period account balances for revenue accounts are not sufficient to achieve that objective,
and other types of analytical procedures are used. For example, if sales volume exceeds production capacity, that indicates
fictitious sales might have been recorded. Similarly, an analysis of sales and sales returns by month during and after the end
of the reporting period could identify a variety of schemes to overstate revenue. Excessive sales returns indicate the potential
for undisclosed side agreements or shipping unordered goods. Other analytical procedures that may be useful in identifying
unusual or unexpected relationships related to revenue include the following:
Analysis of Relationships between Financial and Nonfinancial Amounts. When comparing financial and nonfinancial
amounts, it may be most effective to use a base that (1) would be expected to have a reasonable relationship to
revenue and (2) could not easily be manipulated by management or the owner/manager. For example, auditors may
compare sales volume, as determined from recorded revenue amounts, with production capacity. Production
capacity is an amount that is not easily manipulated. Sales volume in excess of production capacity may indicate the
recording of fictitious sales.
Trend Analysis. Auditors may analyze trends in the components of revenue accounts or transaction types. It may be
helpful to look at several trends or relationships to identify inconsistencies or unusual patterns. For example, a trend
analysis of revenue accounts by month and sales returns by month during and shortly after the reporting period may
indicate that revenue is being recognized, even though side agreements have been entered into granting customers
the right to return products.
Ratio Analysis. Ratio analysis is the analysis of relationships between financial statement items by computing the
ratio of one financial statement amount to another. The ratio may be compared to the same ratio for a prior period
(or several prior periods) to identify unusual or significant variations. For example, it may be possible to compare
cost amounts, such as materials cost, to sales amounts to detect improper revenue recognition. A recorded amount
of materials cost of sales (units or dollars) that is significantly lower than the amount needed to produce the
recorded units or dollars of revenue might indicate overreporting of revenue. Ratios that use information
management generally is unable to manipulate, such as cash flows, may be most effective in revealing indications of
fraudulent financial reporting.
Budgetary Comparison. Comparison of actual amounts with budgets may also indicate unusual variations. For
example, revenue might significantly exceed budget because of improper revenue recognition.
As indicated in AU-C 240.34, the analytical procedures related to revenue should be updated in the final review stage of the
audit. (See Chapter 18.)
301.45 Documentation. Documentation of preliminary analytical procedures can be limited, but it needs to be sufficient to
provide support for the auditors risk assessment. The results of the preliminary analytical review ordinarily are documented
using a narrative memorandum, comparative carryforward schedule, or other form of workpaper. Documentation may also
include the effect on the audit plan or indicate that the results have been considered when identifying fraud risks. Using the
PPC audit approach, any risks of material misstatement identified from the preliminary analytical review are carried forward to
the Risk Assessment Summary Form at ASB-CX-7.1 (see Chapter 4).
Observation and Inspection
301.46 According to AU-C 315.06, risk assessment procedures should include observation and inspection. There are a
number of ways to use observation and inspection when assessing risk. When obtaining an understanding of the entity and its
environment, observation or inspection might be the key procedure that enables the auditor to fully obtain pertinent
information and identify related risks. For example, in order to gain an understanding of the clients financing arrangements
and underlying covenants, the auditor might decide to review the clients loan agreements and other related documents. That
procedure, coupled with a review of the clients financial statements, might be the key procedure that helps the auditor
identify risks related to potential noncompliance with loan covenants.
301.47 More frequently, observation and inspection are used to corroborate or follow-up on the results of inquires made of
management and others. For example, when evaluating the design and implementation of the entitys system of internal
control, members of management might tell the auditor that they communicate the importance of ethical values to employees
through a written code of conduct and by example. The auditor might wish to corroborate this response by examining the
written code. In addition, the auditor may determine that a risk exists based on observation of managements current and past
interactions with employees that contradict the behavior standards in the written code.
301.48 Other than the requirement to perform some observation and inspection procedures related to internal control,
however, determining when to use observation and inspection, as opposed to other risk assessment procedures, is generally
a matter that is left to the auditors judgment. Ordinarily, the authors believe that observation and inspection procedures are
effective in the following situations when obtaining an understanding of the entity:
To understand the design of controls related to the audit.
To verify that controls have been implemented, for example, as part of a walkthrough.
When responses to inquiries indicate a potential risk for a significant account.
When responses to inquiries are inconclusive, conflicting, or prove to be incorrect.
In combination with inquiry to fully understand a matter.
When necessary information can only or best be obtained through observation or inspection (for example,
understanding the clients production processes might best be done through observation.)
When the evidence gathered through observation and inspection can also be used for a substantive procedure.
In recurring engagements, to determine whether changes have occurred that affect the continued relevance of the
information gathered in a prior period. (See the discussion in paragraph 301.9.)
301.49 Examples of how and when observation and inspection procedures might be used to identify risks are included in
Exhibit 3-7.
Exhibit 3-7
Using Observation and Inspection Procedures in Risk Assessment
Example of When Used and Example of How a Potential Risk
Using Observation and Inspection Procedures in Risk Assessment
Audit Procedure
Example of When Used and
Procedure Performed
Example of How a Potential Risk
Is Identified
Observation of entity
activities and operations.
Understanding the nature
of the clients products or
services.
Observe clients
products and the
production process.
Auditor observes a significant
amount of returned product
during the inventory
observation, which indicates
increased risk related to
warranty obligations.
Inspection of business plans
and strategies, internal
control manuals, and similar
documents and records.
Understanding the clients
objectives and strategies
and related business risks.
Review the most
recent business plan.
The plan reveals a shift in
marketing and sales strategy
during the year to concentrate
on one industry dominated by
three competitors, which
indicates increased risk
related to unrecognized sales
discounts and rebates.
Reading directors meeting
minutes.
Understanding the
participation of those
Read minutes of the
board of directors
during the year.
Minutes indicate that the
board rubber-stamps all of
managements decisions and,
therefore, is deemed to be
ineffective, which indicates
overall risk due to
weaknesses in the control
environment.
Visits to the entitys
premises and plant facilities.
Understanding the nature
of the clients operations.
Tour clients key
operating facilities.
During the tour of clients
production facilities, the
auditor observes significant
damage to uninsured
machinery and equipment
due to a recent storm, which
indicates an increased risk of
impairment.
Walkthroughs (tracing
transactions through the
information system to
confirm the auditors
understanding of design
and determine that
procedures and controls
have been implemented).
financial reporting system,
including its design and
implementation pertaining
to the billing cycle.
Select a shipped
transaction and trace
it through the billing
system.
During the billing cycle
walkthrough, the auditor
determines that control
procedures to follow-up on
unbilled transactions have not
been implemented, which
indicates an increased risk of
unrecorded revenues and
receivables.
Review of information from
external sources.
industry, regulatory
environment, and financial
performance.
Review one or more
of the following: (a)
analyst, bank, or
rating agency reports
on the entity or its
industry, (b) trade or
economic journals, or
A review of the trade journals
indicates that one of the
clients key products will soon
be outdated due to the recent
introduction of a
technologically superior
product by a competitor,
which indicates an increased
risk of improper inventory
valuation.
Audit Procedure
Example of When Used and
Procedure Performed
Example of How a Potential Risk
Is Identified
(c) regulatory or
financial publications.
* * *
301.50 Documentation. As noted in paragraph 301.29, AU-C 230.09 requires that in documenting the nature, timing, and
extent of audit procedures, the auditor should record the identifying characteristics of the specific items or matters tested.
AU-C 230.A14 provides examples of how this might be accomplished. Based on that guidance, the authors recommend
documenting the following:
For an inspection of documents, identify the item inspected, for example, by indicating the title and date of the report
or the document name and number. (To facilitate inquiring about or requesting copies of the report or document at a
later time, the authors recommend referring to the report or document by the same name that the client uses to refer
to it.)
For an observation procedure, document the process or subject matter observed, individuals involved and their
titles, and where and when the observation was carried out.
Discussion among the Engagement Team
301.51 AU-C 315.11 requires the key members of the audit team (including the engagement partner) to discuss the
susceptibility of the entitys financial statements to material misstatements and the application of GAAP to the entitys facts
and circumstances. AU-C 240.15 requires an open exchange of ideas, or brainstorming among audit team members about
how and where they believe the entitys financial statements might be susceptible to material misstatement due to fraud, how
management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be
misappropriated. These discussions can be held concurrently, that is, one meeting can cover the susceptibility of the financial
statements to material misstatements from both error and fraud. However, it is important that the auditor consider the
susceptibility to fraud as distinct part of this combined discussion to avoid the potential dilution of this critical consideration.
(The consideration of fraud is also discussed in section 307.)
301.52 AU-C 315.A14 indicates that, in performing the engagement team discussion:
More experienced team members (including the partner) can share their insights about the entity.
Team members exchange information about the entitys business risks and how and where the financial statements
might be susceptible to error or fraud.
Team members gain a better understanding of the potential risk areas assigned to them and how their work may
affect other audit areas.
Team members have a basis upon which to communicate and share new information obtained throughout the audit
that may affect risk assessment or audit procedures performed.
301.53 The focus of the audit team discussion ought to be on the individual members gaining a better understanding of the
potential for material misstatements resulting from error or fraud in the specific areas assigned to them, and understanding
how the results of audit procedures they perform affect other aspects of the audit. In this discussion, the partner and more
experienced members of the audit team can share their insights based on their cumulative knowledge of the entity, its
industry, and its environment. It is not always necessary or practical for the engagement team discussion to include all
members in a single discussion, and not all members need to be informed of all decisions made. AU-C 315.11 states that the
engagement partner and key engagement members should take part in the team discussion. In addition, the engagement
partner should determine what matters are to be communicated to team members who are not involved in the team
discussion.
301.54 Matters to be Discussed. The engagement team discussion is aimed at the susceptibility of the financial statements
to material misstatement (including the application of GAAP), that is, the areas of vulnerability. The discussion is one of the
sources of information used to assess the risks of material misstatement. Thus, the discussion ought to open the minds of
members of the audit team to potential material misstatements from error and, particularly, from fraud. Any high risk areas
that have already been identified, however, also need to be communicated to the team members.
301.55 The following matters are specifically required to be discussed during the engagement team discussion:
The susceptibility of the entitys financial statements to material misstatement.
The application of GAAP to the entitys facts and circumstances.
The susceptibility of the financial statements to material misstatement due to fraud or error that could result from the
entitys related party relationships and transactions (see further discussion beginning at paragraph 301.59).
Fraud-related matters (see further discussion beginning at paragraph 301.60).
In addition, focusing on the areas of vulnerability, the engagement team discussion might include the following topics:
a. Critical issues and areas of significant audit risk.
b. Areas susceptible to management override of controls.
c. Unusual accounting practices used by the client.
d. Important control systems.
e. Materiality levels and how materiality will be used to determine the extent of testing.
f. The need to exercise professional skepticism throughout the engagement, to be alert for information or other
conditions that indicate that a material misstatement due to fraud or error may have occurred, and to be rigorous in
following up on such indications.
301.56 The authors believe the discussion also needs to address how the business risks facing the client could result in a
material misstatement of the financial statements, focusing especially on changes from the prior year and new developments.
For example, assume the client is in the business of providing advertising and related services to real estate brokers. During
preliminary planning discussions with the client, the in-charge auditor learns that because the local real estate market has
been very depressed during the year, many of the clients customers are experiencing severe financial difficulties. During the
discussion, the audit team can focus on how that knowledge of the clients business risk would affect audit procedures by
identifying the accounts that would be affected and the nature of procedures that could be performed to address the risks.
Considering business risks enhances the auditors ability to identify risks of material misstatement. However, the auditor need
not identify or assess all business risks facing the client. Although most business risks will eventually have financial
consequences that affect the financial statements, not all business risks give rise to risks of material misstatement. (Obtaining
an understanding of the entitys objectives, strategies, and related business risks is discussed further beginning at paragraph
302.25.)
301.57 Examples of other factors the engagement team might discuss that affect the likelihood of material misstatements
caused by error include the following:
Past experience with the client.
Changes in the clients organization (for example, changes in personnel or accounting systems).
The nature and complexity of transactions.
Known accounting and auditing issues.
301.58 In addition to discussing important control systems (see paragraph 301.54), it may be appropriate to discuss potential
risks that may exist due to limitations in the clients personnel and assignment of responsibilities. For some smaller entities,
the engagement team might consider issues regarding the background and competence of individuals in key processing and
financial decision-making roles especially if concerns had been noted in previous audits.
301.59 Related Parties. AU-C 550.13 specifically requires auditors, as part of the engagement team discussion, to consider
how related party relationships and transactions could affect the susceptibility of the financial statements to material
misstatement. AU-C 550.A7.A8 indicates that the team discussion might include the following related party matters:
Nature and extent of the entitys relationships and transactions with related parties.
Importance of maintaining professional skepticism regarding related parties throughout the audit.
Circumstances or conditions that may indicate the existence of unidentified related party relationships or
transactions.
Types of records or documents that might indicate the existence of related party relationships or transactions.
Importance that management and those charged with governance attach to the identification of, accounting for, and
disclosure of related party relationships and transactions and the related risk of management override.
How related parties might be involved in fraud (see beginning at paragraph 301.24).
301.60 Fraud-related Matters. AU-C 240.15 indicates that the discussion should also include the following fraud-related
matters:
How and where the entitys financial statements (for example, which accounts or transaction classes) might be
susceptible to material misstatement due to fraud.
How management could perpetrate and conceal fraudulent financial reporting.
How the entitys assets could be stolen.
External and internal factors that might create incentives/pressures, provide opportunities, or enable rationalization
of fraud.
Risk of management override of controls.
Circumstances that might be indicative of earnings management or manipulation of other financial measures.
Practices management might use to manage earnings or other financial measures.
Importance of maintaining professional skepticism regarding potential for material misstatement due to fraud.
How the auditor might respond to susceptibility to material misstatement due to fraud.
301.61 The fraud aspect of the discussion ought to give appropriate consideration to financial statement misstatement from
both fraudulent financial reporting (i.e., cooking the books) and stealing. A key consideration when assessing fraud risk is
what motivations may exist for management to intentionally misstate the financial statements or what controls may be lacking
that could result in theft. By identifying the motives and opportunities for fraud, the auditor can assess the direction of the risk.
For example, if the auditor identifies an unusual motivation for management to maximize earnings and show a consistent
growth trend because the entity intends to offer shares to the public in the near future, the auditor may determine that the risk
is overstatement of assets and earnings.
301.62 As noted in paragraph 301.60, AU-C 240.15 requires that the discussion also include the appropriate audit response
to the areas identified as susceptible to material misstatement due to error or fraud. For example, the auditor might identify the
accounts that would be affected and the nature of procedures that could be performed to address the risks.
301.63 The discussion should include an open exchange of ideas (that is, as mentioned in paragraph 301.51, brainstorming).
AU-C 240.15 indicates that participants should set aside their beliefs that management and others are honest and have
integrity and maintain an attitude of professional skepticism throughout the discussion. (See paragraph 307.15.) AU-C 315
and AU-C 240 refer to a discussion; therefore, one-sided communication, such as a memo from the engagement partner, is
not appropriate. (However, when the entire engagement is performed by a single auditor, the auditor might simply consider
and document the susceptibility of the entitys financial statements to material misstatements.) The medium for discussion (for
example, a meeting or a conference call) ought to encourage interaction and an appropriate exchange of ideas. AU-C 240.15
indicates that communication about the risks of material misstatement is not limited to that discussion, but should occur
throughout the audit.
301.64 AU-C 240.12 indicates that, in accordance with AU-C 200, the auditor should maintain professional skepticism
throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the
auditors past experience of the honesty and integrity of the entitys management and those charged with governance. AU-C
200.14 defines professional skepticism as an attitude that includes a questioning mind, being alert to conditions that may
indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence. Thus, auditors ought to
actively consider how management could perpetrate and conceal fraudulent financial reporting. For example, auditors may
use what if scenarios that focus on the financial statement areas vulnerable to fraud with the presumption that management
or employees are inclined (either because of incentives/pressures or attitudes/rationalizations) to perpetrate fraud. According
to AU-C 200.A26, the auditors belief that management and those charged with governance are honest and have integrity
does not mean that the auditor is allowed to be satisfied with less than persuasive audit evidence.
301.65 Exhibit 3-8 represents a list of sample questions that might be considered during the engagement team discussion.
Exhibit 3-8
Sample Questions for Engagement Team Discussion
General questions relating to risks of material misstatement:
What key changes are you aware of that have occurred at the client regarding their:
Organization or structure?
Related parties?
Products and services?
Customers and market?
General economic environment?
Regulatory or legal requirements?
Assets, liabilities, or expenses?
Accounting, executive, or other critical personnel?
Accounting systems and controls?
Accounting policies or accounting estimates?
Are there any areas in the most recent financial statements that appear unusual or unexpected based on our
preliminary review?
Based on discussions since our previous engagement, have client personnel raised any concerns or issues about
the following:
Accounting policies and their application or accounting estimates?
Application of internal controls or any known deficiencies?
Accounting systems or documentation?
Business risks?
Other matters that may increase audit risk?
Are there any indications of problems in the control environment?
Are there any known internal control deficiencies that would allow material errors to occur and remain undetected?
Are any of the clients accounting policies unusual, poorly defined in GAAP, or otherwise inappropriate considering
the conditions and circumstances?
Where did the client have issues in the prior audit in applying or interpreting GAAP? What were the issues and are
they likely to be present during the current audit?
Are there any new accounting pronouncements or other GAAP requirements that will be applied for the first time this
year? If so, will any require significant accounting estimates?
Do you have any concerns about the competency of accounting personnel?
For each significant account balance, transaction class, or disclosure, what do you consider to be the significant risks
of material misstatement? Why?
What significant risks did we identify in the prior audit?
What were the known and likely audit differences in our previous audit? Are we likely to encounter similar issues in
the current audit?
What audit issues did we encounter in the prior audit? Are they likely to be present during the current audit?
Questions specifically directed to the risk of fraud:
Why does the company have an audit? What possible motives or fraud schemes does this suggest?
Who are the financial statement users and how do they use the financial statements? Which aspects of the financial
statements are most likely to influence the users?
Are there any known pressures that would motivate management to fraudulently misstate the financial statements?
Which accounts or transaction classes are most susceptible to manipulation?
Are there any known internal control weaknesses that would allow fraudulent financial reporting to occur and remain
undetected?
How would you fraudulently misstate the financial statements at this client?
How would you conceal fraudulent financial reporting at this client?
Which individuals in the company have the opportunity to steal assets?
Are there any known pressures that would motivate employees with opportunity to steal assets?
Which assets of the company are susceptible to theft, either through physical access or unauthorized transactions?
Are there any known internal control weaknesses that would allow theft of assets to occur and remain undetected?
How would you steal assets from this company?
How could financial statement accounts be materially misstated by stealing assets?
How would you conceal theft of assets at this client?
How could related parties be involved in committing fraud?
What factors might indicate that the company has a culture or environment that would enable management or
employees to rationalize committing fraud?
Have you observed any attitudes, behaviors, or lifestyle changes that may indicate the presence of fraud?
Who in the company is authorized or in a position to override controls? Which controls would you override if you
were in their position?
* * *
301.66 Impact on Significant Audit Areas. After discussing the risks that could result in a material misstatement of the
financial statements and determining how those risks affect specific audit areas, the authors recommend that the engagement
team then discuss each significant audit area. The team ought to focus on the real risks affecting each area and determine the
most effective and efficient audit procedures that address those risks. Members of the audit team need to avoid relying on
what procedures were performed during the prior year audit when discussing what procedures to perform in the current year.
In fact, it may be best to ignore the prior year workpapers when initially discussing each significant area. That way, the audit
team starts with a clean slate when developing the audit approach and avoids the temptation to just rely on what we did last
year. The result is usually a more effective and efficient audit approach. However, after the team has discussed each
significant area, the prior year workpapers can be reviewed to make sure there are not any issues that were overlooked.
301.67 Who Attends the Discussion? As discussed in paragraph 301.53, key members of the engagement team need to
participate in a single discussion, and the engagement partner determines what matters will be communicated to other team
members. In addition, it may be appropriate to include specialists, such as IT specialists, assigned to the engagement team.
Executive level team members generally are aware of significant accounting and auditing issues that could affect the audit,
while staff members or specialists may be more familiar with the clients accounting systems and controls. Both perspectives
are important in considering the susceptibility of the financial statement to material misstatements from error or fraud. The
authors recommend that all members of the engagement team, including specialists with an ongoing role in the engagement,
participate in the discussion.
301.68 When Does the Discussion Occur? Before holding the discussion with the engagement team the authors
recommend that the engagement partner have preliminary planning discussions with the client. Issues to discuss with the
client include the services to be provided, scheduling, and other administrative matters. In addition, the auditor can discuss
the clients business environment (particularly changes from the prior year), the clients view of the business risks that the
client is addressing, and other specific issues facing the client. The auditor can also obtain additional information to be used
in the planning process prior to meeting with the engagement team. Specific information to obtain includes the following:
a. Interim financial information.
b. Client budgets and any related operating and strategic planning documents.
c. Minutes of board of directors meetings.
d. Copies of new debt or other significant agreements or contracts.
e. Significant internal audit reports.
Also, if an engagement summary memo was prepared for the prior year audit, it can be reviewed before the engagement
team discussion to identify risk areas identified in the prior audit.
301.69 Within the context of AU-C 240 and AU-C 315, it is clear that the discussion among the engagement team is expected
to occur during the performance of risk assessment procedures as part of audit planning, but the exact timing is not specified.
The authors recommend holding the discussion prior to performing the information-gathering procedures discussed in
section 302. The authors believe it is important to set the proper tone of professional skepticism and to inform less
experienced staff members about the risks of material misstatement before performing those procedures. However, nothing
prevents the firm from holding discussions both before and during the information-gathering process. These decisions are
normally made by the engagement partner, and firms exercise professional judgment to determine what works best in their
particular audit process. In any case, engagement team members communicate and share information obtained throughout
the audit about the risks of material misstatement due to error or fraud.
301.70 Other Matters That May Be Discussed. While not a requirement of AU-C 240 or AU-C 315, the auditor might also
use the engagement team discussion as an opportunity to consider other planning matters related to the audit. Those items
could include, but are not to limited to, the following:
a. Critical dates and other timing considerations.
b. Engagement budgets.
c. Key client contacts for assigned areas.
d. Other engagement administrative matters.
e. Other services that will be provided.
301.71 AU-C 220.17 requires the engagement partner to take responsibility for the direction, supervision, and performance of
the audit engagement, while AU-C 220.A12 further clarifies that direction of the engagement team involves informing team
members of certain matters. The engagement partner typically informs the engagement team of matters such as the
following:
Their responsibilities, including complying with relevant ethical requirements and applying professional skepticism
when planning and performing the audit.
If more than partner is involved with the engagement, each of their responsibilities.
Objectives of the work to be performed.
Nature of the entitys business.
Risk-related issues.
Problems that could arise.
Detailed audit approach to performing the engagement.
301.72 The engagement team discussion also provides an opportunity for the partner to remind the audit team members of
the audit documentation requirements of AU-C 230. Among the matters that might be covered are the following:
a. Inclusion of abstracts or copies of significant contracts or agreements examined to evaluate the accounting for
significant transactions.
b. Identification of items tested in tests of operating effectiveness of controls. (See Chapter 6.)
c. Identification of documents inspected or items confirmed in substantive tests of details. (See Chapter 5.)
d. Documentation relating to substantive analytical procedures. (See Chapter 5.)
e. Documentation relating to consideration of the entitys ability to continue as a going concern. (The Going Concern
Checklist at ASB-CX-16.1 provides for the documentation.)
f. Documentation of the nature and effect of aggregated misstatements and the conclusion as to whether they cause
material misstatement of the financial statements. (The Audit Difference Evaluation Form at ASB-CX-12.2 provides
for the documentation.)
g. Documentation of who performed and reviewed the audit work and the date the work was performed and reviewed.
(See Chapter 18.)
Before the partner reminds the engagement team of the various audit documentation requirements, he or she may wish to
refer to Appendix 8A, Audit Documentation Requirements, which provides a useful summary of such requirements.
301.73 Documentation. AU-C 315.33 requires that the following items be documented regarding the discussion among the
audit team:
How and when the discussion occurred.
Participating audit team members.
Significant decisions reached concerning planned responses at the financial statement and relevant assertion levels.
As explained in paragraph 307.22, AU-C 240 imposes similar documentation requirements related to fraud aspects of the
discussion. ASB-CX-3.2, Engagement Team Discussion, can be used to document the discussion among the engagement
team regarding the susceptibility of the financial statements to material misstatement due to error or fraud.
Other Sources of Information for Identifying Risks of Material Misstatement
301.74 In addition to the risk assessment procedures discussed previously, the auditor considers other sources of
information as follows:
a. As discussed in Chapter 2, AU-C 315.07 states that the auditor should consider whether information obtained from
the client acceptance or continuance process is relevant to identifying risks of material misstatement.
b. AU-C 315.08 indicates that if the engagement partner has performed other engagements for the entity, he or she
should consider whether information obtained is relevant to identifying risks of material misstatement.
The authors believe that it would be worthwhile to consider whether any engagements performed for the entity, no matter who
the engagement partner was, could provide information relevant to identifying risks of material misstatement.
302 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
Introduction
302.1 The auditor, according to AU-C 315.05, should perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial statement and relevant assertion level. AU-C
315.03 explains that the objective of the auditor is to make this assessment through understanding the entity and its
environment, including the entitys internal control, thereby providing a basis for designing and implementing responses to
the assessed risks. Exhibit 3-1 identifies the requirements relevant to obtaining an understanding of the entity and its
environment. The auditors focus in obtaining the understanding is on attaining a knowledge level sufficient to identify the
risks of material misstatement of the financial statements and to design the nature, timing and extent of further audit
procedures. However, the understanding is a purpose-driven audit focus and not a general knowledge level that might be
appropriate for some other purpose such as managing the entity.
302.2 Obtaining a solid in-depth understanding of the clients business and how it operates is fundamental to both audit
efficiency and effectiveness. Understanding the business is the key to knowing what the risks are and where to look to see if
the risks have resulted in a material misstatement of the financial statements. Understanding the clients business includes not
only understanding the risks the client faces in doing business, but ideally, understanding what managements response is to
those risks, and, consequently, what residual risk of material misstatement of the financial statements remains. The auditors
process in obtaining this understanding is focused on those matters that could cause material misstatements in the financial
statements, including potential going-concern problems, fraud risk factors, undisclosed related-party transactions, illegal acts,
or uncertainties.
302.3 The auditors understanding of the entity also assists in:
Establishing planning materiality and evaluating whether such judgments remain appropriate throughout the audit.
Evaluating whether certain observed conditions, such as unusual or unexpected relationships from preliminary
analytical procedures, do not make business sense and indicate possible risk considerations.
Considering fraud risk factors, for example, the existence of significant or complex related-party transactions.
Knowledge of the entitys competitors, customers, and suppliers might help the auditor consider possible
collaborators in certain types of frauds, such as kickback schemes. Knowledge of key personnel might help the
auditor identify employees who could provide relevant information in response to fraud risk inquiries.
Evaluating the appropriateness and sufficiency of audit evidence.
302.4 The audit personnel working on the engagement need to sufficiently understand the clients business and industry to
effectively analyze the risks and plan and perform an efficient and effective audit in response to those risks. The level of
understanding that is attainable by individual members of the audit team will vary with the experience, training, and assigned
engagement duties of the personnel, but the partner and manager need to spend sufficient time in audit team meetings or
on-the-job supervision to convey to the assigned staff the insight needed for effective performance of the audit.
302.5 The process of understanding the clients business and industry is continual. For a new engagement, a basic level of
knowledge is needed to begin preliminary planning. However, a significant amount of knowledge is gained during the audit.
Also, something changes each year. There are always important new developments with the client and within the industry. For
this reason, it is advisable for each member of the audit team to continually try to improve client and industry knowledge by
such measures as reading industry publications, taking self-study courses, and above all, talking to client personnel,
including operating personnel outside the accounting department.
302.6 In a continuing engagement, the auditor updates knowledge of the entity and its environment focusing on identifying
changes from the prior year in internal or external conditions that might be of audit significance and affect the clients
business risk or the auditors assessment of audit risk. (The discussion beginning at paragraph 301.7 addresses the auditors
use of the results of risk assessment procedures performed in prior periods.)
Components of the Understanding
302.7 AU-C 315.12 indicates that the auditors understanding of the entity and its environment consists of an understanding
of the following items:
a. Industry, regulatory, and other external factors.
b. Nature of the entity.
c. Objectives, strategies, and related business risks.
d. Measurement and review of the entitys financial performance.
e. Selection and application of accounting policies.
f. Internal control.
302.8 In addition, consideration of fraud risk factors is an important objective of performing risk assessment procedures.
Although considering the presence of fraud risk factors occurs simultaneously with obtaining information about the entity and
its environment, it merits separate and focused attention (see paragraph 302.47). All components of the understanding,
except for internal control, are discussed in this section. Internal control is discussed in section 303.
302.9 Documentation. In addition to the documentation of the discussion among the engagement team explained in
paragraph 301.73, AU-C 315.33 indicates that the auditor should include the following in the audit documentation:
Key elements of the understanding obtained regarding each of the aspects of the entity and its environment.
The sources of information from which the understanding was obtained.
The risk assessment procedures performed.
302.10 The practice aid, Understanding the Entity and Identifying Risks at ASB-CX-3.1, can be used to document the
auditors understanding of the items in paragraph 302.7, with the exception of internal control. Risks that are identified
throughout the process of obtaining the understanding, including the auditors consideration of fraud risks factors, can be
documented on that practice aid or ASB-CX-7.1, Risk Assessment Summary Form. (ASB-CX-6.1, Entity Risk Factors, and
ASB-CX-6.2, Fraud Risk Factors, provide lists of risk factors to consider when identifying financial statement risks. However,
the risk factors listed are only examples and may serve as memory joggers to spark the auditors consideration of additional
or different risks relevant to the client.) Sections 303, 304, and 305 discuss the understanding of internal control and the
related documentation requirements and practice aids that can be used to meet those requirements.
302.11 Purpose of This Section. The following paragraphs provide a detailed discussion of each of the aspects of the entity
and its environment that the auditor is required to understand, procedures the auditor may perform to gain that
understanding, and the types of risks the auditor may identify throughout that process.
Industry, Regulatory, and Other External Factors
302.12 AU-C 315.12 indicates that the auditor should obtain an understanding of industry, regulatory, and other external
factors relevant to the audit. The objective of the auditors understanding is to evaluate whether the entity is subject to specific
risks of material misstatement arising from the nature of the industry, the degree of regulation, or other external forces, such
as political, economic, social, technological, or competitive forces.
302.13 AU-C 315.A20 indicates that the auditor might consider factors such as the following when obtaining an
understanding of industry, regulatory, or other external factors:
a. Industry conditions, including market and competition, cyclical or seasonal activity, product technology, and
availability and cost of materials and supplies.
b. Regulatory environment, including relevant legislation and regulation, environmental requirements, specific
regulatory requirements, direct supervisory activities, and taxation.
c. Government policies, including monetary, fiscal, financial incentives, and tariffs or trade restrictions.
d. Other external factors, including the general level of economic activity, interest rates, availability of credit, and
inflation.
302.14 The Economic Environment. Financial and economic instability may affect the entitys operations, risks, and
financial reporting. This in turn may affect the auditors responsibilities in providing auditing services. The AICPA issued an
Audit Risk Alert, General Accounting and Auditing Developments2011/12, to help identify and respond to accounting and
auditing issues related to the economic environment. That AICPA Risk Alert replaces the 2010/11 alert of the same name.
302.15 In general, economic instability may create additional audit risks, including risks related to conditions that indicate an
entity may not be able to continue as a going concern for a reasonable period of time. When the economy is unstable,
auditors ought to carefully consider the implications on their clients and the appropriate audit responses that may be
necessary. The AICPA Alert emphasizes how important it is for the auditor to understand the meaning of audit risk given
economic conditions. Furthermore, due to the rapidly changing economic and regulatory environment, the Alert underscores
the importance of thoroughly understanding the entity and its environment when assessing the risks of material misstatement.
Changes in the economy and regulatory environment often complicate the auditors responsibility related to obtaining that
understanding. For example, changed conditions may require the auditor to reconsider his or her understanding about how
the economic environment affects the entity, reassess audit risks, and modify planned audit procedures as the audit
progresses.
302.16 The AICPA Risk Alert also addresses the following topics that may assist auditors when addressing risks and
considering the impact of the economic climate on their audit clients:
Economic, legislative, and regulatory developments (including the Dodd-Frank reforms).
Accounting, auditing, and attestation issues and developments.
Recent accounting, audit and attest, independence, and ethics pronouncements.
The status of outstanding accounting, auditing, and attest projects.
Various resources auditors may find beneficial.
302.17 The Regulatory Environment. AU-C 250.12 states that when obtaining an understanding of the entity and its
environment, the auditor should obtain a general understanding of the laws and regulations to which an entity is subject, the
industry or sector in which the entity operates, and how the entity complies with laws and regulations. The auditor may
consider knowledge of any history of noncompliance. Consideration of laws and regulations is discussed further in section
308.
302.18 Possible Risk Assessment Procedures and Factors to Consider. The authors believe, in most situations, auditors
will initially gather information and identify risks related to industry, regulatory, and other external factors through inquiry
procedures. Many of the matters to be addressed are best approached through inquiry of appropriate client management and
other employees. The auditor may need to expand inquiries based on the clients responses to more fully understand the area
and follow up on information that may be indicative of a potential risk. Factors to consider to develop inquiries and identify
risks related to industry, regulatory, and other external factors are presented in ASB-CX-6.1, Entity Risk Factors.
302.19 As discussed in section 301, the auditor might supplement inquiry procedures with inspection or other risk
assessment procedures. For example, when obtaining an understanding of the industry, the auditor might read AICPA
accounting and auditing guides, financial statements of other companies in the industry, textbooks, or trade journals or might
subscribe to services that provide an in-depth analysis of the clients industry. The auditor might also read articles of
incorporation, minutes of meetings of shareholders and directors, and important contract agreements; review several prior
years financial statements, income tax returns, and revenue agents reports; or tour the clients facilities. Regarding the
regulatory environment, the auditor should read correspondence from taxing or other regulatory authorities, and may also
review applicable regulations that were recently enacted or proposed legislation that may affect the industry. The use of other
risk assessment procedures, in addition to inquiry, may be influenced by the matters discussed in paragraph 301.48.
Nature of the Entity
302.20 AU-C 315.12 indicates that the auditor should obtain an understanding of the nature of the entity relevant to the audit.
The nature of the entity includes its operations; its structure, ownership, and governance; the types of its existing and future
investments; and its structure and financing. Among other things, the understanding of the nature of the entity helps the
auditor to understand the classes of transactions, account balances, and disclosures that would be expected in the financial
statements.
302.21 Matters that the auditor might consider about the entitys operations and its structure, ownership, and governance
include the following:
a. Revenue sources.
b. Key customers.
c. Involvement in e-commerce.
d. Products or services and markets.
e. Conduct of operations, such as methods of production and delivery of products or services.
f. Important suppliers.
g. Major assets and liabilities.
h. Major expenses.
i. Employment and human resource matters, including compensation methods and employee benefits.
j. Research and development activities and expenditures.
k. Related parties and transactions with them.
l. Location of facilities.
m. Types of investments.
n. Financing activities.
Because sales are generally a significant class of transactions, the auditor will normally place emphasis on understanding
matters related to sales and revenue recognition. Matters that the auditor might consider about investments and financing
depend on the relative importance of those activities.
302.22 Risk Assessment Procedures and Factors to Consider. Similar to the understanding of industry, regulatory and
other external factors, the auditor often initially makes inquiries of appropriate client personnel about matters pertaining to the
nature of the entity. To make effective risk-based inquiries, it is critical that the auditor identify the right person within the entity
that possesses not only the requisite knowledge about the matter queried, but also about the nature of risks, how the entity
has addressed them, and what the remaining risk is to the entity. For example, in many small-to-midsized entities, the auditor
may be able to confine all inquiries about the nature of the business to the owner/manager or chief executive officer. As the
size, complexity, and management structure expands within an entity, the auditor might need to direct questions regarding
sales, marketing, and customers to the chief financial officer or director of sales; for production related matters, to the director
of operations; and for investments and financing, to the treasurer.
302.23 The auditors inquiries may be supplemented by additional inquiries (and other risk assessment procedures as
discussed in paragraph 302.24) as deemed necessary to fully understand the entity, its operations, structure, ownership,
governance, related parties, investments, and financing so that related risks can be identified. The understanding also
provides the auditor with an expectation of what classes of transactions, account balances, and disclosures will be present in
the financial statements. The auditor may need to expand inquiries based on the clients responses to more fully understand
the area and follow up on information that may be indicative of a potential risk. Factors to consider to develop inquiries and
identify risks related to the nature of the entity are presented in ASB-CX-6.1.
302.24 When obtaining an understanding of the nature of the entity, the auditor is likely to supplement or corroborate
inquiries with other risk assessment procedures. The factors noted in paragraph 301.48 might influence when an auditor uses
inspection or observation, but frequently the performance of procedures other than inquiry will be considered necessary to
obtain information that normally would not be practically obtained through inquiry. Exhibit 3-9 illustrates the use of risk
assessment procedures other than inquiry that the auditor might perform when obtaining an understanding of the nature of
the entity.
Exhibit 3-9
Illustrative Risk Assessment Procedures Other Than InquiryNature of the Entity
Area Procedure Subject Matter
Structure, Ownership,
Governance, and Related
Parties
Inspection and Review Articles of Incorporation.
Stockholder listings.
Organization charts.
Board and audit committee
minutes.
Business OperationsRevenue
Sources
Inspection and Review Management reports and
analyses on revenues trends.
Internal sales reports by
customer.
Bad debt summaries.
Company websites to identify
e-commerce activities.
Business
OperationsProducts or
Services and Markets
Inspection and Review Industry reports that describe
competition and products.
Company website describing
products and marketing.
Internal reports analyzing vendor
purchases.
Observation Tours of the clients production
facilities.
Business OperationsOther Inspection and Review Interim financial statements to
identify major assets, liabilities,
Area Procedure Subject Matter
Business OperationsOther
identify major assets, liabilities,
and categories of expense.
Summary or detail plan
documents for employee benefit
plans.
Employee handbook to identify
benefits.
Observation Tour of company facilities noting
assets and their condition.
Business
OperationsInvestments
Inspection and Review Interim financial statements to
identify investment activity.
Financial statements for
investments in other entities.
Business
OperationsFinancing
Inspection and Review Interim financial statements to
identify extent of financing activity
and leverage.
Loan agreements.
Significant lease documents.
* * *
Objectives, Strategies, and Related Business Risks
302.25 AU-C 315.12 indicates that the auditor should obtain an understanding of the entitys objectives, strategies, and
related business risks. The basic concept here is that most business risks eventually have financial consequences and, thus,
an effect on the financial statements. Examples of the consequences of business risks for financial reporting are as follows:
a. A contracting customer base due to industry consolidation might increase the risk associated with the valuation of
receivables.
b. Significant transactions with related parties might increase the risk of misstatement of a range of significant account
balances and relevant assertions.
c. A decline in the industry in which the entity operates might affect its ability to continue as a going concern.
Not all business risks create risks of material misstatement, so the auditor needs to focus on business risks that have financial
reporting implications in the entitys particular circumstances.
302.26 The auditor obtains an understanding of managements objectives and strategies to identify the related business
risks. Management and directors determine the entitys objectives which are the overall plans for the entity. Managements
strategies are the operational approaches adopted to achieve the objectives. The related business risks are the significant
conditions, events, circumstances, actions, or inactions that could adversely affect the entitys ability to achieve its objectives
or implement its strategies. When obtaining an understanding of the entitys objectives and strategies, it is often helpful to
consider whether strategies align with objectives and if strategies have been implemented. By doing so, the auditor may
become aware of heightened or additional business risks and potential risks of material misstatement.
302.27 Risk Assessment Procedures and Factors to Consider. When obtaining an understanding of managements
objectives and strategies to identify the related business risks, the risk assessment procedures employed by the auditor may
be influenced by the size and sophistication of the client. Smaller entities generally do not have formal plans or processes that
are documented, which forces the auditor to rely primarily on inquiries. In contrast, some larger or more sophisticated entities
may have written strategic plans that provide a road map for the objectives, strategies, and associated business risks that
have been selected and identified by the management team.
302.28 When making inquiries, the auditor will generally restrict questioning to upper management of the entity given the
subject matter and the level of knowledge that is needed to sufficiently address it. These inquiries would prompt management
to describe the entitys future trends, expectations, objectives, and strategies in areas such as the following:
Products and services.
Marketing and sales.
Research and development.
Technology.
Business expansion or restructuring.
Employment or compensation.
Factors to consider to develop inquiries and identify risks related to the entitys objectives and strategies are presented in
ASB-CX-6.1.
302.29 Identifying Business Risks. Exhibit 3-10 provides examples of the types of business risks that might be identified
based on the entitys objectives and strategies, and the potential consequences for financial reporting.
Exhibit 3-10
Illustrative Entity Objectives, Related Potential Business Risks,
and Financial Reporting Consequences
Entity Objectives Related Business Risks
Consequences for
Financial Reporting
Expansion of the entitys retail
outlets into a new geographic
area.
Inability to generate requisite cash flows
due to sales not meeting forecasts.
Defaults on loan
covenants resulting in
debt classification issues.
Introduction of a new product
that is similar to a popular
product of a competitor.
Increased legal exposure due to patent
infringement.
Legal contingencies
resulting in possible
accrual and/or
disclosure.
Increased emphasis on sales of
bundled software (that has
previously been immaterial)
requiring the entity to fully adopt
the provisions of FASB ASC
985-605, SoftwareRevenue
Recognition.
Improper revenue recognition. Revenue misstatements.
Installation of a new ERP IT
system.
Inability to process transactions due to
implementation delays or failures.
Completeness of financial
transactions or other
integrity issues.
Reduction of operating expenses
by 20% through employee layoffs
affecting 300 individuals.
Increased exposure to EEOC complaints
and other employee-based litigation.
Legal contingencies
resulting in possible
accrual and/or
disclosure.
Entity Objectives Related Business Risks
Consequences for
Financial Reporting
disclosure.
* * *
Measurement and Review of the Entitys Financial Performance
302.30 AU-C 315.12 indicates that the auditor should obtain an understanding of the measurement and review of the entitys
financial performance made by management and external parties. Information used by management for measurement and
review might include the following:
a. Key performance indicators (KPI), both financial and nonfinancial.
b. Trends.
c. Key ratios and other operating and financial statistics.
d. Forecasts, budgets, and variance analyses.
e. Period-on-period financial performance.
f. Employee performance measures.
g. Subsidiary, division, department, or other performance reports.
h. Comparisons to competitors performance (i.e., benchmarking).
Information prepared by external parties might include analyst reports and credit rating agency reports.
302.31 Performance measures can affect the audit and the auditors assessment of the risks of material misstatement in
several ways, including the following:
a. The pressure to meet performance targets could motivate management actions, including intentional misstatements,
and, thus, affect the auditors risk assessment.
b. Use of performance measures might highlight unexpected results or trends such as unusually rapid growth, which
upon investigation result in detection of misstatements.
c. The auditor might be able to use key performance indicators or other measures used by management when
performing analytical procedures. However, the auditor needs to consider whether the information used by
management is reliable and provides the degree of precision that is needed for the analytical procedures.
As noted in item a, management may be motivated to manipulate account balances that affect key performance indicators.
For example, in a situation where management has guaranteed the debt of the company, if the ratio of a key expense to
revenue is an important metric, management might have an incentive to improperly capitalize a portion of that expense. A
small entity might not have a formal process to measure and review financial performance, but management will still likely be
aware of key performance indicators that it uses and that can be helpful to the auditor.
302.32 Risk Assessment Procedures and Factors to Consider. The procedures used by the auditor for understanding the
measurement and review of the entitys financial performance will often be driven by the size and sophistication of the entity.
For example, a sophisticated entity may have developed a dashboard reporting system that incorporates carefully selected
key performance indicators that management has deemed to be the primary metrics in achieving its goals and objectives. In
that case, the auditor could inspect and review these measures along with any accompanying analyses in order to identify
risks that may be indicative of material misstatement.
302.33 In a smaller entity, as indicated in paragraph 302.31, management may have identified key financial performance
indicators that it uses when managing the business, but it prepares no formal reporting or analyses. Instead, as management
reviews financial or other operating reports, a determination is made whether the business has achieved the targets that
management has established for these indicators. For these situations, the auditor would likely use inquiry to determine what
indicators management believes are important in managing and measuring the entitys results and inspect the reports that are
used to monitor performance.
302.34 For all situations, the auditor considers inquiring whether there is any external measurement of the entitys financial
performance such as by credit agencies, analysts, or the entitys creditors. If so, the auditor may review available reports to
identify potential risks. Factors to consider to develop inquiries and identify risks related to measurement and review of the
entitys financial performance are presented in ASB-CX-6.1.
302.35 Business and Other Risks. Exhibit 3-11 provides examples of the measurement and review of the entitys financial
performance and how it could affect the audit and the auditors assessment of the risks of material misstatement.
Exhibit 3-11
Examples of How Performance Measures Might Affect the Audit
Measurement and Review Indicator Potential Impact
A key performance indicator for a service line is
average billing rate. The compensation and bonus
structure for the service line leader is dependent
upon whether the targeted average billing rate is
met or exceeded.
Potential motivation for the service line leader to
establish improper billing accrual rates or devise
other improprieties in time reporting.
A key percentage used by the entity is gross profit
by product line. For one of the entitys significant
products, the gross profit ratio has varied monthly
without any substantial changes in sales mix.
Potential misstatements due to errors in billing
cutoff or cost of sales recognition.
The entity prepares monthly period-on-period
comparisons and analysis for key P&L
components.
The auditor might use the results of the entitys
analysis to identify risks of potential material
misstatement if the information is deemed reliable
and provides the necessary precision to detect
material misstatements.
* * *
Selection and Application of Accounting Policies
302.36 AU-C 315.12 states that the auditor should obtain an understanding of managements selection and application of
accounting policies and evaluate whether the policies are appropriate for the entitys business and consistent with policies
used in the relevant industry. Further, AU-C 540.08 indicates that the auditor should obtain an understanding of the following
regarding accounting estimates:
Requirements of GAAP relevant to the accounting estimates, including those related to disclosures.
How management identifies transactions, events, and conditions that may give rise to accounting estimates.
How management makes accounting estimates and the data on which estimates are based, including
Methods used, including models if applicable.
Relevant controls.
Whether a specialist was used.
Any changes in methods or assumptions made, or ought to have been made, from the prior period and
reasons for those changes.
Whether and how management has assessed the effect of estimation uncertainty.
302.37 Gaining an understanding of the selection and application of accounting policies and accounting estimates is
important for considering the risks of material misstatement at both the financial statement and relevant assertion levels,
including both misstatements due to fraud and those due to error. The auditors assessment of the appropriateness of the
accounting policies that management has selected and applied is an important element in determining what can go wrong in
the preparation of financial statements and, hence, in assessing risks of material misstatement.
302.38 FASB ASC 235, Notes to Financial Statements, explains that the accounting policies of an entity are the specific
accounting principles and the methods of applying those principles that are judged by management of the entity as the most
appropriate in the circumstance to present fairly financial position, operating results, and cash flows in conformity with GAAP
(or an OCBOA). Thus, accounting policies include the accounting principles as prescribed by relevant accounting
pronouncements as well as the methods adopted to apply those principles in the circumstances. When an accounting
pronouncement permits an alternative in the way an accounting principle is applied or does not dictate a specific method of
application, management has to adopt a method that is most appropriate in the circumstances. For example, FASB ASC 450,
Contingencies, provides some guidance on estimating the loss for uncollectible receivables, but does not mandate a
particular method of estimation. Management needs to develop an accounting policy to determine when it is probable the
contractual amount of a receivable will not be collected and what the amount of the loss will be. The auditor needs to obtain
an understanding of the accounting policy and its application and evaluate the appropriateness in the circumstances.
302.39 The auditors understanding of managements selection and application of accounting policies includes the following:
a. Relevant accounting standards and industry specific practices.
b. The methods the entity uses to account for significant and unusual transactions.
c. The effect of significant accounting policies in controversial or emerging areas for which there is a lack of
authoritative guidance or consensus.
d. Changes in the entitys policies, including the reasons for the change and whether the change is appropriate and
consistent with GAAP (or an OCBOA).
e. Financial reporting standards and regulations that are new to the entity and managements plans to adopt such
requirements, including new accounting standards.
f. The process used by management in formulating particularly sensitive accounting estimates.
g. The methods used to identify matters for disclosure and how the entity achieves clarity in disclosure.
302.40 The auditor uses the understanding of these aspects of managements selection and application of accounting
policies to identify audit areas of higher risk and to identify what could go wrong at the relevant assertion level. For example, if
the entity has to apply a relatively complex accounting standard to a new type of significant transaction there ordinarily is a
higher risk of material misstatement for the account balance affected. For items of disclosure, many auditors of smaller
entities assist management in preparing the financial statements. In those cases, identification and clarity of disclosures are
often heavily influenced by the auditor. Therefore, the potential for risk may be mitigated with respect to disclosure.
302.41 The auditor uses the understanding of managements selection and application of accounting policies along with the
identification of fraud risk factors (paragraph 302.47) to evaluate whether an overall response is necessary. AU-C 240.29
indicates that in determining overall responses to fraud risk, the auditor should evaluate whether the selection and application
of accounting policies, particularly policies related to subjective measurements and complex transactions, may be indicative
of
Fraudulent financial reporting to manage earnings.
Bias that may create a material misstatement.
302.42 AU-C 240.A41 observes that management bias in the selection and application of accounting principles may
individually or collectively involve matters such as the following:
Contingencies.
Fair value measurements.
Revenue recognition.
Accounting estimates.
Related party transactions.
Transactions without a clear business purpose.
302.43 In establishing the overall audit strategy, the auditor focuses on whether the accounting principles selected and
policies adopted are being applied in an inappropriate manner. If the auditor identifies a risk in this area, it is often addressed
by an overall response, such as the assignment of more experienced personnel and a higher level of supervision, as well as
by the selection of specific further audit procedures.
302.44 Risk Assessment Procedures. The nature and extent of the risk assessment procedures to obtain an understanding
of the selection and application of accounting policies normally depend on factors such as:
The auditors knowledge and experience with the clients industry.
The auditors past experience with the client.
The degree of financial reporting sophistication of the client.
The extent of new accounting standards that are recently effective for the client.
The auditors participation in assisting the client with the selection of accounting policies and the preparation of the
302.45 For many small business clients, the auditor is instrumental in both selecting accounting principles and choosing the
methods by which they are applied. Consideration of accounting policies for those clients ordinarily will not be a
time-consuming process since the auditor already possesses much of the requisite knowledge. The auditor in those cases
can generally confine inquiries of the client to matters such as the manner and consistency of application.
302.46 For other situations where the auditor is not involved in the selection of accounting policies or has limited experience
with the client, the auditor may inquire about the matters discussed in paragraph 302.39. Also, the auditor may supplement
inquiries with a review of interim or prior year financial statements and supporting disclosures (for initial audits) coupled with a
thorough review and understanding of relevant accounting standards that are either new or specifically applicable to the
clients industry or its transactions. Factors to consider to identify audit areas of higher risk and evaluate what could go wrong
at the relevant assertion level due to the entitys selection and application of accounting policies are presented in ASB-CX-6.1.
Fraud Risk Factors
302.47 Fraud risk factors are events or conditions that indicate an incentive or pressure to perpetrate fraud, provide an
opportunity to commit fraud, or indicate attitudes or rationalizations to justify a fraudulent action. AU-C 240.24 states that the
auditor should evaluate whether the information obtained from risk assessment procedures indicates that one or more fraud
risk factors are present.
302.48 The identification of fraud risk factors is a natural by-product of performing risk assessment procedures. Along with
the other information obtained about the entity and its environment, the fraud risk factors are an important component in
identifying the risks of material misstatement at the financial statement and relevant assertion levels. The auditors primary
concern in considering fraud risk factors is to identify whether a risk factor is present and considered in identifying and
assessing risks of material misstatement due to fraud. The presence of a particular fraud risk factor does not necessarily
indicate the existence of fraud. Whether a risk factor is present and considered in identifying and assessing the risks of
material misstatement due to fraud is a matter of professional judgment.
302.49 Examples of Fraud Risk Factors. AU-C 240.A75 provides examples of fraud risk factors that may be considered
when identifying and assessing the risks of material misstatement due to fraud. The risk factors are further classified are
classified into factors related to fraudulent financial reporting and factors related to misappropriation of assets. Because it may
be helpful to consider fraud risk factors in the context of the conditions generally present when fraud occurs, the illustrative
risk factors are further classified into conditions relating to incentives/pressures, opportunities, and attitudes/rationalizations. It
is important to note that these are only examples and the auditor also may consider other risk factors not specifically listed. In
fact, AU-C 240.A75 states:
Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the
auditor may identify additional or different risk factors. Not all of these examples are relevant in all
circumstances, and some may be of greater or lesser significance in entities of different size or with different
ownership characteristics or circumstances.
Examples of fraud risk factors for auditors to consider based on the guidance in AU-C 240 are included in ASB-CX-6.2, Fraud
Risk Factors.
302.50 Auditors Considerations of Fraud Risk Factors. For misappropriation of assets, the consideration of fraud risk
factors is influenced by the degree to which assets susceptible to misappropriation are present. However, some consideration
is given to risk factors related to incentives/pressures, opportunities arising from control deficiencies, and
attitudes/rationalizations for misappropriation, even if assets susceptible to misappropriation are not material. As discussed
beginning in paragraph 307.10, one of the primary fraud risks in small businesses is fraudulent cash disbursements, in which
case there is always an asset subject to misappropriation. Similarly, securities in the custody of a broker may be susceptible
to misappropriation through unauthorized trading. Therefore, there always ought to be some consideration of fraud risk
factors related to misappropriation. In addition, when considering risk factors for misappropriation, the auditor may identify
risk factors related to inadequate monitoring and weaknesses in internal control that could also be present when fraudulent
financial reporting occurs.
302.51 The presence of risk factors related to financial stress or dissatisfaction among employees is particularly important
when considering the risk of misappropriation of assets because those conditions often provide both incentive and
rationalization for theft. The auditor, during the course of the audit, may become aware of information that indicates potential
financial stress or dissatisfaction of employees with access to assets susceptible to misappropriation. Examples include:
Anticipated layoffs that are known to employees.
Unfavorable changes in employee compensation or benefit plans.
Failure to receive promotions or other expected rewards.
Abusive or overbearing management coupled with unreasonable expectations.
Known unusual changes in behavior or lifestyle.
Employees that are known to be experiencing significant personal financial obligations.
Behavior indicating dissatisfaction with the company, including disregard for company policies and procedures.
If the auditor becomes aware of the presence of these or similar risk factors, he or she considers them when identifying the
risks of material misstatement due to fraud.
302.52 One of the fraud risk factors related to fraudulent financial reporting in ASB-CX-6.2, Fraud Risk Factors, states, If
the entity is not owner-managed, management is dominated by a single individual or small group without compensating
controls. What about owner/manager dominance, then, in the small owner-managed entity? The authors believe domination
of management by a single individual does not, in and of itself, indicate a failure by management or the owner/manager to
display and communicate an appropriate attitude regarding internal control and the financial reporting process. In fact, in
many small businesses, strong owner/manager involvement actually can be a control strength in that there is a great deal of
oversight of employees throughout the process. The effect of owner/manager dominance is discussed further beginning in
paragraph 306.59. Additionally, AU-C 550.20 indicates that a fraud risk factor may exist when an entity has related parties who
have the ability to exert control over, or significantly influence, management or the entity.
302.53 Auditors need to focus on the choice of modifying words in the risk factors (such as inappropriate means, unduly
aggressive, etc.). For example, a fraud risk factor might be, There is an interest by management or the owner/manager in
employing inappropriate means to minimize reported earnings for tax-motivated reasons. Many businesses have an interest
in minimizing reported earnings to reduce income taxes. The primary consideration, however, is whether the owner/manager
has shown an interest in minimizing income through inappropriate means. The auditor may have knowledge from prior audits
of the owner/manager attempting to run personal expenses through the business in an effort to reduce income taxes. This
situation would likely be considered a fraud risk factor. However, if the owner/manager is interested in minimizing taxes
through legitimate means, such as sophisticated tax planning, then the auditor would not consider this to be a fraud risk
factor.
302.54 If fraud risks are present, in accordance with AU-C 330, AU-C 240.28, and AU-C 240.30, the auditor considers
whether the assessment of the risk of material misstatement due to fraud calls for an overall response, one that is specific to a
particular account balance, class of transactions, or disclosures at the relevant assertion level, or both. An overall response is
considered in establishing the overall audit strategy (see section 306) and a specific response is considered in developing the
detailed audit plan. (See Chapter 4.)
303 THE UNDERSTANDING OF INTERNAL CONTROL
303.1 AU-C 315.13.25 establishes requirements for auditors related to consideration of internal control as part of an audit. It
also provides guidance about how the entitys use of information technology (IT) affects the auditors consideration of internal
control in planning the audit. Auditors should obtain an understanding of internal control that is sufficient to assess the risk of
material misstatement of the financial statements due to error or fraud and design the nature, timing, and extent of further
audit procedures. This section provides an overview of the general requirements of AU-C 315 related to obtaining an
understanding of internal control. Guidance is provided on the nature and extent of the auditors understanding, the
requirement to understand controls related to significant risks and risks for which substantive procedures alone are not
sufficient, and the effect of information technology on internal control. The authors also provide a practical step-by-step
approach for obtaining an understanding of internal control, which involves focusing on key controls and control objectives to
effectively and efficiently evaluate the design and implementation of controls relevant to the audit. Section 304 provides
detailed guidance on evaluating the design and implementation of entity-level controls. Section 305 provides detailed
guidance on evaluating the design and implementation of activity-level controls.
Components of Internal Control
303.2 AU-C 315.15.25 requires an understanding of five interrelated components of internal control. These five components
are also defined and described in more detail in COSOs Internal ControlIntegrated Framework.
2(28), 3(29)
The five
components are as follows:
a. Control environment.
b. Risk assessment.
c. Information and communication.
d. Monitoring.
e. Control activities.
303.3 In assessing the risk of material misstatement of the financial statements to develop an overall audit strategy, auditors
generally focus on obtaining an understanding of the control environment, risk assessment, information and communication,
and monitoring components, typically obtaining an understanding of the control environment first. The understanding of
control activities is not needed until planning the nature, timing, and extent of further audit procedures at the assertion level.
As a practical matter, however, auditors often obtain an understanding of control activities while obtaining an understanding
of the other control components. As an entitys operations and systems become more complex, auditors often need to
increase their understanding of the internal control components to obtain a sufficient understanding to assess the risk of
material misstatement of the financial statements and to plan the nature, timing, and extent of further audit procedures.
303.4 Throughout this discussion, the authors refer to the internal control components of control environment, risk
assessment, information and communication (excluding the financial reporting system), and monitoring as entity-level or
company-level controls. Those controls typically have a pervasive effect on the entitys system of internal control and can,
therefore, potentially influence the design and operating effectiveness of other controls. The IT environment and general
computer controls also have a pervasive effect and are considered at the entity level. The authors refer to the financial
reporting system and the control activities component of internal control as activity-level controls.
Nature of the Auditors Understanding
303.5 AU-C 315.13.14 requires auditors to obtain an understanding of internal control relevant to the audit.
4(30)
To obtain
that understanding, auditors should perform risk assessment procedures to (a) evaluate the design of controls that are
relevant to the audit and (b) determine if they have been implemented. A key consideration is whether and how the entitys
internal control prevents, or detects and corrects, material misstatements in relevant assertions related to transaction classes,
account balances, or disclosures. (Relevant assertions are discussed more fully in Chapter 4.)
303.6 Thus, an understanding of internal controls incorporates two primary elementsthe evaluation of the design of the
control and a determination of whether it has been implemented. Evaluation of design considers whether the control,
individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material
misstatements. In other words, the auditor considers the effectiveness of the control in achieving its objective. If a control is
improperly designed, a control deficiency may exist that needs to be communicated to management and those charged with
governance, as more fully described in AU-C 265, Communicating Internal Control Related Matters Identified in an Audit.
5(31)
303.7 It is not enough to simply determine whether a control as described or documented is effective in design. Many
sophisticated entities have extensive policies and procedures manuals that provide intricate descriptions of controls, their
objectives, and the procedures that are supposed to be followed to achieve the objectives. The documentation of a control
procedure, however, does not demonstrate that the control is actually being used. The auditor, therefore, also needs to
determine if the control, as documented or described, actually exists and the entity is using it. In other words, the auditor uses
risk assessment procedures to obtain audit evidence that the control has been implemented. Generally, the auditor uses
procedures such as observation or inspection, along with inquiries, to verify implementation. According to AU-C 315.14, the
auditor should evaluate the design of controls and determine whether they have been implemented by performing procedures
in addition to inquiry. In other words, inquiry alone cannot provide a sufficient understanding of internal control.
Extent of the Auditors Understanding
303.8 The overriding criterion for the understanding of internal control is that it be sufficient to assess the risk of material
misstatement of the financial statements due to error or fraud and to design the nature, timing, and extent of further audit
procedures. Obtaining an understanding that is sufficient to assess the risks of material misstatement necessitates that the
auditor to develop a fairly thorough and robust knowledge of the components of internal control. AU-C 315.26.27 indicates
that to provide a basis for designing and performing audit procedures, the auditor should identify and assess the risks of
material misstatement throughout the process of obtaining an understanding of the entity and its environment, including the
relevant controls that relate to the risks. The auditor is not permitted to simply default to high control risk.
6(32)
303.9 In most cases, the auditors understanding of internal control will be more comprehensive than the understanding of
the other aspects of the entity and its environment discussed in section 302, and obtaining it will require more time. In
addition, for initial audit engagements, the effort and time to gather information on the components of internal control that is
sufficient to assess risk will most likely exceed that necessary for engagements in following years. However, in general terms,
the extent of the understanding, along with the nature, timing, and extent of the risk assessment procedures performed to
obtain the understanding, are affected by factors such as the following:
The auditors prior experience with the client.
Materiality and tolerable misstatement.
Size of the entity.
Organization and ownership characteristics.
Number and nature of operating locations and subsidiaries.
Degree of diversity of systems within the organization, including the use of service organizations (see section 903).
Nature of the clients industry.
Applicable legal and regulatory requirements.
Level of business and financial sophistication of the client.
303.10 The results of preliminary engagement activities and the auditors understanding of the entity and its environment
other than internal control (discussed in section 302) generally influence the extent of the understanding of internal control
components. Most of the factors noted in the preceding paragraph are determined to a major degree when the auditor
performs risk assessment procedures to understand the entity and its environment. Furthermore, that understanding often
results in the identification of risks of material misstatement that further shape the direction, extent, and depth of the auditors
understanding of internal control. (However, the auditor ought to be aware that additional risks of material misstatement may
be identified when obtaining an understanding of internal control and by performing further audit procedures.) Therefore, it is
recommended that the auditor perform risk assessment procedures related to the understanding of the entity and its
environment before obtaining an understanding of internal control.
303.11 Exhibit 3-12 provides examples of how the auditors understanding of the entity and its environment as discussed in
section 302 might influence the extent (and focus) of the understanding that will be necessary for internal control.
Exhibit 3-12
Examples of How the General Understanding of the Entity (Section 302) Might Influence the Extent and Focus of the
Understanding of Internal Control
Understanding
Component Matter Identified Possible Risk(s)
Possible Influence
on Understanding
of Internal Control
Industry, Regulatory,
and Other External
Factors
A key competitor has
introduced products
with technology that is
superior to several of
the clients key
products.
Overvaluation due
to obsolescence
or
lower-of-cost-or-
market issues.
Emphasis on clients
risk assessment
process relating to
inventories.
Detailed understanding
of financial reporting
system for inventory
obsolescence and net
realizable value along
with key control
activities.
Structure, Ownership,
Governance, and
Related Parties
A new CEO was hired
during the year.
Overall risks at the
financial statement
level.
More rigorous risk
assessment procedures
and additional
emphasis on the control
environment, risk
assessment process,
and monitoring.
Nature of the Entity The client has a new
debt facility with
onerous debt
covenants.
Misclassification of
debt and
incomplete related
disclosures.
Fraudulent
manipulation of
accounting
records.
Increased focus and
risk assessment
procedures relating to
the understanding of
the control environment
regarding
managements attitude
and ethical values.
system over debt and
key control activities
over the review of debt
covenants.
Detailed knowledge of
the financial reporting
process including
authorization of journal
entries and related key
control activities.
Objectives and
Strategies and
Related Business
Risks
The client adopted an
objective and strategy
to enter a new product
area that is
technologically
complex where it has
no previous
experience.
Potential
understatement of
warranty reserves
and/or return
reserves.
Increased focus on the
risk assessment
process for identifying
risks related to new
product offerings.
system and key control
activities for estimating
Understanding
Component Matter Identified Possible Risk(s)
Possible Influence
on Understanding
of Internal Control
activities for estimating
warranty and return
reserves.
Measurement and
Review of the Entitys
Financial Performance
A gross profit KPI for a
significant new product
line is unusually high.
Potential inventory
costing issues.
of the financial reporting
system and key control
activities for inventory,
with emphasis on the
subsidiary that
manufactures and costs
the product line.
* * *
303.12 Because the extent of understanding of internal control is a matter of professional judgment, auditors will often
struggle over what controls or combinations of controls to assess. The auditor needs to remember that it is not necessary to
obtain an understanding of every control at the client. To do so would be cost prohibitive and simply unnecessary for most
audit engagements. Rather, the auditors focus is on those key controls that are relevant to the audit. As indicated previously,
the auditor makes an informed judgment as to the controls or combination of controls to assess. Although the extent of the
auditors understanding is a matter of professional judgment, AU-C 315.15.25 provides certain specific requirements related
to the understanding of internal control components, which are discussed in sections 304 and 305. In addition, according to
AU-C 315, the auditor should understand and evaluate the following specific matters:
The design and implementation of controls, including relevant control activities, related to significant risks (AU-C
315.30).
The controls over risks for which substantive procedures alone are not sufficient (i.e., risks requiring tests of controls
to obtain sufficient audit evidence) (AU-C 315.31).
The effect of IT on internal control, specifically how IT risks affect control activities. (AU-C 315.22).
Understanding Controls Related to Significant Risks and Risks for Which Substantive Procedures
Alone Are Not Sufficient
303.13 AU-C 315.30 indicates that the auditors understanding of internal control should include the entitys programs and
controls that address risks of material misstatement that are considered significant risks. Significant risks are further discussed
in section 403. Fraud risks are always considered to be significant risks. Therefore, according to AU-C 240.27, after
completing risk assessment procedures to evaluate internal control design and implementation, the auditor determines
whether a sufficient understanding has been obtained of controls that would prevent, or detect and correct, material
misstatements related to fraud risks or other significant risks. If not, the auditor performs additional risk assessment
procedures directed at gaining an understanding of controls relating to those risks.
303.14 Programs and controls addressing fraud risks or other significant risks may relate to any of the five components of
internal control; thus, the auditor needs to use care not to isolate the understanding to only the control activities component.
The auditor ought to be alert to the fact that fraud risks or other significant risks may not be subject to routine controls given
the nature of the risk. Also, the auditors understanding extends to whether and how management responds to those risks.
303.15 Controls that address fraud risks frequently relate to the following:
a. Control Environment. Fraud programs designed to prevent, deter, and detect fraud. For example, programs to
promote a culture of honesty and ethical behavior.
b. Control Activities. Specific controls designed to mitigate specific risks of fraud. For example, controls to address
specific assets susceptible to misappropriation.
303.16 As with other controls, the auditor evaluates whether the programs and controls that relate to significant risks are
suitably designed and implemented and assess the risks of material misstatement due to error or fraud in light of this
evaluation. The existence (or lack of) these programs and controls might either mitigate or increase the risks of material
misstatement. The auditor needs to consider the control activities that are relevant to account balances with a significant
inherent risk of misappropriation of assets. The risk of misstatement due to fraud for misappropriation of assets always
depends on whether there are controls to prevent or detect concealment or theft in the accounting records.
303.17 In addition to understanding and evaluating controls related to significant risks, auditors are required by AU-C 315.31
to understand and evaluate controls related to risks for which substantive procedures alone are not sufficient. For those risks,
the auditor will have to perform tests of the operating effectiveness of controls to obtain sufficient audit evidence. Therefore,
the auditor needs an understanding of the design of relevant controls and confirmation that they have been implemented
before he or she can design and perform appropriate control tests. (Tests of controls are discussed in Chapter 6.)
Effect of Information Technology (IT) on Internal Control
303.18 AU-C 315 does not address IT as a separate component of internal controlit discusses how IT fits into internal
control. While AU-C 315 does not require that auditors take a different approach in considering internal control when an entity
uses IT, it indicates that auditors should consider how IT affects an entitys control activities. The effects can be extensive
because IT affects the way transactions are initiated, authorized, recorded, processed, and reported. The effect on the clients
internal control is related more to the nature and complexity of the system than to the clients size.
303.19 AU-C 315.22 indicates that in understanding the entitys control activities, the auditor should obtain an understanding
of how the entity has responded to risks arising from IT. Relevant controls include both properly designed and implemented
application controls and the general controls upon which application controls depend. The AICPA Risk Assessment Audit
Guide (paragraph 4.63) notes that the auditor evaluates the design of IT general controls and determines whether they have
been implemented when assessing the risks of material misstatement. Auditors test general controls when they plan to rely on
IT application controls to modify the nature, timing, and extent of substantive tests.
303.20 The auditor also ought to be aware that the use of IT may affect the availability of information needed for the audit.
Furthermore, in certain situations the auditor may be precluded from using only substantive procedures when the role of IT is
significant to the processing of transactions. For example, in highly automated processing with little or no manual intervention
where information is initiated, authorized, recorded, processed, or reported electronically, the auditor may determine that
detection risk cannot be adequately reduced without testing the operating effectiveness of controls. (Tests of controls are
discussed in Chapter 6.)
303.21 Exhibit 3-13 shows some of the ways that information technology affects internal control. The exhibit focuses on the
impact of IT on the control environment, information and communication (financial reporting system), and control activities
components of internal control. IT can also affect an entitys risk assessment process, including providing information to
assist in identifying and managing risks. In addition, IT may affect an entitys monitoring activities, including providing
information used in monitoring. While an entitys use of IT may affect any of the five components of internal control, the
authors consider the effect of IT on the control environment, information and communication, and control activities
components of internal control to be more significant for small to midsize nonpublic companies. Sections 304 and 305
discuss in more detail the effects of IT on the various components of internal control and how IT affects the auditors
procedures.
Exhibit 3-13
Examples of IT Aspects of
Internal Control
Control Environment Financial Reporting System Control Activities
1. Involvement of management
or the owner/manager in
designing and approving the
financial reporting system,
including computer
programs.
authorizing transactions and
approving changes to
computer programs or data.
controlling access to and
use of computer programs
and data files.
1. The procedures by which
transactions are initiated,
recorded, processed, and
reported.
2. The accounting records,
supporting documents, and
specific accounts involved in
initiating, recording,
processing, and reporting
transactions.
3. Simple vs. complex
computer system;
purchased vs. developed
software.
4. How data is converted to
electronic information.
5. The specific computer files
accessed and updated.
6. The procedures used to
enter transaction totals into
the general ledger.
initiate, record, and process
journal entries.
record other financial
statement adjustments and
to capture other events and
conditions significant to the
1. User control activities to test
the completeness and
accuracy of
computer-processed
transactions.
2. Application control activities:
a. Automated control
activities, such as edit
checks of input data
and numerical
sequence checks.
b. Manual follow-up of
items on computer
exception reports.
3. General control activities
related to:
a. Acquisition and
maintenance of system
software.
b. Acquisition,
development, and
maintenance of
application systems.
c. Access to programs
and data files.
d. Data center and
network operations.
* * *
303.22 Considering Whether Specialized IT Skills Are Needed to Understand Internal Control. Auditors need to
consider whether specialized IT skills are necessary to determine the effect of IT on the audit, understand IT controls, or
design and perform tests of IT controls or substantive procedures. That determination ought to be made relatively early in the
planning process to assure that the necessary resources are available on a timely basis. The decision to use an IT specialist is
a matter of auditor judgment. AU-C 300.A18 states that auditors may consider the following factors in determining whether the
audit team needs to include individuals that possess specialized IT skills:
The complexity of the entitys systems and IT controls and the manner in which they are used in conducting the
entitys business.
The significance of changes made to existing systems or the implementation of new systems.
The extent to which data is shared among systems.
The extent of the entitys participation in electronic commerce.
The entitys use of emerging technologies.
The significance of audit evidence that is available only in electronic form.
An IT specialist may be either a member of the auditors firm or an outside professional.
303.23 If the auditor uses an IT specialist on the engagement team, according to AU-C 300.12, the auditor should be
knowledgeable enough to communicate the audit objectives to the specialist, evaluate whether the procedures performed by
the specialist meet the auditors objectives, and determine the effects of the procedures on the nature, timing, and extent of
other planned procedures. That does not mean auditors have to be experts in information technology. The authors believe
that normally the auditors responsibility when using an IT specialist is the same as for other members of the engagement
team. To effectively supervise an IT specialist, auditors need a basic understanding of computer applications and controls,
especially those most relevant to particular client systems. That understanding can be gained from experience with the client
or from attending training classes or seminars. The extent of the understanding will vary with the nature of the entitys IT
environment.
How Are the Results of the Understanding Used?
303.24 The understanding of internal control needs to be sufficient to assess the risks of material misstatement and to design
the nature, timing, and extent of further audit procedures. Specifically, the understanding is used to:
Identify types of potential material misstatements.
Consider factors that affect the risks of material misstatement.
Design tests of controls, when applicable, and substantive procedures.
303.25 In addition, the understanding provides audit evidence that contributes to the auditoris planned responses to
assessed risks and the performance of further audit procedures. This evidence is an element of the auditors cumulative audit
evidence that ultimately supports the opinion on the financial statements. The auditor remains alert for risks that may be
identified during the process of obtaining an understanding of internal controls. Identified risks can be documented on
Understanding the Entity and Identifying Risks (ASB-CX-3.1) or the Risk Assessment Summary Form (ASB-CX-7.1).
303.26 Normally, the auditors understanding of internal control design and implementation is not sufficient to reach a
conclusion on the operating effectiveness of controls. The same types of procedures performed to determine if a control has
been implemented (e.g., observation, inspection of documents, reperformance, and walkthroughs) are also used when
testing controls for operating effectiveness. However, the extent of the procedures to determine implementation may fall short
of what is needed to determine operating effectiveness because tests of operating effectiveness need to provide audit
evidence about how controls were applied throughout the period under audit and the consistency with which they were
applied. However, in some cases, the auditors procedures may serve both purposes. For example, a walkthrough can serve
as a test of operating effectiveness and in some cases, along with other procedures that test operating effectiveness, can
provide a valid basis for assessing control risk at less than high. In addition, for an automated control where consistency of
application would normally occur assuming the existence of effective IT general controls, the auditor may be able to
determine operating effectiveness based on procedures performed to establish that the control has been implemented and
the auditors assessment and testing of the related general controls.
303.27 Considering the results of the understanding of controls in relation to the assessment of the risk of material
misstatement of the financial statements (that is, making the control risk assessment) is more fully discussed in section 403.
Tests of controls are discussed in Chapter 6.
A Practical Approach for Obtaining an Understanding of Internal Control
303.28 Obtaining a sufficient understanding of internal control may appear to be daunting. For many clients, especially
smaller nonpublic entities, the auditor may believe, based on the nature of the entity or limited number of transactions, that
the use of substantive procedures alone will be effective and will provide the most efficient or practical means of addressing
the identified risks and relevant assertions for significant audit areas. Because an auditor cannot default to a control risk
assessment of maximum, however, auditors may have concerns about the depth of understanding of internal control and the
extent of risk assessment procedures that will be necessary. For example, auditors may ask questions such as the following:
Is the same level of understanding necessary for all of the components of internal control?
How extensive an understanding of entity-level controls is appropriate? How do they relate to control activities?
What transaction classes or types of transactions are significant for obtaining an understanding of the financial
reporting system and related control activities? What is the level of detail of this understanding?
Is it necessary to be an expert in general IT controls to obtain the understanding needed for the audit?
What is the most efficient means of obtaining the understanding of internal control?
How much documentation is needed to describe the understanding?
Most of the answers to those questionssuch as answers related to the necessary extent and depth of the auditors
understanding and risk assessment proceduresare ultimately a matter of the auditors professional judgment.
303.29 The key matters that affect the auditors application of professional judgment in developing an approach for
understanding internal control are as follows:
The understanding of the five components of internal control ought to be sufficient to (a) assess the risk of material
misstatement of the financial statements and to (b) design the nature, timing, and extent of further audit procedures.
The understanding ought to be sufficient to allow the auditor to both evaluate the design of controls relevant to the
audit and to determine whether they have been implemented.
The auditors understanding of the financial reporting system needs to be sufficient to understand (a) classes of
transactions that are significant; (b) the procedures and related accounting records for initiating, authorizing,
recording, processing, correcting, transferring to the general ledger, and reporting those transactions; (c) how
significant events and conditions other than classes of transactions are captured; (d) the financial reporting process
used to prepare the financial statements, including significant estimates and disclosures; (e) the controls over
journal entries; and (f) the effect of IT on internal control, specifically on control activities that are relevant to the
audit.
The auditor needs to understand and evaluate the following, which may relate to any of the five components of
internal control:
The design and implementation of controls, including relevant control activities, related to significant risks.
The design and implementation of controls, including relevant control activities, related to risks for which
substantive procedures alone are not sufficient (i.e., risks requiring tests of controls to obtain sufficient audit
evidence).
303.30 Auditors of both small and large entities need to obtain an understanding of all five components of internal control
and determine whether controls relevant to the audit have been properly designed and implemented. For both large and
small entities, fundamental controls, such as reconciliations, management review, and basic input controls, ought to be in
place in some form or another. However, the emphasis of the understanding is on assessing the risk of material misstatement
of the financial statements due to error or fraud. Thus, the context of the auditors understanding is whether internal controls
are capable of preventing or detecting and correcting what could go wrong in the financial statements, including disclosures,
at a material level. Auditors do not need to obtain an in-depth understanding of every control that relates to financial reporting;
the risk assessment standards clearly do not require such a detailed approach. Typically, the understanding is much less
than would be appropriate for reporting on internal control over financial reporting. However, auditors understanding ought to
be sufficient to allow a proper design of the nature, timing, and extent of further audit procedures.
303.31 The authors have developed a practical approach to assist auditors in efficiently and effectively gaining and
documenting a sufficient understanding of internal control. Although the steps are presented sequentially, some of them are
interrelated and often performed concurrently with other steps. Steps that the authors believe will result in an efficient and
effective approach include:
Develop an overall strategy for understanding internal control.
Perform scoping activities.
Evaluate the design and implementation of entity-level controls, including the control environment, risk assessment,
information and communication (excluding the financial reporting system), and monitoring components of internal
control], as well as the IT environment and general computer controls.
Evaluate the design and implementation of activity-level controls, including the financial reporting system and
control activities component of internal control.
Document the understanding of internal control.
When performing those steps, it is helpful to focus on control objectives and key controls, including segregation of duties. The
following paragraphs discuss each of those steps in further detail and provide guidance on considering control objectives and
key controls throughout the process.
303.32 Develop an Overall Strategy for Understanding Internal Control. As discussed in AU-C 300.09, the audit plan
should include a description of the nature and extent of planned risk assessment procedures. This is a critical point; without
proper planning, the scope, depth, and documentation of the understanding of internal control may be overly detailed and
unnecessaryseriously impacting audit efficiencyor insufficient to address critical factors and controls that will allow the
auditor to properly assess the risks of material misstatement. Therefore, the first step in obtaining an understanding of internal
control is to develop an overall strategy.
303.33 The Top-down Approach. The top-down strategy, or approach, to understanding internal control begins at the
financial statement level and works down to the individual activity control level. Using the top-down approach can improve
audit effectiveness and efficiency in scoping the audit because it focuses on those controls related to relevant assertions for
material accounts and significant classes of transactions. The following summarizes the application of the top-down
approach. (Paragraph 303.42 discusses the top-down approach with respect to the understanding of entity-level controls.)
Gain an understanding of the overall risks of material misstatement at the financial statement level.
Identify the material accounts and classes of transactions that are significant to the financial statements and the
relevant assertions related to those accounts.
For each relevant assertion identified, consider the risks of material misstatement, that is, what can go wrong.
Identify control objectives related to the assertion that addresses the risks.
Identify those controls (key controls) that mitigate the risks that the control objectives will not be achieved.
303.34 The overall strategy for obtaining an understanding of internal control includes a high level determination of the effect
of matters such as the following on the nature and extent of the auditors risk assessment procedures:
Use of the understanding of internal control obtained in prior audits.
Changes in transaction types, control systems, IT activities, business operations, etc.
The nature and volume of transactions.
The importance of internal control throughout the entity, including managements commitment to the design and
operation of internal control.
Activities and transaction processes at multiple locations.
The clients use of a service organization.
The complexity of IT, including the depth of understanding of general controls that is needed.
Whether to use an IT specialist.
Audit areas that contain significant risks or risks for which substantive procedures alone are not sufficient.
The effect of risks at the overall financial statement level.
The availability of client documentation.
The auditor also considers the appropriate amount of time to spend and the assignment of engagement team members in
light of the preceding considerations.
303.35 Effects of the factors in the preceding paragraph on the auditors overall strategy for obtaining an understanding of
the clients system of internal control may include the following:
Previous Experience with the Client. If the engagement is new, the approach is generally significantly more extensive
than for an existing client. For continuing engagements, the auditor considers inquiring about changes in transaction
types, internal control systems, IT activities, business operations, etc., to help determine where more in-depth risk
assessment procedures will be needed.
Nature of Transactions, Diversity of Operations, and the Clients Industry. Based on the nature of transactions and the
characteristics of the clients industry, the auditor may expect controls to be more intensive or robust. Also, if the
client is subject to legal and regulatory requirements, the auditor may expect additional controls to be in place that
address risks associated with such requirements.
General Size, Complexity, and Sophistication of the Client. For small clients, or those with accounting personnel who
lack experience or skills in designing and implementing controls, the extent of controls, including proper
segregation of duties, may be limited.
Number and Nature of Client Locations. Different locations may process the same transaction type differently,
thereby presenting the possibility of a different level of control risk at each location. Also, when understanding
entity-level control components, the auditor needs to be mindful that such controls might operate differently by
location. Therefore, depending on the significance of activities and transaction processing at various locations, the
auditor may need to perform risk assessment procedures that specifically address controls at each material location
(or a selection of locations). The auditor might also consider determining if the client uses a shared-service
environment where processing for many locations is handled centrally.
The Use of Service Organizations and Outsourced Operations. The auditor normally determines the significance to
the clients system of internal control of the use of service organizations. When determining significance, the auditor
should obtain an understanding of how the client uses a service organization, including (1) the nature of the
services, for example, whether the service organization initiates, authorizes, records, or processes transactions,
maintains accounting records, or manages the entitys assets; (2) whether the transactions processed or accounts
affected by the service organization are significant, either because they are material or because of their nature; (3)
the extent to which the user entity has implemented controls over processing performed by the service organization
or relies on controls at the service organization; and (4) the respective roles and responsibilities of the user entity
and the service organization, and whether contractual terms require the service organization to provide a service
auditors report and permit access to records and direct communication by the user auditor if necessary. When
significant, the auditor needs to determine the implications for the overall understanding of internal control.
The Extent and Diversity of IT Systems. The extent of IT used in the entity generally affects the auditors approach to
the understanding of internal control and the conduct of risk assessment procedures. Furthermore, to the extent that
automated controls are used in the entity, there is an increased likelihood that the auditor will need a more in-depth
understanding of general controls. Therefore, it is normally useful to consider the types of IT environments,
significant applications, changes in IT from prior years, and how IT varies among locations. Understanding the IT
environment in relation to significant transaction classes and processes, including the financial reporting system,
helps the auditor with the decision about whether to use IT specialists for obtaining the understanding, including the
understanding of general controls.
Identified Risks. When possible, it is often more efficient to identify inherent risks prior to obtaining the understanding
of internal control. This helps ensure that the auditor focuses on controls that address the identified risks of material
misstatement when obtaining an understanding of internal control. Furthermore, as previously discussed beginning
at paragraph 303.12, the auditor is required to evaluate the design and implementation of controls related to
significant risks and risks for which substantive procedures alone are not sufficient. By performing risk assessment
procedures relating to the industry, the client, and its environment prior to obtaining the understanding of internal
control, the auditor normally has a better idea of the significant risks to be considered. (However, the auditor needs
to be aware that additional risks of material misstatement may be identified when obtaining the understanding of
internal control or when performing further audit procedures.)
The Extent of Client Documentation. Some clients, typically larger entities, may have well defined documentation of
their system of internal control. Documentation may be available in policies and procedures manuals, departmental
procedure memos, employee handbooks, job descriptions, and similar documents. While the existence of
documented procedures and controls does not relieve the auditor of the requirement to perform risk assessment
procedures to obtain an understanding of relevant controls (including evaluating design and determining that
controls are implemented), good client documentation often significantly aids the efficiency of the understanding
and evaluation of the design of controls and generally reduces the effort in meeting documentation requirements. (In
some cases, the auditor may want to encourage clients to prepare basic documentation of their processes and
control systems to improve audit efficiency.) A word of caution: do not assume that just because written
documentation exists, the processes and controls have been implemented as described. If the client lacks
documentation, including documentation that evidences performance of a control, the auditor might consider how
this will impact the conduct of risk assessment procedures and whether there will be sufficient evidence to evaluate
the design and implementation of controls. According to the AICPA Risk Assessment Audit Guide (paragraph 4.38),
if the client does not document a control, the auditor documents the control as part of the risk assessment
procedures to identify and assess the risks of material misstatements. If the client fails to document the
performance of a control, for example, by initialing that it has been done, inquiry and observation may not provide
sufficient evidence that the control is in place and operating. In some cases, the absence of documentation may be
a control deficiency and could possibly rise to the level of a significant deficiency or material weakness.
303.36 By considering the factors in the previous paragraph, the auditor is better able to (a) identify the internal control
components, classes of transactions, and disclosures that require emphasis when obtaining the understanding and (b)
consider the nature and extent of risk assessment procedures that are necessary. Also, developing an overall strategy for
understanding internal control allows for more effective assignment of engagement personnel. For example, if the auditor
expects controls over revenue transaction processing to be complex, more experienced staff might be assigned, allowing
newer staff to address less complex areas such as cash disbursements. Furthermore, the plan for obtaining the
understanding of internal control often suggests the nature and extent of auditor documentation that would be appropriate.
For example, a relatively simple information system, and its related control activities, might be documented using narrative
format. A complex processing environment with numerous data inputs and outputs and extensive control activities might be
easier to comprehend and follow if documented through the use of a flowchart.
303.37 Perform Scoping Activities. After developing an overall strategy for obtaining and documenting the understanding
of internal control, the auditor performs scoping activities to further direct his or her efforts. The auditors scoping activities
typically involve identifying the following prior to performing detailed risk assessment procedures relating to the
understanding of internal control:
Material accounts and disclosures.
Relevant assertions.
Significant transaction classes and processes.
303.38 By identifying material accounts and disclosures along with the relevant assertions, the auditor is better able to focus
on controls affecting audit areas that present a reasonable possibility of material misstatement. When identifying material
accounts, the auditor generally considers planning materiality, as discussed beginning in paragraph 306.4, but also considers
other factors such as the nature of the account, its susceptibility to misstatement, the types of transaction classes affecting the
balance and their volume, identified risks, and similar factors. For example, an accounts payable balance may not be
significant based on a consideration of quantitative materiality, but the risk of material misstatement due to unrecorded
liabilities might justify considering it as a material account. Identifying relevant assertions for material accounts and
disclosures allows the auditor to identify and consider the control objectives and underlying key controls that address the risk
of what could go wrong in those areas. Financial statement assertions are discussed in detail in section 401. Control
objectives and key controls are discussed beginning in paragraph 303.50 and are illustrated at Appendix 3A.
303.39 AU-C 315.19 indicates that the auditor is required to obtain a sufficient understanding of the financial reporting system
to understand the classes of transactions that are significant and the procedures for initiating, authorizing, recording,
processing, correcting, transferring to the general ledger, and reporting those transactions. Significant transaction classes are
those classes of transactions in the entitys operations that are significant to the financial statements, generally because of the
volume or risk characteristics of transactions processed. The scope of the auditors risk assessment procedures includes
obtaining an understanding of the flow of transactions for all significant transaction classes. It is not necessary to perform risk
assessment procedures to understand transaction classes that are not significant.
303.40 When determining significant transaction classes, the auditor normally considers the business locations where
transaction classes are processed as well as the IT environments that affect transaction processing. Identifying significant
transaction classes is discussed further beginning in paragraph 305.9.
303.41 The scoping process does not need to be overly detailed or complicated. The approach that an auditor might follow
to address the items in paragraph 303.37 depends on the size and complexity of the clients operations. The important point
is that the auditor needs a clear vision of what is significant at the entity before embarking on the process of obtaining an
understanding of internal control.
303.42 Evaluate the Design and Implementation of Entity-level Controls. Auditors may be tempted to focus first on the
information systems and related control activities since those components are directly related to the assertions that are
relevant to the financial statements. However, as discussed in paragraph 304.1, the auditor normally obtains an
understanding of the control environment and other entity-level controls prior to considering activity-level controls. The reason
for this top-down approach (see paragraph 303.32) is fairly straightforwardentity-levels controls may have a pervasive
effect on other controls; therefore, entity-level controls ought to be understood first. In addition, entity-level controls typically
influence how the auditor evaluates other controls. For example, if the control environment is weak, the potential benefit of
good control activities may be negated because management might be more likely to override controls. In this case, although
the auditor still needs to understand control activities, it is unlikely that the auditor would plan on testing controls. Also,
weaknesses in pervasive entity-level controls may present a risk at the financial statement level. The risk assessment
standards require the auditor to assess risks at the financial statement level and develop an overall response, and considering
these controls early in process, the auditor is in a better position to plan and apply the overall response determined to be
necessary.
303.43 Some entity-level controls, such as effective monitoring controls, might be directly linked to preventing or detecting
material misstatements at the relevant assertion level for an account balance, transaction class, or disclosure. In that case, the
auditor might consider the impact of the entity-level control, in addition to related control activities, when assessing control
risk for the relevant assertion for the audit area.
303.44 Controls throughout the system may be either manual or automated and may be significantly affected by IT.
Therefore, the auditor also obtains an understanding of the entitys IT environment and general computer controls when
obtaining an understanding of entity-level controls. Evaluating the design and implementation of entity-level controls is
discussed in section 304.
303.45 Evaluate the Design and Implementation of Activity-level Controls. As discussed in paragraph 303.42, the auditor
ordinarily obtains an understanding of entity-level controls first because those controls have a pervasive effect on the entitys
financial statements. Also, the auditor generally accumulates a significant amount of knowledge about activity-level controls
through the understanding of entity-level controls. After obtaining an understanding of entity-level controls, the auditor
focuses on obtaining an understanding of the financial reporting system, which is part of the information and communication
component of internal control. Obtaining an understanding about how the entity initiates, authorizes, records, processes, and
reports transactions through the financial reporting system typically also provides a significant amount of information about
control activities. After obtaining an understanding of those aspects of transaction processing, the auditor considers whether it
is necessary to devote additional attention to obtaining an understanding of control activities. Evaluating the design and
implementation of activity-level controls is discussed in section 305.
303.46 Document the Understanding of Internal Control. AU-C 315.33 requires documentation of the understanding of the
entity and its environment, including internal control. For internal control, the auditor is required to document the
understanding obtained for each of the five components of internal control noted in paragraph 303.2. The auditor should also
document the sources of the information used and risk assessment procedures that were performed to obtain the
understanding.
303.47 Historically, auditors have documented their understanding of internal control using a variety of methods. These
methods have included:
Narratives or memorandum documents.
Internal control questionnaires.
Checklists.
Flowcharts.
303.48 AU-C 315 permits auditors flexibility in the manner of documentation. The form and extent of documentation is
influenced by factors such as the complexity, size, and nature of the entity and the use of technology. Where applicable,
some auditors supplement their documented understanding with existing documentation of control systems prepared by the
entity. Due to the increasing visibility of the importance of controls, many entities have developed or enhanced their internal
documentation and evaluation of internal controls. Auditors may consider inquiring of the client about the existence of such
documentation along with any supporting evaluation of the effectiveness of controls. In those cases, the auditor may gain
additional audit efficiencies and a better understanding of the clients internal control.
303.49 Using the PPC Approach. This Guide provides the following forms that can be used to document the understanding
of internal control, including the evaluation of design and implementation.
Understanding the Design and Implementation of Internal Control (ASB-CX-4.1). This form can be used to
document the understanding of entity-level controls along with the sources of information used and procedures
performed to obtain or update the understanding. The auditor also uses this form to document his or her evaluation
of the design and implementation of entity-level controls and to identify and link to the documentation of general
controls and significant transaction classes.
Financial Reporting System Documentation FormFinancial Close and Reporting/Significant Transaction Classes
(ASB-CX-4.2.1). This form can be used to document the understanding of the financial close and reporting process
and the processing of transactions for each significant transaction class. The auditor can also indicate if the controls
are properly designed and implemented and document the sources of information used and procedures performed
to obtain or update the understanding.
Financial Reporting System Documentation FormIT Environment and General Computer Controls (ASB-CX-4.2.2).
This form can be used to document the understanding of the entitys IT environment (including consideration of
controls at a service organization) and general computer controls, as well as the decision about whether to use an IT
specialist. The auditor can also indicate if general controls are properly designed and implemented and document
the sources of information used and procedures performed to obtain or update the understanding.
Walkthrough Documentation Table (ASB-CX-4.3). This form can be used to document the performance of a
walkthrough. A walkthrough confirms the understanding of the design and implementation of controls by tracing a
transaction through the entitys system from its initiation to inclusion in the general ledger and financial statements.
Activity and Entity-level Control Forms (ASB-CX-5). These forms are optional source lists of control activities and
entity-level controls by transaction class (for each audit area) or by objective (for entity-level controls). The forms
provide a list of common key controls that are applicable for many nonpublic entities. The forms can be used as a
memory jogger to assist the auditor in identifying and describing the entitys controls or as a supplement to
narratives or flowcharts to further document the understanding of controls and to indicate which controls are being
tested.
The use of these forms is discussed further in sections 304 and 305.
Considering Control Objectives and Key Controls
303.50 Control Objectives. When obtaining an understanding of internal control, many auditors consider control objectives
during the process of identifying controls and evaluating their design and implementation. A control objective states the
purpose of a control (or controls) in relation to risks and what could go wrong in the financial statements. For example, All
property, plant, and equipment additions are recorded, might be a control objective that addresses a risk of fixed asset
transactions not being properly tracked and recorded (i.e., completeness). Failure to achieve that control objective could
potentially result in understatement of fixed assets and depreciation expense, as well as misstatements in other income
statement accounts. Control objectives may relate to entity-level controls, such as control environment and monitoring
controls, or to controls at the account balance, transaction class, and disclosure level.
303.51 By considering control objectives and how they relate to risks and what can go wrong at the relevant assertion level,
an auditor might find it easier to identify existing controls and evaluate their design effectiveness. For example, an auditor
might tailor inquiries of client personnel to focus on how certain control objectives are achieved within the entity when trying
to identify the controls that address a particular risk of material misstatement. Likewise, when existing controls are identified,
the auditor can evaluate whether those controls, if operating effectively, would fully achieve the objective or whether
deficiencies exist because of improper design or missing controls.
303.52 Appendix 3A lists common control objectives by transaction class for various audit areas. The listing does not
necessarily reflect all control objectives that may exist for an entity. Also, control objectives may be stated in various ways in
addressing risks.
303.53 Key Controls. As indicated in AU-C 315.21, the auditor is not required to understand all controls and control activities
that might exist in an entity. The auditor typically focuses attention on those controls that are most important in achieving
particular control objectives related to identified risks. Often, an entity has multiple controls that contribute to achieving its
control objectives. However, certain of those controls, referred to as key controls, are considered primary to achieving the
objectives. When identifying controls, evaluating design effectiveness, determining implementation, and, if applicable, testing
operating effectiveness, it is often most efficient and effective for the auditor to focus on key controls. Many times, these are
the controls that the client believes are the most effective and reliable in operation to fully address a control objective. Key
controls are important because their failure could materially affect the relevant assertion, but might not be detected in a timely
manner by other controls. Key controls are also important because their operation might prevent, or detect on a timely basis,
other control failures that would be material to the entitys objectives. Often, especially for smaller entities, management
review (i.e., monitoring) controls are key. When determining which controls are key, the auditor might consider factors such
as:
The nature of the risks being addressed.
The characteristics of related account balances or transaction classes.
Whether the control is preventive (i.e., prevents misstatements) or detective (i.e., detects misstatements).
Whether the control works in combination with or relies on the operation of other controls.
Whether the control is manual or automated.
Whether the control addresses more than one control objective.
The nature and type of potential misstatements that the control would prevent, or detect and correct (i.e., would
misstatements most likely arise from error, fraudulent financial reporting, or misappropriation of assets?).
303.54 Do Not Forget about Indirect Controls and Controls over Spreadsheets. In some cases, the effectiveness of a key
control directly related to an assertion depends on the proper operation of other, or indirect, controls. Indirect controls are
discussed beginning at paragraph 604.10. Auditors may make an erroneous assessment of control risk if the role of indirect
controls is not considered during the understanding and evaluation of controls. For example, if daily sales orders are
approved on an exception basis by the sales manager by reviewing a printout of those sales orders that do not meet standard
pricing and terms, the auditor ought to consider performing risk assessment procedures directed to the completeness and
accuracy of the exception report.
303.55 Client-prepared spreadsheets are often an important part of a clients information system. In many cases, information
may be generated by a packaged software module and then further processed or recorded in a spreadsheet prepared by
accounting personnel. In many instances, the creation of a spreadsheet template is not subject to any formal controls,
including verifying the integrity of key formulas. When spreadsheets are an important part of the information system or
support the performance of a key control activity, the auditors understanding normally needs to encompass the controls over
those spreadsheets.
303.56 Consider Segregation of Duties. When obtaining an understanding of the entitys processes related to financial
reporting and their associated control activities, the auditor considers proper segregation of duties. AU-C 315.A91 specifically
notes segregation of duties as an example of a control activity. Without proper segregation of duties, the design of controls
may be deficient since individuals may be in a position to perpetrate and conceal errors or fraud when performing their job
functions. In many cases, auditors isolate the initiation, authorization, processing, and recording functions and then determine
the actual personnel who perform those functions to ascertain if any incompatibility exists.
304 UNDERSTANDING ENTITY-LEVEL CONTROLS
304.1 The authors refer to the internal control components of the control environment, risk assessment, information and
communication (excluding the financial reporting system), and monitoring as entity-level or company-level controls. These
controls typically have a pervasive effect on the entitys system of internal control and can, therefore, potentially influence the
design and operating effectiveness of other controls. Also, the auditor generally accumulates a significant amount of
knowledge about activity-level controls, the topic of section 305, through the understanding of entity-level controls. As a
result, the authors recommend that auditors obtain an understanding of the entity-level control components first, beginning
with the control environment. The IT environment and general computer controls also have a pervasive effect and are
considered at the entity level. (See the discussion of the top-down approach beginning in paragraph 303.42.) This section
discusses each of the entity-level control components in depth.
Control Environment
304.2 What Is the Control Environment? The control environment sets the tone of an entity and influences the control
consciousness of its people. The control environment is the foundation for all other components of internal control and
provides structure and discipline. Among the important elements of the control environment are the attitude, awareness, and
actions of management, as well as those charged with governance, concerning internal control.
304.3 The control environment of a company includes the following elements:
Participation of those charged with governance.
Communication and enforcement of integrity and ethical values.
Managements philosophy and operating style.
Organizational structure.
Human resource policies and procedures.
Assignment of authority and responsibility.
Commitment to competence.
304.4 An entitys control environment is a significant factor when considering the risks of material misstatement due to error
or fraud. The integrity of management or the owner/manager often plays a significant role in establishing a strong control
environment. For example, although an entity might not have a written code of conduct, it might still have a culture that
emphasizes the importance of integrity and ethical behavior. That culture will be instilled through the visibility and direct
involvement of the owner/manager or top management. Obtaining an understanding of the control environment of a small or
midsize nonpublic company need not be a complex process. The term is more formal and imposing than the idea behind it.
The control environment is simply the conditions and circumstances that exist within the entity that demonstrate
managements attitude about controls and other indicators of managements integrity and motivation.
304.5 The auditor generally obtains a sufficient knowledge of the control environment as a result of performing risk
assessment procedures to understand the attitudes, awareness, and actions of management and those charged with
governance concerning internal control and its importance in achieving reliable financial reporting. The responsibilities
assumed by management and those charged with governance related to financial reporting are particularly important. For
example, the auditor might identify the members of management, and directors if any, who are expected to understand the
entitys business transactions and to evaluate whether they are appropriately reflected in the financial statements. The auditor
considers both (a) the aspects of the control environment that help insure the integrity of financial reporting (that is, the key
control environment controls) and (b) any control environment weaknesses that could have a pervasive effect on the financial
statements.
304.6 Control Objectives. As discussed in paragraph 303.50, when obtaining an understanding of internal control, many
auditors consider control objectives during the process of identifying controls and evaluating their design and implementation.
Controls are properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using them.
Exhibit 3-14 provides a list of control objectives for each of the elements discussed in paragraph 304.3.
Exhibit 3-14
Control ObjectivesControl Environment
Control Environment Element Control Objective
Participation of those charged with governance. Those charged with governance are actively
involved and have significant influence over the
entitys internal control environment and its
financial reporting.
Communication and enforcement of integrity and Management, through its attitudes and actions,
Control Environment Element Control Objective
ethical values. demonstrates character, integrity, and ethical
values. Sound integrity and ethical values,
particularly of top management, are developed
and set the standard of conduct for the
organization and financial reporting.
Managements philosophy and operating style. Managements philosophy and operating style are
consistent with a sound control environment and
have a pervasive effect on the entity. Management
analyzes the risks and benefits of new ventures,
assesses turnover among employees, investigates
and resolves improper business practices, views
accounting as a means to monitor and control the
various activities of the organization, and adopts
accounting policies that reflect the economic
realities of the business.
Organizational structure. The organizational structure of the entity is
appropriately designed to promote a sound
control environment. Authority and responsibility,
appropriate reporting lines, and free flow of
information across the organization provide
unfettered influence to effectively run the entity
and support effective financial reporting, including
the identification and disclosure of related party
Human resource policies and procedures. Human resource policies and procedures send
messages to employees regarding expected
levels of integrity, ethical behavior, and
competence.
Assignment of authority and responsibility. The entity assigns authority and responsibility to
provide a basis for accountability and control.
Commitment to competence. The entity is committed to competence in the
requirements of particular jobs and in translating
those requirements into knowledge and skills.
* * *
304.7 Risk Assessment Procedures and Factors to Consider. When obtaining an understanding of the control
environment, the auditor concentrates on the implementation of control environment elements. Auditing standards place an
emphasis on corroborating managements and employees responses to inquiries through observation or inspection. For
example, through inquiries of management and employees, the auditor obtains an understanding of managements
commitment to ethical values and competence. The auditor follows through with observation of the behavior and attitude
demonstrated by management in managing the business.
304.8 The audit evidence for elements of the control environment is often not available in documentary form. When it is
available, the auditor may inspect documents, for example, a written code of conduct, as evidence of how management
communicates its views of business practices and ethical behavior. While formal documentation may be preferable, it is not
always necessary in order for a policy to be in place and operating effectively. This is emphasized in a nonauthoritative AICPA
Technical Practice Aid, Obtaining an Understanding of the Control Environment (TIS 8200.08). TIS 8200.08 notes that if an
auditor decides to rely on these controls (whether documented or not), it is necessary to test the controls. For example, in a
small business, human resource policies may not be formally documented as they would be in a larger entity. Even so,
policies and practices can still exist and be communicated orally. When documentary evidence is not available, the auditor
might observe managements and directors actions and attitudes.
304.9 Exhibit 3-15 provides examples of possible risk assessment procedures that could be used when evaluating the design
and implementation of control environment elements. ASB-CX-5.1 lists factors that might be considered as the auditor applies
the risk assessment procedures.
Exhibit 3-15
Examples of Risk Assessment Procedures for Evaluating Design and
ImplementationControl Environment
Control Environment Element Illustrative Risk Assessment Procedures
Evaluating Design Determining Implementation
Participation of those charged
with governance.
Inquiries of management and
board members regarding
functions of the board.
Review of backgrounds,
relationships, affiliations, and
experience of the board and
internal audit.
Review of boards charter
and minutes on the nature
of board actions.
Review minutes of the
audit committee.
Review of internal audit
reports.
Communication and
enforcement of integrity and
ethical values.
Inquiry of management about
communication and
enforcement actions and
processes.
Review of general policy
statements on ethical values.
Inquiry of other personnel
regarding communication
received on ethical
values.
Discussion with human
resources regarding
actions taken on ethics
violations.
Review of written
communications issued to
employees; for example,
employee
acknowledgement forms
signed upon hiring
regarding ethical behavior
or code of conduct.
Observation of
managements behavior
in managing the business.
Managements philosophy and
operating style.
Inquiry of management
regarding philosophy on
accounting, reporting, and
establishment of controls.
regarding the amount of risk
the entity is willing to accept.
Inquiries of accounting
personnel to corroborate
the general control
environment and
importance of financial
reporting within the
organization.
Review of communication
issued by management to
personnel regarding
issues that relate to
reports and prior year
communication of internal
control related matters for
items that indicate issues
with managements
philosophy or style.
Review of policies and
procedures manuals to
determine the extent and
quality of controls.
Observation of
managements behavior
and decisions regarding
accounting matters.
Organizational structure. Review of organizational charts.
regarding the functions and
responsibilities within
organizational lines and key
positions.
regarding organizational
ownership of key financial data.
Inquiry of key functional
and department leaders
regarding roles and
adequacy of the
organizational structure.
Inquiry of financial
reporting staff regarding
the effectiveness of
communication within the
organization in reporting
financial events and
transactions.
Human resource policies and
procedures.
Inquiry of human resources
leadership (or role that is
responsible for HR) on turnover
and hiring, training, and
evaluation practices.
Inquiry of human resources
leadership on how employees
receive communication on
integrity and ethical values.
Review of HR policy and
procedure manuals.
Review of personnel files
for documentation of
hiring, training, and
evaluation history.
Inquiry of employees on
communication of ethical
values, training and
evaluation.
Observation of turnover in
accounting department.
Assignment of authority and
responsibility.
Inquiry of management and
department leadership
regarding roles,
responsibilities, and
authorization.
Review of organization charts.
Inquiry of employees
corroborating
management responses.
Review of information
contained in
policy/procedures
manuals and written job
descriptions.
Transaction walkthroughs
of the documented
financial reporting
systems to determine
whether authorization
controls are properly
established.
Observation of the roles
and responsibilities that
are occurring within the
entity.
Commitment to competence. Inquiry of management and
human resources on
competence requirements for
key jobs, especially finance and
accounting.
Review of job descriptions and
requisite requirements for key
positions.
Inquiry of management and
human resources regarding the
adequacy of staffing in
departments that impact
Inquiries of employees
that hold key positions
regarding their
experience, training, and
education.
Review of personnel files
for employees that hold
key jobs.
reports for issues that
relate to competence of
employees.
Review of prior year audit
adjustments and
communications of
internal control matters for
items that relate to
competence of
accounting personnel.
Review of employee
turnover reports and
unfilled job requisitions
during the year.
* * *
304.10 Considering Management Control Consciousness. Management has to take the lead in creating an atmosphere of
control consciousness. If management has a high regard for maintaining reliable accounting records and adhering to
established policies and procedures, then employees are likely to be more conscientious in performing their duties. Similarly,
if managements attitude is cavalier and conveys a disregard for sound practices, then employees are likely to be careless in
discharging their responsibilities. In extreme cases of lack of control consciousness, accounting records may be so
undependable that the company is unauditable. The control consciousness of management or the owner/manager can have
an important influence on the extent of detailed testing of the accounting records that is necessary.
304.11 Small Business Considerations. The influence of an owner/manager predominates in a small business.
Consideration of owner/manager integrity is an important factor in deciding whether to accept a small business engagement.
Factors such as the owner/managers tendency to take unusual or unnecessary business risks may increase audit risk. In
preliminary planning, an auditor needs to reconsider the background information on owner/manager integrity along with the
knowledge that has been obtained about the clients business, its operations, and its industry.
304.12 The purpose of the auditors reconsideration is to assess whether the attitude of the owner/manager in the particular
circumstances might create an increased risk of material misstatement of the financial statements. An owner/manager,
because of the ability to dominate activities or override controls, is in a position to execute and conceal improper transactions.
Even a basically honest owner/manager may be motivated in some cases to materially misstate the financial statements, and
an auditor needs to recognize these circumstances and consider them in planning, especially when identifying risks of
material misstatement of the financial statements due to fraud.
304.13 Some of the circumstances that increase the risk of material misstatement of the financial statements of a small
business because of their effect on the owner/managers attitude are:
a. An interest in employing inappropriate means to minimize reported earnings (for example, by reducing income or
charging personal expenses to the business) for tax-motivated reasons.
b. A threat to the owner/managers personal net worth resulting from poor or deteriorating financial condition when the
owner/manager has personally guaranteed significant debts of the company.
c. Pressure to obtain additional capital in order to stay competitive.
d. A significant pending transaction (such as a financing arrangement) that could be adversely affected if poor financial
results are reported.
Several of these are fraud risk factors as discussed beginning at paragraph 302.47 and are listed in ASB-CX-6.2, Fraud Risk
Factors.
304.14 COSOs Internal ControlIntegrated Framework indicates that entities need to maintain a board consisting of a
majority of outside directors; however, this will often be difficult for small businesses because of the costs involved. In an
owner-managed business, the authors believe the absence of outside directors on a clients board does not necessarily
increase the risk of material misstatement or indicate an internal control deficiency to be communicated to management and
others. (See section 1814.)
304.15 Impact of the Control Environment in Assessing Risk. The existence of a satisfactory control environment, or the
lack of such an environment, is an important factor in assessing the risks of material misstatement at the financial statement
level. For this purpose, the auditor concentrates on the collective effect of the strengths and weaknesses in the various control
environment elements on the risks of material misstatement. This assessment usually affects decisions and judgments made
in establishing the overall audit strategy (see section 306). For example, weaknesses in the control environment might cause
the auditor to perform more substantive procedures as of the balance sheet date rather than at an interim date or to use only
substantive procedures in more audit areas. Also, while a strong control environment may not completely eliminate the risk of
fraud due to the limitations of internal control, it may help reduce the risks of fraud.
304.16 As indicated in paragraph 304.1, the auditor normally obtains an understanding of the control environment prior to
other components of internal control. The reason for this is fairly straightforwardthe strengths or weaknesses in the control
environment (an entity-level control) normally have a permeating effect on the remainder of the control components. For
example, if management demonstrates a poor attitude toward the need for a strong accounting and reporting function, the
chances of the company having robust risk assessment, information and communication, monitoring, and control activities
are significantly reduced.
304.17 In a smaller entity, a strong control environment can partially compensate for control deficiencies in other areas,
including inadequate segregation of duties. The control environment is often viewed synonymously with tone at the top.
Employees of smaller businesses often interact with management and typically are influenced by the tone at the top.
Consequently, smaller entities often develop a culture that emphasizes the importance of integrity and ethical behavior
through oral communication and by management example.
304.18 Due to the role of the control environment, the auditors understanding of this area may influence how the auditor
approaches obtaining an understanding of other areas of internal control, as well as the ultimate assessment of risk at the
overall financial statement level. Risk at the overall financial statement level is discussed beginning with paragraph 306.44.
304.19 Effect of Information Technology on the Control Environment. Exhibit 3-13 shows some of the ways that
information technology affects the control environment. The control environment effects listed in that exhibit generally are just
variations of factors that would apply even if the client did not use computers. The auditors consideration of those factors
would typically be documented on the form Understanding the Design and Implementation of Internal Control at
ASB-CX-4.1 when documenting an understanding of the control environment (see paragraph 304.20).
304.20 Documentation of the Control Environment. The Understanding the Design and Implementation of Internal
Control form at ASB-CX-4.1 can be used to document the auditors understanding of the entitys control environment, along
with the sources of information and procedures performed to obtain or update the understanding. The form allows the auditor
to document the understanding of the control objectives outlined in Exhibit 3-14 and provide an overall conclusion regarding
whether the control environment is properly designed and implemented considering the overall size and complexity of the
entity. Controls are properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using
them. When identifying and considering the specific controls that will achieve various control objectives for the control
environment, the auditor may wish to review the Entity-level Control Form for Control Environment at ASB-CX-5.1. The form
includes specific controls that relate to each control objective. If desired, this form can be used as part of the documentation
of the understanding of controls, including the evaluation of the design and implementation of specific controls. This form can
also be used to document which controls will be tested.
Risk Assessment
304.21 Risk assessment is the process of setting objectives; prioritizing and linking those objectives; and identifying,
analyzing, and managing risks relevant to achieving those objectives. With respect to the objective of reliable financial
reporting, the entityis risk assessment process involves the identification, analysis, and management of the risks of material
misstatement of the financial statements. An entitys risk assessment process includes the following elements:
Financial reporting objectives.
Management of financial reporting risks.
Consideration of fraud risk.
304.22 The auditor generally obtains sufficient knowledge of managements risk assessment process as a result of applying
risk assessment procedures to understand how management considers risks relevant to reliable financial reporting objectives
and decides about actions to address those risks. In some cases there will be a formal risk assessment process, but a formal
process is not essential. The auditor focuses on the following issues:
a. How does management identify business risks relevant to financial reporting?
b. How does management estimate the significance of the risks?
c. How does management assess the likelihood of their occurrence?
d. How does management decide on actions to manage the risks?
The auditor concentrates on the effectiveness of managements efforts to identify and deal with the risks of material
misstatements in financial reporting. The auditor considers both (a) the aspects of the entitys risk assessment process that
enable management to identify, analyze, and address business risks and (b) any difficulties in identifying and addressing
those risks.
304.23 Risks relevant to material misstatements in financial reporting include internal and external events and circumstances
that adversely affect an entitys ability to appropriately initiate, authorize, record, process, and report financial data. Risks are
affected by events and circumstances such as the following:
a. Changes in operations.
b. New personnel.
c. New or revised information systems.
d. Rapid growth.
e. New technology.
f. New business models, products, or activities.
g. Corporate restructurings.
h. New accounting standards.
304.24 Note that risk assessment as described in AU-C 315.16.18 is not the same as an auditors consideration of audit risk
(inherent risk, control risk, and detection risk) in a financial statement audit. An auditor assesses inherent and control risks to
evaluate the likelihood that the financial statements could be materially misstated. An entitys risk assessment, on the other
hand, is the process of identifying, analyzing, and managing risks that affect the entitys objectives. However, the authors
believe managements risk assessment process, as it relates to financial reporting, is somewhat similar to the auditors
assessment of inherent risk. That is, it involves management identifying potential areas of misstatement in the financial
statements, including misstatements due to fraud. Management then implements control activities or takes other steps as
necessary to prevent or detect such misstatements.
304.25 Auditors may be able to leverage the clients documentation when obtaining and documenting their understanding of
the clients risk assessment process. However, even when the client has adequate documentation of its risk assessment
process, the auditor still needs to apply risk assessment procedures to the extent deemed necessary to confirm the
understanding.
304.26 The Entitys Fraud Risk Assessment and Monitoring. All entities ought to be proactive in reducing fraud
opportunities by identifying and measuring fraud risks, taking steps to mitigate identified risks, and implementing and
monitoring appropriate preventive and detective controls and other antifraud measures. However, the nature and extent of
these risk assessment and monitoring activities should be appropriately commensurate with the size and complexity of the
entity. It is important for management to understand its responsibility for establishing and monitoring the entitys fraud risk
assessment process. That process is likely to be less formal and structured in a smaller entity than in a larger entity, but ought
to include a sufficient degree of fraud awareness on the part of management or the owner/manager, and appropriate fraud
risk management activities, with oversight from those charged with governance. The fraud risk assessment and monitoring
process for a typical small to midsize nonpublic company may include:
a. Communicating to employees the owner/managers views on business practices and ethical behavior, either orally
or by example.
b. Thoroughly investigating any incidents of alleged fraud, taking appropriate and consistent actions against violators,
assessing how relevant controls could be improved, correcting any effects on the financial statements, and
reinforcing the entitys values and expectations through appropriate communication.
c. Considering standards of ethical behavior and appropriate business practices in the entitys employee training and
evaluation procedures.
d. Identifying fraud risks and taking appropriate action to reduce or eliminate the risks.
e. Exercising appropriate oversight of the entitys fraud risk assessment and monitoring activities by means of a board
of directors or audit committee.
Exhibit 3-16 provides a list of control objectives for each of the risk assessment elements discussed in paragraph 304.21.
Exhibit 3-16
Control ObjectivesRisk Assessment
Risk Assessment Control Objectives
Financial reporting objectives. Entity and financial reporting objectives are
established, documented, and communicated.
Accounting principles are properly applied in
the preparation of the financial statements.
Management of financial reporting risks. Management has established practices for the
identification of risks affecting the entity.
Management considers the entire organization
as well as its extended relationships in its risk
assessment process.
Management has implemented mechanisms to
anticipate, identify, and react to changes.
Management evaluates and mitigates risk
appropriately.
Consideration of fraud risk. Management has developed an appropriate
fraud risk assessment and monitoring process.
* * *
304.28 Small Business Considerations. Some entities, especially those that are larger or have a higher degree of
sophistication, may have a formalized and documented risk assessment process that includes how management approaches
enterprise risks, including those that are specifically relevant to financial reporting. However, the process for assessing risk in
smaller businesses usually is informal with little or no documentation. The internal control objectives may be recognized
implicitly rather than explicitly. The owner/manager can learn about risks affecting those objectives through direct personal
contact with employees and external parties. The owner/managers in-depth involvement can make risk assessment
extremely effective in smaller entities because often the risks are assessed by someone with both access to the appropriate
information and a good understanding of its implications.
304.29 Risk Assessment Procedures and Factors to Consider. The auditor can tailor risk assessment procedures based
on factors such as the size and complexity of the entity. The authors believe, however, that in most situations, documented
evidence of the entitys risk assessment process will be minimal and the auditor will rely heavily on inquires of management
about how risks are identified and addressed. For most small and midsize nonpublic companies, gaining an understanding of
managements risk assessment process will not be a complex process. It will be based on experience with the client, general
observations of entity operations, and discussions with management or the owner/manager. Specifically, if the events or
circumstances noted in paragraph 304.23 have occurred, the auditor might consider asking management about the
associated risks and what actions were taken to address them. Those inquiries may be corroborated by inquiries of
accounting and other personnel, as well as by inspecting any other supporting written evidence or by determining if risks
occurred that were not identified by management, as illustrated in the following example:
Example 3-1: Evaluating the entitys risk assessment process.
During the audit planning process of Phillips Enterprises, Inc., the auditor learns that a new general ledger system was
implemented during the year. When making inquiries about the entitys risk assessment process, the auditor asks the
CEO and controller what implementation risks were identified and how they were addressed. Management indicates that
they spent weeks planning for the implementation. They identified the following key risks:
Posting from accounting transaction modules would not properly integrate with the new general ledger
system.
The monthly close and financial reporting processes would be interrupted due to training issues, changes in
system performance, and modification in the timing of journal entry processing and edits.
The controller indicates that they addressed these risks by thoroughly testing the system prior to implementation and
ensuring that all staff were properly trained and understood the processing changes made by the new system.
Later, as the auditor begins to obtain an understanding of Phillips financial reporting system, one of the general ledger
supervisors complains that the new system does not provide a history of general ledger transactions prior to the
implementation date and that some historical information can no longer be obtained since the old system was
decommissioned immediately after the implementation. The auditor considers such facts when evaluating the overall
effectiveness of the entitys risk assessment process.
304.30 ASB-CX-5.2 lists factors that might be considered as the auditor applies risk assessment procedures to obtain an
understanding of the entitys risk assessment process.
304.31 Documentation of the Clients Risk Assessment Process. The Understanding the Design and Implementation of
Internal Control form at ASB-CX-4.1 can be used to document the auditors understanding of the entitys risk assessment
process, along with the sources of information and procedures performed to obtain or update the understanding. The form
allows the auditor to document the understanding by each of the control objectives outlined in Exhibit 3-16 and provide an
overall conclusion regarding whether the risk assessment is properly designed and implemented considering the overall size
and complexity of the entity. Controls are properly designed and implemented if (a) they achieve the control objectives and
(b) the entity is using them. When identifying and considering the specific controls that will achieve various control objectives
for the risk assessment process, the auditor may wish to review the Entity-level Control Form for Risk Assessment at
ASB-CX-5.2. The form includes specific controls that relate to each control objective. If desired, this form can be used as part
of the documentation of the understanding of controls, including the evaluation of the design and implementation of specific
controls. This form can also be used to document which controls will be tested.
Information and Communication
304.32 Information refers to the financial reporting system, which includes the accounting system, and encompasses the
procedures and records established to initiate, authorize, record, process, and report the entitys transactions. It also includes
the accountability over assets, liabilities, and equity. An information system may be computerized, manual, or a combination
of the two depending on the size and complexity of the entity. Communication is the process of providing an understanding of
roles and responsibilities to individuals within the organization regarding internal control over financial reporting.
304.33 The quality of information generated by the financial reporting system has significant implications for the audit
because it affects managements ability to control the entitys activities and prepare reliable financial statements. However,
auditors ought not lose sight of the importance of the communication of accounting and financial reporting roles within the
entity. Achievement of the objectives of a well-designed financial reporting system can easily fail if accounting personnel do
not fully understand their roles and how proper performance mitigates the risks of material misstatement. Although part of the
same internal control component, the authors discuss the information and communication processes separately in the
following paragraphs.
304.34 Information. In applying the top-down approach discussed in paragraph 303.42, the authors divide the evaluation
of the entitys information process into two parts: (a) entity-level considerations that affect the auditors risk assessment at the
financial statement level and the overall audit strategy and (b) activity-level considerations that affect the risk assessment at
the account balance, transaction class, and disclosure level. The auditors consideration of the information process at the
entity level focuses on making an overall evaluation of the use and flow of information relevant to reliable financial reporting
rather than on obtaining an understanding of specific processes related to account balances, transaction classes, and
disclosures. For example, the auditor considers whether the client has entity-level controls in place to effectively support it in
identifying, capturing, and using all of the information needed to prepare reliable financial statements, including disclosures.
The auditors understanding is at a high level but sufficiently detailed to identify the significant accounting applications, how
the computer is used in those applications, and the relative complexity and importance of use of the computer. The auditor
also considers the qualifications of accounting personnel and the time pressure they face. Inexperienced or harried
accounting personnel make more errors. At the entity level, the auditor evaluates whether the design and implementation of
the financial reporting system has implications for the assessment of risks at the financial statement level (that is, pervasive
risks) or the overall audit strategy.
304.35 Auditing standards also impose specific requirements related to obtaining an understanding of the financial reporting
system at the account balance, transaction class, and disclosure level. That understanding often directly provides information
regarding the entitys control activities as well. Obtaining an understanding of the financial reporting system at the account
balance, transaction class, and disclosure level, including understanding the financial close and reporting process related to
preparation of the financial statements, is discussed in section 305. Because the audit is an iterative process, information
obtained when evaluating the design and implementation of the financial reporting system at the account balance, transaction
class, and disclosure level may confirm or change the auditors overall conclusion about design and implementation of the
information process at the entity level.
304.36 Control Objectives for Information. As discussed in paragraph 303.50, when obtaining an understanding of internal
control, many auditors consider control objectives during the process of identifying controls and evaluating their design and
implementation. Controls are properly designed and implemented if (a) they achieve the control objectives and (b) the entity
is using them. Exhibit 3-17 provides a list of entity-level control objectives for the information process.
Exhibit 3-17
Control ObjectivesInformation Process
Internal Control Area Control Objectives
Information Information is identified, captured, and used
at all levels of the entity, and distributed in a
form and timeframe that supports the
achievement of financial reporting objectives.
Information needed to facilitate the
functioning of internal control is identified,
captured, used, and distributed in a form and
timeframe that enables personnel to carry out
their internal control responsibilities.
* * *
304.37 Risk Assessment Procedures and Factors to Consider. For most small and midsize nonpublic companies, gaining an
entity-level understanding of the entitys information process will not be complex. It will be based on experience with the
client; general observations of how financial information is identified, captured, and used within the entity; and discussions
with management or the owner/manager. ASB-CX-5.3 lists factors that might be considered as the auditor applies risk
assessment procedures when obtaining an entity-level understanding of the information process related to financial reporting.
The auditors risk assessment procedures related to the financial reporting system at the account balance, transaction class,
and disclosure level are discussed in section 305.
304.38 Communication. The auditor needs to obtain a sufficient understanding of how management communicates financial
reporting roles and responsibilities and other significant matters. The communication process includes both internal and
external elements. For example, it includes communications between management and employees, those charged with
governance, and regulatory authorities. Communication may take the form of policy manuals, memorandums, oral or
electronic communications, etc. This will depend on the size and organizational structure of the entity. Auditors consider both:
The aspects of the communication process that help to ensure employees and those charged with governance
understand their jobs and responsibilities within the financial reporting system and are encouraged to report any
exceptions.
Any areas where communication does not occur.
304.39 Communication is another way that management conveys the tone at the top. Management ought to communicate
the information necessary for employees to perform their assigned tasks, for managers to supervise, and for responsible
parties to make key operating and financial decisions. Communication also relates to the flow of information upstream in an
entity. For upstream communication to occur, there needs to be open channels of communication and a willingness on the
part of management to deal with problems. For control activities to be effective, individuals need to be able to report
exceptions or fraud to the appropriate levels of management.
304.40 When considering whether an entity has communication controls in place, auditors consider whether management
has clearly communicated the following:
That internal control responsibilities are a critical part of employee job duties.
The role and responsibilities that each employee has in the internal control system.
That unexpected events are to be investigated, including determining the cause of the event.
How job activities relate to the work of others.
That communication from employees to management regarding problems, controls, potential fraud, or other issues
is welcomed and expected. One way management might encourage such communication is to establish a fraud
hotline so that employees can report unethical behavior or fraud suspicions without fear of retribution or exposure.
In addition to serving as a fraud detection mechanism, the very existence of a fraud hotline can serve as a deterrent
to misconduct by creating among employees a perception that fraud will be detected and reported. It also
demonstrates managements serious intent to prevent and detect fraud.
That, if an employee feels that taking an issue through the normal upstream communication methods would not be
effective, alternative channels of communication are available (such as a direct communication to senior
management).
304.41 Small Business Considerations. Communication processes are usually less formal in small businesses but are usually
just as effective and efficient. In small businesses with substantial owner/manager involvement, there often is no need for
extensive written communication policies or similar documentation. In addition, because of the fewer levels of management,
effective communication may be easier to achieve. In a small business, communication will often take place through daily
discussions with the owner/manager.
304.42 Control Objectives for Communication. As discussed in paragraph 303.50, when obtaining an understanding of
internal control, many auditors consider control objectives during the process of identifying controls and evaluating their
design and implementation. Controls are properly designed and implemented if (a) they achieve the control objectives and (b)
the entity is using them. Exhibit 3-18 provides a list of control objectives for the communication process.
Exhibit 3-18
Control ObjectivesCommunication Process
Internal Control Area Control Objectives
Communication Communication exists between management
and those charged with governance so that
both have relevant information to fulfill their
roles with respect to governance and to
financial reporting objectives.
All personnel, particularly those in roles
affecting financial reporting, receive a clear
message from top management that both
internal control over financial reporting and
individual control responsibilities are to be
taken seriously.
Personnel have an effective and safe method
to communicate significant information
upstream in the entity.
* * *
304.43 Risk Assessment Procedures and Factors to Consider. Communication may be written, electronic, oral, or through
the direct actions and involvement of management. As a result, auditors often use a combination of risk assessment
procedures to understand the communication process. In addition to inquiries of management, the auditor may consider the
following types of procedures to corroborate managements responses and determine if the communication process as
designed has been implemented:
Inquire of employees regarding the communication that they have received regarding their duties and
managements expectations as they relate to financial reporting.
Review policy and procedures manuals or similar documents that have been provided to employees regarding their
duties.
Review for the existence of training materials or programs on job functions and responsibilities.
Discuss with human resources personnel the evaluation process and how job knowledge and the performance of
responsibilities are incorporated into personnel reviews.
Inquire of the audit committee and review minutes of meetings regarding the communication between management
and others charged with governance.
Inquire of employees regarding how upstream financial communication is received and implemented by
management.
Review whistleblower policies and inspect documentation regarding reported instances of suspected financial
improprieties.
Inquire and review related documentation of how communication from external parties is processed.
304.44 Gaining an understanding of the clients communication processes need not be a complex process for auditors,
especially for small businesses. The auditor does not need to spend much time reviewing client accounting manuals, policies,
or memoranda. Ordinarily, the auditor can gain this understanding based on his or her experience with the client, general
observations of company operations, and discussions with management or the owner/manager. ASB-CX-5.3 lists factors that
might be considered as the auditor applies risk assessment procedures when obtaining an understanding of the
communication process as it relates to financial reporting.
304.45 Documentation of the Understanding of Information and Communication. The Understanding the Design and
Implementation of Internal Control form at ASB-CX-4.1 can be used to document the auditors understanding of how the
control objectives presented in Exhibits 3-17 and 3-18 have been achieved, along with the sources of information and
procedures performed to obtain or update the understanding. The form also allows the auditor to provide an overall
conclusion regarding whether the information and communication process is properly designed and implemented
considering the overall size and complexity of the entity. Controls are properly designed and implemented if (a) they achieve
the control objectives and (b) the entity is using them. When identifying and considering the specific controls that will achieve
various control objectives for the information and communication component of internal control, the auditor may wish to
review the Entity-level Control Form for Information and Communication at ASB-CX-5.3. The form includes specific controls
that relate to each control objective. If desired, this form can be used as part of the documentation of the understanding of
controls, including the evaluation of the design and implementation of specific controls. This form can also be used to
document which controls will be tested. Section 305 discusses documentation of the financial reporting system.
Monitoring
304.46 Monitoring is a process by which an entity assesses the quality of its internal control over time. Monitoring involves
assessing the design and operation of controls on a timely basis, capturing and reporting identified control deficiencies, and
taking actions as necessary. Monitoring activities can also reveal evidence or symptoms of fraud. Effective monitoring ensures
that internal controls are modified as changes in conditions occur in the business. As a result, poor monitoring controls can
allow error or fraud to remain undetected. The elements of an entitys monitoring process include (a) ongoing internal
evaluation and (b) reporting of internal control deficiencies. The control objective for monitoring can be described as follows:
Management monitors controls over financial reporting through ongoing monitoring, independent
evaluations, and remediation of identified deficiencies.
304.47 Monitoring can be accomplished through ongoing activities, separate evaluations, or a combination of the two.
Ongoing monitoring includes management and supervisory activities and other actions that personnel take in performing their
duties, such as performing comparisons, reconciliations, and other routine activities. For example, management or the
owner/manager may question reports that differ significantly from his or her knowledge of operations. Because these activities
are performed in the normal course of business, ongoing monitoring procedures usually adapt to changing conditions and
may be timely in detecting problems. Separate evaluations may involve any aspect of the entitys system of internal control
such as managements review of a component (e.g., the control environment), an element within a component, or the control
activities associated with a specific class of transactions or processing function. Regardless of the manner in which
monitoring is accomplished, identified deficiencies ought to be reported to the individuals responsible for taking corrective
action and to management and those charged with governance, as appropriate.
304.48 According to AU-C 315.23, the auditor should obtain an understanding of the major types of activities that
management uses to monitor internal control over financial reporting. AU-C 315.25 further indicates that the auditors
understanding should include the sources of information related to monitoring and the basis on which management considers
information to be sufficiently reliable for that purpose. The auditor considers both (a) the aspects of the monitoring process
that enable management to appropriately identify and correct control procedures that are not operating as intended and (b)
any circumstances that indicate management has failed to appropriately identify and correct such deficiencies.
304.49 Monitoring can be virtually any activity that ensures that controls are operating as intended and continue to be
properly designed. Monitoring may include activities such as the following:
Review of whether bank reconciliations are prepared on a timely basis.
Review of customer complaints regarding the billing process.
Review of a reporting system that tracks timely collection efforts.
Analysis of reported disbursement errors.
Legal department review of compliance with ethics policies.
Separate evaluation by internal audit regarding revenue recognition.
304.50 External parties may provide information to assist the entity in monitoring controls. For example, external auditors
may provide recommendations on improving controls as a result of their audit of the financial statements. Customers, by
implicitly corroborating billing information through payment of invoices, are another example of external parties that may
assist management in their monitoring activities.
304.51 Small Business Considerations. Ongoing monitoring activities of a small business are likely to be performed by the
owner/manager or other key managers as a by-product of managing the organization. While some small businesses may
have internal personnel or external auditors perform separate evaluations of their internal controls, the need for separate
evaluations generally is less in a small business due to effective ongoing monitoring activities. Factors to consider in
determining whether separate evaluations are needed include the nature of changes occurring within the entity, their
associated risks, and the competence and experience of personnel implementing controls, as well as the results of ongoing
monitoring. The greater the effectiveness of ongoing monitoring, the lesser the need for separate evaluations.
304.52 Additional COSO Guidance on Monitoring. COSO issued guidance entitled Guidance on Monitoring Internal
Control Systems. The materials were developed to help clarify the monitoring component of internal control because it was
believed that many entities do not fully understand the concept of monitoring and often fail to fully consider it when assessing
their systems of internal control. Furthermore, the guidance is intended to assist entities in (a) identifying and maximizing the
effectiveness of monitoring that already exists in the organization and (b) identifying other opportunities for improving
monitoring efficiency and effectiveness. The monitoring guidance does not replace or modify any of the guidance contained
in COSOs Internal ControlIntegrated Framework. Auditors, along with their clients, may find the guidance useful when
obtaining an understanding of monitoring activities and assessing monitoring controls.
304.53 To best achieve the objective in paragraph 304.46, the COSO monitoring guidance indicates that monitoring needs to
be based on three broad elements:
Foundation for Monitoring. This encompasses (a) proper tone at the top; (b) an organizational structure that ensures
that people with appropriate capabilities, objectivity, and authority assume monitoring roles; and (c) a baseline of
known effective internal control in the entity from which ongoing monitoring or separate evaluations can be
implemented.
Designing and Executing Procedures. Monitoring procedures need to be focused on the operation of key controls
that address meaningful risks. The operation of such controls needs to provide persuasive information.
Assessing and Reporting. This involves the evaluation of the severity of identified deficiencies and the reporting of
deficiencies to appropriate personnel for timely action and follow-up, where needed.
304.54 COSOs guidance on monitoring consists of three volumes. Volume I discusses the fundamental principles of
effective monitoring and the linkage to the COSO framework on internal control. Volume II discusses the principles in greater
detail and provides guidance on implementing effective monitoring. Volume III provides examples of effective monitoring. The
COSO guidance is available on Checkpoint or can be ordered through the AICPA at www.cpa2biz.com.
304.55 Risk Assessment Procedures and Factors to Consider. An understanding of an entitys monitoring activities may
be obtained through the performance of risk assessment procedures such as direct inquiries of management, review of entity
policies and procedures manuals to determine monitoring functions, or procedures performed to obtain an understanding of
other components of the entitys internal control system. For example, when performing a walkthrough of the cash receipts
transaction processing system (see section 305 for a description of walkthrough procedures), upon inspection of the monthly
bank reconciliation, the auditor notices the reconciliation has been initialed. Upon inquiry of the bookkeeper, the auditor
learns that the initials were placed there by the manager to evidence his or her review of the reconciliation process. In this
way, the auditor obtains an understanding of both the design of the monitoring controls as well as their implementation.
304.56 When making inquiries of management, the inquiries need to be properly adapted for the circumstances. For
example, an owner/manager of a small business may exercise extremely effective monitoring controls through daily
observation of the performance of personnel, personal conversations with customers and vendors, detailed review of daily
bank activity, and similar hands-on activities. Since these activities are performed on an informal basis, the owner/manager
may not view them as a monitoring process over internal controls, but simply the manner in which business is conducted.
Thus, the auditor adapts his or her inquiry to ensure that management understands the nature and objective of the question.
304.57 For audits of small and midsize nonpublic companies, the auditor need not spend a great deal of time gaining an
understanding of the clients monitoring process. Normally, the auditor can gain this understanding based on his or her
experience with the client, general observations of company operations, and discussions with management or the
owner/manager. ASB-CX-5.4 lists factors that might be considered as the auditor applies risk assessment procedures to
obtain an understanding of the entitys monitoring activities.
304.58 Consideration of Internal Audit Function. One method some businesses use to monitor internal control is through
separate evaluations by internal auditors. Most small and midsize nonpublic companies do not have internal auditors.
However, if there is a designated internal audit function, the auditor should obtain an understanding of that function during
audit planning. AU-C 315.24 indicates that if the entity has an internal audit function, the auditor should obtain an
understanding of the nature of the functions responsibilities, how the function fits into the organizational structure, and the
activities performed or to be performed by the function. Section 907 discusses the use of internal auditors.
304.59 Documentation of the Clients Monitoring Process. The Understanding the Design and Implementation of Internal
Control form at ASB-CX-4.1 can be used to document the auditors understanding of the entitys monitoring process, along
with the sources of information and procedures performed to obtain or update the understanding. The form allows the auditor
to document an overall conclusion regarding whether the monitoring process is properly designed and implemented
considering the overall size and complexity of the entity. Controls are properly designed and implemented if (a) they achieve
the control objectives and (b) the entity is using them. When identifying and considering the specific controls that will achieve
the control objective for the monitoring process, the auditor may wish to review the Entity-level Control Form for Monitoring
at ASB-CX-5.4. The form includes specific controls that relate to the control objective for monitoring. If desired, this form can
be used as part of the documentation of the understanding of controls, including the evaluation of the design and
implementation of specific controls. This form can also be used to document which controls will be tested.
IT Environment and General Computer Controls
304.60 IT Environment. IT systems may include packaged applications provided by vendors; custom developed
applications; or end-user computing, such as spreadsheets, that provide accounting data used to generate financial
reporting. Many small and midsize businesses have simple computer operations. Typically, they use PCs, which may be
linked in a local area network (LAN), and purchased software packages for specific applications, such as accounts
receivable. However, some entities may have internal control that is heavily dependent on information technology. Use of the
Internet or any other information technology does not necessarily mean that an entitys internal control is heavily dependent
on IT.
304.61 An entity with a simple computer system may use primarily paper-based manual procedures to enter sales orders,
prepare shipping documents and invoices, and maintain accounts receivable. The client may also use manual controls, such
as approvals, reconciliations, reviews, and follow-up of exceptions. In a system that uses automated procedures to initiate,
record, process, and report transactions, electronic records replace many of the paper forms. Controls in that environment
generally consist of a combination of automated and manual controls. Automated controls include processes such as edit
and validation routines embedded in computer programs. In addition, the nature of the manual controls may be different.
Manual controls in an automated system may be independent of the computer system, may use information produced by the
system, or may be limited to monitoring the automated controls and handling exceptions. The mix of manual and automated
controls varies with the nature and complexity of the clients system.
304.62 The use of manual controls is often more effective when judgment and discretion are needed. For example, manual
controls would generally be more appropriate in the following situations:
Large, unusual, or nonrecurring transactions.
When monitoring the effectiveness of automated controls.
In changing circumstances where a control response may be needed outside of the scope of an automated control.
In circumstances where misstatements are difficult to anticipate, define, or predict.
304.63 However, automated controls may be more effective than manual control in other circumstances. Since manual
controls are performed by humans, they may be subject to override, misinterpretation, errors, or bypass. As a result,
automated controls may be more suitable in the following circumstances:
Recurring transactions or high volume.
Situations where errors can be anticipated or predicted and prevented or detected by control parameters subject to
automation.
Control activities where their nature allows the use of properly designed automated control processes.
304.64 The use of IT may enhance the effectiveness and efficiency of the clients internal control because of the consistency,
timeliness, and accuracy inherent in automated systems. Use of IT also offers benefits in terms of data analysis, monitoring
entity performance, reduced risk of override, and systems and data security. For example, in an IT system, security controls
can help achieve segregation of duties. However, the use of IT also poses certain risks to a clients internal control, such as:
Reliance on systems or programs that are inaccurately processing data or processing inaccurate data.
Unauthorized access to data that may result in destruction of data or improper changes to data.
Unauthorized changes to master file data.
Unauthorized changes to systems or programs.
Failure to change systems or programs when necessary.
Inappropriate manual intervention.
Loss or inability to access data.
304.65 The extent and nature of those risks depends on the nature and characteristics of the clients system. In many
systems, users can access a common database of information that affects financial reporting. A lack of control at a single
user entry point could compromise the security of the database and result in improper changes to or destruction of data. For
example, if there are improper controls over the rights and functions of a database administrator, there may be a risk of error
or fraud due to unauthorized data manipulation. Similarly, risks may be higher if the client uses an integrated system where
various software applications share data. If the applications were provided by different vendors or their integration was not
subject to proper controls, the entity may have a higher risk of material misstatements. For example, if a customer order
application provided by one vendor uses customer numbers that differ from customer numbers in a customer address and
credit limit application provided by another vendor, misstatements can arise unless the data (customer numbers) from each
application are properly mapped (translated) to each other. This risk of misstatement is reduced if the same vendor
provides an application suite and is responsible for the integration of the data shared by the components of the suite.
304.66 In many IT environments, the processing of information is decentralized. For example, in a server-client
arrangement, a central server hosts various clients and processing occurs both centrally on the server and remotely by
various clients. As a result, the IT environment is much more open than in the days when all IT processing was confined to a
mainframe computer. These environments can present a higher element of risk given a wider range of access to data and
processing by a variety of users. The range of threats to data and financial reporting may range from unauthorized access to
data and processing to the introduction of computer viruses.
304.67 In todays IT computing environments, the processing of financial data often is not confined within formally developed
or vendor supplied software applications. In many cases, users may access a database warehouse and import data into a
spreadsheet program for processing outside of a formal application. Among other things, the output of the spreadsheet
application might be used as input for a standard software application, support for journal entries, or support for disclosure
information. However, in many cases, unlike the controls over the development or integration of standard software
applications, spreadsheet applications developed by users might not be subject to any formalized controls. For example,
spreadsheet results may not be subjected to formalized testing or there may be no controls over access, development,
modification, or the use of multiple versions of a spreadsheet application.
304.68 When obtaining an understanding of the IT environment, auditors consider what procedures the computer performs
and what data is stored in electronic files. For example, the computer may be used in a discrete accounts receivable system
to record sales invoices, prepare sales journals, maintain an accounts receivable trial balance, and process accounts
receivable transaction data. Alternatively, the computer may be used in an integrated system where significant information is
electronically initiated, recorded, processed and reported. In addition, in audits of many smaller businesses, auditors will find
that one individual has responsibility for authorizing and originating data, controlling input, editing data, and handling rejected
transactions.
304.69 As part of the IT environment, the auditor obtains an understanding of the extent to which IT is used for significant
transaction classes. Typically, the following matters relating to IT are determined:
Automated applications and the software that is used.
Whether software is internally or externally developed and if the client has access to the source code.
Use of service organizations and whether it is necessary to obtain information about a service organizations
controls. That may occur, for example, when a bank provides deposit services, data processing bureau provides
payroll services, or broker-dealer provides securities services.
Hardware, networks, and other aspects of the entitys computer system.
304.70 General Computer Controls. Effective controls to adequately respond to the risks that arise from IT include not only
properly designed and implemented application controls, but the general controls upon which those application controls
depend.
304.71 General controls are policies and procedures that relate to many applications and support the effective functioning of
application controls. General controls ordinarily include controls related to:
IT strategic planning and risk management.
Data center and network operations.
Physical security and access to programs and data.
Program changes and systems acquisition and development.
General computer controls relate to all automated applications, including user-developed spreadsheet applications.
(ASB-CX-5.5 Entity-level Control Form for General Computer Controls, provides a detailed listing of possible controls for
various control objects related to general computer controls.)
304.72 The AICPA Risk Assessment Audit Guide (paragraph 4.63) notes that the auditor evaluates the design of IT general
controls and determine whether they have been implemented when assessing the risks of material misstatement. Poorly
designed general controls do not by themselves cause misstatements in the financial statements. However, deficient general
controls may allow application controls to operate improperly which, in turn, can result in material misstatements in the
financial statements. Thus, general controls need to be assessed in relation to their effect on applications and data that
become part of the financial statements.
304.73 In some cases, certain general controls may not be relevant for the period under audit. For example, if the client has
an IT environment where application software is obtained from outside vendors with no modification and client personnel do
not have access to source code, general controls over the modification of software might not be relevant. Similarly, if no new
systems are implemented during the period of the financial statements, weaknesses in the general controls over systems
acquisition and development may not be relevant to the financial statements being audited. For smaller entities that use
pre-packaged software and do not have access to source code, relevant general controls ordinarily include controls over
access to critical hardware, software, and data; controls over upgrades to the entitys operating system and significant
pre-packaged applications; systems and data back-up and recovery procedures; and controls over the creation, use, and
maintenance of critical spreadsheet applications.
304.74 As discussed in paragraph 303.50, when obtaining an understanding of internal control, many auditors consider
control objectives during the process of identifying controls and evaluating their design and implementation. Controls are
properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using them. Exhibit 3-19
presents a list of control objectives for general computer controls.
Exhibit 3-19
Control ObjectivesGeneral Computer Controls
The entity has an IT strategic planning and risk management process in place to support its financial reporting
requirements.
The entity maintains reliable systems that include appropriate data backup and recovery processes.
Physical security and access to programs and data are appropriately controlled to prevent unauthorized use, disclosure,
modification, damage, or loss of data.
Program changes and systems acquisition and development are appropriately managed to ensure that the application
software adequately supports financial reporting objectives.
* * *
304.75 The auditors risk assessment procedures to obtain an understanding of general computer controls typically include
inquiry of client personnel; inspection of systems documentation, written policies and procedures, incident reports or logs,
etc.; and observation of facilities and equipment, the operation of access controls, the performance of backup routines, etc.,
to understand how general computer control objectives are achieved.
304.76 Documenting the IT Environment and General Computer Controls. The auditor can document the understanding
of the extent to which IT is used in significant transaction classes (see paragraph 304.68) on the Financial Reporting System
Documentation FormIT Environment and General Computer Controls, at ASB-CX-4.2.2. The form is also used to document
whether the use of an IT specialist is considered necessary, as well as the auditors understanding and conclusion about the
design and implementation of general computer controls. If necessary, the auditor can further document the understanding of
general computer controls by completing the Entity-level Control Form for General Computer Controls at ASB-CX-5.5.
305 UNDERSTANDING ACTIVITY-LEVEL CONTROLS
305.1 The authors refer to the internal control component of control activities, along with the detailed aspects of the financial
reporting system, as activity-level controls. Activity-level controls and processes operate at the assertion level rather than at
the overall financial statement level. Activity-level controls are directly related to initiating, authorizing, recording, processing,
and reporting the entitys transactions. Consequently, the understanding of activity-level controls directly supports the
auditors risk assessment at the relevant assertion level for account balances, transaction classes, and disclosures.
305.2 As discussed in section 304, the auditor ordinarily obtains an understanding of entity-level controls first because those
controls have a pervasive effect on the entitys financial statements. Also, the auditor generally accumulates a significant
amount of knowledge about activity-level controls through the understanding of entity-level controls. Controls throughout the
system may be either manual or automated and may be significantly affected by IT. Therefore, the auditor also obtains an
understanding of the entitys IT environment and general computer controls when obtaining an understanding of entity-level
controls. After obtaining an understanding of entity-level controls, the auditor focuses on obtaining an understanding of the
financial reporting system, which is part of the information and communication component of internal control. Obtaining an
understanding about how the entity initiates, authorizes, records, processes, and reports transactions through the financial
reporting system typically also provides a significant amount of information about control activities. After obtaining an
understanding of those aspects of transaction processing, the auditor considers whether it is necessary to devote additional
attention to obtaining an understanding of control activities.
305.3 This section discusses the understanding of the financial reporting system along with the risk assessment procedures
auditors use to obtain that understanding. This section also discusses when it might be necessary to obtain an additional
understanding of control activities. Throughout the process of obtaining an understanding of activity-level controls, the auditor
remains aware of the requirements to:
Obtain an understanding of controls related to significant or fraud risks.
Obtain an understanding of controls related to risks for which substantive procedures alone are not adequate.
Understand the effects of IT on the entitys control activities.
Financial Reporting System
305.4 As discussed in section 304, the financial reporting system is part of the information and communication component of
internal control. The financial reporting system includes the accounting system and encompasses the procedures and
records established to initiate, authorize, record, process, and report the entitys transactions. It also includes the
accountability over assets, liabilities, and equity. Auditors are typically very familiar with the process of understanding the
financial reporting system. When obtaining an understanding of the entitys internal control, auditors often spend most of their
time in this area since it provides the auditor with other key information needed for the audit. For example, the understanding
of the financial reporting system contributes to the auditors ability to design and conduct efficient and effective substantive
procedures because the auditor gains knowledge of the types, sources, and locations of documents and other evidence and
the individuals responsible for processing them.
305.5 During the process of obtaining an understanding about the financial reporting system, auditors typically gain some
knowledge about various monitoring controls or control activities that relate to the processing of transactions and the financial
reporting process. In other words, as the auditor learns about how transactions flow through the accounting system and how
those transactions are reported in the financial statements, a by-product of that knowledge is an understanding of how
management monitors internal control and how certain control activities are applied to achieve accuracy, completeness,
cutoff, and other relevant assertions. As a result, many auditors find that it is efficient to gain an understanding of the financial
reporting system, internal control monitoring, and control activities components of internal control at the same time. In fact, as
discussed in paragraph 305.30, after the auditor obtains an understanding of the control environment, risk assessment,
information and communication, and monitoring, it may not be necessary to devote additional attention to obtaining an
understanding of control activities.
305.6 AU-C 315.19 states that the auditor should obtain sufficient knowledge of the financial reporting system, including
related business processes, as a result of applying risk assessment procedures to understand the following:
Classes of Transactions. The classes of transactions in the entitys operations that are significant to the financial
statements.
Accounting Procedures. The procedures, within both automated and manual systems, by which those transactions
are initiated, authorized, recorded, processed, corrected as necessary, transferred to the general ledger, and
reported in the financial statements.
Accounting Records. The related accounting records, whether electronic or manual, supporting information, and
specific accounts in the financial statements involved in initiating, authorizing, recording, processing, and reporting
transactions.
Other Events and Conditions. The methods used to capture significant events and conditions, other than classes of
transactions, that are significant to the financial statements. Examples include commitments and contingencies,
concentrations, subsequent events, compliance with debt covenants, related party transactions, going concern
uncertainties, and fair values of financial instruments.
Financial Reporting Process. The financial reporting process (including the closing process) used to prepare the
entitys financial statements, including significant accounting estimates and disclosures.
Journal Entries. The controls over standard and nonstandard journal entries.
305.7 A financial reporting system includes methods and records that:
Identify and record all valid transactions.
Provide, on a timely basis, sufficient detailed information about transactions to permit proper classification for
Allow for the recording of transactions at their proper monetary value in the financial statements.
Provide sufficient information to permit recording of transactions in the proper accounting period.
Properly present the transactions and related disclosures in the financial statements.
305.8 Essentially, auditors need to be satisfied that they have a sufficient understanding of the entitys financial reporting
system to understand how material misstatements might occur anywhere in the cycle from the occurrence of transactions to
the final presentation of the companys financial position and results of operations in the financial statements. Also, as
indicated in paragraph 303.12 and required by AU-C 315.22, the auditor should obtain an understanding of how IT affects
control activities that are relevant to planning the audit. This typically means that when obtaining an understanding of the
financial reporting system, the auditor obtains knowledge of relevant computer application controls. Application controls
apply to a specific application, such as accounts receivable, payroll, or the general accounting application. They apply to the
processing of individual transactions and help ensure that the transactions occurred, are authorized, and are completely and
accurately recorded and processed. The AICPA Risk Assessment Audit Guide (Table 3-7) lists examples of application
controls that may be relevant to the audit, including controls relating to the rights of specific users to access the application or
data, delete previously processed transactions or data, or originate new transactions or records (such as a new authorized
vendor, approved customer, or employee record). Relevant application controls also relate to the integrity, completeness, and
accuracy of data input into and processed by the system, as well as the integrity of resulting reports and information.
Application controls are discussed in section 606. In a simple financial reporting system, where the auditor assists with the
preparation of financial statements and disclosures, the authors believe understanding the financial reporting system will
generally involve:
a. Identifying the entitys significant transaction classes.
b. Understanding the flow of information through the financial reporting system for significant transaction classes.
c. Understanding the financial close and reporting process, including how information about other events and
conditions (that is, other than items processed through the entitys significant transaction classes) is captured for
inclusion in the general ledger and financial statements.
d. Understanding the extent to which IT is used in the entitys financial reporting system.
The following paragraphs provide additional guidance on those steps in understanding the financial reporting system.
Guidance is also provided on control objectives for the financial reporting system, risk assessment procedures auditors might
use to obtain a sufficient understanding, including walkthroughs, and documentation of the auditors understanding.
305.9 Identifying Significant Transaction Classes. The auditor identifies significant classes of transactions and obtains an
understanding of the flow of information (including electronic information) through the entitys financial reporting system for
each of those classes. Significant transaction classes are those classes of transactions in the entitys operations that are
significant to the financial statements, generally because of the volume or risk characteristics of transactions processed.
When selecting significant transaction classes, the auditor needs to focus on those that present a reasonable possibility of
material misstatement of the financial statements or disclosures, including those that involve significant or fraud risks.
Qualitative and quantitative factors such as the following might be considered:
Volume of activity.
Size and composition of the related accounts.
Susceptibility to misstatement due to errors or fraud.
Nature of the transactions, related account balances, or disclosures.
Accounting and reporting complexities.
Exposure to losses in the related accounts.
Possibility of significant contingent liabilities arising from the activities being processed.
Existence of related party transactions.
Changes from the prior period in the characteristics of the transactions, related account balances, or disclosures.
Exhibit 3-20 provides examples of transaction classes for specified audit areas.
Exhibit 3-20
Examples of Transactions Classes for Specified Audit Areas
Financial Close and Reporting
Defining the financial closing and reporting process
a
Performing the accounting period close
a
Capturing and processing nonroutine information requiring significant estimates and judgments
a
Preparing and reviewing financial statement disclosures
a
Reviewing and approving the financial statements
a
Adjusting for foreign currencies
Cash
Processing cash receipts
a
Processing disbursements
a
Accounts Receivables/Sales
Processing sales orders
a
Shipping and invoicing sales orders
a
Processing sales adjustments and product returns
a
Estimating the allowance for doubtful accounts and bad debt expense
a
Recording deferred revenue
Estimating the allowance for sales returns and adjustments
Maintaining the customer master file
Inventory/Cost of Sales
Recording purchases
a
Receiving and storing inventory
a
Requisitioning materials for production
Costing inventory
a
Managing inventory
Estimating excess and obsolete inventory reserves
Property
Acquiring and safeguarding property, plant, and equipment
Depreciating property, plant, and equipment
Disposing of property, plant, and equipment (sales and retirements)
Maintaining the property, plant, and equipment sub-ledger
Assessing assets for impairment
Valuing the used equipment reserve
Investments and Derivatives
Managing investments
Managing derivatives
Other Assets
Recording purchases of other assets
Amortizing assets
Accounts Payable and Other Liabilities
Recording purchases
a
Processing accounts payable and accruals
a
a
Maintaining the supplier master file
Estimating the warranty reserve and warranty expense
Notes Payable and Long-term Debt
Managing borrowings
Income Taxes
Calculating and reporting income taxes
Equity
Recording equity transactions
Recording stock compensation
Income/Expense
Processing payroll
a
Maintaining the employee database master file
Recording repairs and maintenance expense
Note:
a
For many nonpublic company audits, this will be considered a significant transaction class.
* * *
305.10 For many nonpublic company audits, significant transaction classes will include the following:
Processing cash receipts.
Processing disbursements.
Processing sales orders.
Shipping and invoicing sales orders.
Estimating the allowance for doubtful accounts and bad debt expense.
Recording purchases.
Receiving and storing inventory.
Costing inventory.
Processing accounts payable and accruals.
Processing payroll.
In addition, the authors believe that transaction classes relating to the financial close and reporting process are always
considered significant. Those transaction classes typically include the following:
Defining the financial closing and reporting process.
Performing the accounting period close.
Capturing and processing nonroutine information requiring significant estimates and judgments.
Preparing and reviewing financial statement disclosures.
Reviewing and approving the financial statements.
Understanding the financial close and reporting process is discussed beginning at paragraph 305.14.
305.11 Understanding the Flow of Information for Significant Transaction Classes. When understanding the flow of
information through the entitys financial reporting system for significant transaction classes, the auditor focuses on the
entitys procedures for the following aspects of transaction processing:
a. Initiating and Authorizing.
(1) How and by whom are transactions initiated and authorized?
(2) What source documents (or electronic means) are used to capture information for entry in the accounting
system?
(3) How and by whom are transactions originally entered in the accounting system for processing?
b. Recording, Processing, and Correcting.
(1) What are the accounting processing steps, both automated and manual, from original entry to inclusion in the
general ledger and who performs them? (Processing includes functions such as edit and validation,
calculation, measurement, valuation, summarization, and reconciliation.)
(2) What accounting records and supporting documents (manual and electronic) are used or created when
processing transactions?
(3) What accounts are involved?
(4) What subsidiary journals or ledgers are involved?
(5) How is the incorrect processing of transactions resolved?
c. Transferring to the General Ledger, Reconciling, and Reporting.
(1) What procedures are used to enter transaction totals into the general ledger?
(2) What is the entitys process for reconciling account detail to the general ledger for material accounts?
(3) How does IT affect the entitys control activities?
(4) What management reports or other information are generated from the system and how are they used by
management or the owner/manager in managing and controlling the entitys activities?
Throughout the process of obtaining the understanding, the auditor considers the effect of IT on the way the entitys control
activities are designed and implemented. The auditor also identifies and evaluates the controls, if any, the entity has
implemented to prevent or detect and correct material misstatements related to fraud risks or other significant risks. And the
auditor is alert for areas where controls should be tested because substantive procedures alone will not be sufficient to
address the assessed risks.
305.12 As indicated in paragraph 305.11, item b, the auditor should obtain an understanding of how the incorrect processing
of transactions is resolved. That is a specific requirement of AU-C 315.19. For example, some systems use suspense
accounts or files to capture failed transactions. For such situations, the auditor would understand the procedures for
suspense accounting including how such transactions are researched and cleared.
305.13 In connection with understanding significant classes of transactions, the auditor identifies the related accounts that
are material to the financial statements. For material accounts, AU-C 315.21 requires the auditor to understand the process for
reconciling detail records to the general ledger. For example, for the accounts receivable general ledger account, the auditor
needs to understand the process of reconciling the account to the subsidiary accounts receivable ledger. While reconciling
procedures are technically a control activity, the understanding is typically obtained when developing a knowledge of the flow
of transactions.
305.14 Understanding the Financial Close and Reporting Process. Events and conditions other than transaction classes
(that is, other than items processed through the entitys significant transaction processing systems) are often material to the
preparation of financial statements. Examples include the fair value of financial instruments, accruals for contingencies,
commitments, and related party transactions. Therefore, it is not enough for the auditor to understand the flow of transactions
through the financial reporting system for significant transaction classes. The auditor also needs to understand how
information about other significant events and conditions is captured. Therefore, for any accounts where material amounts
enter the general ledger or financial statements from sources other than the entitys significant transaction processing
systems, the auditor needs to understand how information about those events and conditions is captured for inclusion in the
general ledger and financial statements and how material accounts are reconciled to the general ledger. Also, for audit areas
requiring significant disclosure information that is not available from the entitys general ledger or related supporting
documents and records, the auditor needs an understanding of how information for disclosures is captured for inclusion in
the financial statements. For most nonpublic companies, the authors believe that understanding is generally obtained as part
of the financial close and reporting process.
305.15 The financial close and reporting process is particularly important to achieving reliable financial reporting.
Weaknesses in the financial reporting process can create risks of material misstatement. The auditor obtains an
understanding of how automated and manual procedures are used to accomplish the following:
a. Develop significant accounting estimates (for example, the allowance for uncollectible accounts, impairment of
long-lived assets or goodwill, and accrued loss contingencies).
b. Initiate, authorize, record, and process standard and nonstandard journal entries in the general ledger.
c. Initiate and record recurring and nonrecurring adjustments to the financial statements that are not reflected in formal
journal entries.
d. Combine and consolidate general ledger data.
e. Prepare financial statements and disclosures.
The auditor remains aware that nonstandard journal entries and other topside adjustments made directly to the financial
statements have been used in numerous instances of fraudulent financial reporting. (ASB-CX-5.6, Control Activities Form for
Financial Close and Reporting, provides a detailed listing of possible controls for various aspects of the financial close and
reporting process. See paragraph 305.46.)
Appendix 3A provides a list of control objectives by audit area for transaction classes common to many nonpublic
commercial entities. As discussed beginning in paragraph 305.46, the Control Activities Forms at ASB-CX-5.6 through
ASB-CX-5.17 may assist the auditor in identifying controls and control activities that help achieve those control objectives.
305.17 Risk Assessment Procedures. Risk assessment procedures that are ordinarily performed to understand the financial
reporting system include inquiries of management and others, observation of entity procedures and controls, inspection of
documents and records, and tracing transactions through the system (i.e., walkthroughs). The nature and extent of the
procedures performed are affected by factors such as the size of the entity, its complexity, and most certainly, the number of
significant transaction classes that exist within the entity.
305.18 The existence of any internal documentation that describes classes of transactions and the transaction flow in the
accounting system is a key factor that may influence the risk assessment procedures used when obtaining an understanding
of the financial reporting system. Typically, such documentation exists for larger and more complex entities and may consist
of the following:
Training manuals for employees.
Policy and procedure manuals.
Formal memoranda and flowcharts.
Internal audit analyses.
When such documentation exists, the auditors risk assessment procedures typically include inspection and review of this
documentation, corroborated by inquires of various personnel to determine if the information is current, observation, and
walkthroughs to verify that procedures are being followed. While the clients internal control documentation is an excellent
source for understanding and evaluating the design of the financial reporting system, risk assessment procedures consisting
of inquiry, observation, and inspection are necessary to ensure that the system has been implemented as designed.
305.19 However, for many small entities, the range of control and day-to-day involvement of management frequently makes
written documentation of the processing systems unnecessary. For those entities the auditor often relies on inquiries of
management and accounting personnel to understand the design of the financial reporting system. The auditor determines
that the system as described has been implemented by performing observation and inspection procedures, such as
walkthroughs.
305.20 Walkthroughs. A common method of obtaining an understanding of the design and implementation of the financial
reporting system for a significant transaction class is to trace a transaction through the various processing steps from initiation
to inclusion in the general ledger and the financial statements. This is commonly referred to as a walkthrough or
cradle-to-grave procedure. Walkthroughs may be used to confirm information obtained by inquiry or from prior years
audits. Walkthroughs are also commonly used in gaining an understanding of related control activities. Paragraph 3.121 of
the AICPA Risk Assessment Audit Guide and paragraph 3.25 of the AICPA Audit and Accounting Guide, Audit Sampling, note
that a walkthrough may be designed to include procedures that are also tests of the operating effectiveness of controls.
305.21 Walkthroughs of transactions usually involve document inspection, inquiry, and observation. The auditor judgmentally
selects one or a few transactions from each of the major classes of transactions and walks those transactions and related
controls through the system from cradle to grave, that is, from initial creation of a source document to final posting in the
general ledger and inclusion in the financial statements. The auditor inspects the documents and accounting records used in
processing, talks to the personnel involved, and observes the handling of records and related assets. At each step, the
auditor does the following:
Observes the demonstration of, or reperforms, the prescribed manual and automated processing procedure or
control.
Identifies and examines the documents and IT involved.
Identifies the name and position of the person who performs the procedure or control and considers the
competence and understanding of the person performing the procedure or control.
Determines whether the procedure is performed as prescribed and on a timely basis.
Identifies the kinds of errors found by the client and the clients responses to correct them.
Determines whether the person has been asked to override the procedure or control.
Identifies exceptions to the prescribed procedure or control.
Some auditors also query individuals about the preceding or succeeding processing step or control activity as a means of
obtaining corroborating information about each step in the process.
305.22 In performing a walkthrough, the auditor follows the transaction through all of the processing steps in the system. A
walkthrough may not be effective if a different transaction is used to test each control separately rather than walking a single
transaction through the entire process or if the auditor does not use the same documents and IT that client personnel use.
(However, it may be necessary to select additional transactions to verify certain processing steps that may apply for some
transactions but not for others. For example, certain of the processing steps and control activities might be different for a
sales order originated through an outside sales force versus one originated through a web portal.) Exhibit 3-21 provides
examples of how risk assessment procedures might be used in a walkthrough for an accounts payable transaction.
Exhibit 3-21
Examples of Risk Assessment Procedures for a Walkthrough of an Accounts Payable Transaction
Processing Step
Type of Risk Assessment
Procedure Example
Initiation Inquiry How is the transaction first initiated
and by whom?
Inspection Inspection of the purchase order.
Processing Step
Procedure Example
Authorization Inquiry Who approves purchase orders prior
to submission to the vendor and
what are the authorization limits?
Inspection Review of purchase order copy to
determine evidence of initialing by
the authorizer.
Processing, Correcting,
and Recording
Inquiry How are shipments of ordered
goods received?
Who receives shipments?
How are submitted purchase orders
and goods received, entered, and
tracked in the ordering systems?
How are accounts payable invoices
matched to purchase orders and
receiving records? Who performs
this process?
How is the accuracy of invoices
determined?
How are exceptions identified?
How are identified errors corrected?
How are invoices entered into the
payable system?
Inspection Review of entry into the purchase
order system.
Review of receiving records for the
transaction.
Review of the evidence that denotes
performance of the matching
process.
Review of the accounts payable
invoice for evidence of clerical
processing.
Tracing the recording of the
transaction into the accounts
payable and or purchase order
system.
Reperformance Reperforming the matching between
the purchase order, receiving
record, and accounts payable
invoice.
Reperforming any mathematical or
other accuracy testing of the
accounts payable invoices.
Observation Visiting receiving departments noting
how shipments are received and
checked.
Verifying segregation of duties by
observing the roles of individuals
that perform the functions.
Processing Step
Procedure Example
Transferring to the
General Ledger,
Reconciling, and
Reporting
Inquiry How are accounts payable
transactions entered into the general
ledger?
How is the accounts payable detail
record reconciled to the general
ledger?
How are processing errors caught
and corrected?
Inspection Tracing the recorded transaction into
the general ledger.
Reviewing the reconciliation of the
accounts payable general ledger
account to the detail for the month of
entry.
Reperformance Reperforming certain steps of the
reconciliation process including how
exceptions were recognized and
corrected in ensuing months.
* * *
305.23 How Often to Perform Walkthroughs. A nonauthoritative AICPA Technical Practice Aid, Use of Walkthroughs (TIS
8200.12) discusses how often an auditor might perform walkthroughs. As noted in paragraph 305.20, the use of walkthroughs
is a common practice for obtaining an understanding of the design and implementation of the financial reporting system. The
TIS notes, therefore, that auditors might perform walkthroughs every year for significant accounting cycles. Even though, as
explained beginning in paragraph 301.7, AU-C 315 allows the auditor to rely on audit evidence obtained in prior periods in
certain situations, the auditor is still required to determine the continued relevance of that evidence. In many cases, the
auditor can establish this relevance through the performance of a walkthrough. Indeed, the AICPA Risk Assessment Audit
Guide (paragraph 3.138) notes that a walkthrough may be helpful in determining whether and how internal control design and
implementation have changed since the prior period. Thus, walkthroughs are ordinarily performed in each audit period for
significant transaction classes.
305.24 However, the authors believe that when walkthroughs of significant transaction classes were performed in prior
periods, the auditor might be able to alter the nature or reduce the extent of risk assessment procedures performed during
current period walkthroughs or, in some cases, rotate walkthroughs by cycle when the client asserts that no changes have
occurred. For example, if the client indicates in response to sufficient and appropriate inquires by the auditor that no changes
have occurred in the processing steps and related control activities for processing sales orders, the auditor might consider
changing the nature or reducing the extent of inspection, observation, and reperformance procedures during the current
period walkthrough of the sales order processing system. Also, the auditor might rotate the performance of a walkthrough for
certain types of sales orders or, in some cases, for the entire sales order processing system.
305.25 However, the AICPA Risk Assessment Audit Guide (paragraph 3.138) also states that the auditor may determine that
a walkthrough is not necessary in determining whether and how controls have changed. Instead, the auditor may first
understand the audit objective (establish the continued relevance of the audit evidence obtained in prior periods) and then
determine the audit procedure(s) that can meet that objective. Paragraph 3.139 of the AICPA Risk Assessment Audit Guide
summarizes the following factors that may be considered in determining the nature, timing, and extent of procedures for
updating the understanding of internal control gained in the prior year:
Effectiveness of the clients control environment, managements risk assessment, monitoring, and general controls.
Reliance on automation.
Changes in client circumstances, such as personnel, business practices, expanded operations into other locations,
etc.
Risks of material misstatement for the relevant assertion.
Length of time since performing extensive risk assessment procedures (initial evaluation of internal control design
and implementation).
Using prior year evidence is more appropriate as controls are more effective and automated (assuming effective general
controls), changes in client circumstances are fewer, risks of material misstatement are lower, and the length of time since the
initial control evaluation is shorter. Paragraph 605.8 also discusses use of audit evidence about controls obtained in prior
audits.
Control Activities
305.26 Control activities are the policies and procedures that help ensure that management directives are carried out. That is,
control activities are those actions that are taken to address risks that threaten the entitys ability to achieve its objectives, one
of which is reliable financial reporting. Control activities usually involve two elements: (a) a policy that establishes what ought
to be done and (b) the procedure that implements the policy. The auditors understanding of the other components of internal
control, including the control environment, risk assessment, information and communication, and monitoring, is used in
assessing the risks of material misstatement at both the financial statement and relevant assertion levels. Certain components,
such as the control environment, are more important for developing the overall audit strategy. In contrast, control activities are
important at the relevant assertion level for detailed planning of the nature, timing, and extent of further audit procedures.
305.27 Control activities, which can be either automated or manual, are performed at various levels within the entity. AU-C
315.21 requires the auditor to obtain an understanding of control activities relevant to the audit and explains that they are
those which the auditor judges it necessary to understand in order to assess the risks of material misstatement at the
assertion level and design further audit procedures responsive to assessed risks. This seems a bit circular, but it essentially
means that the auditor focuses on identifying and obtaining an understanding of control activities that address areas in which
the auditor considers material misstatements more likely to occur. The auditor concentrates on whether and how a specific
control activity, individually or in combination with others, prevents, or detects and corrects material misstatements in the
classes of transactions, accounts balances, or disclosures that are significant to the financial statements. Specifically, the
auditor needs to understand the entitys controls related to significant and fraud risks and also the controls related to risks for
which substantive procedures alone will not be adequate. In addition, the auditor is required by AU-C 315.22 to understand
how IT affects control activities that are relevant to planning the audit.
305.28 Examples of categories of control activities that are relevant to the audit are as follows:
Performance Reviews. Comparisons of current financial reports to other information.
Information Processing. Control activities that are performed to check the accuracy, completeness, and
authorization of transactions. For information processing systems, there are two broad categories of control
activitiesapplication controls and general controls. General controls are discussed beginning in paragraph 304.70.
Physical Controls. Controls that pertain to the physical security of assets, including adequate safeguards that limit
access to assets, authorization safeguards for access to computer programs and files, and periodic counting and
comparison of assets to control records.
Segregation of Duties. The assignment of different people to authorize transactions, record transactions, and
maintain custody of assets.
Asset Accountability. Controls relating to reconciliations of the detailed records to the general ledger.
305.29 Control policies may be communicated either orally or in writing. This depends to a great extent on the size of the
organization and the channels of communication within the entity. Also critical to control activities are the follow-up actions
taken in response to identified discrepancies (for example, investigation by management or the owner/manager of
unexpected variances noted while comparing actual sales to budgeted sales). Auditing standards specifically require the
auditor to obtain an understanding of how the incorrect processing of transaction is resolved. As discussed in paragraph
305.13, the auditing standards also specifically require the auditor to obtain an understanding of the process of reconciling
detail to the general ledger for material accounts.
305.30 An audit of financial statements does not require an understanding of all control activities related to each class of
transactions, account balance, and disclosure or to every relevant assertion. The auditor first considers the knowledge about
control activities obtained from the understanding of the other components of internal control before devoting additional
attention to obtaining an understanding of control activities. Deciding when an additional understanding of control activities is
necessary is discussed beginning at paragraph 305.34.
305.31 Small Business Considerations. Control activities relevant to the audit of a smaller nonpublic company, according
to AU-C 315.A97 are likely to relate to the main transaction cycles, such as revenues, purchases, and employment
expenses. AU-C 315.A96 explains that for smaller nonpublic companies, control activities are likely to be similar to those for
larger entities, but the formality of their operation may differ. Also, it explains that certain control activities may not be relevant
because of controls applied by management. For example, segregation of duties often presents difficulties due to the limited
number of employees. However, even small businesses with few employees may be able to assign responsibilities to achieve
adequate segregation. If this is not possible, direct oversight by the owner/manager can usually provide the necessary
control. For example, in the area of cash, the owner/manager might compensate for a lack of segregation of duties by being
the only authorized check signer, by receiving bank statements directly, and by reviewing all bank statements and
reconciliations.
305.32 Obtaining an Understanding of Control Activities. As indicated previously, the auditor first considers knowledge
about control activities obtained through the understanding of other components of internal control, including the financial
reporting system, before investing additional efforts. Generally, the auditor accumulates a significant amount of knowledge
about control activities through the process of obtaining an understanding of the other components. Exhibit 3-22 illustrates
situations where an auditor might learn of control activities when obtaining an understanding of other components.
Exhibit 3-22
Examples of Control Activities Identified through Other Components
Control Component Example of Control Activity Identified
Control Environment When obtaining an understanding of managements
philosophy and operating style regarding internal controls,
the auditor learns of control activities relating to significant
estimates which the auditor had identified as a risk area.
When obtaining an understanding of the control
environment, the auditor learns about the assignment of
authority and responsibility, including whether there is a
basic segregation of duties related to assets subject to
misappropriation, such as cash, and whether there are
effective reconciliation procedures that systematically
compare assets with the accounting records.
Risk Assessment Process Management has identified and assessed inventory theft
risks associated with a new product line with a high cost per
unit that was introduced during the year. Management
describes the control activities that were developed to
Control Component Example of Control Activity Identified
safeguard inventory in response to this risk.
Monitoring When responding to monitoring queries, management
describes how the controller reviews sensitive valuation
procedures relating to the impairment of longlived assets
and goodwill.
(including the Financial Reporting
System)
When performing the walkthrough of the billing process, the
auditor learns of a review activity by the revenue accounting
manager to ensure that components of complex contract
billings are properly recognized or deferred based on
relevant accounting standards.
When obtaining an understanding of the accounting
processing and records for cash, the auditor learns about
the clients process for reconciling bank accounts.
* * *
305.33 The auditor may also learn of control activities while performing risk assessment procedures to obtain the
understanding of the entity and its environment discussed in section 302. Most frequently, however, the auditor learns of
control activities while obtaining an understanding of the financial reporting system as discussed beginning in paragraph
305.4. As noted in paragraph 305.5, a natural by-product of the understanding of how transactions are initiated, authorized,
processed and recorded is knowledge of how control activities ensure that relevant assertions are achieved.
305.34 When Is an Additional Understanding of Control Activities Necessary? As indicated in paragraph 305.30, the
auditing standards do not require an understanding of all of the control activities related to each class of transactions, account
balance, and disclosure in the financial statements or to every assertion. The auditors emphasis under professional
standards is on understanding control activities that allow the auditor to assess risks of material misstatement at the relevant
assertion level and to design and perform further audit procedures that are responsive to those risks. Thus, after considering
the control activities previously identified, the auditor evaluates whether a sufficient understanding of control activities has
been obtained for those areas where the auditor considers material misstatements more likely to occur. The auditor may need
to devote additional attention to obtaining an understanding of control activities in certain circumstances. For example, it is
necessary to obtain an additional understanding if
The auditor does not understand what controls, if any, the entity has implemented to prevent or detect and correct
material misstatements in specific assertions related to fraud risks or other significant risks. The discussion
beginning at paragraph 303.13 discusses controls related to fraud risks and other significant risks.
The auditor plans or is required to test controls for one or more assertions but has not identified which controls to
test (that is, which manual or automated controls are most likely to prevent or detect and correct material
misstatements in that assertion). The discussion beginning in section 603 provides guidance on when an auditor
would normally test controls.
305.35 Thus, even if the auditor concludes additional attention to control activities is necessary, the auditor can focus on
controls related to specific transactions, account balances, or assertions. The practical implication of this selective approach
is that it is not necessary to complete an internal control questionnaire or prepare additional documentation to describe the
control activities for all material account balances and transaction classes. The auditor may identify key balances, classes, or
assertions and conclude that a further understanding of control activities is necessary only for those selected areas (such as,
completeness of cash revenues for a retailer or nonprofit organization).
305.36 In determining the knowledge of control activities necessary to identify types of potential misstatements and develop
appropriate responses, the auditor considers experience with the client in prior audits and the knowledge and understanding
of the clients business and industry, including the discussion among the engagement team about the risks of fraud and the
information gathered to identify fraud risks. The auditor also considers the complexity and sophistication of the clients
operations and financial reporting system. In small business audits, for example, the knowledge of control activities gained
when obtaining an understanding of the control environment, risk assessment, information and communication, and
monitoring components of internal control ordinarily is sufficient. That is, a simple operation with simple, routine accounting
processing would generally require no knowledge of control activities beyond that gained from understanding the control
environment, risk assessment, information and communication (including the financial reporting system), and monitoring
components of internal control. When considering control activities, auditors might find the discussion on A Practical
Approach for Obtaining an Understanding of Internal Control beginning at paragraph 303.28 helpful.
305.37 In certain circumstances the auditors understanding of control activities may need to be more extensive than the
knowledge gained when obtaining an understanding of the other four components of internal control. If the complexity or
sophistication of the entitys operations limit the auditors knowledge of potential material misstatements, a further
understanding of control activities is necessary. For example, accounting for complex activities, such as a hedge fund that
engages in a wide variety of equity and derivative securities transactions; an accounting system that relies on another entity to
maintain detailed transaction records; or an accounting system with a high volume of low dollar transactions that are not
recorded individually may require the auditor to obtain additional knowledge about control activities to identify the types of
misstatements that could occur and design substantive procedures effective in detecting such misstatements or design tests
of controls. A further understanding of control activities also may be necessary when the client depends heavily on the
computer to initiate transactions or accounting entries, or to process and control substantially all of the information with little
or no user involvement, in one or more significant applications. In such a situation (as in an e-business environment), a further
understanding of general, application, and user computer controls is generally necessary. If the auditor has an adequate
knowledge of the potential causes of material misstatements, it may be possible to design effective audit tests without a
further understanding of control activities. The key is always what is necessary to design effective audit tests in the
circumstances to adequately respond to the auditors risk assessment. The case study beginning at paragraph 305.40
discusses considerations when the auditor decides to obtain a further understanding of control activities.
305.38 If the auditor considers it necessary to obtain an additional understanding of control activities due to the conditions in
paragraph 305.34, or for other reasons decides he or she does not have a sufficient understanding to assess the risks of
material misstatement and develop appropriate responses, the auditor applies additional risk assessment procedures to
understand the relevant control activities and evaluate their design and implementation. When determining risk assessment
procedures that may be used to identify control activities, consider the discussion beginning in paragraph 305.17 related to
the financial reporting system. In addition, the auditor may consider applying walkthrough procedures to confirm the
understanding as discussed beginning in paragraph 305.20.
305.39 Some auditors use an internal control questionnaire as a memory jogger when initially gaining an understanding of
control activities or when obtaining a further understanding. Such questionnaires provide common manual and automated
control activities for typical accounts or transaction classes that are found in most entities. As discussed beginning in
paragraph 305.46, the Control Activities Forms at ASB-CX-5.6 through ASB-CX-5.17 may assist the auditor in identifying
common control activities for typical nonpublic commercial entities.
305.40 Case Study on Extent of Understanding of Control Activities. AEC, Inc., is a construction contractor and uses the
percentage-of-completion accounting method for recognizing revenues and the related costs. Revenue earned and the cost
of revenue earned are determined by multiplying the most current estimates of total contract prices and costs by an
engineering estimate of percentage of completion. The percentage of completion is determined by a computer program that
combines estimates with the companys experience on similar contracts over the past year. The computer-determined
percentage of completion becomes the input to another computer program that calculates revenue earned, cost of revenue
earned, and gross profit by contract from inception to date and for the current period. Does the auditor need to obtain an
understanding of the control activities over the process resulting in contract gross profit or can the auditor take a substantive
approach in this engagement?
305.41 In this case, an understanding of the control activities and related processing for determination of percentage of
completion would seem to be essential. The auditor could take a substantive approach to total contract revenues and costs.
However, the determination of percentage of completion is a critical factor, and the auditor needs to obtain a sufficient
understanding of the process by which the percentage is determined and the controls over that process to know the possible
errors or fraud that may be introduced. The authors believe the auditor could not design effective substantive procedures
without a reasonably detailed knowledge of the process for calculation of percentage of completion and the control activities
related to that process. Depending on the auditors conclusion about whether substantive procedures alone are sufficient to
provide reasonable assurance of detecting material misstatements, tests of controls might be necessary.
Documenting Activity-Level Controls
305.42 This Guide illustrates various practice aids that can be used when documenting activity-level controls. The following
paragraphs explain the practice aids that can be used when documenting the financial reporting system, IT environment and
general computer controls, and control activities.
305.43 Documenting the Financial Reporting System and Walkthroughs. The understanding of the financial reporting
system can be documented on the Financial Reporting System Documentation FormSignificant Transaction Classes, at
ASB-CX-4.2.1 for each significant transaction class. As noted in paragraph 305.5, when obtaining an understanding of the
financial reporting system, the auditor will generally obtain knowledge of various control activities that relate to the processing
of transactions and the financial close and reporting process. ASB-CX-4.2.1 can also be used to document those controls. As
discussed more fully at paragraph 305.46, some auditors may wish to use the forms at ASB-CX-5 in conjunction with the
preparation of ASB-CX-4.2.1 when obtaining an understanding and documenting controls for significant transaction classes
and the financial close and reporting process. ASB-CX-5.6, Control Activities Form for Financial Close and Reporting,
provides a detailed listing of possible controls for various aspects of the financial close and reporting process. The Control
Activities Forms at ASB-CX-5.7 through ASB-CX-5.17 may assist the auditor in identifying controls and control activities for
other significant transaction classes within the financial reporting system.
305.44 The Walkthrough Documentation Table at ASB-CX-4.3 can be used to document the auditors walkthrough
procedures for significant transaction classes. The form allows the documentation of each of the items discussed in
paragraph 305.21.
305.45 The documentation of the financial reporting system and walkthroughs for significant transaction classes ought to be
cross-referenced to the Understanding the Design and Implementation of Internal Control form at ASB-CX-4.1, which
provides a summary of significant transaction classes and the manner of documentation.
305.46 Documenting Control Activities. As discussed in paragraph 305.43, the Financial Reporting System
Documentation FormSignificant Transaction Classes at ASB-CX-4.2.1 may be used to document control activities. If
needed, the auditor may use one or more of the Control Activities Forms at ASB-CX-5, listed in Exhibit 3-23, to assist in
identifying and describing the entitys controls and in obtaining a further understanding of control activities. These forms
present detailed lists of controls for significant transaction classes that are applicable to an audit area. The relevant assertions
that the controls address are also listed. If desired, the appropriate control form may be completed to further document the
understanding of controls. These forms also allow the auditor to document whether the control (a) addresses a fraud risk or
other significant risk (see discussion beginning with paragraph 303.13), (b) is effectively designed and implemented, (c) is
automated, and (d) is tested. (Chapter 6 provides a detailed discussion on testing controls.)
Exhibit 3-23
Control Activities Forms
Form Number Audit Area
ASB-CX-5.6 Financial Close and Reporting
ASB-CX-5.7 Cash
ASB-CX-5.8 Accounts Receivable and Sales
ASB-CX-5.9 Inventory and Cost of Sales
ASB-CX-5.10 Property
Form Number Audit Area
ASB-CX-5.11 Investments and Derivatives
ASB-CX-5.12 Other Assets
ASB-CX-5.13 Accounts Payable and Other Liabilities
ASB-CX-5.14 Notes Payable and Long-term Debt
ASB-CX-5.15 Income Taxes
ASB-CX-5.16 Equity
ASB-CX-5.17 Income and Expenses
* * *
306 PLANNING DECISIONS AND JUDGMENTS
306.1 The information the auditor obtains about the entity and its environment by performing risk assessment procedures is
used to make several important planning decisions and judgments. The primary planning decisions and judgments based on
this information are as follows:
a. The materiality level for the financial statements taken as a whole (preliminary planning materiality).
b. Materiality for particular items of lesser amounts than planning materiality.
c. The risks of material misstatement at the financial statement level.
d. The overall audit strategy (a collective group of judgments about the audit approach, including overall responses to
risks).
e. Performance materiality
7(33)
at the individual class of transactions, account balance, or disclosure level.
f. Risks of material misstatement at the relevant assertion level related to classes of transactions, account balances,
and disclosures.
g. The specific nature, timing, and extent of further audit procedures.
306.2 The audit planning process is iterative and continuous. Some risk assessment procedures are performed to consider
audit risk and materiality at the financial statement level and the judgments about those matters in turn affect the
considerations at the relevant assertion level for account balances, transaction classes, and disclosures.
306.3 Risks of material misstatement at the relevant assertion level for account balances, transaction classes, and
disclosures (item f. in paragraph 306.1) is discussed in Chapter 4; the specific nature, timing and extent of further audit
procedures (item g. in paragraph 306.1) are discussed in Chapters 5 and 6. The other planning decisions and judgments
(items a.e. in paragraph 306.1) are discussed in the following paragraphs in this section.
Determining Materiality at the Financial Statement Level
306.4 According to AU-C 320.10, the auditor should determine a materiality level for the financial statements taken as a
whole when establishing the overall strategy for the audit. The preliminary judgment about materiality at the financial
statement level is generally referred to as planning materiality. AU-C 320.14 states that the auditor should document the levels
of materiality, including any changes thereto, used in the audit. The need to establish planning materiality is directly related to
the auditors objective of obtaining reasonable assurance of detecting misstatements that the auditor believes could be large
enough, individually or in the aggregate, to be material to the financial statements. The auditor uses the concept of materiality
both in (a) planning and performing the audit and (b) evaluating the effect of identified misstatements on the audit and the
effect of uncorrected misstatements on the financial statements. These two perspectives of the concept are sometimes
referred to as (a) planning materiality and (b) evaluation materiality.
306.5 Understanding the similarities and differences between planning materiality and evaluation materiality provides helpful
background for making materiality decisions and judgments. AU-C 320.06 explains that planning materiality is not necessarily
the amount below which uncorrected misstatements, individually or in the aggregate, will be evaluated as immaterial.
Because of surrounding circumstances, the auditor may evaluate an amount as material even if it is below planning
materiality. AU-C 320.06 observes that it is not practical to design audit procedures to detect misstatements that could be
material solely because of their nature (qualitative considerations), but when evaluating the effect of uncorrected
misstatements on the financial statements, the auditor considers not only the size but also the nature of uncorrected
misstatements and the particular circumstances of their occurrence. The implication of these matters explained in AU-C 320 is
that determination of planning materiality is primarily a quantitative consideration, even though qualitative considerations
influence evaluation decisions and judgments.
306.6 Quantifying Planning Materiality. The auditors determination of materiality, according to AU-C 320.04, is affected by
the auditors perception of the financial information needs of users of the financial statements. Definitions of materiality
normally reference a hypothetical user of the financial statements, such as a reasonable person or investor. AU-C 320 does
not adopt or provide a specific definition of materiality. AU-C 320.02 refers the auditor to the discussion of materiality in the
financial reporting framework applicable to the preparation and fair presentation of the financial statements under audit.
306.7 If the financial reporting framework is U.S. GAAP, for example, then the pronouncements of the FASB would provide a
frame of reference for making materiality decisions and judgments. For U.S. GAAP, the conceptual touchstone for
determining materiality is the following definition from FASB Statement of Financial Accounting Concepts No. 8, Conceptual
Framework for Financial ReportingChapter 3, Qualitative Characteristics of Useful Financial Information:
Information is material if omitting it or misstating it could influence decisions that users make on the basis of
the financial information of a specific reporting entity. In other words, materiality is an entity-specific aspect
of relevance based on the nature or magnitude or both of the items to which the information relates in the
context of an individual entitys financial report.
The reference to based on the nature or magnitude or both in that definition recognizes that qualitative as well as
quantitative factors influence materiality judgments. As previously mentioned, however, in determining planning materiality the
focus is generally on quantitative factors. For this reason, auditors have historically used some common rules of thumb in
establishing planning materiality.
306.8 These rules of thumb generally apply a percentage to a benchmark amount from the financial statements. AU-C
320.A5 suggests the following factors that may affect the identification of an appropriate benchmark:
Elements of the financial statements (assets, liabilities, equity, revenue, expenses).
Focus of financial statement users attention on particular items (for evaluating financial performance, for example,
profit, revenue, or net assets).
Nature of the entity, where it is in its life cycle, and the industry and economic environment in which it operates.
Ownership structure of the entity and the way it is financed (for an entity financed solely by debt, for example, users
may put more emphasis on assets and claims on assets than on earnings).
Relative volatility of the benchmark.
306.9 AU-C 320.A6 provides the following examples of benchmarks that might be appropriate depending on the nature and
circumstances of the entity:
Total revenue.
Gross profit.
Profit from continuing operations before tax.
Profit before tax.
Total expenses.
Total equity.
Net asset value.
The appropriate benchmark and the related percentage applied to it can vary with the circumstances.
306.10 Desirability of a Single Benchmark. The desirability of a single benchmark arises from the practical requirements of
audit planning. To understand the use of materiality in planning, it is helpful to contrast planning with evaluation. When the
auditor is evaluating the materiality of misstatements at the conclusion of the audit, different materiality levels may be used for
different financial statements. In planning, the auditor does not know in advance whether the misstatements that will be
detected by a particular audit test will affect the balance sheet only, the income statement only, or both statements. Thus,
using several levels of materiality is impractical in planning (however, see paragraph 306.22). Also, the auditor needs to use a
specific amount in making decisions about the scope of a test; for example, examine all cash disbursements in the
subsequent period or all additions to property above a specific dollar amount. A range is not useful for making scope
decisions but may be helpful in evaluation; for example, deciding that in particular circumstances an error over $10,000 is
material, an error under $5,000 is immaterial, and an error between $5,000 and $10,000 may be material. That type of guide
can be useful in evaluation, but it does not work well in planning. The auditor decides whether an audit test needs to be
extensive enough to detect misstatements over $5,000 or over $10,000. A range is not useful for this purpose.
306.11 Benchmarks. Conceptually, materiality is established based on the auditors perception of users needs and
expectations. As described in paragraph 306.8, however, the nature and size of the entity are also important factors to
consider in selecting benchmarks to establish planning materiality. For many nonpublic companies, total assets or revenue
often provides a sound benchmark. Using either total assets or total revenue as a benchmark has the advantages of relative
stability, predictability, and representativeness of entity size. Nevertheless, the auditor needs to identify whether there are
financial statement items on which, for the particular entity, users attention tends to be focused. If a financial statement item is
more important to users than total revenue or total assets, then the auditor ought to determine the planning materiality amount
using that financial statement element as the benchmark. For example, if users of the financial statements are particularly
concerned with income, a profit-related benchmark may be more appropriate, but not if there have been unusual decreases
or increases in profit, that is, volatile earnings. For some companies, pretax income may fluctuate too much to be a useful
benchmark for planning audit testing. It would not be reasonable for the extent of tests to double simply because pretax
income is cut in half in a particularly difficult year. Nor would it be reasonable to expect negligible allowable misstatement
simply because a company is operating near the break-even point. Also, if past experience indicates a reasonable
expectation of significant audit adjustments, a preliminary amount based on pretax income would not be useful.
306.12 Regardless of the benchmark the auditor uses for planning the extent of audit testing, he or she needs to be satisfied
that the combined effects of the nature, timing, and extent of planned procedures will be adequate to provide reasonable
assurance that the financial statements are free from material misstatement, even if a different materiality benchmark is used
for evaluation of audit differences.
306.13 It is important to note that a planning materiality benchmark is used primarily to plan the extent of audit testing, but
does not purport to provide a basis for determining the adequacy of other aspects of audit planning; namely, the nature and
timing of procedures. Also, as explained in paragraph 306.5, the choice of a benchmark for planning purposes does not
predetermine what will be relevant in evaluating detected misstatements at the conclusion of the audit. The auditor may use a
size-of-business benchmark such as assets or revenues to plan the scope of audit testing, but still use a
percentage-of-earnings benchmark for the evaluation of audit findings. Thus, if assets or revenue are used to determine
planning materiality, the auditor nonetheless probably would use an earnings benchmark to determine materiality for
evaluating audit differences affecting the income statement. (See section 1812 for further discussion.)
306.14 AU-C 320.A10 provides guidance on modifying the benchmark for the circumstances of smaller, less complex
entities. If an owner/manager takes a large part of the profit before tax in remuneration, a benchmark such as profit before
remuneration and tax may be appropriate.
306.15 Selecting a Percentage. There are no authoritative percentage guides for materiality. AU-C 320.A9 explains that a
relationship exists between the percentage and the chosen benchmark. For example, a percentage applied to profit from
continuing operations before tax will normally be higher than a percentage applied to total revenue. AU-C 320, however,
contains no guidance or specific examples of appropriate percentages. Nevertheless, certain guidelines have evolved in audit
practice. Using total assets or total revenue as a benchmark means the audit scope will be driven by the size of the company.
Many auditors believe intuitively that this is appropriate because it agrees with their own past experience in making judgments
about audit scope. Also, for intuitive reasons, many auditors believe that the materiality percentage ought to be adjusted in
relation to the size of a company. They believe the percentage can be larger for a very small company to recognize the
practical limits on the effectiveness of audit procedures and smaller for a very large company to recognize the increased risks
that usually accompany bigness and the fact that a large enough absolute amount is often considered material. Table 1 of the
Financial Statement Materiality Worksheet for Planning Purposes at ASB-CX-2.1, which provides a sliding scale percentage
that can be applied to total assets or total revenue, might be suitable for the circumstances of many nonpublic companies.
306.16 The rule of thumb in Table 1 of ASB-CX-2.1 usually produces a realistic amount for the preliminary judgment about
materiality. The reduction of the percentages as the benchmark amount increases serves to prevent the planning materiality
amount from becoming disproportionately large in relation to the income statement. The percentages used in Table 2 of
ASB-CX-2.1 are other rules of thumb that may be appropriate. If the auditor uses Table 2 to calculate planning materiality, he
or she determines the appropriate percentage to apply to the chosen benchmark. The auditor, however, exercises judgment
and use the illustrative rules of thumb as a tool rather than a rigid requirement. The auditors judgment about the client and its
circumstances and uses of financial statements may in some cases result in modification of the planning materiality amount
calculated by the rules of thumb.
306.17 Audits of a Single Financial Statement. A related issue is whether ASB-CX-2.1 can be used to determine planning
materiality for the audit of only a single financial statement (for example, a balance sheet audit). The authors believe that it
would be appropriate. However, the auditor always has the option of adjusting the calculated planning materiality amount
based on his or her judgment.
306.18 Consideration of Industry Characteristics in Making a Preliminary Judgment. Auditors consider specific needs of
users when auditing an entity that operates in a specialized industry. The approach recommended here is intended for the
ordinary commercial entity, and additional considerations usually are important for specialized industries. PPCs industry audit
guides provide guidance and practice aids to assist in determining planning materiality for different types of entities.
306.19 Sources of Amounts for Worksheet. The instructions to the materiality worksheet at ASB-CX-2.1 indicate that the
auditor uses amounts from the financial statements to be audited or from the trial balance from which those financial
statements will be prepared except when the following occurs:
a. The financial statements (or trial balance) will not be available prior to performing detailed audit program planning.
b. In past years, there have been significant audit adjustments to client accounting data.
c. Significant changes in the entitys circumstances indicate that current amounts are not representative of the entitys
financial results or financial position.
AU-C 320.A7 indicates that relevant financial data ordinarily includes prior period results and financial position, period-to-date
results, and current budgets or forecasts, taking into account significant changes in entity circumstances and economic or
industry conditions, when determining materiality.
306.20 If year-end financial statement balances are not available, the amount of total assets at an interim date generally may
be used in the calculation. For example, if the November monthly financial statements are available, the November asset
amount may be used for an entity with a calendar year-end. On the other hand, the total revenue for the 11-month period will
have to be annualized. The same considerations as explained in paragraph 301.35 apply to using interim information in
calculating planning materiality for the audit of the annual financial statements. The auditor considers seasonal or other
factors that would cause a straight annualization to be inappropriate. For example, if the client has disproportionate
December sales, the auditor might add budgeted December sales to the actual 11 months of sales rather than annualizing the
11-month amount. When interim amounts are unavailable, when significant audit adjustments are expected, or when
significant changes in the entitys circumstances have occurred, the auditor may use historical averages based on the past
two or three years. (The nature of the audit adjustments expected may also influence the choice of a benchmark, e.g., if
adjustments have been primarily to the balance sheet only, total revenue would be a better benchmark. Notice that when total
revenue is the benchmark, an annualized amount is used even when the period of the financial statements being audited is
shorter.)
306.21 Planning materiality judgments might need to be reconsidered as the audit progresses. AU-C 320.12 states that the
auditor should revise materiality levels if the auditor becomes aware of information during the audit that would have caused
the auditor to determine a different amount(s) initially. Because the calculation made during initial planning often uses interim
financial information, the amounts in the annual audited financial statements might differ. If the auditor becomes aware of
changes that would have affected the determination of planning materiality, adjustments are made. AU-C 320.13 indicates
that if the auditor concludes a lower materiality than initially determined is appropriate, the auditor should determine whether
performance materiality (see the discussion beginning at paragraph 306.26) has to be revised and whether the nature, timing,
and extent of further audit procedures remain appropriate. If planning materiality based on interim amounts is too large, for
example, then audit scope might not have been sufficient. If planning materiality based on interim amounts was too small,
then the audit would be less efficient than would have been possible because the auditor will have done more audit work than
was necessary.
Determining Materiality for Particular Items of Lesser Amounts
306.22 AU-C 320.10 indicates that in addition to determining a planning materiality amount for the financial statements taken
as a whole, the auditor should consider whether, in the specific circumstances of the entity, misstatements of particular items
of lesser amounts than planning materiality could be expected to influence economic decisions of users. Any such amounts
determined represent lower materiality levels to be considered in relation to the particular items in the financial statements for
audit planning purposes. In other words, in addition to determining materiality at the financial statement level, the auditor
determines whether there are particular financial statement items for which a lower planning materiality amount is appropriate
based on user perceptions of the particular items. Many auditors believe, for example, that a lower materiality threshold is
appropriate for related party transactions and balances.
306.23 AU-C 320.A12 suggests factors such as the following to consider in making this planning decision:
a. Whether accounting standards, laws, or regulations affect users expectations regarding the measurement or
disclosure of certain items (for example, related party transactions and the remuneration of management and those
charged with governance).
b. The key disclosures in relation to the industry and the environment in which the entity operates (for example,
research and development costs for a pharmaceutical company).
c. Whether attention is focused on the financial performance of a particular aspect of the entitys business (for
example, a newly acquired business).
The auditor ought to consider consulting with management and those charged with governance about whether there are
particular financial statement items of lesser amounts than planning materiality that users would regard as material.
306.24 Another way of looking at it is that it is an exception to the general notion that planning materiality is a primarily
quantitative determination and opens the determination to a limited group of qualitative factors, but only for particular classes
of transactions, account balances, or disclosures specified by the auditor. The following example illustrates the use of
planning materiality for particular items of lesser amounts.
Example 3-2: Determining planning materiality for particular items of lesser amounts.
Adams Bowling Inc. acquired a new subsidiary during the year, Pinewood Pin Company. The acquisition was largely
financed through a five-year financing facility from the principal lender of Adams. Based on discussions with
management and the board of directors, as well as a review of the financing agreements, the auditor of Adams is aware
that the lender is focused on the performance of the subsidiary as disclosed in consolidating financial statements of
Adams. While the planning materiality level for the consolidated financial statements of Adams has been determined to
be $550,000 based on its total assets, the auditor has decided to establish a lower planning materiality amount to be
used when auditing the disclosures attributable to Pinewood. In this case, the auditor has selected $125,000 after
considering the total assets and revenues of Pinewood along with the views and expectations of management and the
board of directors.
306.25 Documentation. Lower levels of materiality for particular items in the financial statements can be documented using
the Financial Statement Materiality Worksheet for Planning Purposes (ASB-CX-2.1).
Determining Performance Materiality
306.26 The auditors objective is to perform the audit to obtain reasonable assurance of detecting misstatements that the
auditor believes could be large enough, individually or in the aggregate, to be quantitatively material to the financial
statements. For this purpose, the auditor needs to establish a performance materiality amount at the individual account
balance, class of transaction, or disclosure level.
306.27 Performance materiality is the amount or amounts set by the auditor at less than materiality for the financial
statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds materiality for the financial statements as a whole. AU-C 320.11 states that the auditor
should determine performance materiality for purposes of assessing the risks of material misstatement and determining the
nature, timing, and extent of further audit procedures.
306.28 Performance materiality is distinguishable from tolerable misstatement. As explained in AU-C 320.A2, the application
of performance materiality to a particular audit sampling procedure is called tolerable misstatement. AU-C 530.A6 also
provides the guidance that tolerable misstatement may be the same amount or an amount smaller than performance
materiality. For purposes of the audit approach discussed in this Guide, which is based on MUS sampling, the authors believe
tolerable misstatement should be equal to performance materiality. This application of performance materiality is discussed in
Chapter 7.
306.29 AU-C 320.A14 explains that determination of performance materiality is not a simple mechanical calculation. It
involves the exercise of professional judgment and is affected by the following:
The auditors understanding of the entity.
Any need for revision identified in the performance of risk assessment procedures.
The nature and extent of misstatements identified in previous audits.
The auditors expectations regarding misstatements in the current period.
306.30 The authors believe it is also helpful to consider the following:
Performance materiality is a planning concept.
Performance materiality is less than planning materiality.
Performance materiality relates to the materiality level for a particular class of transactions, account balance, or
disclosure.
Performance materiality is set in a manner that reduces to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds the materiality level for the particular class of
transactions, account balance, or disclosure.
306.31 A Practical Approach to Determining Performance Materiality. Professional standards do not discuss precisely
how performance materiality is to be determined and do not provide any rules of thumb that have been used in practice to
calculate performance materiality. At the conclusion of the audit, the auditor needs to be able to reach the judgment that the
risk is relatively low that the financial statements as a whole are materially misstated. This ultimate objective can provide a
general conceptual framework for determining performance materiality.
306.32 Conceptually, the aggregate of misstatements for a particular class of transactions, account balance, or disclosure,
which consists of detected but uncorrected misstatements and undetected misstatements, cannot exceed the amount for that
class, balance, or disclosure that would materially misstate the financial statements as a whole. The aggregate amount for the
financial statements as a whole at the planning stage of the audit is planning materiality. Thus, the residual of planning
materiality less aggregate detected and uncorrected misstatement would be performance materiality, which in this framework
is an allowance for undetected misstatement. The uncorrected misstatement is the aggregation of factual misstatement plus
projected and judgmental misstatement from the application of audit procedures using audit sampling and analytical
procedures, respectively, less the misstatement the client agrees to correct.
306.33 At the planning stage, the auditor cannot know the amounts of factual misstatements that will be detected and that the
client will not correct, or the projected or judgmental misstatements that will result from the application of audit procedures
using audit sampling or analytical procedures. However, the auditor may be able to make reasonable estimates of those
amounts. In that case, the auditor could deduct the sum of those estimates from planning materiality to estimate performance
materiality. However, because of the difficulty of making these estimates, many auditors prefer to use a rule of thumb
approach that produces satisfactory results in most circumstances as discussed in the following paragraph.
306.34 The approach suggested by the authors using the framework described above is to determine performance
materiality as a percentage of the auditors judgment about the amount material to the financial statements taken as a whole.
The percentage used is based on the auditors expectation of uncorrected and undetected misstatements. Using this
approach, a common rule of thumb is to calculate performance materiality as a fraction between 50% and 75% of materiality
at the financial statement level (and materiality for items of lesser amounts, if applicable) with the percentage being increased
from 50% as the likelihood of uncorrected detected misstatements decreases.
306.35 The 50% adjustment is based on the maximum adjustment normally made in monetary unit (MUS) or probability
proportional to size (PPS) sampling applications to allow for the projected misstatements expected in sample results. Usually
this 50% adjustment is very conservative, that is, larger sample sizes than necessary will be used. Typically, for most
nonpublic entities the authors believe that the larger adjustment of 75% will normally be satisfactory. When the auditor
expects a relatively large amount of factual misstatements to remain uncorrected or relatively large judgmental or projected
misstatements, an adjustment closer to 50% can be used. Although this rule of thumb was developed for sampling
applications, the authors believe that it is also useful and produces appropriate results for audit areas for which a
nonsampling audit approach is used. This is true, in large part, because the performance materiality amount is a planning tool
used to determine that adequate audit work is performed to achieve audit objectives and not an amount used to evaluate
whether the misstatement of a particular class, balance, or disclosure is material.
306.36 As indicated in paragraph 306.28, for purposes of the audit approach discussed in this Guide, which is based on
MUS sampling, the authors believe tolerable misstatement should be equal to performance materiality. The rule of thumb of
calculating tolerable misstatement as 75% of planning materiality is appropriate when the auditor uses MUS (PPS) sampling
or an approximation of MUS (PPS) sampling for all audit sampling applications. The approach to audit sampling
recommended in Chapter 7 is an approximation of MUS (PPS) sampling. With this approach, the same amount of tolerable
misstatement (performance materiality adapted for sampling) can be used in all sampling applications. This is possible
because MUS (PPS) sampling views the financial statements taken as a whole as a pool of dollars. The tolerable
misstatement for the financial statements is applicable to all the account balances and transaction classes included within the
financial statements. This amount can also be used to compute individually significant items as explained in Chapter 7.
306.37 When the auditor uses a statistical sampling approach to substantive tests other than either MUS (PPS) sampling or a
nonstatistical approximation of MUS (PPS) sampling, another approach to computing tolerable misstatement can be used.
This approach is explained in articles and books on use of variables sampling in auditing and is not discussed here. However,
the auditor ought to be aware that when using statistical sampling for variables, the planning materiality amount needs to be
allocated to sampling applications for specific account balances or transaction classes. This allocation process is necessary
only when classical variables sampling is used.
306.38 Caution on Use of Planning Materiality for Evaluation. It is critically important to recognize that the planning
materiality amount calculated using the worksheet is the combined amount of misstatement. During the audit, an auditor may
detect some misstatements in an account balance and may need to decide whether to apply additional procedures. In these
circumstances, the auditor does not compare the potential misstatement to planning materiality, performance materiality, or
tolerable misstatement. The appropriate comparison for this purpose is to the calculated individually significant amount. The
combined evaluation of detected misstatements at the conclusion of the audit is explained in Chapter 18.
Implementing Performance Materiality
306.39 The scope of audit procedures for specific account balances and transaction classes is clearly affected in important
ways by materiality. The authors recommend using the materiality worksheet at ASB-CX-2.1 to calculate planning materiality
and performance materiality (tolerable misstatement) as a practical means of implementation. Using an explicit amount for
performance materiality permits the auditors decisions about the quality and extent of evidence necessary to be influenced
specifically by the size of a misstatement that would be material to the account balance, transaction class, or disclosure.
306.40 Use of performance materiality for individual classes of transactions, account balances, and disclosures is necessary
because it is not efficient or effective to apply a percentage guide to each account. For example, in applying audit procedures
to prepaid expense, it would not be reasonable to regard 10% of the balance as material if the total amount of prepaid
expense was immaterial to the financial statements. For some accounts and transactions, consideration of performance
materiality is unnecessary because the nature of the item and cost of possible audit procedures is such that the account can
be audited to very close tolerances. For example, long-term debt and property, plant, and equipment can usually be
examined to such close tolerances. For other accounts, such as receivables and inventory, consideration of the performance
materiality for the account balance will be useful in making planning decisions. An auditor, for example, might use the
performance materiality (tolerable misstatement) amount in deciding
a. which items in a balance to examine 100%,
b. whether it is necessary to sample the remaining items, or
c. whether to apply analytical procedures instead of tests of details.
These matters are discussed in more detail in Chapter 5.
Clearly Trivial Misstatements
306.41 As indicated at AU-C 450.05.11, auditors are required to accumulate and evaluate misstatements detected during
the audit, other than those that are clearly trivial. The clearly trivial misstatement amount is set so that any such
misstatements, either individually or when aggregated with other such misstatements, would not be material to the financial
statements, after the possibility of further undetected misstatements is considered. If the amount is set too high, the auditor
might be exposed to material misstatements in the financial statements. If the amount is set too low, the auditor might
encounter inefficiencies dealing with immaterial misstatements. The authors suggest that a practical rule-of-thumb approach
for designating clearly trivial misstatements is to use 35% of planning materiality, depending on expectations about
misstatements. As is the case for all rules-of-thumb, this approach cannot be applied mechanically. For example, if the auditor
expects a large number of small misstatements or becomes aware that misstatements passed at the workpaper level are
tending to go in one direction, the auditor might lower the threshold for clearly trivial misstatements. ASB-CX-2.1 provides a
place for auditors to document the amount of misstatements that will be passed at the workpaper level.
306.42 When determining whether the amount of a misstatement is below the amount that will be accumulated on the
summary of audit differences, the auditor needs to be careful not to net proposed adjustments at the workpaper level. For
example, assume the auditor has determined that only misstatements greater than $500 need to be accumulated on the
summary or audit differences. If the auditor has a factual misstatement that overstates income by $10,000 and a judgement
misstatement that understates income by $10,500, both misstatements need to be included on the summary of audit
differences.
Documentation RequirementsMateriality
306.43 AU-C 320.14 requires the auditor to document the following relating to materiality, including factors considered in
their determination and any revisions made during the audit:
Materiality at the financial statement level.
If applicable, materiality level(s) for particular transaction classes, account balances, or disclosures.
Performance materiality.
Assessing Risks of Material Misstatement at the Financial Statement Level
306.44 Audit risk is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial
statements that are materially misstated. It is a function of the risk that the financial statements are materially misstated and
the risk that the auditor will not detect such material misstatement. In this sense, audit risk is the risk of material misstatement
remaining in the financial statements after the audit. Audit risk cannot be precisely measured as a percentage; thus,
consideration of audit risk is necessarily judgmental, not mathematical.
306.45 AU-C 315.03 states that the objective of the auditor is to identify and assess the risks of material misstatement,
whether due to error or fraud, at the financial statement and relevant assertion levels. These risks are identified and assessed
by obtaining an understanding of the entity and its environment including its internal control, and this understanding provides
a basis for designing and implementing responses to the assessed risks of material misstatement.
306.46 Risks of material misstatement at the financial statement level often relate to the entitys control environment and are
not necessarily identifiable with specific relevant assertions at the class of transactions, account balance, or disclosure level.
These overall risks are often especially relevant to the auditors consideration of the risks of material misstatement arising
from fraud, for example, through management override of internal control.
306.47 As further discussed in Chapter 4, at the individual account balance, class of transaction, or disclosure level, the risk
of material misstatement consists of inherent risk and control risk. Some auditors have questioned whether these risk model
components also need to be considered at the financial statement level. The answer is, No. The authors believe the risk
assessment at the financial statement level is directed to an overall or combined assessment of the risk of material
misstatement. There is no requirement to separately assess inherent risk and control risk at the financial statement level. The
overall assessment of risks of material misstatement at the financial statement level is made relatively early in audit planning,
based on information such as the effectiveness of the entitys control environment and identification of fraud risk factors.
306.48 Responding to Risks at the Financial Statement Level. AU-C 330.05 states that the auditor should design and
implement overall responses to address the assessed risks of material misstatement at the financial statement level. AU-C
330.A1 provides guidance to auditors when determining overall responses to address risks of material misstatement at the
financial statement level. These responses may include
Emphasis to the audit team to use professional skepticism.
Assigning staff with higher experience levels or specialized skills or using specialists.
Increasing the level of supervision.
Using a greater degree of unpredictability in selecting audit procedures.
Changing the nature, timing, and extent of substantive procedures (e.g., instead of interim testing shift testing to
period end or modify the nature of audit procedures to obtain more persuasive evidence).
In addition, the auditor should consider any specific relevant assertions that might be affected by the overall risks and develop
responses at that level when designing the nature, timing, and extent of further audit procedures. Chapter 4 provides a
detailed discussion of the identification and assessment of risks at the relevant assertion level.
306.49 To introduce an element of unpredictability, the authors believe the auditor needs to avoid always selecting only items
above a cutoff dollar amount, particularly when that cutoff amount does not vary significantly from year to year. The auditor
can make a haphazard selection to test items below the cutoff amount to avoid providing client personnel with a roadmap of
how to circumvent the audit approach.
306.50 Exhibit 3-24 provides examples of overall risks and potential responses.
Exhibit 3-24
Examples of Overall Risks and Responses
Overall Risk Example Responses
No communication of ethical values.
Management exhibits behavior that
occasionally reflects a loose regard for ethical
business practices. (The auditor assumes a
risk of management override of controls. This
also assumes that the auditor does not
perceive the risk to be so great to either decline
or withdraw from the engagement.)
Place higher emphasis on the use of professional
skepticism.
Assign staff with higher experience levels.
Review accounting estimates for bias.
Evaluate business rationale for unusual
transactions.
Examine more journal entries, particularly
nonstandard journal entries.
Make greater use of unpredictability in audit
procedures.
Increase the extent of fraud-related inquiries.
Turnover in key management during the year. Increase the level of supervision.
Evaluate more closely the business rationale for
unusual transactions.
Going concern considerations that may impact
future financing, business investment, or other
business opportunities.
Increase the level of supervision or assign more
experienced staff.
Shift substantive procedures to year end.
Emphasize the use of professional skepticism.
A minimal degree of compliance with restrictive
loan covenants containing various required
operating ratios for significant financing
agreements.
Shift substantive procedures to year end.
Management exhibits a low regard for hiring
competent finance personnel.
Increase the level of supervision or assign more
experienced staff.
Shift substantive procedures to year-end.
* * *
306.51 Because there is always at least one identified fraud risk (a risk of management override of controls), AU-C 240.29
states that certain overall responses are required in every audit, as follows:
Auditors should consider the knowledge, skill, and ability of individual engagement team members and the fraud
risk assessment when assigning and supervising personnel.
Auditors should evaluate the clients selection and application of accounting principles, especially in subjective
areas.
Auditors should incorporate an element of unpredictability in the selection of audit procedures from year to year.
Other overall responses may also be appropriate to address identified fraud risks. Exhibit 3-25 provides examples of overall
responses to fraud risks.
Exhibit 3-25
Overall Responses to Fraud Risks
Staffing and Supervision:
Assignment of more experienced audit personnel to the engagement or increased supervision of engagement personnel.
Assignment of personnel with industry or functional expertise.
Involvement of specialists.
Selection and Application of Accounting Principles:
Increased scrutiny of the clients selection and application of significant accounting policies, particularly those that deal
with revenue recognition, asset valuation, or capitalizing versus expensing.
Incorporating an Element of Unpredictability:
Altering the timing of tests.
Changing sampling methods.
Performing procedures at different locations or on an unannounced basis.
Performing a different combination of analytical procedures and substantive tests of details.
Testing account balances and assertions otherwise considered immaterial or low risk.
Other Overall Responses:
Increased sensitivity to the nature, timing, and extent of documentation examined in support of material transactions.
Increased recognition of the need to corroborate client explanations or representations concerning material matters,
such as through additional analytical procedures, examination of documentation, or corroboration with others within or
outside the company.
Further consideration of the auditors control risk assessment (if control risk has been assessed at less than a high level)
if identified fraud risks have control implications.
Increased scrutiny of the nature and business reasons for unusual and/or overly complex transactions.
* * *
306.52 Documentation. AU-C 315.33 requires the auditor to document the identified and assessed risks of material
misstatement at the financial statement level. AU-C 330.30 requires the auditor to document the overall responses to address
the assessed risks of material misstatement at the financial statement level. Thus, the auditor needs to include in audit
documentation both the identified and assessed risks at the financial statement level and the overall responses to them.
Auditors can document overall risks and responses on Part I of the Risk Assessment Summary Form at ASB-CX-7.1.
Establishing an Overall Audit Strategy
306.53 AU-C 300.07 states that the auditor should establish an overall strategy for the audit. The audit strategy is the
auditors operational approach to achieving the objectives of the audit. It is a high level determination of the audit approach. It
includes the identification of overall risks, the overall responses to those risks, and the general approach to each audit area as
being substantive procedures or a combination of substantive procedures and tests of controls.
306.54 AU-C 300.08 provides that in establishing the overall audit strategy the auditor should do the following:
a. Determine the key characteristics of the engagement that define its scope.
b. Determine the reporting objectives of the engagement to plan the timing of the audit and the nature of
communications required.
c. Consider the significant factors that will determine the focus of the engagement teams efforts.
d. Consider the results of preliminary engagement activities.
e. Consider, if applicable, the knowledge from other engagements performed for the entity.
f. Determine the nature, timing, and extent of resources needed to perform the audit.
Steps a. and b. are relatively straightforward factual determinations of the information to be audited, reporting objectives, the
overall timing of the audit, and the written and other communications that will be needed. Step c. is the heart of determining
the nature, timing, and extent of audit procedures that will be necessary. In establishing audit strategy, these matters are dealt
with at a high level rather than at the detailed audit plan level, which describes the nature, timing, and extent of procedures at
the relevant assertion level. Steps d. and e. concern additional information that also may affect the focus of the engagement
teams efforts. Finally, step f. concerns the personnel resources that will be necessary to accomplish audit objectives,
including the need for the involvement of specialists and other experts.
306.55 The characteristics of the engagement that define its scope generally include the following:
The basis of reporting on which the financial information to be audited has been prepared; for example, GAAP, cash
basis, or regulatory basis, including any need for reconciliations to another basis of reporting.
Industry-specific reporting requirements such as reports mandated by industry regulators.
The expected audit coverage, including the number and identity of entity locations.
The nature of control relationships between a parent and subsidiaries that determine consolidation of the group.
The extent that other locations are audited by other auditors.
The nature of subsidiaries and divisions to be audited and the need for specialized knowledge.
The need for any translation into the reporting currency.
Statutory or regulatory requirements.
The availability of the work of internal auditors and the auditors potential reliance on that work.
The entitys use of service organizations.
Initial versus a continuing engagement.
The expected use of audit evidence from prior periods.
The effect of information technology on the audit procedures, including the availability of data and the expected use
of computer-assisted audit techniques (CAAT).
Coordination of the expected coverage and timing of the work with any reviews of interim financial information.
Discussion of matters that may impact the audit with other firm personnel who provide services to the client.
Availability of client personnel and data.
306.56 The reporting objectives and matters that affect communications and timing of the audit generally include the
following:
Deadlines for interim and final reporting.
Discussions with management and those charged with governance to discuss audit work, reporting, other
communications, and other deliverables both during the audit and at its conclusion.
Communication with auditors of other locations regarding types and timing of reports and other communications.
The expected nature and timing of communications among audit team members, including the nature and timing of
review of work performed.
Statutory or contractual reporting responsibilities; for example, a special report on compliance with debt covenants.
306.57 The overall audit strategy includes and is significantly influenced by the auditors judgments about materiality and the
risks of material misstatement at the financial statement level. Important aspects of overall audit strategy that determine the
focus of the audit teams efforts generally include the following:
Materiality considerations, including:
Planning materiality.
Materiality for auditors of other locations.
Preliminary identification of material locations and account balances.
Preliminary identification of areas where there may be higher risks of material misstatement, including those due to
fraud.
Effect of assessed risk of material misstatement at the overall financial statement level.
Evaluation by audit area of whether the auditor plans to obtain evidence regarding the operating effectiveness of
internal control, i.e., whether the auditor plans to use substantive procedures alone or a combination of substantive
procedures and tests of controls.
Determination of the composition and deployment of the audit team (and if necessary, the engagement quality
control reviewer), including the assignment of audit work to team members, especially the assignment of
appropriately experienced team members to areas identified as having a higher risk of material misstatement.
Determination of the extent of involvement of professionals possessing specialized skills.
Additional emphasis on the use of professional skepticism.
Determination of general aspects of the nature, timing, and extent of further audit procedures, such as performing
testing at the balance sheet date rather than at an interim date.
Identification of recent significant developments affecting the entity, its industry, its financial reporting, or its legal or
economic environment.
Determination of areas where client assistance is expected to be minimal.
306.58 In developing the overall audit strategy the auditor incorporates decisions and judgments about overall responses to
the risks of material misstatement at the financial statement level discussed in paragraph 306.48. A key outcome of
developing the strategy is the determination of resources necessary to perform the engagement including:
Personnel Resources for Specific Audit Areas. This includes the assignment of experienced team members or the
involvement of experts for high risk or complex areas as well as the amount of resources for specific audit areas,
including the timing of the deployment of such resources.
Management and Supervision of Personnel. This includes management and supervision considerations such as
team briefing meetings, reviews by the partner and manager, and quality control reviews.
306.59 Small Business Considerations. One of the primary characteristics of a small business is concentration of
ownership or operational control in one or a few individuals. This characteristic has important influences on preliminary
planning, particularly the audit strategy that is most effective for a small business engagement. The authors have long
maintained that an audit strategy that is efficient and effective for a large entity is not usually so for a small business client and
that ignoring the unique characteristics of a small business usually leads to overauditing. The primary characteristics of a
small business that influence audit strategy are as follows:
a. Concentration of ownership or operational control in one or a few individuals.
b. Limited segregation of duties and functions within the accounting system.
306.60 These characteristics generally mean that the most efficient and effective audit strategy for a small business
engagement is to take a primarily substantive approach to the audit. Under a substantive approach, the basis for an auditors
opinion on the financial statements is evidence obtained from substantive procedures, rather than a combination of tests of
controls and substantive procedures. Also, the authors have maintained that if the characteristics of the small business are
ignored, the auditor will spend more time and effort documenting control activities than is really necessary and will usually be
both ineffective and inefficient. Substantive procedures will not be properly designed, with the result that key procedures may
be omitted and unnecessary procedures will almost always be included.
306.61 As explained in section 303, auditors are required to understand the design and implementation of internal controls
and to document the understanding of the five components of internal control (see paragraph 303.2) and the sources of
information used and procedures performed to obtain that understanding, even if the audit strategy will be a primarily
substantive approach. However, before deciding not to test controls, auditors need to be satisfied that performing only
substantive procedures will be effective in reducing detection risk to an acceptable level. Paragraph 306.66 discusses how
information technology (IT) may affect an auditors decision to adopt an audit strategy that is a primarily substantive
approach. In addition, Chapter 4 discusses the auditors considerations when the audit approach to significant risks consists
only of substantive procedures. Chapter 6 discusses when tests of controls are necessary, as well as other considerations
relating to testing controls.
306.62 Effect of Information Technology (IT) on Audit Strategy. A clients computer system also can affect the audit
strategy because it can affect the risk of material misstatement, which influences the auditors substantive procedures, and
also can affect the availability and sufficiency of audit evidence, including the audit trail. In computerized financial reporting
systems, much of the clients data is processed and stored only in electronic form. Thus, errors and fraud involving computer
programs and files may be less obvious than misstatements in manual records. Also, data processing duties are often
concentrated in one or two employees. Those factors can create a higher risk of material misstatement. However, that risk
may be reduced if the client uses only purchased software and simple applications. (See paragraphs 304.64 and 303.20.)
306.63 In addition, when information is available only in electronic form, its competence and sufficiency as audit evidence
usually depend on the effectiveness of controls over its accuracy and completeness. Accordingly, the risk of improper
initiation or alteration of information may be greater if the information is available only in electronic form and controls are not
operating effectively. For example, automated controls and processes may be overridden leaving little or no visible evidence
of the intervention. In that case, the auditor needs to perform tests of controls to gather evidence for use in assessing control
risk. (Chapter 6 discusses tests of controls.)
306.64 Before designing the audit plan, auditors consider whether the clients computer system provides a clear audit trail. If
the system does not provide a clear trail for posting transactions to the general ledger, including journal entries, the auditor
may need to change the nature of planned substantive procedures, such as testing items comprising year-end balances
instead of testing transaction activity for the period. (Section 309 discusses the timing of substantive procedures.)
306.65 Auditors also consider the amount and type of available data when designing audit procedures. They may need to
time their tests based on when the accounting data is available. Data availability can be affected by both the computer system
and the clients data retention policies.
306.66 As discussed in paragraph 304.64, the impact of IT on an entitys internal control is generally related more to the
nature and complexity of the entitys systems than to the entitys size. However, before deciding not to test controls, auditors
need to be satisfied that performing only substantive procedures will be effective in reducing detection risk to an acceptable
level. For example, the auditor may find it impossible to design effective substantive procedures that by themselves provide
sufficient appropriate audit evidence at the relevant assertion level when an entity conducts its business using IT and no
documentation of transactions is produced or maintained, other than through the IT system.
306.67 Other Audit Strategy Considerations. The following issues also may affect audits of financial statements of certain
entities and, when relevant, are considered as part of the overall audit strategy:
a. Auditing consolidated or combined financial statements.
b. Auditing the separate financial statements of components of an entity, such as branches or divisions.
c. Auditors responsibilities when service organizations provide services that are part of an entitys information system.
d. Auditors responsibilities when specialists are used in an audit, for example, appraisers that value real estate
collateral for a note receivable, valuation specialists that value businesses, derivatives, or certain types of assets, or
actuaries that perform complex calculations, such as determination of future employee benefits or self-insurance
loss reserves.
e. Auditors responsibilities when part of the work relating to the financial statements they are auditing has been
performed by component auditors, such as when component auditors have audited financial statements of
subsidiaries, divisions, branches, or other components included in consolidated or combined financial statements.
Chapter 9 discusses those issues in detail.
306.68 Timing of Developing the Audit Strategy. In some cases, the auditor may have sufficient information to establish a
preliminary audit strategy prior to performing extensive risk assessment procedures based on knowledge from past
experience with the client and the results of preliminary engagement activities. For example, in a continuing engagement, the
auditor may be able to establish a preliminary audit strategy after completing the client continuance procedures based on
knowledge from the previous engagements and discussions with the client regarding any new issues or changes in client
circumstances.
306.69 For new engagements, the auditor may have gained sufficient information while performing client acceptance
procedures and gathering information for the fee proposal that would allow the development of a preliminary audit strategy. In
fact, many auditors collect enough information during this process to make preliminary decisions on the assessment of
overall risks, the determination of personnel requirements, use of specialists or other auditors, and other overall strategy
matters. In these situations, the auditor simply needs to gather additional information throughout the performance of the risk
assessment procedures to complete the overall audit strategy.
306.70 Revising the Initial Audit Strategy. It is not uncommon for auditors, after developing the initial audit strategy, to
obtain information indicating that the audit strategy needs to be revised. AU-C 300.10 states that the auditor should update
and modify the audit strategy as necessary throughout the engagement. Changes should be documented, as discussed in
paragraph 306.73.
306.71 Communicating with Those Charged with Governance. The auditor may discuss elements of the overall audit
strategy with those charged with governance. AU-C 260.11 requires the auditor to communicate with those charged with
governance about the planned scope and timing of the audit. (See section 1815.) When these discussions occur, the auditor
should be careful not to compromise the effectiveness of the audit, for example, by discussing the detailed nature and timing
of audit procedures.
306.72 Documentation. Establishing the overall audit strategy need not be complex or time consuming. The auditor can
effectively establish the overall audit strategy through the completion of various steps in the General Planning Procedures
program at ASB-AP-1. Professional standards do not necessarily require that a separate audit strategy memorandum be
prepared to document in one place all matters that affect the audit strategy. Many of the matters that relate to the overall audit
strategy would be documented in the normal course of gathering information about the entity and its environment, and there
is no need for a separate memorandum.
306.73 AU-C 300.14 requires that the auditor document the overall audit strategy, the audit plan, and any significant changes
made to them during the audit and the reasons. One efficient approach to documenting the audit strategy in the audit of a
small, noncomplex, nonpublic company is to prepare a brief memorandum at the conclusion of the previous audit, based on
a review of audit documentation and highlighting issues identified in the audit just completed, and then update and change it
in the current period to provide a basis for planning the current audit. The update can be based on discussions with
management or the owner/manager of the entity. As a practical matter, some auditors frequently prepare an audit (or
engagement) summary memo as part of their engagement completion procedures to provide a convenient method of
establishing a basis for planning the following years audit engagement. Paragraph 1817.3 provides a list of suggested
content that might be contained in such a memo.
307 CONSIDERATION OF FRAUD
Introduction
307.1 AU-C 240 establishes standards and provides guidance on the auditors responsibility to consider the risks of fraud
and to design the audit to provide reasonable assurance of detecting fraud that results in the financial statements being
materially misstated. This Guide discusses the auditors assessment of audit risk at the financial statement level (beginning at
paragraph 306.44) and the account balance or transaction class levels (Chapter 4). The auditors consideration of fraud is not
separate from consideration of risk at those levels, but is integrated into the overall risk assessment process. Therefore, this
Guide integrates the requirements of AU-C 240 within the overall risk assessment process by addressing those requirements
at relevant points throughout the Guide. This section, like AU-C 240, provides more specific guidance on assessing the risk of
material misstatement due to fraud when assessing the risk of material misstatement. Although the requirements and
guidance presented in this section may suggest a sequential process, the audit is a continuous process of gathering,
updating, and analyzing information about the fairness of presentation of amounts and disclosures in the financial statements
in conformity with GAAP (or an OCBOA). Therefore, the procedures outlined in this section may be performed concurrently
with other procedures, and the evaluation of fraud risks occurs continuously throughout the audit.
Types of Misstatements Caused by Fraud
307.2 Fraud is a broad legal concept, but from an audit perspective is an intentional act that results in a misstatement in
financial statements that are the subject of an audit. There are three conditions that generally are present when fraud occurs:
Incentive/Pressure. Management or other employees have a reason to commit fraud.
Opportunity. Circumstances, such as ineffective controls, the absence of controls, or the ability to override controls,
enable management or other employees to commit fraud.
Attitude/Rationalization. Management or other employees are able to justify the acceptability of committing fraud.
There are two types of misstatements that are relevant to the auditors consideration of fraud in a financial statement audit:
Misstatements resulting from fraudulent financial reporting.
Misstatements resulting from misappropriation of assets.
AU-C 240.A1 explains that fraud, whether fraudulent financial reporting or misappropriation of assets, involves the three
conditions enumerated above, and AU-C 240.A75 (Appendix A) provides examples of fraud risk factors classified by these
conditions.
307.3 Misstatements Resulting from Fraudulent Financial Reporting. Misstatements resulting from fraudulent financial
reporting (often referred to as management fraud or cooking the books) are intentional misstatements, or omissions, of
amounts or disclosures from the financial statements with the intent of deceiving financial statement users. The effect of those
misstatements causes the financial statements not to be presented, in all material respects, in conformity with GAAP (or an
OCBOA). Examples that may be encountered include:
Overstating sales or earnings to earn higher bonuses.
Overstating assets or understating liabilities to comply with debt covenants.
Understating earnings to minimize income taxes.
307.4 In general terms, financial statements are fraudulently misstated through use of the following methods:
Intentional misapplication of GAAP (or an OCBOA) involving measurement and resulting misstatement of amounts.
Intentional omission or misrepresentation of information about transactions or events (or intentional misapplication
of GAAP involving disclosure).
Recording fictitious transactions.
Recording sham transactions (transactions without economic substance, usually involving related parties).
These methods may be facilitated by the creation, falsification, alteration, or other manipulation of accounting records or
source documents. Misstatements resulting from fraudulent financial reporting are frequently perpetrated by management
through override of internal controls over financial reporting.
307.5 Misstatements Resulting from Misappropriation of Assets. Misstatements resulting from misappropriation of assets
(often referred to as defalcation, embezzlement, theft, or employee fraud) involve theft of the entitys assets that results in the
financial statements not being presented, in all material respects, in conformity with GAAP (or an OCBOA). Misappropriation
of assets can be committed in many ways, including embezzlement of cash receipts, stealing assets, or causing the entity to
pay for goods and services not received (or paying inflated prices for goods and services received). This type of fraud may be
facilitated by the falsification, alteration, or other manipulation of accounting records or source documents, possibly by
circumventing controls. Misappropriation may be committed by one or more individuals in management, by employees, or by
third parties. Unique considerations relating to the risk of misappropriation of assets are discussed in Chapter 5.
The Auditors Responsibility for Fraud Detection
307.6 AU-C 240.05 explains that the auditor is responsible for obtaining reasonable assurance that the financial statements
as a whole are free from material misstatement whether caused by fraud or error. AU-C 240 does not increase the auditors
responsibility for the detection of material misstatement due to fraud. However, it does require the auditor to specifically
identify and assess risks that may result in material misstatement of the financial statements due to fraud and to respond to
the results of the assessment when gathering and evaluating audit evidence. (Chapter 4 discusses the identification and
assessment of fraud risks in further detail.) When assessing the risk of material misstatement due to fraud, the auditor
considers the type of risk, that is, whether it relates to cooking the books or stealing; the significance of the risk, that is,
whether it could result in material misstatement of the financial statements; the likelihood of fraud occurring; and the
pervasiveness of the risk, that is, whether it relates to the financial statements as a whole or to specific areas of the financial
statements. This analysis also includes consideration of the direction of the risk for the area of the financial statements that
would be affected. Is the risk of potential misstatement a risk of overstatement or a risk of understatement?
307.7 The auditor considers who would have the motivation or incentive to intentionally misstate the financial statements and
the form the fraud would be likely to take. As explained in beginning at paragraph 301.60, according to AU-C 240.15, this is a
consideration that should be discussed among the engagement team members in a planning meeting. That way, team
members can exchange ideas about where the audited entitys financial statements might be susceptible to misstatement due
to fraud and the more experienced members can share their insights based on their knowledge of the entity. Key members of
the audit engagement team need to have, and document, a brainstorming discussion early in the audit about the potential for
fraud. Paragraphs 301.60.62 include a discussion of who ought to attend the meeting and the matters that should be
discussed at the meeting. Form ASB-CX-3.2, Engagement Team Discussion, provides for documentation of the discussion
and matters discussed.
307.8 The management of some nonpublic companies might be under pressure to produce earnings that meet expectations
of certain outside parties (such as banks, venture capital firms, or potential investors) or absentee owners. Management might
also be motivated to overstate earnings if their performance evaluation and/or compensation is tied to attainment of certain
operating results. The desire to overstate earnings could lead to overstated revenues and related assets, or understated
expenses accompanied by understated liabilities or overstated assets. In debit and credit terms, the credit achieves the
inflation of earnings, but the companion debit has to be concealed in an overstated asset or an understated liability. For
example, management might overstate sales and overstate receivables to inflate earnings or overstate ending inventory to
understate cost of sales to achieve the same end. If management desperately needs to obtain financing, there might be an
incentive to inflate earnings. If the borrowing base for the loan is receivables and inventory, there would be an incentive to
overstate those assets and no need to inflate earnings. The auditor has to draw on knowledge of the business to evaluate
where in the financial statements material misstatement due to fraud would be likely to exist. For example, revenue
overstatement frauds tend to be more likely when there are a small number of individually material sales transactions.
307.9 However, for many small to medium-sized nonpublic entities, the risk may run in the opposite direction. There could be
significant incentive to understate earnings to minimize income taxes. For all nonpublic companies, the auditor ought to be
alert to signs of an excessive interest by management in either increasing earnings or pursuing inappropriate means to
minimize taxable earnings. If the auditor believes there is a serious risk of tax-motivated fraudulent reporting, the auditor might
then consider where the financial statements would be affected. Can cash receipts be removed before recording? If someone
wanted to skim revenue, how would he do it? Other common means of reducing taxes are to inflate expenses by understating
ending inventory or by charging personal expenses to the business. However, the auditor needs to distinguish between
appropriate and inappropriate actions to reduce taxes. Aggressive tax positions are not the same as fraudulent actions such
as skimming and falsifying documents. The independent auditors focus is on whether the financial statements are materially
misstated. Considering whether fraud risk factors are present (discussed in paragraph 302.47) provides information useful in
evaluating potential types of misstatements.
307.10 For a small to medium-sized nonpublic entity, the risk of misstatement arising from stealing is also an important
consideration. Cash is generally susceptible to stealing, and the auditor considers the handling of cash in conjunction with the
processing of cash receipts and disbursements. The auditor needs a sufficient understanding of control activities to evaluate
this risk. Can cash receipts be intercepted and stolen before accountability is established? This consideration is similar to the
evaluation of the risks of skimming. The difference is that the benefit is to an employee rather than an owner who benefits by
avoiding paying taxes. Can unauthorized cash disbursements occur and not be detected by reconciliation procedures? For
example, this could occur if the controller writes checks and controls the bank reconciliation. The auditor might also consider
whether assets with a high intrinsic value in the hands of an outside custodian, such as securities held by a broker, are
susceptible to theft by means of instructions to the broker to make trades that can be allocated to another entity or individual.
307.11 The auditor identifies the assets that are susceptible to stealing and considers whether there are controls in place to
prevent or detect the theft. If controls are inadequate to prevent or detect a material misstatement due to stealing, the auditor
plans substantive procedures to detect the misstatement. If the auditor believes that specific identified risks of material
misstatement due to stealing are mitigated by controls, the auditor might decide that it is efficient to plan to test those
controls. However, at the initial planning stage in the audit, the auditor is concerned with how the risk assessment will
influence the audit approach to various financial statement areas and not with the detailed procedures to be applied to
particular accounts.
307.12 As discussed beginning in paragraph 301.18, AU-C 240.17.21 requires specific fraud-related inquiries of
management, others within the entity, internal auditors, and those charged with governance or the audit committee. The
auditor inquires of management about its understanding of the risks of fraud, programs and controls in place to lessen fraud
risks, and whether management knows of any actual fraud or is aware of any alleged fraud in the entity. Similar inquiries are
made of others within the entity who the auditor believes may be able to provide useful information (such as operating
personnel not directly involved in financial reporting and other employees with various levels of authority or involved in
complex or unusual transactions), internal auditors, and those charged with governance.
307.13 Immaterial Misstatements Caused by Fraud. AU-C 200.07 observes that the auditor has no responsibility to plan
and perform the audit to obtain reasonable assurance that misstatements, whether caused by fraud or error, that are not
material to the financial statements taken as a whole, are detected. AU-C 240.A3 also notes that the auditor is primarily
concerned with fraud that causes a material misstatement of the financial statements. If immaterial misstatements arising from
fraud are detected, however, the auditor has responsibilities for evaluating the effect on the audit and communicating these
matters to an appropriate level of management and those charged with governance. Also, there are types of frauds that may
not result in the financial statements being materially misstated for any individual period, but may be perceived to be material,
especially if the amounts involved accumulate over time.
307.14 For example, assume that a bookkeeper in a small business embezzles $5,000 per year for several years and hides
the fraud by inflating cost of sales each year. That amount is immaterial to each year. After several years, the fraud is detected
and the amounts stolen aggregate $30,000, which might be considered material if the financial statements for any individual
period were misstated by this amount. Because the financial statements are not materially misstated in any given period, the
auditor is not responsible under professional standards for detecting such a fraud. This situation does result in a business risk
for the auditor because many clients may have the expectation that the auditor will detect all cases of fraud, whether the
financial statements are materially misstated or not. This perception of the auditors responsibility goes beyond what is
required by professional standards. To eliminate this expectation gap, it is important for auditors to inform their clients about
the auditors responsibility under professional standards. The engagement letter at ASB-CL-1.1 includes language that
communicates the auditors responsibility for fraud detection to the client. ASB-CL-1.1 also includes optional language that
can be used to inform the client of other services available if the client wants the auditor to consider immaterial fraud. (As
noted in paragraph 1816.6, the auditor is required to communicate to the appropriate level of management if he or she
determines there is evidence that fraud may exist, even if the matter is inconsequential.)
The Importance of Exercising Professional Skepticism
307.15 AU-C 240.12 states that the auditor should maintain professional skepticism throughout the audit, recognizing the
possibility that a material misstatement due to fraud could exist, notwithstanding the auditors past experience of the honesty
and integrity of the entitys management and those charged with governance. AU-C 240.13.14 establishes the following
requirements that relate to maintaining professional skepticism during the planning and performance of the audit:
Unless there is a reason to believe otherwise, accept client records and documents as genuine. Investigate further if
conditions indicate a document may not be authentic or its terms have been modified or not disclosed.
If inconsistent, vague, implausible, or otherwise unsatisfactory responses are made to inquiries of management,
those charged with governance, or others, investigate further.
307.16 Because the characteristics of fraud include concealment, misrepresentation, falsified documents, and collusion, the
need for professional skepticism is especially important when considering the risks of material misstatement due to fraud.
When exercising professional skepticism, auditors suspend any belief in managements or the owner/managers honesty and
integrity and approach the audit with a questioning mind. Regardless of past experience with the client, auditors acknowledge
and remain open and alert to the possibility that material misstatement due to fraud may exist. All of the information and
evidence gathered by the auditor is critically evaluated and an ongoing assessment is made of whether the evidence
suggests that the financial statements are materially misstated due to fraud. The auditor is not willing to accept less than
persuasive evidence based on a belief that management or key employees are honest.
The Auditors Fraud Risk Assessment Process
307.17 AU-C 240.25 requires auditors to assess identified risks of material misstatement due to fraud. The following fraud risk
assessment process is used to identify and respond to fraud risks (as discussed in paragraph 307.1, however, the process is
not necessarily sequential):
a. Hold a discussion among engagement team members to consider the susceptibility of the clients financial
statements to material misstatement due to fraud.
b. Make inquiries of management and others within the entity and consider other information obtained to identify risks
c. Evaluate unusual or unexpected relationships identified by analytical procedures.
d. Identify risks that may result in material misstatement of the financial statements due to fraud.
e. Assess the identified risks after taking into account an evaluation of the entitys antifraud programs and internal
controls.
f. Respond to the results of the risk assessment.
307.18 Auditors gather other information that may be relevant to identifying risks of material misstatement due to fraud while
obtaining an understanding of the entity and its environment (section 302), its internal control (section 303), and its fraud risk
factors (see paragraph 302.47), and from the performance of preliminary analytical procedures. Other information auditors
need to consider in identifying risks of material misstatement due to fraud includes the discussion among engagement team
members (see paragraph 301.63), information from client acceptance and continuance procedures (see Chapter 2), the
auditors inherent risk assessment (see Chapter 4) and, if applicable, reviews of interim financial statements.
307.19 Identifying and assessing risks of material misstatement due to fraud at the assertion level is discussed in Chapter 4.
If the auditor identifies risks of material misstatement due to fraud, the audit response may be overall or specific, and may
include substantive procedures or tests of controls. (However, as discussed in section 403, substantive analytical procedures
alone are not a sufficient response.) Specific responses are addressed in individual audit programs. Overall responses have
an overall effect on how the audit is conducted. Certain overall responses, such as the consideration of staffing and
supervision, scrutiny of the selection and application of accounting principles, and incorporating an element of
unpredictability in audit procedures, are considered in every audit and are incorporated into the audit programs in this Guide.
In addition, certain required responses to address the risk of management override of controls are incorporated in the audit
programs in this Guide. Overall responses are discussed beginning in paragraph 306.47. Specific responses to fraud risks
are discussed in section 506. Evaluating audit findings when the auditor believes fraud may have occurred is discussed in
Chapter 18.
307.20 Practice Aids for Documenting the Fraud Risk Assessment. Although AU-C 240 defines a fraud risk assessment
process that results in identifying and documenting risks of material misstatement due to fraud and the auditors responses to
those risks, it does not change the overall audit risk assessment process in AU-C 315. Audit risk at the account balance or
transaction class level consists of three components: inherent risk, control risk, and detection risk. AU-C 240 does not add
another component to the audit risk model. This is because fraud risks encompass both inherent and control risk attributes.
Under the audit approach in this Guide, the auditor makes separate assessments of inherent and control risk (including the
risks of fraud) and uses those assessments to determine the risk of material misstatement. In addition, the auditor considers
whether the audit programs are appropriate in light of the assessed risk of material misstatement.
307.21 AU-C 240.43, .44, and .46 require the auditor to document evidence that he or she assessed the risks of material
misstatement due to fraud. The auditor is required to document the following:
Engagement team discussion on susceptibility of financial statements to material misstatement due to fraud:
Significant decisions reached.
How and when it occurred and who participated.
Identified and assessed risks of material misstatement due to fraud:
At the financial statement level.
At the assertion level.
Responses to the assessed risks of material misstatement due to fraud:
Overall responses at the financial statement level.
Specific responses at the assertion level (nature, timing, and extent of audit procedures and linkage to
assessed risks).
Results of audit procedures, including those that address risk of management override.
How the auditor overcame the presumption that improper revenue recognition is a fraud risk, if applicable.
307.22 The authors have developed a practical approach to fraud risk assessment that addresses the requirements in AU-C
240. This Guide includes practice aids and audit program steps designed to assist auditors in meeting those requirements.
Exhibit 3-26 illustrates how the approach in this Guide accomplishes the requirements outlined in paragraph 307.21, and
relates the steps to practice aids specifically designed for documenting the auditors fraud risk assessment process.
Exhibit 3-26
Practice Aids for Documenting the Fraud Risk Assessment
AU-C 240 Requirements
PPC Approach to Fraud Risk
Assessment
PPC Practice Aids/
Audit Program
Hold a discussion among engagement
team members to consider the
susceptibility of the clients financial
statements to material misstatement
due to fraud and to reinforce the
importance of professional skepticism.
Step 1. Gather information about the
entity and its environment that may be
relevant in identifying risks of material
misstatement of the financial
statements due to fraud:
Discussion among engagement
team members.
Engagement Team
Discussion (ASB-CX-3.2)
Obtain other information needed to
identify risks of material misstatement
due to fraud.
Inquiries of management and
others.
Fraud Risk Inquiries Form
(ASB-CX-3.3)
AU-C 240 Requirements
PPC Approach to Fraud Risk
Assessment
PPC Practice Aids/
Audit Program
Considering whether fraud risk
factors are present.
Understanding the Entity
and Identifying Risks
(ASB-CX-3.1), Fraud Risk
Factors (ASB-CX-6.2)
Preliminary analytical
procedures.
Planning Procedures
(ASB-AP-1)
Other procedures. Engagement Acceptance
and Continuance Form
(ASB-CX-1.1)
Identify risks that may result in material
statements due to fraud.
Step 2. Identify risks that could result
in material misstatement of the
financial statements due to fraud.
Form (ASB-CX-7.1)
Assess the identified risks after taking
into account an evaluation of the
companys antifraud programs and
internal controls.
Step 3. Assess the identified risks:
Evaluate programs and controls.
Assess fraud risks.
Financial Reporting System
Documentation Forms
(ASB-CX-4.2), Activity and
Entity-Level Control Forms
(ASB-CX-5); Risk
Assessment Summary Form
(ASB-CX-7.1)
Respond to the results of the risk
assessment.
Step 4. Develop appropriate
responses to risks of material
statements due to fraud:
Overall responses.
Specific responses.
Responses to further address the
risk of management override of
controls.
Form (ASB-CX-7.1); Audit
Program for General Auditing
and Completion Procedures
(ASB-AP-2 or ASB-AP-2-S)
* * *
Fraud Consulting Services
307.23 If clients become aware that employees have committed fraud or suspect that fraud may be taking place, they may
attempt to engage the auditor to perform fraud investigation consulting services. Such an engagement can take various
forms. Before accepting such engagements for audit clients, auditors need to assess the potential liability associated with
their servicesparticularly if the alleged fraud, due to collusion or concealment, was not detected during the firms audit. To
avoid any appearance of a conflict of interest, as required by Statement on Standards for Consulting Services No. 1, the fraud
investigation services should ordinarily be performed by someone other than the personnel involved in the audit. If such an
engagement is accepted, all communications and documentation need to be carefully considered to ensure that the firms
self-interest is not abandoned. The firm needs to consider whether it can be objective in the forensic investigation given the
self-interest created by its audit responsibilities. The firm also needs to consider consulting legal counsel. In addition, the
auditors understanding with the client regarding the performance of these nonattest services ought to be documented.
307.24 Additionally, the auditor needs to determine whether litigation is possible or whether the clients interest is limited to
submitting a fidelity insurance claim. In considering whether to accept the engagement, the auditor needs to evaluate whether
the firm has the forensic investigation skills that will be necessary and the implications for audit independence. If litigation is at
all a possibility, legal counsel ought to be in charge of the investigation under the overall supervision of the clients board of
directors to preserve attorney-client privilege. If there is a possibility that the firm personnel working on the engagement would
be expected to testify as expert witnesses, independence is normally impaired and the engagement ought to be declined.
Also, there is a possibility that the engagement will expand to include prior periods, the adequacy of prior audits might be
implicated and it would be advisable for the firm to decline the engagement.
308 CONSIDERATION OF LAWS AND REGULATIONS
308.1 AU-C 250.06 distinguishes auditors responsibilities regarding compliance with laws and regulations between the
following two categories of laws and regulations:
a. The provisions of those laws and regulations generally recognized to have a direct effect on the determination of
material amounts and disclosures in the financial statements. Examples are accruals and expenses affected by tax
laws, or revenue accrued under government contracts.
b. The provisions of other laws and regulations that have an indirect effect on the determination of the amounts and
disclosures in the financial statements. However, compliance with those other laws and regulations may be
fundamental to the operating aspects of the entity, fundamental to an entitys ability to continue as a going concern,
or necessary for the entity to avoid material penalties. Examples include compliance with an entitys operating
license and with laws or regulations related to occupational safety and health, food and drug administrations, etc.
308.2 The objective of the auditor when considering laws and regulations in the audit is to obtain audit evidence for material
amounts and disclosures in the financial statements that are directly determined by the provisions of laws and regulations. In
addition, the auditor is required to perform specific procedures to identify potential noncompliance with laws and regulations
that may have a material indirect effect on the financial statements. This section discusses the auditors responsibility when
planning and performing the audit. The auditors responsibility if noncompliance with laws or regulations is identified or
suspected during the audit is discussed in section 1816.
Responsibilities When Planning the Audit
308.3 During the planning and risk assessment stage of the audit, AU-C 250.12 states that when obtaining an understanding
of the entity and its environment, the auditor should obtain a general understanding of
The laws and regulations to which an entity is subject (the legal and regulatory framework) and the industry or
sector in which the entity operates.
How the entity complies with those laws and regulations.
308.4 AU-C 250.A8 provides the following examples of procedures the auditor might use to obtain a general understanding
of the legal and regulatory framework and how the entity complies with that framework:
Use the existing understanding of the entitys industry and regulatory and other external factors from the current and
prior audits.
Update the understanding of those laws and regulations that directly determine reported amounts and disclosures,
such as tax and pension laws and regulations.
Inquire of management about other laws and regulations expected to have a fundamental effect on the operations of
the entity. (For example, depending on the nature of the business or industry, those laws and regulations may
include environmental regulations, occupational safety and health requirements, or anti-trust laws.)
Inquire of management about the policies and procedures adopted to prevent noncompliance (or help ensure
compliance) and identify, evaluate, and account for litigation claims.
Inquire of management about whether directives have been issued or periodic representations are obtained relating
to compliance.
Consider knowledge from prior audits of any history of noncompliance.
In planning and performing the audit, the auditor takes into account the knowledge of the applicable legal and regulatory
framework obtained as part of obtaining an understanding of the entity and its environment.
308.5 A number of audit procedures related to obtaining an understanding of the legal and regulatory framework involve
inquiries of management. The responses to these inquiries can be documented using the Fraud Risk Inquiries Form at
ASB-CX-3.3 or Understanding the Entity and Identifying Risks at ASB-CX-3.1. See further discussion in sections 301 and
302.
Responsibilities When Performing the Audit
308.6 Provisions with a Direct Effect. AU-C 250.13 explains that the auditor should obtain sufficient appropriate evidence
regarding material amounts and disclosures in the financial statements that are determined by the provisions of laws and
regulations generally recognized to have a direct effect on their determination. AU-C 250.A10 indicates that the auditors
responsibility for detecting misstatements resulting from violations of laws and regulations having a direct and material effect
on the determination of financial statement amounts and disclosures is the same as that for misstatements caused by errors
and fraud. For example, the accrual or recognition of expenses for income tax or pension costs is tested using the audit
programs for income taxes or accounts payable and other liabilities in this Guide.
308.7 Provisions of Other Laws and Regulations. Noncompliance with the provisions of other laws and regulations may
result in fines, litigation, or other consequences for the entity, which may need to be accrued or disclosed in the financial
statements but do not have a direct effect on determining amounts in the financial statements. The auditor is required to
inquire of management and, when appropriate, those charged with governance about whether the entity is in compliance with
other laws and regulations. In addition to inquiries of management about whether the entity is in compliance with other laws
and regulations, AU-C 250.14 also requires the auditor to inspect any correspondence with the relevant licensing or
regulatory authorities. The requirement to inspect correspondence may result in a change in practice from AU 317 for some
practitioners.
309 TIMING OF SUBSTANTIVE PROCEDURES
309.1 As part of audit planning, an auditor considers whether to apply any substantive procedures or tests of controls before
the balance sheet date. Generally, the most efficient approach for audits of small and midsize nonpublic entities is to perform
the audit tests as of the balance sheet date. However, the auditor may wish to perform audit procedures before the balance
sheet date in the following situations:
Convenience. If the auditor has several clients with the same year end, interim procedures may be used to spread
the auditors workload more evenly.
Deadline. If the client has a tight deadline for issuing its financial statements, the auditor may need to perform some
procedures at an interim date to meet that deadline.
309.2 AU-C 330.A12 observes that the auditor may perform tests of controls or substantive procedures at an interim date or
at period-end, and that the higher the risk of material misstatement, the more likely it is that the auditor may decide to perform
substantive procedures nearer to or at period-end. Deciding whether to perform procedures at an interim date is an element
of audit strategy, as discussed beginning in paragraph 306.53. Substantive procedures performed as of an interim date are
discussed in section 507. Testing internal controls as of an interim date is discussed in Chapter 6.
310 GENERAL PLANNING PROCEDURES AND FORMS
310.1 Most CPA firms develop an overall administrative audit program, commonly referred to as the general program, to
document the technical and administrative matters needed to plan and complete an engagement. A general program that
includes planning procedures common for most engagements is presented at ASB-AP-1. Forms to gather information about
the entity and its environment and to identify risks are presented at ASB-CX-3.1, ASB-CX-3.2, and ASB-CX-3.3. Forms to
gather information about the design and implementation of internal control and the entitys financial reporting system are
presented at ASB-CX-4.1, ASB-CX-4.2, and ASB-CX-4.3. ASB-CX-6.1 and ASB-CX-6.2 provide listings of factors to consider
when identifying and assessing risks. ASB-CX-7.1 is used to summarize the risk of material misstatement of the financial
statements. Also, ASB-CX-3.4, Audit Inquiries Summary Form, provides a summary of common inquiries and discussions
with client personnel relating to planning and general audit procedures. Many firms find that the use of these forms, along
with other practice aids included with this Guide, assist them in effectively addressing the engagement performance element
of the firms quality control policies and procedures as described in the Statements on Quality Control Standards issued by
the AICPA.
8(34)
310.2 Some firms complete the information-gathering forms for new clients and update them annually for significant
developments. (The authors recommend completing ASB-CX-7.1, Risk Assessment Summary Form anew each year.) The
important consideration is the auditors knowledge and understanding of these matters rather than the extent of the
documentation. However, auditors are required to document the (a) understanding of the entity, its environment and its
internal control, including the sources of the information from which the understanding was obtained and the risk assessment
procedures that were performed, and (b) assessment of the risks of material misstatement both at the financial statement level
and the relevant assertion level and the basis for the assessment. In addition, AU-C 240 requires auditors to document the
specific risks of material misstatement due to fraud that are identified and, if auditors do not identify improper revenue
recognition as a fraud risk, the reasons supporting that conclusion. The practice aids recommended here provide a
convenient means of documenting the auditors consideration of those matters.
311 PLANNING THE AUDIT TIME ESTIMATE
311.1 Authoritative literature does not require the preparation of a time estimate or the documentation of the actual time spent
in performing an audit. However, common sense suggests that an auditor is more likely to be efficient and effective working
under a time budget. Also, as a minimum, an auditor needs to have some estimate of audit time to arrive at a fee estimate.
Keeping track of the time spent as the audit progresses is important for billing the client, assessing whether adjustments are
necessary to stay within the budget for the engagement, or proposing additional fees to the client.
311.2 Methods used in practice to budget and control time range from elaborate systems that budget time by each program
step to a single total time estimate for the entire audit. Neither extreme is likely to be effective. The authors recommend a
system that accounts for time by each major audit program area, i.e., total time for cash, total time for accounts receivable
and sales, etc. Other major engagement processes outside of audit program areas also need to be considered such as
planning activities, review and supervision, and drafting financial statements and other reports. This provides enough detail to
highlight major areas of time commitment, monitor work-in-progress, and arrive at a reasonable fee estimate. Using this
budget technique, the auditor need not post time to the audit program; instead, time is posted to a summary schedule by
major program area that is normally filed with the general or administrative workpapers. Practice aids that incorporate these
timekeeping suggestions are presented at ASB-CX-17.2 and ASB-CX-17.3.
311.3 It needs to be emphasized that the final audit time estimate ought to be completed after the planning stage, i.e., after
the audit programs are developed and the auditor has a general feel for the extent of testing. This may not coincide with the
date that the auditor presents a fee estimate to a client, especially to a prospective client. However, avoid the temptation to
develop the audit time estimate based solely on the fee estimate, especially if it is an extremely competitive fee estimate that is
not representative of standard billing rates times realistic total audit hours.
Managing Client Assistance to Improve Efficiency
311.4 Clients can have a significant effect on how efficiently an audit is completed. It is not unusual for the explanation of
audit budget overages to be the client did not prepare requested schedules or requested schedules were prepared
incorrectly by the client. In some cases, audit inefficiencies result from the client not being available to answer the auditors
questions or to retrieve needed information once fieldwork has begun. While it is often the case that some audit budget
overages caused by the client are beyond the auditors control, in many cases the auditor can improve the efficiency of the
audit by effectively managing client assistance.
311.5 Schedules Prepared by the Client. In order to save audit fees, most clients are willing to prepare needed schedules
for the auditor. In fact, to be efficient, the auditor needs to try to get the client to prepare as many of the necessary schedules
as possible. However, many inefficiencies can result from the process of obtaining schedules from the client. For example,
schedules may not be prepared by the time the auditor needs them so that the auditor ends up spending time preparing the
schedules and exceeding the budget for the area. Or in other cases, the schedules are prepared on a timely basis, but
incorrectly; so the auditor spends additional time revising the schedules to make them useable. The Client Assistance
Request Letter at ASB-CL-12.6 provides possible wording for requesting client assistance with schedule preparation. The
following paragraphs discuss steps the auditor can take to minimize the inefficiencies often experienced when requesting
schedules from the client.
311.6 List Everything Needed. When preparing a list of schedules to be prepared by the client (the PBC list), make sure that
the list is complete. Inefficiencies result from asking for more information after fieldwork has begun because the auditor often
needs to wait for the client to prepare the schedule. If a complete PBC list is provided to the client before fieldwork begins, the
client is more likely to have the schedules completed before the audit starts. As a result, client personnel have more time to
answer the auditors questions if they are not busy trying to complete additional schedules. To make sure the PBC list is
complete, the auditor needs to review it carefully (and avoid just changing the dates on the prior years PBC list) before
sending it to the client. The interim general ledger or trial balance requested during the planning process can be used to
identify new accounts for which schedules may be needed. A practical consideration in the Client Assistance Request Letter
at ASB-CL-12.6 provides a list of example schedules that may apply to many engagements. (However, the auditor ought to
tailor the request based on the audit approach and procedures reflected in the audit program, the clients specific industry,
existing client schedules and analyses, and the abilities of client personnel.)
311.7 Make Sure the Client Understands What Information Is Being Requested. When making requests for information from
the client, the auditor needs to be specific about what is needed. For example, avoid making requests such as provide an
analysis of activity in the deferred revenue account. The client can be given an example of the format in which the information
ought to be provided. If requesting a spreadsheet or another type of schedule, efficiencies may be gained by providing the
client with an electronic template. As a result, the auditor will receive the information in the requested format. The client can
slot in the requested information and the auditor can save time testing the mechanical accuracy of the schedule by reviewing
the spreadsheet formulas. In any case, the auditor needs to go over the PBC list in detail with the client to ensure that the
client understands what information is being requested.
311.8 Do Not Ask for Unneeded Information. The auditor ought not spend much (if any) time on insignificant accounts.
Therefore, review the PBC list to make sure the client is not being asked to prepare schedules for insignificant accounts or
those that can be tested analytically. By eliminating the unnecessary schedules, the client will have more time to focus on the
schedules for the important areas.
311.9 Prioritize Requests for Information. One way to improve audit efficiency is for the auditor to work on the riskier, more
complex areas first. As a result, if the auditor identifies problems in the complex areas, the client has more time to correct or
research the problems. Efficiency can be improved because the auditor can work on other areas while the client is correcting
or researching the problems in the complex areas. To facilitate this approach, request that the client prepare the schedules for
the more complicated areas first.
311.10 Stagger Due Dates for Requested Information. Ideally, the client would have all requested schedules prepared when
fieldwork begins. However, because there may be a tight deadline between year end and the due date of the auditors report,
it may not be feasible for the client to have all information prepared before the beginning of fieldwork. If this is the case, the
auditor needs to be realistic when setting the due dates for requested information and not ask for everything to be prepared at
once. As discussed in paragraph 311.9, information for the critical areas ought to be requested first.
311.11 Provide Adequate Notice. Although this seems obvious, many auditors are inefficient because they do not provide the
client with enough time to prepare for the audit before fieldwork begins. Early preparation of the PBC list is an important step
in the planning process and is not a difficult task because the auditor generally spends time in up-front planning before
fieldwork begins. The auditor can ask the client how much lead time is needed to adequately prepare for the audit.
311.12 Work with the Client. In many cases, the auditor can use the clients existing internal reports to achieve the same
objectives as by using a schedule prepared solely for the audit. The auditor needs to work with the client to identify reports or
schedules already being prepared by client personnel before adding additional schedules to the clients workload. However, if
the auditor will spend time reworking the data to be in a useable format, the auditor needs to attempt to get the client to do
this task.
311.13 Return Incorrect Schedules to the Client. If the client provides schedules that are prepared incorrectly, return them to
the client for corrections. Staff auditors can spend many hours trying to correct the schedules when the client may be able to
obtain the correct information much more efficiently. If the client does not have the time to revise the schedules, the auditor
can discuss the resulting additional audit fees with the client before the auditor incurs the additional time to correct the
schedules.
311.14 Keep in Touch with the Client. Before the beginning of fieldwork, it is important for the auditor to keep in contact with
the client to determine whether the client will have the necessary schedules prepared before fieldwork begins. In order to be
effective, this communication requires more than a phone call the day before fieldwork begins to see if the client is ready.
Such communication ought to be made well enough in advance so that the auditor can reschedule fieldwork if necessary.
Many auditors use email to keep in contact with the client prior to fieldwork to check the status of schedule preparation and to
answer questions the client may have. If the client is preparing spreadsheets for the auditor, email can be used to transfer the
file to the auditor if the client has questions about how the schedule needs to be prepared.
APPENDIX 3A: Common Control Objectives by Audit Area and Transaction Class
The consideration of controls ought to be in the context of achieving control objectives relevant to the preparation of financial
statements that are free of material misstatement. Control objectives state the purpose of a control (or controls) in relation to
risks and what could go wrong in the financial statements. Common control objectives for the audit areas and transaction
classes included in the activity-level control forms at ASB-CX-5.6ASB-CX-5.17 are included in this appendix. This appendix
provides a reference tool for the consideration of controls at ASB-CX-5.6ASB-CX-5.17, or when documenting the
understanding of controls at ASB-CX-4.1, ASB-CX-4.2, and ASB-CX-4.3.
Audit Area Transaction Class Control Objectives/Assertions
Cash
Processing Cash Receipts
a Cash receipts information is valid and
processed only once. (E/O, R/O)
Cash receipts are appropriately
safeguarded. (E/O)
Cash received is posted in the prop
period. (CO)
Cash receipts information is recorded in
the correct account. (A/CL)
Recorded cash receipt amounts are
correct. (A/CL)
Over the counter receipts are properly
safeguarded and recorded. (E/O, C, A/CL,
CO)
All cash receipts are recorded. (C)
Foreign currency cash received is
correctly valued. (V)
Processing Disbursements
a Disbursements are made only for goods
and services received. (E/O, R/O)
Disbursements are distributed to the
appropriate suppliers. (A/CL)
Disbursements are accurately calculated
and recorded. (A/CL)
Disbursements are recorded in the period
in which they are issued. (CO)
All disbursements are recorded. (C)
Accounts Receivable and Sales
Processing Sales Orders
a Only valid orders are input and
processed. (E/O, R/O)
All customer sales orders received are
input and processed. (C)
Sales order information is input
accurately. (V, A/CL)
Sales orders for existing accounts are
processed only within approved customer
credit limits. (V)
Sales orders are properly approved. (E/O)
Shipping and Invoicing Sales Orders
a All shipments input and processed are
valid. (E/O, R/O)
Only valid invoices are recorded. (E/O)
All products shipped are invoiced. (C)
Product shipments and invoices are
recorded in the proper period. (CO)
Invoices are posted to the correct
accounts. (A/CL)
Sales totals are correctly posted to the
general ledger. (A/CL)
Sales invoices are recorded at
appropriate amounts. (A/CL)
Invoices agree to approved custo
sales orders. (E/O)
Processing Sales Adjustments and Product
Returns
Only valid sales adjustments and product
returns are recorded.(E/O, R/O)
All valid sales adjustments and product
returns are recorded. (C)
Credit memos are issued and record
for the correct amount. (A/CL)
Credit memos are recorded in the correct
accounts. (A/CL)
Credit memos are recorded in the proper
period. (CO)
a Cash receipts information is valid and
processed only once. (E/O, R/O)
Cash receipts are appropriately
safeguarded. (E/O)
Cash received is posted in the proper
period. (CO)
Cash receipts information is recorded
accurately. (A/CL)
Recorded cash receipt amounts are
correct. (A/CL)
Over the counter receipts are prop
safeguarded and recorded. (E/O, C, A/CL,
CO)
All cash receipts are recorded. (C)
Foreign currency cash received is
correctly valued. (V)
Estimating the Allowance for Doubtful
Accounts and Bad Debt Expense
a
The appropriate accounting treatmen
specified for the allowance for doubtful
accounts and bad debt expense. (V,
A/CL)
Allowance for doubtful accounts and bad
debt expense are evaluated using a
methodology and related assumptions
that are consistent across the entity and
across accounting periods. (V)
Relevant, sufficient, and reliable data
necessary to record, process, and report
allowance for doubtful accounts and bad
debt expense is captured. (V, A/CL)
Allowance for doubtful accounts and bad
debt expense are accurately calcula
V, A/CL)
Significant estimates and judgments are
communicated to those charged with
governance on a timely basis. (V)
Recording Deferred Revenue The appropriate accounting treatment is
specified for deferred revenue. (A/CL, CO)
Deferred revenue is evaluated using a
across accounting periods. (A/CL, CO)
deferred revenue is captured. (
R/O, A/CL, CO)
Deferred revenue is accurately calculated.
(A/CL, CO)
governance on a timely basis. (A/CL, CO)
Estimating the Allowance for Sales Returns
and Adjustments
The appropriate accounting treatment is
specified for estimating the allowance for
sales returns and adjustments. (V, A/CL)
The allowance for sales returns and
adjustments is evaluated using a
the allowance for sales returns and
adjustments is captured. (V, A/CL)
The allowance for sales returns and
adjustments is accurately calculated. (V,
A/CL)
Maintaining the Customer Master File Only valid changes are made to the
customer master file. (E/O)
Customer master file changes are
accurate. (V, A/CL)
All valid changes to the customer master
file are identified, input, and processed.
(C)
Customer master file changes are
processed promptly. (E/O, C, V, A/CL)
Customer master file data rema
pertinent. (E/O, V)
Inventory and Cost of Sales
Recording Purchases
a Purchase orders are placed only for
approved requisitions. (E/O, R/O)
Purchase orders are entered accurately.
(A/CL)
All authorized purchase orders are placed
and entered. (C)
Receiving and Storing Inventory
a Inventory (received and stored) physically
exists. (E/O)
All receipts of inventory are recorded. (C)
Inventory receipts are properly recorded
at the correct amount. (A/CL)
Receipts, transfers, and shipments
recorded in the appropriate period. (CO)
All inventory receipts are properly
authorized. (E/O, R/O)
Requisitioning Materials for Production Materials and production costs (parts and
sub-assemblies) requisitioned to
manufacturing physically exist
All manufacturing costs incurred are
properly recorded in the appropriate
production phase (parts, labor, burden,
and overhead). (C, V, A/CL, CO)
Manufacturing costs are being posted to
the proper general ledger accounts.
(A/CL)
Costs being accumulated in the
manufacturing process are valued
properly and the cost standards used
represent actual costs. (V, A/CL)
Labor costs charged to work-orders are
authorized and reviewed. (E/O)
Costing Inventory
a Inventory values are based on
costs incurred. (V, A/CL)
All inventory items are assigned a cost.
(C)
The accounting policy for costing
inventory (e.g., LIFO, FIFO, average cost)
is properly and consistently applied. (V,
A/CL)
All cost and rate changes are properly
authorized. (V, A/CL)
Managing Inventory Inventory subledger agrees to the general
ledger. (E/O, C, A/CL, CO)
Inventory is properly protected. (E/O)
All cost changes are recorded in the
inventory master file. (V, A/CL)
Costs are recorded in the ma
the proper amounts. (V, A/CL)
Inventory counts and adjustments to
perpetual records are calculated
correctly. (E/O, C, A/CL, CO)
Inventory master file changes are properly
authorized. (V, A/CL)
Estimating Excess and Obsolete Inventory
Reserves
specified for excess and obsolete
inventory reserve. (V, A/CL)
Excess and obsolete inventory reserve is
evaluated using a methodology and
related assumptions that are consistent
across the entity and ac
periods. (V)
excess and obsolete inventory reserve is
captured. (V, A/CL)
Excess and obsolete inventory reserve
accounts are accurately calculated. (V,
A/CL)
Property Acquiring and Safeguarding Property, Plant,
and Equipment
Additions to property, plant, and
equipment represent assets acquire
the entity. (E/O, R/O)
Property, plant, and equipment additions
are recorded in the correct period. (CO)
All property, plant, and equipment
additions are recorded. (C)
Property, plant, and equipment
acquisitions are recorded accurately.
(A/CL)
Property, plant, and equipment additions
are properly authorized. (R/O)
Property, plant, and equipment are
adequately protected. (E/O)
Depreciating Property, Plant, and Equipment Depreciation charges are valid. (E/O)
Depreciation expense is
calculated and properly recorded. (C, V,
A/CL)
All depreciation expense is recorded in
the correct period. (CO)
Disposing of Property, Plant, and Equipment
(Sales and Retirements)
Only valid disposals of property, plant,
and equipment are recorded. (E/O)
disposals are recorded. (C)
Disposals of property, plant and
equipment are recorded in the correct
period. (CO)
Disposal amounts are correctly recorded.
(V, A/CL)
Disposals of property, plant,
equipment are properly authorized. (R/O)
Maintaining the Property, Plant, and
Equipment Subledger
Only valid property, plant, and equipment
subledger activities are recorded. (E/O,
R/O)
activities are recorded in the subledger
and general ledger and reflected in the
appropriate period. (C, V, A/CL, CO)
Assessing Assets for Impairment The appropriate accounting treatment is
specified for asset impairment. (V, A/CL)
Asset impairment is evaluated using a
asset impairment is captured. (V, A/CL)
Asset impairment is accurately calculated.
(V, A/CL)
Investments and Derivatives Managing Investments Recorded investments exist and are valid.
(E/O, R/O)
All investment transactions are accurately
recorded. (C, V, A/CL)
All investment transactions are recorded
in the appropriate period. (CO)
Investment decisions and recordings are
properly authorized and according to
policy. (R/O)
Managing Derivatives Recorded and disclosed derivative
transactions exist and pertain to the
entity. (E/O, R/O)
All derivative transactions are recorded
accurately and in the correct period. (C,
V, A/CL, CO)
Assessing Assets for Impairment The appropriate accounting tr
(V, A/CL)
Other Assets Recording Purchases of Other Assets Purchase orders are placed only for
(A/CL)
and entered. (C)
Assessing Assets for Impairment The appropriate accounting treatment is
(V, A/CL)
governance on a timely ba
Amortizing Assets Amortization expense is accurately
calculated and properly recorded. (C, V,
A/CL, CO)
Recording Purchases
a Purchase orders are placed only for
(A/C)
and entered. (C)
Processing Accounts Payable and Accruals
a Amounts posted to accounts payable
represent goods or services received.
(E/O, R/O)
Accounts payable amounts are accurately
calculated and recorded. (A/CL)
Amounts for goods or services received
are recorded in the appropriate period.
(C, CO)
Accounts payable are adjusted only for
valid reasons. (E/O, C)
Debit/credit memos and other
adjustments are accurately calculated
Debit/credit memos and other
adjustments are recorded in the
appropriate period. (C, CO)
a Disbursements are made only for goods
and services received. (E/O, R/O)
Disbursements are distributed to the
appropriate suppliers. (A/CL)
Disbursements are accurately calculated
Disbursements are recorded in the period
in which they are issued. (CO)
All disbursements are recorded. (C)
Maintaining the Supplier Master File Only valid changes are made to the
supplier master file. (E/O)
All valid changes to the supplier master
(C)
Changes to the supplier master file are
accurate. (A/CL)
Supplier master file changes are
processed promptly. (E/O, C, A/CL)
Supplier master file data remains
pertinent. (E/O)
Estimating the Warranty Reserve and Warranty
Expense
specified for estimated warranty reserve
and expense. (V, A/CL)
Estimated warranty reserve and warranty
expense are evaluated using a
necessary to record, proce
estimated warranty reserve and expense
is captured. (E/O, C, V, R/O, A/CL, CO)
Warranty reserve and expense are
accurately calculated. (V, A/CL)
Notes Payable and Long-term Debt Managing Borrowings Recorded debt exists and represents a
valid liability of the entity. (E/O, R/O)
Borrowings and repayments are recorded
accurately as to amounts and terms. (V,
A/CL)
All borrowings and repayments are
recorded. (C)
Borrowings and repayments are recorded
in the appropriate period. (CO)
Capital/operating leases are properly
identified and recorded. (E/O, C, V, R/O,
A/CL)
All interest is accurately calculated and
recorded in the appropriate period. (E/O,
C, V, R/O, A/CL)
Borrowings are properly classified in the
financial statements. (A/CL)
The entity complies with loan covenants.
(A/CL)
Income Taxes Calculating and Reporting Income Taxes Data necessary to record, p
report the income tax provision and
related income tax accounts is captured.
(C, R/O, A/CL)
Approved income tax provision and
related income tax account balances are
recorded in the correct general ledger
account and in the correct accountin
period. (C, A/CL, CO)
The accounting treatment for the income
tax provision and related income tax
accounts is correct. (V, A/CL)
The income tax provision and related
income tax accounts are evaluated
consistently across the entity and across
accounting periods. (E/O, V)
The income tax provision is computed
accurately and in accordance with the
entitys accounting policies. (C, V, A/CL)
Significant estimates and judgments
associated with the income tax provision
and related income tax accounts
based on the latest available information
and managements understanding of the
entitys operations. (V)
Equity Recording Equity Transactions Stock issued represents valid equity of
the entity. (E/O, R/O)
Stock issuances are recorded accurately.
(A/CL)
All stock issued is recorded. (C)
Stock transactions are recorded in the
appropriate period. (CO)
All dividend payments are acc
calculated and recorded in the
appropriate period. (E/O, C, R/O, A/CL,
CO)
Equity is properly classified in the
financial statements. (A/CL)
Recording Stock Compensation Stock option and restricted stock grants
are properly authorized. (R/O)
Stock option and restricted stock activity
(grants, exercises, and terminations) are
recorded in the proper period. (CO)
Stock options exercised are valid. (E/O)
All stock option and restricted stock
activity is completely recorded in the
appropriate accounting period. (C, V, CO)
Stock option and restricted stock grants
to third parties are accounted for
appropriately. (E/O, C, V, R/O, A/CL, CO)
Stock option detail is correctly entered
into the stock option subledger system.
(V, A/CL)
specified for stock compensation
specified for stock compensation
expense entries and disclosures. (V,
A/CL)
Stock compensation expense is
evaluated using a methodology and
related assumptions that are consistent
across the entity and across accou
periods. (V)
stock compensation expense is captured.
(E/O, C, V, R/O, A/CL, CO)
Stock compensation expense is properly
valued and recorded. (V, A/CL)
Significant stock compensation estimates
and judgments are communicated to
those charged with governance on a
timely basis. (V)
Income and Expenses
Processing Payroll
a Compensation expense represents
payment for time worked. (E/O)
All payroll activity is recor
correct general ledger account and in the
correct period. (C, A/CL, CO)
Compensation (including withholdings) is
accurately calculated and recorded.
(A/CL)
Time recorded is appropriately authorized
and approved. (E/O, R/O)
Maintaining the Employee Database Master
File
Only valid changes are made to
employee master files. (E/O)
New and terminated employees are
appropriately added or removed from the
employee master files. (E/O, C)
Employee master files changes are
processed promptly. (E/O, C, A/CL)
Employee master files changes are
accurate. (A/CL)
All valid changes to the employee master
(C)
Recording Repairs and Maintenance Expense Expenditures that meet capitalization
thresholds are capitalized. (E/O, C)
Repairs and maintenance expenditures
are recorded accurately. (A/CL, CO)
Financial Close and Reporting Defining the Financial Closing and Reporting
Process
a
The financial closing and reporting
process is clearly defined, d
updated, and communicated to
appropriate departments and individuals,
and any deviations are properly
authorized. (E/O, C, V, R/O, A/CL, CO)
All applicable generally accepted
accounting (or OCBOA) principles
affecting the entity are identifie
reflected in the entitys accounting
policies. (E/O, C, V, R/O, A/CL, CO)
Performing the Accounting Period Close
a All sources of information for routine and
nonroutine events and transactions,
including related party events and
transactions, are identified and analyzed.
(C, CO)
All significant accounts and subledgers
are reconciled to the general ledger and
reviewed timely. (E/O, C, V, R/O, A/CL,
CO)
All necessary analyses are identified,
prepared, and reviewed during the
period-end accounting close process.
(E/O, C, V, A/CL, CO)
Journal entries are independently
reviewed and properly recorded in the
appropriate accounting period. (E/O, C,
V, R/O, A/CL, CO)
All subsidiaries and other entities are
identified and appropriately included in
the consolidation process. (E/O, C, A/CL)
The financial statements accurately reflect
the final general ledger(s) and any
differences are supported by valid entries.
(E/O, C, R/O, A/CL)
Capturing and Processing Nonroutine
Information Requiring Significant Estimates
and Judgments
a
specified for account balances requiring
the use of accounting estimates and
judgment in the selection and application
of accounting principles. (E/O, C, V, R/O,
A/CL, CO)
Each nonroutine event or transaction,
including all matters requiring significant
estimates and judgment, is evaluated
using a methodology and related
assumptions that are consistent across
the entity and across accounting periods.
each nonroutine event or transaction,
including all matters requiring significant
estimates and judgment, is captured.
Each significant estimate an
reviewed and any necessary adjustments
are approved and recorded in the general
ledger. (E/O, C, A/CL)
Preparing and Reviewing Financial Statement
Disclosures
a
All events and transactions requiring
financial statement disclosure are
identified and analyzed. (C)
Each financial statement disclosure is
prepared in accordance with generally
accepted accounting principles or an
OCBOA (including relevant regulatory
rules) and the entitys accounting and
disclosure policies. (A/CL)
Relevant, sufficient, and reliable data is
used to prepare each financial statement
disclosure. (E/O, C, V, R/O, A/CL)
Reviewing and Approving the Financial
Statements
a
The financial statements and related
disclosures, including the treatment of
sensitive issues regarding the application
of accounting principles, presentation, or
disclosure, are authorized by
management and those charged with
governance. (E/O, C, V, R/O, A/CL, CO)
The published financial statements (in
print and electronic form) are free fro
publishing, printing, or
electronic-conversion errors and all
necessary waivers, consents,
certifications, and communications are
obtained prior to issuance. (E/O, C, V,
R/O, A/CL, CO)
Adjusting for Foreign Currencies All financial statements reporte
foreign currency are properly translated to
the consolidated reporting currency. (V)
All foreign currency transactions and
related gains and losses are appropriately
reported in the functional currency. (V)
Note:
a
CHAPTER 4: ASSESSING RISKS AND DEVELOPING THE
DETAILED AUDIT PLAN
400.1 This chapter focuses on (a) identifying and assessing the risks of material misstatement at the relevant assertion level
and (b) preparing a detailed audit plan that appropriately addresses those risks. This chapter also contains a detailed
discussion of the auditors consideration of risks of material misstatement due to fraud.
400.2 The following standards establish key requirements and provide guidance that affects assessing risks and developing
the detailed audit plan:
AU-C 300, Planning an Audit, establishes requirements for developing and updating an audit plan. [Formerly in SAS
No. 108 (AU 311)]
AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement,
establishes requirements for identifying, assessing, and revising the risks of material misstatement at the assertion
level and explains the concept of assertions. [Formerly SAS No. 109 (AU 314)]
AU-C 240, Consideration of Fraud in a Financial Statement Audit, establishes requirements for identifying and
assessing the risks of material misstatement due to fraud at the assertion level. [Formerly SAS No. 99 (AU 316)]
AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements, establishes requirements for
designing and performing audit procedures to potentially identify instances of noncompliance with laws and
regulations that may be material to the financial statements. [Formerly SAS No. 54 (AU 317)]
AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained,
establishes requirements for designing and performing further audit procedures responsive to risks of material
misstatement at the relevant assertion level. [Formerly SAS No. 110 (AU 318)]
AU-C 500, Audit Evidence, establishes requirements for designing audit procedures that are appropriate for
obtaining sufficient, appropriate evidence. [Formerly SAS No. 106 (AU 326)]
AU-C 520, Analytical Procedures, establishes requirements for designing and performing substantive analytical
procedures. [Formerly SAS No. 59 (AU 329)]
AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,
establishes requirements for auditing fair value estimates. [Formerly SAS No. 101 (AU 328) and SAS No. 57 (AU
342)]
AU-C 550, Related Parties, establishes requirements regarding related party relationships and transactions.
[Formerly SAS No. 45 (AU 334)]
AU-C 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally
Accepted Auditing Standards, defines audit risk and the related risks of which it is a function, that is, the audit risk
model. [Formerly included in AU 110-230]
Exhibit 4-1 summarizes the requirements related to preparing the audit plan as part of audit planning. (Some of the
requirements overlap with those for general planning summarized in Exhibit 3-1.)
Exhibit 4-1
Requirements Related to Assessing Risks and Developing the Detailed Audit Plan
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
Planning an Audit
Develop an audit plan that includes the nature and
extent of planned risk assessment procedures; the
nature, timing, and extent of planned further audit
procedures at the relevant assertion level; and any
other planned audit procedures that should be
performed.
through
ASB-AP-14
Update and modify the overall audit strategy and
the audit plan, as necessary, throughout the
engagement.
Assessing the Risks of Material Misstatement
misstatement at the relevant assertion level for
classes of transactions, account balances, and
presentation and disclosures.
ASB-CX-7.1
When identifying and assessing the risks of
material misstatement:
ASB-CX-7.1
Identify risks while understanding the entity
and its environment, including relevant
controls that relate to the risks, by
considering the classes of transactions,
account balances, and disclosures in the
Assess identified risks and consider if they
are pervasive to the financial statements as a
whole and potentially affect many assertions.
Relate the identified risks to what can go
wrong at the relevant assertion level,
considering relevant controls that are
expected to be tested.
Consider the likelihood of misstatement(s)
and whether the potential misstatement(s)
could result in a material misstatement.
Determine whether any of the identified risks are a
significant risk without considering the effects of
any relevant identified controls. In making this
determination, consider whether
AU-C
315.28.29
The risk is a fraud risk.
The risk is related to recent significant
economic, accounting, or other
developments requiring specific attention.
The transactions are complex.
The risk involves significant transactions with
related parties.
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
The measurement of the financial information
related to the risk is subjective and involves a
wide range of uncertainty.
The risk involves significant unusual
transactions or those outside the normal
course of business.
If a significant risk exists, obtain an understanding
of the controls related to that risk and, based on
that understanding, evaluate whether the controls
are suitably designed and implemented to
mitigate such risks.
ASB-CX-4.2
ASB-CX-5
For risks where it is not possible or practicable to
obtain sufficient appropriate evidence from only
substantive procedures, obtain an understanding
of the controls over such risks.
ASB-CX-4.2
ASB-CX-5
Document: AU-C 315.33 Sections 402
and 403
ASB-CX-3.1
ASB-CX-3.2
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-7.1
Discussion among the engagement team
including the significant decisions reached,
how and when the discussion occurred, and
the audit team members who participated.
Key elements of the understanding obtained
for each aspect of the entity and its
environment and each internal control
component, the sources of information, and
the risk assessment procedures performed.
Identified and assessed risks of material
misstatement at the financial statement level
and at the relevant assertion level.
Significant risks identified and the
understanding obtained of the related
controls.
Audit
statement level and at the assertion level for
classes of transactions, account balances, and
disclosures.
ASB-CX-3.2
ASB-CX-3.3
ASB-CX-6.2
ASB-CX-7.1
Evaluate (based on the presumption that revenue
recognition is a fraud risk) which types of revenue,
revenue transactions, or assertions give rise to risk
ASB-CX-6.2
ASB-CX-7.1
Document the following AU-C 240.43 Section 404 ASB-CX-3.2
ASB-CX-7.1
The significant decisions reached during the
discussion among the engagement team
regarding the susceptibility of the entitys
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
financial statements to material misstatement
due to fraud, how and when the discussion
occurred, and the audit team members who
participated.
The identified and assessed risks of material
statement level and at the assertion level.
Document the following as part of the auditors
responses to the assessed risks of material
misstatement including
ASB-AP-2
ASB-AP-3
through
ASB-AP-14
The overall responses to the assessed risks
of material misstatement due to fraud at the
financial statement level; the nature, timing,
and extent of audit procedures; and the
linkage of those procedures with the
assessed risks of material misstatement due
to fraud at the assertion level.
The results of the audit procedures, including
those designed to address the risk of
Document how the presumption that improper
revenue recognition is a fraud risk was overcome,
if applicable.
Performing Audit Procedures in Response to
Assessed Risks
Design and perform further audit procedures
whose nature, timing, and extent are responsive to
risks of material misstatement at the relevant
assertion level.
through
ASB-AP-14
When designing further audit procedures: AU-C 330.07 Section 405 ASB-CX-7.1
ASB-AP-2
through
ASB-AP-14
Consider the reasons for the risk assessment
at the relevant assertion level for each
transaction class, account balance, and
disclosure, including inherent risk and control
risk.
Obtain more persuasive audit evidence the
higher the risk assessment.
Regardless of the assessed risks of material
misstatement, design and perform substantive
procedures for all relevant assertions related to
each material class of transactions, account
balance, and disclosure.
ASB-AP-2
through
ASB-AP-14
Document the following: AU-C 330.30 Section 405 ASB-CX-7.1
ASB-AP-2
through Overall responses to address risks of material
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
through
ASB-AP-14 misstatement at the financial statement level
and the nature, timing, and extent of further
audit procedures performed.
The linkage of further audit procedures with
assessed risks at the relevant assertion level.
The results of audit procedures, including
conclusions that are not otherwise clear.
Auditing Accounting Estimates, Including Fair
Value Accounting Estimates, and Related
Disclosures
Evaluate the degree of estimation uncertainty
associated with an accounting estimate as part of
identifying and assessing the risk of material
misstatement. Determine whether any estimations
having a high degree of estimation uncertainty
represent significant risks.
AU-C
540.10.11
ASB-CX-7.1
Determine whether management has
appropriately applied GAAP (or an OCBOA) to the
accounting estimate, whether the method for
making the estimate is appropriate and applied
consistently, and whether any change in the
estimate or method from the prior period is
appropriate.
through
ASB-AP-14
Related Parties
misstatement associated with related party
relationships and transactions to determine
whether they represent significant risks.
ASB-CX-7.1
Consider any identified related party fraud risk
factors in identifying and assessing fraud risks.
ASB-CX-6.2
* * *
401 THE CONCEPT OF FINANCIAL STATEMENT ASSERTIONS
401.1 AU-C 315.04 defines assertions as representations by management, explicit or otherwise, that are embodied in the
financial statements as used by the auditor to consider the different types of potential misstatements that may occur. AU-C
315.A114 explains that assertions used by the auditor fall into the following three categories:
Assertions about classes of transactions and events for the period under audit.
Assertions about account balances at period end.
Assertions about presentation and disclosure.
AU-C 315.A114 and paragraphs beginning at 401.2 further explain the individual assertions within those three categories.
Assertions for Classes of Transactions
401.2 Assertions about transaction classes relate to the entire period under audit and consist of the following:
a. Occurrence. Transactions and events that have been recorded have occurred and pertain to the entity.
b. Completeness. All transactions and events that should have been recorded have been recorded.
c. Accuracy. Amounts and other data relating to the recorded transactions and events have been recorded
appropriately.
d. Cutoff. Transactions and events have been recorded in the correct accounting period.
e. Classification. Transactions and events have been recorded in the appropriate accounts.
Assertions for Account Balances
401.3 Assertions about account balances relate to the period end and consist of the following:
a. Existence. Assets, liabilities, and equity interests exist.
b. Rights and Obligations. The entity holds or controls the rights to assets, and liabilities are the obligations of the
entity.
c. Completeness. All assets, liabilities, and equity interests that should have been recorded have been recorded.
d. Valuation and Allocation. Assets, liabilities, and equity interests are included in the financial statements at appropriate
amounts and any resulting valuation or allocation adjustments are appropriately recorded.
401.4 Generally, valuation or allocation has been viewed as relating to either (1) issues of recognition and measurement
subsequent to initial recording or (2) recording estimates and accruals. For example, the appropriateness of the gross
amount of accounts receivable has been regarded as included in the existence assertion, while the valuation assertion is
related to determining the net collectible amount of receivables. Valuation relates to account balances that require an estimate
after initial recording to determine value, such as uncollectible receivables, obsolete inventory, or other asset impairments.
Allocation relates to items for which an expense related to usage is allocated over useful life, such as property and certain
intangibles or amortization of premiums or discounts related to liabilities.
Assertions for Presentation and Disclosure
401.5 Assertions about presentation and disclosure can relate to matters during the period or at the period end and consist
of the following:
a. Occurrence and Rights and Obligations. Disclosed events have occurred and pertain to the entity.
b. Completeness. All disclosures that should have been included in the financial statements have been included.
c. Classification and Understandability. Financial information is appropriately presented and described and disclosures
are clearly expressed.
d. Accuracy and Valuation. Financial information is disclosed fairly and at appropriate amounts.
401.6 This separate enumeration of assertion categories related to presentation and disclosure recognizes the importance of
potential misstatements that can occur in the financial reporting process regarding the assembly of information and its
portrayal in the financial statements. In other words, transactions and events can be recorded properly and the resulting
assets, liabilities, and equity interests can be recorded properly, but potential misstatements can still occur in the process of
preparing the financial statements. Further, this category of assertions explicitly recognizes the importance of the
understandability or clarity of disclosures.
401.7 As a practical matter, however, audit programs at the account balance and transaction class level often do not include
extensive tests related to presentation and disclosure. Generally, the only specific matters related to presentation and
disclosure that are considered in audit programs for individual audit areas are (a) the proper classification of accounts for
financial statement presentation and (b) ensuring that the workpapers include the information that supports disclosures and
that such information has been subjected to appropriate audit procedures (occurrence, accuracy, and valuation). The
completeness and understandability of disclosures are ordinarily more fully considered in the audit work related to the
process of preparing the financial statements, that is, in the general audit program. For example, the completeness of
disclosures is considered by using a disclosure checklist (ASB-CX-13). The understandability or clarity of disclosures, as well
as matters of occurrence and rights and obligations, are considered by a careful review of the financial statements and
disclosures in light of the auditors knowledge about the client gained throughout the audit. Accuracy and classification is
further considered by agreeing or reconciling the financial statements to the general ledger. The general auditing and
completion program (ASB-AP-2 and ASB-AP-2-S) contains procedures related to those aspects of the assertions for
presentation and disclosure.
Relevant Assertions
401.8 As discussed in Chapter 3, the auditor assesses risks of material misstatement at the relevant assertion level and
designs audit procedures to mitigate that assessed risk. AU-C 315.04 defines a relevant assertion as one that has a
reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be
materially misstated. Determination of whether an assertion is relevant is made without regard to the effect of internal
controls. A routine example is that the valuation assertion is usually not relevant to the cash account unless currency
translation is involved. Another example is that the valuation assertion is usually not relevant to the gross amount of the
accounts receivable balance, but is usually relevant to the related allowance for doubtful accounts. Additionally, the valuation
and rights or obligations assertions are generally not directly relevant to income statement accounts. Those assertions
generally relate to balance sheet accounts that may well affect the income statement, but not to income statement accounts
directly. For example, the terms of the payment of receivables might directly affect when a receivable is due, such as not until
a reseller sells to an end user, and then would indirectly affect whether revenue recognition is appropriate. In another
example, the impairment of a fixed asset would directly affect the valuation of that asset and indirectly affect the income
statement by a charge against earnings.
401.9 Auditors generally focus on those assertions that have some realistic chance of being misstated for a particular item.
The identification and assessment of risks of material misstatement made to prepare the audit plan and determine the nature,
timing, and extent of further procedures are made at the relevant assertion level. For example, AU-C 315.27 requires the
auditor to relate identified risks to what can go wrong at the relevant assertion level. References to decisions made at the
relevant assertion level mean decisions made about the relevant assertions within a class of transactions, account balance,
or disclosure.
401.10 AU-C 315.A118 indicates that for each significant class of transactions, account balance, and disclosure, the auditor
determines the relevance of each financial statement assertion. Relevant assertions are identified by evaluating the following:
The source of likely potential misstatement in each significant class of transactions, account balance, and
disclosure.
The nature of the assertion.
The volume of transactions or data related to the assertion.
The nature and complexity of the systems, including the use of IT, by which the entity processes and controls
information supporting the assertions.
401.11 By understanding assertions that are relevant to an account balance, class of transactions, or disclosure and how
identified risks relate to them, the auditor can effectively design and link further audit procedures that are responsive to the
assessment of the risk of material misstatement.
Implementation of Assertion Categories
401.12 AU-C 315.A115 notes that the auditor may use the relevant assertions as they are described in paragraphs 401.2.5
or may express them differently provided aspects described therein have been covered. For example, the auditor may choose
to combine the assertions about transactions and events with the assertions about account balances. This means the auditor
can continue to use generalized materials structured around broad categories of assertions that have been widely used in
practice.
401.13 Using the PPC Approach. To facilitate the assessment of risks at the assertion level, the authors recommend the
following categories of assertions, which are integrated in the PPC audit approach:
a. Existence or occurrence.
b. Completeness.
c. Rights or obligations.
d. Valuation or allocation.
e. Accuracy or classification.
f. Cutoff.
401.14 These categories cover all of the categories of assertions for transactions and events and account balances, as well
as those aspects of presentation and disclosure that are considered in the audit programs for individual audit areas. The
authors use the following audit objective in the general audit program to encompass the remaining assertions about
presentation and disclosure that are considered in the process of preparing the financial statements: Financial statements
are presented in accordance with GAAP. Required disclosures are complete, clearly expressed and understandable, and
contain financial and other information that is fairly disclosed at appropriate amounts.
401.15 Various practice aids that are illustrated in this Guide contain references to assertions. Exhibit 4-2 provides a listing of
those practice aids and how the assertion reference is used by the auditor when using the PPC approach.
Exhibit 4-2
The Use of Assertions in PPC Practice Aids
Practice Aid
Description
Purpose and Use of Assertion
Reference
Activity and Entity-level
Control Forms (ASB-CX-5)
For listed control activities for
various audit areas, the form
provides relevant assertions that are
addressed by that control activity.
When obtaining an understanding
of control activities, this
information assists the auditor in
identifying the relevant assertions
for particular control activities. It
also helps the auditor decide
which controls to test if the auditor
plans to seek a reduced control
risk assessment for a particular
Practice Aid
Description
Purpose and Use of Assertion
Reference
assertion.
Form (ASB-CX-7.1)
On Part II of the form, the auditor
indicates assertions affected by
identified risks and makes an
assessment of the risk of material
misstatement for each relevant
assertion for significant audit areas.
The assessment of the risk of
material misstatement by assertion
assists the auditor when deciding
on an appropriate audit response
by providing linkage between the
risks and related audit program
steps. In some cases, the auditor
will choose to perform extended
audit procedures to address risks
related to specific assertions.
Inherent Risk Assessment
Form (ASB-CX-7.2)
When assessing inherent risk, the
auditor can consider inherent risk
factors by assertion on this form.
This information is used to support
the inherent risk assessment by
assertion that is documented on
the Risk Assessment Summary
Form (ASB-CX-7.1).
Test of Controls Form
(ASB-CX-10.1)
The testing procedures and results
of the auditors tests of controls (that
is, the supported assessed level of
control risk) are documented at the
assertion level on this form.
This information supports the
control risk assessment
documented on the Risk
Assessment Summary Form.
Audit Programs Each procedure on the audit
programs for financial statement
areas indicates the assertions that
are primarily and secondarily
addressed by that procedure.
Understanding which financial
statement assertions are
addressed by an audit procedure
assists the auditor when selecting
responses to the risks of material
misstatement for an assertion. It
also provides linkage between the
audit program steps and the
related risks that they address.
* * *
402 IDENTIFYING RISKS OF MATERIAL MISSTATEMENT AT THE RELEVANT
ASSERTION LEVEL
402.1 In addition to being required to assess the risk of material misstatement at the financial statement level as discussed in
section 306, AU-C 315.26 notes that the auditor is also required to identify and assess the risk of material misstatement of the
financial statements whether due to error or fraud at the assertion level. For the purpose of assessing the risks of material
misstatement at the relevant assertion level related to account balances, transaction classes, and disclosures, AU-C 315.27
indicates that the auditor should do the following:
a. Identify risks throughout the process of obtaining an understanding of the entity and its environment, including
relevant controls that relate to the risks.
b. Relate the identified risks to what can go wrong at the relevant assertion level, considering relevant controls to be
tested.
c. Consider whether the risks are of a magnitude that could result in a material misstatement of the financial
statements.
d. Consider the likelihood that the risks could result in a material misstatement of the financial statements.
402.2 Items a. through c. are discussed in this section. Item d., likelihood, is a function of the assessed levels of inherent and
control risk, which is discussed in section 403. Section 404 discusses in more detail how the auditor considers fraud risks.
The auditors consideration and identification of risks of material misstatement due to fraud under the requirements of AU-C
240 is not separate from consideration of audit risk; rather, it is integrated into the overall audit risk assessment process
described in this Guide. Specifically, the discussion beginning at paragraph 404.7 discusses in greater detail identifying the
risk of material misstatement due to fraud.
402.3 The auditor uses information gathered to identify risks that may result in material misstatement of the financial
statements. The auditors identification of risks is a matter of professional judgment. It is more than reviewing a checklist of
risk factors or red flags. It encompasses all of the auditors knowledge of the client, including knowledge obtained about the
entity and its environment, its management, the industry in which it operates, its internal control, and risk factors.
402.4 Risks are articulated in terms of what can go wrong in the financial statements at the assertion level. This is done, in
part, because the presence of risks may only become evident when information from different sources is combined. That is,
when analyzed in combination or as a whole, seemingly unrelated information might indicate a potential risk. In addition, it is
difficult to link risks with responses unless the risks are stated in terms of their potential effects on the financial statements.
402.5 In performing risk assessment and other planning procedures, the auditor gathers information that may be relevant to
identifying risks. Prior to performing risk identification, information gathered is merely information that may be relevant in
identifying risks. The authors believe the auditor ought to apply professional judgment to combine, or synthesize, information
gathered to identify the areas where the entitys financial statements might be susceptible to material misstatement due to
error or fraud.
Gathering Information from Risk Assessment and Other Planning Procedures
402.6 Chapter 3 discusses the procedures performed to obtain an understanding of the entity and its environment and the
information that is gathered throughout that process to identify risks of material misstatement. Information is gathered from a
variety of sources by performing the following risk assessment and other planning procedures:
Planning and preliminary engagement activities, including:
Acceptance and continuance procedures.
Establishing an understanding with the client.
Obtaining an understanding of the entity and its environment, including its internal control, by performing:
Inquiries of management and others (including required fraud inquiries).
Observation and inspection.
Identification of fraud risk factors.
Discussion among engagement team members.
Preliminary analytical review.
Review of interim financial statements, if applicable.
Other planning procedures.
402.7 When performing risk assessment and other planning procedures, the auditor gathers information that may be relevant
to identifying risks. Prior to performing risk identification, information gathered is merely information that may be relevant in
identifying risks. This is because the presence of risks may only become evident when information from different sources is
combined. For instance, seemingly unrelated information might indicate a potential risk only when analyzed in combination or
as a whole.
402.8 When gathering information that may be relevant to identifying risks, some auditors may be tempted to prematurely
dispose of information that might suggest potential risk indicators. The authors believe it is important to avoid the temptation
to dispose of individual pieces of information without considering them in the context of all the information gathered. When
auditors perform risk assessment procedures to gather information, that information has not yet been evaluated to determine
how it relates to the financial statements and what could go wrong. At that point, the information gathered is essentially raw
material. The authors believe further processing of that raw material is necessary before potential risks of material
misstatement can effectively be identified (see the discussion of synthesis beginning at paragraph 402.12). The authors
believe the auditor ought to apply professional judgment to combine, or synthesize, information gathered to identify the areas
where the entitys financial statements might be susceptible to material misstatement due to error or fraud. Once the auditor
understands what can go wrong in the financial statements, he or she can develop an appropriate response to such risks.
402.9 The importance of avoiding the temptation to dispose of individual pieces of information based on materiality or
mitigating controls without first considering them in the context of all the information gathered is illustrated in the following
example.
Example 4-1: Considering mitigating controls too early in the process.
Laser Technology is a manufacturer of equipment used in document imaging. The entity has grown through acquisition,
and currently has three separate divisions operating in different states. Laser installed a new accounts payable
processing system during the current year to centralize its invoice processing at the entitys parent location. The new
system includes internal controls, edit routines, and exception reports for matching invoices to purchase orders, setting
up authorized vendors, and maintaining approval limits. All accounts payable employees, supervisors, and managers
have been thoroughly trained in the new system. The centralized accounts payable department now processes all of the
invoices previously processed at the three locations.
During the engagement team discussion, the audit staff of the Laser engagement discussed the fact that the entitys new
accounts payable system significantly improved internal controls and segregation of duties over invoice processing.
When gaining an understanding of the entity and its environment by conducting inquiries of employees, the staff person
was told that the transition to the new system went fairly smoothly. The hardest part of the transition was that the invoice
processors at the parent location were not familiar with the individuals at the other locations who had invoice approval
authority, and they also were not familiar with many of the new vendors in the centralized system. After a few months,
however, they gained this familiarity and loved the new system. The staff person focused on the control improvements
and failed to consider the risks associated with the upheaval caused during the change in systems. Therefore, this
information was not documented as part of the auditors inquiries.
As a result, the engagement team failed to gather information that would have helped them identify that the processing
of accounts payable during the system implementation period represented a financial statement risk. It was later
discovered that several major vendor accounts were inadvertently excluded from the new system, which resulted in an
underaccrual of accounts payable at year-end.
402.10 Information the auditor collects for further evaluation does not necessarily represent a risk of material misstatement of
the financial statements, nor does the information necessarily require an audit response. It is merely information that suggests
a potential risk indicator. The information may represent a risk of material misstatement and require an audit response, or it
may not. Therefore, auditors need not be concerned that accumulating too much information will result in audit inefficiency.
402.11 Information gathered by performing risk assessment and other planning procedures may be compared to the
symptoms of an illness, as illustrated in the following example.
Example 4-2: Identifying a risk is like diagnosing an illness.
Sylvia Brown goes to Dr. Andersons office complaining of aches and a fever. Dr. Andersons first thought is that Sylvia
probably has the flu. However, before he diagnoses her illness, he first gathers all the relevant symptoms. He interviews
Sylvia and finds out she lives in a wooded area and was recently bitten by a tick. He then performs a physical
examination and detects a rash. He also orders some blood tests to gather more information. Dr. Anderson accumulates
the symptoms on Sylvias chart, and then evaluates them together to diagnose her illness. When all of the symptoms are
considered together, the doctor is able to diagnose Sylvia with Lyme disease, which often can be mistaken for the flu.
Just as the symptoms gathered by the doctor are not illnesses but merely indications of illness, so the information
gathered by the auditor is not a risk but simply an indication of risk.
Assume Dr. Anderson had quickly concluded, based on limited information, that Sylvia had the flu. He would have
treated her for the wrong illness. This would be similar to trying to identify risks without having all of the relevant
information. The auditor who identifies risks without performing sufficient risk assessment and other planning
procedures may end up developing inappropriate responses.
Synthesizing the Information
402.12 Once auditors have accumulated information relevant to the identification of potential risks, the information is
evaluated together. Auditors apply professional judgment to determine whether the information gathered during the risk
assessment process, either individually or in the aggregate, indicates areas where the entitys financial statements might be
susceptible to material misstatement (whether due to error or fraud). The authors refer to this process as synthesis. Synthesis
is a mental process involving analysis of the information gathered to identify risks.
402.13 Why Is Synthesis Important? The synthesis process helps the auditor
Recognize how the pieces of information gathered, alone or in combination, could indicate circumstances where
risks might exist.
Evaluate whether the circumstances could potentially result in material misstatement of the financial statements.
Articulate those circumstances in terms of what could go wrong at the relevant assertion level.
Only after the auditor can clearly articulate the risks can he or she ordinarily assess the risks (see section 403) and develop
appropriate responses (see section 405).
402.14 Often, there may not be a one-to-one relationship between the pieces of information gathered and risks of material
misstatement of the financial statements. In many cases, it is the combining of seemingly unrelated information that indicates
a risk. In other cases, one piece of information, in and of itself, may represent a condition that indicates a risk. Further, the
totality of the information gathered, when synthesized, could actually lead to the identification of an overall risk at the financial
statement level, such as a lack of personnel with appropriate accounting and financial reporting skills. The synthesis process
may be compared to putting a jigsaw puzzle together. It is usually difficult to tell from looking at an individual puzzle piece
what the picture will be. However, as pieces are put together one by one, an image begins to take shape. When the puzzle is
finished, the pieces form a picture.
402.15 Synthesis Considerations. Synthesis of the information gathered during the performance of risk assessment and
other planning procedures allows auditors to identify risks that might be associated with seemingly unrelated information. To
synthesize the information and identify risks, auditors consider the information in the context of:
The type of risk (that is, whether it relates to error or fraud).
The pervasiveness of the risk, that is, whether the risk is
Pervasive to the financial statements taken as a whole.
Related to a relevant assertion(s) for specific classes of transactions, account balances, or disclosures.
What can go wrong at the relevant assertion level.
If the risk is a potential fraud risk, how the information relates to the three fraud conditions generally present when
fraud occurs (that is, incentives/pressures, opportunities, and attitudes/rationalizations) and the extent to which
those fraud conditions have been observed.
Whether the risk is of a magnitude that could result in material misstatement of the financial statements.
402.16 After the information is synthesized and the risks of material misstatement are identified, the likelihood of the risks
resulting in material misstatement is then assessed. The assessment of likelihood is a function of the assessed levels of
inherent and control risk, which are discussed in section 403.
402.17 Exhibit 4-3 includes a visual presentation of the types of information gathered during the risk assessment process and
the synthesis of that information. The identification of risks may also be influenced by the specific characteristics of the entity,
such as its size, complexity, and ownership attributes. The following paragraphs discuss the primary considerations in
performing the synthesis to identify risks. Although each of the auditors considerations is discussed separately, the
considerations often occur simultaneously.
Exhibit 4-3
The Synthesis Process
* * *
402.18 Considering the Type of Risk. In performing synthesis, the auditor considers the accumulated information to
determine whether a potential risk relating to error or to fraud exists. Because the synthesis process is highly judgmental, the
risks identified by applying the process may be different depending on whether they relate to error or fraud. AU-C 240
emphasizes the importance of auditors exercising professional skepticism when considering the possibility that a risk of
material misstatement due to fraud could be present. If the risk relates to fraud, auditors consider whether the information
indicates the entity is susceptible to misappropriation of assets or fraudulent financial reporting. Considering these types of
risks is discussed further at paragraph 402.24.
402.19 Considering Pervasiveness of the Risk. The auditor considers the information gathered and determines whether it
indicates a risk that may be pervasive to the financial statements as a whole or a risk that relates to relevant assertions related
to a specific class of transactions, account balance, or disclosure. For example, a risk associated with a weak control
environment is pervasive to the financial statements because misstatements are unlikely to be confined to a particular account
balance, class of transactions, or disclosure. On the other hand, the risk of overstatement of inventory due to an underaccrual
of the inventory obsolescence reserve is specifically related to the valuation assertion (and disclosures) for the inventory
accounts.
402.20 The auditors determination of whether risks affect relevant assertions related to specific classes of transactions,
account balances, or disclosures or whether they are pervasive to the financial statements as a whole is useful in determining
appropriate audit responses. Generally, auditors respond to pervasive risks by altering their overall audit strategy, while
auditors respond to specific risks at the assertion level by altering the nature, timing, and extent of their further audit
procedures. Risks of material misstatement at the financial statement level and developing an overall audit strategy are
discussed in section 306. Considering pervasiveness is illustrated in the following examples.
Example 4-3: Risk is related to a relevant assertion for a specific account balance.
When performing risk assessment procedures, the auditor of Arlington Associates identifies a risk that certain repairs
may be capitalized as equipment. This represents a risk of misstatement for the existence assertion for the equipment
account and a risk of misstatement for the completeness assertion for the repairs and maintenance expense account.
Example 4-4: Risk is pervasive to the financial statements as a whole.
When performing risk assessment procedures, the auditor of Lawson Corporation determines that there is a weak
control environment surrounding the monthly and year-end financial reporting closing processes. Because this
weakness can affect numerous account balances, the risk is an overall risk that may be pervasive to the financial
statements as a whole.
402.21 Considering What Can Go Wrong at the Assertion Level. The purpose of performing risk assessment is to identify
and respond to risks of material misstatement of the financial statements. Although much of the information gathered to
identify risks may relate to the entitys business risks, the focus is on risks that may have a material direct or indirect effect on
the financial statements. Not all business risks give rise to risks of financial statement misstatement.
402.22 As part of the synthesis process, the auditor considers how the potential risk could affect specific assertions related to
account balances, transaction classes, or disclosures. What could the potential risk cause to go wrong in the financial
statements? And more specifically, what assertions relating to particular account balances, transaction classes, or disclosures
could be affected? How could they be affected? Appendix 3B of PPCs Guide to Audit Risk Assessment (Implementing the
Risk Assessment Standards) provides examples to assist auditors in identifying what can go wrong in the financial statements
for inventory/cost of sales, accounts receivable/sales, and accounts payable and other liabilities.
402.23 As discussed in section 401, PPCs approach uses the following assertion categories:
Existence or occurrence.
Completeness.
Rights or obligations.
Valuation or allocation.
Accuracy or classification.
Cutoff.
By taking the what could go wrong scenario down to the assertion level, the auditor can more easily consider the potential
severity and implications of the risk. Considering what can go wrong at the assertion level is illustrated in the following
examples.
Example 4-5: Translating a risk into what can go wrong at the assertion level.
While performing risk assessment procedures, the auditor of Dorsey Company determines that the entity engages in bill
and hold transactions. When the auditor considers what can go wrong in the financial statements, he determines that a
year-end inventory balance could be presented that is greater than the inventory the entity actually owns if the entity fails
to exclude the inventory held for others from its physical count. Thus, this risk represents an existence (and rights or
obligations) risk that could result in an overstatement of inventory.
Example 4-6: Articulating another risk as a risk at the assertion level.
While performing risk assessment procedures, the auditor of Parks Industrial Supplies determines that a number of
significant customer accounts receivable are over 90 days and no allowance for doubtful accounts has been accrued at
year-end. When the auditor considers what can go wrong in the financial statements, she determines that the period-end
accounts receivable balance could include amounts that will not ultimately be collected. Thus, there is a risk related to
the valuation assertion that could result in an overstatement of accounts receivable.
402.24 Considering Fraud Conditions. AU-C 240 indicates that, when identifying fraud risks, it may be helpful to consider
the information gathered in the context of the three conditions generally present when fraud occurs: incentives/pressures,
opportunities, and attitudes/rationalizations. That is, auditors consider whether the information may indicate incentives to
commit fraud, opportunities to carry it out, or attitudes/rationalizations to justify it. The nature of the observed fraud conditions
may assist the auditor in determining the type of risk. For example, information related to personal financial obligations or
dissatisfaction of employees, assets susceptible to theft, and inadequate safeguarding controls generally indicates
susceptibility to misappropriation of assets. Information related to external pressures to present favorable financial condition
or operating results, accounts or transactions susceptible to manipulation, and inadequate monitoring and financial reporting
controls generally indicates susceptibility to fraudulent financial reporting. Fraud conditions are discussed further in section
404.
402.25 Considering Magnitude of the Risk. Magnitude refers to whether the risk could result in a material misstatement of
the financial statements. Essentially, it is a consideration of materiality. For example, for a risk related to a potential
underaccrual of an entitys allowance for doubtful accounts, materiality is primarily quantitative. That is, could the allowance
for doubtful accounts be underestimated by such an amount that the financial statements could be materially misstated?
However, magnitude is not limited only to quantitative considerations. Some consideration also needs to be given to the
qualitative aspects of materiality. In certain cases, implications of potential misstatements that might otherwise be immaterial
could be considered material to financial statement users. For example, a risk that could also have an effect on other financial
statement components needs to be more carefully considered. Considering magnitude is illustrated in the following examples.
Example 4-7: Considering quantitative magnitude.
While performing risk assessment procedures, the auditor of the Nelson Corporation identifies a risk of understatement
of accounts payable due to a lack of accrual of invoices payable at year-end. Because the auditor is aware of a number
of significant purchases made by the entity just prior to the end of the year, he determines that the magnitude of the
understatement of accounts payable could be such that the misstatement could be material to the financial statements.
Example 4-8: Considering magnitude, including qualitative factors.
While performing risk assessment procedures, the auditor of Crowe, Inc. identifies a risk that the entitys investment in a
joint venture may be misstated. The auditor is aware that the users of the financial statements under audit include the
entitys joint venture partners. The auditor determines that the magnitude of the potential misstatement may not be
material to the financial statements taken as a whole, but it could be significant to the joint venture partners. As a result,
the auditor determines that the misstatement is of a sufficient magnitude to be identified as a risk.
402.26 When evaluating the magnitude of potential fraudulent financial reporting risks, qualitative considerations are
particularly important because the fraud involves deception of financial statement users. A common belief is that fraudulent
misstatement of financial statements is by definition material. The reasoning goes that because the goal of the fraud is to
deceive users of the financial statements, the fraud would have to be material to influence the judgment of the user. However,
that does not necessarily mean the fraudulent misstatement would have to be quantitatively material to the financial
statements. The authors believe that if the auditor gathers information that results in identifying a potential fraud risk related to
manipulation of the financial statements, it is unlikely the auditor would ordinarily conclude that the matter is not of a
magnitude that could be significant to financial statement users.
402.27 Synthesis Questions. Exhibit 4-4 provides a list of questions auditors can ask to help determine whether the
information gathered, individually or in combination, indicates a potential risk of material misstatement of the financial
statements.
Exhibit 4-4
Synthesis Questions
What Type of Risk Exists?
Does the risk relate to error or fraud?
If the risk is a fraud risk, does it relate to misappropriation of assets or fraudulent financial reporting?
Is the Risk Pervasive?
Is the risk confined to an assertion(s) relating to a particular account balance, transaction class, or disclosure?
Is the risk of such a nature that multiple financial statement components could be affected?
What Can Go Wrong at the Assertion Level?
What could the risk cause to go wrong in the financial statements?
What account balance, transaction class, or disclosure in the financial statements would be affected by the risk?
What assertion does the risk relate to?
What is the direction of the risk (that is, overstatement or understatement)?
For Risks of Error:
Is there a past history of errors relating to the assertion and account balance, transaction class, or disclosure?
Are there indications that the account balance, transaction class, or disclosure is susceptible to error?
Are there existing conditions or control weaknesses that make the entity vulnerable to error for this assertion and account
balance, transaction class, or disclosure?
Are there any indications that errors may have occurred in the current period relating to the assertion and account
balance, transaction class, or disclosure?
For Risks of Fraudulent Financial Reporting:
What incentives or pressures exist for management to misstate the financial statements (e.g., pressure to overstate
revenue or net income, reduce tax liability, or manipulate amounts related to loan covenants)?
Is there ineffective monitoring of management or does management fail to adequately monitor internal controls over the
financial reporting process?
Does management communicate inappropriate values or ethics?
Does management display domineering behavior towards the auditor, especially involving attempts to influence the
scope of the auditors work or the auditors judgment about the appropriateness of the selection and application of
accounting principles?
Are there any indications that management might be manipulating the financial statements?
For Risks of Misappropriation of Assets:
Which assets are most susceptible to misappropriation?
What conditions exist that might make the entity vulnerable to misappropriation?
Are there any indications that misappropriation might be occurring?
Could the Risk Result in a Material Misstatement of the Financial Statements?
Could the risk result in a misstatement of such a magnitude that the financial statements taken as a whole could be
materially misstated?
Are there additional qualitative considerations that ought to be considered in determining whether the magnitude of the
misstatement could be material to the financial statements?
* * *
Identifying Risks of Material Misstatement
402.28 Articulating Risks. The output of the synthesis process is the articulation of identified risks and the assertions
affected. Risks generally are stated in terms of what can go wrong in the financial statements at the relevant assertion level.
To assist in assessing risks and determining further audit procedures to be performed, the authors recommend that auditors
be as specific as possible when describing risks. The authors recommend that a well articulated risk describes
The cause of the risk.
The account balance, class of transactions, or disclosure and how it may be affected (that is, overstatement or
understatement).
If a fraud risk, the type of risk (misappropriation of assets or fraudulent financial reporting).
The relevant assertion (or that it is an overall financial statement risk).
The assessment of identified risks and selection of appropriate responses can be a more effective process if the identified
risks are well-articulated, as illustrated in the following example.
Example 4-9: Identifying a riskputting it all together.
While gaining an understanding of the entity and its environment, the auditor of Rosemont Industries identifies the
potential risk that Rosemonts customer base is declining due to industry consolidation. The auditor relates that risk to
what could go wrong at the assertion level as being a risk of overstatement of accounts receivable associated with
valuation. The auditor then considers that, given the size of the receivable balance and the number and size of
customers that potentially would be unable to meet their contractual obligations, the risk is of a magnitude that could
result in material misstatement of Rosemonts financial statements. As a result, the auditor identifies a valuation risk due
to uncollectible accounts that could result in an overstatement of accounts receivable.
402.29 Exhibit 4-5 presents examples of identified risks of material misstatement due to fraud or error and illustrates how
those risks may be articulated in a way that is more meaningful for use in assessing risks and determining further audit
procedures to be performed.
Exhibit 4-5
Articulating Risks
Poorly Articulated Risks Well Articulated Risks
Inventory is highly liquid and the entity has poor
safeguarding controls.
Overstatement of inventory due to theft
(Existence)
A significant related-party sale recorded early in the
year was still outstanding at year-end.
Overstatement of sales due to sham transactions
with related parties (Occurrence)
The entity recorded no year-end liabilities for
employee wages and benefits.
Understatement of accrued liabilities due to
failure to make year-end payroll accruals
(Completeness)
The entity consolidated a special-purpose entity
without evaluating whether it meets the
consolidation criteria of FASB ASC 810.
Overstatement of assets and liabilities due to
improper consolidation of XYZ, Inc. (Rights)
The entity recorded a general liability contingency
reserve.
Overstatement of liabilities due to recording
obligations that are not probable (Obligations)
Inventory cost accounting method is highly complex
and subjective.
Misstatement of inventory due to improper cost
accounting (Valuation)
The entitys property balance did not change from
the prior year.
Overstatement of assets due to failure to record
depreciation expense (Allocation)
Year-end inventory pricing calculations were
performed by one individual without review.
Overstatement or understatement of inventory
due to misapplication of prices (Accuracy)
The entity has a significant new other asset account. Overstatement of assets due to misclassification
(Classification)
The entity recorded significant sales orders in the
last month of the year.
Overstatement of sales due to improper cutoff
(Cutoff)
* * *
402.30 Examples of Synthesis. Because synthesis requires professional judgment, auditors may identify different risks
based on similar information depending on the clients specific circumstances. Exhibit 4-6 provides examples of how
information gathered from various sources may be synthesized to identify risks of material misstatement. As illustrated in the
exhibit, there may or may not be a one-to-one relationship between the information gathered and the risks identified.
Appendix 3B of PPCs Guide to Audit Risk Assessment (Implementing the Risk Assessment Standards) provides examples of
what can go wrong in the financial statements for inventory/cost of sales, accounts receivable/sales, and accounts payable
and other liabilities. That appendix also provides examples of risks or risk indicators. Appendix 3E of PPCs Guide to Audit
Risk Assessment (Implementing the Risk Assessment Standards) provides a list of transaction processing risks by audit area
and identifies the assertions that may be affected by those risks.
Exhibit 4-6
Examples of Risks Identified Through Synthesis
Source of Information Information Gathered Identified Risk
Understanding the entity and
identifying risks:
Nature of the entity (business
A new product was introduced into the
market during the current year.
operations)
Objectives and strategies
Internal control (risk assessment) Understatement of the
legal liability
contingency reserve
under FASB ASC 450,
Contingencies
(Completeness)
identifying risksInternal control
(monitoring activities)
Customer complaints are not adequately
captured and monitored.
identifying risks:
Nature of the entity (financial
reporting)
Inquiry of outside legal counsel
A lawsuit was filed against the entity relating
to a flaw in the design of the new product.
(control activities)
Controls over the summarization and pricing
of the year-end physical inventory are weak.
Overstatement or
understatement of
inventory due to
summarization and
pricing errors
(Accuracy)
identifying risks:
operations)
Identification of fraud risk factors
The entity has a significant amount of
marketable equipment.
Overstatement of
equipment due to
misappropriation
(Existence)
The entity has poor physical safeguards
over assets.
Understanding of the entity and
identifying risks:
Industry conditions
operations)
There is a new major competitor with brand
recognition that entered the market during
the year.
Overstatement of
inventory due to
obsolescence
(Valuation)
identifying risks:
Inquiries of others (inventory floor
manager)
The new competitor has been successful at
taking market share and sales have slowed
significantly during the last half of the year.
Preliminary analytical procedures The year-end inventory balance has
increased sharply over the prior year
balance. No reserve for inventory
obsolescence has been recorded at
year-end.
identifying risks:
Nature of entity (financial
reporting)
The chief financial officer left the entity in the
first quarter and the entity does not currently
have a competent chief financial officer to
oversee the financial reporting function.
Overall financial
statement risk (which
requires an overall
response)
Internal control (risk assessment,
monitoring and control activities)
There is a lack of segregation of duties
within the payroll function.
Overstatement of
payroll expense due to
misappropriation of
assets (Occurrence)
identifying risks:
Nature of the entity (investments,
financing, financial reporting)
Inquiry of management and others
within the entity
Internal control (control activities)
The entity entered into an interest rate swap
for the first time during the year. Overstatement or
understatement of
liabilities and equity
due to improper
derivatives accounting
(Valuation)
Engagement continuance procedures;
identifying risks:
Nature of the entity (financing and
financial reporting)
The entitys loans with its primary bank have
EBITDA and fixed charge coverage
covenants that require earnings to increase
over the life of the loans. The owner has
personally guaranteed the debt.
Overstatement of
revenue due to
fraudulent financial
reporting (Occurrence)
Engagement team discussion;
identifying risks:
Industry conditions
Over the past couple of years, the loan
covenants are becoming more difficult to
meet and the entitys relationship with the
bank has been deteriorating.
Preliminary analytical procedures Amounts due from customers increased
significantly during the last quarter.
* * *
Documenting Identified Risks
402.31 AU-C 315.33 specifies the documentation requirements relating to understanding the entity and its environment and
assessing the risks of material misstatement, of which risk identification is a part. According to AU-C 315.33, the auditor is
required to document key elements of the understanding; sources of information from which the understanding was obtained;
the risk assessment procedures performed; and the assessment and identification of risks of material misstatement, both at
the financial statement level and the relevant assertion level.
402.32 Exhibit 4-7 lists numerous sources from which relevant information may be gathered for risk identification, along with
the related PPC practice aids auditors may use in obtaining and documenting such information. The practice aids listed in
Exhibit 4-7 are provided as tools the auditor can use when performing risk assessment and other planning procedures to
gather information. However, the auditor may choose to perform and document such procedures by other means, such as
with narrative descriptions, flowcharts, or decision tables.
Exhibit 4-7
Information Gathered Through Risk Assessment and Other Planning Procedures
and Related PPC Practice Aids
Risk Assessment/
Other Planning Procedures
(see section 301) Related PPC Practice Aids
Obtaining an understanding of the entity and its
environment, including internal control, through:
Inquiries of management and others
Observation and inspection
Understanding the Entity and Identifying Risks
(ASB-CX-3.1)
Understanding the Design and Implementation of
Internal Control (ASB-CX-4.1)
Financial Reporting System Documentation Forms
(ASB-CX-4.2)
Walkthrough Documentation Table (ASB-CX-4.3)
Fraud Risk Inquiries Form (ASB-CX-3.3)
Discussion among engagement team members Engagement Team Discussion (ASB-CX-3.2)
Planning and preliminary engagement activities:
Establishing an understanding with the
client
Acceptance and continuance procedures
Audit Program for General Planning Procedures
Engagement Acceptance and Continuance Form
(ASB-CX-1.1)
Engagement Letter (ASB-CL-1.1)
Preliminary analytical procedures Audit Program for General Planning Procedures
Reviews of interim financial statements, if
applicable
Audit Program for General Planning Procedures
* * *
402.33 As noted in paragraph 402.31, AU-C 315.33 requires the auditor to document the identified and assessed risks of
material misstatement at both the financial statement level and at the relevant assertion level. At the relevant assertion level,
these risks include those that require special audit consideration (significant risks) and those for which substantive
procedures alone do not provide sufficient appropriate evidence. AU-C 240.43 further requires the auditor to document the
identified and assessed risks of material misstatement due to fraud, and AU-C 240.46 requires the auditor to document, if
applicable, the reasons for a conclusion that the presumption that there is a risk of fraud related to revenue recognition has
been overcome.
402.34 The auditor may identify risks on the Understanding the Entity and Identifying Risks form at ASB-CX-3.1 based on
information gathered while performing other procedures and reviewing the factors to consider provided at ASB-CX-6.1, Entity
Risk Factors, and ASB-CX-6.2, Fraud Risk Factors. (The consideration of fraud risk factors is discussed in section 404.) If
those risks are of a magnitude that could result in material misstatement of the financial statements, the risks need to be
carried forward to the Risk Assessment Summary Form at ASB-CX-7.1 for further assessment. On that form, the auditor can
document the items in paragraph 402.33 as well as the assessed levels of inherent risk, control risk, combined risk of material
misstatement, and appropriate further audit procedures selected. Section 403 discusses assessing and documenting the
risks of material misstatement at the assertion level.
402.35 There is no requirement to document the synthesis process. The extent of documentation of the process auditors use
to synthesize the information gathered to identify risks is a matter of professional judgment. The format and extent of the
documentation may be influenced by the nature, size, and complexity of the entity.
Assessing Identified Risks
402.36 Once the auditor performs the synthesis process and identifies risks of material misstatement, those risks need to be
further assessed. Based on that assessment, the auditor will determine the nature, timing, and extent of further auditing
procedures to be performed to reduce audit risk to an appropriately low level. Section 403 discusses making the risk
assessment at the assertion level.
403 ASSESSING RISKS OF MATERIAL MISSTATEMENT AT THE RELEVANT
ASSERTION LEVEL
403.1 The auditors consideration of audit risk at the individual account balance, transaction class, or disclosure level directly
assists the auditor in determining the nature, timing, and extent of further audit procedures for relevant assertions related to
balances, classes of transactions, or disclosures.
403.2 Section 402 discusses how the auditor gathers information from the risk assessment procedures and other procedures
to identify the risks of material misstatement of the financial statements whether due to error or fraud. It also discusses how
the auditor relates the identified risks to what can go wrong at the relevant assertion level, as well as how the auditor
considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements. To
assess the risk of material misstatement at the assertion level, the auditor then has to consider the likelihood that the identified
risks could result in a material misstatement of the financial statements. Likelihood is a function of the assessed levels of
inherent and control risks, which are discussed in this section.
403.3 Section 404 discusses in more detail how the auditor considers fraud risks. The auditors consideration and
identification of risks of material misstatement due to fraud under the requirements of AU-C 240 is not separate from
consideration of audit risk; rather, it is integrated into the overall audit risk assessment process described in this Guide.
Specifically, the discussion beginning at paragraph 404.7 discusses in greater detail assessing the risk of material
misstatement due to fraud.
403.4 Before discussing how to assess the risk of material misstatement at the assertion level (see discussion beginning at
paragraph 403.11), however, the auditor needs to understand several basic concepts, including:
Financial statement assertions (discussed in section 401);
The audit risk model (discussed beginning at paragraph 403.5); and
The risk of material misstatement (discussed beginning at paragraph 403.7).
The Audit Risk Model
403.5 AU-C 200.13 defines audit risk as the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. It further explains that audit risk is a function of the risks of material misstatement and
detection risk. AU-C 200.13 defines these terms as follows:
Risk of Material MisstatementThe risk that the financial statements are materially misstated prior to the audit. This
consists of two components, described as follows at the assertion level:
Inherent RiskThe susceptibility of an assertion about a class of transaction, account balance, or disclosure to
a misstatement that could be material, either individually or when aggregated with other misstatements, before
consideration of any related controls.
Control RiskThe risk that a misstatement that could occur in an assertion about a class of transaction,
account balance, or disclosure and that could be material, either individually or when aggregated with other
misstatements, will not be prevented, or detected and corrected, on a timely basis by the entitys internal
control.
Detection RiskThe risk that the procedures performed by the auditor to reduce audit risk to an acceptably low
level will not detect a misstatement that exists and that could be material, either individually or when aggregated with
other misstatements.
403.6 The audit risk concept can be expressed in formula form based on following:
RMMRisk of Material Misstatement
IRInherent Risk
CRControl Risk
DRDetection Risk
DR is a function of the effectiveness of substantive procedures applied by the auditor and can be viewed as being a function
of the following two components:
TDTests of Details Risk
APSubstantive Analytical Procedures Risk
Risk of Material Misstatement
403.7 As explained in paragraph 403.5, the risk of material misstatement is a function of inherent risk and control risk. The
auditor assesses those two risks and then designs audit procedures to reduce detection risk to an appropriately low level. As
discussed in section 404, fraud risks encompass both inherent and control risk attributes. Therefore, the auditors separate
assessments of inherent and control risk include consideration of the risk of material misstatement due to fraud.
403.8 The combined effect of inherent risk (IR) and control risk (CR) is the risk of material misstatement (RMM). In other
words, the aggregate risk of material misstatement in the risk model is expressed as follows:
403.9 Inherent risk and control risk are the entitys risks and exist independently of the audit. The risk of material
misstatement (RMM), the product of IR and CR, is the auditors combined assessment of the two risks. The auditor may make
an overall, or combined assessment of the risk of material misstatement at the relevant assertion level or make separate
assessments of inherent risk and control risk and then combine them. In either approach, the AICPA Risk Assessment Audit
Guide (paragraph 5.22) cautions the auditor to assess both components. For example, an auditor may assess inherent risk as
low for a particular account because it is determined by a single monthly adjustment that is easy to calculate, the bookkeeper
is believed capable of making the adjustment, and no misstatements have been identified in prior audits. In such a case, the
auditor may be implicitly assuming that certain basic controls are in place and operating effectively and may actually be
making a combined assessment of inherent and control risk rather than an assessment of just inherent risk. Thus, at the
relevant assertion level, the audit risk model is as follows:
403.10 In planning a particular test of details, the detection risk is established by the following relationship:
This model is not intended to be a mathematical formula including all factors that influence the assessment of audit risk, but
some auditors find such a model in its formula form to be useful.
Assessing the Risk of Material Misstatement at the Relevant Assertion Level
403.11 The assessment of audit risk at the relevant assertion level, whether made in quantitative terms (e.g., percentages) or
nonquantitative terms (e.g., high, moderate, or low), is a judgment rather than a precise measurement of risk. The auditor
needs to have an appropriate basis for the judgment about risk at the relevant assertion level. This basis is obtained through
the risk assessment procedures performed to obtain an understanding of the entity and its environment, as described in
Chapter 3, and, if applicable, through the performance of suitable tests of controls, as described in Chapter 6.
403.12 The only time that use of the formula for the audit risk model (paragraph 403.9) and specific percentages are
necessary is when statistical sampling is used, but the formula can be useful in other circumstances as well. The auditor can
determine an acceptable audit risk and subjectively quantify the judgment of the risk of material misstatement (consisting of
inherent risk and control risk), and the risk that substantive analytical procedures and other relevant substantive procedures
would fail to detect material misstatements that could occur in an assertion.
403.13 In other words, the auditors quantification of the components of the risk model is always made subjectively. Even
when the auditor quantifies the components as a percentage, the judgment is subjective and not a mathematical calculation.
Whichever method is used, the auditors assessment of audit risk at the relevant assertion level is a judgment rather than a
precise measurement of risk.
403.14 PPC Approach. Using PPCs audit approach, the auditor takes the following steps to assess the risks of material
misstatement at the relevant assertion level:
Identify any general risk assessment factors from ASB-CX-3.1, Understanding the Entity and Identifying Risks
(including consideration of the Entity Risk Factors at ASB-CX-6.1 and Fraud Risk Factors at ASB-CX-6.2), and
Part I of the Risk Assessment Summary Form at ASB-CX-7.1, that affect the risk of material misstatement for
particular account balances, transaction classes, or disclosures. (See paragraph 403.16.)
Determine those audit areas that are significant. (See the discussion beginning in paragraph 403.20.)
Describe the specific risks of material misstatement that affect the account balance, transaction class, or disclosure;
identify the financial statement assertion affected; and consider the significance of the risks. (See the discussion
beginning in paragraph 403.26.)
Determine the documentation approach to be used when assessing the risk of material misstatement at the relevant
assertion level. (See paragraph 403.39.)
Make a qualitative assessment of inherent risk as high, moderate, or low. (See the discussion beginning in
paragraph 403.40.)
Make a qualitative evaluation of control risk as high, moderate, or low. (See the discussion beginning in paragraph
403.46.)
Make a qualitative assessment of the remaining or combined risk of material misstatement as high, moderate, or low
based on the prior evaluations of inherent risk and control risk. (See paragraph 403.51.)
403.15 Using PPCs audit approach, the auditors risk assessment at the assertion level is performed and documented using
Part II of the Risk Assessment Summary Form (ASB-CX-7.1). That form is used to (a) identify significant audit areas; (b)
identify fraud risks and other significant risks; (c) document the auditors assessment of inherent risk, control risk, and
combined risk at the assertion level; and (d) select an audit approach that is responsive to the assessed level of risk at the
relevant assertion level. Selecting an audit approach is discussed in section 405.
403.16 General Risk Assessment Factors. The identification of risks at the financial statement level might identify factors
that increase the specific risk of material misstatement for particular account balances, transaction classes, or disclosures.
For example, if the auditors overall risk assessment indicates a higher risk of senior management manipulating the financial
statements, the auditor might identify significant accounting estimates as having a higher specific risk of material
misstatement because of the general susceptibility of estimates to senior management bias. In that case, the auditor would
identify specific risks related to the valuation assertion for account balances or transaction classes involving a relatively large
degree of estimation. The auditor would also identify those risks as fraud risks because they relate to fraudulent financial
reporting. Similarly, if the auditor noted that management had poor monitoring controls over the development of estimates
and the use of judgments, the auditor might similarly identify specific risks related to the valuation assertion for significant
accounts that involved a higher degree of judgment. However, in this case, the auditor might consider this a risk of potential
misstatements due to error versus fraud.
403.17 The example in paragraph 403.16 illustrates how matters that represent risks at the financial statement level may also
result in risks at the assertion level. Because of their nature, accounting estimates and related parties can both have that
effect. As a result, AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related
Disclosures, and AU-C 550, Related Parties, require certain specific procedures to be performed as part of identifying and
assessing the risks of material misstatement in accordance with AU-C 315.
403.18 Special ConsiderationsAccounting Estimates. AU-C 540.10.11 indicates that as part of risk assessment, the
auditor should evaluate the degree of estimation uncertainty of accounting estimates and determine whether any having a
high degree of estimation uncertainty represents significant risks. The degree of estimation uncertainty associated with a
particular accounting estimate may be influenced by a number of factors, as described in AU-C 540.A45.A46. Further, AU-C
540.12 indicates that the auditor is required to determine, based on the risk assessment, whether (a) management has
appropriately applied GAAP (or an OCBOA) to the accounting estimate, (b) the method for making the estimate is appropriate
and applied consistently, and (c) any change in the estimate or method from the prior period is appropriate. See section 1809
for further discussion.
403.19 Special ConsiderationsRelated Parties. AU-C 550.19 states that the auditor should identify and assess the risks of
material misstatement associated with related party relationships and transactions in order to determine whether they
represent significant risks. In addition, AU-C 550.20 indicates that if related party fraud risk factors are identified, the auditor
should consider them in identifying and assessing fraud risks. See sections 404 and 1810.
403.20 Determining Significant Audit Areas. The next step is to identify those audit areas that are significant. (An audit area
encompasses the related account balances, transaction classes, and disclosures.) The following factors need to be
considered in determining which audit areas are significant:
Relative materiality of the account balance to the overall financial statements.
Relative significance of the transaction class to the entitys operations or the overall financial statements (for
example, because of either the materiality or volume of transactions flowing through the account during the period).
The susceptibility of the account balance or transaction class to fraud, including both theft and similar loss of related
assets and intentional misstatement by management.
Audit areas that for other reasons (such as complex calculations, difficult or contentious accounting issues, new
accounting standards, need for judgment, unusual nature of transactions, past history of significant adjustments, or
other engagement risk factors) have a high assessed level of inherent risk or contain significant risks.
Disclosures that require additional effort at the account balance level in individual audit areas to ensure their
accuracy and completeness.
403.21 Materiality of the Account Balance to the Financial Statements. One element of significance is the dollar amount of an
account balance in relation to the auditors judgment of the amount material to the financial statements taken as a whole. [The
Financial Statement Materiality Worksheet for Planning Purposes (ASB-CX-2.1) provides for the calculation of planning
materiality and performance materiality. Planning materiality is discussed beginning in paragraph 306.4.] Judgment is needed
even in making these quantitative comparisons because account balances are usually not completely misstated. Account
balances other than liabilities and valuation allowances with an ending balance below tolerable misstatement would generally
be regarded as quantitatively immaterial and not significant. Account balances that are some multiple of tolerable
misstatement are generally quantitatively significant. Account balances that are approximately equal to tolerable misstatement
require careful consideration as to the nature of the account balance and prior experience with the client in evaluating
significance.
403.22 Generally, the importance of the recorded amount in evaluating significance depends on whether the primary concern
is with overstatement or understatement. The maximum amount that an account balance can be overstated is the dollar
amount of the balance. If the auditors primary concern for a particular account balance is a risk of overstatement, then the
recorded amount of the account balance is the upper limit of misstatement. For account balances for which the auditors
primary concern is understatement, such as liabilities and valuation allowances, the recorded amount is not a limit on
misstatement. Therefore, evaluating materiality for those account balances involves other considerations.
403.23 In the abstract, there is no limit on the amount of understatement, but there is usually some constraining factor. For
example, the recorded dollar amount of accrued warranty expense payable is not a measure of the significance of the
account balance. The auditor would need to consider the length of the warranty period; the dollar volume of products sold
with an unexpired warranty; the clients prior experience concerning the relation between total sales and warranty claims, and
warranty claims and warranty expenses; and, finally, any changes in the clients business or economic environment that
would affect historical trends. The dollar volume of products with an unexpired warranty puts a limit on the potential
understatement, but the auditor would want to make a more refined analysis in evaluating the significance of the account
balance.
403.24 Other Matters That Affect Significance. Quantitative significance of the account balance is only one of several matters
to be considered when identifying significant audit areas. In evaluating significance, the auditor also needs to consider any
other matters that qualitatively affect the account balance, transaction class, or disclosure. For example, freight expense
would be more significant if the auditor plans to use data on quantities shipped to make a predictive test of total revenue.
Professional fees would have greater significance if the auditor is concerned that there is an inadequate understanding of the
clients litigation exposure and the identity of all attorneys engaged during the period. There might be very material
disclosures related to small account balances. For example, a joint venture investment might be small at the balance-sheet
date, but a subsequent events note might indicate a subsequent major investment in that joint venture project that holds the
key to the clients future success. The auditor needs to draw on the knowledge and understanding of the client to identify the
account balances, transaction classes, or disclosures that are significant in the circumstances.
403.25 Documenting Significant Audit Areas. As discussed beginning at paragraph 403.20, significant audit areas are those
areas that contain material account balances, significant transaction classes, fraud risks or other significant risks, or
disclosures that require additional effort at the account balance level in individual audit areas to ensure their accuracy and
completeness. The auditor can indicate in the first column on the Risk Assessment Summary Form (ASB-CX-7.1) which
audit areas are considered significant. This information is important when determining the effect of the risk assessment on the
audit approach, as discussed beginning in paragraph 405.1. The Risk Assessment Summary Form lists common audit
areas and provides additional space to add audit areas unique to the particular client.
403.26 Describing Specific Risks of Material Misstatement. For each audit area, the auditor describes the specific risks of
material misstatement affecting the account balance, transaction class, or related disclosures. The description includes the
cause and direction of potential misstatement as well as the financial statement assertions affected. The auditor considers the
cause of misstatementerror, fraudulent financial reporting, or theftand the effect on direction of misstatement.
403.27 As indicated at AU-C 315.28.31, the auditors risk assessment should include an evaluation of whether the following
risks are present:
Significant risks that require special audit consideration.
Risks for which substantive procedures alone do not provide sufficient appropriate evidence.
Those risks are discussed in the following two subsections.
403.28 Significant Risks Requiring Special Audit Consideration. AU-C 315.28 states that, as part of his or her risk
assessment, the auditor should determine whether any of the risks identified are, in the auditors professional judgment, a
significant risk. This judgment excludes the effects of identified controls related to the risk. AU-C 315 refers to such risks as
risks that require special audit consideration. The AICPA Audit Guide, Assessing and Responding to Audit Risk in a Financial
Statement Audit, (AICPA Risk Assessment Audit Guide) indicates that one or more significant risks normally arise on most
audits. Furthermore, the AICPA Risk Assessment Audit Guide observes that significant risks are likely to exist even in those
situations where there are no new or unusual circumstances at the client (paragraph 5.31).
403.29 The auditors determination of significant risks is based primarily on the consideration of inherent risk, that is, before
consideration of the effect of identified controls related to the risk. The AICPA Risk Assessment Audit Guide in paragraph 5.31
observes that a significant risk is one where the inherent risk is higher than the usual high and therefore it requires special
audit consideration. The auditor determines whether the risk is such that it requires special audit consideration by focusing
on the following:
The nature of the risk.
The magnitude of the potential misstatement, including the possibility of multiple misstatements.
The likelihood of the risk occurring.
Each of these aspects of the auditors consideration needs attention in determining whether special audit consideration is
necessary, but the nature of the risk is particularly important.
403.30 According to AU-C 315.29, the nature of the risk should be evaluated by considering the following:
Is the risk a risk of fraud or theft?
Is the risk related to recent significant economic, accounting, or other developments?
Are the transactions complex?
Does the risk involve significant transactions with related parties?
Is there a relatively large degree of subjectivity in the measurement of the financial information related to the risk?
Does the risk involve significant nonroutine transactions outside the normal course of business or that otherwise
appear unusual?
An affirmative answer to any of these questions is likely to indicate the need for a specific audit response and, thus, a
determination that the risk is a significant risk because it requires special audit consideration. Risks of material misstatement
due to fraud are always significant risks. Risks of material misstatement due to error also may be deemed significant risks
depending on their nature. As indicated in paragraph 403.29, in determining significant risks, it is helpful to consider the
degree of inherent risk. The AICPA Risk Assessment Audit Guide suggests that it may be helpful to compare all high inherent
risks to each other to assist with the identification of significant risks.
403.31 Examples of matters that often involve significant risks include the following:
Significant nonroutine transactions, that is, transactions that are unusual due to their size or nature.
Accounting estimates for which there is significant measurement uncertainty, such as environmental remediation
liabilities or certain fair value estimates.
Transactions that involve complex calculations or the application of complex accounting principles, such as
self-constructed property with capitalized interest or revenue recognition for software that is tailored for the
customer.
Significant related party transactions.
Transactions that require a large degree of manual intervention in data collection and processing.
Unusual or infrequent transactions that by their nature make effective controls difficult to implement, such as major
litigation.
Transactions that involve a relatively large degree of management intervention in specifying the accounting
treatment.
403.32 Although the identification of risks of material misstatement as significant risks is based on consideration of inherent
risk (see discussion beginning at paragraph 403.40), it has important implications for further audit procedures, including tests
of controls. Once the auditor has identified the risk as a significant risk, the auditor would ordinarily do the following:
To the extent the auditor has not already done so, evaluate the design of the entitys related controls, including
relevant control activities, and determine whether they have been implemented (required by AU-C 315.30).
Determine whether the audit approach will involve reliance on controls.
If the auditor plans to rely on the operating effectiveness of controls intended to mitigate the significant risk, perform
tests of controls in the current period. Reliance on evidence from tests of controls performed in prior periods is not
permitted.
Perform substantive procedures that are specifically responsive to the risk.
If the auditor does not plan to rely on controls and is performing only substantive procedures, the substantive
procedures need to be tests of details only or a combination of tests of details and substantive analytical
procedures. (AU-C 330.22 states that when the approach to a significant risk consists only of substantive
procedures, those procedures should include tests of details.)
Document the significant risks identified and related controls evaluated (required by AU-C 315.33).
In determining the appropriate audit response to significant risks, the auditor considers his or her understanding of the
relevant controls, including control activities. The most effective audit approach may depend on whether management has
identified the risk and responded by designing and implementing effective controls.
403.33 Risks for Which Substantive Procedures Alone Are Not Sufficient. As part of the auditors risk assessment, the auditor
might identify risks for which it is not possible or practicable to reduce detection risk at the relevant assertion level to an
acceptably low level with audit evidence obtained only from substantive procedures; that is, substantive procedures alone will
not be sufficient. Such risks often occur in audit areas in which there is highly automated processing with little or no manual
intervention, that is, situations in which a significant amount of the entitys information is initiated, authorized, recorded,
processed, or reported electronically. In such situations, it might not be possible or practicable to perform only substantive
procedures in response to a risk because of the importance of effective controls over the accuracy and completeness of
available audit evidence.
403.34 Examples of situations of this type are described in AU-C 315.A135 as follows:
a. An entity that conducts its business using IT to initiate orders for the purchase and delivery of goods based on
predetermined rules of what to order and in what quantities and to pay the related accounts payable based on
systems-generated decisions initiated upon the confirmed receipt of goods and terms of payment. No other
documentation of orders placed or goods received is produced or maintained, other than through the IT system.
b. An entity that provides services to customers via electronic media (for example, an Internet service provider or a
telecommunications company) and uses IT to create a log of the services provided to its customers to initiate and
process its billings for the services, and to automatically record such amounts in electronic accounting records that
are part of the system used to produce the entitys financial statements.
403.35 In some cases, there may be an overlap of significant risks and risks for which substantive procedures alone are not
sufficient. For example, health care providers generally have complex billing calculations, which create significant risks. In
addition, their billing systems involve a significant amount of information that is initiated, authorized, recorded, processed, and
reported electronically; therefore, the auditor has to perform tests of controls to obtain evidence about the operating
effectiveness of controls over the accuracy and completeness of the information generated by the billing systems.
403.36 When it is not possible or practicable to reduce detection risk at the relevant assertion level to an acceptably low level
with audit evidence obtained only from substantive procedures, the auditor would ordinarily do the following:
Evaluate the design and determine the implementation of mitigating controls, including control activities, over those
risks (required by AU-C 315.31).
Perform tests of controls to obtain evidence about their operating effectiveness.
Document the risks identified and related controls evaluated (required by AU-C 315.33).
If the risks are also significant risks, the guidance in paragraph 403.32 also applies.
403.37 Documenting Specific Risks of Material Misstatement. For each audit area, the auditor documents the specific risks of
material misstatement affecting the account balance, transaction class, or disclosures. The description ought to include the
cause and direction of potential misstatement as well as the financial statement assertions affected.
403.38 Auditors also document any fraud risks or other significant risks they identify. Auditors can indicate on the Risk
Assessment Summary Form at ASB-CX-7.1 whether any of the identified risks are fraud risks or other significant risks by
placing an S (significant) or F (fraud) in the column next to the identified risk. If the risk is neither a fraud risk nor an other
significant risk, the auditor can leave that column blank.
403.39 Determining the Documentation Approach to Be Used When Assessing the Risk of Material Misstatement. The
auditor needs to assess the risk of material misstatement at the relevant assertion level. For audit areas that are not
significant, or for significant areas where the auditor has not identified any specific risks, the authors believe it may be
appropriate and more efficient to document the risk assessment for the audit area as a whole. If that is done, the auditors risk
assessment is assumed to be the same for all assertions and would be the highest level of risk for any assertion in the audit
area. Auditors need to exercise caution when documenting the assessment at the audit area level. Failure to consider the level
of risk related to each assertion could result in an inappropriate response. For significant audit areas where the auditor has
identified one or more specific risks, the risk assessment needs to be documented at the assertion level.
403.40 Assessing Inherent Risk. Inherent risk is the susceptibility of a relevant assertion to a misstatement that could be
material, either individually or when aggregated with other misstatements, assuming that there are no related controls. If
control risk is assessed as high, which might often be the case, the inherent risk assessment may be the only variable that
determines the risk of material misstatement. Accordingly, the inherent risk assessment can significantly affect the auditors
planned further audit procedures.
403.41 Considering inherent risk factors involves contemplation of the influence of the environment and the nature of the
items comprising an account balance, transaction class, or disclosure on the possible occurrence of material misstatements,
whether caused by error or fraud, in the financial statements. Unlike the control risk assessment, which requires tests of
controls for assessment of risk below a high level, inherent risk assessment is an intuitive process based on the auditors
knowledge of the client and related audit area. For example, an auditor of a manufacturing client that has material financial
statement balances in inventory and property might assess inherent risk higher for assertions related to inventory than for
assertions related to property. Even if both of the accounts have material financial statement balances and are considered
significant audit areas, inventory has a high level of activity throughout the year and is typically significant to financial
statement users of a manufacturing company. In contrast, the balance in the property account is made up primarily of
transactions that occurred and were audited in prior years.
403.42 The inherent risk assessment is made before consideration of related controls. Factors such as the following might be
considered by the auditor in assessing inherent risk:
Engagement Risk. The effect of risk factors identified at the financial statement or engagement level (discussed in
section 306).
Accounting Issues. The complexity and contentiousness of accounting issues.
Auditing Issues. The frequency or significance of difficult-to-audit transactions or disclosures.
Prior Period Misstatements. The nature, cause, and materiality of misstatements detected in prior audits.
Susceptibility to Fraud. The susceptibility to fraud, including both misappropriation of assets and fraudulent financial
reporting (discussed in section 307).
Accounting Personnel. The competence and experience of personnel assigned to process data or make decisions.
Need for Judgment. The extent of judgment or estimates involved. For example, accounting estimates require more
judgment than account balances that represent a total of exchange transactions.
Nature of Items. The size and volume of items comprising the account balances or transaction classes.
Complexity. The complexity of calculations. For example, the LIFO method requires more complex calculations than
specific identification.
403.43 Some common examples of inherent risk considerations are as follows:
Complex calculations are more likely to be misstated than simple ones.
Cash is more susceptible to theft than coal inventory.
Accounts composed of amounts based on accounting estimates involve more risk than accounts consisting of
routine transactions.
403.44 Examples of external factors that might affect inherent risk are as follows:
Technological developments might make a particular product obsolete, causing inventory to be more susceptible to
overstatement.
Insufficient working capital or a declining industry with numerous business failures may affect the tendency of many
or all balances or transaction classes to be misstated.
Example 4-10 illustrates the auditors inherent risk assessment.
Example 4-10: Inherent risk assessment.
PFL Sporting Goods is a wholesale distributor of athletic equipment to small sporting goods retailers. PFL has been an
audit client for over 10 years, and the auditor is planning the audit of accounts receivable for the current fiscal year. As
part of the planning process, the auditor assesses inherent risk for accounts receivable based on the following:
1. The presumption that improper revenue recognition is a fraud risk cannot be overcome for PFL. The auditor
determines that the risk relates to overstatement (existence or occurrence) of revenue rather than
understatement (completeness) because of the entitys debt covenants. Since this is a fraud risk, the auditor
assesses inherent risk for existence or occurrence as high, but the risk for completeness is low (sales are not
difficult to capture and all sales are for credit rather than cash).
2. Some of PFLs customers want to minimize their inventory levels after the Christmas selling season, so they
request that shipments be held until January. Since PFL is motivated to overstate sales, which could be
accomplished by recognizing revenue for goods that have not been shipped, the auditor assesses inherent risk
for cutoff as high.
3. PFLs bad debt experience varies with the local economy, especially the Christmas season, and is somewhat
difficult to predict. Thus, the allowance for doubtful accounts is a very subjective estimate. Therefore, the auditor
assesses inherent risk for valuation as high.
4. PFL does not have a lot of related party relationships or transactions and there is nothing complex about
determining who has rights or title to receivables and sales. Therefore, the auditor assesses inherent risk for
rights or obligations as low.
5. There is a large volume of sales and receivables transactions and year-end is especially significant due to the
Christmas selling season. However, although the size and volume of the sales and receivables accounts are
material, they are comprised of only a few large accounts and a large number of very small accounts, making it
difficult to accumulate enough accounting errors related to accuracy or classification to result in a material
misstatement. There is nothing complex about determining the proper amount of a transaction to record or the
appropriate account since PFL uses very few different sales and receivables accounts. There are no significant
credit balances in accounts receivable at the end of the year. Based on the size and volume of transactions and
balances, however, the auditor assesses inherent risk for accuracy or classification as moderate.
403.45 Documenting the Inherent Risk Assessment. The auditor can indicate either high, moderate or low under the column
marked I/R on the Risk Assessment Summary Form at ASB-CX-7.1 to document the inherent risk assessment. Ordinarily,
completing ASB-CX-3.1, Understanding the Entity and Identifying Risks and considering the factors listed in paragraph
403.42 ought to provide enough information to assess inherent risk. If the auditor wishes to document the basis for the
inherent risk assessment by (a) identifying factors that significantly affect inherent risk and (b) indicating how those factors
affect the auditors assessment, he or she may also complete ASB-CX-7.2, Inherent Risk Assessment Form. Even if not
included in the audit documentation, the form provides a convenient tool to assist auditors in making the inherent risk
assessment. Some auditors complete ASB-CX-7.2 any time they assess inherent risk less than high.
403.46 Assessing Control Risk. The next step is for the auditor to make a qualitative evaluation of control risk as high,
moderate, or low. The authors recommend taking a top-down approach, considering information gathered during risk
assessment. The auditor begins with the financial statements and identifies the significant accounts and disclosures. The
significant transaction classes and processes that result in those accounts and disclosures are identified next. Within those
transaction classes and processes, the auditor further identifies the controls that individually or in combination with other
controls prevent, or detect and correct, material misstatements in the relevant assertions related to identified risks. It is
important to consider company-wide, or entity-level, controls as well as control activities because entity-level controls are
often very efficient to test.
403.47 If mitigating controls are identified, the auditor then decides whether or not to test those controls for operating
effectiveness to support a reduced control risk assessment. As discussed in section 603, the decision about whether to test
controls is based on consideration of both audit effectiveness and efficiency. If the auditor decides to test controls,
consideration ought to be given to whether the procedures already performed to evaluate the design of controls and
determine that they have been implemented also provide evidence about the operating effectiveness of controls. The authors
believe it may be possible to support a control risk assessment of moderate based on procedures performed to evaluate the
design of controls and determine that they have been implemented, depending on the degree of assurance about operating
effectiveness provided by those procedures. However, such procedures will not support a control risk assessment of low
unless there is some automation that provides for the consistent application of the control. Testing controls is discussed
further in Chapter 6.
403.48 The Understanding the Design and Implementation of Internal Control form at ASB-CX-4.1 is designed to aid in
gaining an understanding of the design and implementation of internal control and documenting that understanding. If tests of
the operating effectiveness of controls are performed to support a reduced assessed level of control risk, the auditor can
include a cross-reference on the Understanding the Design and Implementation of Internal Control form to the relevant
documentation. The performance of tests of the operating effectiveness of controls can be documented on the Test of
Controls Form at ASB-CX-10.1. The Activity and Entity-level Control Forms at ASB-CX-5 list controls by transaction class
within each audit area and can be used to gain a further understanding of the design and implementation of controls and to
indicate the controls, if any, the auditor plans to test.
403.49 Based on the evaluation of mitigating controls and consideration of the results of procedures performed to support
the control risk assessment, the auditor then evaluates control risk and documents it on the Risk Assessment Summary
Form in the qualitative categories of high, moderate, or low. (The considerations that apply to this evaluation are discussed in
section 608.) The auditors assessment of control risk as high, moderate, or low needs to be supported by the procedures
performed. Often, the Risk Assessment Summary Form is filled out before planned tests of controls are actually performed.
In that case, the control risk assessment documented on the form is the assessed preliminary level of control risk that the
auditor plans to support by performing the control tests. If the results of the tests of controls do not support that planned
assessment, the auditor needs to revise the assessment documented on the Risk Assessment Summary Form at
ASB-CX-7.1 and reconsider the effect on the audit approach. As previously discussed, the auditor cannot support a reduced
control risk assessment without obtaining evidence of operating effectiveness.
403.50 Documenting the Control Risk Assessment. As indicated in paragraph 403.49, the auditor can indicate either high,
moderate or low under the column marked C/R on the Risk Assessment Summary Form at ASB-CX-7.1 to document the
control risk assessments. [A control risk assessment of less than high needs to be supported by tests of the operating
effectiveness of controls. Reliance on procedures performed when evaluating internal control design and implementation is
only appropriate if assurance about the operating effectiveness of controls throughout the period under audit has been
obtained. Ordinarily, (as indicated in paragraph 403.47) the authors do not believe such risk assessment procedures will be
sufficient to support a control risk assessment below moderate.]
403.51 Assessing the Combined Risk of Material Misstatement. The risk of material misstatement (RMM), the product of
IR and CR, is the auditors combined assessment of the two risks. The auditor is permitted to make an overall, or combined,
assessment of the risk of material misstatement at the assertion level. Alternatively, the auditor can make separate
assessments of inherent risk and control risk and then combine them. The auditor evaluates the remaining specific risk of
material misstatement (combination of inherent risk and control risk) as high, moderate, or low. The authors have developed
the table in Exhibit 4-8 to assist auditors in determining the combined assessed risk of material misstatement when the auditor
makes separate assessments of inherent risk and control risk. A nonauthoritative Technical Practice Aid (TIS 8200.09),
Assessing Inherent Risk, notes that control risk is always considered in the assessment of the combined risk of material
misstatement even if inherent risk is assessed as low.
Exhibit 4-8
Combining Inherent Risk and Control Risk
Inherent Risk

Control Risk =
Risk of
Material Misstatement
a
High High High
High Moderate High
High Low Moderate
Moderate High Moderate
Moderate Moderate Low
Moderate Low Low
Low High Low
Low Moderate Low
Low Low Low
Note:
a
How the auditor combines inherent and control risk to assess the risk of material misstatement is subject to auditor
judgment.
* * *
403.52 Documenting the Combined Risk Assessment (RMM). The auditor can document the combined assessed risk of
material misstatement as high, moderate, or low on the appropriate column of the Risk Assessment Summary Form at
ASB-CX-7.1.
403.53 Documenting the Risk of Material Misstatement. AU-C 315.33 requires the auditor to document the assessment of
the risk of material misstatement at the relevant assertion level. (As discussed in section 404, auditors also are required to
document any fraud risks or other significant risks they identify.) As discussed throughout this section, the auditor can comply
with these documentation requirements by completing Part II of the Risk Assessment Summary Form, which can be used to
(a) identify significant audit areas; (b) identify fraud risks and other significant risks; (c) document the auditors assessment of
inherent risk, control risk, and combined risk at the assertion level; and (d) describe the auditors planned response (i.e., audit
approach).
403.54 Responding to the Risk Assessment. The purpose of the risk assessment is to determine the nature, timing, and
extent of further audit procedures to be performed. For simplicity in the discussions throughout this Guide and on the Risk
Assessment Summary Form, the authors have referred to the overall decision of which further audit procedures will be
performed as the selection of an audit approach. Determining the audit approach and designing a detailed audit plan that
takes into account the auditors planned response to the risk assessments is discussed in detail in Section 405.
404 CONSIDERING FRAUD RISKS
404.1 The auditors consideration of fraud under the requirements of AU-C 240 is not separate from consideration of audit
risk; rather, it is integrated into the overall audit risk assessment process described in this Guide. For instance, identification of
fraud risks is a natural by-product of performing the risk assessment and other planning procedures described in Chapter 3.
Furthermore, as described in this chapter, the auditors assessment of the risks of material misstatement encompasses
misstatements caused by both error and fraud.
404.2 Although the requirements and guidance presented in auditing standards may suggest a sequential process, the audit
is a continuous process of gathering, updating, and analyzing information about the fairness of presentation of amounts and
disclosures in the financial statements in conformity with GAAP (or an OCBOA). Therefore, risk assessment procedures
outlined are performed concurrently with other procedures, and the evaluation of risks, including fraud risks, occurs
continuously throughout the audit.
404.3 Although this Guide integrates the requirements of AU-C 240 within the overall risk assessment process by addressing
those requirements at relevant points throughout the Guide, this section discusses in more detail how the auditor considers
fraud risks. Identified fraud risks may call for an overall response, one that is specific to a particular account balance, class of
transaction, or disclosure at the relevant assertion level, or both. An overall response generally is considered when
establishing the overall audit strategy (see section 306), while a specific response is considered when developing the detailed
audit plan (see sections 405 and 506).
Fraud Risk Factors
404.4 When obtaining an understanding of the entity and its environment, including its internal control, AU-C 240.24 requires
auditors to evaluate whether fraud risk factors are present. Fraud risk factors are events or conditions that indicate the
presence of incentives or pressures to commit fraud, opportunities to carry out the fraud, or attitudes/rationalizations to justify
the fraud. The SAS provides examples of fraud risk factors that may be considered when identifying and assessing the risks of
material misstatement due to fraud.
404.5 The risk factors presented in AU-C 240.A75 (Appendix A) are classified into factors related to fraudulent financial
reporting and factors related to misappropriation of assets. Because it may be helpful to consider fraud risk factors in the
context of the conditions generally present when fraud occurs, the standard further classifies the illustrative risk factors into
conditions relating to incentives/pressures, opportunities, and attitudes/rationalizations. That is, the auditor considers whether
the information may indicate incentives to commit fraud, opportunities to carry it out, or attitudes/rationalizations to justify it. It
is important to note that these are only examples and the auditor also may consider other risk factors not specifically listed in
the standard. In fact, AU-C 240.A75 (Appendix A) states:
Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the
auditor may identify additional or different risk factors. Not all of these examples are relevant in all
circumstances, and some may be of greater or lesser significance in entities of different size or with different
ownership characteristics or circumstances.
404.6 The auditors primary concern when considering fraud risk factors is to identify whether a risk factor is present and
ought to be considered in identifying and assessing risks of material misstatement due to fraud. The presence of a particular
fraud risk factor does not necessarily indicate the existence of fraud. Whether a risk factor is present and whether it ought to
be considered in identifying and assessing the risks of material misstatement due to fraud is a matter of professional
judgment. When evaluating whether a fraud risk factor is present, the auditor does not consider significance or mitigating
controls. Those matters are considered later (see the discussion beginning in paragraph 404.17). ASB-CX-6.2, Fraud Risk
Factors, provides a list of fraud risk factors for auditors to consider when identifying risks.
Identifying Risks of Material Misstatement Due to Fraud
404.7 According to AU-C 240.25, the auditor should identify and assess the risks of material misstatement due to fraud at the
assertion level for classes of transactions, account balances, and disclosures. The risk assessment and other planning
procedures the auditor performs in accordance with AU-C 315.26 assist the auditor in identifying the risks of material
misstatement, whether due to error or fraud. The auditor gathers information from a number of sources to identify risks that
may result in material misstatement of the financial statements due to fraud (see paragraph 402.6). The auditor applies
professional judgment to combine, or synthesize, all of the information gathered to identify areas where the company might
be susceptible to material misstatement due to fraud, that is, identified fraud risks. The auditor then articulates those risks in
terms of their potential effects on the financial statements.
404.8 Considering Fraud Conditions. When identifying fraud risks, it may be helpful to consider the information gathered in
the context of the three conditions generally present when fraud occurs: incentives/pressures, opportunities, and
attitudes/rationalizations. The nature of the observed fraud conditions may assist the auditor in determining the type of risk.
For example, information related to personal financial obligations or dissatisfaction of employees, assets susceptible to theft,
and inadequate safeguarding controls generally indicates susceptibility to misappropriation of assets. Information related to
external pressures to present favorable financial condition or operating results, accounts or transactions susceptible to
manipulation, and inadequate monitoring and financial reporting controls generally indicates susceptibility to fraudulent
404.9 Fraud conditions may relate to observed attitudes or rationalizations. For example, the auditor may have observed
changes in behavior or lifestyle that indicate misappropriation might be occurring. Similarly, the auditor may have observed
an interest by management in employing inappropriate means to minimize earnings for tax-motivated reasons, an excessive
interest in the selection and application of accounting policies, or use of the concept of materiality to justify inappropriate
accounting. These conditions provide an indication that management may be manipulating the financial statements.
404.10 The accumulated information may indicate only one fraud condition, or it may indicate all three. However, the auditor
does not assume it is necessary to observe all three conditions before concluding there are potential fraud risks. Although the
risk of material misstatement due to fraud may be greatest when all three conditions exist, the auditor may not be able to
observe the presence of all of these conditions. Some of these conditions, such as attitude, are difficult to observe but may,
nonetheless, be present. In addition, even if all of the conditions are not observed as present, fraud can still occur. In some
cases, the extent of one condition may be so significant that fraud risks exist, even though the other conditions are not
significant. For example, a significant incentive to commit fraud, such as to prevent a loan default, may alone be sufficient to
constitute a risk of material misstatement due to fraud. Similarly, an easy opportunity to commit fraud, such as poor asset
safeguarding, may alone be sufficient to constitute a fraud risk. The consideration of observed fraud conditions requires
considerable judgment, as illustrated in the following examples.
Example 4-11: Identifying a fraud risk with only one observed condition.
Rhome Industries is a manufacturer of computer hardware, including desktop and laptop computers and peripherals.
The computers and peripherals are small in size and high in demand, and have potential value to employees for
personal use or sale. In addition, the warehouse is kept open during the day and due to cost-cutting measures there is
no security guard or surveillance camera in the warehouse to monitor the movement of goods. As a result, employees
have the opportunity to steal the assets because there are inadequate safeguarding controls. Although there is no
indication that employees have a motivation to steal or an attitude that enables them to justify stealing, the presence of
opportunity alone may be sufficient to identify a risk of misappropriation of assets related to inventory.
Example 4-12: Identifying a fraud risk with multiple observed conditions.
Barrett Industries is a manufacturer of heavy equipment used in the farming industry. Barrett Industries maintains tight
controls over the entitys inventory, which diminishes the risk of misappropriation of assets. However, Barretts industry
is declining with increased business failures and the entity is facing the threat of imminent bankruptcy if it is unable to
secure additional financing. The cost of inventory items is based on a complex cost allocation process involving a
number of subjective estimates. Management is dominated by the entitys founder and owner/manager, David Marcell,
who is heavily invested in the business. Based on these circumstances, Marcell is under pressure to present favorable
operating results to avoid bankruptcy. Further, the presence of accounting estimates involving complex, subjective
judgments provides him the opportunity to commit and conceal fraudulent financial reporting. Thus, sufficient fraud
conditions exist to identify risk of fraudulent financial reporting. (In this case, the incentive to avoid bankruptcy alone
might be sufficient to cause the auditor to identify a fraud risk, but if there were no incentive, the auditor might conclude
that the mere existence of subjective accounting estimates does not result in a fraud risk but in a risk of error.)
404.11 The Synthesis Process. Because the auditor is only responsible for detecting material fraud, the auditor ought to
identify fraud risks that could result in material misstatement of the financial statements. As part of the synthesis process, the
auditor evaluates whether risks could be material. Generally speaking, the synthesis process is a highly qualitative process
requiring significant professional judgment, whereas the determination of materiality to the financial statements for audit
planning purposes is more quantitative in nature. The auditor considers whether the risk is of a magnitude that could result in
material misstatement of the financial statements, or would be likely, if it occurred, to occur in material amounts. Synthesizing
the information is discussed in more detail in section 402.
404.12 Articulating Fraud Risks. As discussed beginning at paragraph 402.28, the authors encourage the auditor to be as
specific as possible when describing risks of material misstatement due to fraud. Where possible, it may be helpful to identify
the account balance, class of transactions, or assertion affected; how it may be affected (that is, overstatement or
understatement); and the type of risk. Exhibit 4-5 presents examples of risks of material misstatement, including risks due to
fraud, and illustrates how those risks might be articulated in a way that is more meaningful for use in assessing risks and
determining further audit procedures to be performed.
404.13 Presumption of Revenue Recognition as a Fraud Risk. Material misstatement of the financial statements due to
fraudulent financial reporting often results from improper revenue recognition. Revenue may be overstated, such as by
recording fictitious sales or recognizing revenue before it is earned, or understated, such as by shifting revenue to a later
period. Therefore, AU-C 240.26 requires auditors to ordinarily presume that improper revenue recognition is a risk of material
misstatement of the financial statements due to fraud.
404.14 Information that suggests a potential risk of improper revenue recognition may, at first glance, not seem directly
related to revenue. For example, the existence of debt covenants that are difficult to maintain may not initially prompt an
auditor to consider the risk of improper revenue recognition. The auditor may need to dig deeper to identify the specific risk
associated with a particular risk factor. However, any information that suggests an incentive or pressure to overstate or
understate an entitys results causes the auditor to consider the possibility of improper revenue recognition. In addition,
absent an effective oversight process, the opportunity for improper revenue recognition almost always exists because of the
possibility that management can override controls.
404.15 The presumption that improper revenue recognition is a fraud risk may be overcome. The authors believe affirmative
reasoning and an evaluation of observed fraud conditions, rather than negative reasoning (such as nothing came to our
attention) ordinarily are needed to overcome the presumption. Affirmative reasons may include, for example, (a) revenue
recognition does not involve complex accounting for the type of business, (b) the owner/manager or other senior
management is not involved in negotiating or recording sales, or (c) essentially all sales are for cash. If the auditor lacks an
affirmative reason to overcome the presumption that revenue recognition is a fraud risk, or if the auditor has observed the
presence of fraud conditions related to improper revenue recognition, he or she evaluates that information with a heightened
awareness of the need to identify improper revenue recognition as a fraud risk. Because revenue is generally material to the
financial statements, if there are one or more indications of potential improper revenue recognition gathered during the risk
assessment process, the authors believe the auditor ordinarily will not be able to overcome the presumption. If improper
revenue recognition is not identified as a risk of material misstatement of the financial statements due to fraud, the auditor is
required by AU-C 240.46 to document the reasons supporting his or her conclusion. Documenting fraud risks is discussed in
more detail beginning at paragraph 404.24.
Assessing Risk of Material Misstatement Due to Fraud
404.16 The auditor assesses identified fraud risks, taking into account an evaluation of the entitys antifraud programs and
internal controls. That is, before developing a response to identified fraud risks, the auditor would ordinarily evaluate whether
the risks are mitigated by internal controls and other antifraud programs that address those risks. In determining whether an
identified fraud risk is mitigated, the auditor considers the risk assessment and other procedures performed to obtain an
understanding of the entity and its environment, including its internal control, as described in Chapter 3.
404.17 Considering Mitigating Controls. The auditor considers whether the entitys antifraud programs and internal
controls mitigate the identified risks of material misstatement due to fraud or whether specific control deficiencies may
exacerbate the risks. This does not, however, require the auditor to perform additional procedures specifically to evaluate
such programs and controls related to the prevention, deterrence, and detection of fraud. Instead, as part of the risk
assessment and other procedures performed to obtain an understanding of the entity and its environment, the auditor
evaluates whether the entitys antifraud programs and internal controls that address identified fraud risks have been properly
designed and implemented, and whether those programs and controls mitigate the identified fraud risks. In some cases,
control deficiencies may exacerbate the risks.
404.18 Does the auditor need to perform tests of controls to determine whether antifraud programs and controls mitigate
identified fraud risks? Clearly, the auditor cannot conclude that a risk is mitigated by a control without first gaining comfort that
the control actually has been appropriately designed and placed in operation. That is, the auditor cannot simply take the
clients word for it. Determining whether it is necessary to test the operating effectiveness of the control, however, is a matter
of professional judgment based on the assessed level of risk. Ordinarily, the auditor tests controls only if it is efficient (that is, if
the time saved by reducing substantive procedures exceeds the time it takes to test controls) or if detection risk cannot be
reduced to an acceptable level without testing controls. If the auditor decides to test controls, knowledge gained about the
control while performing risk assessment and other procedures to obtain an understanding of the entity and its environment
may provide evidence that the control is operating effectively. In other cases, however, detailed control testing may be
necessary. (Tests of controls are discussed in Chapter 6.) Although the auditors response to identified fraud risks may
include testing controls (see the discussion of specific responses in section 506), it is unlikely tests of controls alone can
reduce audit risk to an appropriately low level. Further, AU-C 330.18 states that irrespective of the assessed risks of material
misstatement, the auditor should design and perform substantive procedures for all relevant assertions related to each
material class of transactions, account balance, and disclosure. Even if controls are tested, the auditor will need to perform
some substantive procedures. As a practical matter, the authors believe most entities will not have designed and placed in
operation antifraud programs and internal controls that are sufficient to fully mitigate all identified fraud risks. The auditor will
select effective substantive procedures in the performance of his or her further audit procedures. When the audit approach to
significant risks, which includes fraud risks, consists only of substantive procedures (that is, the auditor does not plan to rely
on controls), the substantive procedures should be tests of details only or a combination of tests of details and substantive
analytical procedures. AU-C 330.22 states that the use of only substantive analytical procedures is not permitted.
404.19 Consideration of Controls Related to Misappropriation of Assets. The inadequacy of controls to prevent or detect
misappropriation of assets, including fraudulent cash disbursements, may increase the susceptibility of assets to theft. When
considering fraud risk factors, the auditor may identify weaknesses in such controls, which create an opportunity for
misappropriation to occur. At that point, the auditors consideration of controls may be influenced by the degree to which
assets susceptible to misappropriation are present. If the auditor identifies a risk of material misstatement of the financial
statements due to the misappropriation of assets, the auditor generally has already considered risk factors related to internal
control, especially control deficiencies that exacerbate the risk by creating an opportunity for misappropriation to occur. If the
auditor has identified such risk factors and concluded that a risk of material misstatement of the financial statements related to
misappropriation exists, the authors believe it is unlikely that the auditor will be able to identify antifraud programs and
controls sufficient to override the previous consideration of risk factors. The auditor will have to perform substantive
procedures in the performance of his or her further audit procedures.
404.20 Consideration of Owner/Manager Dominance in a Small Business. The owner/manager often plays a significant role
in establishing a strong control environment in many small businesses. The authors believe the existence of owner/manager
dominance in a small business does not necessarily indicate a weakness in controls that would be considered a fraud risk
factor or an identified and assessed risk of material misstatement due to fraud. Domination of management by a single
individual does not, in and of itself, indicate a failure by management or the owner/manager to display and communicate an
appropriate attitude regarding internal control and the financial reporting process. In fact, strong owner/manager involvement
actually can be a control strength in that there is a great deal of oversight of employees throughout the process. The primary
risk associated with owner/manager dominance is the risk of management override of controls. AU-C 240.32 requires auditors
to perform certain procedures to address that risk, as discussed in section 506.
404.21 When considering whether owner/manager dominance is a factor affecting the identification and assessment of fraud
risks, the auditor uses professional judgment. For example, if the entity is faced with restrictive debt covenants that might be
difficult to meet, there might be a motivation for the owner/manager to misstate the financial statements. In that case,
owner/manager dominance may exacerbate the risk of fraudulent financial reporting. In other situations, however,
owner/manager dominance might mitigate the risk by reducing the likelihood of fraud occurring in amounts material to the
financial statements. For example, if the entity has little debt and the owner/manager is not otherwise motivated to misstate
the financial statements, effective owner/manager involvement could reduce fraud risk for an entity with assets susceptible to
theft by employees or a lack of segregation of duties.
Responding to Fraud Risks
404.22 An auditor responds to fraud risks in three ways:
Overall responses. (See section 306.)
Specific responses that involve the nature, timing, and extent of further auditing procedures. (See section 506.)
Responses to further address the risk of management override of controls. (See section 506.)
404.23 Generally, the manner in which the auditor responds depends on (a) the nature and significance of the identified risks
and (b) the programs and controls that address the risks.
Documenting Risks of Material Misstatement Due to Fraud
404.24 AU-C 240.43.46 require the auditor to document the following:
When the engagement team discussion regarding the entitys susceptibility to fraud occurred, who participated, and
the significant decisions reached.
Identified and assessed fraud risks at both the financial statement level and the assertion level.
Overall responses to assessed fraud risks at the financial statement level; the nature, timing, and extent of audit
procedures at the assertion level; and linkage of the risks with the procedures at the assertion level.
The results of procedures, including those designed to address management override.
The nature of communications about fraud.
If applicable, how the auditor overcame the presumption that improper revenue recognition is a fraud risk.
404.25 AU-C 240 does not specify the form of the documentation. The auditor might use a checklist, a memo, or a
combination of both. AU-C 240 does not require a one-to-one correlation between risks and responses. That is, one response
may address several fraud risks, and one risk may require several responses. Therefore, the responses to identified fraud
risks may be documented individually or in combination.
404.26 This Guide contains a number of practice aids and audit program steps designed to assist auditors in assessing and
documenting fraud risk considerations as part of the overall risk assessment. For instance, the auditor can use the Fraud
Risk Inquiries Form at ASB-CX-3.3 to document the auditors fraud inquiries of management, other employees, and (if
applicable) internal auditors and those charged with governance. Information gathered about potential fraud risks, including
the presence of fraud risk factors, can be considered and documented at ASB-CX-3.1, Understanding the Entity and
Identifying Risks. (ASB-CX-6.2, Fraud Risk Factors, can be used as a reference tool to assist the auditor in identifying
events or conditions that may indicate the presence of one or more fraud risks.) Identified risks of material misstatement can
then be carried to the Risk Assessment Summary Form at ASB-CX-7.1. On that form, the auditor documents the existence
of an identified fraud risk by placing an F (fraud) in the column next to the identified risks. Also on that form, the auditor can
document how the presumption that improper revenue recognition is a fraud risk was overcome. Documenting the auditors
risk assessments, including risks due to fraud, on the Risk Assessment Summary Form is described in detail at section 403.
405 RESPONDING TO THE RISK ASSESSMENT AND PREPARING THE DETAILED
AUDIT PLAN
405.1 AU-C 330.06 states that the auditor should design and perform further audit procedures whose nature, timing, and
extent are responsive to the assessed risks of material misstatement at the relevant assertion level. In designing further audit
procedures, AU-C 330.07 indicates that the auditor should consider the reasons for the assessed risk of material
misstatement, including the related inherent risk and control risk, and obtain more persuasive evidence in higher risk areas.
405.2 A description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level is a
significant component of the audit plan. AU-C 300.09 indicates that the auditor should develop an audit plan that includes a
description of the following:
a. The nature and extent of planned risk assessment procedures.
b. The nature, timing, and extent of planned further procedures at the relevant assertion level.
c. Other planned procedures required by GAAS.
AU-C 300.10 notes that the auditor should update and change the audit plan as needed during the audit.
405.3 Section 306 discusses the audit strategy. As part of developing the overall audit strategy, the auditor will ordinarily
have identified material locations, account balances, and audit areas where there may be higher risks of material
misstatement. Once the audit strategy has been established, the auditor is able to start the development of a more detailed
audit plan to address the various matters identified in the audit strategy, taking into account the need to achieve the audit
objectives through the efficient use of the auditors resources. The audit plan is commonly referred to as the audit program.
Determining the Audit Approach
405.4 The purpose of the risk assessment is to determine the nature, timing, and extent of further audit procedures to be
performed. The auditor identifies risks (including risks of material misstatement due to fraud), considers managements
response to those risks through operating decisions and controls, and assesses the risk of material misstatement at the
relevant assertion level. Based on that risk assessment, the auditor determines what audit procedures need to be performed.
For simplicity in the discussions throughout this Guide and on the Risk Assessment Summary Form (ASB-CX-7.1), the
authors refer to the overall decision of which further audit procedures will be performed as the selection of an audit
approach. An approach is defined as the method used or steps taken in setting about a task, problem, etc. . . In this
Guide, the approach selected by the auditor to respond to the risk assessment and documented on the Risk Assessment
Summary Form (ASB-CX-7.1) for each audit area is whether to:
Perform only limited procedures and not develop a separate audit program (discussed at paragraph 405.5),
Perform basic procedures from the core audit program (discussed beginning at paragraph 405.8),
Perform basic procedures plus certain extended procedures from the core audit program (discussed beginning at
paragraph 405.8), or
Perform procedures from the specified risk audit program (discussed beginning at paragraph 405.13).
The core and specified risk audit programs included in this Guide are considered a starting point for developing an audit
program. The authors anticipate that auditors will tailor the majority of the PPC audit programs for individual financial
statement audit areas to respond to their clients specific risks and circumstances. Tailoring audit programs is discussed
beginning at paragraph 405.26.
405.5 Limited Procedures Approach. The auditor first considers whether the preliminary analytical procedures and other
risk assessment procedures performed during initial planning and the final analytical procedures performed in the overall
review stage of the audit provide enough assurance that no further audit procedures are considered necessary. In other
words, no separate specific audit program is needed for the audit area because the procedures for performing preliminary
analytics, other risk assessment procedures, and final analytics are included in the general programs. That approach is
referred to as the Limited Procedures approach and will generally be appropriate only for audit areas that are not significant
and have a low combined risk of material misstatement. For audit areas that are not significant but have a risk of material
misstatement other than low or require audit attention for other reasons such as client expectations, an audit program might
be needed. In addition, as explained in paragraph 404.18, for significant audit areas, the auditor is required to perform some
substantive procedures for each relevant assertion; therefore, an audit program is always needed for those areas.
405.6 Choosing between Core Audit Programs and Specified Risk Audit Programs. The next decision to be made by the
auditor is whether to use the core audit programs (discussed beginning at paragraph 405.8) or the specified risk audit
programs (discussed beginning at paragraph 405.13) for a particular audit area. Both sets of audit programs illustrated in this
Guide (i.e., core and specified risk) provide a starting point for the auditor to use in developing an audit response and
determining the nature, timing, and extent of further audit procedures that need to be performed to respond to the risk
assessment. Both sets of audit programs need to be tailored to respond to the individual risk assessment as discussed
beginning at paragraph 405.26. The individual audit programs document audit procedures and the assertions relevant to
each procedure and provide linkage to the risk of material misstatement. The assessment of the risk of material misstatement
by assertion assists the auditor when deciding on an appropriate audit response by providing linkage between the risks and
related audit program procedures.
405.7 When deciding which approach is appropriate, it is important for the auditor to perform a careful review of the
procedures in each program to ensure that the approach and the further audit procedures selected will appropriately respond
to the assessed risk for their client. The key to audit effectiveness and efficiency is to choose an audit approach that
adequately responds to the identified risks without requiring excessive time commitments.
405.8 Basic and Extended Approaches (Core). The PPC core audit programs, in the ASB-AP section of this Guide, include
both general audit programs (see paragraph 405.32) and audit programs (see paragraph 405.32) for specific financial
statement audit areas.
1(35)
To assist auditors in tailoring their audit procedures to appropriately respond to the risk
assessment, the core audit programs for individual audit areas include the following sections:
Basic Procedures, which include primarily substantive analytical procedures and certain tests of details, most of
which are required by GAAS (such as confirmation of receivables, inventory observation, and tests to address the
risk of improper revenue recognition.)
Extended Procedures (Procedures for Additional Assurance), which include procedures from which the auditor can
choose one or more steps as necessary to supplement the basic procedures in response to the auditors risk
assessment at the relevant assertion level.
Other Audit Procedures, which include procedures that may be warranted due to the specific circumstances of the
engagement. (Other audit procedures are considered Extended Procedures when completing the Risk Assessment
Summary Form.)
405.9 Auditors using the core audit programs decide whether to apply basic or basic plus extended procedures based on the
risk assessment at the relevant assertion level. However, the analysis is not a simple determination based on whether that risk
is high, moderate, or low. Usually, a low or moderate risk of material misstatement in a significant audit area means that a
Basic Procedures approach is appropriate for those assertions. However, the auditor also has to consider the expected cause
and direction of potential misstatements, the relationships among audit areas, and whether the risks are fraud risks or other
significant risks, as well as client expectations. The particular tests selected, whether they are in the Basic or Extended section
of the audit programs, need to be tailored to the nature, cause, and direction of potential misstatements at the relevant
assertion level. It may also be appropriate to alter the extent or timing of the procedures to adequately respond to the risk
assessment.
405.10 As previously stated in paragraph 405.8, the Basic Procedures section of the core audit programs contains certain
tests of details, many of which are required by the auditing standards (such as confirmation of receivables, inventory
observation, and tests to address the risk of improper revenue recognition). If applicable, the auditor performs those
procedures. The performance of those procedures may also be a response to a higher assessed level of risk for the related
assertions. In other words, those procedures may provide additional assurance even though they are included in the Basic
Procedures section rather than in the Extended Procedures section.
405.11 The Extended Procedures section of the core audit programs, which includes procedures for additional assurance, is
a source list of possible audit procedures. It is not an alternative audit program. It is arranged by topic and includes a column
indicating the assertions that are primarily and secondarily addressed by the procedure. The auditor selects procedures from
the list that are needed to respond to the risk assessment. Selecting appropriate substantive procedures is discussed more
fully in Chapter 5.
405.12 The authors have developed the guidance in Exhibit 4-9 to assist auditors in selecting an audit approach using
Limited, Basic, or Extended Procedures. The exhibit suggests an audit approach based on the information documented on
the Risk Assessment Summary Form at ASB-CX-7.1 for the following factors:
Whether the audit area is significant.
Whether the audit area contains any specifically identified risks.
Whether an identified risk is considered to be a fraud risk or other significant risk.
The assessed level of the risk of material misstatement.
For those circumstances when an Extended Procedures approach is used, extended procedures will normally be performed
only for those assertions that are of concern to the auditor based on the risk assessment.
Exhibit 4-9
Selecting an Appropriate Audit Response Using
the Risk Assessment Summary Form and Core Audit Programs
This table was prepared to assist auditors in their selection of an appropriate audit response using the core audit programs
based on information obtained while performing risk assessment procedures. This table is not meant to replace auditor
judgment and only provides general comments concerning the authors recommended minimum approach. The information
in this table is meant to help auditors understand the relationships between significant audit areas, identified risks and whether
they are fraud risks or other significant risks, the assessed risk of material misstatement (RMM), and the selection of the
planned audit approach. This exhibit does not address the tailoring of the actual core audit programs.
Significant
Audit
Area?
Identified
Risks?
Fraud or
Other
Significant
Risk?
Assessed
RMM
a
Minimum
Suggested
Audit
Response
b, c
Comments
Yes No No L B The auditor will normally respond by using
at least basic procedures. Even if the RMM
has been assessed as low, the auditor, in
accordance with AU-C 330.18, should still
perform substantive procedures for each
relevant assertion in significant audit areas.
Yes No No M B The auditor will normally respond by using
at least basic procedures.
Yes No No H E The auditor will normally respond by using
at least some procedures from the extended
procedures section of the audit programs to
address the higher level of risk. When an
extended procedures approach is selected,
the auditor will need to perform a careful
review of the extended procedures and
select those that appropriately respond to
the assessed RMM at the relevant assertion
level. (The authors believe that when the
assessed RMM is high, auditors ordinarily
will have identified one or more specific risks
and will select extended procedures to
address the identified risks.)
Yes Yes No L B The auditor will normally respond by using
at least basic procedures. Ordinarily, when
there is a specifically identified risk, an
assessed RMM of low is only achieved if
the auditor tests controls to reduce the
control risk assessment. Therefore, the
auditors response consists of tests of
controls and at least basic substantive
procedures.
Yes Yes No M B The auditor will normally respond by using
at least basic procedures.
Yes Yes No H E The auditor will normally respond by using
at least some procedures from the extended
procedures section of the audit programs to
address the higher level of risk. When an
extended procedures approach is selected,
Significant
Audit
Area?
Identified
Risks?
Fraud or
Other
Significant
Risk?
Assessed
RMM
a
Minimum
Suggested
Audit
Response
b, c
Comments
the auditor will need to perform a careful
review of the extended procedures and
select those that appropriately respond to
the identified risk and the assessed RMM at
the relevant assertion level.
Yes Yes Yes L B The authors believe this situation will be
unlikely because inherent risk is generally
moderate or high when significant risks
are involved. If a fraud risk or other
significant risk has been identified, basic
procedures can only be used if the
assessed risk of material misstatement is
low. The authors recommend that auditors
reconsider their risk assessment if they have
assessed RMM as low when fraud risks or
other significant risks are present. If basic
procedures are performed in that situation,
the authors believe they will only be
performed in combination with tests of
controls at a high level of assurance.
Yes Yes Yes M or H E The auditor will need to select procedures
from the extended procedures section of the
audit programs to address the higher level
of risk. The auditor would review the
extended procedures section of the audit
program and select procedures that
appropriately respond to the identified risk at
No No No L L The auditor will normally perform only
limited procedures, which consist of
preliminary and final analytical procedures
and the auditors other risk assessment
procedures. Limited procedures are
generally only appropriate for audit areas
that are not significant.
No No No M B A basic procedures approach might be
selected by the auditor. An assessed RMM
of moderate for an insignificant audit area
may be caused, for example, by a low or
moderate inherent risk assessment
combined with high control risk, or based on
client expectations. When those
circumstances are present, the auditor
would ordinarily perform some basic
procedures to respond to the clients
expectations or to address that aspect of the
audit area that is of concern to the auditor.
No Yes No L L The auditor will normally perform only
Significant
Audit
Area?
Identified
Risks?
Fraud or
Other
Significant
Risk?
Assessed
RMM
a
Minimum
Suggested
Audit
Response
b, c
Comments
preliminary and final analytical procedures
and the auditors other risk assessment
procedures. Limited procedures are
generally appropriate only for audit areas
that are not significant. However, in the
presence of an identified risk, it is unlikely
the auditor will be able to achieve a
combined assessed RMM of low without
performing some tests of controls to reduce
the control risk assessment.
No Yes No M B A basic procedures approach will normally
be selected by the auditor. An assessed
RMM of moderate for an insignificant audit
area with identified risks may be caused, for
example, by moderate inherent risk
combined with high control risk, or based on
client expectations that cause the auditor to
identify a risk. When those circumstances
are present, the auditor would ordinarily
perform some basic procedures to respond
to the clients expectations or to address the
identified risk.
Notes:
a
L=Low, M=Moderate, and H=High
b
L=Limited Procedures, B=Basic Procedures, and E=Extended Procedures
c
The particular tests selected, whether they are in the Basic or Extended section of the core audit programs, can be
tailored to the nature, cause, and direction of potential misstatements at the relevant assertion level. It may also be
appropriate to alter the extent or timing of the procedures to adequately respond to the risk assessment.
* * *
405.13 Specified Risk Approach. The authors developed the specified risk set of audit programs based on a set of
underlying risk assumptions at the assertion level for most audit areas. The procedures in the specified risk audit programs
come from the basic and extended procedures in the core audit programs. (All procedures in the specified risk programs are
also in the core audit programs.) The programs include substantive procedures for general ledger account groupings
common to many small, nonpublic entities. These programs are designed to increase audit efficiency by linking the financial
statement assertions, risk assumptions, and procedures to identify those procedures that are common to many small,
nonpublic audit engagements. See paragraphs beginning at 405.38 for additional guidance on tailoring the specified risk
audit programs.
405.14 At the front of each specified risk audit program is a description of the underlying risk assumptions for that audit area.
Before selecting the specified risk approach and using the related programs, auditors ought to perform a careful review of the
underlying risk assumptions and the procedures in each program to ensure that the further audit procedures selected
appropriately respond to the assessed risk for a particular client. The description of underlying risk assumptions is not
intended to be part of the audit documentation. As discussed at paragraph 403.53, the Risk Assessment Summary Form at
ASB-CX-7.1 can be used to document the risk assessment for a particular client.
405.15 The procedures provided in the specified risk audit programs are intended to apply to small nonpublic entities or
engagements that have the following general characteristics:
The auditor does not intend to rely on the operating effectiveness of controls to reduce the control risk assessment.
Accounting personnel are generally competent to process data and make decisions necessary to perform their
assigned duties.
No fraud risks are identified except the risks of improper revenue recognition and management override of controls.
The risk of management override of controls is addressed in the general audit program.
There are no known significant deficiencies or material weaknesses in the control environment that would require
modification of the programs.
Audit procedures are either performed entirely at year end or are applied to transactions through an interim date and
completed as part of year-end procedures (that is, audit conclusions are not extended from an interim date to the
balance sheet date).
405.16 If the general characteristics in paragraph 405.15 do not apply to the particular engagement, auditors need to
consider whether it is appropriate to use the specified risk approach or whether the basic or extended procedures approach
using the core audit programs ought to be used. If the risk assessment for a particular audit area or assertion differs from the
assumed underlying risk assumptions, the auditor ought to consider the need to modify the audit program for that audit area
or assertion to adequately respond to the risk assessment. If additional procedures are needed, they can be selected from the
core audit programs. See paragraphs beginning at 405.38 for additional guidance on tailoring the specified risk audit
programs. In some cases, it may be possible to adequately respond to a particular risk assessment by altering the extent of
procedures in the specified risk audit program rather than selecting additional procedures. Chapter 5 provides guidance on
when the extent of procedures ought to be increased or additional procedures applied. Chapter 5 also explains situations
where it may be possible to eliminate, modify, or change the timing of procedures.
405.17 Documenting the Response. The Risk Assessment Summary Form provides space to document which approach
the auditor has selected (Limited = L, Basic = B, Extended = E, or Specified Risk = S) and also a space to document
comments that might be appropriate concerning the audit program, including the linkage between risks and responses.
Comments might include:
Information that clarifies how the audit programs/procedures have been tailored to respond to the risk assessment.
Information about the nature, timing, or extent of further audit procedures in response to identified risks.
Descriptions of the procedures that will be performed to specifically respond to fraud risks or other significant risks.
Whether certain tests of details (included in the basic procedures) will be performed to respond to an identified risk.
Types of Substantive Procedures and Audit Strategies
405.18 The following paragraphs explain how to prepare efficient and effective audit programs. They discuss the basic types
of substantive procedures, provide guidance on selecting different audit approaches, and explain how to tailor the audit
programs for an efficient and effective audit.
405.19 Basic Types of Substantive Procedures. Substantive procedures have historically been classified and described
based on their nature, such as, for example, inspection, confirmation, or reperformance. This perspective is a sound
approach to basic auditing, but it does not help auditors determine the most efficient audit approach for responding to risks.
See section 503 for additional discussion of the types of substantive procedures.
405.20 Limited, Basic, and Extended Approaches. Some procedures are more effective than others, and some are more
time-consuming than others. The key to audit efficiency and effectiveness is to choose an audit approach that adequately
responds to the assessed risks without requiring excessive time commitments. In the core audit programs, substantive
procedures are grouped into the following categories based on the degree of detail involved:
Limited procedures (preliminary analytical procedures, other risk assessment procedures, and final analytical
procedures).
Basic procedures.
Extended procedures (procedures for additional assurance) and other audit procedures.
405.21 Exhibit 4-10 shows how the traditional substantive audit procedures fit into these audit approaches. Note that some
procedures may fit more than one approach depending on how they are applied. For example, analytical procedures, which
may be used to test any financial statement assertion, might be applied in any type of audit approach. On the other hand,
reperformance, which is used primarily to test valuation or allocation but may be used to test existence, occurrence, or
completeness, is generally used only as a procedure for additional assurance. The following paragraphs discuss the types of
procedures used in each audit approach. How to modify the types of procedures used in the audit programs is discussed
beginning in paragraph 405.26. Choosing appropriate substantive procedures is discussed in section 503.
Exhibit 4-10
Relationship of Substantive Audit Procedures to Audit Approach
Related Assertions
a
Audit Approach
b
Procedure Primary Secondary
Limited
Procedures
Basic
Procedures
Extended
Procedures
(Proce-
dures for
Additional
Assurance)
Inquiry
All assertions
c n n n
Analytical procedures All assertions n n n
Observation
d All assertions n n
Inspection of tangible assets E/O A/CL, V, R/O n n
Confirmation
e E/O, R/O C, A/CL, V,
CO
n n
Inspection of documents All assertions n n
Reperformance and
recalculation
A/CL, V, CO E/O, C n
Notes:
a
E/Oexistence or occurrence; Ccompleteness; R/Orights or obligations; A/CLaccuracy or classification;
Vvaluation or allocation; COcutoff.
b
Some procedures fit more than one category depending on how they are applied.
c
Inquiry may need to be supported by more evidence. However, it is usually more efficient to corroborate responses to
inquiries than to find answers independently through an undirected examination of detailed evidence.
d
According to AU-C 501, unless it is impracticable, the auditor should make or observe physical counts. The authors
believe that immateriality of inventory balances is the only reason not to observe or make physical counts of inventory. If
inventory is not observed due to immateriality, the authors believe auditors ought to document that conclusion.
e
AU-C 330.20 and AU-C 505.03, External Confirmations, indicate that the auditor is required to use external confirmation
procedures for accounts receivable unless certain specified conditions are met. Thus, there is a presumption that the
auditor will request confirmation of accounts receivable during the audit unless certain conditions exist. If accounts
receivable are not confirmed, AU-C 330.32 requires auditors to document how they overcame that presumption.
* * *
405.22 Limited Procedures (Preliminary Analytical, Other Risk Assessment, and Final Analytical Procedures). Limited
procedures consist of performing preliminary analytics, other risk assessment procedures, and final analytics only. These
procedures are included in the general audit programs and need to be performed on every engagement. Preliminary
analytical procedures are normally simple analytical procedures, such as comparison of current and prior-year balances on
the working trial balance or lead schedule. Limited procedures may also include inquiries of client personnel or other
procedures to determine explanations for differences, as well as the risk assessment procedures applied to obtain an
understanding of the clients business and fraud risks, managements response to those risks, and their effect on the audit, as
discussed in Chapter 3. In the overall review stage of the audit, similar analytical procedures are applied to the audited
financial statement amounts. The Risk Assessment Summary Form at ASB-CX-7.1 allows auditors to document their
planned audit approach for each audit area or assertion. The Limited Procedures Approach is normally sufficient for areas in
which audit risk is low, such as asset accounts with immaterial balances. However, AU-C 330.18 states that auditors should
design and perform substantive procedures for all relevant assertions related to each material class of transactions, account
balance, and disclosure. As a result, the limited procedures approach is not appropriate for material or otherwise significant
audit areas.
405.23 Basic Procedures. The basic procedures section of the audit programs includes primarily substantive analytical
procedures and certain tests of details, most of which are required by specific AU-C sections. Analytical procedures include
more than just comparisons of recorded amounts to financial and nonfinancial information. Likewise, the basic procedures
include such tasks as the following:
Scanning accounting records to identify unusual relationships or the absence of expected relationships.
Inquiring of the client about relevant audit matters.
Observing certain assets or client practices.
Confirming information with third parties and performing other limited detail tests.
The basic procedures are generally sufficient when the risk of material misstatement has been assessed as low or moderate.
Often, these procedures are supplemented in higher risk areas by extended procedures (procedures for additional
assurance). Basic procedures by themselves are not ordinarily appropriate to respond to a fraud risk or other significant risk.
405.24 Extended Procedures (Procedures for Additional Assurance). By selecting the Extended Procedures approach, the
auditor is stating that he or she will perform the basic procedures plus selected extended procedures (procedures for
additional assurance) or other audit procedures. Extended procedures consist primarily of the following types of substantive
procedures:
Tests of Details. These are procedures, such as vouching, tracing, reperformance, or confirmation, that are applied
to individual transactions or balances. There are two primary types of tests of details:
Tests of Transactions. These are tests of the processing of individual transactions by inspection of the
documents and accounting records involved in processing or reperforming client routines, for example, tracing
a sample of shipping documents to the sales journal to see whether shipments have been recorded as sales.
Tests of Balances. These are tests applied directly to the details of balances in general ledger accounts, for
example, confirming the balances of accounts in the accounts receivable subsidiary ledger with individual
customers or recomputing depreciation. Generally, tests of balances are more efficient and effective than tests
of transactions.
Analytical Procedures. These analytical procedures are similar to those discussed beginning in paragraph 405.22.
However, they are performed at a higher level of precision. For example, they are typically performed at a very
detailed (disaggregated) level. A discussion on choosing between analytical procedures and tests of details is
located in section 503.
These procedures generally provide a higher degree of audit assurance, so one or more procedures are normally selected to
supplement the basic procedures when responding to a higher-risk area or assertion.
405.25 Specified Risk Approach. The specified risk programs have been developed from the basic and extended
procedures in the core audit programs. (All procedures in the specified risk programs are also in the core audit programs.)
Generally, the audit procedures in the specified risk programs are more focused on substantive tests of details versus
substantive analytics. The programs have been developed based on a predefined set of risk assumptions and include
procedures that may be typical in the audit of the financial statements of a small, nonpublic entity.
Tailoring the Audit Programs
405.26 Earlier sections of this chapter explain in detail how the auditor assesses risks in the audit. The auditor identifies risks
(including risks of material misstatement due to fraud), considers managements response to those risks through operating
decisions and controls, and assesses the risk of material misstatement at the relevant assertion level.
405.27 The key to effective auditing is selecting procedures for each audit area or assertion that correspond to its respective
risks. Simply stated, this means spending more audit effort responding to the higher-risk areas or assertions and less audit
effort in responding to the lower-risk areas or assertions. This section explains how to use the audit programs illustrated in this
Guide for efficient auditing that meets the requirements of the authoritative standards. Chapter 5 includes a more detailed
discussion on the substantive procedures required by specific AU-C sections in every audit; the nature, timing, and extent of
substantive procedures; and choosing between substantive analytical procedures and substantive tests of details.
405.28 As discussed previously, this Guide provides three sets of audit programs:
Core Audit Programs (ASB-AP section). Tailoring the core audit programs is discussed in detail beginning at
paragraph 405.32.
Specified Risk Audit Programs (ASB-AP-S section). Tailoring the illustrated specified risk audit programs is
discussed in detail beginning at paragraph 405.38.
Initial Audit Programs (ASB-IA section). Initial audit programs are discussed further beginning at paragraph 405.43.
405.29 Core and Specified Risk Programs Provide Starting Points. The core and specified risk audit programs provide
two different starting points for auditors to use in developing an audit response and determining the nature, timing, and extent
of further audit procedures that need to be performed in response to the risk assessment. Both the core and specified risk
audit programs can be easily tailored to respond to the individual risk assessment. As discussed beginning at paragraph
405.6, it is important for the auditor to perform a careful review of the procedures in each program when deciding which
program to start with for a particular client or audit area. It is anticipated that auditors will tailor the majority of the PPC audit
programs for individual financial statement audit areas to respond to their clients specific risks and circumstances.
405.30 Initial Audit Programs. The initial audit programs include additional procedures necessary in an initial audit
engagement. All of the procedures in initial audit programs are extensions of the procedures in the core audit programs in the
ASB-AP section and the specified risk audit programs in the ASB-AP-S sections of this Guide and ought to generally be
performed in conjunction with those programs.
405.31 Electronic Tools. The audit programs in this Guide are also available in Microsoft Word and Excel formats in PPCs
Practice Aids. In addition, PPCs SMART Practice AidsRisk Assessment is an innovative audit tool that automates the audit
planning and risk assessment process and dynamically generates customized audit programs based on the auditors risk
assessments.
405.32 Core Audit Programs. The PPC core audit programs include both general audit programs and audit programs for
individual financial statement audit areas. The general procedures programs consist of the following sections:
General Planning Procedures, including engagement acceptance procedures, the procedures for obtaining an
understanding of the entity and its environment, including internal control, assessing the risk of material
misstatement, determining planning materiality, etc.
Other General Planning Procedures, including planning procedures related to matters such as using the work of
other auditors or specialists.
General Auditing and Completion Procedures, including procedures required by specific AU-C sections that do not
relate to particular account balances, such as testing of journal entries, evaluation of misstatements, and obtaining
legal representation letters.
Other General Auditing and Completion Procedures, including procedures that may be warranted, due to specific
circumstances such as environmental remediation liabilities, potential fraud or illegal acts, omitted procedures or
subsequent discovery of facts, etc.
Each audit program for the individual audit areas generally consists of basic procedures, extended procedures (procedures
for additional assurance), and other audit procedures. The differences in those sections are discussed beginning at
paragraph 405.8.
405.33 The audit program for general procedures covers the general steps performed in any audit. Any necessary tailoring
generally involves removing or adding procedures to fit the specific circumstances of the engagement.
405.34 The audit programs for individual financial statement audit areas are designed to correspond with the auditors risk
assessments and decisions about the audit approach at the assertion level, as documented on the Risk Assessment
Summary Form (ASB-CX-7.1). On that form, the auditor documents significant audit areas, the risks of material misstatement
affecting each area (including fraud risks or other significant risks), the assessment of those risks at the assertion level, the
planned audit approach that is appropriately tailored to respond to the assessed level of risk, and the linkage of the assessed
risks to the audit procedures that respond to those risks. To tailor the audit programs, the auditor first decides whether
extended procedures are needed (see paragraph 405.35). To assist auditors in tailoring audit programs, PPC has developed
PPCs SMART Practice Aids, which is an innovative audit tool that automatically generates audit programs based on the
auditors risk assessments.
405.35 Selecting Extended Procedures (Procedures for Additional Assurance). If the auditor decides that extended
procedures are needed, the next step is to decide which procedure(s) need to be performed. The auditor ought to select
procedures that are most appropriate to respond to the risk assessment. The auditor uses the assertions to link the risks with
the procedures. To help auditors in selecting appropriate procedures and to show linkage between the assessed risk and the
further audit procedures performed to respond to the risk, each procedure on the audit programs indicates the assertions that
are primarily and secondarily addressed by that procedure. Also, the auditor indicates the choice of a procedure by placing a
checkmark in the box provided or circling (for print versions of the Guide) the assertion(s) for which the additional assurance
is needed. For example, auditors who identify a significant risk relating to the completeness of accounts receivable can scan
the list of procedures for additional assurance in the Audit Program for Accounts Receivable and Sales looking for
procedures relating to completeness. If an appropriate procedure is identified in the extended procedures section of the audit
program, the auditor would place a checkmark in the box indicating that procedure has been selected to address the risk. If
the procedure addresses more than one assertion, the auditor might also circle the C in the assertion column to indicate
that completeness is the assertion being specifically tested. Some extended procedures are specifically identified for
consideration in response to identified fraud risks. If the auditor feels that the risk of material misstatement is still present after
performing procedures or if there is not a procedure in the audit program that responds to the identified risk, the auditor
needs to develop an appropriate response.
405.36 The selection of extended procedures needed to respond to a particular risk is a matter of auditor judgment. When
making those decisions, the auditor considers the factors discussed in section 503. Even high-risk areas or assertions can be
overaudited. Only rarely would an auditor need to perform all the extended procedures for an audit area. The auditor focuses
on the extended procedures that relate to the risks identified for that area and, as previously noted, the auditor selects
additional procedures based on the assessment of risk of material misstatement at the relevant assertion level. In some cases,
only one additional procedure may be necessary. At other times, two or more procedures might be needed.
405.37 When the auditor is selecting extended procedures, the goal is to find the appropriate mix of analytical procedures
and tests of details to respond to the risk of material misstatement. For high risk areas or assertions, the auditor generally
chooses extended procedures to supplement the basic procedures. However, sometimes the selected steps in the extended
procedures section might replace one of the steps in the basic procedures section. The auditor need not apply certain
procedures in the basic procedures section if other planned procedures are sufficient to reduce the risk of material
misstatement to an appropriately low level.
405.38 Specified Risk Audit Programs. The specified risk programs have been developed from the basic and extended
procedures in the core audit programs. (All procedures in the specified risk programs are also in the core audit programs.)
Generally, the audit procedures in the specified risk programs are more focused on substantive tests of details versus
substantive analytics. The programs have been developed based on a predefined set of risk assumptions and include
procedures that are typical in a small, nonpublic engagement. If the general characteristics in paragraph 405.15 do not apply
to the engagement, the auditor considers whether it is appropriate to use the specified risk approach or the core audit
programs.
405.39 The specified risk programs include both general audit programs and audit programs for individual financial
statement audit areas. The general procedures program consists of general planning procedures and the general auditing
and completion procedures. Those sections are discussed in paragraph 405.32. The other general planning procedures and
other general auditing and completion procedures are not included in the specified risk programs. If the auditor has a
particular circumstance covered in the additional sections of the general audit programs, he or she will need to go to the core
programs and pull in the steps needed to fit the specific circumstances of the engagement.
405.40 The audit programs for the individual audit areas in the specified risk programs consist of one set of procedures,
developed from the basic and extended procedures in the core audit programs. At the front of each specified risk audit
program is a description of the underlying risk assumptions for that audit area. Before selecting the specified risk approach
and using the related programs, the auditor performs a careful review of the underlying risk assumptions and the procedures
in each program to ensure that the audit procedures included in the program appropriately respond to the risk assessment for
a particular client or audit area.
405.41 If the risk assessment for a particular audit area or assertion differs from the assumed underlying risk assumptions,
the auditor considers the need to modify the audit program for that audit area or assertion to adequately respond to the risk
assessment. If additional procedures are needed, they can be selected from the basic, extended, and other procedures
included within the core audit programs. (The core audit programs designate with an S those steps that have already been
included in the specified risk audit programs.) As discussed in detail in Chapter 5, in some cases, it may be possible to
adequately respond to a particular risk assessment by altering the extent or timing of procedures rather than selecting
additional procedures.
405.42 Can the Auditor Use a Combination of Core Audit Programs and Specified Risk Audit Programs? The answer is
Yes. There may be circumstances where the auditor decides to use a combination of core audit programs and specified risk
audit programs for different audit areas. For example, assume the auditor has performed the risk assessment, performed a
thorough review of the assumptions and procedures in the specified risk audit programs, and decided that the specified risk
approach appropriately responds to the risk assessment for the client in all audit areas except Accounts Receivable (A/R). In
that case, the auditor could use the specified risk programs for all of the audit areas except A/R. For A/R, the auditor would
develop the audit program for receivables from the core audit programs and indicate on the risk assessment summary form
that either a basic or extended procedures approach was selected for A/R.
405.43 Initial Audit Programs. The initial audit programs include additional procedures necessary in an initial audit
engagement. All of the procedures in initial audit programs are extensions of the procedures in the core audit programs in the
ASB-AP section and the specified risk audit programs in the ASB-AP-S sections of this Guide and ought to generally be
performed in conjunction with those procedures. The initial audit programs include both general audit programs and audit
programs for individual financial statement audit areas. The general procedures program consists of the following sections:
Additional General Planning Procedures for an Initial Audit, including procedures such as obtaining the clients
permission to review the predecessors workpapers and files, reviewing prior client tax returns and documents, etc.
Additional General Auditing and Completion Procedures for an Initial Audit.
The initial audit programs for individual audit areas include procedures relating to review of a predecessor auditors
workpapers and certain other procedures. Tailoring of the initial audit programs is generally related to whether information
from a review of the predecessor auditors workpapers will or will not be used as evidence for opening balances.
Documentation Requirements
405.44 AU-C 330.30 requires the auditor to document the following related to preparing the detailed audit plan:
The overall responses to address the assessed risks of material misstatement at the financial statement level (see
discussion in section 306).
The nature, timing, and extent of further audit procedures.
The linkage of those procedures with the assessed risks at the relevant assertion level.
The results of the audit procedures, including conclusions that are not otherwise clear.
405.45 As noted in paragraph 405.2, AU-C 300.09 states that the audit plan should include the following:
A description of the nature, timing, and extent of planned risk assessment procedures sufficient to assess the risks
of material misstatement.
A description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level for
each material class of transactions, account balance, and disclosure.
A description of other audit procedures planned to be carried out for the engagement in order to comply with
generally accepted auditing standards (for example, seeking direct communication with the entitys lawyers).
Planning for audit procedures takes place during the course of the audit, and risk assessment procedures may cause a
change in planned specific further audit procedures. AU-C 300.10 notes that the auditor should document changes to the
original audit plan.
405.46 As discussed in paragraph 405.34, the Risk Assessment Summary Form at ASB-CX-7.1 and the various audit
programs described in this section were designed to assist the auditor in meeting these documentation requirements.
CHAPTER 5: SUBSTANTIVE PROCEDURES
Introduction
500.1 Further audit procedures performed for the purpose of detecting material misstatement at the relevant assertion level
are referred to as substantive procedures. For each relevant assertion within a material account balance, class of
transactions, or disclosure, the auditor needs to determine the nature, timing, and extent of substantive procedures necessary
to obtain sufficient, appropriate audit evidence to express an opinion on the financial statements. Substantive procedures
consist of tests of details and substantive analytical procedures. Tests of details are discussed in section 504 and substantive
analytical procedures are discussed in section 505. Tests of controls are discussed in Chapter 6.
500.2 The authoritative pronouncements establishing requirements that most directly affect designing substantive procedures
are as follows:
a. AU-C 240, Consideration of Fraud in a Financial Statement Audit, requires the auditor to identify and assess risks of
material misstatement due to fraud, and to design the audit to provide reasonable assurance of detecting fraud that
results in the financial statements being materially misstated. [Formerly SAS No. 99 (AU 316)]
b. AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained,
addresses designing and performing audit procedures that are responsive to risks at the relevant assertion level.
c. AU-C 500, Audit Evidence, describes audit procedures used to obtain audit evidence. [Formerly SAS No. 106 (AU
326)]
d. AU-C 520, Analytical Procedures, explains the use of analytical procedures as substantive tests to obtain sufficient
appropriate audit evidence. [Formerly SAS No. 56 (AU 329)]
Objectives
501.1 The objectives of the auditor when obtaining audit evidence and when designing and performing substantive
procedures, including analytical procedures, are as follows:
To design and perform audit procedures that will obtain sufficient appropriate audit evidence to draw reasonable
conclusions as a basis for the auditors opinion.
To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement through
designing and implementing appropriate responses to those risks.
To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud
through designing and implementing appropriate responses to those risks.
To obtain relevant and reliable audit evidence when using substantive analytical procedures.
Requirements
Exhibit 5-1
Requirements for Audit Evidence and Substantive Procedures
Requirements
Clarified
AU
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
Designing and Performing Substantive Procedures
Irrespective of the assessed risk of material
misstatement, design and perform substantive
procedures for all relevant assertions for each material
class of transactions, account balance, and disclosure.
Perform substantive audit procedures related to the
financial statement closing process, such as the
following:
Agree or reconcile the financial statements with
the underlying accounting records.
Examine material journal entries and other
adjustments made when preparing the financial
statements.
If an assessed risk of material misstatement at the
relevant assertion level is a significant risk, perform
substantive procedures specifically responsive to that
risk. When the approach to a significant risk consists
only of substantive procedures, perform some tests of
details rather than relying solely on analytical
procedures.
If substantive procedures are performed at an interim
date, cover the remaining period by performing
additional substantive procedures, or substantive
procedures combined with tests of controls, for the
intervening period that provide a reasonable basis for
extending the audit conclusions from the interim date
to period end.
Confirmations at
an Interim Date
ASB-AP-5,
Inventory Tested
at an Interim
Date
If unexpected misstatements are detected at an interim
date, evaluate whether the related risk assessment
and the planned nature, timing, or extent of
substantive procedures covering the remaining period
need to be modified.
through
ASB-AP-14
Determine the means of selecting items for testing that
are effective in meeting the purpose of the audit
procedure.
Document the following items relating to substantive
procedures:
The nature, timing, and extent of substantive
procedures.
The linkage of those procedures with the
assessed risks at the relevant assertion level.
through
ASB-AP-14
ASB-CX-7.1
Requirements
Clarified
AU
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
The results of the procedures.
Demonstrate in the audit documentation that the
financial statements agree or reconcile with the
underlying accounting records.
Audit Evidence
Design and perform audit procedures that are
appropriate in the circumstances for obtaining
sufficient appropriate audit evidence.
through
ASB-AP-14
ASB-CX-7.1
When designing and performing audit procedures,
consider the relevance and reliability of the information
that will be used as audit evidence.
through
ASB-AP-14
When using information produced by the entity,
evaluate whether the information is sufficiently reliable,
including as necessary (1) obtaining audit evidence
about the accuracy and completeness of the
information and (2) evaluating whether the information
is adequately precise and detailed.
through
ASB-AP-14
If audit evidence obtained from different sources is
inconsistent or doubt exists about the reliability of
information to be used as audit evidence, determine
what changes or additions to audit procedures are
necessary to resolve the matter and consider the
effects on other aspects of the audit.
Analytical Procedures
Determine the suitability of particular substantive
analytical procedures for given assertions, taking into
account the assessed risks of material misstatement
and tests of details, if any, for those assertions.
through
ASB-AP-14
ASB-CX-7.1
Evaluate the reliability of data from which the
expectation of recorded amounts or ratios is
developed, taking into account the source,
comparability, nature, and relevance of information
available, and the controls over its preparation.
through
ASB-AP-14
ASB-CX-9.1
Develop an expectation of recorded amounts or ratios
and evaluate whether the expectation is sufficiently
precise (taking into account whether substantive
analytical procedures are to be performed alone or in
combination with tests of details) to identify a
misstatement that, individually or when aggregated
with other misstatements, may cause the financial
statements to be materially misstated.
through
ASB-AP-14
ASB-CX-9.1
Determine the amount of any difference between
recorded amounts and expected values that is
acceptable without further investigation and compare
the recorded amounts, or ratios developed from
recorded amounts, with the expectations.
through
ASB-AP-14
ASB-CX-9.1
Requirements
Clarified
AU
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
If analytical procedures identify fluctuations or
relationships that are inconsistent with other
information or that differ from expected values by a
significant amount, investigate the differences by:
Inquiring of management and obtaining
appropriate audit evidence to corroborate
managements responses.
Performing other audit procedures as necessary
in the circumstances.
through
ASB-AP-14
ASB-CX-9.1
The expectation and the factors considered in its
development when that expectation or those
factors are not otherwise readily determinable
from the audit documentation.
Results of the comparison of the recorded
amounts, or ratios developed from recorded
amounts, with the expectations.
Any additional auditing procedures performed to
investigate fluctuations or relationships that are
inconsistent with other information or that differ
from expected values by a significant amount,
and the results of those procedures.
Audit
Design and perform further audit procedures whose
nature, timing, and extent are responsive to the
assessed risks of material misstatement due to fraud
at the assertion level.
through
ASB-AP-14
ASB-CX-7.1
Address the risk of management override of controls
separately from more specifically identifiable risks by
designing and performing audit procedures to
Test the appropriateness of journal entries
recorded in the general ledger and entries made
when preparing the financial statements. In
designing and performing audit procedures for
such tests
Obtain an understanding of the entitys
financial reporting process and controls over
journal entries and other adjustments, and
the suitability of design and implementation
of such controls.
AU-C 240.32 Section 506 ASB-CX-4.2.1
Make inquiries of individuals involved in the
financial reporting process about
inappropriate or unusual activity relating to
the processing of journal entries and other
adjustments
Consider fraud risk indicators, the nature AU-C 240.32 Section 506 ASB-AP-2
Requirements
Clarified
AU
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice Aids
and complexity of accounts, and entries
processed outside the normal course of
business.
Select journal entries and other adjustments
made at the end of a reporting period.
Consider the need to test journal entries and
other adjustments throughout the period.
Review accounting estimates for biases and
evaluate whether the circumstances
producing the bias, if any, represent a risk of
material misstatement due to fraud. In
performing this review
Evaluate whether the judgments and
decisions made by management in making
the accounting estimates, even if they are
individually reasonable, indicate a possible
bias on the part of the entitys management
that may represent a risk of material
misstatement due to fraud. If so, reevaluate
the accounting estimates taken as a whole.
Perform a retrospective review of
management judgments and assumptions
related to significant accounting estimates
reflected in the financial statements of the
prior year. Select estimates for review that
are based on highly sensitive assumptions
or are otherwise significantly affected by
judgments made by management.
Evaluate, for significant transactions that are
outside the normal course of business for
the entity or that otherwise appear to be
unusual given the understanding of the entity
and its environment and other information
obtained during the audit, whether the
business rationale (or the lack thereof) of the
transactions suggests that they may have
been entered into to engage in fraudulent
financial reporting or to conceal
misappropriation of assets.
Determine whether additional procedures are
necessary in order to respond to the identified risks of
* * *
502 SUBSTANTIVE PROCEDURES REQUIRED IN EVERY AUDIT
502.1 Because of the judgmental nature of the auditors risk assessments and the inherent limitations of internal control,
particularly the risk of management override, the auditing standards prescribe certain substantive procedures that should be
performed in every audit. The additional substantive procedures that are needed in particular circumstances depend on the
auditors judgment about the sufficiency and appropriateness of audit evidence in the circumstances.
Material Account Balance, Transaction Class, or Disclosure
502.2 Risk assessment procedures and tests of controls contribute to the formation of the auditors opinion, but do not by
themselves provide sufficient, appropriate audit evidence. According to AU-C 330.18, irrespective of the assessed risk of
material misstatement, the auditor should design and perform substantive procedures for all relevant assertions related to
each material class of transactions, account balance, and disclosure. The reasons for this requirement are as follows:
The auditors assessment of risk is judgmental and might not be sufficiently precise to identify all risks of material
misstatement.
There are inherent limitations to internal control, including management override, and even effective internal controls
generally reduce, but do not eliminate, the risk of material misstatement.
In other words, even if the auditor concludes that the risk of material misstatement is low for a particular assertion related to a
material account balance, transaction class, or disclosure based on performing risk assessment procedures and tests of
controls, some substantive procedures are still required.
Other Required Procedures
502.3 Financial Close and Reporting Process. AU-C 330.21 requires that the auditor perform the following substantive
procedures in every audit:
Agree or reconcile the financial statements, including the accompanying notes, to the underlying accounting
records. (AU-C 330.33 notes that the auditors documentation should demonstrate that agreement or reconciliation.)
Examine material journal entries and other adjustments made during the course of preparing the financial
statements.
Those requirements are related to the financial close and reporting process.
502.4 Management Override of Controls. AU-C 240.32 also requires certain substantive procedures in all audits to address
the risk of management override of controls. These required procedures are as follows:
Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud.
Reviewing accounting estimates for biases that could result in material misstatement due to fraud.
Evaluating the business rationale for significant unusual transactions.
Procedures relating to responding to fraud risks, including management override of controls, are discussed beginning at
paragraph 506.2.
502.5 Both AU-C 330.21 and AU-C 240.32 require examining journal entries and other adjustments, but the requirement of
AU-C 240.32 is focused on identifying fraudulent journal entries. (See discussion at paragraph 506.17.) As discussed in
paragraph 6.94 of the AICPA Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit, the nature,
timing, and extent of procedures required by AU-C 240 are different from those required by AU-C 330. AU-C 330 focuses on
journal entries made during the course of preparing the financial statements and AU-C 240 requires the auditor to consider
reviewing journal entries made throughout the year. This distinction is also emphasized in a nonauthoritative AICPA Technical
Practice Aid, Examining Journal Entries (TIS 8200.16). Auditors should ensure that their audit procedures satisfy both
requirements. Paragraph 506.27 discusses documentation of the review of journal entries.
502.6 Significant Risks. As discussed in section 403, significant risks are risks that require special audit attention. When the
audit approach to significant risks consists only of substantive procedures (that is, the auditor does not plan to rely on
controls), the substantive procedures should be tests of details only or a combination of tests of details and substantive
analytical procedures. The use of only substantive analytical procedures is not permitted. (AU-C 330.22)
502.7 Other Specific Requirements. There are also other presumptively mandatory requirements for substantive
procedures for particular account balances. Examples include the following:
Confirmation of accounts receivable. (AU-C 330.20)
Inventory observation, that is, being present at the time of the count and, by suitable observation, tests, and inquiries
being satisfied about the effectiveness of the methods of inventory taking. (AU-C 501.11)
In addition, there are other specific requirements to perform procedures, typically called general procedures, that do not
relate to particular account balances, such as sending a letter of audit inquiry to the clients lawyer and reading minutes of
meetings of directors. Those general procedures, as well as the required procedures listed in paragraphs 502.3 and 502.4 are
included in the general audit programs (ASB-AP-1 or ASB-AP-2). The requirement to confirm accounts receivable is a basic
procedure in the Audit Program for Accounts Receivable and Sales (ASB-AP-4). The requirement to observe inventory is a
basic procedure in the Audit Program for Inventory and Cost of Sales (ASB-AP-5).
Documentation
502.8 AU-C 330.30 requires the auditor to document the following items relating to substantive procedures:
The nature, timing, and extent of substantive procedures.
The linkage of those procedures with the assessed risks at the relevant assertion level.
The results of the procedures.
Audit documentation is also discussed in Chapter 8. Other documentation considerations relating to substantive procedures
are discussed throughout this Chapter.
503 CHOOSING SUBSTANTIVE PROCEDURES
Considering the Sufficiency and Appropriateness of Audit Evidence
503.1 The additional substantive procedures that are needed in particular circumstances depend on the auditors judgment
about the sufficiency and appropriateness of audit evidence in the circumstances. Therefore, the auditor should consider the
sufficiency and appropriateness of audit evidence to be obtained when assessing risks and designing further audit
procedures. AU-C 500.05 describes these characteristics of audit evidence as follows:
Sufficiency is the measure of the quantity of audit evidence.
Appropriateness is the measure of the quality of audit evidence, that is, its relevance and its reliability in providing
support for the conclusions on which the auditors opinion is based.
The quantity and quality of audit evidence needed are interrelated and are dependent on the risk of material misstatement.
503.2 The auditor performs risk assessment procedures to obtain an understanding of the entity and its environment,
including its internal control, to assess the risks of material misstatement. This assessment includes consideration of the
effectiveness of managements responses and controls to address risks. The auditor evaluates the quality and quantity of the
evidence obtained from the risk assessment procedures and, if applicable, tests of controls to determine the further audit
procedures necessary to obtain sufficient, appropriate evidence to afford a reasonable basis for an opinion of the financial
statements under audit.
503.3 An important quality of audit evidence is its reliability, which is affected by both the nature and source of the evidence.
AU-C 500.A32 provides the following generalizations about the reliability of audit evidence:
a. Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
b. Audit evidence that is generated internally is more reliable when the related controls imposed by the entity are
effective.
c. Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more
reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a
control).
d. Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium. For
example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of
the matters discussed.
e. Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies, faxes,
or electronic images.
503.4 AU-C 500.10 states that if audit evidence obtained from different sources is inconsistent or doubt exists about the
reliability of information to be used as audit evidence, the auditor should determine what changes or additions to audit
procedures are necessary to resolve the matter and consider the effects on other aspects of the audit. The auditor needs to
be wary when explanations obtained from different sources conflict; managements explanations for significant fluctuations
differ from the auditors expectations; or responses to inquiries about analytical relationships are vague, implausible, or
inconsistent with the auditors knowledge or other audit evidence. In this area, the main ingredients for effectiveness are
healthy doses of common sense and professional skepticism.
503.5 Authoritative literature views audit evidence as being obtained from a variety of sources, including the auditors
assessment of risk. AU-C 500.05 defines audit evidence as information used by the auditor in arriving at the conclusions on
which the auditors opinion is based. Audit evidence includes both information contained in the accounting records
underlying the financial statements and other information. Audit evidence includes evidence obtained from procedures
performed during the current audit as well as previous audits. Use of audit evidence from previous audits is discussed in
section 506, but one common form of such evidence is experience gained in previous audits with respect to potential
misstatements. Misstatements detected in previous audits are an important indicator of likely misstatements in the current
audit. Generally, however, previous misstatements are a more reliable indicator of error than fraud.
503.6 AU-C 500.05 notes that audit evidence includes the information contained in the accounting records underlying the
financial statements and other information. AU-C 315.21 states the auditor should obtain an understanding of the process of
reconciling detailed records to the general ledger for material account balances. Further, as described in paragraph 502.3,
agreeing the financial statements to the underlying accounting records is a required procedure in every audit. Thus, without
adequate attention to the propriety and accuracy of underlying accounting data, an opinion on the financial statements is not
warranted.
Nature, Timing, and Extent of Substantive Procedures
503.7 As the residual risk of material misstatement increases, the quantity and quality of necessary audit evidence from
substantive procedures also increases. (Section 608 discusses the effect of the control risk assessment on substantive
procedures.) The higher the auditors assessment of risk, the more reliable and relevant audit evidence from substantive
procedures needs to be. This may affect both the combination of audit procedures and types of audit procedures to be
performed.
503.8 Generally, the auditor will have decided whether audit procedures will be performed at an interim date or at period end
as part of establishing the overall audit strategy. Therefore, in designing further audit procedures, the focus will be on the
nature and extent of substantive procedures rather than their timing. AU-C 330.A5 states that the nature of the audit
procedures is most important in responding to the assessed risks. Generally, increasing the extent of an audit procedure is
effective only if the audit procedure itself is relevant to the specific risk. Therefore, the nature of the audit procedure is the
most important consideration.
Basic Types of Substantive Procedures
503.9 Substantive procedures have historically been classified and described based on their nature, as shown in Exhibit 5-2.
This perspective is a sound approach to basic auditing, but it does not help auditors determine the most efficient audit
approach for responding to risks. Selecting appropriate substantive procedures is discussed in the following paragraphs.
Exhibit 5-2
Substantive Audit Procedures (By Nature)
Procedure Description Examples
Inspection of tangible assets
(physical examination)
Identification of an items quantity
and sometimes its quality.
Test counts of inventory, cash
count, securities count.
Confirmation Obtaining a written response
directly from independent parties
outside the client organization.
Confirming accounts receivable
with customers.
Inspection of documents (which
includes vouching and tracing)
Inspection of documents that
support recorded transactions or
amounts. (Direction of testing is
from recorded amount to the
supporting document.) Tracing
source documents to the
amounts in the accounting
records. (Direction of testing is
from source document to
recorded amount.)
Checking recorded sales
transactions for agreement with
sales invoices and shipping
documents. Tracing shipping
documents to recorded sales in
the accounting records.
Reperformance and recalculation Auditor repetition of client
routines such as calculating and
bookkeeping functions such as
posting.
Determining that journal entries
have been posted to the proper
accounts; recomputing client
depreciation calculations.
Inquiry Questioning management,
employees, or persons outside
the entity (responses to which
may be oral or written).
Asking if consignment
arrangements exist; obtaining a
client representation letter.
Analytical procedures (which
includes scanning)
Systematic analysis and
comparison of relationships
among absolute amounts,
trends, and ratios. Visual scrutiny
of accounting records, reports,
and schedules to detect unusual
items, inconsistencies, or
anomalies.
Comparing gross margin
percentages over time;
relationship of bad debt write-offs
to the accounts receivable
balance. Scanning the charges to
the repairs expense account for
capital expenditures; scanning
the December sales journal for
unusual items.
Procedure Description Examples
unusual items.
Observation Visually reviewing client activities
or locations.
Observing bookkeeping routines;
touring plant.
* * *
Selecting Appropriate Substantive Procedures
503.10 The selection of specific substantive procedures needed to respond to the risk assessment is a matter of auditor
judgment. This involves consideration of all the relevant factors, including the following:
Characteristics of the related account (or transaction class).
Financial statement assertion(s) being tested.
Nature of risks identified.
Degree of the risk involved.
Type and persuasiveness of the available audit evidence.
Efficiency and effectiveness of the substantive procedures.
503.11 Considering the Account Being Tested. Some types of accounts lend themselves better to particular procedures.
For example, some accounts, such as accounts receivable, can generally be tested by applying procedures to balances.
Other accounts, such as property accounts, are often tested most effectively by examining transactions during the period. As
another example, many types of accrued liabilities are based on financial relationships that can be effectively tested through
properly designed analytical procedures.
503.12 Considering the Financial Statement Assertion. Similarly, the financial statement assertion being tested can also
significantly affect the choice of procedures. For example, tests of existence are generally aimed at examining the items
comprising the account balance. Tests of completeness often involve (a) performing predictive tests of account balances or
(b) identifying items that should be included in the account and determining whether they are included. Tests of valuation
normally relate to assessing the reasonableness of computed or estimated amounts (such as inventory obsolescence or
allowance for doubtful accounts).
503.13 The financial statement assertion being considered can also provide indications of the types of misstatements that
might occur in the financial statements. For example, misstatements of the existence assertion result in overstatement of the
account balance, and misstatements of the completeness assertion result in understatement.
503.14 Considering the Nature of Risks Identified. On the Risk Assessment Summary Form at ASB-CX-7.1, the auditor
documents specific risks relating to each significant audit area and related assertion, including fraud risks and other
significant risks. Sometimes, the identified risk will suggest the appropriate further audit procedures needed. For example, if
the risk for receivables is that sales cutoff errors are likely to occur, the auditor may simply choose to apply more procedures
to test sales cutoff. However, in other cases, the appropriate procedure may be less clear. In those cases, the auditor
considers the risks in terms of the types or direction and causes of potential misstatements to decide what steps may be
appropriate. Exhibit 5-3 lists the basic types or direction and causes of misstatements that might affect a particular account
and result in material misstatement of the financial statements.
Exhibit 5-3
Types (Direction) and Causes of Misstatements
Types (Direction) of Misstatement
Understatement of account balance
Overstatement of account balance
Causes of Misstatement
Error
Fraudulent financial reporting
Theft
* * *
503.15 Determining the type or direction of misstatement can help the auditor determine the direction of the testing
procedures. To illustrate this process, consider how types of misstatement could affect the testing of inventory quantities. If
the auditor is concerned about understatement of inventory quantities, the focus needs to be on tracing from external
documents (purchase records, physical inventory counts, etc.) to the inventory records and testing to assure that all inventory
was counted. On the other hand, if the auditor is concerned about overstatement of quantities, the focus would be on (a)
vouching recorded quantities to physical count sheets or other relevant documentation, (b) testing to assure that inventory
counts were not duplicated, and (c) determining whether purchased inventory in transit was recorded in the proper period.
503.16 The auditor also considers whether the likely cause of misstatements will tend to result in understatement or
overstatement of the account balance and designs procedures accordingly. For example, if fraud risk indicators point to a risk
of overstatement of revenue, one possibility is an increased risk of improper cutoff to inflate revenue. Thus, the auditor might
design procedures to compare sales recorded near year end to merchandise shipments after year-end with the emphasis on
whether shipments after year end were incorrectly recorded in the period under audit.
503.17 Consideration of the cause of misstatements becomes especially important if the auditor believes there is a significant
risk of material misstatement due to fraud. In that case, the auditor carefully considers how fraud might result in misstatement
of the financial statements and then designs appropriate procedures to detect those misstatements.
503.18 Considering the Degree of Risk. On the Risk Assessment Summary Form at ASB-CX-7.1, the auditor documents
the assessment of the risk of material misstatement for each significant audit area or assertion. Generally, the higher the risk,
the greater the degree of assurance needed from substantive procedures. Even without testing controls, the degree of
assurance can be increased through one or more of the following means:
Nature. The auditor can change the nature of the procedures. This normally involves adding more procedures or
choosing more persuasive procedures; that is, using more targeted procedures, performing more independent
verifications, etc. (As indicated in paragraph 503.8, generally the nature of procedures is the most important
consideration.)
Extent. The auditor can increase the extent of testing. This can be done by testing more items, changing the design
of the test to focus on more items that are prone to misstatement, or increasing the precision of analytical
procedures. Chapter 7 discusses extent of tests.
Timing. The auditor can change the timing of the procedures to do more work at the balance-sheet date.
503.19 Because audit programs deal primarily with the nature of procedures, an auditors first response to a high risk of
material misstatement will normally be to consider adding more procedures. Before doing so, the auditor needs to consider
whether or not he or she is performing the most effective or the correct procedures. Then, the auditor considers whether
changing the extent or timing of the procedures might be as effective as, and more efficient than, adding different audit
procedures. If the auditor responds to a high risk of material misstatement by altering the extent or timing of the procedures,
he or she can document that response in the Comments column of ASB-CX-7.1.
503.20 Considering the Available Evidence. When planning the audit, the auditor considers the audit evidence needed and
the evidence available. The evidence sought needs to be commensurate with the assessed level of risk. Generally, the higher
the assessed risk of material misstatement for an area or assertion, the more reliable the evidence needs to be. The reliability
of audit evidence is discussed in paragraph 503.3.
503.21 The availability of audit evidence is another key consideration. This is critical when much of that evidence is
electronic. In many entities, vast amounts of information are transmitted, processed, maintained, or accessed electronically. In
some industries, purchase and sale transactions and related payments occur electronically, such as through electronic data
interchange (EDI). When information technology systems are used extensively, some audit evidence may be available only in
electronic form and only for a period of time. In those situations, the auditor can only apply the audit procedures when the
evidence is available and might need to use technology to do so. Sometimes, the auditor might conclude that it is not
possible or practical to reduce detection risk at the relevant assertion level to an acceptably low level with audit evidence
obtained by performing only substantive procedures. In those cases, as discussed beginning in paragraph 603.17, the auditor
should test controls relating to those assertions.
503.22 Considering the Effectiveness and Efficiency of Substantive Procedures. As previously noted, the auditor
considers the degree of assurance needed from substantive procedures and selects procedures that are sufficiently effective.
To be cost-effective, the auditor also considers the efficiency of the substantive procedures.
503.23 Substantive procedures include tests of details, substantive analytical procedures, or a combination of both.
Therefore, designing the nature of substantive procedures involves deciding between or combining the two. In some cases,
substantive procedures might be limited to substantive analytical procedures. Substantive analytical procedures alone are
more likely to be appropriate in the following circumstances:
The risks of material misstatement, including particular risks due to fraud, are relatively low.
The account balance, transaction class, or disclosure relates to large volumes of transactions that tend to be
predictable over time.
The account balance, transaction class, or disclosure is not affected by a significant degree of subjectivity.
Paragraph 503.25 begins a more detailed discussion of choosing between analytical procedures and tests of details.
503.24 According to AU-C 520.05 in designing substantive analytical procedures, the auditor should consider matters such
as the following:
The suitability of using substantive analytical procedures, given the assertions.
The reliability of the data, whether internal or external, from which the expectation of recorded amounts or ratios is
developed (see paragraph 503.3).
Whether the expectation is sufficiently precise to identify the possibility of material misstatement at the desired level
of assurance.
The amount of any difference between recorded amounts and expected values that is acceptable.
The auditor should obtain audit evidence about the accuracy and completeness of information (both financial and
nonfinancial) used in performing substantive analytical procedures. (AU-C 500.09)
Choosing between Analytical Procedures and Substantive Tests of Details
503.25 The authoritative literature does not explain how to apportion reliance on substantive procedures between tests of
details and analytical procedures except when testing significant risks as discussed in paragraph 502.6. Analytical
procedures may be used to reinforce conclusions based on the results of other substantive procedures or as the sole source
of evidence. That decision is primarily based on the effectiveness of the procedures. Efficiency also may be a factor in
deciding between analytical procedures and substantive tests of details. That is, given two procedures of equal effectiveness,
the auditor chooses the one that is most efficient. Therefore, the auditor would ordinarily use an analytical procedure rather
than a test of details if the analytical procedure is at least as effective in reducing detection risk to the desired level as the test
of details and is easier to apply.
503.26 Generally, the higher the assessed risk of material misstatement, the more effective analytical procedures need to be
before they can be relied on instead of tests of details. Accordingly, auditors tend to use tests of details more extensively in
high risk audit areas (such as areas containing fraud risks or other significant risks) and analytical procedures more often in
low risk areas or as secondary rather than primary auditing procedures. However, if the auditor performs highly effective
analytical procedures, it may be possible to reduce the extent of detail testing even in areas where significant risks exist. The
effectiveness of analytical procedures in reducing detection risk in comparison with the effectiveness of tests of details
generally depends on the facts and circumstances. However, the following are some general observations:
a. Analytical procedures are generally not effective in testing assertions about rights or obligations or assertions related
to presentation and disclosure because those assertions do not lend themselves to testing through comparisons
with expectations. Therefore, analytical procedures would not be effective responses for risks related to matters
such as parties to transactions lacking in economic substance or intentional ambiguity in financial statement
disclosures.
b. Relationships involving transactions over a period of time (that is, income statement accounts) tend to be more
predictable than relationships at a point in time (that is, balance sheet accounts). Because of the difficulty in
developing expectations about a balance at a point in time with sufficient precision, analytical procedures are often
not as effective as tests of details for assertions about the existence of assets and liabilities. Therefore, analytical
procedures would not be as effective as tests of details when responding to risks such as recording false
receivables or including items in inventory that are false or mislabeled.
c. Analytical procedures are often equally or more effective than tests of details for assertions about the completeness
of assets, liabilities, revenues, and expenses. When testing for completeness, misstatements would often not be
apparent from inspecting detailed evidence in the accounting records. For example, the analytical procedure of
comparing the relief of inventory to recorded sales may be equally or more effective than testing daily sales reports
in detecting a material misappropriation of cash sales receipts in a retail organization.
d. Analytical procedures are often equally or more effective than tests of details for assertions about the occurrence of
revenues. For example, comparing recorded sales with the amount expected, based on a reliable record of units
sold and average prices, especially if comparisons are made by product line, may be as likely to detect a material
misstatement of assertions about the occurrence of revenues as inspecting supporting documentation for a sample
of recorded sales. Analytical procedures are more reliable if they are based on reliable data produced outside the
accounting system (for example, operating data used to manage the entity). See discussion beginning at paragraph
503.3.
e. Analytical procedures are often equally or more effective than tests of details for assertions about the occurrence of
certain expenses. For example, comparing recorded production labor costs with the amount expected, based on the
number of people required for the volume sustained during the year, may be as likely to detect a material
misstatement resulting from errors as looking at supporting documentation for a sample of recorded compensation
expense. However, if fraud is a concern, analytical procedures may not be effective. For example, if management is
able to manipulate expense accounts so that ratios appear reasonable, ratio analysis would not be an effective
analytical procedure for detecting material misstatements.
f. Analytical procedures may be as effective as tests of details for assertions about the valuation of some assets and
liabilities but not for others. Generally, whether an analytical procedure is as effective as a test of details for a
valuation assertion depends on whether an expectation can be developed. For example
(1) An analytical procedure may be as effective as a test of details for assertions about the valuation of customer
accounts receivable that are made up of a large number of relatively small balances. However, a test of details
may be more effective when some account balances are disproportionately large. In that situation, failure to
record an allowance for uncollectible amounts resulting from a deterioration in the financial condition of one of
those customers either before or after year-end would most likely not be detected by an analytical procedure.
(2) An analytical procedure may be as effective for valuation assertions about an entitys obligation under a
continuing warranty program, but a test of details may be more effective for a new warranty program. In that
situation, the newness of the program makes developing an expectation with the desired precision more
difficult.
g. Substantive tests of details may be more effective for valuation assertions in an unstable environment. The ability to
develop an expectation that approximates the recorded amount is greater when the environment is stable. For
example, when interest rates are fluctuating widely, it is difficult to develop a precise expectation about interest
expense. Similarly, when transactions involve management discretion, such as the choice of repairing versus
replacing existing assets, there is also less predictability in expected relationships.
504 TESTS OF DETAILS
504.1 Tests of details may be applied to transactions or to balances. Those tests can be described as follows:
a. Tests of Transactions. These are tests of the processing of individual transactions by inspection of the documents
and accounting records involved in processing, e.g., tracing a sample of shipping documents to the sales journal to
see whether shipments have been recorded as sales.
b. Tests of Balances. These are tests applied directly to the details of balances in general ledger accounts, e.g.,
confirming the balances of accounts in the accounts receivable subsidiary ledger with individual customers.
Tests of transactions and tests of balances are related because each class of transactions affects a related account balance.
For example, sales transactions affect the accounts receivable balance. An auditor may test the transactions that enter an
account balance, the individual items included in the ending balance, or both. Generally, tests of balances are more efficient
and effective than tests of transactions because transaction tests are applied to individual transactions and may be more
time-consuming than direct tests of a balance that results from many transactions.
Confusion about Tests of Details of Transactions
504.2 Inspection of documents and accounting records may be involved in both tests of controls directed toward operating
effectiveness (if controls leave a documentary trail) and tests of details of transactions. For this reason, some auditors have
equated tests of details of transactions and tests of controls. The difference is in the objective of the test. The mere fact that a
transaction rather than a balance is being tested does not make the test a test of controls. For example, the inspection of
invoices in support of additions to property, plant, and equipment is a substantive procedure. The objective of the test is to
substantiate the balance of the property account by testing the transactions, i.e., the additions. The same principle applies to
other types of transactions or balances. For example, sales transactions may be tested to substantiate total revenue without
being concerned with the effectiveness of control policies and procedures for processing sales transactions. It is the objective
of the test and not whether it is applied to a class of transactions or a balance that determines whether the test is a test of
controls or a substantive procedure. Substantive procedures, including tests of details of transactions, are normally applied
after the auditor has obtained an understanding of internal control, but substantive tests of details of transactions in the
current period may contribute to the auditors understanding in subsequent periods. Tests of details of transactions can be
performed concurrently with tests of controls as discussed beginning at paragraph 606.15.
Selecting Items for Testing
504.3 AU-C 330.A65 notes that an important consideration in the effectiveness of audit evidence from tests of details is
selecting the items to test. Items need to be selected in a way that is effective in meeting the purpose of the test. Alternatives
in selection of items to test include
Selecting All Items. Generally, an entire population is selected when either the population contains a small number
of large-value items or a significant risk exists and other means do not provide sufficient appropriate audit evidence.
Selecting Specific or Individually Significant Items. Individually significant items are discussed in section 702.
Audit Sampling. Audit sampling is discussed in Chapter 7.
Required Documentation
504.4 For substantive tests of details, AU-C 230, Audit Documentation, requires documentation to include identifying
characteristics of the items tested. The authors believe items tested can be identified by listing the items; by including a detail
schedule in the workpapers, such as an aged trial balance, on which the items are identified; or by documenting in the
workpapers the source and selection criteria. Documenting specific items tested is discussed in section 802.
505 SUBSTANTIVE ANALYTICAL PROCEDURES
Types and Purposes of Analytical Procedures
505.1 What Are Analytical Procedures? Analytical procedures are evaluations of financial information made by a study and
comparison of plausible relationships among both financial and nonfinancial data. Analytical procedures include trend
analysis, ratio analysis, and predictive or reasonableness tests. Using analytical procedures generally involves:
a. developing an expectation of what an account balance should be,
b. comparing the expected amount with the recorded amount,
c. determining whether any difference between the recorded and expected amount is significant,
d. investigating the cause of any unexpected significant difference,
e. evaluating the likelihood of material misstatement, and
f. documenting the analytical procedures.
As indicated by items a. and b., analytical procedures involve comparisons of recorded amounts, or ratios of recorded
amounts, to expectations developed by the auditor. These expectations can be developed from a variety of sources of
financial and nonfinancial information, but the most important aspect of developing expectations is having a thorough
knowledge and understanding of the client and its industry and the risks the client faces in doing business.
505.2 Analytical procedures may consist of simple comparisons or complex models. For example, the following are analytical
procedures
a. Comparison of an account balance with the balance of the prior period or with a budgeted amount.
b. Computation of the ratio of one financial statement account balance to the balance in another account that would be
expected to have a predictable relationship to each other, such as computation of the ratio of sales commission
expense to the sales total upon which commission is based, and comparison of the resulting ratio with the known
commission rate.
c. Estimation of investment income by considering the amount invested and the average earnings rate.
Exhibit 5-4 provides common financial statement trends. The Ratio Analysis Worksheet at ASB-CX-9.2 provides common
ratios used in analytical procedures.
Exhibit 5-4
Common Financial Statement Trends
Most entities exhibit relationships in the increases and decreases of financial statement amounts. Unexpected increases or
decreases may indicate that the information supplied by the entity is incorrect, incomplete, or otherwise unsatisfactory.
The following accounts often exhibit a direct relationship (that is, if the primary account increases, the related accounts can
also be expected to increase):
Sales and
Accounts Receivable
Cost of Sales
Selling Expenses
Outbound Freight
Commissions
Inventory and
Accounts Payable
Warehousing Costs
Cost of Sales
Wages and Salaries Expense and
Payroll Taxes
Health Insurance
Interest Expense and
Long-term Debt
Bad Debt Expense
Legal Expense (for collection of bad debts)
Investments and
Investment Income (such as interest and dividends)
* * *
505.3 Most explanations of analytical procedures focus on the steps involved in comparing the recorded amount to the
expectation, but the authors prefer to think of analytical procedures as a coordinated family of procedures that include
scanning and inquiry as well as computations and comparisons. Scanning accounting records to identify unusual or
unexpected relationships, or the absence of expected relationships, is an integral aspect of applying analytical procedures.
What account balances have increased significantly since the prior year? Are there new accounts? Inquiry is also a critical
companion procedure in all aspects of applying analytical procedures. Inquiry procedures are a crucial part of the process of
identifying all of the following: useful analytical procedures, worthwhile sources of information for developing expectations,
and explanations for differences between recorded amounts and expectations.
505.4 Purposes of Analytical Procedures. GAAS identifies the following three categories of analytical procedures based on
the purpose of the procedures:
Preliminary (Planning) Analytical Procedures. Used to enhance the auditors understanding of the clients business
and assist in assessing areas of specific risk of misstatement by identifying unexpected relationships among
account balances or the absence of expected relationships. (AU-C 315.06 and 315.A8)
Substantive Analytical Procedures. Used to obtain audit evidence about potential misstatements. (AU-C 520.05)
Overall Review Analytical Procedures. Used in the final review stage of the audit. (AU-C 520.06)
Both preliminary and overall review analytical procedures are required in an audit of financial statements, but use of
substantive analytical procedures is discretionary. Preliminary analytical procedures are explained in section 301 as an
important step in audit planning and risk assessment. Overall review analytical procedures, discussed in section 1811, are
part of the final review of the financial statements to assure that the numbers make sense. This final step in the audit is made
to be sure the auditor has obtained a sufficient understanding of the financial statements during the audit. Substantive
analytical procedures are explained in this section.
505.5 What Distinguishes Substantive Analytical Procedures? The purpose of the analytical procedures and the level of
assurance desired are what distinguish substantive analytical procedures from preliminary and overall review analytical
procedures. No particular types of analytical procedures are exclusively substantive procedures. The same procedures,
ratios, or relationships might be used for more than one of the three purposes of analytical procedures. For example,
scanning the accounts receivable aging might be done at an interim date during initial planning to identify the risk of
collectibility problems. The same procedure might be performed during the audit as part of the evaluation of the adequacy of
the allowance for bad debts. The gross profit ratio might be used in all three stages of the audit, but would likely be applied at
a more detailed levelby product line, department, or locationas a substantive analytical procedure.
505.6 Substantive analytical procedures are focused on particular account balances, and the auditor will have already
assessed the risk of misstatement of the account balance, including the likely direction of the misstatement. The auditor will
have decided that the performance of analytical procedures alone or in combination with tests of details is likely to provide
reasonable assurance that the account balance is not materially misstated in relation to the overall financial statements. To
accomplish this, the auditor will have concluded that a sufficiently precise expectation of the recorded amount being tested
can be developed from reliable financial or nonfinancial data.
505.7 Substantive analytical procedures will either be the primary test of the account balance or will be used in combination
with tests of details. Essential features of substantive analytical procedures are developing expectations by identifying
plausibly related and reliable data, and identifying whether there are differences from those expectations that require
investigation. If the differences from expectations are sufficiently small, the auditor can conclude that there is reasonable
assurance the account balance is not misstated. Larger differences have to be investigated by obtaining and corroborating
explanations.
How to Design Effective Substantive Analytical Procedures
505.8 Analytical procedures have been described as a natural extension of the process of understanding the clients
business. Substantive analytical procedures are a focused way of translating this understanding into reasonable assurance
that a particular account balance is not materially misstated.
505.9 According to AU-C 520.05, when designing substantive analytical procedures, the auditor should consider whether:
The use of substantive analytical procedures is appropriate considering the relevant assertions.
The data from which the expectation of recorded amounts or ratios is developed is reliable.
The expectation is sufficiently precise to identify the possibility of a material misstatement at the desired level of
assurance.
The amount of any difference in recorded amounts from expected values that is acceptable.
505.10 Exhibit 5-5 provides factors that affect the expected effectiveness of an analytical procedure. A certain number of
these factors are discussed in the following paragraphs and in the discussion beginning with paragraph 505.22. The
discussion in this section provides practical advice on designing effective analytical procedures tailored to the clients
circumstances.
Exhibit 5-5
Factors Affecting the Expected Effectiveness of an Analytical Procedure
Nature of the Account. (Income statement accounts are generally more favorable to the use of analytical procedures as
substantive tests than are balance-sheet accounts. Also, substantive analytical procedures generally are more effective
for accounts that have a large volume of transactions that are predictable over time.)
Nature of the Assertion Being Tested. (Analytical procedures can be more effective than tests of details for testing the
completeness assertion.)
Likely Cause of Potential Misstatement. (Analytical procedures tend to be more effective when the risk of misstatement is
assessed as being primarily from error rather than from fraud.)
Degree of Relationship among the Data to Which the Analytical Procedure Is Applied.
The Stability of the Client Environment. (Analytical procedures are generally more effective in a stable environment.)
Existence of Offsetting Factors that affect the amount being tested, for example, if product mix affects total sales.
The Source and Reliability of Data Used in the Test. (Examples of reliable data include internal financial information from
comparable prior periods, budgets, extrapolations from interim or annual data, or data developed under a reliable
system with adequate controls; internal nonfinancial or operating data from sources independent of those responsible for
the amount being audited; and external industry statistics or comparable company data.)
The Level of Detail Used to Develop the Expectation. (For instance, a more effective test generally results from the use of
monthly rather than annual data, or data by department or product line rather than company-wide data.)
* * *
505.11 First Ask Management. A productive initial step in designing effective substantive analytical procedures is to first ask
management what ratios, relationships, and internal or external data management finds particularly useful in running the
business, and particularly, in identifying and monitoring business risks. This also helps the auditor to get a better feeling for
how the business really works. What are the key factors that management monitors to stay on top of operations? Are there
industry or trade publications that provide particularly useful information? Do any published statistics on the economy or the
industry help management to be aware of important trends or patterns? In some cases, management may have prepared
reports with ratio analyses and comparisons the auditor can use. The auditor ordinarily gains this knowledge from
management while performing risk assessment procedures (using ASB-CX-3.1).
505.12 Some businesses are very sensitive to seasonal patterns. Weather conditions significantly affect many businesses.
For example, automotive parts businesses are generally more likely to have declining sales and excess inventory if the winter
has been mild. Holidays are also important seasonal factors. Toy stores and novelty stores have greater volume in the last
quarter of the calendar yearparticularly December. Other businesses are particularly sensitive to cyclical patterns in the
economy. For example, the real estate industry is very sensitive to interest rates. Many of these matters are just common
sense, but asking management about the most useful internal and external data can provide important insight.
505.13 Consider the Budgetary Process. In preparing a budget, management has to evaluate the key factors that affect
future operations and the relationships among these factors. Management has to identify relationships among
financial-statement amounts and other financial and nonfinancial data to establish a reliable budget. The auditor may inquire
of management and personnel who develop the budget about what relationships are known to be effective predictors.
Naturally, the auditor needs to consider the reliability of past budgets and the purposes for which management uses budgets.
If budgets are primarily a motivational device or if for that, or other reasons, large budget variances are common, then the
budget will not be very useful to the auditor in designing analytical procedures. However, knowledge of managements use of
budgets will still be worthwhile information in evaluating the control environment and monitoring components of internal
control.
505.14 The auditor may review prior budgets and inquire about managements follow-up of variances to assess the reliability
and effectiveness of the budgetary process. If there is an effective budgetary process, the budget data can be a good source
of auditor expectations. In other words, the auditor can use the budgeted amount for an account balance as the auditors
expectation of the recorded amount. However, the auditor may want to consider using the original budget to determine
variances from actual. The auditor can then determine why actual amounts changed from the original estimate, especially if
the entity amends the budget to mirror actual activity. As a minimum, the inquiries about budget preparation and inspection of
budgets and variance reports provide the auditor with a good working knowledge of the key factors that affect particular
account balances and the stability of plausible relationships. For example, is payroll expense driven by the number of
employees? How closely do property additions track the capital budget? What operating data are most useful for predicting
expense levels? The auditor could use such information in deciding what ratios to compute or predictive tests to design.
505.15 Identify Comparables. For years, there have been suggestions that auditors consider making greater use of industry
statistics as a source of data for comparisons in performing analytical procedures. These comparisons provide insight on how
the clients performance compares to that of competitors. Are the clients sales up and payables down when competitors are
experiencing the opposite results? A significant variation from an industry average indicates a risk of potential misstatement
and warrants being investigated.
505.16 Exhibit 5-6 lists possible sources of industry information. In addition, if the client belongs to a trade organization, it
might have access to financial trend information of the other members accumulated by the trade organization. Industry
statistics are, however, generally underused by auditors for a variety of reasons. There might be no industry group that
accumulates statistics. There might be no NAICS
1(36)
or SIC code that corresponds sufficiently to the clients operations.
Use of NAICS or SIC codes can also result in comparing a client in a single industry with more diversified companies. Industry
statistics blur differences caused by different accounting methods or differences in operations related to class of customer,
geographic location, organizational or financial structure, or product quality. Also, industry statistics may be skewed because
one or a few major companies dominate the industry.
Exhibit 5-6
Selected Sources of Basic Economic and Industry Data
Publication
a
/Internet Site
Description
The Food Retailing
Industry Speaks
b
This annual report provides a picture of supermarket companies, including key
financial ratios, profits and the effects of external factors. The report can be ordered
from the Food Marketing Institute at www.fmi.org.
Publication
a
/Internet Site
Description
Barrons This weekly magazine includes economic indicators and information on individual
companies. It can be ordered at www.barrons.com.
Key Value Data Provides subscriptions directed to valuators that include various industry reports,
as well as custom research on virtually any industry sector or segment in U.S.
geographical areas. Additional information can be obtained at
www.keyvaluedata.com.
Clubs in Town & Country
b Annual statistical review by PKF Hospitality Research incorporates operating and
financial data on private clubs in the U.S. Information includes annual operating
costs per regular member by geographic divisions and size classifications, divided
into country clubs and city clubs. Additional information can be obtained from PKF
at www.pkfc.com.
Encyclopedia of
Associations
Most industries have trade associations that can be good sources of general
industry data. The Encyclopedia of Associations: National Organizations of the U.S.
provides the names and telephone numbers of virtually every trade and
professional association in the United States. It can be ordered from Gale
Cengage Learningr at www.gale.cengage.com.
Federal Reserve Bulletin This bulletin is published by the Board of Governors of the Federal Reserve
System. It provides money market and capital market data, which can be helpful in
assessing the monetary environment at the valuation date. This bulletin also
provides basic business statistics. The Bulletin is only available online, free of
charge, at www.federalreserve.gov/pubs/bulletin.
Financial Ratio Analysis This ratio analysis and industry analysis tool provides the ability to instantly assess
a company or industry. These tools provide for in-depth analyses and
comparisons. They include five years of SEC data, all publicly traded companies
and their industries, and 28 of the most useful financial ratios. They can be
purchased from VentureLine at www.ventureline.com.
Industry Norms and Key
Business Ratios
This resource provides key ratios for more than 800 industries classified into range
sizes. The publication can be purchased from Dun & Bradstreet Information
Services at (866) 711-0437 or www.dnb.com.
Restaurant Industry
Operations Report
b
Annual study by the National Restaurant Association and the accounting firm of
Deloitte which provides financial data on cost of sales, gross profit, direct operating
expenses and other performance measurements. The study can be ordered at
www.restaurant.org.
Retail Horizons:
Benchmarks and
Forecasts
b
This annual publication by the National Retail Federation includes financial,
merchandising, and operating results for numerous retailers. The publication can
be ordered at www.nrf.com.
RMA Annual Statement
Studies
These annual studies provide a great deal of information for over 700 industries.
They may be ordered from Thomson Reuters at (800) 431-9025 or
ppc.thomsonreuters.com. Alternatively, they can be ordered from the Risk
Management Association at www.rmahq.org.
Standard & Poors
Industry Surveys
These surveys provide data on industry structure, trends, and outlook for more
than 50 broad industry groups that are divided into more than 115 subgroups.
Available on Standard and Poors MarketScope Advisor or NetAdvantage.
[Standard & Poors Corporation, www.standardandpoors.com].
Standard & Poors
Register of Corporations,
Directors, and Executives
Lists more than 100,000 U.S. and some Canadian and International companies,
about 85,000 of which are private; lists over 70,000 executives and directors;
provides indexes by NAICS code and location; and lists companies added for the
first time. Available on Standard and Poors NetAdvantage, an online source of
Publication
a
/Internet Site
Description
Directors, and Executives
first time. Available on Standard and Poors NetAdvantage, an online source of
comprehensive business and investment information. [Standard & Poors
Corporation, www.standardandpoors.com].
Standard & Poors Stock
Reports
Provides data on approximately 5,000 public companies, including stock prices,
operating statistics, dividend yields, and betas. Coverage of NYSE, ASE, and OTC
stocks. Available on Standard and Poors NetAdvantage, an online source of
comprehensive business and investment information. [Standard & Poors
Corporation, www.standardandpoors.com].
Statistical Yearbook of the
Electric Power Industry
b
This annual publication by the Edison Electric Institute includes operating statistics.
The data is collected from a variety of public and private sources. Additional
information can be obtained at www.eei.org.
Survey of Current
Business
This monthly publication provides economic and business cycle indicators. It can
be obtained free from the Bureau of Economic Analysis website at
www.bea.gov/scb/index.htm.
Trends in the Hotel
Industry
b
Annual statistical reviews which incorporate operating and financial data on U.S.
hotels. These publications include data for all hotels, full service, limited service,
resort, suite and convention hotels, by geographic location and size. These
publications can be ordered from PKF Hospitality Research at www.pkfc.com.
www.annualreports.com Online annual reports and related financial reports for over 2,200 companies.
www.firstresearch.com First Research Industry Profiles cover over 700 industries and are updated every 90
days.
www.sec.gov/edgar.sht
ml
This site allows the user to extract financial data from SEC Edgar filings by typing in
a company name. It also provides links to the companys financial data.
www.wisi.com This site provides detailed analysis of over 31,000 U.S. and international public and
private companies, including research reports, company profiles, earnings
information, and analyst reports.
Notes:
a
Many of these publications can also be found in larger public and university libraries.
b
Most industries have at least one publication which contains that particular industrys ratios and statistics. These
publications are often available through the applicable leading industry organizations and can often be found by
searching the appropriate website.
* * *
505.17 To overcome the problems described in paragraph 505.16, the auditor may narrow the focus and attempt to find a
few (or even just one) companies comparable to the client. The auditor can do this by asking management to identify the
closest competitors or the closest single competitor. If the closest competitors are not public companies, more effort might be
needed to obtain financial statements. For example, a major supplier within the industry may have collected financial
statements of its customers and might share the information. However, the insight provided by comparing the clients financial
statements to those of a single comparable company can be very useful and worth the effort. Is the clients gross profit ratio
dramatically better? Are 80% of the clients total assets in property and only 40% of the competitors? Perhaps the client has
overstated property as a result of improperly capitalizing production costs or has impairment issues.
505.18 Talk to Operating Personnel. The auditor needs to get outside the accounting department and talk to other than
financial management personnel when designing and performing analytical procedures. Discussions with operating
management and personnel can be invaluable in learning enough about the clients operations and business risks to design
effective analytical procedures.
505.19 For instance, the auditor can interview the warehouse manager to better understand the process for shipping goods
and to determine whether there is reliable data maintained in the warehouse on units shipped. This information can be used
to develop an expectation of the recorded amount of sales. Review of the marketing plan with the director of marketing can
also be useful in developing a reliable expectation of revenue. In a not-for-profit organization, discussions with the director of
fund-raising can provide similar insight. Throughout every business, there are operating personnel who can educate the
auditor on the transactions related to their department or function.
505.20 Generally, operating departments can be a source of reliable data outside the influence of accounting personnel who
record transactions related to those operating functions. The auditor considers whether the data in the operating department
is independent of the accounting department. The auditor also considers whether the preparation of the operating data is
subject to manipulation by senior management in a manner that would permit management to alter both the operating and
related accounting data.
505.21 Discussions with operating personnel enhance the auditors understanding of the significant transactions and events
that have affected the financial statements and might corroborate the auditors risk-assessment conclusions. The enhanced
understanding can lead to improvements in the development of expectations of recorded amounts as well as a more insightful
evaluation of differences from those expectations.
Consider Whether Circumstances Are Favorable to Substantive Analytical Procedures
505.22 Audit Area or Type of Account. Certain circumstances are favorable to the use of substantive analytical procedures
as the primary, or an important, source of assurance on an account balance. Some account balances or assertions lend
themselves to use of substantive analytical procedures. Erroneous conclusions may result if analytical procedures are applied
to data that appear to be related but really are not. Generally, relationships among income-statement account balances, or
income-statement and certain balance-sheet account balances are more predictable than relationships only among
balance-sheet items. For example, there is usually a predictable relationship between sales and cost of sales amounts. There
is also usually a persistent pattern in the trend of sales amounts and inventory amounts. However, the comparison of the
balance of cash between the current period and prior periods or with other balance-sheet accounts is usually less predictable.
The reason for this is that income-statement account balances are the accumulation of relatively similar transactions over a
period of time. As a result, income-statement account balances often have a more predictable relationship with other financial
or nonfinancial information. In contrast, balance-sheet account balances are often the net result at a point in time of several
different classes of transactions and are more susceptible to change caused by discretionary management decisions. Also,
the auditor considers whether there are multiple or offsetting factors affecting the amount being tested.
505.23 Generally, the higher the assessed risk of material misstatement, the more effective analytical procedures need to be
before they can be relied on instead of tests of details. Accordingly, auditors tend to supplement analytical procedures with
tests of details in high risk audit areas and rely on analytical procedures more often in low risk areas. However, if the auditor
has highly effective analytical procedures, it may be possible to reduce the extent of detail testing needed even in high risk
areas. Chapters 1017 provide guidance for relying on analytical procedures to test specific financial statement components.
505.24 In many industries, there is a critical operating statistic that has a fairly constant relationship with other aspects of
operations. An auditor can make effective use of the relationship of that statistic to key financial statement components. For
example, in a hospital there be a relationship between the number of beds and inventory levels. If inventory levels differ
significantly from the amount that would be plausibly expected for the number of beds, the auditor needs to understand why.
Another example is substantiating inventory of a convenience store client with many locations. An auditor may be able to
observe and price test inventory in one store and, using square footage as a base, project the amount of inventory for all
locations. The key to this use of analytical procedures is identifying a reliable operating statistic, whether it be customers,
patients, or yards of concrete poured.
505.25 Likely Cause of Potential Misstatements. Substantive analytical procedures tend to be more useful as the primary
substantive test when the risk of misstatement has been assessed as being primarily from error. This is because errors by
nature are as likely to be understatements as overstatements. Generally, a substantive analytical procedure is effective for
simultaneously testing for both overstatements and understatements. Tests of details tend to be directed to either
overstatement or understatement. For example, a predictive test of revenue developed from operating data be effective for
detecting either overstatement or understatement of recorded revenue. In contrast, tests of details usually focus on a single
direction. Detection of understatement, for example, is the focus of tracing from shipping records to recorded sales, while
overstatement of sales is more likely to be detected by inspecting sales invoices or confirming accounts receivable. Also,
errors are unintentional; therefore, no one is attempting to conceal them. For example, a senior management executive who
has intentionally understated cost of sales by improper capitalization of production costs might reclassify other expenses as
cost of sales to maintain a normal gross profit margin. This does not mean, however, that analytical procedures are useless
as tools in fraud detection. Analytical procedures are an important aid in detecting fraud. Use of analytical procedures when
the general risk analysis indicates a greater risk of fraud is explained starting at paragraph 505.38.
505.26 Availability of Reliable Data. Because substantive analytical procedures involve developing an expectation of a
recorded amount based on a plausible relationship between that amount and financial or nonfinancial data, another
circumstance that favors use of these procedures is the availability of reliable data to develop expectations. Generally, data
obtained from an independent outside source are better than internal data. Nonfinancial data from an independent operating
department tend to be more reliable than data under the influence and control of the accounting department when there are
effective controls over collection of the operating data. Data from the accounting department are more reliable when controls
over the accounting system are effective. Audited data are more reliable than unaudited data. The data might be audited by
the auditor or by internal auditors judged to be objective and competent. Generally, the auditor exercises professional
skepticism in evaluating the reliability of available data and seeks more reliable data to achieve greater precision.
505.27 Precision of Expectation. Another related consideration is whether the expectation can be developed with
reasonable precision. Precision is the term used to describe the degree of accuracy of the expectation developed by the
auditor to the actual amount. When an auditor is combining the evidence from substantive analytical procedures with
evidence from tests of details, a less precise expectation may be appropriate. A more precise expectation may be necessary
when the substantive analytical procedure is the only procedure planned to address a particular risk of material misstatement.
505.28 Other things remaining equal, the larger the recorded amount, the more difficult it is to develop a precise expectation.
This is because a small percentage of a very large recorded amount can be material to the financial statements taken as a
whole. For example, the planning materiality amount calculated using total revenue as the benchmark might range from .5%
to 1% of total revenue, and performance materiality would be less than planning materiality. This means that an expectation
developed of recorded total annual revenue would need to be within less than 1% of the recorded amount to be used as the
primary substantive test of total annual revenue without additional evidence. In some cases, the data might be reliable enough
to develop such a precise expectation; but, in other cases, the auditor might need to break the recorded amount down into
more predictable components. Expectations developed at a more detailed level have a greater chance of detecting a
misstatement of a given amount. For example, expectations developed concerning monthly amounts are generally more
precise than annual amounts. Comparisons by location, department, or line of business are generally more precise than
entity-wide comparisons. Sometimes, an account balance can be separated into different categories of transactions. For
example, sales might be separated into foreign and domestic, or payroll expense might be separated into salaried and hourly
employees.
505.29 As an example of how disaggregation can improve precision, assume that an auditor is analytically testing the
recorded rent expense of $438,200 for an entity that has six leases. The auditors expectation is that this years expense will
vary from last years expense only for rent increases called for by the lease agreements. Assuming all lease increases were in
effect for the entire year, the only change to consider in developing the expectation is the increase in rent called for by the
lease agreements.
505.30 Disaggregating according to changes in called-for increases requires knowledge of the range of the scheduled
increases and their proportionate effect. To illustrate, assume that half the rent expense comes from leases that have a 3%
escalation clause and the other half comes from leases with a 5% escalation clause. The effect of those changes is the 4%
simple average of those two percentages.
505.31 But what if each lease had a different increase, for example, 2%, 3%, 3%, 5%, 6%, and 10%? The simple average of
those percentage increases is 4.83%. Whether that varies enough from the weighted average to obscure a material
misstatement depends mainly on the magnitude of the expense from the 10% lease in proportion to the rent expense from the
other leases. If the lease that calls for a 10% increase makes up a significant portion of total rent expense, basing the
expectation on the simple average could cause the practitioner to fail to detect a material misstatement.
505.32 To illustrate, assume that the change in rent expense for each of the six leases is
Prior-year Rent % Increase Current-year Rent
$ 30,000 102% $ 30,600
40,000 103% 41,200
50,000 103% 51,500
50,000 105% 52,500
40,000 106% 42,400
210,000 103.9% 218,200
200,000 110% 220,000
$ 410,000 106.88% $ 438,200
The 3.9% weighted average rate of increase for the first five leases is close to their 3.8% simple average. However, the 6.88%
weighted average rate of all increases differs by just over 2% from the overall 4.83% simple average. The difference increases
as the 10% lease becomes more significant and decreases as it becomes less significant.
505.33 The information needed to make the decision about whether to use the simple or weighted average can be made
without looking at each lease. For example, through inquiries of management, the auditor may find that the entity has one
large lease for the main operating facilities and that it accounts for about half the rent expense and has a 10% scheduled rent
increase. The remaining rent expense is spread approximately evenly over five outlets under leases that call for increases
generally ranging from 2% to 5%. Using this information, the auditor could develop an expectation with a high degree of
precision that rent expense this year be
Allocation of last years expense assuming about half
is for the operating facilities
Operating facilities $ 205,000
Outlets 205,000
$ 410,000
Expected expense this year
Operating facilities$205,000 110%
$ 225,500
Outlets$205,000 103.5% (using the simple
average of 2% and 5%) 212,175
$ 437,675
This expectation differs only insignificantly from the $438,200 recorded expense.
505.34 Efficiency. Another consideration that affects a primarily substantive analytical procedures approach is the relative
efficiency of tests of details for the account balance. Other things remaining equal, an account balance composed of a small
number of large items can be tested more efficiently and effectively using tests of details. If an account balance has a large
number of small items, efficiency can usually be improved by using substantive analytical procedures to test the total
recorded amount. Analytical procedures are also more efficient and effective when the relationship between available data
has proven to be relatively predictable and stable in the past. For example, the precision of analytical procedures using trend
analysis and ratio analysis is improved when the underlying relationships are known to be reasonably predictable and the
business environment is relatively stable.
Using Computer Software to Help Perform the Analytical Procedures
505.35 Analytical procedures can often be designed using trial balance or spreadsheet software. For example
a. Changes in amounts or relationships between amounts over two or more periods can be calculated using either the
report features of trial balance software or worksheets designed for the engagement by the auditor using
spreadsheet software such as Microsofts Excel.
b. Regression analyses of relationships between results for two or more periods can be performed using the
regression analysis feature found in recent versions of Excel.
505.36 Data Extraction Software (DES). DES can also be used to assist in performing analytical procedures. DES allows
the practitioner to analyze information downloaded from a clients computer system. Procedures such as calculating and
sorting percentage variances in accounts between periods and calculating financial ratios can be performed using DES. In
addition, those procedures can be performed at a detailed level as easily as at an aggregated level, resulting in a higher level
of precision.
505.37 Since most clients maintain much of their financial information electronically, DES is becoming a more common and
important tool. It can be especially important in situations where the client maintains very large data files or processes
substantially all of its activities electronically. Chapter 9 of this Guide provides guidance on using DES.
Analytical Procedures and Fraud Detection
505.38 An important factor behind the decision to require analytical procedures in all audits of financial statements was
research that indicated that use of analytical procedures was a frequent factor leading to detection of management fraud or
cooking the books. Analytical procedures are required in the planning stage of the audit to make sure the auditor looks at the
big picture first and recognizes areas where fraud risk is greater. Likewise, professional standards require analytical
procedures in the final review stage of the audit to make sure the auditor looks at the financial statements in total at the end to
see that they make sense based on the auditors understanding of the business obtained during the audit. More detailed
preliminary analytical procedures or substantive analytical procedures used during the audit can also be helpful in detecting
whether the books have been cooked. AU-C 240.34 requires that the auditor evaluate whether analytical procedures
performed as substantive procedures or in the overall review stage of the audit indicate a previously unrecognized risk of
material misstatement due to fraud. (Analytical procedures relating to revenue are required in planning the audit as discussed
beginning at paragraph 301.44.) For example, significant and unusual relationships related to year-end revenue or income,
such as unusually large amounts of revenue or gains near the end of the reporting period from unusual transactions, might be
indicative of fraud. Additional examples of such unusual or unexpected relationships are as follows:
a. Significant net income, but negative or significantly smaller, cash flows from operations.
b. Inconsistencies among changes in inventory, accounts payable, sales, or cost of sales from the prior period to the
current period.
c. Profitability inconsistent with industry trends.
d. Inconsistencies between bad debt write-offs and comparable industry data.
e. Unexpected or unexplained relationships between recorded sales volume and production statistics maintained by
operating personnel.
Also, the auditor should investigate responses to inquiries about analytical relationships that have been vague, implausible, or
inconsistent with the auditors knowledge or other audit evidence. (AU-C 240.14)
505.39 A word of caution on analytical procedures and fraud detection is necessary. Analytical procedures can be very
effective in identifying audit areas with an increased risk of fraudulent financial reporting, but the absence of significant
fluctuations is not reliable evidence of the absence of a risk of material misstatement due to fraud. Management can
manipulate recorded amounts to make relationships appear normal to conceal fraud.
505.40 Generally, analytical procedures are useful for identifying audit areas in which there is an increased risk of material
misstatement from cooking the books. Analytical procedures usually do not provide sufficient evidence to resolve whether a
potential material misstatement is caused by fraud, but are efficient and effective for directing the auditors attention to
account balances that require investigation of a potential fraud. In this area, particularly, it is important to recognize that there
are no magic ratios or relationships that work for all clients. Also, a solid understanding of the clients business is even more
critical in designing effective analytical procedures in this area. The auditor cannot recognize unusual relationships, the
absence of expected relationships, or other anomalies in the financial statements unless the auditor has a good sense of what
the financial statements should look like in the clients circumstances. In other words, the auditor needs to know what is
usualwhat should be therebefore the unusual can be recognized.
505.41 When there is a greater than normal risk of cooking the books, finding at least one comparable entity for analytical
comparisons as recommended beginning at paragraph 505.17 can be extremely helpful and provide needed insight to what
relationships are anomalous. By comparing the activity and the profitability of the client to a comparable company, the auditor
can more readily identify unexpected relationships or the absence of expected relationships as well as develop better
expectations of recorded amounts. If economic conditions are reducing the profitability of competitors, but the clients own
profitability is improving, the auditor ought to obtain an understanding of why the clients business is going counter to industry
trends. If there are fraud risk factors present, the auditors assessment of the risk of cooking the books increases. The auditor
needs to obtain an adequate explanation from knowledgeable personnel and skeptically evaluate and corroborate the
explanation.
505.42 Substantive analytical procedures focused on particular recorded amounts are useful in refining the assessment of
the risk of misstatement from cooking the books. When the primary risk is cooking the books, the focus of analytical
procedures is generally on the revenues and expenses that might be misstated to misstate earnings. The particular analytical
procedures have to be designed to fit the specialized circumstances of the client and its industry. However, comparisons of
actual cash receipts and disbursements with recorded accrued amounts and identifying what portion of a total recorded
amount is dependent on a subjective estimate are generally useful. For example, in the contracting industry, the auditor might
calculate the portion of recorded gross profit that is from completed contracts. If a very large portion of contract profit is from
uncompleted contracts and, therefore, dependent on subjective estimates to complete, the risk of misstatement is increased.
505.43 In some specialized industries, the accounting is relatively complex. For example, in mortgage banking and similar
activities where loans are sold and serviced, the gain on sale of loans can be a mix of cash proceeds and discounted future
cash flows. The portion of the gain dependent on estimates and assumptions is much more susceptible to manipulation. By
dividing a recorded amount into high- and low-exposure components, the auditor can design a mix of procedures such as
using substantive analytical procedures for the low-exposure component and more effective tests of details for the
high-exposure component. However, this does not mean that tests of details are always more effective. For example, if the
risk of cooking the books is understatement of revenues from skimming, analytical procedures using an expectation of
revenue developed from operating data might be more effective than tests of details in identifying a potential material
understatement.
505.44 Ratios that compare cash flow related to a recorded amount to the total amount often provide a specific quantification
of widely recognized plausible relationships. For example, generally there should be a pattern in the trend of sales and
receivables. A higher percentage increase in receivables than sales is an unexpected relationship. A more specific
quantification using this relationship is a computation of the portion of revenue recognized during the period that has been
collected in cash.
505.45 Some auditors find that a useful way to get an overall perspective on the cash component of recorded accrual
amounts is to compare income-statement balances with the components of cash flow from operations calculated using the
direct method. A highly profitable company with continuing negative cash flow from operations is a serious warning sign of a
higher risk the books are cooked. On the other hand, if recorded cash flow from operations is positive, but the company
experiences inexplicable cash shortages, that is a warning sign of stealing. Generally, noncash amounts are easier to
manipulate than actual cash flows. That is why quantification of the portion of a recorded amount that is noncash can be a
useful measure of exposure. For example, the auditor may consider whether overhead capitalized as a cost of inventory is in
line with operating results for the year. Capitalizing a greater proportion of overhead costs than is supported by operating
results may be an indicator of fraudulent financial reporting. For example, a burden rate that increases to 15% from a
consistent average of approximately 10% when there has been no significant change in operations may be a sign that
management is attempting to inflate earnings by improperly capitalizing overhead costs.
505.46 Whether the assessed risk is of stealing or cooking the books, imaginative use of analytical procedures can be useful
in refining the risk assessment for detecting the misstatement. For example, the following comparisons are useful because the
perpetrator of the fraud is generally unable to manipulate the volume data that should follow the same trend as reported
amounts.
Utilities. If a business is utility intensive, it may be useful to look at trends in relation to changes in electricity usage
(kilowatt hours) or water usage (gallons). For example, in an automated car wash, trends in revenue should be
relatively consistent with electricity and water usage. An employee stealing cash receipts or management inflating
revenue cannot control the volume of usage.
Inventory Component Usage. If a particular component is critical to a completed product, it might be possible to
analyze trends in inventory, production, and sales based on the use of that component. Unusual trends in use of the
component could be a sign of stealing or cooking the books.
Labor Hours or Number of Employees. Depending on the business, the number of employees or hours worked can
be compared to a variety of financial statement amounts, including labor cost, production cost, or revenue.
Sales of Companion Products. If a particular product has a companion product often sold with it, such as optional
equipment, installation kits, or service contracts, it may be useful to study trends in unit sales of both core products
and companion products.
505.47 By comparing the trends of operating volume measures to recorded amounts, the auditor can identify account
balances with a risk of misstatement due to fraud. Generally, this approach is equally effective for stealing and cooking the
books. For example, if labor costs are increasing, but wage rates have not increased and the number of employees has not
increased proportionately, there may be a payroll fraud involving a padded payroll or duplicate payroll checks. On the other
hand, a decrease in labor costs without a reduction in hours worked might be indicative of improper capitalization of direct
labor. A similar example is the comparison of water and electricity usage and recorded revenue at a car wash. If usage is
increasing and revenue is decreasing, there may be theft of cash receipts. If revenue is increasing but usage is not, there may
be inflated revenue. The preceding discussion focuses on fraud, but these types of comparisons may also be useful in
detecting misstatements due to error.
505.48 Corroboration of Explanations. An important consideration related to fraud detection (as well as error detection) is
the evaluation and corroboration of managements explanations for significant differences from the auditors expectations. In
this area, the main ingredients for effectiveness are healthy doses of common sense and professional skepticism. An attitude
that includes a questioning mind and a critical assessment of audit evidence is necessary to exercise professional skepticism.
The auditor needs to adopt a show me attitude and not accept explanations that are contrary to business or economic
sense or that conflict with the auditors understanding of the clients circumstance.
505.49 For a client that sells goods on credit, recorded amounts for sales, receivables, cost of sales, inventory, and payables
are linked in an operating cycle that should result in plausible, persistent relationships. A management cooking the books
usually has difficulty in getting all these relationships to move in expected directions simultaneously. If sales at a particular
location are declining, but inventory at that same location is increasing significantly, the auditor ought to question why and
regard the response skeptically. For example, management might explain that more goods have been shipped to that
location to pressure location management to move more merchandise. The auditor does not accept the explanation at face
value. Is the increase in inventory reasonable considering the square footage and available storage space at the location?
How does inventory per square foot compare to other locations? The auditor may, if possible, select that location to visit for
the inventory observation or, as a minimum, visit the location and interview local management. The auditor evaluates
explanations in light of the knowledge and understanding obtained from applying other audit procedures. If the inventory is
increasing and payables are down, the auditor considers the explanation for reasonableness based on the auditors
knowledge of the business. For example, if the client is in a tight cash position, but the explanation for the unexpected decline
in payables is that the client is paying more promptly, the auditor recognizes that the explanation is inconsistent with the
auditors other knowledge and should investigate further.
505.50 Common sense combined with healthy professional skepticism and knowledge of the business are essential to
recognizing that the books are cooked. For example, if the client indicates that equipment operators are being used to
refurbish the equipment or build new facilities, the auditors common sense leads to questions of whether production workers
have the necessary skills. Could equipment operators function as plumbers, electricians, and carpenters? What portion of
production labor is being capitalized? If the percentage is high, say 30% to 40%, how can the client maintain production
levels? How do the clients sales and production trends compare to competitors? How does the clients level of property
compare to competitors? The auditor, in this case, might use specifically designed ratios that facilitate comparison, such as a
sales-to-property ratio.
505.51 In corroborating explanations, the auditor ought to be wary when information that should be readily available is not
supplied promptly. This is an important aspect of professional skepticism. For example, if the auditor compares gross profit
ratios by line of business to prior years ratios and notices that the gross profit ratio on a particular line has increased
dramatically, the auditor carefully evaluates the explanation for the increase. For example, suppose management explains
that a new foreign supplier has been found for that line that has been supplying an improved product at a lower cost.
However, when asked, management cannot promptly produce the vendors invoices, receiving records, or underlying
agreement with the new supplier. This increases the auditors suspicions that the books are cooked, and the auditor should
investigate further. The auditor also ought to be wary when explanations obtained from different sources conflict. For
example, explanations by senior management might be inconsistent with information provided by operating personnel or
reflected in the minutes of board of directors meetings.
Analytical Procedures and Interim Testing
505.52 As explained in more detail in section 507, audit efficiency and effectiveness can often be improved by shifting more
audit work to interim dates. This can permit earlier identification of issues and problems and allow corrective action to be
implemented before final work starts. Also, there are advantages to spreading out the audit work over a longer period of time.
This makes it easier for client personnel because their time preparing for the audit is also spread out. Client personnel have
more time to prepare schedules and answer questions. Also, because the audit work is spread out, the engagement team can
usually be smaller. This not only has budget advantages, but the longer exposure to the client also can improve everyones
understanding of the clients operations.
505.53 When tests of details are performed at an interim date, the auditor may need to perform roll-forward procedures for
the period between the interim date and the balance-sheet date. Analytical procedures are usually an important part of
roll-forward procedures. When substantive tests are performed prior to the balance-sheet date, the auditor may compare and
reconcile information concerning the balance at the balance-sheet date with comparable information at the interim date. This
is an analytical procedure to identify amounts that appear unusual and that therefore should be investigated. These analytical
procedures can be combined with other analytical procedures or tests of details. Substantive analytical procedures are an
efficient way to extend the audit conclusion from the interim date to the balance-sheet date.
505.54 Analytical procedures are particularly useful because the auditors objective in performing roll-forward procedures is
to evaluate whether the recorded amount of transactions between the interim date and the balance-sheet date is reasonable
in relation to the auditors expectation. Because the time period is much shorter than the annual period, the auditors
expectations can generally be developed with more precision. The period may be only one or two months. For example, if the
auditor confirms accounts receivable for a calendar-year company as of November 30, analytical procedures might be an
effective method of extending the auditors conclusions through year-end. Examples of analytical procedures that might be
used as roll-forward procedures in these circumstances are as follows:
December sales to prior-year December sales and to current-year budget for December sales.
A month-by-month comparison of sales for January of the current year through January of the next year.
December gross profit ratio to the gross profit ratios for November and January.
The auditor might also scan sales returns and allowances for December and January. The scanning and comparisons of
ratios and amounts may be supplemented by inquiries of operating personnel about significant or unusual sales or sales
adjustments close to year-end.
505.55 Generally, the lower the level of disaggregation, the more precise the auditors expectation. Month-to-month
comparisons can be useful and effective in detecting significant differences caused by nonroutine journal entries recorded at
the close of a quarter, particularly the final quarter of the fiscal period. The auditor might compare revenue and expense levels
on a month-to-month basis, looking for peaks and valleys at period end.
Analytical Procedures and Accounting Estimates
505.56 The starting point for identifying and evaluating significant accounting estimates made by management is to identify
the need for estimates using knowledge of the business and the results of risk assessment procedures. The next step is
usually inquiry of management and accounting personnel responsible for identified estimates to obtain an understanding of
the methods and procedures used to make the estimates. Analytical procedures can be used in evaluating the
reasonableness of estimates by developing the auditors own expectation of the estimate as a basis for assessing the overall
reasonableness of the estimate.
505.57 Tests of the reasonableness of an accounting estimate often include a combination of tests of details and analytical
procedures. Supporting data are tested for reliability using tests of details, and analytical procedures are used to assess the
reasonableness of the estimate. For example, the auditor might test the aging of accounts receivable for accuracy and then
use the analytical procedures of scanning the aging, considering the historical trends of charge-offs per age category, and
computing the ratio of days sales in receivables and comparing to the prior year. The auditor might also scan the results of
collection activity in the subsequent period.
How to Identify and Evaluate Significant Differences
505.58 After the auditor has developed an expectation of a recorded amount or ratio of recorded amounts from reliable data
and compared the expectation to the recorded amount, the next step is to determine whether there is a significant difference.
Authoritative literature does not define significant differences. AU-C 520.A24 states that the amount of difference that can be
accepted without further investigation is influenced by materiality and the level of assurance desired from the analytical
procedure while taking into account the possibility that a misstatement may cause the financial statements to be materially
misstated.
505.59 If the difference is significant, the auditor should investigate the difference by:
Inquiring of management and obtaining appropriate audit evidence to corroborate managements responses.
Performing other audit procedures as necessary in the circumstances.
505.60 Evaluating of the significance of differences is discussed starting at paragraph 505.61. If the difference is not
significant, the account balance can be accepted as not misstated without performing additional audit work. Corroborating of
the explanation of differences is discussed starting at paragraph 505.64. If a significant difference is not explained by
corroborated information, the auditor typically reconsiders the effectiveness of the analytical procedure, performs additional
procedures, or considers whether to treat the entire difference as a misstatement to be posted to the summary of audit
differences. Considerations before posting differences to the summary of audit differences are discussed starting at
paragraph 505.65.
505.61 Evaluating the Significance of Differences. The significance of the difference ought to be related to what is material
to the financial statements, by financial statement line as well as in the aggregate, rather than being evaluated in terms of the
percentage of the account balance. In some cases, a 2% difference in total annual revenue would be very material to the
financial statements, but a 20% difference in scrap income would be immaterial.
505.62 The practical issue is how to draw the dividing line between the amount that will be considered significant and require
additional audit work and the amount that will be accepted without additional audit work. In establishing this line, the auditor
has to recognize that the difference is not necessarily a reliable estimate of the amount of misstatement in the account
balance. The expectation, rather than the account balance, might be wrong. The goal is simply to develop a workable rule of
thumb for deciding whether further inquiry and investigation is necessary. If a difference is evaluated as not significant and no
further inquiry is deemed necessary, the difference is not a misstatement and is not accumulated and posted to a summary of
audit differences.
505.63 There are complex mathematical models that can be used to compute the dividing line for significance of differences
in particular circumstances. However, this degree of complexity is not necessary if a conservative rule of thumb is adopted.
The authors believe that the range of 10% to one-third (or 331/3%) of tolerable misstatement generally provides a workable
rule of thumb for the significance of a difference. Differences larger than the designated percentage would be considered
significant and require investigation and corroboration of explanations. This guideline is based on the same framework that is
used in many nonstatistical audit sampling plans. The choice of a percentage within this range depends on the level of
assurance desired from the substantive analytical procedure, which in turn depends on the auditors risk assessment. If the
substantive analytical procedure is the primary source of assurance, a percentage toward the low end of the range, say 10%
or 15%, might be used. If the substantive analytical procedure is being used in combination with tests of details, then
one-third of tolerable misstatement might be used. If the substantive analytical procedure is only a supplement to a primary
test of details, then a slightly higher amount might be used.
505.64 Corroborating the Explanation of Differences. The auditors expectation developed in performing substantive
analytical procedures is an estimate or prediction of the amount of an account balance. The evaluation of the significance of
the difference between the account balance and the expectation determines whether the account balance can be accepted as
not misstated without performing additional audit work. If the auditor decides that the expectation is not effective enough (for
example, based on reliable enough data, a precise enough expectation, etc.), then the test needs to be refined (such as
computed in more detail), or the degree of assurance from the analytical procedure needs to be reduced and additional
procedures applied.
505.65 If the auditor evaluates the difference as significant and concludes that the expectation is sufficiently effective (that is,
the expectation is precise enough), the auditor generally performs additional inquiry and analysis. The additional inquiry and
analysis might result in a conclusion that the risk of misstatement of the account balance is acceptable, or alternatively, the
quantification of a misstatement that will be proposed as an audit adjustment. Only the quantified estimate of misstatement
determined by investigation is accumulated and posted to the summary of audit differences. A difference is not treated as a
misstatement before investigating it. Although the difference may indicate one side of the entry needed to adjust the financial
statements, it may not indicate the other side. For example, a difference that indicates that sales are overstated typically
implies that accounts receivable also are overstated. However, if detection risk of the existence assertion about accounts
receivable has already been reduced to an appropriate level, then the offset to the difference in sales cannot be to accounts
receivable. If a significant difference has been investigated and the auditor has concluded that the risk of misstatement is
acceptable, the difference is not posted to the summary of audit differences.
505.66 For significant differences, the auditor should obtain an explanation of the difference and corroborate the explanation.
The auditor avoids the temptation of first asking those responsible for preparing financial statements to explain differences.
The auditor obtains an explanation from a knowledgeable person who is preferably unrelated to financial statement
preparation and analyzes the support for that explanation. Explanations about the reasons for differences might be obtained
from accounting department personnel, but are also pursued with operating personnel and, in some cases, outside parties.
For example, suppose the auditor identifies an unexpected increase in the gross profit on a product line. The clients
accounting personnel explain that a major customer is being shipped the product in component form and doing the final
assembly immediately before resale. This new arrangement has reduced the clients labor and overhead on the product line.
The auditor might investigate the explanation by inspecting invoices and shipping records and the agreement with the
customer and discussing the matter with operating management. On the other hand, when significant fraud risk factors are
present, the auditor may consider interviewing the major customer to corroborate the explanation.
505.67 The nature and extent of corroboration needed is dependent on the circumstances and the nature of the risks that are
present. In some cases, the client may have already made an investigation of a difference. For example, if the auditors
expectation was developed from budget information, there might be a detailed budget variance analysis. The auditor may
inspect the analysis and discuss it with the preparer. If the variance analysis was made independently of the person
responsible for the variance, the analysis might provide sufficient corroboration. In corroborating explanations of differences,
the auditor may consider the results of other audit procedures and the enhanced understanding of the client obtained during
the audit. This information might be sufficient and no additional evidence considered necessary. For example, the new
arrangement with a major customer receiving the product in component form might be discussed in board minutes and
correspondence with the customer. In some cases, consideration of a significant difference might cause the auditor to
conclude that the development of the expectation missed important developments or considerations. Reexamination of the
development of the expectation might explain the difference.
505.68 When analyzing significant differences, the auditor considers whether there is a pattern of differences. Individual
differences and the results of other audit procedures are not considered in isolation. For example, the auditor might have
developed an expectation of revenue that is significantly below the recorded amount. If confirmations of accounts receivable
result in greater than expected discrepancies, there is a pattern pointing to an increased risk of overstated revenue and
receivables.
505.69 Because of the nature of analytical procedures, the auditor is usually not able to explain the entire amount of the
difference. An explanation of the exact amount of the difference is not necessary. The auditor only has to corroborate a
sufficient explanation to reduce the difference to an acceptable level. However, the investigation might not result in an
acceptable difference and might instead indicate the existence of a misstatement. The auditor then considers the nature and
cause of the misstatement and the most effective approach to quantifying the misstatement. (See paragraph 505.65.) The
quantified misstatement is proposed as an audit adjustment. Chapter 18 discusses summarization and evaluation of
misstatements.
How to Document Substantive Analytical Procedures
505.70 When substantive analytical procedures have been performed, the auditor should document (AU-C 520.08):
the expectation and the factors used in its development (unless readily determinable from the work performed),
the results of comparing recorded amounts to the expectation, and
any additional procedures performed to address significant unexplained differences, and the results of those
procedures (for example, the amount of any misstatement quantified as a result of the analytical procedures
performed).
Exhibit 5-7 presents an example of documentation of a substantive analytical procedure.
Exhibit 5-7
Documentation of Analytical Procedure
12-31-X2 12-31-X1 Change
Accrued Commissions $ 135,036 $ 100,005 $ 35,031+
+ Review of sales agent contracts shows that commissions range from 4% to 6% of sales
and average 5%. Commissions are paid monthly; thus accrued commissions should relate
to December sales, which were $695,000 higher than last Decembers. Applying the 5%
average commission rate to the sales increase, the expectation is that accrued
commissions should have increased by approximately $35,000. The difference between
that expectation and the actual increase is immaterial. Accrued commissions appear
reasonable and no further work is considered necessary.
* * *
505.71 Documentation of the expectation and the factors considered in its development is required if not apparent from the
work performed. When prior year balances or budgeted amounts are used for comparative purposes, those amounts
implicitly represent the auditors expectation. In that case, if the workpapers include a comparative schedule showing the prior
year or budgeted amounts and indicating the source of those amounts (for example, prior-year workpapers or the 20X2
budget), the authors believe that the expectation is apparent and that no additional documentation of the expectation is
necessary. For an expectation developed based on the key factors affecting an account, such as an expectation of
compensation expense developed using information about the number of employees and pay rates, auditors should
document the factors used in its development and the source of information about those factors. The results of comparing the
expectation with recorded amounts may be documented by including a variance column on the auditors comparative
schedule or by documenting the comparison of the expected amount and the recorded amount on the face of the auditors
calculation.
505.72 Although not required by authoritative literature, documentation might also include information about the auditors
approach to evaluating the significance of the difference between the recorded amount and the expectation (for example, the
authors approach, which is a percentage of tolerable misstatement rule of thumb as discussed in paragraph 505.63).
505.73 Practice Aids. The Substantive Analytical Procedures Worksheet at ASB-CX-9.1, which includes space for
documenting the information listed in paragraph, 505.70 can be used to document the performance of analytical procedures,
including development of an expected amount. The Ratio Analysis Worksheet at ASB-CX-9.2 can be used to document
calculations of ratios. Rather than manually completing ASB-CX-9.1 or ASB-CX-9.2, some auditors may prefer to adapt the
formats for use in electronic spreadsheets. By using such a spreadsheet, once the information is captured, all computations
and comparisons can be automated. PPCs Workpapers, which provide practice aids not available in PPC Guides, includes a
set of automated spreadsheet templates. These templates include a certain number of the analytical ratios presented on
ASB-CX-9.2. PPCs Workpapers can be ordered by calling (800) 431-9025 or from the PPC website at
506 OTHER ISSUES RELATED TO SUBSTANTIVE PROCEDURES
The Use of Audit Evidence from Prior Periods
506.1 The ability to use audit evidence from the performance of substantive procedures in a prior audit is highly restricted.
AU-C 330.A59 notes that in most cases, audit evidence from a previous audits substantive procedures provides little or no
audit evidence for the current period. Prior evidence substantiating the purchase cost of a building or building addition is one
example of an instance in which audit evidence obtained from the performance of substantive procedures in a prior period
may be relevant in the current period. This example is the common audit approach to auditing property by substantiating the
changes to the beginning balanceadditions and retirementsto reach a conclusion about the ending balance. Before using
audit evidence obtained from the performance of substantive procedures in a prior audit, the auditor considers whether the
audit evidence and the related subject matter have fundamentally changed and performs audit procedures during the current
period to establish the continuing relevance of the audit evidence. Using audit evidence about the operating effectiveness of
controls obtained in prior audits is discussed beginning at paragraph 606.8.
Responding to Fraud Risks
506.2 The auditor is responsible for designing the audit to detect material misstatements, whether caused by error or fraud.
The auditor does not routinely select procedures designed solely to detect fraud in ordinary circumstances. However, the
auditor is required to specifically identify and assess risks of material misstatement due to fraud and develop an appropriate
response. Based on the auditors assessment of fraud risks, he or she may alter the nature of procedures performed (that is,
apply additional procedures designed to detect fraud), or alter the timing or extent of procedures performed. The auditor may
also require more or different evidence to support material transactions or balances than would be the case if the auditor did
not identify any specific fraud risks. In addition, auditors are required to perform certain specific procedures to address the
risk of management override of controls, including examining the entitys journal entries and other adjustments, reviewing
accounting estimates for bias, and evaluating the business rationale for significant unusual transactions.
506.3 Overall Responses. Auditors generally use overall responses to address fraud risks that are pervasive to the financial
statements. Overall responses affect the audit strategy (that is, the way the audit is conducted). Because there is always at
least one identified fraud risk (the risk of management override of controls), certain overall responses are required in every
audit. Overall responses are discussed in section 306.
506.4 Specific Responses. Specific responses to fraud risks involve the nature, timing, and extent of auditing procedures.
Specific responses at the account balance, transaction class, or financial statement assertion level will vary depending on the
types and combinations of fraud risks identified and the account balances, classes of transactions, or assertions that may be
affected. Responses may involve both substantive procedures and tests of controls. However, tests of controls alone will not
reduce audit risk to an appropriately low level because of the risk that management may override controls; therefore, tests of
controls alone are not sufficient to respond to fraud risks.
506.5 When responding to fraud risks, the auditor may need to modify the nature, timing, and extent of audit procedures in
the following ways:
The nature of audit procedures may be modified to obtain more reliable evidence (such as evidence from
independent sources outside the entity or evidence from tests of details rather than analytical procedures) or
additional corroboration.
The timing of audit procedures may be modified to perform more substantive procedures at year-end (for example, if
interim audit procedures are planned, but there are unusual incentives for management or the owner/manager to
engage in fraudulent financial reporting). Alternatively, substantive tests of transactions throughout the year may be
performed to respond to the risk of fraud initiated in an interim period. (Section 507 discusses additional
considerations when performing interim audit procedures.)
The extent of audit procedures may be modified through larger sample sizes or by performing analytical procedures
at a more detailed level to achieve a higher degree of precision.
506.6 If inherent risk is assessed at high because of the presence of fraud risks, the auditor might decide to increase the
extent of procedures (for example, by performing analytical procedures at a more detailed level, obtaining a higher
percentage of coverage when performing scope testing, or increasing sample sizes). A more likely response, however, might
be to modify the nature of audit procedures in the area of concern rather than the extent. Examples of specific responses
affecting the nature, timing, and extent of procedures are included in Exhibit 5-8. Exhibit 5-9 provides an illustration of how the
auditor might use a combination of overall and specific responses to address a risk of improper revenue recognition.
Exhibit 5-8
Examples of Specific Responses to Fraud Risks
Nature of Audit Procedures
Obtain evidence from more independent sources.
Perform more physical observation and inspection procedures.
Contact major suppliers and customers orally.
Send confirmation requests to a specific party in an organization.
Seek more or different information.
Use computer-assisted audit techniques to gather more extensive evidence or perform different types of tests.
Perform a different combination of substantive tests of details and analytical procedures.
Interview personnel involved in areas where identified fraud risks exist to obtain their insights about the risk and whether
or how controls address the risk.
If the work of specialists is especially significant to the financial statements, engage another specialist or perform
additional procedures on the assumptions, methods, and findings.
Confirm with customers relevant contract terms and the absence of side agreements. (Maybe even confirm both orally
and in writing.)
Apply additional procedures during inventory observation, such as more rigorously examining product contents or
quality, or the way boxes are stacked.
Apply additional procedures to inventory tags, count sheets, etc.
Obtain a further understanding of and test controls over assets that are highly prone to misappropriation.
Timing of Audit Procedures
Confirm receivables at year end rather than at interim.
Perform certain procedures on a surprise or unannounced basis.
Observe inventory at all locations at once.
Request physical inventories to be taken at or near year end.
Apply substantive procedures to transactions occurring throughout the period under audit.
Extent of Audit Procedures
Increase sample sizes.
Obtain a higher percentage of coverage when performing scope testing, for example, by reducing the scope for detail
tests of expense accounts.
Observe inventory at special locations or all locations.
When using the work of other auditors, discuss with them the extent of work needed to address identified fraud risks
resulting from transactions and activities involving the two entities or components.
Additional testing of inventory tags, count sheets, etc.
Perform substantive analytical procedures, including the development of an expected dollar amount, using
disaggregated data to achieve a high level of precision. (For example, compare monthly sales, cost of sales, and gross
profit by location, line of business, or month to auditor-developed expected amounts.)
Use computer-assisted audit techniques to test an entire population instead of a sample.
* * *
Exhibit 5-9
Use of Overall and Specific Responses in Combination
Identified Fraud Risk: Improper revenue recognition
Type of Response Audit Response
Overall Assign more experienced staff to perform the revenue
procedures in ASB-AP-4.
Specific Perform all accounts receivable confirmation
procedures at year-end.
Specific Increase the extent of testing of subsequent account
write-offs, returns, and collections.
Specific Test the application of cash receipts to specific
invoices in addition to confirmation.
* * *
506.7 Professional Skepticism. When gathering and evaluating audit evidence in response to identified fraud risks, auditors
need to maintain an appropriate degree of professional skepticism, as discussed in paragraph 307.15. Examples of applying
professional skepticism in response to risks of material misstatement due to fraud include:
An increased recognition of the need to corroborate client explanations or representations (for example, through
further analytical procedures, third-party confirmation, examination of independent documentation, or discussions
with others within or outside the entity).
Performing additional or different auditing procedures to obtain more reliable evidence in support of the auditors
objectives.
506.8 Responding to the Risk of Misappropriation of Assets. Auditors may be faced with unique considerations when
determining how to respond to the risk of material misstatement due to misappropriation of assets. The auditors response
most likely will be directed at a specific account balance or transaction class. Responding to an apparent risk of
misappropriation can be challenging. Misappropriation of immaterial amounts may be relatively common, but it is less
common for misappropriation to occur in amounts considered material to financial statements.
506.9 When a client has assets that are particularly susceptible to misappropriation (such as large amounts of cash on hand
or other assets that are valuable and easily stolen) and the auditor has concluded there is a risk of material misstatement of
the financial statements due to misappropriation, an appropriate audit response generally would be to perform extensive
substantive testing of the balance recorded in the financial statements. That may include physically inspecting the assets at or
near year end. The auditor also might want to examine accounts in which misappropriation could be concealed, such as
accounts with a large number of small debit transactions. Substantive analytical procedures using expectations developed
with a high degree of precision also may be effective. In some cases, the auditor might decide it is necessary to test the
effectiveness of controls designed to prevent or detect such misappropriation. For example, the auditor might consider it
necessary to test the clients controls over cash sales and sales returns in a retail business. In addition, some of the
responses listed in Exhibit 5-8 might apply. Deciding which procedures are necessary is left to the judgment of the auditor.
AU-C 240.A76 states that the scope of work is to be linked to the specific information about the misappropriation risk that has
been identified.
506.10 In many entities, one of the primary fraud risks is fraudulent, unauthorized disbursements (for example, bookkeepers
writing checks to themselves). Many small businesses are particularly susceptible to such fraud because of a lack of
segregation of duties (see paragraph 506.13). If the auditor concludes there is a risk that such disbursements may occur in
amounts that could result in material misstatement of the financial statements, an audit response is required. Substantive tests
of the cash balance recorded in the financial statements may not be sufficient to respond to a material risk of fraudulent cash
disbursements. See further discussion beginning at paragraph 506.14.
506.11 Generally, the auditor will consider the clients controls over disbursements, such as the following:
Segregation of duties and effective management oversight (for example, the owner/manager receives the bank
statement unopened).
Authorization and approval of transactions (for example, in purchasing or payroll disbursements).
506.12 If, after considering controls and the risk that fraudulent disbursements could be material to the financial statements,
the auditor determines that an additional audit response is necessary, the following procedures might be considered:
Performing extended analytical procedures on expense accounts.
Reviewing selected disbursements for unusual payees, signatures, or endorsements.
Reviewing vendor lists for unusual patterns.
Reviewing payroll registers for unusual items.
Performing paymaster procedures (that is, distributing payroll checks or observing their distribution).
Proof of cash.
Additional examples of substantive procedures for detecting fraudulent disbursements are provided in ASB-AP-14. As
previously noted, deciding which procedures are necessary is left to the judgment of the auditor.
506.13 Regardless of the auditors judgments about whether the risk of material, fraudulent disbursements is an identified
fraud risk, the auditor should communicate significant deficiencies in accordance with professional standards. Section 1814
discusses communication of internal control matters. In addition, the auditor may consider working with the client, when
necessary, to establish effective controls over disbursements.
506.14 Cost of Goods Stolen. Another troublesome issue related to misappropriation of assets often is referred to as the
cost of goods stolen issue. For example, assume that employee theft of inventory occurs in amounts that would be
considered material to the financial statements. However, the inventory still on hand at the date of the financial statements is
accurately reflected on the balance sheet, and the theft is washed through costs of goods sold on the income statement.
Practitioners disagree on whether such financial statements are materially misstated, and auditing literature does not resolve
the issue. The same issue exists for other types of misappropriation. An example would be the personal use of company
funds by an owner/manager or other senior manager with the costs being charged to SG&A expense. The authors believe the
issue of whether such financial statements are materially misstated is a GAAP issue. However, the authors recommend some
consideration also be given to the qualitative aspects of materiality. For example, in some cases, implications of potential
misstatements that might otherwise be immaterial could be significant to financial statement users because they involve
506.15 If auditors conclude that an audit response is necessary to detect the costs of misappropriated assets reflected in
income statement accounts, they generally would respond by modifying the nature, timing, or extent of procedures ordinarily
used to test income statement accounts. As discussed in Chapter 17, income statement accounts are ordinarily tested
through analytical procedures, tests of transactions, scanning for unusual amounts, or some combination thereof. The use of
analytical procedures, including the development by the auditor of an expected dollar amount at a high level of precision to
be compared with the recorded amount, may be an effective response to a risk of material misstatement due to
506.16 Responses to Further Address the Risk of Management Override of Controls. Because management has the
ability to override controls that may otherwise appear to be operating effectively, and because that occurrence is
unpredictable, AU-C 240.32 requires auditors to address that risk. In addition to the auditors overall and specific responses to
identified fraud risks, auditors should perform the following procedures to further address the risk of management override of
controls:
Examine the entitys journal entries and other adjustments.
Evaluate the business rationale for significant unusual transactions.
506.17 Examining Journal Entries. Both AU-C 240 and AU-C 330.21 require examining journal entries and other adjustments.
However, the nature, timing, and extent of procedures required by AU-C 240 are different from those required by AU-C 330.
AU-C 330 focuses on journal entries made during the course of preparing the financial statements. AU-C 240, which focuses
on identifying fraudulent journal entries resulting from management override of controls, requires the auditor to consider
reviewing journal entries made throughout the period.
506.18 To test the appropriateness of journal entries, the auditor should
Obtain an understanding of the entitys financial reporting process and controls over journal entries and other
adjustments, and the suitability of design and implementation of such controls.
Make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity
relating to the processing of journal entries and other adjustments.
Consider fraud risk indicators, the nature and complexity of accounts, and entries processed outside the normal
course of business.
Select journal entries and other adjustments made at the end of a reporting period.
Consider the need to test journal entries and other adjustments throughout the period.
Auditors should examine both journal entries recorded in the general ledger and other adjustments (such as post-closing or
reclassifying entries) made in preparing the financial statements.
506.19 If the auditor has identified risks of management override of controls and he or she feels that the procedures outlined
in paragraph 506.18 will not adequately respond to those risks, then the auditor should perform additional procedures (AU-C
240.33). The auditor designs those procedures to adequately respond to the identified risks of management override of
controls.
506.20 When selecting journal entries for testing and designing tests, auditors may consider:
The assessed risk of material misstatement due to fraud related to specific classes of journal entries.
The effectiveness of controls over financial reporting (if the auditor tests those controls). However, even if the auditor
has tested controls over journal entries and determined they are operating effectively, it is still necessary to identify
and test specific entries.
How the entity processes journal entries and what audit evidence is available.
The presence of suspicious characteristics, such as entries to unrelated, unusual, or seldom-used accounts; entries
by employees not expected to make journal entries; entries made at or near the end of the period or as post-closing
entries with little or no explanation; entries without account numbers; or entries containing rounded or consistent
ending numbers.
The nature and complexity of the accounts, locations, or components containing the journal entries. Unusual journal
entries are often associated with accounts that contain complex or unusual transactions, significant estimates and
year-end adjustments, or related party transactions. Accounts prone to errors in the past and unreconciled accounts
may also be associated with a higher risk of material misstatement due to fraud.
Whether the entries are for standard, recurring estimates or transactions such as monthly depreciation, or for
nonstandard, nonrecurring estimates or transactions, such as asset impairment or business combinations.
Nonstandard adjustments may also include consolidating adjustments, report combinations, and reclassifications
not reflected in formal journal entries.
Whether the entries are subject to the entitys normal internal controls. Nonstandard, nonrecurring entries and
adjustments may not be subject to the same level of internal control as standard, recurring entries.
The need to select entries from different locations or components of the entity.
Journal entries that are reversed at the beginning of the subsequent period.
506.21 Determining the nature, timing, and extent of tests of journal entries is a matter of professional judgment. However,
procedures ordinarily include examining the general ledger to identify entries for testing and reviewing supporting
documentation. Considerations include whether entries are properly approved, adequately supported, and properly posted,
and whether they appropriately reflect the underlying events and transactions. For most audits, the authors believe tests of
journal entries will be performed at year end. If examination of the ledger to identify entries for testing is initially performed
before year end, those procedures generally are extended to year end.
506.22 If practical, the authors recommend scanning the general ledger (or general journal report) for the entire period
under audit and selecting journal entries based on the complexity of the accounts, unusual characteristics of the entries, and
other factors noted during the audit. If only summary totals are posted to the general ledger, it will be necessary to obtain a
detail report that reflects individual journal entries from the general journal posting source. Prior to scanning the general
ledger, the chart of accounts may be scanned to identify accounts that may be vulnerable to fraudulent entries and may need
to be scrutinized. The auditor also may inquire about any differences between control accounts and supporting ledgers. Any
differences may be due to an attempt to conceal fraud. When scanning the general ledger or general journal report is not
practical, using data extraction software may be an effective method of identifying and selecting entries possessing certain
unusual characteristics, such as rounded numbers or consistent ending numbers. Use of data extraction software is
discussed in Chapter 9. When selecting entries, it is important that the auditor be aware of and consider the entire population
of journal entries and adjustments.
506.23 When selecting entries for testing, auditors are primarily concerned with identifying journal entries that represent
nonrecurring transactions, estimates, and adjustments. Journal entries may be identified by the general ledger posting
source, such as GJE or JE. Some entities may pre-assign certain journal entry numbers for recurring adjustments and use
other numbers for nonrecurring adjustments, allowing the auditor to separately consider each type of entry. Auditors are
typically not concerned with general ledger postings that are normally expected for a particular account (for example,
postings from the sales journal in the revenue account would not be unusual). In addition, auditors are ordinarily not as
concerned with standard, recurring journal entries, such as monthly depreciation expense, but ought to be alert to whether
such expected entries are missing. Exhibit 5-10 lists indications of unusual journal entries that might warrant further
investigation.
Exhibit 5-10
Indications of Unusual Journal Entries in General Ledger Accounts
Unusual Condition Examples
Unexpected posting source. Postings to revenue accounts from
other than the sales journal.
Postings to accounts receivable
from other than the sales and cash
receipts journals.
Postings to accounts payable from
other than purchases and cash
disbursements.
Unexpected debits or credits. Credit postings in expense
accounts.
Debit postings in revenue accounts.
Unexpected combination of accounts. Debit to a reserve and credit to
revenue.
Debit to long-term debt and credit
to interest income.
Debit to depreciation and credit to
revenue.
Unusually large or small dollar amounts
based on normal activity in an account.
Large debits to sales accounts
when only small amounts are
expected for sales returns.
Large credit adjustments to
accounts receivable when only
small amounts are expected for
credit memos.
Numerous small debit adjustments
to expense accounts.
Unusual Condition Examples
Unusually large or small numbers of
entries based on normal activity in an
account.
Expected entries are missing.
Large numbers of journal entries in
accounts with very little transaction
activity.
Dollar amounts appear suspicious. Entries containing rounded
numbers.
Entries containing consistent
ending numbers.
* * *
506.24 The method of selecting journal entries needs to be sufficient to identify unusual journal entries. An entry may be
considered unusual because it involves accounts that ordinarily would not appear together, such as a credit to accounts
receivable and a debit to office supplies expense. If the auditor is selecting entries by account, he or she may not see the
other account that is affected by the journal entry. Therefore, that selection method may not be effective to detect entries
containing unrelated accounts. Auditors may be able to obtain a journal entry detail report that indicates both sides of journal
entries.
506.25 When the selection method involves scanning the general ledger for unusual journal entries, it may be preferable to
obtain year-to-date rather than monthly activity, if practical. In some cases, fraudulent journal entries could be posted directly
to a prior month and would avoid detection if the auditor scanned monthly activity unless the auditor examined the rollforward
of prior month ending balances to current month beginning balances. As a practical matter, many smaller entities can provide
auditors with a printout or electronic file of general ledger activity during the entire reporting period. When reviewing the
general ledger, auditors also may identify significant unusual transactions that relate to posting sources other than journal
entries. Those transactions are considered as discussed in paragraph 506.31.
506.26 Another procedure that is important in detecting unusual changes in account balances that may reflect inappropriate
journal entries is to ensure that the trial balance provided to the auditor agrees with the companys general ledger. If the client
prepares the financial statements, the auditor should reconcile the trial balance with the financial statements. Using the PPC
audit approach, ensuring that the accounting records agree or reconcile with the financial statements is performed as part of
the auditors evaluation and other completion procedures in the General Auditing and Completion Procedures program at
ASB-AP-2.
506.27 Auditors can document their review of journal entries by (a) describing the procedures used to establish the
population of journal entries was complete, (b) describing the method used to select journal entries for examination, and (c)
identifying the specific journal entries examined.
506.28 Reviewing Accounting Estimates. AU-C 240.32 requires that the auditor consider the possibility of management bias
in the development of accounting estimates. In other words, an auditor should consider whether differences between
estimates best supported by the audit evidence, and the estimates included in the financial statements that are individually
reasonable, indicate (in the aggregate) a possible bias on the part of management. In that case, the auditor should consider
whether other recorded estimates reflect a similar bias and perform additional procedures to address those estimates.
Evaluating significant estimates for bias is discussed further in paragraph 1809.10.
506.29 AU-C 240.32 also requires auditors to perform a retrospective review of significant prior-year accounting estimates.
The retrospective review includes reviewing information available in the current year and comparing that information to
significant estimates recorded in the prior year. The intent of the review is not to question the auditors judgment in the prior
year, but to determine, with the benefit of hindsight, whether the underlying assumptions in the prior year might indicate
possible bias on the part of management. The review may provide additional information about whether the current years
estimates could be biased.
2(37)
506.30 Significant estimates selected for retrospective testing should include those that are highly subjective or may change
significantly based on the underlying assumptions and judgments. If auditors identify possible bias on the part of
management in making accounting estimates, they consider whether the bias indicates a risk of material misstatement due to
fraud, that is, intentional manipulation of the financial statements, and develop an appropriate response.
506.31 Evaluating Significant Unusual Transactions. AU-C 240.32 requires auditors to gain an understanding of the business
rationale for significant unusual transactions. Understanding the business purpose (or lack thereof) for transactions outside
the normal course of operations may provide an indication that transactions were entered into for the purpose of engaging in
fraudulent financial reporting or to conceal misappropriation. In evaluating business rationale, auditors may consider whether:
The transaction is overly complex in relation to its stated purpose.
Management or the owner/manager is overly concerned that the transaction receives a particular accounting
treatment.
The transaction involves previously unidentified related parties.
The parties to the transaction lack substance.
The transaction and the manner of accounting have been reviewed and approved at an appropriate level, such as
by the board of directors or audit committee (if the company has one).
The transaction makes business sense from the perspective of the other party.
506.32 Effect on Audit Programs. Auditors use professional judgment in determining the nature, timing, and extent of the
procedures that need to be performed to respond to identified fraud risks. If the auditor chooses to respond to fraud risks by
changing the nature of his or her auditing procedures, the additional procedures to many of the core audit programs include
procedures the auditor may consider performing in response to his or her assessment of fraud risks. In addition, Chapters
1017 of this Guide discuss audit considerations for specific audit areas. Those chapters include examples of specific
responses for various types of fraud risks that might be encountered.
506.33 Due to the nature of fraud and the methods in which it may be committed, it is not possible to develop a
comprehensive set of standardized procedures that need to be performed in response to an auditors assessment of fraud
risks. Because the nature of the risk is fraud related, it is critical that the auditor ensure that procedures performed to respond
to the risk are appropriate. In some cases, the auditor may need to develop his or her own procedures in response to specific
facts and circumstances of the engagement. Tailoring audit programs is discussed in detail beginning at paragraph 405.26.
506.34 Documenting Fraud Risk Responses. AU-C 240.44 requires the auditor to document responses to risks of material
misstatement due to fraud. The auditor is required to document the following:
The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level
and the nature, timing, and extent of audit procedures, and the linkage of those procedures with the assessed risks
of material misstatement due to fraud at the assertion level.
The results of the audit procedures, including those designed to address the risk of management override of
controls.
506.35 There is not a one-to-one correlation between risks and responses. That is, one response may address several fraud
risks, and one risk may require several responses. The responses to identified fraud risks may be documented individually or
in combination.
Completenessthe Elusive Assertion
506.36 Another relatively complex and somewhat controversial issue is how to test the completeness assertion. Some
auditors believe that sufficient audit evidence about completeness cannot be obtained without some tests of controls because
substantive procedures are not very effective in testing completeness. In particular, they believe that controls are needed to
assure the recording of all transactions that should be recorded. In a small business, lack of segregation of duties may
preclude testable completeness controls. Does that mean that such a small business is unauditable? Not necessarily. The
authors believe a reduced assessment of control risk is not necessary to satisfy audit objectives about the completeness
assertion (except for some transactions, such as cash revenues of a retailer, casino, or charitable organization, where it may
be difficult to limit audit risk without relying on the operating effectiveness of controls).
506.37 If the auditor believes there is a risk that transactions have been improperly omitted from the financial statements, the
auditor can restrict that risk by performing some substantive procedures to obtain evidence about the completeness
assertion. The substantive procedures generally are either analytical procedures or tests of related populations. (A related
population is an account balance or transaction class other than the one being assessed for completeness that would be
expected to contain evidence of whether all transactions are included in the balance or class being assessed.) The following
paragraphs discuss procedures that are ordinarily effective.
506.38 Procedures Related to Completeness. A variety of procedures are available that provide evidence relevant to
completeness. Some provide direct evidence that for a particular account balance or class of transactions there is reasonable
assurance of completeness. Others are less direct but increase an auditors confidence that the financial reporting system has
captured all transactions. These procedures are as follows:
a. Observation and Inquiry. To obtain information about the control consciousness of management or the
owner/manager, the competence and integrity of employees, and the condition of the accounting records and
operation of the financial reporting system.
b. Analytical Procedures. To obtain information about the reasonableness and completeness of account balances and
the totals of classes of transactions.
c. Tests of Details of Transactions. To obtain direct evidence that a population of accounting data is complete.
d. Management Representations. To obtain corroboration from management on the completeness of recorded
transactions and other relevant representations. Although management representations are not a substitute for other
audit procedures and, according to the audit interpretation, may not be solely relied on, the representations can
complement other procedures.
Use of these procedures is explained in the following discussion.
506.39 Observation and Inquiry. By touring a clients business and observing it in operation, an auditor can gain a general
impression of operating efficiency and effectiveness. An auditor can see whether the level of activity observed is what would
generally be expected for the activity shown in the accounting records. Assets on hand can be inspected and compared to
recorded amounts. Also, an auditor can, by observing and asking questions, gain an impression of the control consciousness
of management and the general level of competence and integrity of employees. Does management demonstrate a concern
for control by performing important approval and checking functions? Do accounting personnel understand their duties and
appear mindful of controlling the quality of their work? Is there a formal accounting system with a chart of accounts and clear
lines of responsibility for accounting personnel? These procedures, which are generally performed during the risk assessment
process, are tests of controls. However, observation and inquiry usually provide evidence that controls were in operation only
during the period observed, not the entire audit period. Thus, these procedures alone are not usually sufficient to support an
assessment of control risk at moderate or low.
506.40 Analytical Procedures. In some cases, operating data independent of the accounting records may be used to test
completeness. The ratio of units purchased to units sold provides a test that goods received are recorded and that usage and
movement of inventory is recorded. An account balance, in some cases, might be sufficiently tested by computation. A
comparison of investment income to average investments tests whether all income earned on investments is recorded, and
average pay times the number of employees may substantiate that all salaries are recorded. Membership fee revenue can be
related to total members; also if available, industry averages for expense to sales ratios might detect unrecorded sales.
506.41 Tests of Details of Transactions. A basic condition for effective tests of transactions is some type of formal financial
reporting system. Documents that are the initial record of transactions are generally sequentially numbered as soon as
possible; the documents are preferably prenumbered, and all numbers are accounted for after processing. Control totals and
transaction logs or registers also contribute to assuring completeness if totals are reconciled at various stages in processing.
An auditor can inspect the clients use of those means of assuring completeness or make independent tests of the sequence
of prenumbered documents and reconciliation of totals.
506.42 Files of open items, such as open purchase orders and open sales orders, provide some assurance of completeness
if the open items are periodically matched with transactions and deleted when processing is done. Unmatched items could
indicate uncompleted transactions or unrecorded transactions.
506.43 An auditor can perform tests to reconcile recorded transactions with the record of physical movement to test
completeness. For example, an auditor can trace records of goods received to amounts recorded as purchase transactions,
and records of goods shipped can be traced to recorded sales transactions. Note that the direction of testing is from the
independent evidence of the transaction to the accounting record.
506.44 In some cases, the auditor may obtain evidence of completeness (and cutoff) by testing activity in related accounts
subsequent to the period under audit. For example, a search for unrecorded liabilities often involves the review of
disbursements and supporting documents for periods subsequent to the date under audit. In addition, the auditor may scan
(an analytical procedure) the subsequent activity in related accounts for unusual activity that may address the completeness
assertion.
506.45 Management Representations. In every audit of financial statements, an auditor is required by AU-C 580 to obtain
certain written representations from management. (See the discussion of management representations in section 1804.)
Those representations cannot substitute for audit procedures necessary to obtain sufficient audit evidence, but they can
complement those procedures. A written representation on the availability of all financial records and related data is ordinarily
included and, for a small business, the authors believe it is generally advisable to obtain a representation that there are no
undisclosed liabilities or transactions. In some cases, representations on specific transactions may be advisable.
507 TIMING OF SUBSTANTIVE PROCEDURES
507.1 As part of audit planning, an auditor can consider whether any substantive procedures may be applied before the
balance sheet date. (Interim tests of controls are discussed in Chapter 6 and substantive analytical procedures performed at
an interim date are discussed in section 505.) Generally, the most efficient approach for audits of small and midsize nonpublic
entities is to perform the audit tests as of the balance sheet date. However, the auditor may wish to perform audit procedures
before the balance sheet date in the following situations:
Convenience. If the auditor has several clients with the same year end, interim procedures may be used to spread
the auditors workload more evenly.
Deadline. If the client has a tight deadline for issuing its financial statements, the auditor may need to perform some
procedures at an interim date to meet that deadline.
Issue Identification. Interim audit work allows the auditor to identify and address critical audit issues as soon in the
engagement as possible. Then the auditor and client can more easily deal with issues without deadline pressures
arising near year end, which in turn can enhance audit efficiency and client relations.
Assessed Risks of Material Misstatement. Modifying the timing of substantive procedures is one response to the
assessed risks of material misstatement due to error or fraud. In general terms, the higher the assessed risk of
material misstatement, the more likely it is that the auditor will determine that it is more effective (or necessary due to
certain fraud risks) to perform substantive procedures near the period end. However, as the assessed risks diminish,
the auditor may determine that an appropriate response would include the performance of certain substantive
procedures at an interim date. Also, as AU-C 240.A43 points out, a response to some identified fraud risks, such as
fraudulent revenue recognition, might be to apply substantive procedures to transactions occurring earlier in or
throughout the reporting period. An overall response to identified risks might be to add an element of
unpredictability in the timing of audit procedures from year to year, such as by performing tests at a time other than
that expected.
507.2 Many auditors find that the benefits of interim audit procedures outweigh the disadvantages. In many cases, there is
simply no way to meet the audit firms and clients needs without some interim work. Thus, the issue often becomes not
whether to do interim work but how to do it to maximize audit efficiency and effectiveness.
507.3 There are generally two types of substantive procedures that may be performed before the balance sheet date
a. Flexible Timing Procedures. Flexible timing substantive procedures can be applied at any time, including an interim
date. These procedures generally consist of examining transactions or gathering information without attempting to
reach a conclusion about an entire account balance as of an interim date. The procedures can be performed
through an interim date and later extended to the balance sheet date. The auditor can then reach one conclusion
covering the balance for the entire year. Examples of such procedures include:
(1) Tests of transactions in balance sheet accounts with a low turnover or activity rate, such as property, long-term
debt, lease obligations, investments, and owners equity.
(2) Tests of transactions that affect revenues and expenses, such as tests of sales of significant assets.
(3) Analytical procedures for revenues and expenses, such as analysis of sales or gross profit by month.
b. Interim Audit Procedures. Interim audit procedures are performed to arrive at a conclusion about an account
balance as of an interim date. Additional procedures are then performed to extend the interim conclusion to the
balance sheet date. The following are examples of procedures that may be performed at an interim date, depending
on the circumstances:
(1) Confirmation of accounts receivable.
(2) Inventory observation.
(3) Inventory price testing.
Interim audit procedures involve additional considerations, which are discussed in the following paragraphs.
Interim Audit Procedures
507.4 Evaluating the Practicality of Performing Interim Audit Procedures. When evaluating whether it is practical to
perform interim audit procedures, the auditor considers the following factors:
a. Feasibility. AU-C 330.A61 lists several factors that may be considered before applying substantive procedures at an
interim date. Those factors include the control environment, when the necessary information is available, the nature
of the account or transactions, the assessed risk, and the period to which the audit evidence relates. Also, there are
practical considerations such as the availability of sufficient information to effectively test the remaining period (that
is, the period from the interim date to the balance sheet date).
b. Efficiency. Interim substantive tests of details of asset and liability account balances may not be cost-effective unless
substantive procedures covering the remaining period can be restricted. If testing of the remaining period cannot be
restricted, the auditor may have to reperform the interim procedures as of the balance sheet date, which could result
in a substantial increase in audit time and cost.
Exhibit 5-11 is a list of specific considerations in deciding whether to perform interim audit procedures.
Exhibit 5-11
Timing Considerations for Interim Audit Procedures
1. Risk factors
a. Assessed risk of material misstatement. (The higher the assessed risk of material
misstatement, the more likely it is that the auditor will determine that it is more
effective to perform substantive procedures near the period end or at
unannounced or unpredictable times. Additionally, the response to some identified
fraud risks may cause the auditor to perform substantive procedures at the
balance-sheet date while the response to other identified fraud risks may cause the
auditor to apply substantive procedures to transactions occurring earlier in or
throughout the reporting period.)
b. Length of the remaining period.
c. Control environment and other relevant controls.
2. Account characteristics
a. The relevant assertions for which audit evidence will be obtained.
b. The predictability of the composition or amount of the account balance from the
interim date to the balance-sheet date.
c. The probability of transactions or events occurring between the interim date and
the balance-sheet date that could significantly affect the conclusions at the interim
date or require the reperformance of interim audit procedures.
d. Client policies and procedures regarding the account (specifically, whether the
client analyzes and adjusts the account balance regularly and establishes proper
cutoffs).
3. Financial reporting system
a. Reliability of the financial reporting system (for example, whether it is characterized
by inaccuracy or delay that creates audit risks that would undermine the
effectiveness of interim testing).
b. Ability of the financial reporting system to provide sufficient information about the
following matters:
(1) Composition of the account balance at the interim date.
(2) Composition of the account balance at the balance-sheet date.
(3) Transactions occurring and journal entries recorded during the remaining
period.
(4) Reasons for significant differences arising from analytical procedures.
* * *
507.5 Choosing an Interim Date. When interim audit procedures are performed, the risk that misstatement may exist in the
related audit area and not be detected by the auditor generally increases as the length of the remaining period increases.
Thus, the selection of an interim date (which determines the length of the remaining period) can significantly affect the nature
and extent of audit procedures for the remaining period. GAAS does not specifically address selection of interim audit dates.
Many auditors insist that the interim date not be more than three months before the balance sheet date. Generally, an interim
date of one month before the balance sheet date is preferable. However, the ultimate choice of interim dates is a matter of
auditor judgment based on the circumstances.
507.6 Audit Risk Considerations. When interim audit procedures are performed, there is a risk that the conclusions reached
at the interim date are not extended properly to the balance-sheet date. This remaining period risk tends to rise with increases
in the following factors:
Assessed risk of material misstatement from either error or fraud.
Length of the remaining period (that is, the period from the interim date to the balance-sheet date).
507.7 Generally, the greater the remaining period risk, the greater the assurance needed from tests of the remaining period.
For example, if the remaining period risk is low, the auditor can generally test the remaining period through limited analytical
procedures. However, if the remaining period risk is high, the auditor would generally need to apply more reliable procedures,
such as tests of details. In some high-risk cases, the auditor might even need to reapply some of the interim procedures to
period-end balances. When deciding whether to perform substantive procedures at an interim date, the auditor considers
whether the tests that would be performed for the remaining period will adequately reduce the risk that misstatements that
exist at period end are not detected.
507.8 Consequently, it may be more efficient to apply interim audit procedures to lower-risk areas or assertions. For example,
if the client had a high risk relating to the allowance for doubtful accounts but moderate or low risk for existence, the auditor
might decide to test existence at an interim date and valuation at the balance sheet date.
507.9 The auditor may also consider other factors that contribute to audit risk when determining whether to perform interim
procedures, such as the control environment or the specific nature of the risk that applies to the audit areas or assertions. For
example, if there is a risk of overstated revenues due to earnings pressures, the auditor may determine that the relevant
assertions of existence and cutoff can only be effectively tested at period end since the risk may be greater at the end of the
reporting period.
507.10 Account Considerations. The characteristics of the accounts need to be considered in deciding whether it is
practical to audit an area or assertion at an interim date. For some account assertions, it may be more effective and/or
efficient to perform the substantive testing at period end. In many cases, especially when substantive analytical procedures
will be applied for the remaining period, the accounts that are best suited to interim testing have predictable balances and
consistent activity levels. This makes it easier to develop more precise estimates of ending balances. Also, the accounts need
to be regularly analyzed and adjusted and subjected to appropriate cutoff procedures. It is inefficient to test an account
before the client has attempted to accurately determine what the balance should be.
507.11 Financial Reporting System Considerations. The auditor also considers the financial reporting system when
selecting audit areas for interim testing. The system for the area to be tested needs to be capable of generating sufficient
reliable data to allow the auditor to apply the planned procedures.
507.12 Testing the Remaining Period. The auditor should perform sufficient tests of the remaining period to extend the
conclusion from the interim date to the balance sheet date. Although the auditor is not required to test controls to have a
reasonable basis for extending audit conclusions from an interim date to the period end, the auditor considers whether
performing only substantive procedures to cover the remaining period is sufficient. If the auditor concludes that substantive
procedures alone would not be sufficient to cover the remaining period, the auditor should perform tests of controls or should
perform substantive procedures as of the period end. If, on the other hand, the auditor decides that substantive tests of the
remaining period will be sufficient, those tests may include
a. Comparison or reconciliation of information regarding the balance at the interim date with corresponding information
at the balance sheet date (and investigation of unusual amounts).
b. Analytical procedures and/or tests of details.
507.13 The auditor determines the specific procedures to be performed based on the assessed risk associated with the
remaining period. Tests of details can be used instead of (or in addition to) analytical procedures as considered necessary to
obtain sufficient audit evidence. Exhibit 5-12 provides examples of updating procedures when accounts receivable are
confirmed at an interim date. The audit programs for accounts receivable (ASB-AP-4) and inventory (ASB-AP-5) contain other
audit procedures that may be used to test the remaining period for those accounts. Those audit programs need to be
modified as necessary to fit the circumstances.
Exhibit 5-12
Examples of Updating Procedures for Accounts Receivable
When Interim Procedures Are Performed
1. Obtain a detailed aged trial balance of accounts receivable at the balance sheet date and perform the following:
a. Obtain or prepare a reconciliation of the trial balance to the general ledger control account. Examine support
for significant reconciling items.
b. Compare trial balance totals between the balance sheet date and the interim date. Investigate significant
variations.
c. Identify any significant changes in the aging of accounts receivable.
2. Scan receivables activity in the accounting records during the period from the interim date to the balance sheet date.
Investigate and explain the nature and origin of any unusual entries.
3. Perform a test of sales cutoff at the balance sheet date.
* * *
507.14 Procedures performed to test the remaining period should be documented in the workpapers. For example, if
performing a test of details for activity in accounts receivable between the interim date and the balance sheet date, the
workpapers need to describe the procedures performed to test sales, cash receipts, and other transactions during the
rollforward period. Chapter 8 provides additional information on audit documentation.
507.15 Evaluating Audit Results. As discussed in paragraph 507.3, when interim audit procedures are performed, the
auditor forms a conclusion at an interim date and then extends that conclusion to the balance sheet date. If interim
procedures reveal misstatements, AU-C 330.24 indicates that the auditor should assess the risk of misstatement related to
those classes of transactions or account balances. Depending on that assessment, the auditor may either (a) modify the
nature, timing, or extent of tests of the remaining period or (b) reperform or extend the interim procedures at the balance
sheet date. The assessment may be based on consideration of the following factors:
The possible implications of the nature and cause of the misstatements detected at the interim date. For example, if
interim procedures revealed that the cost of certain types of inventory items was recalculated incorrectly, the auditor
may need to perform additional procedures to determine whether the errors are likely to exist at year end.
The possible relationship to other areas of the audit. The nature and amount of misstatements detected in interim
testing may lead the auditor to reconsider the original assessment of the risk of material misstatement.
The correcting entries subsequently recorded by the client. If the misstatements that were detected at interim were
corrected before year end, the auditor does not need to record an audit adjustment or audit difference for those
misstatements. However, the auditor considers whether similar adjustments are required at year end, and
adjustments or audit differences need to be recorded for uncorrected misstatements that remain in the account.
The results of audit procedures relating to the remaining period, especially those that might provide evidence
regarding possible misstatements. If planned procedures for the remaining period are sufficiently effective, no
specific additional procedures may be necessary. However, additional procedures will normally be necessary if
there is a significant risk of material misstatement of the year-end balance.
CHAPTER 6: TESTING INTERNAL CONTROL
600 INTRODUCTION
600.1 Chapter 3 discusses the auditors understanding of the five components of internal control obtained as part of the risk
assessment process. That chapter explains that the auditor should obtain an understanding of internal controls relevant to the
audit, evaluate their design, and determine whether they have been implemented. Chapter 4 discusses assessing the risk of
material misstatement, including control risk, at the relevant assertion level, and determining the nature, timing, and extent of
further audit procedures in response to the assessed risk.
600.2 To assess control risk for specific financial statement assertions at less than high in order to reduce the scope of
substantive procedures, the auditor is required to obtain evidence that the relevant controls operated effectively for the
particular time or throughout the period upon which the auditor plans to place reliance on those controls. That is done by
performing tests of the operating effectiveness of controls. However, the auditor is not required to assess control risk at less
than high for any relevant assertions unless substantive procedures alone will not provide sufficient audit evidence (that is,
substantive procedures alone are not effective). Therefore, in most cases, the decision about whether to test the operating
effectiveness of controls is a matter of audit efficiency.
600.3 This chapter discusses tests of the operating effectiveness of controls, including circumstances when tests of controls
should be performed and circumstances when testing is unnecessary or inefficient. The chapter discusses the nature of tests
of controls, including inquiry and observation, inspection of documents, walkthroughs, review of reconciliations and similar
bookkeeping routines, and reperformance of control activities. It also discusses other considerations that are relevant when a
decision is made to test controls, such as the timing of tests, including rotation of control tests when evidence from previous
audits is used, the extent of tests, efficiency opportunities, testing IT controls, documentation requirements, and related PPC
practice aids. Guidance is also provided on evaluating the audit evidence obtained from performing tests of the operating
effectiveness of controls and the amount of audit evidence necessary to support a reduced control risk assessment.
600.4 The authoritative pronouncements that establish requirements or provide guidance that most directly affects tests of
controls are as follows:
a. AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, discusses
how the results of tests of controls may impact the preliminary risk assessment and planned audit procedures.
b. AU-C 330, Performing Audit Procedures in Response to Assessed Risk and Evaluating the Audit Evidence Obtained,
provides guidance on (a) how the preliminary risk assessment affects the design of further audit procedures,
including tests of controls, (b) determining when tests of controls may be appropriate, (c) the nature, timing, and
extent of control tests, (d) selecting items for testing, (e) evaluating the sufficiency and appropriateness of audit
evidence collected, and (f) documentation requirements. [Formerly SAS No. 110 (AU 318)]
c. AICPA Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit (referred to as the AICPA
Risk Assessment Audit Guide), provides guidance on performing further audit procedures, including tests of
controls.
The authoritative pronouncements are explained further at the relevant points in this chapter. Chapter 7 discusses audit
sampling in tests of controls, and Chapter 18 discusses communicating internal control deficiencies to management and
those charged with governance.
Objective
601.1 The objective of the auditor when performing audit procedures (which may include tests of controls) is to obtain
sufficient appropriate audit evidence regarding the assessed risks of material misstatement through designing and
implementing appropriate responses to those risks.
Requirements
601.2 The requirements that should be met to achieve that objective with respect to tests of controls are summarized in
Exhibit 6-1.
Exhibit 6-1
Requirements for Tests of Controls
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
When designing further audit procedures, consider the
reasons for the assessed risk of material misstatement
for relevant assertions for each transaction class,
account balance, and disclosure, including whether
the risk assessment takes into account relevant
controls, thereby requiring audit evidence to determine
whether the controls are operating effectively.
Test the operating effectiveness of controls when:
The risk assessment includes an expectation that
controls are operating effectively (that is, reliance
is planned), or
substantive procedures alone are not sufficient.
In designing and performing tests of controls:
Obtain more persuasive audit evidence the
greater the reliance on controls.
AU-C 330.09 Sections 605
and 606
ASB-CX-10.1
Perform other procedures in combination with
inquiry to obtain evidence of:
How controls were applied at relevant times
during the period.
The consistency with which the controls
were applied.
By whom and by what means the controls
were applied, including whether the person
performing them has the necessary authority
and competence.
and 606
ASB-CX-10.1
Determine whether audit evidence about the
operating effectiveness of indirect controls is
necessary (when the controls to be tested
depend on other controls).
and 607
ASB-CX-10.1
Test controls for a particular time or throughout the
period of intended reliance.
If controls are tested at an interim date, obtain audit
evidence about significant changes to those controls
after the interim period and determine what additional
evidence should be obtained for the remaining period.
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
When deciding whether to use audit evidence from
tests of controls performed in previous audits and, if
so, how long to wait before retesting, consider the
following:
Effectiveness of other elements of internal control,
including the control environment, monitoring,
and the entitys risk assessment process.
Whether the control is manual or automated, and
other risk characteristics.
Effectiveness of general IT controls.
Effectiveness of the control and its application,
including the nature and extent of deviations
detected in previous audits and changes in
personnel applying the control.
Whether the lack of change in a control when
circumstances have changed poses risks.
Risks of material misstatement.
Extent of intended reliance on the control.
Perform inquiry procedures, combined with
observation or inspection, to establish the continuing
relevance of tests of controls performed in previous
audits and
If there have been changes that affect the
continuing relevance of previous audit evidence,
test the controls in current audit.
If there have not been changes that affect the
continuing relevance of previous audit evidence,
test the controls at least once every third audit.
Test some controls during each audit; that is, do
not test all controls in a single audit with no
testing in the subsequent two audits.
When testing controls over significant risks, test their
operating effectiveness in the current audit.
Evaluate whether misstatements detected by
substantive procedures indicate that controls are not
operating effectively.
If deviations are detected, make specific inquiries to
understand the reasons and their potential
consequences and determine whether
there is an appropriate basis for reliance on the
controls,
additional tests of controls are necessary, or
potential risks of material misstatement need to
be addressed using substantive procedures.
Determine the means of selecting items for testing that
are effective in meeting the purpose of the audit
procedure.
ASB-CX-10.2
If audit evidence obtained from performing further
audit procedures (tests of controls) is inconsistent with
audit evidence on which the original risk assessment
through
ASB-AP-14
Requirements
Clarified AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
was based, revise the risk assessment and modify
further planned audit procedures accordingly.
ASB-CX-7.1
ASB-CX-10.1
Nature, timing, and extent of further audit
procedures (tests of controls) performed.
Linkage of further audit procedures (test of
controls) with the assessed risks (control risk) at
Results of audit procedures (tests of controls),
including conclusions reached if not otherwise
clear.
If using audit evidence about the effectiveness of
controls obtained in previous audits, document
conclusions reached about relying on such controls.
* * *
602 INTERNAL CONTROL TESTINGAN OVERVIEW
602.1 As discussed in Chapter 3, as part of every financial statement audit, the auditor obtains an understanding of the five
components of internal control. AU-C 315.14 states that the understanding should include an evaluation of the design of
controls that are relevant to the audit and a determination of whether they have been implemented.
602.2 However, the evaluation of control design and implementation serve a different purpose than tests of controls (the
subject of this chapter). The evaluation of control design and implementation, which is accomplished through the
performance of risk assessment procedures, is necessary to assess the risk of material misstatement of the financial
statements. As discussed in section 403, the combined risk of material misstatement includes a control risk component.
Based on that assessment, the auditor determines which further audit procedures to perform. Further audit procedures may
include tests of the operating effectiveness of controls, as well as substantive procedures.
602.3 Unlike the evaluation of control design and implementation, which is required in every audit, tests of controls, which
are categorized as further audit procedures, are not required in every audit. In addition, when control tests are performed,
controls would not generally be tested for every significant class of transactions, account balance, disclosure, or relevant
assertion.
602.4 In addition, as indicated in AU-C 330.A22, testing the operating effectiveness of controls is different from obtaining
evidence that controls have been implemented. Implementation means that the controls exist and are being used. Operating
effectiveness relates to how and by whom controls are applied and the means by which, and consistency with which, the
controls are applied.
602.5 After testing controls, the auditor evaluates the sufficiency and appropriateness of audit evidence obtained and, based
on that evidence, reaches a conclusion about the operating effectiveness of the controls tested. If necessary, the auditor
modifies the initial control risk assessment (and combined risk of material misstatement) and reconsiders the nature, timing,
and extent of planned substantive procedures.
Practical Considerations Related to Tests of Controls
602.6 Auditors may ask the following questions with respect to tests of controls, which are answered in this chapter:
When is it necessary or required to test controls? This issue is discussed beginning in paragraph 603.1.
When is it not efficient to test controls? This issue is discussed beginning in paragraph 603.10.
For what periods of time should tests of controls be performed? The timing of tests of controls is discussed
beginning in paragraph 606.3.
Can evidence obtained from tests of controls in previous audits be used in the current audit? The use of audit
evidence from previous audits in tests of controls is discussed beginning in paragraph 606.8.
How can controls be tested most efficiently? This issue is discussed beginning in paragraph 606.17.
What needs to be considered when testing computer application controls? Testing information technology related
controls is discussed in section 607.
If controls are tested, how extensive should the tests be? Also, how much evidence is necessary to support a control
risk assessment of moderate or low rather than high? The consideration of the amount of audit evidence
necessary to support a reduced control risk assessment is discussed beginning in paragraph 608.11.
To what extent can the control risk assessment be reduced based on risk assessment procedures performed to
understand the design and implementation of controls? This issue is discussed beginning in paragraph 608.25.
How much audit effort can be saved by reducing the control risk assessment to moderate rather than high? The
effect of the control risk assessment on substantive procedures is discussed beginning in paragraph 608.31.
What are the documentation requirements related to tests of controls, and how can the auditor document such
tests? Documentation requirements and documentation practice aids are discussed in section 609.
Basic Approach to Tests of Controls
602.7 The following basic steps normally apply when considering tests of controls:
Step 1 Identify Audit Areas Where Tests of Controls Are Necessary or Efficient. (Discussed in section 603.)
Step 2 Decide Which Controls to Test. (Discussed in section 604.)
Step 3 Select Appropriate Procedures. (Discussed in section 605.)
Step 4 Perform Tests of Controls. (Discussed in sections 606 and 607.)
Step 5 Evaluate the Results of the Tests and, If Necessary, Revise the Initial Control Risk Assessment and the Risk of
Material Misstatement. (Discussed in section 608.)
Step 6 Document the Tests of Controls. (Discussed in section 609.)
These steps may overlap or be performed in a varying order. For example, based on the initial audit strategy, the auditor may
decide to test operating effectiveness concurrently with evaluating design and implementation. Auditors often decide which
controls to test (Step 2) when considering whether testing will be efficient (Step 1). Also, documentation of the tests of
controls (Step 6) might be done as the work progresses. However, the step-by-step approach to tests of controls presents a
logical framework for the considerations that are normally required. The remainder of this chapter discusses each of those
steps in further depth.
603 DECIDING WHETHER TO TEST CONTROLS
603.1 AU-C 330.08 indicates that tests of controls should be performed in the following circumstances:
When the auditors risk assessment at the relevant assertion level includes an expectation that the controls are
operating effectively. In that case, audit evidence is obtained to support the operating effectiveness of those
controls. In other words, the understanding of internal control design and implementation allows the auditor to make
an initial assessment that incorporates the auditors expectations about the operating effectiveness of controls.
When the auditor makes a reduced control risk assessment, the auditor performs tests of controls to obtain the
necessary audit evidence to support that expectation.
1(38)
See paragraph 603.3.
When substantive procedures alone cannot provide sufficient appropriate evidence at the relevant assertion level
(that is, when substantive procedures alone are not effective). These circumstances are discussed more fully in
section 403. See also paragraph 603.17.
603.2 The auditor decides whether to test controls for relevant assertions in each audit area based on the preliminary
assessment of the risk of material misstatement. In other words, the decision to test controls is made on an assertion by
assertion basis for each audit area. Those decisions may result in audit responses at the relevant assertion level that consist
of substantive procedures alone or a combination of substantive procedures and tests of controls.
The Risk Assessment Includes an Expectation of Operating Effectiveness
603.3 The auditor needs to know enough about internal control to assess the risk of material misstatement for relevant
assertions for account balances, transaction classes, and disclosures. Chapter 3 provides an in-depth discussion of risk
assessment procedures and the understanding of internal control; Chapter 4 discusses assessing and responding to risks.
What exactly does it mean to say the auditors risk assessment includes an expectation of operating effectiveness? When the
auditors risk assessment for a relevant assertion in an audit area includes an expectation of the operating effectiveness of
controls, it means that the auditor has:
Obtained a sufficient understanding of the specific controls that are likely to prevent or detect and correct material
misstatements in the relevant assertion.
Evaluated the design of those controls and is satisfied that they are capable of preventing or detecting and
correcting a material misstatement in the relevant assertion.
Determined that the controls exist and are being used.
Decided to rely on the effective operation of those controls when designing substantive procedures.
In other words, the auditor plans to reduce the control risk assessment based on the expectation that controls are operating
effectively and design substantive procedures that provide sufficient additional audit evidence to reduce detection risk to an
acceptable low level. In order to reduce the control risk assessment, the auditor should obtain audit evidence supporting his
or her expectation that such controls are operating effectively. Therefore, the audit approach consists of a combination of
tests of controls and substantive procedures that provide sufficient audit evidence about the assertion being tested.
603.4 An expectation of operating effectiveness typically means that the auditors planned control risk assessment is less
than high. In some cases, the combined risk of material misstatement can be assessed as moderate or low even though
control risk is assessed as high. That might be the case, for example, when inherent risk is low or moderate. In that case,
there is no expectation of operating effectiveness and, thus, no tests of controls would be performed. The auditor would
design substantive procedures that address the combined assessed level of risk without considering the effectiveness of
controls.
603.5 There may be instances when the auditor is unable to identify controls in place that would prevent or detect and
correct material misstatements in specific relevant assertions. Similarly, an entity may have limited documentation of the
existence or operation of controls. In such cases, which may occur in smaller entities, testing controls may not be a
consideration or may be inefficient. AU-C 330.A19 further states that in rare cases where the auditor has not identified many
control activities or other control components, the absence of controls may make it impossible to obtain sufficient appropriate
audit evidence.
603.6 Without properly designed and implemented controls, the auditor does not have a basis for an expectation of operating
effectiveness. Consequently, reliance on controls in that situation is not appropriate and control risk is normally assessed as
high.
2(39)
The auditors substantive procedures alone need to be sufficient to respond to the assessed risk of material
misstatement documented at ASB-CX-7.1, Risk Assessment Summary Form.
603.7 The auditor may conclude that controls are appropriately designed and implemented, but may nevertheless decide
that additional tests of operating effectiveness are not warranted. In that case, the auditor does not include his or her
expectation of operating effectiveness when making the risk assessment (that is, the auditor does not reduce the control risk
assessment). Among other reasons, this decision might be based on the following:
Materiality and inherent risk considerations.
Feasibility of performing tests.
Audit efficiency considerations.
603.8 Materiality and Inherent Risk Considerations. After gaining an understanding of the entity and its environment,
including its internal control, the auditor first considers the materiality and inherent risk related to specific audit areas or
assertions when determining the appropriate response. A reduction of the extent of substantive procedures might be possible
based on materiality considerations and the inherent risk assessment alone. In that case, no further attention to control risk or
tests of controls would generally be necessary for those areas or assertions. For example, for accounts or classes of
transactions that are not material, the auditor might determine, given the nature of the risks, that only limited procedures, such
as preliminary and final analytical procedures, is the appropriate response. Also, if the inherent risk for relevant assertions for
an account or class of transactions is low, tests of controls might not be appropriate.
603.9 Feasibility of Performing Tests. In deciding whether to test controls, the auditor considers whether the amount and
persuasiveness of available evidence would be adequate to support the planned reduced control risk assessment. (Section
608 discusses the persuasiveness of audit evidence provided by tests of controls.) For example, based on the nature of the
control, observation and inquiry may be the only procedures that can be used to determine effective operation. If the auditor
determines that the control needs to be tested throughout the year, observing the performance of the control in past periods
would not be possible. Since, as explained in section 605, inquiry alone is not sufficient when testing controls, there may be
insufficient persuasive evidence available to support a reduced assessment of control risk. Likewise, if the planned test of
controls involves inspecting documents, the auditor needs to determine that such documentation is available for the entire
period being audited.
603.10 Audit Efficiency Considerations. In some cases, the auditor may elect to exclude his or her expectation of operating
effectiveness from the relevant risk assessment for efficiency reasons. That may be the case when testing the operating
effectiveness of controls would be inefficient and substantive procedures alone are considered effective. In connection with
determining an audit approach that is appropriate to respond to the auditors risk assessment, AU-C 330.A4 states the
following:
For example, the auditor may determine that...performing only substantive procedures is appropriate for
particular assertions, and therefore, the auditor excludes the effect of controls from the relevant risk
assessment. This may be because the auditors risk assessment procedures have not identified any
effective controls relevant to the assertion or because testing controls would be inefficient, and therefore, the
auditor does not intend to rely on the operating effectiveness of controls in determining the nature, timing,
and extent of substantive procedures. (Emphasis added)
603.11 Excluding the effect of controls from the relevant risk assessment would mean assessing control risk as high
regardless of the auditors expectation that controls may be operating effectively. In other words, even in situations where the
auditor has made a preliminary assessment that controls may be operating effectively based on his or her evaluation of the
design and implementation of controls that would be capable of preventing or detecting and correcting material
misstatements, the auditor may ultimately decide to assess control risk as high for purposes of audit efficiency and perform
only substantive procedures. In order to make that decision, however, the auditor considers whether substantive procedures
alone would be an effective response.
3(40)
603.12 Even if testing the operating effectiveness of controls is deemed to be inefficient, the auditor should still perform
sufficient risk assessment procedures to have an appropriate basis for assessing the risk of material misstatement, including
making the determination that substantive procedures alone are effective. The assessment is a focused consideration of what
could go wrong at the assertion level. If the effect of controls is excluded from the relevant risk assessment, that means the
auditors response in substantive procedures has to be adequate to deal with all those things that the inherent risk
assessment indicates could go wrong. Also, the risk assessment procedures performed have to be sufficient to obtain the
understanding of the entity and its environment, including internal control, to make that decision. In other words, the
assessment of the risk of material misstatement at the assertion level cannot be made without the understanding of internal
control. However, assuming substantive procedures alone are effective, the auditor is allowed to perform substantive
procedures only and not test controls even when controls are believed to be suitably designed and implemented.
4(41)
603.13 Some auditors have traditionally adopted (or defaulted to) a strategy that focuses primarily on the use of substantive
audit procedures based on a belief that substantive procedures alone are effective and testing controls would never be
efficient. The authors caution against such an attitude because it may result in overlooking opportunities for greater audit
efficiency and effectiveness. Since the auditor is required to obtain an understanding of internal control, the auditor may
identify controls that are capable of preventing or detecting and correcting material misstatements for relevant assertions.
Even in small entities, effective controls may exist that could impact the nature, timing, or extent substantive procedures. It is
important for auditors to thoughtfully consider the results of their understanding of internal control when making a decision
about the feasibility or efficiency of testing controls. Decisions about testing controls are normally made
assertion-by-assertion based on the preliminary assessment of control risk. Therefore, efficiency decisions are normally
considered at the assertion level rather than at a global level for the entity as a whole. Also, even in situations where the
auditor may initially conclude after performing risk assessment procedures that testing controls would not be efficient for an
audit area, subsequent audit evidence might reveal that testing controls would either be more efficient or would be required to
adequately address audit risk.
603.14 The auditing standards do not provide guidance for determining when tests of controls would be efficient. (The AICPA
Risk Assessment Audit Guide does, however, provide some considerations that are incorporated into the following
discussion.) In practice, tests of controls (specifically, tests of transactions) ordinarily are efficient in the following
circumstances:
The volume of transactions is relatively high.
The transactions are recurring and relatively uniform within the transaction class.
The transactions are not complex.
The transactions are routinely processed in information systems with well-designed control activities.
The entitys control environment, monitoring, and risk assessment processes are conducive to effective controls.
In those circumstances, it may be efficient to assess the risk of material misstatement with an expectation of the operating
effectiveness of controls, that is, to assess control risk at less than high and test controls. Another circumstance that may lend
itself to efficient tests of controls is the situation where key controls for preventing or detecting and correcting material
misstatements consist primarily of high level monitoring or other entity-level controls that are easy to test.
603.15 In some cases, the auditor may determine that it is both more effective and more efficient to test controls than to
perform extensive substantive procedures. The AICPA Risk Assessment Audit Guide provides two examples:
Inventory cost methods that create layers of costs, such as LIFO and FIFO.
Financial services firms with extensive customer trading accounts.
In situations such as these, the auditor may determine that tests of controls would permit a substantial modification in
substantive procedures, such as a change in the nature (e.g., using substantive analytical procedures in lieu of extensive tests
of details for the inventory example) or extent (e.g., reducing the number of confirmations sent for the financial services firm
example) of procedures and would result in a more effective, as well as more efficient, audit.
603.16 When considering whether tests of controls would be efficient, the authors believe that the auditor should evaluate the
following cost/benefit factors (Example 6-1 illustrates how an auditor may use a cost-benefit analysis in deciding whether to
test controls):
Impact on Substantive Procedures. By performing tests of the operating effectiveness of controls, the auditor may be
able to alter the nature, timing, or extent of substantive procedures. For example, when the auditor uses sampling in
planned substantive procedures, sample sizes will generally be lower when the auditor tests the operating
effectiveness of controls. The lower level of assessed risk allows the auditor to reduce the confidence levels required
in sampling applications. (Sampling is discussed beginning at paragraph 606.13 and more fully in Chapter 7.)
Relevant Costs. When determining a preliminary audit strategy, some auditors may mistakenly believe that a
decision to not test the operating effectiveness of controls will eliminate some or much of the need to obtain a
sufficient understanding of internal control. As noted in Chapter 3, the auditor is required to obtain an understanding
that includes an evaluation of the design of relevant controls and determination about whether they have been
implemented. Therefore, the relevant cost in an efficiency decision is only the incremental cost of testing the
operating effectiveness of controls.
The Need to Test Indirect (or Complementary) Controls. When considering the cost of testing controls, auditors
should not lose sight of the need to obtain audit evidence about information that allows the effective operation of
those controls. When designing and performing tests of controls, auditors are required to determine whether
controls to be tested depend upon other controls and, if so, whether it is necessary to test the operating
effectiveness of those indirect controls. For example, if the credit manager makes credit approval decisions on new
or subsequent customer orders based on an internally developed credit approval rating system, the auditor should
understand, and possibly test, the controls over the rating system in addition to testing the approval process.
Furthermore, when testing automated application controls, the auditor needs to consider the effective functioning of
general controls. Tests of IT related controls are discussed in section 607. Indirect controls are further discussed
Whether Controls Have Changed during the Audit Period. During the audit period, an entity may redesign its controls
or implement new controls. AU-C 330.A21 indicates:
If substantially different controls were used at different times during the period under audit, each is
considered separately.
The need to design and perform control tests on controls that changed during the period may have a significant
impact on efficiency considerations. For example, the same test may not be effective both before and after the
control change and, therefore, two or more different tests may be needed.
The Impact on Future Audits. As discussed beginning at paragraph 606.8, an auditor may be able to use audit
evidence from tests of controls over a three-year period, subject to certain conditions. Therefore, auditors may not
want to isolate their cost-benefit analysis to only the current audit in continuing engagements where controls are not
expected to change significantly from year to year. In those cases, the benefits from reduced substantive
procedures may be realized for three years if controls can be rotationally tested.
Whether Assertions Can Be Tested Using Computer-Assisted Audit Techniques. Some auditors believe that when
using computer-assisted audit techniques (CAATs), some account balances or transaction classes can be audited
100% more efficiently than by testing controls in order to reduce the extent of substantive procedures. However,
where the information used to perform the substantive procedures is produced by the entitys information system,
the auditor needs to obtain evidence about the informations accuracy and completeness. Also, the auditors use of
CAATs does not eliminate the need to have an understanding of the controls over the system, including IT general
controls and particularly the portion of the system that generated the copy of the file being tested by CAATs. CAATs
are discussed in section 909.
Client Expectations. An auditor might test controls for reasons other than audit purposes. For instance, the client
may specifically engage the auditor to test controls. Or the client may have expectations that controls will be tested,
and the auditor may decide to do so only to meet those expectations as a client service and to provide added value.
In such cases, the auditor tests controls even though the auditor would not otherwise have done so.
Example 6-1: Deciding whether to test controls
The auditor is considering the number of confirmations of accounts receivable to send for ECS Company. The accounts
receivable balance to be sampled totals $2 million and tolerable misstatement is $37,500. ECS Company has control
policies and procedures that may support a control risk assessment below high for the existence assertion. Thus, the
auditor believes it may be efficient to perform tests of controls. The auditor plans to use the MUS (PPS) approximation
model to determine the sample size (see paragraph 704.12) for confirmation.
1.If the auditor is able to assess the risk of material misstatement as low and other procedures risk (i.e., the risk
that substantive tests of sales transactions directed toward the same audit objective will fail to detect a
material misstatement) as moderate, then the initial sample size for the confirmation would be computed as
follows:
2.If the auditor decides to assess the risk of material misstatement as high (i.e., does not plan to test the
operating effectiveness of controls) and other procedures risk is considered high, then the initial sample
size for the confirmation would be computed as follows:
The auditor compares the cost of performing tests of controls to the potential reduction in confirmations and concludes
that the possibility of sending 96 fewer confirmations may warrant performing tests of controls. (Determination of the
appropriate sample size for tests of controls using sampling is discussed in section 705.)
This example involves a reduction in the extent of a substantive procedure, but the same approach might also apply to a
change in the nature or timing of a substantive procedure (e.g., if control risk is low, use an analytical procedure rather
than a test of details, or apply the test of details at an interim date rather than at year-end). (See the discussion
beginning at paragraph 608.31.)
Efficiency opportunities when performing tests of controls are further discussed beginning at paragraph 606.17.
Substantive Procedures Alone Do Not Provide Sufficient Audit Evidence
603.17 As discussed in section 403, AU-C 315.31 notes that auditors are required to obtain an understanding of controls
related to risks for which it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive
procedures. AU-C 330.08 requires the auditor to test the relevant controls for operating effectiveness. Thus, auditors should
identify risks for which substantive procedures alone are not effective. Those risks often occur in audit areas in which there is
highly automated processing with little or no manual intervention. Due to the importance of effective controls over accuracy
and completeness in that processing environment, it may not be practical, or even possible, to perform only substantive
procedures without testing controls.
603.18 Examples of When Testing Controls May Be Necessary. The auditor may decide that it is necessary to test
controls when an entitys accounting data and corroborating evidence are available only in electronic form (for example, when
a significant amount of information supporting one or more financial statement assertions is electronically initiated, authorized,
recorded, processed, or reported and related audit evidence exists only in electronic form). In those instances, the risk of
improperly initiating or altering information without detection is greater if appropriate controls are not operating effectively.
Also, the appropriateness and sufficiency of the audit evidence usually depend on having effective controls over the accuracy
and completeness of processing. For example, it may be necessary to perform tests of controls when an entity uses the
computer to initiate orders for goods based on predetermined rules and pays the related payables based on electronic
information in transactions concerning receipt of goods, and no other documentation of orders or receipts is produced or
maintained.
603.19 Some auditors believe that in small business audits, the risk of theft of cash is such that it is usually necessary to test
controls over cash receipts and disbursements. For example, with respect to revenues received primarily in cash (such as
those of some fast food restaurants or charitable organizations) it may be difficult to limit audit risk for the completeness
assertion to an appropriate level without an assessed level of control risk at less than high. If auditors believe that there is a
significant risk of error or theft of cash through cash disbursements, they may test high-level controls, such as the
reconciliation routine, segregation of duties, and management oversight of the process. They may also test a selection of
disbursements for controls designed to prevent or detect theft (such as evidence of an invoice and evidence of proper
authorizations), as well as for proper account coding. If the tests of transactions show the controls to be operating effectively,
the auditor may be able to assess control risk at less than high and reduce the extent of vouching in other audit areas. For
example, an auditor might assess control risk for expenses at less than high based on an adequate control environment and
tests showing effective controls over disbursements.
604 DECIDING WHICH CONTROLS TO TEST
604.1 The most efficient and effective approach to deciding which controls to test is to take a top-down approach. Begin with
the financial statements and identify the significant accounts and disclosures. Then identify the significant transaction classes
and processes that result in those accounts and disclosures. Within those transaction classes and processes, identify the
controls that individually or in combination with other controls prevent, or detect and correct, material misstatements in the
relevant assertions related to identified risks. This approach normally results in emphasizing the areas in which material
misstatements are most likely to occur.
604.2 It is also efficient and effective to consider company-wide or entity-level controls before testing control activities. One
reason to take this approach is that if the controls at the top level are poor, it creates an environment that is not conducive to
effective controls, and even well-designed and implemented control activities might not be effective. In that case, testing
control activities may not be productive. Another reason is that some controls at the top might operate at a direct and detailed
enough level to reduce the risk of material misstatement at the relevant assertion level. If that is the case, it might be easier
and more efficient to test the entity-level controls than control activities, or testing those controls might at least permit a
reduction in the extent of testing control activities.
604.3 The remainder of this section discusses the following aspects of deciding which controls to test:
Test only those controls that are suitably designed and implemented (paragraph 604.4).
Test controls within significant processes, but do not test process steps independently of controls (paragraph
604.7).
Test controls relevant to the risks of material misstatement of relevant assertions (paragraph 604.8).
Test the key controls that are relevant to the identified risks (paragraph 604.9).
Consider the need to test indirect or complimentary controls that support the effective operation of control activities
being tested (paragraph 604.10).
If several controls yield equivalent evidence, test the easy-to-test controls (paragraph 604.14).
Improperly Designed Controls or Controls Not Implemented
604.4 AU-C 330.A21 emphasizes that only effectively designed controls are tested for operating effectiveness. Specifically, it
states:
Tests of controls are performed only on those controls that the auditor has determined are suitably designed
to prevent, or detect and correct, a material misstatement in a relevant assertion.
604.5 There is no benefit to testing the operating effectiveness of a control that is inappropriately designed to prevent, or
detect and correct, a material misstatement in a relevant assertion. Even if an improperly designed control could be found to
be consistently applied and operating as designed throughout the year, no amount of testing will transform it into a control
that is capable of preventing or detecting misstatements.
604.6 Also, there is no benefit in testing a control that has not been properly implemented. For example, an auditor might
conclude that the documentation of controls in the clients accounting procedures manual indicates that controls are
effectively designed to address risks of material misstatement and satisfy relevant control objectives. However, when
determining whether the controls are implemented by performing various risk assessment procedures, the auditor finds that
the controls, as designed, are not properly communicated or followed. In that case, tests of those controls would not be
performed.
Tests of Controls versus Processes
604.7 When designing and performing tests of controls, it is important for auditors to ensure that the item being tested is, in
fact, a control and not a processing step. A process is best described by example. A process would be the coding of an
invoice by the accounts payable clerk and the subsequent input to the payable system. A control, however, addresses the
risk of what could go wrong in the process, and by doing so it either prevents, or detects and corrects, misstatements that
could occur as a result of processing the transaction. In the accounts payable area, examples of controls include supervisory
review of the amounts input and account coding, the use of programmed restrictions in the accounts payable system that limit
which accounts are eligible for coding, or programmed edit routines that detect input amounts that do not agree to underlying
purchase orders. While this concern is more appropriately addressed when evaluating the design and implementation of
controls, the authors believe auditors should take care that their control tests do not incorporate a process without a
corresponding control.
Controls Relevant to Identified Risks for Relevant Assertions
604.8 The focus of control testing is directed to those controls that are relevant to risks the auditor has identified (that is, the
risk that the assertion is misstated). The misstatement could be an overstatement due to theft, improper valuation, or an
unreasonable estimate; or an understatement due to unrecorded transactions, etc. In many small business audits, the auditor
might be able to test only one or two selected controls relating to the risk of concern for a specific assertion for an account.
The auditor does not always have to test all the control activities relating to an assertion to assess control risk at less than
high. Often, the control activities component of internal control is the one most directly related to specific assertions, and the
auditor will test control activities. However, as discussed in paragraph 604.2, entity-level controls may operate at a direct and
detailed-enough level to reduce the risk of material misstatement for a specific relevant assertion, and the auditor may
consider testing entity-level controls. For fraud risks or other significant risks, as well as risks for which substantive
procedures alone are not adequate, the auditor should obtain an understanding of the design and implementation of the
related controls, which can serve as a basis for determining which controls to test. The Activity and Entity-level Control
Forms at ASB-CX-5, discussed in paragraph 609.7, link controls and assertions.
Key Controls
604.9 The auditor normally focuses on those controls that are key in preventing or detecting material misstatements in the
relevant assertions. Key controls often include actions of supervisors and senior management and may include
documentation of supervision, budgeting, reporting, review, etc., that can be easily tested by inquiry, observation, and
inspection of reports and documents. Not only is it easier and more efficient to test such controls (such as by reviewing the
clients investigation and variance reports) than it is to perform detailed tests of transactions, but the tests may also provide
more assurance about the controls than tests of transactions. For example, management may prepare budgets, periodically
compare them to actual results, and investigate significant variations in a timely manner, or management may compare
financial statement results to relevant operational data, such as comparing units or hours billed to units shipped or hours
charged. Reports of the variations, investigative actions, explanations of the variations resulting from the investigations, and
corrective actions taken may provide evidence of the effective operation of the control. Such a control may be a key one with
respect to relevant assertions for revenues or expenses. Key controls are also discussed in paragraph 303.53.
Indirect or Complementary Controls
604.10 AU-C 330.10 indicates the following:
In designing and performing tests of controls, the auditor should . . . determine whether the controls to be
tested depend upon other controls (indirect controls) and, if so, whether it is necessary to obtain audit
evidence supporting the operating effectiveness of those indirect controls.
The AICPA Risk Assessment Audit Guide refers to these indirect controls as complementary controls. For example, if the
auditor decides to test the operating effectiveness of a user review of an exception report of sales in excess of authorized
credit limits, the auditor also considers whether it is necessary to test the operating effectiveness of controls over the accuracy
of information in the report, such as IT general controls.
604.11 Indirect or complementary controls may include:
Controls over the accuracy and completeness of information used in the performance of the direct control.
IT general controls.
Segregation of duties.
The control environment.
604.12 Determining whether to test indirect or complementary controls and the nature and extent of those tests requires
judgment. Some of the factors that might be considered when making such decisions are:
Significance of the Indirect or Complementary Control to the Effective Functioning of the Direct Control. The
significance of an indirect control to the effective functioning of the related direct control may vary greatly depending
on the situation. Obviously, as the degree of significance increases, the need for audit evidence about the indirect
control also increases. In some situations, such as for IT application and general controls, the conclusion reached
on the operating effectiveness of the direct (application) control may be based primarily on the audit evidence
related to the indirect (general) control.
Degree of Assurance Required from Tests of Operating Effectiveness. If the auditor requires a greater degree of
reliability or assurance from the tests of operating effectiveness, the degree of audit evidence needed about indirect
controls also normally increases.
Evidence Obtained through Risk Assessment Procedures. When the auditor performs risk assessment procedures to
understand the direct control, evidence about the operating effectiveness of indirect controls might also be obtained.
In certain situations, the auditor might determine that sufficient evidence about the indirect controls has been
obtained from risk assessment procedures alone after considering the factors previously discussed.
604.13 When evaluating whether to test controls from an efficiency perspective, the auditor normally considers the additional
costs of testing indirect controls to determine if testing is cost effective. For example, the auditor determines that the clients
cash reconciliation is a key control that, if operating effectively, will allow a modification in the nature of substantive
procedures for cash. The reconciliation, research, and resolution of identified issues is the key control, but the effective
operation of the control is also dependent on proper segregation of duties. If the reconciliation was performed by individuals
that have the ability to post cash receipts and disbursement activity to the general ledger, the effectiveness of the control may
be compromised. Therefore, as part of testing the operation of the control, the auditor also would want to ensure that proper
segregation of duties was maintained for individuals performing the control.
Easy-to-test Controls
604.14 Some controls may be easier to test than other controls and yet yield equivalent persuasive evidence to support a
risk assessment. Naturally, if there is a choice, the auditor would normally test the control that is easier to test, considering the
availability and persuasiveness of audit evidence. The auditor would not, however, test controls that are not relevant to the
audit just because the controls are easy to test.
605 SELECTING APPROPRIATE PROCEDURES
605.1 Tests of controls are further audit procedures that are performed with the objective of obtaining audit evidence about
the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion
level. AU-C 330.09 notes that, when designing and performing tests of controls, the auditor is required to obtain more
persuasive audit evidence as the degree of reliance on the effectiveness of a control increases. Auditors may perform one or
a combination of tests to obtain the level of assurance needed to support the assessed level of control risk. When selecting
control tests, auditors consider the cumulative evidence about operating effectiveness that is obtained from various sources.
605.2 This section discusses the nature or types of tests of controls. The time frame for testing controls, the extent of such
tests, efficiency opportunities when testing controls, and other matters related to performing tests of controls are discussed in
section 606. Tests of IT related controls are discussed in section 607.
605.3 While evidence about the operating effectiveness of controls is generally obtained through tests of controls, such
evidence might be derived from a variety of sources:
Pre-engagement Activities. Procedures and conclusions reached regarding client acceptance or continuance may
provide evidence regarding managements ethical values, operating philosophy, integrity and competence.
(Discussed in section 202.)
The Understanding of Controls Obtained as Part of the Risk Assessment Process. Many of the procedures commonly
used in the risk assessment process to gain an understanding of internal control also may provide evidence about
the controls operating effectiveness. (Discussed beginning in paragraph 608.25.)
Prior Audits. AU-C 330 explicitly recognizes that the auditor may be able to use audit evidence about the operating
effectiveness of controls obtained in previous audits. (Discussed beginning in paragraph 606.8.)
Type 2 Service Auditor Reports. A service auditor may apply tests of controls at a service organization and report on
whether the controls are operating effectively to achieve specified control objectives. This type of report, also known
as a Type 2 report, may be helpful in determining whether controls have been suitability designed and
implemented, and in assessing control risk at either a low or moderate level when relevant controls are applied at a
service organization. (Discussed beginning in paragraph 905.20.)
Substantive procedures may provide additional evidence that is consistent with the auditors conclusion about the operating
effectiveness of controls or that creates the need to reevaluate the prior assessment of control risk. AU-C 330.16 notes that
auditors should evaluate whether misstatements that have been detected by substantive procedures indicate that controls are
not operating effectively. According to AU-C 330.A43, the identification of a material misstatement in the financial statements
that would not have been detected by the entitys internal controls is an indicator of a material weakness. However, auditors
should be aware that a lack of misstatements as a result of substantive procedures does not provide audit evidence about the
operating effectiveness of controls. The auditors responsibility for reporting internal control matters, including significant
deficiencies and material weaknesses, is discussed in Chapter 18 and paragraph 608.10.
605.4 Understanding the potential sources of evidence is important to the auditor when designing tests of controls,
considering the extent and timing of those tests, and evaluating the effect on the control risk assessment. The audit evidence
provided from various sources is normally considered in a cumulative manner when deciding whether sufficient appropriate
evidence has been obtained to support the auditors evaluation of operating effectiveness and the final assessment of control
risk. In choosing procedures to test a control, consider the degree of assurance provided by the procedure in relation to the
degree needed (see the discussion beginning at paragraph 608.11). If there is a choice, choose the procedure that is most
efficient in providing the needed degree of assurance.
Nature and Types of Tests of Controls
605.5 Tests of controls (either manual or automated) ordinarily include procedures such as the following:
Inquiries of appropriate entity personnel.
Observation of the application of the control.
Inspection of documents, reports, or electronic files indicating performance of the control.
Walkthroughs.
Reviews of reconciliations and similar bookkeeping routines.
Reperformance of the application of the control.
605.6 The information and evidence typically sought from tests of controls include the following:
What the control is.
Who performs it, including the persons name and job title, and whether the person has the necessary authority and
competence.
5(42)
How it was performed at relevant times during the period.
The consistency with which it was performed during the period.
What reports, files, or other documents are used in performing the control.
What reports, files, or other documents, if any, are produced as evidence of the performance of the control.
What action is taken if the control reveals an error, discrepancy, or unusual item.
How supervisory and managerial personnel satisfy themselves that the control is operating as planned to prevent or
detect errors.
605.7 The auditor often obtains evidence about the operating effectiveness of controls by performing a combination of the
procedures listed in paragraph 605.5, as well as from the understanding of controls and prior audits. (Rotating tests of
controls over a three year cycle is discussed in paragraph 606.8.) The procedures and sources of information complement
and supplement one another. For example, an auditor may inquire about the existence and nature of a control activity, have
the person who performs it demonstrate or walk through the steps involved, and inspect the documents or electronic files
used or reports produced. In this example, the auditor would have used inquiry, observation, inspection, and a walkthrough.
These procedures would not only provide the auditor with an understanding of the control activity, but would also constitute a
test of the control.
605.8 According to AU-C 330, inquiry alone is not sufficient to obtain reasonable assurance of operating effectiveness. Thus,
the auditor should perform other procedures in combination with inquiry. AU-C 330.A28 indicates, however, that inquiry
combined with inspection, recalculation, or reperformance may provide more assurance than inquiry and observation
because an observation is pertinent only at the point in time at which it is made. For example, the auditor might inquire about
and observe the procedures for opening mail and processing cash receipts. To obtain greater assurance, the auditor could
supplement those inquiries and observations with procedures such as inspecting documents (for example, prelists of cash
receipts) and, possibly, reperformance procedures (for example, reperforming the comparison of amounts on prelists to
accounting records and bank deposits).
605.9 The nature of the control that is being tested will generally direct the type of procedure necessary to obtain audit
evidence about operating effectiveness. (See the related discussion beginning at paragraph 608.13.) For example, a control
in which a manager reviews the clerical accuracy of the coding of invoices over $1,000 may be evidenced by the managers
initials on the invoice. The nature of this control would generally dictate the auditors procedures to be inspection of the
invoice for documentation of the managers initials combined with reperformance of the control activity (that is, a check of the
clerical accuracy).
605.10 For some controls, however, documentation may not be relevant or available. For example, the operation of certain
aspects of the control environment, such as the assignment of authority and responsibility, might not be documented.
Similarly, the operation of certain control activities, such as those performed by the computer, might not be documented. In
those cases, the auditor may need to perform inquiry in combination with other procedures, such as observation or the use of
CAATs, to obtain audit evidence about operating effectiveness.
6(43)
605.11 Efficiency is also a consideration when selecting audit procedures. If there is a choice, choose the procedure that is
most efficient in providing the needed degree of assurance. The following paragraphs discuss the procedures commonly
used to test controls.
605.12 Inquiry and Observation. As discussed in Chapter 3, inquiry and observation are often used in the general planning
and risk assessment phase of the audit to obtain an understanding about controls and whether they have been implemented.
Also, as discussed in paragraph 608.25, while making inquiries and observations for that purpose, the auditor may also gain
evidence about the controls operating effectiveness. Inquiry and observation are typically used to test controls that do not
produce documentary evidence of performance, such as separation of duties, controls over access to assets and records,
certain control environment factors, or some control activities performed by a computer. Inquiry and observation often
complement or supplement each other. For example, the auditor might inquire about the existence of a particular control
activity and then observe the activity being performed to determine that it is in fact in operation and perhaps also to assess its
effectiveness. Similarly, observation would normally be supplemented by inquiry since an observation is only pertinent at the
point in time at which it is made.
605.13 The auditor may be able to conveniently document inquiries and observations using the Test of Controls Form
(ASB-CX-10.1), which is discussed in paragraph 609.6. Some auditors may prefer to document the inquiries and observations
in a memo that identifies the purpose of the inquiries and observations, the types of transactions covered by the control, the
date of the inquiry or observation, the person(s) interviewed or observed and their position(s), the questions asked and replies
received, and the activities observed.
605.14 Improving Inquiry and Observation Procedures. In both large and small business engagements, the effectiveness of
inquiry and observation can be improved by the following recommendations:
Ask Open-ended Questions. Particularly in the early questioning, use broad unstructured questions: How do you
bill customers? How are customers complaints on billing handled? Sometimes direct questions are necessary:
How often is the bank account reconciled? However, avoid direct questions that may seem accusatory: Why
dont you use prenumbered sales invoices?
Focus on Exceptions. Find out what happens when reconciliation and review routines disclose errors. How are
differences between the control account and customers ledgers handled? Who does the follow-up? Find out what
happens when employees with key assigned duties are on vacation or otherwise absent.
Cross-check Answers. Extend the inquiries beyond the employees own duties to their understanding of the duties of
others. Cross-check answers among personnel, e.g., ask an employee about the procedures used when an error is
detected and confirm the answer with the employee who does the follow-up.
Document Inquiry and Observation Procedures. Because the unstructured approach to questioning usually
produces the most informative responses, auditors may tend to take notes that are later used to prepare the audit
documentation, which may lead to omission of important information. That tendency can be overcome by
systematic identification in advance of important controls (for example, by using a memory jogger) and timely
documentation of the related inquiry and observation.
605.15 Inspection of Documents, Reports, or Electronic Files. This procedure includes inspection of source documents
(such as invoices, bills of lading, and receiving reports), log books (such as shipping and receiving logs), reports (such as
internal auditors reports and exception reports), accounting procedures manuals, or (for operating effectiveness) electronic
files. Documents are inspected for an indication that the control activity was performed (for example, initials of the person who
approved a transaction or a clerks checkmark indicating that a total was footed or an extension checked). Reports, which
may include internally produced financial or operational reports or externally produced reports of financial institutions,
regulatory agencies, service organization auditors, etc., are reviewed for description of the activity or investigation performed,
the resulting findings, and the clients response to problems detected.
605.16 Audit sampling is sometimes used in tests of controls that involve inspection of documents. However, tests of controls
involving document inspection do not necessarily require sampling, for example, inspection of documents in conjunction with
inquiries and observations, walkthroughs (discussed in paragraph 605.17), or reviews of reconciliations (discussed beginning
in paragraph 605.18). Sampling in tests of controls is discussed further beginning in paragraph 606.13 and Chapter 7.
605.17 Walkthroughs. Walkthroughs are commonly used in gaining an understanding (or further understanding) of controls.
A walkthrough can also serve as a test of controls and in some cases, along with other tests of controls, can provide a valid
basis for assessing control risk at less than high. However, this approach generally by itself does not provide a sufficient basis
for assessing control risk as low. Walkthroughs are discussed in more detail beginning in paragraph 305.20.
605.18 Reviews of Reconciliations and Similar Bookkeeping Routines. Reviews of reconciliations and similar
bookkeeping routines can be very efficient tests of controls. They may include review of the following:
Accounting for the numerical sequence of documents.
Follow-up of unmatched items.
Reconciliation of a subsidiary ledger to the control account.
Reconciliation of third-party information to the accounting records (for example, bank reconciliation or vendor
statement).
Reconciliation of related nonaccounting data (for example, units shipped to units billed).
As discussed in paragraph 604.7, it is important to ensure, however, that a control rather than just a process is being tested.
605.19 The auditors approach to testing these routines is generally as follows:
Inspect evidence that the routine was performed throughout the period (for example, reports of unmatched items or
written bank reconciliations).
Inspect examples of the routine having been performed.
Investigate the resolution of significant misstatements or exceptions disclosed by the routine, or investigate a few if
none are significant.
605.20 In this approach, the auditors objective is to confirm that the routine is being performed throughout the period and
that misstatements and exceptions are being appropriately investigated and resolved. Thus, this approach does not involve
audit sampling, even though there is documentary evidence of performance of the routines.
605.21 Reperformance of the Control Activity. Examples of reperformance tests of controls include recomputing
extensions and totals on sales invoices, tracing units billed from an invoice to a shipping document, or recomputing gross
pay. Reperformance tests are commonly performed along with inspection of documents. For example, the auditor may test
the clerical accuracy of a sales invoice and inspect supporting documents for evidence of proper approval. Audit sampling is
sometimes used in tests of controls that involve reperformance of control activities applied to documented transactions.
Sampling in tests of controls is discussed beginning in paragraph 606.13 and Chapter 7.
605.22 An advantage of reperformance is that it usually provides substantive audit evidence about the transaction as well as
about the control activity (that is, it is a dual-purpose test). For example, the auditor will obtain evidence that the transaction is
recorded in the proper account at the proper amount as well as that it was properly approved.
605.23 Reperformance tests can be very time-consuming. Thus, the authors recommend avoiding reperformance tests to the
extent possible. However, such tests may be necessary (instead of or in addition to other tests such as inquiry or observation)
if the control is particularly significant or if controls are tested when the control environment is not strong.
606 PERFORMING TESTS OF CONTROLS
606.1 Testing controls includes obtaining evidence about:
How controls were applied at relevant times during the audit period.
The consistency of application.
Who applied the controls and the means of their application, including whether the person performing them has the
necessary authority and competence.
The objective of performing tests of controls is to obtain sufficient appropriate audit evidence about their operating
effectiveness to support the auditors assessment of control risk.
606.2 This section discusses the timing of tests of controls, the extent of such tests, efficiency opportunities when testing
controls, and other matters related to performing tests of controls. The nature of procedures used in tests of controls is
discussed in section 605. Tests of IT related controls are discussed in section 607.
Timing of Tests of Controls
606.3 AU-C 330.11 states:
The auditor should test controls for the particular time or throughout the period for which auditor intends to
rely on those controls...in order to provide an appropriate basis for the auditors intended reliance.
The appropriate timing depends upon the auditors objective and for what period of time reliance is needed about the
operating effectiveness of controls. When a control is tested at a point in time, the audit evidence can only support a
conclusion about operating effectiveness at that point in time. Conversely, when a control is tested over a period of time, the
audit evidence can be used to form a conclusion about operating effectiveness over that period.
606.4 In some cases, the control being tested need only be tested at a point in time. For example, for controls over the
observation of the annual physical inventory, testing would only be relevant at that point in time since the controls are only
applied once. Other controls, however, may operate throughout the audit period, requiring the auditor to collect evidence
about operating effectiveness for the entire period. For an automated control that operates throughout the period, the auditor
might be able to test the operation of the control at a point in time and collect evidence about its continued operation through
tests of general controls.
606.5 Other considerations related to the timing of control tests include the following:
Whether to perform the tests at an interim date or at period end.
Whether to use audit evidence about the operating effectiveness of controls obtained in previous audits.
606.6 Interim Testing of Controls. Based on the audit strategy, the auditor might decide to perform tests of controls through
an interim date prior to the balance sheet date. AU-C 330.12 requires the following when auditors perform tests of controls
through an interim date:
Auditors should obtain audit evidence about significant changes in those controls that occur during the remaining
period.
Auditors should determine what additional audit evidence to obtain for the remaining period considering factors
such as:
Significance of the assessed risks of material misstatement at the relevant assertion level.
Specific controls tested during the interim period and the results of the tests.
Significant changes to controls since they were tested, including changes in the information system, processes,
and personnel.
Degree to which audit evidence about operating effectiveness was obtained.
Length of the remaining period.
Extent to which further substantive procedures will be reduced based on control reliance.
Effectiveness of the control environment.
606.7 Additional audit evidence about the operating effectiveness of controls over the remaining period of time can be
obtained by extending the tests of controls over the remaining period or testing the entitys monitoring of controls.
606.8 Using Audit Evidence Obtained in Previous Audits. AU-C 330 explicitly recognizes that the auditor may be able to
use audit evidence about the operating effectiveness of controls obtained in prior audits subject to certain defined restrictions.
If these restrictions are met, the audit practice of rotating tests of controls over a three year cycle might be used. AU-C
330.13.15 explains the following guidelines for rotating tests of controls:
When the auditor plans to use evidence from a previous audit about the operating effectiveness of controls, the
auditor should perform procedures to determine whether the information obtained previously continues to be
relevant for the current audit. In other words, the auditor determines if changes have occurred since the previous
audit, such as changes in the system, personnel performing the controls, or the control environment, that affect the
relevance of previous audit evidence.
The evidence about whether changes have occurred should be obtained by performing inquiry combined with
observation or inspection to confirm the understanding of those specific controls. Inquiry alone is not enough.
If there have been changes that affect the continuing relevance of the audit evidence obtained in a previous audit,
the controls should be tested in the current audit. Rotation of testing is not appropriate if there have been changes.
If there have not been changes, the auditor should test the controls at least once in every third year in an annual
audit.
If a number of controls are rotationally tested, the auditor should perform some tests of controls each year. It is not
acceptable to test all controls in a single audit period with no testing in the subsequent two audit periods.
Rotation of testing is not permitted if the auditor plans to rely on controls that mitigate a fraud risk or other significant
risk. For controls related to significant risks, the tests of controls should be performed in the current period.
In considering whether rotation is appropriate and the time elapsed before retesting, the auditor should consider the
factors in Exhibit 6-2.
Exhibit 6-2
Factors to Consider Regarding Rotation of Control Tests
Factor Examples
Impact on Decision to
Rotate Control Tests
Impact on Time Elapsed
Before Retesting
Effectiveness of other
elements of internal
control, including the
entitys control
environment, monitoring,
and risk assessment
process.
Design effectiveness
and implementation
of monitoring over
relevant controls has
improved.
Rotation would
generally be
appropriate.
Consider retesting
every third year.
Deterioration in the
design effectiveness
and implementation
of control
environment or
monitoring elements.
Question the
appropriateness of
rotating tests.
Consider shortening
the time elapsed
before retesting.
Whether the control is
manual or automated.
Control is automated
and general IT
controls are effective.
Rotation would
generally be
appropriate.
Consider retesting
every third year.
A manual control
requires intricate
steps and judgment
on the part of the
individual who
performs it.
Question the
appropriateness of
rotating tests.
Consider retesting
each year.
Effectiveness of IT general
controls.
IT general controls
are not designed or
operating effectively.
Depending on the
significance of the
general controls to
the application
control, rotation
would generally not
be appropriate.
Consider retesting
pertinent application
controls each year
(or consider the
appropriateness of
testing).
How the control is
applied, including the
nature and extent of
deviations detected in
prior audits and whether
any personnel changes
have occurred that
significantly affect the
Testing of control in
prior audits did not
reveal any
deviations.
Rotation would
generally be
appropriate.
Consider retesting
every third year.
Factor Examples
Impact on Decision to
Rotate Control Tests
Impact on Time Elapsed
Before Retesting
controls application.
Testing of control in
prior year revealed
one or more
unresolved
deviations.
Question the
appropriateness of
rotating tests,
depending on the
nature of the
deviation.
Consider retesting
each year,
depending on the
nature of the
deviation.
New personnel in the
current year with less
experience and
background who
apply the control.
Question the
appropriateness of
rotating tests.
Consider retesting in
the current year.
Whether the control
should have changed in
response to changing
circumstances but did
not.
Control remains
unchanged from
prior audits, but the
changed
circumstance does
not impact the nature
of the risk the control
is addressing.
Rotation would
generally be
appropriate.
Consider retesting
every third year
contingent upon the
status of the
changed
circumstances.
Control remains
unchanged from
prior audits, and the
changed
circumstance directly
impacts the risk the
control is
addressing.
Consider whether
control remains
appropriately
designed prior to
rotating control tests.
If the control remains
appropriately
designed, consider
the status of the
changed
circumstances when
deciding how often
to retest.
Risks of material
misstatement and the
extent of reliance on the
control.
Control risk is
preliminarily
assessed at
moderate and
planned substantive
procedures will not
be substantially
modified.
Rotation would
generally be
appropriate.
Consider retesting
every third year.
Control risk is
preliminarily
assessed at low and
planned substantive
procedures will be
extensively modified
based on the
planned reliance on
the operating
effectiveness.
Question the
appropriateness of
rotating tests.
Consider retesting
each year or every
other year.
* * *
606.9 Rotation of tests of controls on a cyclical basis over three years is, thus, permitted, but the auditor has to obtain
persuasive evidence that the controls have not changed in the current period and evaluate the appropriateness of relying on
prior tests in the particular circumstances of the current periods audit. That includes considering whether controls should
have changed in response to changing circumstances but did not. In other words, the auditor is still obligated to evaluate
design effectiveness and determine whether the controls have been implemented each year.
606.10 Generally, the higher the auditors risk assessment or the greater the planned reliance on controls, the shorter the
time period between testing controls. Factors that may decrease the time between retesting or cause the auditor to reconsider
the appropriateness of rotating tests of controls include the following:
Deficiencies in the control environment.
Deficiencies in the entitys monitoring process.
Deficiencies in IT general controls.
Significant manual intervention involved in the application of controls.
Personnel changes.
Changing circumstances that indicate the need for changes in controls.
Extent of Tests of Controls
606.11 AU-C 330.09 states:
In designing and performing tests of controls, the auditor should obtain more persuasive audit evidence the
greater the reliance the auditor places on the effectiveness of a control.
AU-C 330.A31 further indicates:
When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be
appropriate to increase the extent of testing of the control.
Thus, the extent of tests of controls necessary in particular circumstances is affected by the degree of assurance provided by
a test procedure in relation to the degree of assurance needed to support a control risk assessment. The level of assurance
needed to support a control risk assessment is discussed further beginning in paragraph 608.11.
606.12 In addition to the degree of reliance on controls, factors that may be considered by the auditor when determining the
extent of tests of controls include:
Frequency of the operation of the control.
Length of time during the audit period that reliance on operating effectiveness is required.
Extent of tests of other controls (including entity-level controls) that are related to the relevant assertion. (See the
discussion beginning with paragraph 608.25.)
Relevance and reliability of the audit evidence about operating effectiveness of the control at the relevant assertion
level.
Expected deviation from the control.
606.13 Use of Audit Sampling in Tests of Controls. AU-C 330.25 indicates that when the auditor designs tests of controls,
he or she should determine the means of selecting items for testing that are effective in meeting the purpose of the audit
procedure. The auditor has the option of selecting all items in a population, selecting specific items, or audit sampling. Of
those methods, audit sampling is generally the most appropriate means of selecting items for tests of controls. However,
procedures performed to obtain an understanding of internal control do not involve sampling. Also, sampling ordinarily does
not apply to the following types of tests of controls:
Tests of automated application controls when effective IT general controls are present.
Analyses of controls for determining the appropriate segregation of duties or other analyses that do not examine
documentary evidence of performance.
Analyses of the effectiveness of security and access controls.
Tests directed toward obtaining audit evidence about the operation of the control environment, for example, inquiry
or observation of the explanation of variances from budgets when the auditor does not plan to estimate the rate of
deviation from the prescribed control.
Examining actions of directors for assessing their effectiveness, for example, evaluating whether the audit committee
is appropriately involved in the financial reporting process.
606.14 Generally, the auditor considers using audit sampling for tests of controls in the following circumstances:
The control is applied on a transaction basis, for example, matching approved purchase orders to supplier invoices.
The control operates frequently.
In these circumstances, the auditor can select a sample of transactions and reperform the related control activities to see
whether compliance with the control procedures is acceptable. Sampling is used when the auditor needs to determine
whether the rate of deviation from a prescribed control is greater than the tolerable rate. (See Chapter 7 on use of audit
sampling in tests of controls.) When a control is applied less frequently, such as monthly or weekly, the auditor ordinarily
takes a nonsampling approach. For example, for a monthly reconciliation of the accounts receivable subsidiary ledger, the
auditor might reperform the reconciliation for two to four months and only inspect evidence showing the reconciliation was
performed in other months.
Concurrent Tests of Controls and Substantive Procedures
606.15 AU-C 330.A24 states that the auditor may perform a test of controls concurrently with a substantive test of details on
the same transaction. Such a dual purpose test has two objectivesto obtain evidence about the controls operating
effectiveness and to detect material misstatements in the account balance or transaction class. For example, while inspecting
an invoice and recalculating amounts as a substantive procedure to detect material misstatements, the auditor might also
determine from notations on the invoice that client personnel performed control activities such as checking the mathematical
accuracy, approval, etc. Each purpose of the test is considered separately when designing the procedures and evaluating the
results.
606.16 As noted in paragraph 605.3, AU-C 330.16 states, The absence of misstatements detected by substantive
procedures, however, does not provide audit evidence that controls related to the relevant assertion being tested are
effective. However, detection of a misstatement by a substantive procedure should be considered in assessing the operating
effectiveness of controls. In other words, the auditor should not assume that controls are effective just because a substantive
procedure does not detect a misstatement. That means it is not appropriate to consider a substantive procedure as a dual
purpose test merely because no misstatements are detected.
Efficiency Opportunities in Testing Controls
606.17 As discussed in section 603, audit efficiencies can be achieved by testing controls if the tests and resulting control
risk assessment provide a basis for reducing the extent of substantive procedures. The auditor may decide that the time spent
testing controls in order to support a lower control risk assessment and reduction in substantive procedures will result in even
greater time savings in substantive testing. Nevertheless, tests of controls, particularly tests involving reperformance and
document inspection, can be time consuming. Testing controls is often associated with time-consuming detail testing of
documents and transactions, perhaps using sampling. However, testing controls need not necessarily include such detail
testing. There are other, more efficient ways of testing controls that may provide sufficient evidence. Also, many auditors
erroneously assume that if a transaction is tested, all controls related to the transaction should be tested. However, only those
controls that relate to the reliability of financial statements would be tested.
606.18 Exhibit 6-3 presents a summary of efficiency opportunities in testing controls that are discussed in this chapter. The
items in the list are presented in order of importance in achieving efficiency. The parenthetical references are to paragraphs
that begin a discussion of the item.
Exhibit 6-3
Efficiency Opportunities in Testing Controls
1.In deciding how much attention to give to controls, first consider the materiality and inherent risk for the audit area. It
may be possible to reduce the extent of substantive procedures based on materiality and the assessment of
inherent risk even if control risk is assessed as high. Then, no further attention to control risk or tests of controls
would be necessary for the area. (See paragraph 603.8.)
2.Do not attempt to assess control risk as low if an assessment as moderate will support the planned extent of
substantive procedures. An assessment of control risk as low normally requires obtaining more evidence than an
assessment of moderate.
3.Before testing controls, consider whether the understanding of controls obtained indicates that controls appear to be
suitably designed and implemented. Do not test controls that do not appear to be effective. (See paragraph
604.4.)
4.Consider whether procedures performed to obtain an understanding of the design and implementation of controls,
such as inquiry, observation, or walkthroughs, can also serve as a test of controls and provide evidence about
operating effectiveness. (See paragraph 608.25.) If such procedures are not sufficient to support a reduced
assessment of control risk, only consider the incremental costs of performing additional testing procedures
(compared to the costs already incurred to evaluate design and implementation) when making a decision whether
to test the controls from an efficiency perspective.
5.Consider evidence provided by tests of controls performed in previous audits. Consider whether there have been any
changes that would affect the relevance of previous audit evidence, and if not, consider performing tests over a
three year cycle, as permitted by AU-C 330. (See paragraph 606.8.) Also, when making decisions about the
efficiency of testing a control not previously tested in prior years, consider the costs of testing from the
perspective of a potential benefit for three engagements, especially if controls are not expected to change.
6.Consider whether substantive testing of the account balance or transaction class may provide evidence about the
operating effectiveness of controls related to the account or transaction class. (Where material misstatements
could exist, substantive procedures can never be eliminated entirely based on inherent and control risk
assessments; thus, the auditor will always perform some substantive procedures.) If so, the nature or extent of
tests of controls may be limited. (See paragraph 606.15.)
7.Consider whether it is more efficient to test IT general and application controls rather than substantively testing certain
computer-produced reports used in the audit. If so, consider reducing the extent of testing of a programmed
application control if relevant IT general controls have been tested and found to be effective. Testing of IT controls
is discussed in section 607.
8.Do not test the operation of a process unless the test provides evidence as part of a dual-purpose test. Instead, test
only controls that are relevant in preventing, or detecting and correcting, misstatements in the financial
statements. Do not test operational or efficiency controls that are not relevant to preventing, or detecting and
correcting, misstatements. In addition, do not seek a reduced control risk assessment for all assertions related to
an account balance or transaction class. Rather, only test controls related to the assertions or risks of
misstatement of the account balance or transaction class that are of concern. (This is discussed in paragraphs
604.7 and 604.8.)
9. Use inquiry, observation, and walkthroughs to the maximum extent possible as tests of controls. (See paragraphs
605.12 and 605.17.)
10.Use reviews of reconciliations and similar bookkeeping routines to the extent appropriate. This is a more efficient,
nonsampling test of controls than inspection of documents or reperformance of control procedures. (See
paragraph 605.18.)
11.To save time, consider planning to perform tests of controls at the same time as performing procedures to obtain an
understanding of controls or performing a dual-purpose test. AU-C 330.A23 states that it may be efficient to test
the operating effectiveness of controls at the same time as evaluating their design and determining that they have
been implemented, and AU-C 330.A24 states that the auditor may design a test of controls to be performed
concurrently with a test of details of the same transaction. For example, instead of gaining an understanding of
controls by having an employee describe the control activity performed and documents used, consider testing it
by simultaneously examining the documents and observing the employee performing the activity. Also, AU-C
330.A24 gives the example of examining an invoice to determine whether it has been approved and to obtain
substantive evidence of a transaction. (See paragraphs 608.25 and 606.15.)
12.Consider which controls, if effective, would provide a basis for reducing the extent of planned substantive
procedures, then test those controls.
13.In choosing procedures to test a control, consider the degree of assurance provided by the procedures in relation to
the degree needed. (Consider the factors discussed beginning in paragraph 608.11.) If there is a choice, choose
the procedure that is most efficient in providing the needed degree of assurance.
14.If a test of transactions is planned for a high-risk area (such as a test of cash disbursements because of increased
risk of theft of cash), obtain maximum benefit by combining the test of details with a test of controls. This may limit
the need for vouching in other areas. (See paragraphs 603.19 and 606.15.)
* * *
607 TESTING IT RELATED CONTROLS
607.1 The auditors approach to testing IT controls is not fundamentally different than testing other controls. The auditors
primary consideration is whether and how a specific control, individually or in combination with others, prevents, or detects
and corrects, material misstatements in classes of transactions, account balances, or disclosures. The auditor focuses on
those controls that address areas in which the auditor believes material misstatements are likely to occur.
How a Clients Computer Affects Internal Control
607.2 Many small to medium-sized companies have simple computer operations. They use personal computers, which may
be linked in a local area network (LAN), and purchased software packages. The computer users often do not have specialized
computer training and cannot write or edit computer programs.
607.3 Other small and mid-sized companies may use the Internet or sophisticated information technology (IT) systems to
conduct business and may have internal control that is heavily dependent on IT. They may have highly integrated IT systems
that share data and are used to support all aspects of the entitys financial reporting and operations.
607.4 The computer system of either type of entity affects the way transactions are initiated, authorized, recorded, processed,
and reported and, thus, its internal control. Furthermore, it may affect any of the five components of internal control that are
relevant to financial reporting, operations, or compliance objectives. The effect on the entitys internal control is related more
to the nature and complexity of the system than to the entitys size. For example, an entity with a simple computer system
may use primarily paper-based manual procedures to enter sales orders, prepare shipping invoices, and maintain accounts
receivable. The entity may also use manual controls, such as approvals, reconciliations, reviews, and follow-up of exceptions.
607.5 An entity with a complex IT system might use automated procedures to initiate, authorize, record, process, and report
transactions. Records may be in electronic format rather than in paper form. Controls in that environment generally consist of
a combination of manual controls and automated (computer) controls such as controls programmed within computer
applications. Automated controls include processes such as edit and validation routines embedded in computer programs. In
addition, the nature of the manual controls may be different. Manual controls in an automated system may be independent of
the computer system, may use information produced by the system, or may be limited to monitoring the effective functioning
of IT and automated controls and handling exceptions. The mix of manual and automated controls varies with the nature and
complexity of the entitys system.
607.6 The use of computers may enhance the effectiveness and efficiency of the entitys internal control because of the
consistency, timeliness, and accuracy inherent in automated systems. Use of computers also offers benefits in terms of data
availability and analysis, increased opportunity to monitor the business, reduced risk of override, and systems and data
security. However, AU-C 315.A57 identifies the following risks that IT systems pose to internal control:
Reliance on systems or programs that are incorrectly processing data, processing inaccurate data, or both.
Unauthorized access to data resulting in destruction or improper changes to data.
Inappropriate access by IT personnel, thereby breaking down segregation of duties.
Unauthorized changes to data in master files.
Unauthorized changes to systems or programs.
Failure to make necessary changes to systems or programs.
Inappropriate manual intervention.
Loss or destruction of data or inability to access data as required.
607.7 The extent and nature of these risks depend on the nature and characteristics of the entitys system. For example, in a
system in which users can access a common database of information that affects financial reporting, a lack of control at a
single user entry point could compromise the security of the entire database and result in improper changes to or destruction
of data.
607.8 AU-C 330.08 notes that when an auditor has determined that it is not practical or possible to obtain sufficient
appropriate audit evidence by using only substantive procedures, then tests of the operating effectiveness of controls should
be performed. These situations may be encountered when a significant amount of information supporting one or more
financial statement assertions is electronically initiated, authorized, recorded, processed, or reported and no documentation
of transactions is produced or maintained, other than in electronic form. (See also paragraph 603.17.)
Types of Computer Controls
607.9 AU-C 315.22 indicates that the auditor should obtain an understanding of how the entity has responded to risks arising
from IT. AU-C 315 further discusses two types of computer controls:
Application controls.
General controls.
607.10 Application Controls. Application controls apply to the processing of individual transaction applications (such as
sales, accounts receivable, and inventory) and relate to the use of IT to initiate, authorize, record, process, and report
transactions or other financial data. Application controls help ensure that transactions occurred, are authorized, and are
completely and accurately recorded and processed. Examples include edit checks of input data and numerical sequence
checks.
607.11 Application controls include both programmed controls embedded in the computer program used in the financial
reporting system (such as programmed edit controls for verifying customers account numbers and credit limits) and manual
follow-up procedures on computer-produced exception reports. For example, a computerized billing system that produces
invoices from shipping data and a master price list might check the numerical sequence of the prenumbered shipping
documents and produce a report listing any breaks in the sequence. The follow-up activity would be the investigation of the
shipping documents listed in the exception report to find out whether the items were actually shipped and, if they were, why
they were not billed, as well as taking any necessary corrective action.
607.12 Application controls may be performed by IT, referred to as automated controls, or by individuals, referred to as user
controls. (The Activity and Entity-level Control Forms for each audit area at ASB-CX-5 contain computer application controls,
where applicable. Also, the forms provide a space to allow the auditor to designate whether an applicable control activity is
automated or manual. The Control Activities Forms are discussed in greater detail in Chapter 3 and at paragraph 609.7.)
607.13 User controls might include checks of the completeness and accuracy of computer output against source documents
or other input and manual follow-up of exception reports. For example, a computerized billing system might calculate sales
invoice amounts from shipping data and a master price list. The user control would be to manually check the accuracy of the
invoices produced by the computer by recomputing amounts and tracing quantities and prices to shipping documents and
the master price list. User controls also include certain reconciliation and processing controls over computer-generated data,
such as reconciling subsidiary ledgers to control accounts, recomputing payroll calculations, and accounting for the
sequence of sales invoices. The effectiveness of user controls such as reviews of computer-produced exception reports may
depend on the accuracy of not only the review, but also of the information in the report. Thus, as discussed in paragraph
604.10, if the auditor tests the manual follow-up activities, the auditor should also determine whether it is necessary to test the
accuracy of the computer-produced reports.
607.14 General Controls. The continued effective functioning of application controls often depends on general controls.
General controls are policies and procedures that relate to many applications. General controls are directed at ensuring the
continued proper operation of information systems, thereby supporting the effective functioning of application controls.
General controls include controls over the following:
Data center and network operations.
Access security.
Program change.
System software acquisition, change, and maintenance.
Application system acquisition, development, and maintenance.
ASB-CX-5.5 provides a source list of general computer controls.
607.15 General controls are important, but unless the auditor pays careful attention to their relation to the risks of material
misstatement, the time spent on general controls can be unproductive. The auditor views general controls in relation to their
effect on applications and data that become part of the financial statements. This means that the auditor first focuses on
identifying applications that are significant to the financial statements. Then the auditor assesses whether there are general
controls that if ineffective would permit application controls to operate improperly and allow misstatements to occur and not to
be detected. The auditor can then perform tests of those general controls that are important to the effectiveness of application
controls on which the auditor plans to rely.
Approaches to Testing Computer Controls
607.16 To test computer controls, the authors recommend one or more of the following approaches:
Test manual user controls.
Test automated application controls and manual follow-up activities.
Test general controls and manual follow-up activities.
607.17 Test Manual User Controls. Effective user controls may provide assurance with respect to the completeness and
accuracy of computer-processed transactions. User controls may also provide evidence that the automated application
controls are operating effectively. For example, the client may have manual procedures that effectively determine that the
detailed listing of inventory is complete and accurate. In that situation, the auditor may be able to focus solely on user controls
in that area. If user controls are limited to checking completeness, other procedures may be needed to provide assurance
about accuracy. This approach is better suited to simple financial reporting systems.
607.18 Test Automated Application Controls and Manual Follow-up Activities. Some auditors may determine it is
necessary to test automated application controls and manual follow-up activities. Because IT processing is inherently
consistent, the auditor may be able to limit the testing of automated application controls to one or a few instances of the
control application. In that case, the auditor needs to perform tests of controls to determine that (a) the automated control is
functioning effectively and (b) the control continues to function effectively. Generally, an automated control will continue to
function effectively unless the program or related stored data are changed. Therefore, to reduce the extent of application
controls testing, the auditor can perform tests to determine that relevant general controls are operating effectively during the
period. When obtaining audit evidence on operating effectiveness of related general controls, tests might include determining
that the authorized version of the program is used to process transactions, that unauthorized changes to the program are not
made, and that program changes are subject to appropriate program change controls. Tests of general controls are
discussed further beginning in paragraph 607.24.
607.19 When testing automated application controls, the auditor may be able to perform manual tests of documented
evidence of the programmed procedure. However, many automated controls may require testing using computer-assisted
audit techniques (CAATs). For example, the auditor might use CAATs to test the automated control activities that produce an
exception report. Types of test procedures include use of audit test data and simulation using computer audit programs.
Program code analysis might also be used, that is, review of source code to determine that relevant programmed procedures
are present and logically coded.
607.20 When applicable to the relevant assertion, the auditor normally also tests manual follow-up activities (for example, the
activities used to follow up on items listed in an exception report). The follow-up activities include investigation and correction
of the exception items. (Paragraph 607.35 gives some examples of tests of manual follow-up activities.)
607.21 If manual follow-up activities are tested, the auditor should consider whether those activities depend on indirect
computer-related controls. For example, if a clients procedures for following up on exception reports (such as unmatched
documents or past due accounts) are based on computer reports, such procedures depend on programmed controls to
ensure accuracy. Such situations may require tests of both programmed controls and manual follow-up procedures to avoid
placing inadvertent reliance on the computer. The auditor may either test the accuracy of the computer-produced exception
reports (for example, does the report include past-due accounts?) or test the clients controls that ensure the
computer-produced reports are accurate.
607.22 An approach that tests automated application controls may be inefficient because the tests often involve CAATs and
are performed at given points in time, and thus do not provide evidence about the consistent operation of the control activity
during the period under audit without testing the operating effectiveness of related general controls. It could be costly to
perform the tests at several points throughout the period. Also, some testing procedures, such as program code analysis,
require specialized technical skill. Thus, focusing solely on programmed application controls may often be not practical for
small business audits. Nevertheless, as discussed in paragraph 603.17, the auditor may have to test automated application
controls in some situations.
607.23 Controls in Electronic Spreadsheets. The development and use of electronic spreadsheets often present unique risks
for an entity. Frequently, spreadsheets, along with any controls built into their design, are user developed and may not be
subject to broader general controls that exist within the entity for other IT applications. For example, there may be little or no
control over development, documentation, testing, access protection, and security of electronic spreadsheets. As a result,
auditors are advised to specifically consider these risks when designing tests of controls. In many situations, the testing of
spreadsheet controls would need to be more extensive considering the absence of general controls. In addition, if the auditor
relies on reports or other information produced by client spreadsheet applications, the accuracy and completeness of that
information, or controls over its accuracy and completeness, generally need to be tested.
607.24 Test General Controls and Manual Follow-up Activities. Effective computer general controls help ensure that
automated application controls are designed properly and operating consistently throughout the period. Effective manual
follow-up procedures provide assurance about the completeness and accuracy of computer-processed transactions, and
they may also provide evidence about the effectiveness of automated application controls. Accordingly, the auditor may be
able to support a control risk assessment below high by obtaining an understanding of the design and implementation of
application controls and by understanding and testing general controls and manual follow-up activities. This approach
provides evidence about the effectiveness of design and operation of the automated application controls.
607.25 A testing approach that focuses on general controls may often apply to financial reporting systems that are heavily
dependent on complex computer systems. (Paragraph 607.31 lists indications of a complex system.) The tests are performed
to obtain evidence of the following:
Programs are properly designed and tested in development.
Changes to programs are properly made.
Adequate access controls reduce the risk of unauthorized changes to the program and data files. This is important
because if unauthorized changes can be made to programs, the auditor has less assurance about the continuing
effectiveness of a program evaluated at a point in time.
607.26 For example, to test whether changes to programs were properly made, the auditor might perform the following
procedures:
a. Inquire of the data processing manager about program changes and adherence to established programming
standards.
b. Inquire of user department managers about their involvement in the approval and testing process.
c. Examine the following documents:
(1) Written approvals by appropriate department managers and the data processing manager for the changes.
(2) Program maintenance reports and logs of the program development manager.
(3) Final documentation of the revised program.
607.27 To test whether unauthorized changes have been made to programs, the auditor might obtain a copy of the program
and use CAATs to compare it with the program actually used in the computer to process data. Differences would indicate that
unauthorized changes had been made to the program.
607.28 To test general controls over access to programs and data files, the auditor might perform the following procedures:
Gain an understanding of access security software packages used by the client.
Inquire of programming and data processing personnel about access controls, such as what the security
procedures are, whether programmers are authorized to operate the computer, and circumstances when they might
have access to the computer.
Observe physical access to programs and data.
Examine use logs generated by security software.
Examine documentation of past instances of unauthorized attempts to access the computer and how such attempts
were prevented or detected.
Attempt to gain unauthorized access to programs and data using improper passwords. (Obtain client authorization
to perform this procedure.)
607.29 As previously mentioned, many small businesses do not develop or modify computer programs but instead purchase
software packages. The tests of controls over program changes and access in the preceding paragraphs would generally not
be relevant to such businesses if the client does not have access to the program code to make changes.
607.30 Need for a Specialist to Test Computer Controls. The auditor should consider whether individuals with specialized
IT skills are needed in performing the audit. A specialist may be needed to perform tests of general or automated application
controls (as well as substantive procedures involving IT). A computer specialist may be either a member of the auditors firm
or an outside professional. AU-C 300.A18 identifies the following factors to consider in deciding whether an IT specialist is
needed:
The complexity of the entitys system and IT controls and the way in which they are used in conducting the business.
The significance of changes made to existing systems or the implementation of new systems.
The extent of the entitys participation in e-commerce.
The entitys use of emerging technologies.
The significance of audit evidence that is available only in electronic form.
607.31 As mentioned in the previous paragraph, an IT specialist may be needed if the computer system is complex, such as
when the following conditions exist:
Client personnel have access to source code of significant accounting applications, which allows them to write or
edit computer programs.
The clients software has been developed internally or modified substantially (rather than using purchased software
packages with no modifications).
Client personnel have extensive remote access to computer programs and files (other than the ability to make
routine inquiries).
The client uses a large mainframe system with complex communications hardware and software.
The client uses a local area network (LAN) that is complex or has multiple levels of controls.
The clients financial reporting system depends heavily on automated application controls for significant accounting
applications (that is, manual controls alone may not be adequate to prevent or detect material misstatements in
computer-processed information).
607.32 In a situation involving complex systems, a computer specialist may be asked to perform the following types of
procedures:
Inquire how transactions are initiated, recorded, processed, and reported.
Inquire about the design of controls.
Inspect systems documentation.
Observe the operation of controls.
Plan and perform tests of controls.
607.33 If the auditor uses a computer specialist, the auditor should be knowledgeable enough to communicate the audit
objectives to the specialist, evaluate whether the procedures performed by the specialist meet the auditors objectives, and
evaluate the results of the audit procedures applied as they relate to the nature, timing, and extent of further planned audit
procedures. That does not mean that auditors have to be experts in IT. To effectively supervise a computer specialist, auditors
need a basic understanding of computer applications and controls, especially those most relevant to particular client systems.
That understanding can be gained from experience with auditing other entities, attendance at training classes or seminars, or
discussions with the specialist. The guidance in AU-C 620, Using the Work of an Auditors Specialist, discussed in section 906
of this Guide, should also be considered.
Testing Procedures
607.34 The procedures discussed in section 605 (that is, inquiry; observation; inspection of documents, reports, and
electronic files; walkthroughs; review of reconciliations; and reperformance of the control activity) may be used to test
computer control activities. Also, as discussed in section 606, evidence about the operating effectiveness of computer
controls may be obtained from tests of computer controls performed in previous audits. Preceding paragraphs give examples
of procedures for testing computer general controls. The following paragraphs give examples of testing procedures for
manual follow-up activities and testing procedures using CAATs.
607.35 Testing Procedures for Manual Follow-up Activities. Some examples of testing procedures for manual follow-up
activities include the following:
a. Inquiry of the employee performing manual follow-up activities about matters such as:
(1) the frequency and extent of differences between operational and accounting data (such as differences between
shipping logs and billing records) that show up on exception reports,
(2) whether items appear on exception reports on a timely basis, and
(3) how long it usually takes for items to clear from exception reports.
b. Inquiry of accounts receivable or customer service personnel about:
(1) the frequency of customer complaints about incorrect computer-generated billings,
(2) the causes of such misstatements, and
(3) the corrective steps taken in response to complaints related to computer-generated billings.
c. Examination of correspondence with customers about complaints.
d. Inquiry of operating department personnel about the accuracy of items listed on computer-generated exception
reports used in follow-up activities.
e. Examination of computer-generated exception reports to determine that items that should be on the reports appear
on them (so that they can be manually followed up) and clear on a timely basis.
607.36 Testing Procedures Using CAATs. CAATs can be used to test automated controls that do not automatically
produce documented evidence of the performance of the control. Examples include the following:
Simulating a condition that would be expected to produce an exception report if the programmed control is
operating effectively, such as withholding a document from a batch of sequentially numbered documents and
processing the batch to see if the IT system reports the missing document.
Obtaining a special printout of items processed when the IT system does not normally print such a report.
Inputting fictitious data and comparing the predicted results with the actual results to see whether the IT system
accurately processed the fictitious items. This procedure can be used to test the operation of several programmed
procedures at once. For example, inputting a fictitious sales order can be used to test the resulting invoice, entry to
accounts receivable, and entry to the inventory ledger.
CAATs are further discussed in section 909.
608 EVALUATING TESTS OF CONTROLS AND ASSESSING CONTROL RISK
608.1 After performing tests of controls, the auditor evaluates the results of the tests and the persuasiveness of the evidence
obtained in reaching a control risk assessment for a particular audit area and assertion. The control risk assessment can be at
high for some or all assertions and at less than high for others. It is not necessary to attempt to assess control risk as low if an
assessment as moderate will support the planned extent of substantive procedures. An assessment of low control risk
requires more persuasive audit evidence than an assessment of moderate control risk.
608.2 The results of control tests may support a planned control risk assessment of moderate or low, or the results may
cause the auditor to reconsider the planned control risk assessment. AU-C 315.32, states:
In circumstances in which the auditor obtains audit evidence from performing further audit procedures or if
new information is obtained, either of which is inconsistent with the the audit evidence on which the auditor
originally based the assessment, the auditor should revise the assessment and modify the further planned
audit procedures accordingly.
Thus, if the actual assessment supported by the control tests differs from the planned risk assessment, the auditor should
consider adjusting the planned extent of substantive procedures. The adjustment of substantive procedures is a necessary
matter of audit effectiveness (to prevent underauditing) if the actual control risk assessment is higher than the planned risk
assessment, but is only a matter of audit efficiency (to prevent overauditing) if the actual control risk assessment is lower than
the planned assessment. As the audit progresses, the auditor should continue to evaluate whether audit evidence from
performing substantive procedures suggests a need to reconsider the control risk assessment. The remainder of this section
addresses the auditors evaluation of evidence from tests of controls, the amount of evidence needed to support a reduced
control risk assessment, and the effect of the control risk assessment on substantive procedures.
Evaluating the Evidence about Operating Effectiveness
608.3 Test of controls may detect deviations from prescribed procedures. AU-C 330.A44 indicates:
The concept of effectiveness of the operation of controls recognizes that some deviations in the way
controls are applied by the entity may occur.
Deviations might be caused by the following factors:
Changes in personnel.
Human error.
Significant fluctuations in the volume of transactions.
608.4 It is important for the auditor to not draw an immediate conclusion about the operating effectiveness of a control when
a deviation is detected. A deviation or minor weakness does not necessarily mean that control risk is high. Controls are
normally evaluated as a group. Other strong or effectively operating controls might compensate for the weak or ineffectively
operating one. However, AU-C 330.A74 indicates that an auditor cannot assume that an instance of fraud or error is an
isolated instance; careful analysis needs to be made to determine how it may impact the assessed risk of material
misstatement. Therefore, the auditor should understand the cause of any deviation and its implication by making specific
inquiries. In some cases, a deviation in a control activity might result from the ineffective operation of an indirect control such
as the control environment or IT general controls. In such cases, to understand the deviation, the auditor may make inquires
or perform other tests related to indirect controls.
608.5 Based on the test results, the auditor should determine whether:
Tests results provide an appropriate basis for reliance on controls.
Additional tests of controls are necessary.
Potential risks of misstatement need to be addressed using substantive procedures.
For example, if the tests of controls result in deviations, the auditor may be able to support a reduced control risk assessment
by expanding the test of controls after first understanding and isolating the nature of the deviations and their potential
implication, or by testing other controls that accomplish the same objective as those being tested. If the auditor determines
that the tests indicate that reliance cannot be placed upon the controls, no further testing would be performed. At that point,
the auditor would reassess the risk of material misstatement and the response through substantive procedures. However, as
noted in paragraph 608.33, even if the results of the tests support an assessment of control risk at a lower level, the auditing
standards require auditors to design and perform substantive procedures for all relevant assertions related to each material
class of transactions, account balance, and disclosure. Thus, some substantive procedures are always necessary.
608.6 Sampling in Tests of Controls. If sampling is used in tests of controls, the auditor compares the number of deviations
detected to the number of allowable deviations. Chapter 7 more fully discusses sampling for tests of controls. The Tests of
Controls Sampling Planning and Evaluation Form at ASB-CX-10.2 may be used to document the sampling procedure and its
results (that is, the number of deviations found, if any, from the control procedure). The conclusion about the effectiveness of
the control activities tested can be documented on the Test of Controls Form at ASB-CX-10.1 or in a memo. Documentation
considerations are more fully discussed in section 609.
608.7 When the deviation rate in the sample exceeds the expected deviation rate used in planning the sample, deficiencies in
the design or operating effectiveness of controls are implied. An efficient and effective approach is to proceed as follows:
First, obtain a good understanding of the nature and cause of the deviations.
Second, consider whether other controls exist that mitigate the deficiency fully or partially. Understand and test the
other controls to determine whether the control objective is achieved.
Finally, assess the likelihood and magnitude of the control deficiency.
608.8 Evaluating the Operating Effectiveness of Controls at a Service Organization. In situations where an entity uses a
service organization, the auditor may decide to rely on controls that are maintained and implemented by the service
organization. In such cases, the auditor should obtain evidence about the operating effectiveness of relevant service
organization controls. Chapter 9 discusses service organizations in greater depth.
608.9 Considering Evidence from Substantive Procedures. Substantive procedures may provide additional evidence that
either supports the auditors conclusion about the operating effectiveness of controls or creates the need to reevaluate the
prior assessment of control risk. When evaluating the operating effectiveness of controls, auditors are required to evaluate
whether misstatements detected by substantive procedures indicate that controls are not operating effectively. AU-C 330.A43
further indicates that the identification by the auditor of a material misstatement of the financial statements under audit in
circumstances that indicate that the misstatement would not have been detected by the entitys internal control is an indicator
of a material weakness. Auditors should be aware, however, that a lack of misstatements as a result of substantive
procedures does not provide audit evidence about the operating effectiveness of controls.
608.10 Communicating Control Deficiencies. AU-C 265, Communicating Internal Control Related Matters Identified in an
Audit, provides guidance on the auditors responsibility to communicate significant deficiencies and material weaknesses in
internal control to management and those charged with governance. The results of control testing, as well as the evaluation of
design and implementation required in understanding internal control, are potential sources of identified control deficiencies.
Identified deficiencies should be evaluated as to whether they represent, individually or in combination with other deficiencies,
significant deficiencies or material weaknesses that are required to be communicated. Chapter 18 discusses the auditors
responsibility for communicating internal control related matters.
Considering the Amount of Audit Evidence Necessary to Support a Control Risk Assessment
608.11 AU-C 330.09 states:
In designing and performing tests of controls, the auditor should obtain more persuasive audit evidence the
greater the reliance the auditor places on the effectiveness of a control.
Also, AU-C 330.A27 further indicates:
A higher level of assurance may be sought about the operating effectiveness of controls when the approach
adopted consists primarily of tests of controls, in particular when it is not possible or practicable to obtain
sufficient appropriate audit evidence only from substantive procedures.
Thus, in choosing procedures to test a control activity, the auditor considers the degree of assurance provided by the
procedure in relation to the degree of assurance needed to support a control risk assessment and reduction of substantive
procedures. If there is a choice, the auditor would choose the available testing procedures that are most efficient in providing
the needed degree of assurance. The following paragraphs discuss factors that affect the assurance provided by particular
tests of controls.
608.12 Audit evidence varies substantially in the assurance it provides the auditor in developing an assessment of control
risk. Professional standards do not specify the amount of audit evidence needed to assess control risk at less than high. They
do indicate, however, that when more persuasive audit evidence is needed about the effectiveness of a control, increases in
the extent of control testing may be warranted. The quantity and persuasiveness of audit evidence that is sufficient to support
a specific risk assessment is a matter of professional judgment. In reaching this judgment, the following factors are relevant:
a. The type of evidence obtained. This is discussed beginning in paragraph 608.13.
b. The source of the evidence. This is discussed beginning in paragraph 608.18.
c. The timeliness of the evidence. This is discussed beginning in paragraph 606.3.
d. Whether other evidence related to the risk assessment exists and supports or contradicts the same conclusion. This
includes the following:
(1) Evidence that may have been obtained about the entity and its environment or while gaining an understanding
of the design and implementation of controls. (See paragraph 608.25.)
(2) Evidence that may have been obtained about another control component, since the five control components
are interrelated. For example, the control environment is pervasive, and a good (or poor) control environment
may positively (or negatively) affect the effectiveness of other control components. See the related discussion
beginning with paragraph 608.21.
608.13 Type of Evidence. The nature and types of control tests are discussed beginning with paragraph 605.5. As noted in
paragraph 605.9, AU-C 330.A29 states that, The nature of the particular control influences the type of audit procedure
necessary to obtain audit evidence about whether the control was operating effectively. For some controls, evidence about
their design or operation may exist in documented form that the auditor may inspect. Usually, the knowledge and objectivity
of the person who performed the control activity being tested by document inspection or reperformance are less critical to the
auditor because there is objective evidence of the performance of the control activity and its result. This is in contrast to
inquiry as a testing procedure where the respondents knowledge or objectivity may affect the reliability of the response.
7(44)
608.14 However, document inspection and reperformance of the control activity are not always foolproof. Just because the
auditor inspects a notation purporting to evidence performance of a control activity, or reperforms a control with no errors or
exceptions being found, does not necessarily mean that the person who made the notation actually performed the control
activity. For example, suppose the auditor inspects a clerks initials on invoices purporting to indicate that the clerk traced the
quantities billed to shipping reports. The auditor traces the quantities from the invoices to shippers and finds no exceptions.
Still, the initialed invoices and auditors successful tracing of the quantities to the shippers does not necessarily mean that the
clerk had in fact examined the shippers.
608.15 Another problem with document inspection is that employees may perform a control activity but may not initial or
place another identifying mark on documents to indicate that they did perform the activity. In such a situation, even though
the control activity was performed, there is no documentation of that fact for the auditor to examine. In that case, document
inspection cannot be counted as a source of evidence.
608.16 For some controls, there is no documentation of design or operation. For example, there may be no documentation of
segregation of duties or control activities performed by the information technology system. In such cases, the auditor may
have to use a combination of inquiry, observation, or CAATs to obtain evidence about the design or operation. For example,
the auditor might inquire about and then observe the receptionist opening the mail and listing cash receipts before sending
the receipts to the accounting clerk.
608.17 Exhibit 6-4 summarizes key considerations for evaluating the types of evidence obtained from the control testing
procedures discussed in section 605.
Exhibit 6-4
Types of Evidence Considered in Assessing Control Risk
Types of Evidence Common Uses Limitations
Examples of Controls
Being Tested
Inquiry and observation Especially useful in
assessing the
effectiveness of
controls that do not
leave a documentary
trail of their
performance.
Persuasiveness is
sometimes limited
because the evidence
may only apply to the
period of time the
auditor is present.
Segregation of
duties, especially
where there is no
documented or
other system
evidence of
performance.
Controls over
counts of physical
inventory.
(Inspection of
documents might also
be used.)
Being Tested
Inspection of client
documents (including
reconciliations and
other routines)
Can provide strong
evidence about
operating effectiveness,
especially for controls
relating to
reconciliations and
other documented
routines.
Degree of
persuasiveness
depends on the extent
of procedures (sample
sizes, number of
months reviewed, etc.).
Primarily used to test
controls that leave a
documentary trail of
their performance.
Review of cash
account
reconciliations.
Independent
review and
approval of journal
entries and
supporting
documentation
prior to posting.
(Reperformance might
also be used in each
example.)
Reperformance Can provide strong
evidence about
operating effectiveness,
especially when used
with document
inspection tests.
Degree of
persuasiveness
of procedures (sample
sizes, number of
months reviewed, etc.).
Can be very
time-consuming.
Controls over the
matching of
invoices, receiving
reports, and
purchase orders.
Management
review and
approval over
analyses of A/R
allowances, other
reserves, and
estimates.
(Inspection of
documents would also
be used in each
example.)
Walkthroughs May be useful in
evaluating the design
and implementation of
controls.
The degree of
persuasiveness
of other evidence
obtained about
operating effectiveness.
When obtaining an
understanding of
internal control, a
walkthrough of a
credit sales
transaction is
performed from
the receipt of the
customer order
through recording
in the general
ledger that
involves the use of
inquiry,
observation,
inspection of
documents and
reperformance,
where applicable,
of key control
activities.
Being Tested
Previous audits Tests of controls from
previous audits may
provide some evidence
about the effectiveness
of controls.
Persuasiveness is
sometimes limited
because controls may
have changed since
the previous audit.
For the 20X1
engagement, the
auditor tested
controls over the
review of inventory
standard costs
and variances. For
20X2, the auditor
decides to use
that evidence to
support a reduced
control risk
assessment. The
auditor obtains
appropriate audit
evidence
regarding whether
changes have
occurred in those
specific controls
and the
surrounding
circumstances.
* * *
608.18 Source of Evidence. Evidence about controls obtained directly by the auditor generally provides more assurance
than evidence obtained indirectly. For example, evidence obtained by observation generally provides more assurance than
evidence obtained by inquiry. In the first case, the auditor observes a control procedure being performed; in the second case,
the auditor is merely told that it was performed. In any event, inquiry alone is not sufficient to test the operating effectiveness
of controls.
608.19 Although observation is generally superior to inquiry, keep in mind that the observed control activity might not be
performed in the same manner when the auditor is not present. Generally, the stronger the control environment is, the more
likely it is that the observed activity is performed consistently at times when it is not observed. Thus, the stronger is the control
environment, the more persuasive is evidence provided by observation. Also, more evidence can be obtained by performing
the observation several times during the period. Similarly, the strength of inquiry as a source of audit evidence can be
increased by asking more than one person about the same control activity.
608.20 Evidence obtained from externally produced documents, records, or reports is more persuasive than evidence from
ones produced internally. The internally produced documents, records, or reports may have a greater potential for being
biased than externally produced ones. However, operational data and reports produced internally but apart from the
accounting and financial reporting function, such as an inventory managers reports of units shipped or reports of internal
auditors, can have a quasi-independent nature. Also, evidence from internally produced documents is more persuasive if
the control environment is strong.
608.21 Considering Evidence about the Operation of Entity-level Controls. In some situations, the auditor may be able to
support a lower assessed level of control risk for an assertion by considering evidence about the operation of entity-level
controls. For example, in order to achieve a planned level of control risk assessment, the auditor might be able reduce the
extent of tests of a key control activity through evidence gathered about the operation of controls from the control
environment or monitoring components of internal control. In some situations where a control activity and a control from an
entity-level component both contribute to the prevention, or detection and correction, of a material misstatement, the auditor
may deem it necessary to obtain evidence about the operating effectiveness of both controls. For example, a key control
activity relating to completeness might be a reconciliation routine that includes investigation and resolution of items that were
not posted to the general ledger account. Due to the inherent risks for the account and the volume and complexity of
reconciliations, a monitoring control consisting of management review over the timely and proper completion of the
reconciliation is important to minimize the risk relating to the completeness assertion. In this case, the auditor may test both
controls.
608.22 When evidence about the operation of an entity-level control contributes to a lower control risk assessment,
determining the extent of tests of the key control activity to support the assessment is a matter of auditor judgment. Likewise,
judgment is also necessary in determining the extent of tests if the auditor deems that a control activity and an entity-level
control both need to be tested to support a planned control risk assessment. In making these determinations, the auditor
would normally consider factors such as:
How directly the entity-level control contributes to the achievement of the control objective related to the assertion.
The evidence obtained during the performance of risk assessment procedures and its persuasiveness.
The planned control risk assessment desired.
608.23 Example Using Evidence from Entity-level Controls. Assume that a key control over the accuracy of accounts
receivable is the daily review and resolution of a suspense account that represents cash collections that could not be posted
to the receivable subsidiary ledger due to missing or incorrect remittance information. For each day, the collection resolution
clerk (a) reviews the suspense account, (b) investigates outstanding items, (c) makes appropriate corrections resulting in the
clearing of the suspense account and posting to the subsidiary ledger (or reclassification of the receipt), and (d) documents
the work performed. A monitoring control also exists where, at the end of each month, the cash collections controller ensures
that the daily resolution control operates by reviewing the documentation of the daily resolution activity. The controller takes
appropriate corrective action if the control was not properly and completely performed and documents the results of the
review. The auditor has a planned expectation of operating effectiveness of the activity-level control and wishes to support a
low control risk assessment.
608.24 When planning the tests of controls, the auditor notes on ASB-CX-10.2, Tests of Controls Sampling and Planning
Evaluation Form, that to support a low control risk assessment a sample of 40 items would be required for the key suspense
resolution control if no deviations were expected. However, a low control risk assessment might also be supported if the
auditor tests a sample of 25 items for the key control activity and also tests three months of the controllers monthly
monitoring review. As noted on ASB-CX-10.2, a sample of 25 items with no expected deviations would normally support a
moderate planned control risk assessment. However, with the evidence about the effective operation of the monthly
monitoring control, the auditor might conclude that the low control risk assessment is supported.
608.25 Assessing Control Risk at Reduced Levels Based on Risk Assessment Procedures. Section 303 discusses the
understanding of internal control obtained as part of the risk assessment process. Many of the procedures commonly used in
the risk assessment process to gain an understanding of internal control (such as inquiry, observation and inspection, and
walkthroughs) also may provide evidence about the controls operating effectiveness. AU-C 330-A23 states the following:
...although some risk assessment procedures may not have been specifically designed as tests of controls,
they may nevertheless provide audit evidence about the operating effectiveness of the controls, and
consequently, serve as tests of controls.
608.26 According to AU-C 315.A70, obtaining an understanding of controls is not sufficient to serve as testing operating
effectiveness unless there are effective IT general controls and some automation that provides for the consistent application of
the control. In other words, tests of controls need to be performed to support operating effectiveness. And those tests need to
provide audit evidence about how controls were applied throughout the period of reliance and the consistency with which
they were applied. The authors believe, however, there may be circumstances when procedures performed to understand the
design and implementation of controls may support a reduced control risk assessment even in the absence of automation.
The following examples illustrate the use of risk assessment procedures to support a reduced control risk assessment.
608.27 Some procedures performed to obtain an understanding of the control environment, such as inquiring about
managements use of budgets, observation of managements comparison of actual and budgeted expenses, and inspection
of reports about the investigation of and response to variances from the budget throughout the period under audit, may not
only provide evidence about the design and use of budgets as a control, but also may provide evidence that the budget
policies and procedures are operating effectively enough (that is, applied at a sufficiently detailed level) to prevent, or detect
and correct, misstatements in the financial reporting of expenses. This evidence may support a reduced control risk
assessment for certain assertions related to expenses based on the auditors consideration of whether the audit evidence
provided by the procedures is sufficient.
608.28 As another example, in gaining an understanding of the monitoring component, the auditor might review
reconciliations to determine whether they have annotations documenting that they were reviewed. This would constitute a test
of that control during the period under audit. Similarly, procedures performed to gain an understanding of the information and
communication process, such as questioning employees involved in accounting and computer processing and examining
source documents and computer output at various stages in the accounting process throughout the period under audit, might
constitute tests of the information and communication control component.
608.29 As a final example, because of the inherent consistency of IT processing, performing risk assessment procedures to
gain an understanding of an automated control (that is, to determine whether the control has been implemented) may serve
as a test of the controls operating effectiveness, depending on the auditors assessment and testing of IT general controls
such as computer security and program change controls. (IT related controls are discussed further in section 607.)
608.30 What does all of this mean for the auditors control risk assessment? The auditing standards do not specify the
amount of audit evidence needed to assess control risk at less than high. The quantity and persuasiveness of audit evidence
that is sufficient to support a specific risk assessment is a matter of professional judgment. However, the authors believe it
may be possible to support a control risk assessment of moderate based on procedures performed to evaluate the design of
controls and determine that they have been implemented. For example, a walkthrough can serve as a test of controls and, in
some cases, along with other risk assessment procedures that serve as tests of controls, can provide a valid basis for
assessing control risk at less than high. However, the authors believe such tests will not support a control risk assessment of
low unless there is some automation that provides for the consistent application of the control. The authors believe
consideration should be given to the nature of the control (and overall control objective), the frequency of its operation, and
whether sufficient evidence has been obtained about how the control was applied throughout the period under audit when
determining whether risk assessment procedures alone are sufficient to support a reduced control risk assessment.
Effect of the Control Risk Assessment on Substantive Procedures
608.31 Chapter 5 discusses substantive procedures. All else being equal, the lower the assessed level of control risk with
respect to an audit area, the less rigorous audit procedures can be without increasing audit risk for the area. This means that
the extent of substantive procedures can be reduced without increasing audit risk. For example, on the Risk Assessment
Summary Form (ASB-CX-7.1), the auditor documents the control risk assessment and the assessed risk of material
misstatement, of which control risk is a part. The assessed risk of material misstatement affects the auditors response. If
control risk and the risk of material misstatement are assessed as high for a particular audit area or assertion, generally the
auditor would document on the Risk Assessment Summary Form the plan to select procedures from the Extended
Procedures (Procedures for Additional Assurance) section of the audit program to obtain additional assurance and address
the higher risk level. If, on the other hand, risk of material misstatement is assessed as moderate, for example, because the
audit evidence supports a reduced control risk assessment, the auditor might decide (and document on Risk Assessment
Summary Form) that the Basic Procedures section of the audit program will suffice.
608.32 When the control risk assessment (and, consequently, the combined risk of material misstatement) is reduced by
performing tests of controls, reductions of the extent of substantive procedures might include the following:
Applying an analytical procedure as a substantive procedure instead of a test of details. (As discussed in Chapter 5,
in some cases, substantive procedures might be limited to substantive analytical procedures.)
Using a less effective analytical procedure, such as one based on data developed by the client internally rather than
on data developed from external sources. (Chapter 5 discusses considerations in designing substantive analytical
procedures.)
Examining fewer items in a test of details, such as using a smaller sample size if sampling is used.
Sending fewer accounts receivable confirmations or observing a physical inventory at fewer locations.
The practical implication of being able to use less rigorous audit procedures or reduce the extent of substantive procedures is
increased audit efficiency.
608.33 Note that although a lowered control risk assessment may be a basis for reducing the extent of substantive
procedures, substantive procedures cannot be omitted entirely where material misstatements could exist. AU-C 330.18 states
the following:
Irrespective of the assessed risks of material misstatement, the auditor should design and perform
substantive procedures for all relevant assertions related to each material class of transactions, account
balance, and disclosure.
AU-C 330.A45 adds:
This requirement reflects the facts that (i) the auditors assessment of risk is judgmental and may not identify
all risks of material misstatement and (ii) inherent limitations to internal control exist, including management
override.
Selecting an appropriate response based on the auditors risk assessment is discussed in Chapter 4.
608.34 Using the PPC Approach. As discussed in Chapter 4, using the Risk Assessment Summary Form, the auditor
selects an audit approach consisting of Limited Procedures, Basic Procedures, or Extended Procedures (Procedures for
Additional Assurance) based on the assessed risk of material misstatement at the relevant assertion level.
8(45)
Reductions in
the control risk assessment (and, consequently, in the assessed risk of material misstatement) may enable the auditor to
select an audit approach that is effective and more efficient to respond to the assessed level of risk. How much reduction in
the control risk assessment is needed, however, to enable the auditor to choose Basic Procedures rather than Extended
Procedures? The answer is a matter of professional judgment, but the authors have developed some guidelines in Exhibit 6-5
that auditors may find useful. As indicated in Exhibit 6-5, a control risk assessment of moderate ordinarily does not affect the
choice of audit approach as between Basic or Extended Procedures. However, it may allow the auditor to alter the extent of
substantive procedures within a given audit approach, as discussed in paragraph 608.32. Only a control risk assessment of
low can ordinarily change the auditors chosen approach from Extended Procedures to Basic Procedures.
Exhibit 6-5
Guidelines for Reducing Substantive Procedures Based on a Reduced Control Risk Assessment
Characteristics of the
Audit Area
Inherent
Risk Control Risk
Risk of
Material
Misstatement Comments
Significant audit area that
does not contain fraud
risks or other significant
risks.
High High or
Moderate
Low
High
Moderate
When inherent risk is high with no
fraud risks or other significant
risks, the Extended Procedures
(Procedures for Additional
Assurance) approach is
recommended unless the control
Audit Area
Inherent
Risk Control Risk
Risk of
Material
risk assessment can be reduced to
low. A control risk assessment of
low, which reduces the overall risk
of material misstatement to
moderate, may permit the auditor
to respond using Basic
Procedures.
does not contain fraud
risks or other significant
risks.
Moderate High
Moderate or
Low
Moderate
Low
Regardless of the control risk
assessment, the authors
recommend performing at least
the Basic Procedures for this level
of inherent risk in significant audit
areas, with no fraud risks or other
significant risks.
contains fraud risks or
other significant risks.
High High or
Moderate
Low
High
Moderate
Regardless of the control risk
assessment, the authors
recommend performing Extended
Procedures (Procedures for
Additional Assurance) for audit
areas or assertions that contain
fraud risks or other significant
risks. That is, even if the overall
risk of material misstatement could
be reduced to moderate by testing
controls, tests of details or
extended analytical procedures
are ordinarily still necessary to
respond to fraud risks or other
significant risks. (Fraud risks and
other significant risks ordinarily
involve high inherent risk.) The
response to the significant risk or
fraud risk can be targeted to the
specific type of misstatement for
which the risk exists. The response
does not need to be a blanket
expansion of audit work for the
assertion or audit area. Basic, or
even limited, procedures could be
performed related to other aspects
of the relevant assertion. For
example, there may be a
significant risk related to the
existence of property, plant, and
equipment because of a new
project to self-construct assets.
The response can be focused on
self-constructed assets and limited
procedures might be acceptable
for other aspects of the existence
Audit Area
Inherent
Risk Control Risk
Risk of
Material
assertion.
* * *
609 DOCUMENTING TESTS OF CONTROLS AND THE CONTROL RISK
ASSESSMENT
609.1 Chapter 3 discusses documentation requirements for the understanding of internal control obtained as part of risk
assessment, including use of ASB-CX-4.1: Understanding the Design and Implementation of Internal Control, ASB-CX-4.2:
Financial Reporting System Documentation Form, ASB-CX-4.3: Walkthrough Documentation Table, and the Activity and
Entity-level Control Forms at ASB-CX-5. The auditor should prepare documentation of the following matters related to tests of
controls: (AU-C 330.30.31)
The Nature, Timing, and Extent of Further Audit Procedures. According to AU-C 500.A10, further audit procedures
include tests of controls and substantive procedures. Therefore, the nature, timing, and extent of tests of controls
should be documented.
The Linkage of Further Audit Procedures (Tests of Controls) with the Assessed Risks (Control Risk Assessment) at
the Relevant Assertion Level.
The Results of the Audit Procedures. Since tests of controls are further audit procedures, the results of tests of
controls should be documented.
The Conclusions Reached When Not Otherwise Clear.
The Conclusions Reached with Respect to Relying On Audit Evidence about the Operating Effectiveness of Controls
Obtained in a Previous Audit.
AU-C 330.A76 notes that the form and extent of documentation is based on professional judgment and is influenced by the
nature, size, and complexity of the entity; its internal control; the availability of information; and the auditors methodology and
use of technology. AU-C 230, which is discussed in Chapter 8, provides standards and guidance on documentation.
609.2 Among other documentation requirements that are discussed in Chapter 8, AU-C 230 requires documentation of the
identifying characteristics of specific items tested. This requirement applies to tests of the operating effectiveness of controls
involving inspection of documents. AU-C 230 also provides examples for documenting the identifying characteristics of
inquiry and observation procedures.
609.3 For inspection of documents, the authors believe items tested can be identified by listing the items; by including a
detail schedule in the workpapers on which the items are identified; or by documenting in the workpapers the source and
selection criteria. For inquiry and observation procedures, the identifying characteristics may be documented as follows:
For inquiries, document the dates of the inquiries, the names and job functions of client personnel queried, and the
inquiry that was made.
For observations, document the matter observed, the individuals involved and their responsibilities, and where and
when the observation took place.
609.4 AU-C 300.09 indicates that the audit plan should include a description of the nature, timing, and extent of planned
further audit procedures at the relevant assertion level. Since tests of controls are further audit procedures, planned tests of
controls should be documented as part of the detailed audit plan. The detailed audit plan and related documentation
requirements are more fully discussed in Chapter 4.
Practice Aids
609.5 The following practice aids are provided to document the matters listed in paragraph 609.1 that relate to tests of
controls:
Test of Controls Form (ASB-CX-10.1).
Activity and Entity-level Control Forms (ASB-CX-5).
These forms are discussed in the following paragraphs. Alternatively, auditors can document their tests of controls in a memo.
609.6 Test of Controls Form. The Test of Controls Form documents controls tested, the related assertion(s), testing
procedures performed, results of the test (the conclusion about whether the controls are operating effectively), and the effect
of the test results on the control risk assessment documented at ASB-CX-7.1 (that is, whether the test results confirm the
planned control risk assessment or support a different control risk assessment). As discussed in Chapter 4, a revised control
risk assessment can be documented by revising ASB-CX-7.1. As discussed in paragraph 606.8, AU-C 330 states that tests of
controls may be rotated over a three year cycle and provides guidelines for rotating tests. The Test of Controls Form
provides space for the auditor to document that a control was tested in a prior year and to add comments about the
consideration of whether conditions relevant to the control have changed. The form can be carried forward for three years.
609.7 Activity and Entity-level Control Forms. Chapter 3 discusses use of the Activity and Entity-level Control Forms
and explains that they are optional source lists of controls that may be used in various ways. They may be used in identifying
controls to test when the auditor has decided that it is necessary or beneficial to test controls but has not identified specific
controls to test. The forms help the auditor decide which controls to test by identifying the assertions relevant to each control
activity. The forms provide controls for each COSO component of internal control discussed in Chapter 3, including those at
the entity-level.
609.8 Memo. The auditor may choose to document the test of controls and resulting control risk assessment in memo form
rather than using the preceding practice aids. A memo would describe the control activity tested; the assertion and audit area
to which the control relates; the nature, timing, and extent of the procedure used to test the controls operating effectiveness;
and the results of the test. The control risk assessment based on the test would be documented, as would the effect of the
assessment on planned substantive procedures.
CHAPTER 7: SAMPLING IN AN AUDIT ENGAGEMENT
700.1 This chapter primarily explains how to decide the extent of audit testshow many items to select in applying the
chosen audit procedure. Decisions about extent may be expressed in several ways, such as the following:
a. Number of locations or components to be tested.
b. Cutoff amount for individually significant dollar items.
c. Sample sizes.
A key focus of this chapter is an explanation of the use of audit sampling for a nonpublic company engagement.
700.2 A planning decision about the extent or quantity of specific audit procedures to be performed can be made only after
an auditor has considered several other aspects of designing substantive procedures or tests of controls. For substantive
procedures to be applied to a particular account balance or class of transactions, an auditor would have
a. Developed a specific audit approach for each broad category of assertion (existence, completeness, etc.), given the
assessed risks of material misstatement.
b. Selected one or more procedures that are responsive to the assessed risks.
For tests of controls, an auditor would have
a. Made a preliminary assessment of control risk for the relevant assertion.
b. Determined the efficiency and practicality of testing controls.
c. Decided which controls to test, given the identified risks, to support the control risk assessment.
700.3 If a selected audit procedure involves obtaining evidence to support (1) individual items included in an account
balance or (2) the effective operation of controls during the audit period, an auditor will also ordinarily need to decide the
following:
a. What item in what population of data will be tested.
b. The appropriate direction of testing.
c. How many items in the population to test.
Only the last decisionhow many itemsis a decision about extent.
700.4 The authoritative pronouncement that applies when the auditor has decided to use audit sampling in performing audit
procedures is AU-C 530, Audit Sampling [formerly SAS No. 39 (AU 350)]. AU-C 530 addresses the auditors use of statistical
and nonstatistical sampling when:
a. Designing and selecting the audit sample.
b. Performing tests of controls and tests of details.
c. Evaluating the results of the sample.
AU-C 530 complements the guidance in AU-C 330, Performing Audit Procedures in Response to Assessed Risks and
Evaluating the Audit Evidence Obtained, on the means available to the auditor for selecting items for testing. One of the means
of selecting items for testing is audit sampling.
700.5 The AICPA has also issued the Audit and Accounting Guide, Audit Sampling (referred to in this Guide as the AICPA
Sampling Guide)an interpretive publication. AU-C 200, Overall Objectives of the Independent Auditor and the Conduct of an
Audit in Accordance with Generally Accepted Auditing Standards, explains the status of interpretive publications. AU-C 200.27
states that the auditor should consider applicable interpretive publications in planning and performing the audit. AU-C
200.A79 explains that the consideration of an interpretive publication is presumptively required. The AICPA Sampling Guide
provides interpretive guidance to apply the concepts in AU-C 530, including its definitions. AU-C 530 and the AICPA Sampling
Guide are explained further in the following discussion.
Means of Selecting Items for Testing
700.6 AU-C 330.25 requires that when the auditor designs tests of controls and tests of details, the auditor should determine
the means of selecting items for testing that are effective in meeting the purpose of the audit procedure. AU-C 330.A65
explains that the means available to the auditor for selecting items for testing are as follows:
Selecting all items (100 percent examination).
Selecting specific items.
Audit sampling.
The auditor may apply any one or a combination of these means of selection depending on the circumstances.
700.7 Selecting All Items. A 100 percent examination of an account balance or transaction class may be appropriate in the
following circumstances:
The population consists of a small number of large dollar items.
A significant risk exists and other means do not provide sufficient appropriate evidence.
The repetitive nature of a calculation or other automated process makes a 100 percent examination cost effective.
This approach is not common for tests of controls, except when the power of the computer may be used for 100 percent
reperformance, but is more common for tests of details.
700.8 Selecting Specific Items. The auditor may decide to use this approach based on the understanding of the entity,
characteristics of its accounting populations, and identified and assessed risks of material misstatement. Specific items
selected may include the following:
a. High dollar items or items that are significant based on some other characteristic, such as being unusual,
particularly risk prone, having a history of error, or otherwise being suspicious.
b. All items over a certain dollar amount. (This approach may permit testing a large portion of the total dollar amount of
a transaction class or account balance with a relatively few number of items.)
c. Items to obtain information (such as obtaining a better understanding of the nature of certain transactions or of the
entitys operations).
Selective examination of specific items is not audit sampling because the items have not been selected in a manner that is
representative of the population. This means of selection does not provide sufficient appropriate evidence to reach a
conclusion on the remainder of the population and results cannot be projected to the population.
700.9 Audit Sampling. Audit sampling enables conclusions to be drawn about an entire population based on tests of a
sample taken from that population. The ability to draw valid conclusions based on a sample depends on determining an
appropriate sample size, having an appropriate sampling approach and method of selection, and appropriately following up
on exceptions.
700.10 Relation of Selection Method to Small Business Considerations. The distinctive characteristics of a small
nonpublic company as explained in paragraphs 700.22 and 700.23 often lead to using methods of selection other than audit
sampling. Small businesses tend to have populations that consist of a small number of high-dollar items, and the auditor is
often familiar enough with the accounting populations to identify significant items. Thus, the auditor can determine when it
would be efficient and effective to select all items or to select all high dollar and significant items. The approach to audit
sampling explained in this chapter is structured so that the auditor first considers whether selecting all items or selecting
specific items will be more efficient and effective than audit sampling.
Definitions
700.11 AU-C 530 provides definitions of the following terms that are important to an understanding of the material discussed
in this chapter:
Audit sampling.
Tolerable misstatement.
Statistical sampling.
700.12 Audit Sampling. AU-C 530.05 defines audit sampling as the selection and evaluation of less than 100 percent of the
population of audit relevance such that the auditor expects the items selected (the sample) to be representative of the
population and, thus, likely to provide a reasonable basis for conclusions about the population. In this context representative
means that evaluation of the sample will result in conclusions that, subject to the limitations of sampling risk, are similar to
those that would be drawn if the same procedures were applied to the entire population. The definition is important in the
selection of audit procedures. Some audit procedures are not sampling by this definition, including the following:
a. Application of an audit procedure limited to a specific group of items within a balance or class of transactions that
have a distinct characteristic, e.g., all property and equipment additions over $5,000.
b. Examining a few transactions within a balance or class of transactions to obtain an understanding of the nature of
the clients operations.
c. Applying audit procedures to one or a few transactions of each type to clarify the auditors understanding of the
design of the companys internal controls.
In each of these three examples, the auditor is not selecting items expected to be representative of the population to provide a
reasonable basis for drawing conclusions about the population from which the items were selected. In item a, the auditor is
dividing the account balance or transaction class into two populations and selecting 100 percent of one of those populations.
In items b and c, the auditor is selecting items to obtain information that will increase the auditors understanding rather than
attempting to reach a conclusion about a population of items. In each of these cases, authoritative pronouncements on
sampling would not apply to the test performed.
Example 7-1: Determining whether a test involves audit sampling.
The auditor has established tolerable misstatement as $50,000, and, in examining additions to property and equipment,
plans to select all items over $25,000. Items over $25,000 total $275,000, and the remaining expenditures of
approximately 200 items total $175,000. From these 200 items, the auditor judgmentally decides to examine 20 items
selected without regard to amount or other criteria. The auditor plans to consider the implications of the nature and
cause of any misstatements detected. Is this an audit sampling application?
Solution. Yes, this is audit sampling. If the auditor restricted the procedures to all items over $25,000 and was able to
reach a conclusion on the lack of material misstatement of the remaining items without vouching any of them, e.g., by
reliance on audit evidence from analytical tests and tests of controls related to capital acquisitions, then sampling would
not be involved. Also, the auditor might reduce the cutoff amount for an expenditure regarded as an individually
significant item to $10,000 and thereby reduce the amount of the remaining items to an immaterial amount. However, as
long as the auditor is attempting to reach a conclusion on the remaining items by examining a portion of them, sampling
is involved, and all the requirements of AU-C 530 apply.
Thus, when the auditor reaches a conclusion about some aspect of an entire account balance or transaction class on the
basis of examining less than 100% of the population, the auditor has to follow the requirements of AU-C 530.
700.13 Tolerable Misstatement. AU-C 530.05 defines tolerable misstatement as a monetary amount set by the auditor in
respect of which the auditor seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is
not exceeded by the actual misstatement in the population. AU-C 530.A6 explains that tolerable misstatement is the
application of performance materiality (discussed in Chapter 3) to a particular sampling procedure. Thus, the concepts of
performance materiality and tolerable misstatement are essentially the same. AU-C 530.A6 also provides the guidance that
tolerable misstatement may be the same amount or an amount smaller than performance materiality. Consequently, for
purposes of the audit approach discussed in this Guide, which is based on MUS sampling, the authors believe tolerable
misstatement should be equal to performance materiality.
700.14 Statistical Sampling. Despite the fact that there has been authoritative audit guidance on audit sampling for nearly
thirty years, confusion persists concerning the distinction between the concepts of statistical sampling and audit sampling.
Audit sampling does not equate to statistical sampling. Audit sampling can be either statistical sampling or nonstatistical
sampling. The requirements of AU-C 530 apply whether the approach to audit sampling is statistical or nonstatistical. AU-C
530.05 defines statistical sampling as an approach to sampling that has the following characteristics:
Random selection of the sample items.
The use of an appropriate statistical technique to evaluate sample results, including measurement of sampling risk.
A sampling approach that does not have both of those characteristics is considered nonstatistical sampling. Thus, even if the
auditor uses a random selection method in drawing sample items, the approach is still considered nonstatistical if the auditor
does not use a statistical technique to evaluate the sample results, including quantifying the effect of sampling risk.
700.15 Basis for the PPC Approach to Audit Sampling. The approach to audit sampling explained in this chapter is a
nonstatistical approach because a statistical technique is not used to evaluate sample results. The effect of sampling risk is
not quantified. The approach uses the statistical model of Probability Proportional to Size (PPS), or Monetary Unit Sampling
(MUS), to compute sample size, but various approximations are used to consider sampling risk in the planning and evaluation
of samples. As a result, the approach is considered to be nonstatistical. The approach, as explained in paragraph 700.10,
also emphasizes consideration of whether selecting all items or high dollar and significant items would be more efficient and
effective than using audit sampling.
Uses of Audit Sampling
700.16 In a nonpublic company engagement, three distinct types of audit procedures may involve the use of audit sampling
as follows:
a. Substantive tests of details of account balances.
b. Substantive tests of details of transactions.
c. Tests of controls directed toward operating effectiveness.
700.17 Substantive Tests of Account Balances. The auditors objective in using a substantive test of a general ledger
account balance is to decide whether the balance is materially misstated. Audit sampling is usually necessary in applying a
substantive test of an account balance when the balance is composed of a large number of items and the remaining balance,
after identifying individually significant items, exceeds tolerable misstatement. A common audit sampling application for a
substantive test of an account balance is confirmation of accounts receivable. Section 704 explains a practical approach to
sampling in substantive tests of balances.
700.18 Substantive Tests of Transactions. The auditors objective in using a substantive test of transactions is to decide
whether the total of a transaction class is materially misstated. The auditor inspects documents supporting recorded
transactions to determine whether transactions are valid, and valued and coded properly, i.e., recorded correctly as to
account, amount, and period. Tests of transactions are often unnecessary in nonpublic company audits if the income
statement does not present unnecessary detail or if alternatives such as effective analytical procedures can be applied to
transaction classes. However, in some engagements, this type of test may be a common audit sampling application. It can be
used for testing most types of expenditures, e.g., payroll, expenditures for goods and services, etc. The sampling approaches
discussed in sections 704 and 706 may be used in tests of transactions.
700.19 Tests of Controls. Risk assessment procedures performed to obtain an understanding of internal control do not
involve sampling. Also, sampling concepts might not apply to the following types of tests of controls:
Tests of automated application controls when effective IT general controls are present.
Analyses of controls for determining the appropriate segregation of duties or other analyses that do not examine
documentary evidence of performance.
Analyses of the effectiveness of security and access controls.
Tests directed toward obtaining audit evidence about the operation of the control environment, for example, inquiry
or observation of the explanation of variances from budgets when the auditor does not plan to estimate the rate of
deviation from the prescribed control.
Examining actions of those charged with governance for assessing their effectiveness, for example, evaluating
whether the audit committee is appropriately involved in the financial reporting process.
700.20 Generally, the use of audit sampling for tests of controls will be efficient and effective in the following circumstances:
The control is applied on a transaction basis, for example, matching approved purchase orders to supplier invoices.
The control operates frequently and the population is relatively large.
In these circumstances, the auditor can select a sample of transactions and reperform the related control activities to see
whether compliance with the control procedures is acceptable. When the control operates infrequently or the population is
not relatively large, additional consideration needs to be given to an approach other than audit sampling. The effect of
population size on sampling in tests of controls is discussed beginning in paragraph 705.17.
700.21 In a nonpublic company engagement, the need to test controls for operating effectiveness depends on whether (a)
the auditors risk assessment includes an expectation of the operating effectiveness of controls or (b) substantive procedures
alone do not provide sufficient appropriate evidence at the relevant assertion level. However, not all tests of controls involve
audit sampling. The use of audit sampling for tests of controls is discussed further in section 705.
Small Business Considerations
700.22 A small business has distinctive characteristics that influence the use of audit sampling. Small businesses generally
tend to have relatively small populations of accounting data in both account balances and classes of transactions. Also, small
businesses often have account balances for which a large portion of the balance is accounted for by only a few of the items
making up the balance. As a result, sampling may not be as useful or appropriate in a small business engagement, and an
auditor normally considers other methods of deciding the extent of testing. Only after other approaches to decide the extent
of testing have been adequately considered does an auditor plan to use sampling. This chapter explains how to plan the
extent of tests without sampling. It also explains the circumstances that would lead an auditor to sample and the most
common methods of sampling.
700.23 As discussed in Chapter 3, the auditor is required by AU-C 315 to obtain an understanding of the entity and its
environment, including the design and implementation of internal control. Based on that understanding, the auditor may often
assess control risk as high for relevant assertions for significant audit areas in a small business due to the lack of effective
controls. The auditor may also determine that performing only substantive procedures is effective and testing the operating
effectiveness of controls would be inefficient. Accordingly, an auditor is less likely to use audit sampling for tests of controls in
a small business engagement.
701.1 The objective of the auditor when performing audit sampling is to provide a reasonable basis for drawing conclusions
about the population from which the sample is selected.
Exhibit 7-1
Requirements for Audit Sampling
Requirements
Clarified
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Determine the means of selecting items for
testing that are effective in meeting the
purpose of the audit procedure.
When designing an audit sample, consider
the purpose of the procedure and the
characteristics of the population being
sampled.
ASB-CX-8.3
ASB-CX-10.2
Determine a sample size that will reduce
sampling risk to an acceptably low level.
705, and 706
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
Select sample items in a way that is
reasonably expected to be representative
of the population and likely to provide a
reasonable basis for drawing conclusions
about the population.
ASB-CX-8.3
ASB-CX-10.2
Perform appropriate audit procedures on
each sample item.
through
ASB-AP-14
If the audit procedure is not applicable for
a selected item, perform the procedure on
a replacement item.
and 705
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
If the audit procedure, or a suitable
alternative, is applicable but cannot be
performed for a selected item, treat that
item as a control deviation (for tests of
and 705
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
item as a control deviation (for tests of
controls) or a misstatement (for tests of
details).
Investigate the nature and cause of any
deviations or misstatements and evaluate
their effects on the purpose of the audit
procedure and on other aspects of the
audit.
704, and 705
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
Project the results of the sample to the
population.
704, and 705
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
Evaluate the results of the sample,
including sampling risk.
704, and 705
ASB-CX-8.2
ASB-CX-8.3
ASB-CX-10.2
Evaluate whether the use of sampling
provided a reasonable basis for drawing
conclusions about the population tested.
ASB-CX-8.3
ASB-CX-10.2
* * *
702 PLANNING THE EXTENT OF SUBSTANTIVE PROCEDURES
702.1 AU-C 330.25 indicates that the auditor should determine the means of selecting items for testing that are effective in
meeting the purpose of the audit procedure. AU-C 330.A16 explains that the extent of an audit procedure judged necessary
is determined after considering the following:
Materiality.
Assessed risk.
Degree of assurance the auditor plans to obtain.
Generally, as the risk of material misstatement increases, the extent of substantive procedures also increases.
702.2 Substantive procedures consist of tests of details and substantive analytical procedures. The extent of a substantive
analytical procedure is primarily a function of the precision of the auditors expectation. This section addresses determining
the extent of substantive procedures when the auditor performs substantive tests of details. Performing substantive
procedures, including deciding between analytical procedures and substantive tests of details, is discussed more fully in
Chapter 5.
702.3 Many nonpublic engagements, especially those that are smaller (see paragraph 700.22), have the following
characteristics that affect the extent of substantive procedures:
a. Small populations.
b. Significant portion of the account balance is comprised of a few large dollar items.
Exhibit 7-2 provides a practical approach for planning the extent of substantive procedures involving tests of details
considering these characteristics. Exhibit 7-3 illustrates this approach.
Exhibit 7-2
Determining the Extent of Substantive Procedures Involving Tests of Details
Description Result
1. Assess the appropriate level of tolerable
misstatement.
Tolerable misstatement (as a rule of
thumb, use 75% of planning materiality).
2. Determine an amount for individually significant
dollar items.
Any amount less than tolerable
misstatement may be used (as a rule of
thumb, use one-third of tolerable
misstatement).
3. Identify unusual items. Identification of additional items to be
tested 100%.
4. Calculate the remaining balance after selecting
individually significant items (Steps 2 and 3).
Calculated amount.
5. Determine what procedures, if any, are needed to
test the remaining balance.
Procedures, if any, needed to test
remaining balance.
* * *
Exhibit 7-3
Determining the Extent of Substantive Procedures Involving Tests of Details
* * *
The following paragraphs discuss the auditors considerations in applying that approach.
STEP 1 Assess the Appropriate Level of Tolerable Misstatement
702.4 Paragraph 700.13 explains that the authors believe tolerable misstatement should be the same as performance
materiality. Thus, tolerable misstatement can be estimated directly as a percentage of planning materiality. As a rule of thumb,
when relatively few misstatements are expected and past experience indicates management will likely correct those detected,
tolerable misstatement may be determined as 75% of planning materiality.
STEP 2 Determine an Amount for Individually Significant Dollar Items
702.5 The term individually significant items encompasses two types of items in a financial statement component
a. Individually significant dollar items.
b. Unusual items (that is, items that have audit significance by their nature).
In determining the extent of substantive procedures involving tests of details, the auditor first selects an amount for individually
significant dollar items, and then considers any unusual items. Unusual items are discussed in paragraph 702.8.
702.6 When performing tests of details, the auditor at least examines all items that equal or exceed tolerable misstatement.
Accordingly, the cutoff amount for determining individually significant dollar items cannot exceed tolerable misstatement. As a
rule of thumb, the auditor may use one-third of tolerable misstatement as the cutoff for individually significant dollar items.
However, the auditor may choose any amount less than tolerable misstatement to limit the remaining balance to an amount
that reduces the risk of material misstatement to an acceptable level.
702.7 Case StudyIdentifying Individually Significant Dollar Items. The auditor has determined planning materiality as
$33,500 and tolerable misstatement as approximately $25,000 (using the 75% rule of thumb). Suppose XYZ Company has
accounts receivable composed of the following account groups:
Number of
Accounts Range of Balances Total Amount
4 $75,000 $150,000 $ 410,000
3 $13,000 $ 74,999 91,000
436 Less than $ 13,000 99,000
443 $ 600,000
Using the rule of thumb for individually significant dollar items, the auditor would select every item over one-third of tolerable
misstatement (approximately $8,300). In this example, that would include all the items in the top two categories, plus perhaps
part of the bottom category. However, depending on the circumstances and the auditors judgments about the remaining
balance, the auditor may decide to initially select only the items in the top two categories. In this case study, the auditor would
probably define individually significant dollar items as items comprising the top two categories only (that is, items greater than
or equal to $13,000). This approach is appropriate because the cutoff amount of $13,000 is less than tolerable misstatement.
This approach is also efficient because the auditor can test only seven items and reduce the remaining balance to an amount
that will permit the use of analytical procedures to hold the risk of material misstatement to an acceptable level.
STEP 3 Identify Unusual Items
702.8 As discussed in paragraph 702.5, an item also may be individually significant if, because of its nature, it is prone to
misstatement or otherwise requires audit attention. The authors refer to these items as unusual items. Examples might include
related party transactions, negative customer receivable balances, etc. Unusual items may be identified based on:
a. Prior experience.
b. Results of analytical procedures.
c. Unusual characteristics.
It is important for auditors to look for unusual items whenever a substantive test of details is performed.
702.9 Prior Experience. Based on historical experience with a client, an auditor may be aware of the types of items that are
highly susceptible to misstatement. The audit may need to be designed to select such items that have historically been a
problem and subject these items to individual examination. This approach can add efficiency by going directly to the problem,
e.g., the auditor has found that the company does not accurately account for the cost of assets constructed for its own use. In
this case, in testing property additions, the auditor would identify all self-constructed assets as individually significant, plus all
individually significant dollar items.
702.10 Results of Analytical Procedures. The auditor may be able to use analytical procedures to identify individually
significant items or to otherwise identify populations that need to be sampled. Normally, analytical procedures call attention to
unusual or unexpected relationships, that is, relationships, account balances, or transaction amounts that do not make sense
based on the auditors understanding of the client and its industry. Well-designed preliminary analytical procedures coupled
with appropriate expectations of plausible relationships can be extremely effective in identifying risks of material misstatement
during the risk assessment stage of the engagement. (Preliminary analytical procedures that are used when obtaining an
understanding of the entity and its environment for the purpose of assessing risks are discussed at section 301.) In the payroll
area, for example, an effective analytical procedure is to compare current payroll expenditures to prior period actual by
department and relate to the number of employees by department. In this manner, the auditor may eliminate the need to
perform tests of details, or the auditor may reduce the extent of payroll testing to departments with significant unexpected
differences.
702.11 As another example, suppose that XYZ Company manufactures four product lines. Analytical procedures are
performed to calculate the inventory turnover rates for each of the four products. These turnover rates are compared to
historical and industry experience to identify any slow-moving items. Since these products come in various colors and sizes,
these calculations are made at an individual item level for each color and size. The results of this analytical procedure are
then used to select specific inventory items for price and obsolescence testing.
702.12 Unusual Characteristics. This category is by nature more difficult to define because it includes virtually any
characteristic that the auditor identifies as worth investigating, e.g., related party transactions or balances, unusual or
unfamiliar vendor names, etc. Exhibit 7-4 lists some common types of items that might be selected for individual examination
due to their unusual nature.
Exhibit 7-4
Examples of Unusual Items
Audit Area Unusual Items
Accounts Receivable Large credit balances.
Very delinquent balances.
Customers whose names cause some
significant question.
Large sales recorded just prior to year-end.
Balances with special terms outside of the
companys normal policy.
Inventory Slow-moving large dollar items.
Units whose values are highly volatile.
Product lines that are unique given the clients
industry.
Property, Plant and Equipment Additions that do not seem appropriate for the
business.
Additions that involve capitalization of interest.
Accounts Payable Vendors whose names do not seem
appropriate or could be related parties.
Large debit balances.
Vendor accounts in dispute.
Non-specific accruals or broad, even-dollar
accruals for a vendor.
Expenses Expense entries that appear to be
inappropriate.
Expense amounts paid to possible related
parties or potentially inappropriate payees.
* * *
STEPS 4 and 5 Considering the Remaining Balance
702.13 Comparing the Remaining Balance to Tolerable Misstatement. After computing the remaining balance, the auditor
compares it to tolerable misstatement. Normally, the auditor will not need to apply additional audit procedures to the
remaining balance if it is less than tolerable misstatement. However, the decision of whether to apply additional audit
procedures to the remaining balance is a matter of professional judgment. Misstatements detected in applying audit
procedures to individually significant items may be so large or so numerous that the auditor may decide to apply additional
audit procedures to the remaining balance even if it is less than tolerable misstatement.
702.14 Considering the Need to Apply Additional Audit Procedures to the Remaining Balance. If the remaining balance
exceeds tolerable misstatement, the auditor considers what procedures, if any, are needed to obtain sufficient audit evidence
concerning that balance. Generally, the following options are considered:
a. Determining that no additional audit procedures are needed.
b. Performing analytical procedures.
c. Considering the contribution of other substantive procedures.
d. Applying audit sampling.
e. Expanding the audit procedures performed on individually significant items.
Exhibit 7-3 illustrates the thought process involved in considering these options. Each option is discussed separately in the
following paragraphs. However, the auditor may use a combination of these options with respect to the remaining balance.
702.15 Determining That No Additional Audit Procedures Are Needed. The auditor may decide to perform no further audit
procedures on the remaining balance after considering the risk of material misstatement of the remaining balance. In
assessing the risk of material misstatement of the remaining balance, the auditor considers the following factors:
a. Characteristics of the Remaining Balance. The auditor may have some knowledge of the account based on prior
experience and other audit procedures performed, including audit procedures performed on individually significant
items. Using that knowledge, the auditor considers the nature, size, and frequency of misstatements necessary for
the remaining balance to be materially misstated. For example, if the auditor determines that the remaining balance
is composed of many small dollar items and believes there is a low rate of misstatements in the remaining balance,
then it may be possible to assess the risk of material misstatement of the remaining balance as low.
b. Risk of Material Misstatement of the Account. The risk of material misstatement of the remaining balance is related to
the risk of material misstatement of the entire account. However, those risks would not necessarily be the same
because (1) the remaining balance is smaller and (2) the auditor may be able to separately identify items that are
prone to misstatement and perform audit procedures on them individually. Accordingly, the risk of material
misstatement of the remaining balance may be lower than the risk for the account.
702.16 As is the case at the account balance level, the higher the risk of material misstatement of the remaining balance, the
greater the assurance that is needed from substantive procedures. Accordingly, the auditor generally will need to perform
additional audit procedures unless the risk of material misstatement of the remaining balance is low. Furthermore, even if the
risk of material misstatement is low, it is generally advisable for the auditor to at least scan the remaining balance for unusual
items. (See discussion beginning at paragraph 702.8.)
702.17 Performing Analytical Procedures. In many cases, analytical procedures can be both effective and efficient audit
procedures relevant to the remaining balance. In evaluating whether analytical procedures provide adequate evidence with
respect to the remaining balance, the auditor considers the risk of material misstatement of the remaining balance (discussed
beginning at paragraph 702.15) and the effectiveness of those analytical procedures (see paragraph 503.22).
702.18 Considering the Contribution of Other Substantive Procedures. Sometimes the auditor may plan to perform other
substantive procedures that contribute audit evidence, either directly or indirectly, for the same assertion(s) as the test of
details. In such cases, the auditor may decide that the contribution of the other procedures, along with audit procedures
performed on individually significant items, reduces audit risk to an appropriately low level. For example, to test the existence
of receivables, the auditor confirms all individually significant accounts. In addition, in connection with tests of the aging
(valuation) of receivables, the auditor plans to examine subsequent cash receipts, which also contributes audit evidence
about the existence of receivables. The auditor considers whether the contribution of those other substantive procedures
provides sufficient evidence about the remaining balance. (Section 1101 discusses the confirmation process and subsequent
collection of accounts receivable.) As when considering analytical procedures, the auditor considers the risk of material
misstatement and the degree of effectiveness of the other substantive procedures.
702.19 Applying Audit Sampling. If the auditor decides that analytical procedures or other substantive procedures do not
provide sufficient appropriate audit evidence with respect to the remaining balance, then tests of details need to be applied to
the remaining balance. Consequently, the auditor has two remaining optionsusing audit sampling or expanding the audit
procedures performed on individually significant items. In choosing between those options, the auditor considers the
following factors:
a. Number of Items in the Remaining Balance. If the remaining balance consists of numerous items (such as 200 items
or more), sampling generally is more efficient. However, if the auditor can further reduce the amount of the
remaining balance by performing audit procedures on only a few of the larger items in the remaining balance, then it
is probably more efficient to perform audit procedures on those larger items instead of sampling.
b. Expected Misstatement in the Remaining Balance. Generally, if the expected misstatement in the remaining balance
exceeds one-third of tolerable misstatement, sampling risk would be too high and sampling would not be
appropriate. However, it may be possible to isolate the items that are most prone to misstatement, perform audit
procedures on 100% of those items, and sample the remaining population.
Assuming that sampling risk is at an acceptable level, the consideration is a matter of efficiency (that is, which option results
in applying audit procedures to the fewest items). For large populations of small dollar items, sampling generally is more
efficient. Exhibit 7-5 lists some common sampling applications and their relative frequency for nonpublic company audits.
702.20 Expanding the Audit Procedures Performed on Individually Significant Items. As discussed in the preceding
paragraph, the auditor considers this option only after determining that:
a. tests of details are needed to obtain sufficient appropriate audit evidence concerning the remaining balance and
b. this option is preferable to sampling the remaining balance.
Expanding the audit procedures performed on individually significant items normally is accomplished by:
a. lowering the amount for individually significant dollar items and, possibly,
b. choosing additional unusual items.
Also, the auditor considers the possibility of using analytical procedures or other substantive procedures to reduce the
assurance needed from tests of details.
Exhibit 7-5
Sampling Applications in Nonpublic Company Audits
Substantive Test Application Frequency
1. Accounts Receivable Confirmation. This is the most common use of sampling
in many engagements. Due to the relative importance of the area, the need to
obtain third party evidence, and the relatively large number of accounts that
can exist, sampling can be an efficient method to obtain sufficient audit
evidence in this area.
High
2. Inventory Count Observation. There are conflicting views about whether
sampling is appropriate to accomplish the objectives of inventory observation
procedures. Ordinarily, the number of test counts is affected more by the
number of count teams and the auditors experience with the accuracy of client
counting procedures than by sampling considerations. Also, the auditor needs
to carefully consider the composition of inventory and the appropriateness of
projecting sample misstatements, as explained in Chapter 12. Sampling might
be more commonly used to select locations for observation when the client has
a large number of inventory sites.
Rare
3. Inventory Price Test. This procedure is similar to the count observation since
the number of items in the inventory normally determines whether sampling is
an effective means to satisfy the objectives of the price test.
Moderate
4. Tests of Additions to Property, Plant, and Equipment. Some entities have a
significant number of additions to property, plant, and equipment. Although a
few specific items normally may be examined to address a large portion of the
additions, sampling may be used when the objectives cannot be satisfied
efficiently by examining individual items.
Rare to Moderate
5. Tests of Sales Transactions. There is typically no reason to perform a test of
sales transactions unless this is the most appropriate procedure to address the
assessed risks of material misstatement, for example, when there is a risk of
material misstatement due to fraud and a possibility exists of fictitious sales and
receivables. Normally, other substantive procedures can be used to effectively
and more efficiently address the assessed risk.
Rare
6. Test of Disbursements. Similar to tests of sales transactions, a test of
disbursements does not typically address the risks of material misstatement as
Rare to Moderate
Substantive Test Application Frequency
efficiently as other audit procedures. Therefore, sampling disbursements may
not be an effective and efficient approach unless there is a significant risk of
fraudulent disbursements. However, for some entities, classification of
disbursements may be important for both operating decisions and presentation
of operating results, e.g., the income statement presents general and
administrative expenses in great detail, or a contractor or manufacturer bases
bids or prices on costs of production. See section 706.
* * *
Worksheet for Planning the Extent of Substantive Procedures
702.21 The authors have developed a planning worksheet, ASB-CX-8.1, to assist the auditor in developing an efficient
approach to substantive procedures involving tests of details. The worksheet follows the approach discussed in this chapter
and is divided into three parts
Part 1 Determining individually significant items (based on their size or nature),
and calculating the remaining balance.
Part 2 Deciding what procedures, if any, are needed to obtain sufficient audit
evidence concerning the remaining balance.
Part 3 Documenting the extent of audit procedures to be performed on the
account or financial statement component.
The Importance of Identifying Individually Significant Items
702.22 In planning, an auditor always needs to consider the audit evidence obtained by applying substantive procedures to
individually significant items or transactions. Because AU-C 530 establishes certain requirements and demands on the auditor
when sampling is used, as described in Exhibit 7-1, it is imperative that the auditor challenge the need to perform any
sampling. The question is whether the audit procedures performed on individually significant items alone, or those audit
procedures combined with analytical or other substantive procedures, provide sufficient evidential matter. Even when the
auditor decides that sampling is necessary, efficiency will be improved considerably by dividing the account balance between
individually significant items and items to be sampled.
703 REQUIREMENTS THAT APPLY TO ALL AUDIT SAMPLES
703.1 The two possible approaches to audit sampling are statistical and nonstatistical. Both of these approaches are capable
of producing sufficient appropriate audit evidence, if properly applied. In general, when the same sampling parameters are
applied, comparable sample sizes result from either approach. The types of procedures that the auditor applies are not
determined by the sampling approach used. Either approach may be used to apply whatever tests the auditor deems
necessary in the circumstances. The importance of professional judgment cannot be overemphasized as it applies to the
evaluation of the sufficiency of audit evidence generated by the sampling approach. Regardless of the sampling approach
selected, an auditor needs to properly plan, perform, and evaluate the results of the sample. Professional judgment needs to
be used to relate the sample results to other audit evidence when the auditor forms a conclusion about a particular account
balance or class of transactions.
703.2 Once an auditor decides to use audit sampling, attention is focused on which sampling approach (statistical or
nonstatistical) to use. Substantial information is available in the AICPA Sampling Guide and other sources on the use of
various statistical sampling approaches. This section emphasizes nonstatistical sampling but explains the relation of the
nonstatistical methods discussed to statistical sampling.
The Basic Requirements
703.3 The basic requirements that relate to all audit samplesstatistical and nonstatisticalare as follows:
a. Defining. The auditor should consider the purpose of the procedure and the characteristics of the population being
sampled. The auditor relates the population (account balance, transaction class, or portion of balance or class) to
the objective of the audit procedure (i.e., the auditor defines the population and sampling unit).
b. Selecting. The auditor should select items that can be expected to be representative of the population.
c. Performing. The auditor should perform appropriate audit procedures on each sample item and investigate the
nature and cause of any deviations or misstatements.
d. Evaluating. The auditor should project sample results to the population, consider sampling risk, and evaluate
whether the use of sampling provided a reasonable basis for drawing conclusions about the population tested.
Defining Population and Sampling Unit
703.4 Defining the Population. In an audit sampling application, the population is usually all items that constitute the
account balance or class of transactions, excluding those items selected for individual testing. Sampling results can be
projected only to the population from which the sample is drawn. The use of the wrong population for a sampling application
could mean that conclusions based on the sample are invalid for an auditors purpose. Consider the following example:
Population Approach
Examining a sample of sales invoices recorded in the year to support the completeness assertion of revenue.
Problem
Sampling recorded sales items is a test of occurrence and possibly cutoff but allows no conclusion to be projected
about potentially unrecorded sales (completeness).
Alternative
Define shipping records, e.g., bills of lading or usage records (such as meter books), as the population for the audit
procedure and trace items to recorded invoices.
703.5 The AICPA Sampling Guide (paragraph 4.53) explains that, it is generally inappropriate to seek reduced sample sizes
by planning an audit sample to test revenue or cost of sales using a single net population defined as the gross margin. This
is not advisable because misstatements in revenue would not necessarily be offset by misstatements in cost of sales.
Revenue and cost of sales generally are regarded as two separate classes of transactions and thus, two separate populations
to be sampled.
703.6 Defining the Sampling Unit. The sampling units are the individual items that are subjected to audit procedures and
that represent the components of the population. It is important to properly identify the sampling unit before the sample is
selected in order to produce an efficient and effective sampling application. The determination of the specific sampling unit is
influenced by the following considerations:
a. Does the sampling unit produce an efficient sampling plan?
b. Is the sampling plan effective to accomplish its objectives?
c. What is the logical sampling unit based on the nature of the audit procedure and the population?
AU-C 530.05 states that the population is the entire set of data from which the sample is selected, and the sampling units are
the individual items that constitute the population. AU-C 530.A5 explains that the sampling units might be physical items (for
example, checks listed on deposit slips, credit entries on bank statements, expense checks, sales invoices, customer account
balances, or inventory items) or monetary units.
703.7 Considering the Completeness of the Population. AU-C 500.09 requires the auditor, when using information
produced by the client, to evaluate whether that information is sufficiently reliable, including obtaining audit evidence about
the accuracy and completeness of the information. In the context of audit sampling, that means the auditor needs to obtain
evidence about the completeness of the population from which the sample is drawn. For example, if the auditor is selecting a
sample of customer accounts (the sampling unit) for confirmation from the aged trial balance, and plans to project the results
to the accounts receivable balance (the population), the auditor can review the reconciliation of the aged trial balance to the
general ledger to make sure the population from which the accounts are being selected is complete. Similarly, if the auditor is
selecting inventory items from the detailed inventory listing, the auditor may have already traced test counts from the physical
inventory observation to the inventory listing and reconciled the inventory listing to the general ledger inventory balance.
Those procedures provide evidence about the completeness of the detailed inventory listing from which the sample will be
drawn.
Representative Selection
703.8 Selecting Sample Items. AU-C 530.08 requires a representative sample, i.e., the sample items should be selected in
such a manner that all items have an opportunity to be selected. There are several commonly used methods of selecting
representative samples. The following are some of those methods:
a. Random Selection. Regardless of the method of sampling used, statistical or nonstatistical, a random selection
provides each item in the population an equal chance to be selected.
b. Systematic Sampling. This method can be used with nonstatistical or statistical sampling to give every item in the
population an equal chance of being selected if a random start is used. However, it may not produce an equal
opportunity for all combinations of sampling units to be selected unless numerous random starts are made. The
sampling interval is determined by dividing the population by the number of items to be sampled.
c. Haphazard Selection. In this sense, haphazard does not mean careless; it means without conscious bias. Under
this method, sampling items are selected in no specific pattern without bias for or against any items in the
population. This could be done by selecting a sample of items from the paid invoices for the year if there were no
bias for or against large ones. The auditor may use this method for nonstatistical samples, provided care is taken to
be sure no conscious bias is added to the selection process. This method may not be used for statistical samples,
however, because it is not considered a random selection technique.
An auditor also qualitatively evaluates whether the sample selected seems representative of the population subject to the
audit procedures and likely to provide a reasonable basis for drawing conclusions about the population. For instance, if the
auditor is selecting a sample of operating expense checks with a sample size of 50, a sample that included 15 employee
expense reimbursement checks might not be considered representative of the population being subjected to the audit
procedures or likely to provide a reasonable basis for drawing conclusions about operating expenses. If the sample does not
seem representative, it should be reselected.
703.9 If practical, the auditor can stratify the remaining population. Generally, the remaining population can be divided into at
least two subgroups that are more similar in amount. One useful approach to stratification is:
a. Determine the average amount of the population to be sampled (amount of population divided by number of items in
the population).
b. Allocate two-thirds of the computed sample size to the items greater than the average and the remaining one-third to
items below the average.
c. Apply the sample selection method (random, systematic, or haphazard) separately to each stratum based on the
sample size allocated. The auditor would select two-thirds of the sample items from the upper stratum and then
one-third from the lower stratum.
703.10 Choosing a Method. The auditor might consider using random selection (with a random number table or
computer-generated numbers) or systematic selection with several random starts when performing nonstatistical sampling.
However, as explained in paragraph 700.15, using one of these two methods does not make the sampling application
statistical. The authors recommend using random selection unless haphazard selection is necessary because the population
is not numbered or similar circumstances make use of a random-based method impractical.
703.11 Random Selection Using Random Numbers. As explained in paragraph 703.8, AU-C 530 requires that sample
items be selected in such a manner that each item in the population has an opportunity to be selected. The following
random-based selection methods meet this requirement and are commonly used in selecting statistical audit samples (and
may be used when selecting nonstatistical samples):
a. Random number table.
b. Computer-generated random numbers.
703.12 Exhibit 7-6 presents an example of random number listings generated using PPCs Workpapers for Nonpublic
Companies. PPCs Workpapers provide practice aids not available in a PPC Guide and help standardize the format of the
firms workpapers. PPCs Workpapers, which are part of the Checkpoint Tools suite of Word and Excel-based productivity
solutions, can be ordered by calling (800) 431-9025 or at ppc.thomsonreuters.com.
Performing the Sampling Application
703.13 AU-C 530.09 requires the auditor to perform procedures on each item selected. However, sometimes it is necessary
to perform the procedures on a replacement item. Note that the listing in Exhibit 7-6 provides for replacements. These should
be used if the test is not applicable for a selected item, such as for duplicate numbers or when the source document that
corresponds to the initial random number never existed or is legitimately voided. However, inability to apply the test or
suitable alternative procedures to a selected item, for example, because source documents that were used cannot be located,
should be counted as an error or deviation.
703.14 AU-C 530.10 requires the auditor to investigate the nature and cause of any deviations or misstatements that are
identified when performing the sampling application. Thus, to effectively and efficiently perform the sampling application, the
auditor needs a clear definition of what constitutes a deviation (for tests of controls) or misstatement (for tests of details) for
purposes of the test. The sampling planning forms at ASB-CX-8.2 (for substantive procedures) and ASB-CX-10.2 (for tests of
controls) include a step that allows the auditor to document what constitutes a deviation or misstatement, and the
considerations are explained further in sections 704 for substantive procedures and 705 for tests of controls.
703.15 The auditors consideration of deviations or misstatements also includes evaluating the possible effect of those items
on the objective of the test and on other aspects of the audit. For example, the auditor may notice that all of the deviations or
misstatements have a common attribute, such as the same type of transaction, time period, location, or product line. In that
case, it may be appropriate to identify all items in the population that possess that attribute and extend procedures related to
those items. The auditor also considers whether the deviations or misstatements may be intentional, indicating the possibility
of fraud.
Exhibit 7-6
Computer-generated
Random NumbersAccounts Receivable
* * *
Evaluation and Other Requirements
703.16 Evaluating Sample Results. The evaluation of sample results has three aspects. The auditor should project the
misstatement. (Various approaches to projecting misstatements are explained later in this chapter.) The auditor should also
evaluate the results of the sample, including sampling risk. As explained in paragraph 700.14, in a statistical sample, sampling
risk is objectively measured using probability theory. In a nonstatistical sample, sampling risk still needs to be considered and
restricted to a relatively low level, but cannot be objectively measured. This is the primary conceptual difference between
statistical and nonstatistical sampling. Finally, the auditor should evaluate whether the sample has provided a reasonable
basis for drawing conclusions about the population being tested. This is separate from the consideration of whether the
sample is representative of the population made when selecting the sample. It includes an overall evaluation of the sample
results and whether additional procedures are necessary, such as asking the client to investigate and make necessary
corrections or changing the nature, timing, or extent of the auditors procedures.
703.17 Additional Requirements. AU-C 530 imposes certain additional requirements for certain types of audit procedures
using sampling that are considered in the following discussions.
704 SAMPLING IN SUBSTANTIVE TESTS OF DETAILS
704.1 Section 703 discusses the requirements that apply to all audit samples. This section provides a practical approach for
nonstatistical sampling in substantive tests of details. At this point in planning, the auditor has already developed specific
audit objectives, selected a procedure to achieve a particular audit objective, and determined that it is necessary to use audit
sampling in applying the procedure. The auditor has also defined the population and sampling unit.
704.2 AU-C 530.A13 explains that sample size can be determined by the application of a statistically based formula or
through the exercise of professional judgment. Both approaches are influenced by the auditors desired level of assurance
that the actual misstatement in the population does not exceed tolerable misstatement. The desired level of assurance may be
decided based on the following factors:
Assessed risk of material misstatement.
Other substantive procedures risk (i.e., assurance obtained from other substantive procedures directed at the same
assertion).
Tolerable misstatement.
Expected misstatement for the population.
Stratification of the population (if performed), and for some methods, the number of sampling units in each stratum.
The PPC approach to audit sampling for tests of details incorporates each of those factors in the determination of sample
size, as discussed in the following paragraphs.
Planning Considerations
704.3 Assessing Risk of Incorrect Acceptance. The desired level of assurance is the complement of the risk of incorrect
acceptance. The risk of incorrect acceptance is the risk that the auditor will, after performing audit procedures on the sample
and projecting the results, fail to detect that the population being sampled is materially misstated. The allowable risk of
incorrect acceptance is the sampling aspect of the audit risk model and can be calculated using the audit risk model
explained in Chapter 4 or determined judgmentally. With either approach, it is influenced by the assessed risk of material
misstatement and the assurance obtained from other substantive procedures directed at the same assertion (other
substantive procedures risk).
704.4 Theoretically, if no procedures besides the one being applied using sampling are relevant to achieving an audit
objective and both inherent risk and control risk are assessed as high, then audit risk is equal to the allowable risk of incorrect
acceptance. In practice, the auditor first assesses the risk of material misstatement of the related account and the audit
evidence provided by other substantive procedures. Then the auditor determines the allowable risk of incorrect acceptance
based on those assessments.
704.5 In audit sampling, there is an inverse relationship between the allowable risk of incorrect acceptance and sample sizes.
Generally, as the allowable risk of incorrect acceptance decreases, the sample size increases. Statistical sampling allows the
auditor to determine a specific percentage of allowable risk of incorrect acceptance, such as 5%, and either hold risk at that
level or measure the risk actually achieved by the sample results. Although nonstatistical sampling does not allow the auditor
to measure the risk achieved, the relationship between the sample size and the allowable risk of incorrect acceptance still
applies. The lower the allowable risk, the larger the sample size. In the PPC sampling approach, this relationship is achieved
through the selection of risk factors, as discussed in paragraph 704.17.
704.6 Assessing Tolerable Misstatement. Tolerable misstatement is explained in paragraph 700.13. The sample size for a
balance or class of transactions will increase as the tolerable misstatement for the balance or class decreases. As the
tolerable misstatement increases, the sample size will decrease. In other words, if a large percentage of the balance could be
misstated without causing a material misstatement of the financial statements, then sample size can be very small. In contrast,
if a small percentage misstatement in the balance could cause a material misstatement of the financial statements, then the
sample size needs to be large.
704.7 Assessing Expected Misstatement. Another factor that affects sample size is the size or frequency of expected
misstatements. With any sample selected, there is a certain degree of expected misstatement. It is anticipated at the
beginning of the sampling process that the misstatement will be equal to or less than the tolerable misstatement. Otherwise,
there would be no point in sampling because the account would be expected to be misstated by a material amount. As the
size or frequency of expected misstatement increases, the sample size needed to accomplish the objectives also increases. If
the expected misstatement decreases, the sample size decreases. The determination of the expected misstatement is based
on knowledge of the population and prior experience with the clients accounting populations.
704.8 In assessing expected misstatement, the auditor needs to avoid two possible sources of confusion. First, expected
misstatement does not include accounting adjustments that are typically necessary and expected to close the books, i.e.,
normal accruals and deferrals. Second, the expected misstatement is that amount of misstatement expected for the remaining
population (after individually significant items have been removed) from which the sample is drawn, so it is the expected
projected misstatement.
704.9 Considering Population Size. The number of items in the population is usually not an important factor in determining
sample size for a statistical or a nonstatistical sample. Sample size for a substantive procedure is influenced much more by
the amount of variance in the population than by the number of items in the population. The most important practical
implication of this fact is that it is either inefficient or ineffective to determine sample size as a fixed percentage of the
population. No one recommends this approach, but some auditors have customarily used a fixed percentage of the number
of items in the population, e.g., 10%, as sample size. If the population is very large, e.g., over 5,000 items, this approach
normally results in unnecessarily large sample sizes. If the population is very small, e.g., 100 items, the sample size is
normally too small.
704.10 While the size of the population in sample units (i.e., the number of items in the population) is generally not an
important factor in determining sample size, there can be unusual situations in which population characteristics create
problems in using the approach recommended by the authors beginning with paragraph 704.12. When tolerable
misstatement is approximately equal to the average size of items in the population, the indicated sample size will be
approximately the entire population. In these circumstances, the auditor considers whether there are other ways to
substantiate the balance that are more efficient, such as by performing an analytical procedure with a high degree of
precision.
704.11 Relating Factors to Determine Sample Size. Table 4-4 of the AICPA Sampling Guide summarizes the effects of
changes in various factors, such as tolerable misstatement and inherent and control risk, on sample sizes for substantive tests
of details. Table 4-4 illustrates the relative effect of the factors (that is, smaller or larger) on sample size rather than providing
specific numerical sample sizes. Table 4-5 of the AICPA Sampling Guide illustrates specific numerical sample sizes that might
be used for statistical or nonstatistical sampling based on the Monetary Unit Sampling (MUS) statistical approach [sometimes
called the Probability Proportional to Size (PPS) approach]. The nonstatistical sampling approach discussed in this Guide
beginning in paragraph 704.12 is based on the same underlying statistical approaches as Table 4-5 in the AICPA Sampling
Guide. This nonstatistical approach draws on statistical sampling theory, but combines that theory with practical judgments
and the collective experience of many auditors to facilitate implementation.
A Practical Approach to Nonstatistical Sampling
704.12 The most significant problem facing an auditor trying to use audit sampling is how to deal with essentially statistical
concepts, such as tolerable misstatement, risk of incorrect acceptance, and expected misstatement for the population, when
a nonstatistical sampling approach is used. The authors recommend the use of the following approach in conjunction with the
related practice aid on planning materiality. (See Chapter 3.) As noted in the preceding paragraph, this approach is based on
the statistical theory underlying PPS or MUS sampling. The authors recommend the use of this model as a practical method
of determining sample size for nonstatistical sampling. The steps in Exhibit 7-7 are applied in this method.
Exhibit 7-7
A Practical Approach to Nonstatistical Sampling
Description Result
1. Assess appropriate level of tolerable misstatement. Tolerable misstatement
amount (normally calculated
as 75% of planning
materiality).
2. Assess the risk of material misstatement. One of three qualitative levels
of riskhigh, moderate, or
lowbased on the
assessments of inherent and
control risk.
3. Assess the other substantive procedures risk. One of three qualitative levels
of riskhigh, moderate, or
low.
4. Use the table in Exhibit 7-9 to determine a risk factor. A factor between 0.9 and 3.0.
5. Estimate population balance after removal of items to
be examined 100% (individually significant items).
Quantified amount.
6. Consider the amount of expected likely misstatement in
the population to be sampled.
If expected misstatement
exceeds one-third of tolerable
misstatement, sampling
normally is not used.
7. Estimate the sample size using the following formula:
Sample size.
8. Adjust sample size for lack of stratification in the sample, if
applicable.
Possible sample size
increase.
* * *
704.13 Step 1Assess Tolerable Misstatement. The amount that is used for tolerable misstatement is the amount
calculated in the planning materiality worksheet at ASB-CX-2 (normally 75% of planning materiality, as discussed in section
306). Planning materiality relates to financial statements taken as a whole and is used to derive a total performance materiality
that also relates to the financial statements taken as a whole. Because the financial statements may be viewed as a single
population of dollars when using MUS sampling, a tolerable misstatement amount equal to performance materiality may be
used in all sampling applications using the recommended approach. Note that this would not be true if classical statistical
sampling, rather than MUS sampling, were used.
704.14 Step 2Assess the Risk of Material Misstatement. As discussed in section 403, the risk of material misstatement
is the combination of inherent risk and control risk. Exhibit 7-8, which is adapted from the examples provided in Exhibit 4-8,
shows how the assessments of inherent risk and control risk may be combined to determine the risk of material misstatement.
The auditor can document inherent risk, control risk, and the resulting risk of material misstatement on the Risk Assessment
Summary Form at ASB-CX-7.1.
Exhibit 7-8
Combined Risk of Material Misstatement
Inherent risk
assessment
Control risk assessment
High Moderate Low
High High High Moderate
Moderate Moderate Low Low
Low Low Low Low
* * *
704.15 Theoretically, the auditor would separately assess the risk of material misstatement of the population to be sampled
(that is, the account balance excluding individually significant items). However, in sampling applications, the risk of material
misstatement for the account normally is a reasonable approximation of the risk of material misstatement of the remaining
balance. Because the risk of material misstatement in the remaining balance is almost always equal to or less than the risk for
the entire account balance, using the risk of material misstatement for the entire account is both reasonable and conservative.
704.16 Step 3Assess the Other Substantive Procedures Risk. As previously discussed, other substantive procedures
risk is the risk that related substantive procedures besides sampling, such as analytical procedures, will fail to detect a
material misstatement. This risk assessment is inversely related to the assurance provided by the other substantive
procedures (that is, the more effectively the other procedures contribute to addressing the same assessed risks as the
sampling procedure, the lower the risk assessment). For example, suppose the auditor were using sampling for inventory
price testing. If analytical procedures relating to cost of sales are considered highly effective, the auditor might assess other
substantive procedures risk as low, which would result in a smaller sample size. Paragraphs beginning at 505.8 explain how
to design effective analytical procedures.
704.17 Step 4Identify a Risk Factor. The fourth step is to identify a risk factor using the table presented for this step in
Exhibit 7-9. The factors in the table correspond to levels for the risk of incorrect acceptance. The factors range from 3.0 to 0.9,
which is analogous to a range of 5% to 40% of the risk of incorrect acceptance. A factor of 3.0 is used when the auditor
assesses the risk of material misstatement as high, and there are no other effective substantive procedures being applied. A
factor of 0.9 is used when the risk of the account balance or transaction class being materially misstated is assessed as low,
and very effective related substantive procedures are being applied. Use of the table permits the auditor to hold the audit risk
to an appropriately low level while adjusting the level of the risk of incorrect acceptance in response to the other assessed
levels of risk. The table permits the auditor to adjust sample size to various combinations of assessed risk levels.
Exhibit 7-9
Risk Factors
Risk of Material Misstatement
Assessment of Other Substantive Procedures Risk
High Moderate Low
High 3.0 2.3 1.9
Moderate 2.3 1.6 1.2
Low 1.9 1.2 0.9
* * *
704.18 Step 5Estimate Remaining Population. The next step is to determine the dollar amount of items to be sampled by
reducing the total amount of the balance or transaction class by individually significant items. (As noted in paragraph 702.6,
the cutoff amount for identifying individually significant dollar items can be any amount, as long as it does not exceed
tolerable misstatement.) As explained earlier, an item may also be individually significant because of its nature. Generally, the
most efficient approach is to identify individually significant dollar items as all items greater than or equal to tolerable
misstatement divided by the applicable risk factor as determined in Step 4. That is, the fewest total number of items will be
tested when individually significant dollar items are defined as tolerable misstatement divided by the applicable risk factor.
Oftentimes, however, the efficiency gained between using one-third, one-half, or some other fraction of tolerable misstatement
is minimal. Consequently, the authors recommend that individually significant dollar items be defined as all items greater than
or equal to one-third of tolerable misstatement. However, the cutoff amount for individually significant dollar items can be any
amount up to tolerable misstatement. The choice of a cutoff amount is a matter of efficiency.
704.19 Step 6Consider Expected Misstatement. The last step before determining the sample size is to consider the
amount of expected likely misstatement in the population to be sampled based on the auditors knowledge of the population
and prior experience. If the amount of projected misstatement is expected to exceed one-third of tolerable misstatement,
sampling normally is not appropriate. If expected misstatement exceeds one-third of tolerable misstatement, the auditor
needs to ask the client to correct the population. After the client has taken steps to correct the population, then it may be
appropriate to sample the corrected population, if necessary.
704.20 Step 7Estimate Sample Size. To calculate the sample size, divide the total of the population to be sampled
(account balance or transaction class less individually significant items) by tolerable misstatement and multiply that result by
the risk factor determined in Step 4.
704.21 Step 8Increase Sample Size for Lack of Stratification. This sampling approach depends on dividing the items
being tested into at least three groups: individually significant items, and an upper and a lower group of remaining items. If the
auditor finds it impractical to stratify after identifying individually significant items, the sample size calculated in Step 7 is
increased. The AICPA Sampling Guide (paragraph 4.32) notes that auditors typically increase the sample size from 10% to
50% if the sample is not stratified but notes that an adjustment of 100% or more may be needed when there is extreme
variability in the characteristic of audit interest. The authors have noted that firms with nonstatistical sampling plans advocate
different percentage increases ranging from 10% to 100%. The authors recommend that sample size be increased
approximately 20% if stratification is not practical and there is not a significant variation in the items being sampled. Example
7-2 demonstrates how the sample size can be determined.
Example 7-2: Determining sample size.
The auditor determines planning materiality of $37,500 for ABC Company, and tolerable misstatement is calculated as
approximately $28,000. The distribution of the accounts receivable balance is as follows:
Number of Accounts Range of Balances Total Amount
2 $9,300 and over $ 43,000
3,998 Below $9,300 262,000
4,000 $ 305,000
The steps in determining sample size for confirmation of accounts receivable using the recommended approach would
be as shown in Exhibit 7-10.
In this example, the auditor has concluded that sampling is necessary. Initially, sampling is indicated because the
remaining balance is nearly 10 times the tolerable misstatement, and, thus the auditor needs to apply procedures to the
remaining balance. However, before concluding that sampling is necessary, the auditor considers all the audit
procedures that contribute to addressing the assessed risks of material misstatement for the account balance. Also, the
auditor carefully considers the risk of material misstatement of any remaining balance in light of the expected nature,
size, and frequency of misstatements.
As mentioned earlier, a useful approach to stratification is to divide the remaining population into two groups based on
the average amount of an item. For example, the dollar amount of the remaining population in the preceding example is
$262,000, and there are 3,998 items. This means an average item is $66 ($262,000 divided by 3,998). In a stratified
sample, the sample size is allocated two-thirds to the upper stratum (items above the average) and one-third to the
lower stratum (items below the average). The sample size as calculated in Step 7 of the preceding example is 29. This
means 20 items need to be selected from the stratum of customer balances from $66 to $9,299 and 9 items from the
stratum below $66.
Exhibit 7-10
Steps for Determining Sample Size
Step Description Result
1. Assess tolerable
misstatement.
Calculated as approximately 75% of planning
materiality$28,000.
2.3. Assess the risk levels. The auditor assesses the risk of material misstatement as
high, and there are no effective related substantive
procedures.
4. Identify a risk factor. The table indicates a risk factor of 3.0.
5. Estimate remaining balance. The auditor calculates a remaining balance of $262,000, i.e.,
the balance remaining after all individually significant items
are identified. An individually significant item is determined
to be any customer balance over $9,300 (one-third of
tolerable misstatement is $9,333). The total dollar amount of
individually significant items is $43,000 and the population
to be sampled is $305,000 $43,000 = $262,000.
6. Consider expected
misstatement.
Based on prior experience with the client, expected
misstatement is $4,500 (approximately 16% of tolerable
misstatement). Thus, sampling is considered appropriate.
Step Description Result
misstatement). Thus, sampling is considered appropriate.
7. Estimate sample size. The auditor calculates sample size as follows:
8. Increase for no stratification. The auditor decides it is impractical to stratify customer
balances below $9,300 and increases sample size by 6 (.20
29) for a total sample size of 35.
* * *
Selecting the Sample
704.22 As discussed in paragraph 703.8, the auditor may use one of several methods to select a substantive sample (such
as, random selection, systematic selection, or haphazard selection). The important point is that the auditor needs to ensure
that all items in the population have a chance to be selected. Accordingly, the auditor needs to determine that the sample
population actually includes all the items (e.g., customers accounts, invoices, etc.) comprising the balance. There are many
ways to determine the completeness of a sample population, including:
a. If the sample is selected from a trial balance, the auditor can foot the trial balance and reconcile the total to the
account balance.
b. If the items are numerically sequenced, the auditor can scan the accounting records to account for the numerical
sequence of items in the population, and select the sample from that sequence.
The sampling form at ASB-CX-8.2 includes a step that allows the auditor to document how the completeness of the sample
population was considered.
704.23 Using Data Extraction Software to Select the Sample. Some auditors may use data extraction software, as
discussed in section 909, in audit sampling. The discussion in the following paragraphs assumes auditors use the approach
presented in this section to calculate the sample size and evaluate the sample results; data extraction software is used only to
select the sample. The authors believe that is the most efficient approach for many small business audits.
704.24 The primary sample selection methods offered by the leading data extraction software packages include:
Record Sampling. Record sampling can be either random or systematic. Using record sampling, each record in the
population (check, invoice, voucher, etc.) has an equal chance of being selected.
Stratified Random Sampling. Stratified random sampling can be used to extract a number of records from several
population strata at random. Using stratified random sampling, the auditor specifies the number of sample items he
or she wants to select from each stratum.
Monetary Unit Sampling. Monetary unit sampling can be used to extract records with a bias toward the selection of
higher dollar items. In monetary unit sampling, each individual dollar in the population is treated as a record;
therefore, each dollar has an equal chance of selection.
704.25 The ability of data extraction software to quickly process large volumes of data can save time spent on sample
selection. Using data extraction software allows the auditor to check a control total of the file being sampled to ensure the
completeness of the population prior to selecting the sample. Also, if the items in the population are numerically sequenced,
the auditor can test for gaps and duplicates to account for the numerical sequence of items in the population prior to
sampling. The auditor can also use data extraction software to extract individually significant and unusual items from the
population (based on criteria specified by the auditor) prior to sampling.
704.26 As discussed in paragraph 704.22, the sampling approach presented in this section depends on dividing the items
being tested into at least three groups: individually significant items, and an upper and a lower group of remaining items. If the
auditor finds it impractical to stratify after identifying individually significant items, the sample size is increased. Using data
extraction software significantly reduces the likelihood that stratification of the remaining balance will be impractical.
Therefore, using data extraction software to select a substantive sample may eliminate the need to increase the sample size.
After removing individually significant and unusual items from the population, the auditor using data extraction software can:
a. Use the data extraction software to stratify the remaining population into two groups (i.e., select all items above a
specified amount or all items below a specified amount to create the desired strata), and then use record sampling
to select two-thirds of the sample items from the upper stratum and one-third from the lower stratum.
b. Use the stratified random sampling function of the data extraction software, if available, to select the sample.
c. Use the monetary unit sampling function of the data extraction software to select the sample. Monetary unit
sampling selects the sample with a bias toward the selection of higher dollar items; therefore, there is no need to
stratify the population.
Projecting the Misstatement
704.27 The auditor may use one of several methods to satisfy the requirement of AU-C 530.13 to project the sample
misstatement to the population. Two of the more commonly used methods are as follows:
a. Ratio (or Rate of Misstatement) Method. The ratio of sample dollars (the total of all items selected) to population
dollars (the total of the population from which the sample was selected) is used to project the sample misstatement
as follows:
Thus, if an auditor has identified $500 of sample misstatement, sample dollars are $60,000, and population dollars
are $600,000, the projected misstatement would be calculated as:
b. Difference Method. Using this method, the auditor calculates the average amount of misstatement in the sample and
multiplies that average by the number of items in the population, as follows:
If the previous example included a sample of 100 items, and the population had 1,000 items, the calculation would
be:
704.28 The ratio and difference methods produce the same result if the proportion of the number of sample items to
population items is the same as the ratio of sample dollars to population dollars. Usually, the two methods do not produce the
same results. The auditor selects one of the methods based on whether there is reason to expect a relationship between the
amount of the misstatement and the amount of the item.
Factor Method
1. Misstatement relates to size of the item. Ratio (or Rate of
Misstatement) Method.
2. Misstatement relatively constant for all items. Difference Method.
Generally, the first method is appropriate because in very few instances will misstatements be the same dollar amount
regardless of the size of the item. The auditor calculates the projected misstatement from the sample separately for each
individual group (or strata) used. The projected misstatements for such groups are then added to determine the projected
misstatement for the portion of the account balance or class of transactions sampled. Also, as discussed in paragraph 700.13
and section 702, performing audit procedures on individually significant items is not considered sampling, and, thus,
misstatements in individually significant items are not projected.
704.29 The AICPA Sampling Guide discusses the ratio and difference methods (Paragraphs 4.764.78) as well as a third
methodthe MUS method (Paragraph 4.79). The MUS method uses tainting factors (that is, the ratio of each detected
misstatement to the book value of that item) to project the sample misstatement. The sum of the tainting factors is multiplied
by the sampling interval (that is, the total population amount in dollars divided by the sample size) to obtain an estimate of the
total misstatement.
Considering Sampling Risk
704.30 AU-C 530.14 requires evaluation of the results of the sample, including sampling risk. Sampling risk is the risk that the
auditor may reach a different conclusion if audit procedures are applied to a sample than if they are applied to all items in a
population. For example, if tolerable misstatement for the balance of accounts receivable is $28,000, with a total balance of
$262,000, the auditor might conclude that the sampling risk with a projected misstatement of $5,000 would be acceptable.
However, if the projected misstatement is close to, or exceeds, tolerable misstatement for the balance or class of transactions,
the auditor would conclude that there is an unacceptably high risk that the true misstatement in the population exceeds
tolerable misstatement.
704.31 In a statistical sample, sampling risk can be measured in evaluating sample results. In a nonstatistical sample, precise
measurement is not possible. However, using the sampling model discussed in this section, the auditor may consider
sampling risk through answering the following questions:
a. Does projected misstatement exceed expected misstatement? If yes,
b. Does projected misstatement exceed one-third of tolerable misstatement?
If the answer to these questions is no, the auditor usually need not be concerned about unacceptable sampling risk under
this sampling model. If the answer to both questions is yes, the auditor would normally assume there is an unacceptable
risk that true misstatement exceeds tolerable misstatement. The following example summarizes this analysis:
a. Accounts receivable balance$262,000
b. Tolerable misstatement$28,000 (one-third of $28,000 = $9,333)
c. Expected misstatement$4,500
Applying the preceding questions and data for the different levels of projected misstatement shown in the first column of the
following table results in the following sampling risk assessment:
Projected
Misstatement
Acceptable
Sampling Risk
Unacceptable
Sampling Risk
$ 2,500 X
4,500 X
9,300 (could be either)
10,000 X
12,500 X
704.32 In this case, projected misstatement over $9,300 (one-third of tolerable misstatement) would indicate unacceptable
sampling risk and in the $4,500 to $9,300 range would indicate potentially unacceptable sampling risk. A qualitative analysis
of detected misstatements is always made to determine the nature and cause of the misstatement. When the auditor
concludes that there is unacceptable sampling risk, qualitative analysis of misstatements is especially important so the auditor
can determine the best way to reduce the unacceptable sampling risk (for example, consideration of what kinds of
misstatements are occurring and what items in the population are most likely to be misstated). Paragraph 704.33 discusses
qualitative characteristics.
Considering Qualitative Characteristics
704.33 The size or frequency of misstatements in a sampling application are not the only factors to be considered. An auditor
should, according to AU-C 530.12, consider the following qualitative factors:
a. Nature and cause of any misstatements:
(1) Is the misstatement an error (unintentional) or is it possible fraud (intentional)?
(2) If the misstatement is an error, is it due to carelessness or misunderstanding of instructions?
b. Relationship of misstatements to other phases of the audit.
704.34 When misstatements are detected, the auditor typically asks management to examine the account balance,
transaction class, or disclosure in which the auditor identified a material projected misstatement from a sample in order to
identify and correct misstatements in the population. For example, if the auditor identified a misstatement while testing the
cost prices of raw materials inventory and extrapolated the misstatement as an amount material to the raw materials account
balance, the auditor would ask management to examine the entire raw materials account balance to identify and correct any
additional misstatements. See discussion at section 1812.
Practice Issues in Evaluation of Sample Results
704.35 This section discusses common practice issues that can arise in projecting the misstatements from sampling results
or considering sampling risk and qualitative characteristics.
704.36 Netting Misstatements in Projection. An issue that often arises in applying the nonstatistical sampling approach
described beginning in paragraph 704.12 is whether it is appropriate to net the misstatements detected in order to project
misstatements. In other words, when the auditor detects some overstatements and some understatements, can the
misstatements be netted to compute a single projected misstatement?
704.37 Generally, netting is appropriate and a single projected misstatement can be calculated. However, the auditor needs
to carefully consider the implications of relatively large offsetting misstatements. Also, a qualitative consideration of the nature
and cause of misstatements is particularly important in these circumstances.
704.38 Using the facts presented in the example in paragraph 704.21, assume that the auditor found the following three
misstatements after analysis of confirmation responses:
Customer Book Audit
Overstatement
(Understatement)
Tinker $ 10,000 $ 9,000 $ 1,000
Adler 4,200 5,000 (800)
Tailor 560 260 300
$ 500
Assuming the sample items selected total $37,600, the projected misstatement would be computed as follows, using the ratio
method of sample dollars to population dollars presented in paragraph 704.27:
This projected misstatement is well below the limits of acceptable sampling risk presented in paragraph 704.31. Also, the
offsetting amounts are not especially large in relation to the net misstatement. Thus, the auditor would likely conclude that the
risk of material misstatement of the accounts receivable balance is relatively low. However, the auditor still needs to make a
qualitative analysis of the nature and cause of the misstatements to consider whether the auditor adequately understands why
the misstatements occurred.
704.39 Netting may not be appropriate when the offsetting misstatements are relatively large in relation to the net
misstatement. If the sample results described in paragraph 704.38 had been as follows, the auditor might reach a different
conclusion:
Customer Book Audit
Overstatement
(Understatement)
Tinker $ 10,000 $ 2,000 $ 8,000
Adler 4,200 12,000 (7,800)
Tailor 560 260 300
$ 500
In these circumstances, the overstatement or understatement projected separately would easily exceed tolerable
misstatement, i.e., projection of the $7,800 understatement is $54,351 and projection of the two overstatements is $57,835.
Thus, the qualitative analysis of the nature and cause of misstatements becomes particularly important. The auditor carefully
considers whether the cause of misstatements indicates a material misstatement. Although in both situations described in
paragraph 704.38 and in this paragraph the net projected misstatement would be the same, the auditor recognizes that the
second situation presents a greater risk of material misstatement.
704.40 Unacceptable Sampling Risk. Another issue that may arise in applying the nonstatistical sampling approach
described beginning in paragraph 704.12 is what the auditor does when sample results indicate unacceptable sampling risk.
The first point to recognize is that the sample approach does not provide a sufficiently precise estimate to book the projected
misstatement. In other words, the auditor cannot propose an adjusting journal entry based on the projected misstatement.
704.41 The general approach to dealing with unacceptable sampling risk is to isolate the nature and cause of the
misstatements found in the sample. The auditor then looks (or asks the client to look) for additional misstatements in the
population that may have arisen from that same cause. Once those misstatements are identified, they can be corrected.
However, if the nature and cause of the misstatements in the sample cannot be isolated (if there is no detectable pattern to
them), the auditor should consider performing additional substantive procedures or expanding the sample. See also
paragraph 704.33.
704.42 Using the same facts as presented in Example 7-2, assume that the auditors sample of 35 items detects the following
misstatements:
Customer Book Audit
Overstatement
(Understatement)
Adams $ 3,600 $ 3,000 $ 600
Barnes 4,400 3,500 900
Chen 3,200 2,500 700
$ 2,200
The sample dollars total $37,600 and the projected misstatement is as follows using the ratio method presented in paragraph
704.27:
704.43 Applying the criteria in paragraph 704.31 for assessing sampling risk, in these circumstances, the auditor would have
to consider the sampling risk to be unacceptable. The projected misstatement exceeds the expected misstatement of $4,500
and exceeds one-third tolerable misstatement of $9,300. Thus, the auditor would need to conclude that there is an
unacceptably high risk of material misstatement. However, the auditor cannot simply propose that the client book an
adjustment of $15,330. Only the $2,200 of known misstatement can be booked at this point. The auditor has tested only 35
out of 3,998 accounts, and the projected misstatement is not a precise estimate.
704.44 The critical factor is the nature and cause of the detected misstatements. Assume that in this case the auditor learns
that ABC Companys billing department was not alerted to a special promotional offering price discount. Some customers
bought on the basis of the special price during the last two months of the year. The auditor discusses the problem with
management. The approach adopted is that all sales in the last two months of the year will be reviewed by billing clerks for
the applicability of the discount and corrected invoices will be mailed promptly. Because management considers prompt
correction important from a customer relations perspective, the corrected balances will be available for the auditors review on
a timely basis.
Documentation of Substantive Sampling Applications
704.45 When documenting audit procedures performed, AU-C 230.09 requires auditors to record in the workpapers the
identifying characteristics of the specific items tested. Identifying the items tested is discussed further in paragraph 802.10.
There is no other specific requirement to document factors related to audit sampling applications. However, the AICPA
Sampling Guide (Paragraph 4.93) identifies the following examples of items that the auditor typically documents for
substantive audit samples:
a. The objectives of the test and the accounts and assertions affected.
b. The definition of the populations and the sampling unit, including how the auditor considered the completeness of
the population.
c. The definition of a misstatement.
d. The risk of incorrect acceptance or level of desired assurance (confidence).
e. The risk of incorrect rejection, if used.
f. Estimated and tolerable misstatement.
g. The audit sampling technique used.
h. The method used to determine sample size.
i. The method of sample selection.
j. Identification of the items selected.
k. A description of how the sampling procedure was performed and a list of misstatements identified in the sample.
l. The evaluation of the sample (for example, projection and consideration of sampling risk).
m. A summary of the overall conclusion (if not evident from the results).
n. Any qualitative factors considered significant in making the sampling assessments and judgments.
The auditor does not need to document a matter that is implicit in the form or practice aid that a firm has adopted. For
example, the sampling technique might be implicit in the form used for substantive audit sampling. ASB-CX-8.2 presents a
Sampling Planning and Evaluation FormSubstantive Procedures that can be used to document the sampling planning
process for substantive tests of details of balances or transactions. Use of this sampling summary sheet is illustrated in
Chapters 11 and 12 with case studies on the use of audit sampling for accounts receivable and inventory.
Alternative Approach for Substantive Tests of Transactions
704.46 The approach to nonstatistical sampling explained in this section may be applied either to account balances or
transaction classes. This approach will always be effective for a substantive test of transactions. However, this approach may
not be the most efficient when the audit procedure being applied using sampling is not intended solely to validate the total
amount of a transaction class, e.g., when the auditor is testing the classification of disbursements, or when the population is
composed of a large number of items all similar in amount. An alternative approach to substantive tests of transactions is
explained in section 706.
ReminderAvoid Unnecessary Sampling
704.47 This chapter suggests a practical approach to applying nonstatistical sampling. However, this approach can be very
impractical if sampling is used when it is not necessary, especially in a small business engagement. The relatively small
population sizes that sometimes exist may make sampling inappropriate. Thus, the authors believe that auditors ought to use
other types of substantive procedures that do not involve sampling, such as analytical procedures, whenever very small
sample sizes, e.g., 10 items or less, are calculated.
705 TESTS OF CONTROLS USING AUDIT SAMPLING
705.1 As explained in more detail in Chapter 6, tests of controls should be performed when the auditors risk assessment
includes an expectation of the operating effectiveness of controls (i.e., an expectation of assessing control risk as either low
or moderate) or when substantive procedures alone do not provide sufficient appropriate audit evidence at the relevant
assertion level. In many engagements, tests of controls using audit sampling are tests of details of transactions. All of the
requirements of AU-C 530 as described in Exhibit 7-1 apply to tests of controls applied using audit sampling.
705.2 Generally, audit sampling is used for tests of controls directed toward operating effectiveness where there is
documentation of the operation of controls. Those tests normally include the audit procedures of inspecting documents and
reperforming the application of the controls. In some cases, it may be efficient to perform a test of controls in combination
with a substantive test of transactions. Both tests may be accomplished concurrently by performing a test of controls and a
test of details on the same transaction. This approach is known as a dual-purpose test. One common example is examining
an invoice to determine whether it has been approved and to provide evidence about the recorded amount of the transaction.
AU-C 330.A24 points out that a dual-purpose test is designed and evaluated by considering each purpose of the test
separately.
705.3 When a sample is used for dual purposes (i.e., testing the operating effectiveness of an identified control and testing
whether the recorded monetary amount or transaction is correct), the size of the sample ought to be the larger of the samples
that would otherwise have been designed for the two separate purposes. In evaluating such tests, deviations from the
prescribed control and monetary misstatements are evaluated separately using the risk levels acceptable for the respective
purposes. Section 706 describes an efficient approach to dual-purpose testing that can be used when appropriate.
Terminology for Sampling in Tests of Controls
705.4 AU-C 530.A13 explains that the following factors typically influence determination of sample size for tests of controls:
The tolerable rate of deviation of the population to be tested.
The expected rate of deviation of the population to be tested.
The desired level of assurance (complement of the risk of overreliance) that the tolerable rate of deviation is not
exceeded by the actual rate of deviation in the population.
The number of sampling units in the population, if the population is very small.
705.5 AU-C 530.05 defines the tolerable rate of deviation in audit sampling for tests of controls as follows:
A rate of deviation set by the auditor in respect of which the auditor seeks to obtain an appropriate level of
assurance that the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in the
population.
705.6 The following discussion uses the following sampling terms adapted from AU-C 530:
DeviationDeparture from the prescribed control policy or procedure.
Tolerable RateThe maximum rate of deviations that would still support the planned assessed level of control risk.
Risk of OverrelianceThe auditors allowable risk of assessing control risk too low and thereby overrelying on
internal control (an aspect of sampling risk). If control risk is assessed too low, the auditor may inappropriately
reduce the extent of substantive procedures in reliance on the control.
Expected RateThe rate of deviations the auditor expects based on prior experience and knowledge of the
characteristics of the population.
PopulationThe class of transactions being sampled.
705.7 The basic approach to applying tests of controls is the same regardless of whether sampling is used. However, there
are additional matters to consider when using audit sampling methods. Exhibit 7-11 illustrates how those additional
considerations are integrated into the basic approach to testing controls. This section discusses those additional
considerations and how they affect tests of controls.
Exhibit 7-11
Tests of Controls Using Audit Sampling
Step 1 Identify suitable controls to be tested and, if applicable, the related substantive procedures to be
reduced.
Step 2
Consider whether testing controls is practical.
a
1. Consider whether there is documented evidence of the application of the controls.
Step 3 Select appropriate tests of controls.
1. Define deviation for purposes of the test.
2. Define the population to be sampled.
3. Determine the tolerable rate of deviations.
4. Determine the allowable risk of overreliance.
5. Determine the expected rate of deviations.
6. Compute the sample size.
7. Determine the method of sample selection.
Step 4 Perform tests of controls.
1. Select sample and apply audit procedures to the sample.
Step 5 Evaluate the results of the tests of controls.
1. Compare sample rate of deviations to tolerable rate of deviations and consider the effect of
sampling risk.
Step 6 Assess control risk.
Step 7 Document the tests performed and conclusions reached.
1. Complete ASB-CX-10.2, Tests of ControlsSampling Planning and Evaluation Form, or
equivalent.
Note:
a
The auditor may wish to compute an estimated sample size for the test of controls before determining whether testing
controls is cost-effective. (See Step 3.)
* * *
STEP 1 Identifying Controls and Related Substantive Procedures
705.8 The first step in planning the sample is to identify the controls to be tested and, if applicable, the related substantive
procedures to be reduced. This step requires identifying controls relevant to specific assertions. Chapter 3 discusses the
process for obtaining an understanding of internal control. Chapter 6 discusses tests of controls.
STEP 2 Considering Whether Testing Controls Is Practical
705.9 As discussed in Chapter 6, an auditor may determine that testing the operating effectiveness of controls would be
inefficient and, accordingly, design and perform only substantive procedures to respond to the risks of material misstatement
(assuming substantive procedures alone are effective). The efficiency of the audit response, including the potential decision to
not perform tests of controls, is normally considered even if the auditor has determined that relevant controls to address a risk
of material misstatement exist, are properly designed, and have been implemented. When considering overall efficiency and
the practicality of sampling in tests of controls, the auditor also considers whether there is documented evidence of the
application of the identified controls (such as rubber stamps, initials, matched source documents, etc.). Without documented
evidence, it may be difficult to test those controls using audit sampling.
STEPS 3 and 4 Selecting and Performing Tests of Controls
705.10 As discussed in paragraph 705.9, documented controls are normally readily susceptible to testing through sampling.
A common type of control activity tested is a checking routine or approval evidenced by initials, signatures, or stamps on
documents. The approach is usually to sample the documents, inspect items selected for evidence of performance of the
control activities, and reperform the procedure to test its effectiveness. For example, in the accounts receivable area, control
activities that might be tested with this approach are as follows:
a. Invoices compared to sales orders and shipping documents, recomputed, agreed with approved price list, and
initialed or stamped to indicate performance of these procedures.
b. Credit memos approved by signature based on receiving report or other documentation.
705.11 As shown in Exhibit 7-12, performing tests of controls when sampling is used involves many considerations besides
the type of test procedure. The auditor also needs to:
a. Define deviation for purposes of the test.
b. Define the population to be sampled.
c. Determine the tolerable rate of deviations.
d. Determine the allowable risk of overreliance.
e. Determine the expected rate of deviations.
f. Compute the sample size.
g. Determine the method of sample selection.
Exhibit 7-12 summarizes key sampling considerations in tests of controls.
Exhibit 7-12
Distinguishing Features of Sampling
in Tests of Controls
OBJECTIVE A control-transaction objective (e.g., all shipments are billed) is specified to
link with the related assertion (e.g., completeness).
A particular substantive procedure is identified that will be modified in
response to results of tests of controls.
DEVIATION The characteristic of interest is adherence to a control; an exception or
deviation is defined as a lack of adherence rather than monetary
misstatement.
POPULATION Definition has to include time period covered.
Units may be unpriced, so completeness may be considered by accounting
for sequence of prenumbered documents rather than footing.
SELECTION No stratification. (The characteristic is an attribute, present or not present, so
variance depends entirely on the deviation rate.)
SAMPLE SIZE Factors that influence size differ; the primary difference is concern with the
rate, rather than the dollar amount.
PERFORMANCE Procedures applied include inspecting evidential matter of design and
operation of controls.
EVALUATION Relation is established between deviation rate and risk of monetary
misstatement (precisely how sample results will relate to substantive tests).
DOCUMENTATION As indicated in establishing the objective, the relation to particular
substantive procedures is specified.
* * *
705.12 Define the Population and Deviations. For a test of controls using audit sampling, the population is usually all
transactions of a particular type, e.g., credit sales, for a specified time period, e.g., January 1, 20X1 to September 30, 20X1.
The time period may be the entire period covered by the financial statements, but tests of controls may be applied at an
interim date. AU-C 330.12 indicates that when the auditor obtains audit evidence about controls during an interim period, the
auditor should determine what audit evidence to obtain for the remaining period. The auditor may consider the following:
a. Significance of the assessed risks of material misstatement at the relevant assertion level.
b. The specific controls that were tested during the interim period.
c. Significant changes to controls since they were tested, including changes in systems, processes, or personnel.
d. The degree to which audit evidence about the operating effectiveness of those controls was obtained.
e. The length of the remaining period.
f. The extent to which the auditor intends to reduce further substantive procedures based on the reliance on controls.
g. The effectiveness of the control environment.
705.13 As explained in paragraph 705.1, tests of controls using audit sampling are usually tests of transactions. The
sampling unit in tests of controls is individual transactions of a particular type, and the auditor specifies the physical sampling
unit that will be selected, e.g., canceled checks when the population is cash disbursements. Also, the auditor specifies the
conditions that will be regarded as a deviation from prescribed controls. To be efficient, the auditor ought to focus only on
those controls that are important to respond to identified risks of material misstatement. The auditor does not test all the
controls involved in processing the transaction being sampled, but only those that will have a significant bearing on the
related substantive procedures. For example, do not bother to test credit approvals on sales transactions when substantive
tests of collectibility will not be restricted anyway.
705.14 Determine the Tolerable Rate. Deciding on the appropriate tolerable rate is strictly an audit judgment. All sampling
does is force the auditor to specify in advance what rate of deviation would correspond to the levels of control risk to be used,
e.g., high, moderate, or low. How many deviations from a key control would the auditor tolerate before changing from low risk
to moderate risk or moderate to high? Examples of tolerable rates commonly used in practice are as follows:
Planned Assessed
Level of Control Risk
Tolerable Rate
Low 5%7%
Moderate 8%10%
High Omit Test
The tolerable rates used in practice are generally higher than most textbook illustrations of attribute sampling. The reasons for
the higher rates are that (a) the deviation rate is expected to be higher than the monetary misstatement rate (a deviation from
a control does not automatically mean there is a monetary misstatement) and (b) some substantive procedures will be
applied to detect monetary misstatement. AU-C 330.18 states that irrespective of the assessed risks of material
misstatement, the auditor should design and perform substantive procedures for all relevant assertions related to each
material class of transactions, account balance, and disclosure.
705.15 Determine the Allowable Risk of Overreliance. This risk is similar to the risk of incorrect acceptance in a
substantive sample. (See paragraph 704.3.) This means that it:
a. is an aspect of sampling risk, and
b. has a corresponding opposite risk (the risk of underreliance), which does not have to be considered under
authoritative pronouncements because it relates solely to efficiency.
When a test of controls using audit sampling is the primary source of evidence of whether the procedure is being applied as
prescribed, the auditor needs to allow for a low level of risk of overreliance (i.e., sampling risk). The authors believe that the
auditor who prefers to think of risk levels in quantitative terms might consider, for example, a 5% to 10% risk of overreliance.
Generally, the risk level is fixed at 10% in practice. This means there is 90% assurance that the auditor is not assessing control
risk too low or overrelying on controls. A 10% sampling risk is allowed because the auditor never places complete reliance on
the control risk assessment (as noted in paragraph 705.14). In statistical theory, either the allowable risk or the tolerable rate
could be varied in response to the assessed level of control risk. However, that does not fit audit logic. The tolerable rate is
more directly related to the risk of monetary misstatement.
705.16 Determine the Expected Rate of Deviations. The auditor also considers the expected rate of deviation from a
particular control. Generally, if the expected rate is over one-half the tolerable rate, sampling is not efficient. However, if the
expected rate is high, the auditor would not plan to assess control risk below the high level. In practice, many tests of
controls using sampling plans assume a zero expected rate. This is analogous to the statistical method of discovery
sampling, and it is highly efficient. The established tolerable rate, allowable risk of overreliance, and expected rate are the only
factors that need to be specified for determining sample size in a statistical sample size table. For example, Table A.2 in the
AICPA Sampling Guide, gives sample sizes for a 10% sampling risk.
705.17 Determine Sample Size. As explained in paragraph 705.11, in determining the sample size for a test of controls, the
auditor considers the tolerable rate, the risk of overreliance, and the expected rate of deviations from prescribed controls. The
only relevant population characteristic is usually the expected rate of deviations. Population size is usually assumed to be
infinite for convenience. Only very small population sizes would influence sample size. Generally, if the population is smaller
than 2,000 items, the conclusions are conservative, i.e., characteristics of the population are actually better then the statistical
evaluation indicates, but there is little efficiency to be gained by reducing the sample size until the population falls below
approximately 200 items. However, if the population is less than 200 items, sample sizes in statistical sampling tables or
nonstatistical sampling approaches based on statistical methods may be larger than necessary. In other words, the sample
size is effective, but not efficient. Therefore, the authors provide sample sizes for three ranges of population size: greater than
200, 100200, and less than 100, as discussed and illustrated beginning at paragraph 705.21.
705.18 A special case of small population size is a control that operates infrequently. For example, controls over a bank
reconciliation operate monthly or twelve times a year and controls over a weekly payroll operate 52 times a year. The AICPA
Sampling Guide (Paragraph 3.61) provides reasonable minimum sample sizes related to the frequency of operation of
controls as illustrated in Exhibit 7-13. The guidelines are based on the experience and judgment of practicing auditors rather
than being statistically derived.
Exhibit 7-13
Minimum Sample Sizes for Infrequently Operating Controls
Control Frequency and Population Size Sample Size
Quarterly (4) 2
Monthly (12) 24
Semimonthly (24) 38
Weekly (52) 59
* * *
705.19 The sample sizes in Exhibit 7-13 are based on the assumption that the test of controls being performed is
supplemented by other sources of evidence, such as a walkthrough, corroborating inquiries, past experience with the
competence and diligence of the personnel, or other control testing. Also, the testing is assumed to be for one or a few
locations. For example, a weekly control performed at 50 locations would represent a population of 2,600, which would be a
large population.
705.20 Statistical versus Nonstatistical Approaches. There are really no nonstatistical sampling plans for tests of controls
similar to those explained in section 704 for substantive procedures. Some CPA firms use tables that relate qualitative levels
of control risk to sample size. However, the sample sizes are the same as would be determined from a statistical formula or
attribute sampling table using the same factors for tolerable rate, risk of overreliance, and expected rate. That does not mean
an auditor necessarily needs to use statistical tables in planning and evaluating samples for tests of controls. If each individual
auditor had to determine the appropriate tolerable rate, risk of overreliance, and expected rate in planning every sample, it
would be very inefficient. Audit time would be consumed in planning sample sizes that could be spent more effectively in
other areas. Also, there could be substantial variation in sample sizes in identical circumstances because of differences in
judgment about the determinants of sample size. It makes sense for a CPA firm to adopt a uniform policy on sample sizes for
tests of controls.
A Recommended Approach for Sampling for Tests of Controls
705.21 The authors have developed an approach to sampling for tests of controls that allows effective and efficient
determination of sample size and evaluation of sample results. This approach is based on the statistical theory of attribute
sampling, but it does not require specialized statistical knowledge or training. This approach uses tolerable rates as described
in paragraph 705.14 and a 10% risk of overreliance (90% confidence or assurance level). The authors recommended
approach to sample size determination is presented in Exhibit 7-14 for both large and small populations (however, for
infrequently operating controls, use the table in Exhibit 7-13).
705.22 The table in Exhibit 7-14 can be used both to determine sample size during planning and to evaluate sample results.
For example, if the auditor wants to assess control risk as low for a population of greater than 200 items and believes the
sample results may include a single deviation, then a sample size of 60 would be necessary. As another example, if the
population size is between 100 and 200 and the auditor expects to find one deviation, the auditor would plan to sample 50
items to reduce the control risk assessment to low. When evaluating the sample, if the auditor actually found two deviations,
the sample would not support an assessed level of control risk of low, but would support a moderate control risk assessment.
Note that a sample size of 25 with no deviations for a population of greater than 200 items (or a sample size of 22 or 20 items
for a smaller population) will at best support an assessed level of control risk of moderate. If one or more deviations are
found, control risk would have to be assessed at the high level. This occurs because of the high sampling risk associated with
a small sample size. A single deviation in a sample of 25 is a sample deviation rate of 4%. However, at a 10% risk of
overreliance, the true deviation rate in the population could be as high as 15%, and there is a 10% risk that it is higher.
Exhibit 7-14
Sampling Table Based on Population Size90% Confidence Level
Control Risk Assessment & Population Size
Expected No. of
Deviations
Low
(57% Tolerable Rate)
Moderate
<100 100200 >200 <100 100200 >200
0 30 35 40 20 22 25
1 45 50 60 30 35 40
2 65
a
75
a
90 45
a
50
a 60
Note:
a
Sampling would not ordinarily be efficient in this situation because the sample size would comprise the majority of the
total population.
* * *
705.23 Determining the Sample Selection Method. The same methods described beginning in paragraph 703.8 for
selecting samples for substantive procedures are appropriate for tests of controls using audit sampling. However, it cannot be
overemphasized that block sampling, i.e., selecting all the transactions of a particular type for a day, week, or month, is not
acceptable in either type of sampling situation. A distinctive aspect of selecting a sample for a test of controls is that if
documents necessary to perform the test are missing, the item should be counted as a deviation. According to AU-C 530.11:
If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a
selected item, the auditor should treat that item as a deviation from the prescribed control (in the case of
tests of controls) or a misstatement (in the case of tests of details).
This means that when a selected item is missing, the item should be treated as a deviation from the prescribed policy or
procedure unless suitable alternative procedures can be performed. For example, if the auditor is testing for supervisory
review and approval of invoices by inspecting selected invoices, and an invoice selected cannot be located, there is no
documentary evidence the invoice was properly reviewed and approved, and it should be treated as a deviation. In the case
of tests of controls, suitable alternative procedures generally are not available.
705.24 The AICPA Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit (Paragraph 6.78),
provides the following additional guidance about circumstances that might be encountered when selecting items for tests of
controls and considering whether control deviations have been detected:
Voided or unused documents. If a voided item is selected, for example, because its number matches a random
number generated by the auditor, the voided item should be replaced if it is determined to be legitimately voided.
Documents that have been improperly voided may represent control deficiencies. Unused documents also should
be replaced.
Mistakes in estimating population sequences. Sometimes, the auditor estimates the population size and numbering
sequence before transactions have occurred, for example, when testing is performed at an interim date. If the
population is overestimated, any items outside the actual population that are selected as part of the sample are
treated as unused documents. If the population is underestimated, it is generally appropriate to design additional
audit procedures to apply to the items not included in the population.
Stopping the test before completion. Occasionally, the auditor might find a number of deviations in the first part of a
sample. As a result, even if no additional deviations were to be discovered in the remainder of the sample, the
results of the sample would not support the planned assessed level of control risk or any reduction in the control risk
assessment. In that case, the auditor reassesses control risk and considers whether it is appropriate to continue the
test. (See also paragraph 705.25.)
Inability to examine selected items. Sometimes, the auditor might not be able to examine a selected item (for
example, because the document cannot be located). If possible, the auditor should perform alternative procedures
to achieve the objective of the test. If it is not possible to perform alternative procedures, the selected items
ordinarily should be considered deviations.
Example 7-3: Determining the number of deviations in a sample.
The auditor has selected a sample of sales invoices to test adherence to the companys invoice checking control.
Random numbers were used to select invoices by invoice number. On all but three of the invoices selected, the
checking control procedure was followed. One of the invoices has not been stamped to indicate performance of the
checking procedure, but the sales order and shipping document agree with the invoice, the price is correct, and the
invoice is calculated correctly. One of the invoices was voided, but retained. One of the invoices has the appropriate
stamp, but the shipping document that should be attached is missing. How many deviations are there?
Solution. There are two deviationsthe unstamped invoice (because there is no evidence that the control procedure
was performed) and the invoice with the missing shipping document. Even if the auditor investigates and finds the sale
was valid, there is no documentary evidence that the comparison specified by the control procedure was made. The
auditor should test a replacement invoice in lieu of the properly voided invoice. (It is a good idea to select a few
replacements when making the initial sample selection to avoid having to go back later and generate additional sample
items.)
STEP 5 Evaluating the Results of Tests of Controls Involving Sampling
705.25 As explained in paragraph 705.22, the table in Exhibit 7-14 may also be used for evaluation of sample results. The
table in Exhibit 7-14 incorporates the consideration of sampling risk. The auditor cannot simply compare the projected rate of
deviation to the tolerable rate and assess controls as effective if the projected rate is lower. The auditor needs to consider the
effect of sampling risk, i.e., the risk that the true rate of deviation in the population may be higher than the projected rate. If the
table in Exhibit 7-14 is not used, the auditor needs to judgmentally consider the risk that the true rate of deviation may differ
from the sample rate.
705.26 One practical implication of the table is that if the auditor finds more than two deviations when the audit procedure is
applied to the first few selected items, the auditor can stop and assess control risk as high. Auditors often ask: If a deviation
is found, may sample size be increased so that assessment of control risk at less than high is possible, if no more
deviations are found? The answer is a qualified yes. The AICPA Sampling Guide (Paragraph 3.63) observes that a practical
and conservative rule-of-thumb for expanding sample size when unexpected deviations are found is to at least double the
sample size. If no additional deviations are found, the auditor can support the planned control risk assessment. For example,
if the auditor detects one deviation in a sample of 40 from a population greater than 200, the table in Exhibit 7-14 indicates the
auditor can only support a control risk assessment of moderate rather than low. If the auditor still desires to support a low
control risk assessment, using the rule-of-thumb it would be necessary to sample an additional 40 items with no deviations
detected. If statistical sampling were used, the auditor could precisely calculate the sample size that would support a control
risk assessment of low at the same level of assurance as the original sample if no additional deviations were detected.
705.27 The AICPA Sampling Guide (Paragraphs 3.79.81), however, cautions the auditor that extending the sample when the
initial sample was indicative of the true error rate will likely result in further deviations being identified. That is, if the auditor
expected no deviations when planning the sample, then an unexpected deviation in the sample results may be indicative of
other deviations in the population. Therefore, the assumption that additional items can be tested without finding additional
deviations may not be warranted. Using the example in the preceding paragraph, one deviation in the original sample of 40 is
indicative of a 2.5% true error rate in the population. If that is the true error rate, it is unlikely the auditor would be able to test
40 additional items without finding additional deviations. Using an expected deviation rate of 2.5% (that is, assuming the
auditor would find additional deviations), the statistical sample size that would support a control risk assessment of low at the
same level of assurance as the original sample would be as follows:
Confidence level: 90% (10% risk of overreliance)
Expected deviation rate: 2.5% (expected error rate based on one deviation
in the original sample of 40)
Tolerable deviation rate: 5.5% (tolerable rate for the original sample of 40 as
indicated in Exhibit 7-15)
Revised sample size: 117
Because the authors believe that an unexpected deviation generally is representative of the true error rate (rather than being
an isolated incident), and because the authors believe that sample sizes of over 60 are inefficient, the authors discourage
expanding the sample when unexpected deviations are found. It makes more sense for the auditor to increase the extent of
the substantive procedure and not attempt to restrict the substantive procedure by reducing the control risk assessment
below what was supported by the original sample. In using the table, it is important to remember that the sample results only
indicate the satisfactory functioning of a control procedure that the auditor has judgmentally concluded is effective as
designed. The initial judgment that the design of the control procedure permits restricting the extent of substantive
procedures, if the control procedure functions effectively, is strictly an audit judgment.
STEP 6 Assessing Control Risk
705.28 Using the table in Exhibit 7-14, the auditor can determine the appropriate level of control risk given the sample size
and number of deviations in the sample.
STEP 7 Documenting Tests of Controls Involving Sampling
705.29 When documenting audit procedures performed, AU-C 230.09 requires auditors to identify in the workpapers the
identifying characteristics of the specific items tested. Identifying the items tested is discussed further in paragraph 802.10.
For reperformance tests involving review of reconciliations and similar recordkeeping routines, the authors believe
documentation that identifies which routines were reperformed and the nature of the auditors tests is appropriate. AU-C 530
does not impose specific documentation requirements for audit sampling, but the AICPA Sampling Guide (paragraph 3.93),
indicates that auditors typically document the following matters:
a. A description of the control being tested.
b. The control objectives related to the sampling application, including the relevant assertions.
c. The definitions of the population and sampling unit, including how the auditor considered the completeness of the
population.
d. The definition of the deviation condition.
e. The acceptable risk of overreliance on controls (or desired confidence or assurance level), the tolerable deviation
rate, and the expected population deviation in rate used in the application.
f. The method of sample size determination.
g. The method of sample selection.
h. The selected sample items.
i. A description of how the sampling procedure was performed.
j. The evaluation of the sample and the overall conclusion.
When matters, such as sample size determination or expected deviation rate, are implicit in the tables or forms used in a
firms sampling approach, those matters need not be separately documented. The authors have developed ASB-CX-10.2,
Tests of Controls Sampling Planning and Evaluation Form, which concisely documents sampling matters. Use of that form
and ASB-CX-10.1, Test of Controls Form, provides appropriate documentation for tests of controls. To comply with the
AU-C 230 requirements, the auditors documentation of control tests should also include identification of the selected sample
items.
Using Data Extraction Software for Sampling in Tests of Controls
705.30 As noted in paragraph 704.23, some auditors may use data extraction software for sampling applications. Using data
extraction software to calculate a sample size for tests of controls requires the auditor to input the confidence level, expected
deviation rate, and tolerable deviation rate for the sampling application. The confidence level reflects the risk of overreliance
(that is, a 90% confidence level represents a 10% risk of overreliance). The table in Exhibit 7-15 illustrates the attribute
sampling variables (that is, confidence level, expected deviation rate, and tolerable deviation rate) that correspond to sample
sizes of 25, 40, or 60 (for populations greater than 200) using the sampling approach discussed beginning in paragraph
705.21.
Exhibit 7-15
Attribute Sampling Variables Corresponding to PPC Sample Sizes
for Tests of Controls (Population > 200 Items)
PPC sample size 25 40 60
Expected number of
deviations in the sample 0 0 1 0 1 2
Confidence level 90% 90% 90% 90% 90% 90%
Expected deviation rate 0% 0% 2.5% 0% 1.6% 3.3%
Tolerable deviation rate 8.7% 5.5% 9.3% 3.7% 6.3% 8.6%
Planned assessed level of
control risk Moderate Low Moderate Low Low Moderate
* * *
705.31 In general, if the auditor uses data extraction software to calculate the sample size for a test of controls, the authors
recommend using a 90% confidence level and the tolerable rates corresponding with the auditors planned assessed level of
control risk illustrated in paragraph 705.14. The only other variable impacting sample size is the expected error rate. As
discussed in paragraph 705.16, in practice, many tests of controls using sample plans assume a zero expected rate for
efficiency purposes.
705.32 Whether the auditor uses a nonstatistical sampling approach (such as the one discussed beginning in paragraph
705.21) or data extraction software to calculate the sample size, data extraction software can be used to select the sample.
Using data extraction software, the auditor can check a control total of the file being sampled to ensure the completeness of
the population prior to selecting the sample. Alternatively, if the items in the population are numerically sequenced, the auditor
can test for gaps and duplicates to account for the numerical sequence of items in the population prior to sampling. For tests
of controls, the auditor can use data extraction software to select a random or systematic record sample by specifying the
sample size or sampling interval (number of items in the population divided by the sample size) and a random start or seed.
705.33 For attribute sampling in tests of controls, the method of evaluation using the sampling approach discussed
beginning in paragraph 705.21 generally is qualitative. However, the auditor can use data extraction software to calculate the
achieved upper error limit based on a given sample size, number of deviations, and desired confidence level (generally 90%
for tests of controls). That means the auditor can always use data extraction software to evaluate the results of an attribute
sample. However, judgment is still needed to determine if the achieved upper error limit supports the auditors planned
assessed level of control risk or the conclusion that processing is effective. (The factors in Exhibit 7-15 and paragraph 705.14
can be used as a guide in making that determination.)
705.34 As a practical matter, the auditor using the sampling approach for tests of controls discussed beginning in paragraph
705.21 can easily determine whether the sample results support the auditors planned assessed level of control risk or the
conclusion that processing is effective, without using audit software to evaluate the sample. Data extraction software may be
useful, however, if the auditor wants to determine how much the sample size needs to be increased to achieve a planned
assessed level of control risk if deviations are detected. For example, if the auditor detects one deviation in a sample of 25,
what sample size is needed, assuming no additional deviations are found, to support an assessed level of control risk at
moderate with a 90% confidence level and 10% tolerable rate? Data extraction software can be used to answer that question,
and possibly allow the auditor to minimize the additional sample items that need to be tested. However, see the discussion
Case Study on Tests of Controls
705.35 Fast Furniture Company, a retail furniture company, sells mainly low priced furniture. The company allows customers
to buy on credit and maintains approximately 14,000 customer accounts. The auditor intends to send negative accounts
receivable confirmations. As discussed in Chapter 11, AU-C 505.15 states that, among other requirements, the combined
inherent and control risk assessment should be low in order to use negative confirmations. (As discussed in paragraph
1101.23, the use of negative confirmations is not a sampling application.) Assuming the auditor plans to use negative
confirmations and inherent risk is assessed as moderate, tests of controls would be needed to assess control risk as low to
obtain a combined assessment of low (see Exhibit 4-8). What strategy might the auditor use to test controls efficiently?
705.36 Solution: As part of the process of assessing risks of material misstatement, the auditor identifies risks that relate to
accounts receivable. This includes obtaining an understanding of internal control by performing risk assessment procedures
to evaluate the design of relevant controls and determine whether they have been implemented and completing the
documentation on ASB-CX-4.1, Understanding the Design and Implementation of Internal Control, ASB-CX-4.2, Financial
Reporting System Documentation Forms, and ASB-CX-4.3, Walkthrough Documentation Table. Based on this knowledge,
the auditor believes it may be possible to assess control risk as low for accounts receivable existence (the primary assertion
addressed by confirmation procedures). The two primary control objectives affecting the consideration of accounts receivable
existence are:
a. Whether outstanding receivables arose from bona fide credit sales.
b. Whether all customer payments have been recorded.
705.37 Through the understanding of internal control, the auditor has identified the following controls that relate to the
control objectives listed in paragraph 705.36:
a. All credit sales are recorded from invoices that have been matched to sales orders and shipping documents.
b. A lock box is used for cash receipts.
c. Monthly statements are mailed to customers by someone independent of accounts receivable bookkeeping.
d. Adequate separation of duties exists among the functions of billing, shipping, cash handling, accounts receivable
bookkeeping, and follow-up of customer complaints.
After considering the design and implementation of these controls, the auditor believes that, if controls are operating
effectively, a control risk assessment of low can be made for the existence assertion of accounts receivable.
705.38 The auditor selects the following tests of controls. (This case study assumes that testing controls is practical.)
a. Examination of invoices and sales orders/shipping documents supporting recorded sales for a sample of 60 credit
sales during the period.
b. Inquiry and a cursory inspection of lock box remittances to determine if a lock box was used throughout the year.
c. Client inquiry, observation of mailing of statements by appropriate personnel for month of December, and a cursory
inspection of copies of customer statements during the year to determine if monthly statements were being sent to
customers.
d. Inquiry and observation to determine that there was adequate separation of duties as noted previously.
705.39 Documentation of those procedures is illustrated at Exhibit 7-16 (Test of Controls Form) and Exhibit 7-17 (Tests of
Controls Sampling Planning and Evaluation Form). Note that only one test of controls involved audit sampling. The
remaining procedures were accomplished through inquiry, observation, and limited document inspection procedures.
Exhibit 7-16
ASB-CX-10.1: Test of Controls Form
Entity: Fast Furniture Balance Sheet Date: 12-31-X2
Audit Area: Accounts Receivable Assertion(s): E/O
Transaction Class(es): Shipping and invoicing sales
orders/Processing cash receipts
Location(s): Headquarters
Instructions: Complete this form for each audit area and assertion for which controls will be tested for
operating effectiveness. You need to be familiar with the concepts in Chapter 6 before completing this form.
Test controls for the particular time, or throughout the period, for which reliance is planned. If different controls
were used at different times during the audit period, consider and test them separately. Only test controls that
you have determined are suitably designed and have been implemented. If sampling is used, also complete
ASB-CX-10.2. If you are testing controls in an integrated audit engagement, use the practice aids in PPCs
Guide to Nontraditional Engagements instead of this form.
1. Control(s) to Be Tested. Describe the control(s) to be tested, or cross-reference to other workpaper(s) that document
the understanding of the control(s). (Use the control reference from the applicable Activity and Entity-level Control
Form at ASB-CX-5.1 through ASB-CX-5.17, if completed, or, if desired, assign a sequential control reference number.)
Test controls directly related to preventing or detecting and correcting material misstatements in specific assertions.
Determine whether the controls to be tested depend upon indirect controls, and if so, consider the need to also test the
indirect controls. Because a control may be relevant to more than one transaction class, be sure to coordinate test of
control procedures for audit efficiency.
Control Reference Description of Control and Control Objective
(1) Lock box used for cash receipts (completeness of cash receipts
or existence of related receivables)
(2) Matching of sales invoices to shipping documents and sales
orders (occurrence of recorded sales)
(3) Monthly customer statements are independently mailed
(existence of receivables)
(4) Separation of duties in billing, shipping, cash, bookkeeping, and
complaint follow-up (existence of receivables; fraud control)

2. Control(s) Tested in a Previous Audit. If a control was tested in a prior year and found to be operating effectively,
indicate what inquiry, observation, and inspection procedures were performed this year to determine whether conditions
affecting performance of the control have significantly changed to require retesting this year, and your conclusions. If the
control has changed since last tested or mitigates a fraud risk or other significant risk, the control should be retested.
Inquiry alone is not sufficient to conclude that controls or circumstances have not changed.
N/A


Practical Considerations:
When deciding whether it is appropriate to rely on audit evidence from tests of controls performed in a previous audit
and, if so, the length of time that may elapse before retesting the control, consider the effectiveness of the other
components of internal control, whether the control is manual or automated, the effectiveness of IT general controls,
the nature and extent of deviations detected in the prior period, personnel changes, whether the control should have
changed in response to changed circumstances but did not, and the risk of material misstatement and extent of
reliance on the control.
Controls that have not changed should be retested at least every third year. In addition, if a number of controls are
being rotationally tested, some controls should be tested each year. Controls that address significant or fraud risks
should be tested each year.
3. Control(s) Tested at an Interim Date. If a control was tested at an interim date, describe the additional evidence, if any,
that was obtained for the remaining period of reliance (or cross-reference to the related workpaper), including whether
there were any significant changes in internal control subsequent to the interim period.
N/A

Practical Consideration:
When determining the additional evidence needed for the remaining period of reliance, consider the significance of
the assessed risks of material misstatement, the specific controls tested, changes in those controls since the interim
date (including related systems and personnel), the degree of evidence obtained in the interim period, the length of
the remaining period, the extent to which substantive procedures will be reduced, and the control environment.
4. Testing Procedures Performed. Describe the procedure(s) performed to obtain audit evidence that the control(s) is
(are) operating effectively, or cross-reference to a related workpaper that documents the testing procedures. If sampling
is performed, document the selected sample items. If deviations are detected, perform and document inquiries to
understand the cause of the deviations and their potential consequences. For controls that are not operating effectively,
consider whether an internal control deficiency exists that should be accumulated and evaluated using ASB-CX-15.1.
Control
Reference Assertion(s) Procedure(s) Performed
Performed by
and Date
Control
Operating
Effectively?
Workpaper
Reference/
Comments
(1) Existence Inquiry; Inspect lock box
remittances.
VL
1-30-X3
Y W/P 101-6
(2) Occurrence Examine sample of invoices
and compare to shipping
documents and sales orders.
VL
1-30-X3
Y W/P 101-4,
101-5 (see
Exhibit 7-17)
(3) Existence Inspect statement copies;
Observe Dec. mailing.
VL
1-30-X3
Y W/P 101-6
(4) Existence Inquiry and observation for
separation of duties.
VL
1-30-X3
Y W/P 101-6
Control
Performed by
and Date
Control
Operating
Effectively?
Workpaper
Reference/
Comments
You should obtain audit evidence about (1) how controls were applied at relevant times during the period, (2) the
consistency of their application, (3) by whom and by what means they were applied, and (4) whether the person
performing the controls has adequate authority and competence.
The more you plan to reduce the control risk assessment or the more you plan to rely on tests of controls versus
substantive procedures, the more reliable or extensive the audit evidence that should be sought.
Observation procedures are pertinent only at a point in time and, therefore, should be supplemented by other
procedures, such as inquiry or inspection of documents, to obtain sufficient evidence. Inquiry alone does not provide
sufficient evidence about the effectiveness of a control.
If information produced by the entitys information system is used when testing controls, ensure that your
documentation describes how you considered the accuracy and completeness of that information. For example, if a
computer edit and validation report is used, how did you ensure its accuracy and completeness? If a sample is
selected from a population of sales invoices, how did you consider the completeness of the population?
Conclusion
5. The test(s) of controls documented on this form supports the following control risk assessment:
High, Moderate,
or Low
Existence or Occurrence Low
Completeness
Rights or Obligations
Valuation or Allocation
Accuracy or Classification
Cutoff
If the supported control risk assessment differs from the planned control risk assessment documented on the Risk
Assessment Summary Form (ASB-CX-7.1), revise the Risk Assessment Summary Form for your new control risk
assessment and consider the effect on combined risk assessment and your audit approach.
Completed or updated by: (Some auditors test controls each year. If you plan to rely on tests performed in a prior period,
carefully reconsider the factors listed and responses documented on this form in light of known changed client conditions and
document, for each engagement year, the inquiry, observation, and inspection procedures performed to determine that
conditions that would affect the performance of the control(s) had not significantly changed to require retesting. If controls are
retested, complete a new form. If the form is updated, refer to the List of Substantive Changes and Additions included with
each annual supplement of this Guide to determine whether the form has been revised in the current edition. If the form has
been revised, complete the revised form instead of updating this form.)
20 X2 20 20
Name Date Name Date Name Date
VL 1-30-X3
* * *
Exhibit 7-17
ASB-CX-10.2: Tests of Controls
Sampling Planning and Evaluation Form
Entity: Fast Furniture Balance Sheet Date: 12-31-X2
Completed by: Victor Lewis Date: 1-30-X3
Account Balance or Transaction Class: Accounts Receivable
Assertion(s): E/O
Instructions: This form is used only if the auditor chooses to use sampling in testing controls. You need to be
familiar with the concepts in section 705 before completing this form. Also, complete the relevant sections of
1. Describe the controls to be tested (or refer to ASB-CX-10.1 where appropriate):
Control Objective and
Description
(or Reference to
ASB-CX-10.1) Documentary Evidence Deviation Definition
W/P 101-1 (see Exhibit 7-16)

Sales invoice/shipping
document/sales order
Recorded sale without
evidence of order or delivery

2. Describe the population and how completeness of the population was considered: Population includes all recorded
sales invoices. Scanned sales journals for the year to account for numeric sequence of invoice numbers. Reviewed
reconciliation of sales journal to general ledger.

3. Sample size: 60. Select the sample size from the following tables based on either (a) the size of the population,
expected number of deviations, and planned control risk assessment (Table 1) or (b) the frequency of operation of the
control (Table 2).
Table 1
Expected No. of
Deviations
Low
Moderate
<100 100200 >200 <100 100200 >200
0 30 35 40 20 22 25
1 45 50 60 30 35 40
2 65
a
75
a
90 45
a
50
a 60
Note:
a
total population.
Example: If the population size is 2,000 and the auditor expects to find one deviation, the auditor would plan to sample
60 items to reduce the control risk assessment to low. When evaluating the sample, if the auditor actually found two
deviations, the sample results would support a control risk assessment of moderate. If the auditor found three deviations,
the results would not support a control risk assessment below high.
Table 2
Sampling Table for Infrequently Operating Controls
Quarterly (4) 2
Monthly (12) 24
Semimonthly (24) 38
Weekly (52) 59
4. Document your sample selection below.
Selection method: Haphazard Random n Systematic
Does the sample seem representative of the population? Yes n No
[Note: If the sample does not seem representative, then reselect the sample. Document the selected sample items, as
discussed in Chapter 8.]
5. Document the results of your tests of controls:
Number of deviations detected: none
Describe deviations in the space below and inquire about their cause.
Note: If the test is not applicable for a selected item, such as a properly voided document, you should perform the test
on a replacement item. However, inability to apply the test or suitable alternative procedures to a selected item, for
example, because source documents that were used cannot be located, should be counted as an error or deviation.
Deviation Cause
N/A

6. Does the sample provide a reasonable basis for drawing conclusions about the population
tested? Yes n No
7. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size; testing a
different control; or modifying the nature, timing, or extent of planned substantive procedures, because of test results
and (b) the effect of deviations on other aspects of the audit:
None

Compare the number of deviations detected (Step 5) for each control tested to Table 1 in Step 3 to identify the supported
assessed level of control risk. Also make a qualitative assessment of the nature and cause of deviations detected,
including their effect on the objective of the test and on other aspects of the audit, before reaching a conclusion about
the effectiveness of the controls. Document your supported control risk assessment at ASB-CX-10.1. [Tests of
infrequently operating controls (Table 2 in Step 3) are evaluated qualitatively.]
* * *
705.40 A final word of caution is necessary. This case study is intended to illustrate how an auditor might approach selective
tests of controls. It is not intended to suggest that these procedures are appropriate or efficient for every engagement. The
selection, performance, and evaluation of a test of controls always depends on the auditors judgment and the clients
situation.
706 AN EFFICIENT APPROACH TO SUBSTANTIVE TESTS OF TRANSACTIONS
706.1 As mentioned in Exhibit 7-5, for some entities, testing the classification of cash disbursements may be an important
audit objective. To test classifications, the auditor may perform a substantive test of transactions to test this aspect of
transaction processing. When the auditors primary concern in selecting a sample of transactions and applying audit
procedures to the supporting documentation is to evaluate an aspect of transaction processing such as classification, an
attribute sampling approach such as the one explained in this section may be the most efficient.
Conditions for Using Approach
706.2 The basic conditions for using this alternative approach to substantive tests of transactions are as follows:
a. the audit procedure being applied using the alternative sampling is not the only procedure that contributes to
achieving the auditors objectives, i.e., there are other related procedures; and
b. the auditor expects a low rate of monetary misstatement in the transaction class being sampled.
706.3 Other Related Procedures. When the audit procedure being applied using sampling is the sole basis for
substantiating an amount that is a transaction total, the auditor needs to use the approach described in section 704. However,
if other audit procedures such as analytical procedures provide persuasive evidence, the auditors primary concern in testing
transactions may be to test some aspect of transaction processing, e.g., classification of expenditures. In this case, the
auditor may use this alternative approach.
706.4 Low Rate of Monetary Misstatement. If many misstatements are expected, the auditor will be concerned with
projecting monetary misstatement to assess whether the misstatement could be material. In that case, the approach
explained in section 704, or perhaps statistical sampling, needs to be used. When a low rate of monetary misstatement is
expected and the auditors primary concern is in making an assessment of the effectiveness of some aspect of processing,
this alternative approach may be used.
706.5 This alternative approach is based on the mathematics of a statistical attribute sampling plan. An attribute is a
characteristic rather than a quantity; it is either present or not present, e.g., compliance or noncompliance with a pertinent
control procedure. This type of sampling plan can be appropriate for a substantive test of transactions when the primary
concern is with an aspect of transaction processing. In this case, the auditor is normally primarily concerned with the rate
rather than the dollar amount of processing misstatements. The rationale for concern with a rate rather than a dollar amount is
that all transactions of that type are processed through the same system, and the likelihood of misstatement for a particular
transaction is independent of its size. In that respect, a misstatement is looked upon simply as a deviation.
Sample Size for Substantive Tests of Transactions
706.6 Using the underlying theory of an attribute sampling model referred to beginning in paragraph 706.1 and discussed in
section 705 results in the following sample sizes:
a. With a sample of 25, when no deviations
1(46)
are expected or found, there is approximately a 10% tolerable rate
and a 10% risk of overreliance.
b. With a sample of 60, when no deviations or one deviation is expected or found, there is approximately a 5%8%
tolerable rate and a 5% risk of overreliance.
These same sample sizes may be used for a substantive test of transactions when the auditors primary concern is an aspect
of processing effectiveness. The factors to consider in determining the appropriate sample size for a particular test are
explained in the following paragraphs.
706.7 A Sample of 25. The auditor may use a sample size of 25 for a substantive test of transactions when the conditions in
paragraph 706.2 are met, and the same sample is also being used as a test of controls pertinent to the aspect of transaction
processing being tested, i.e., the procedure is a dual purpose test.
Example 7-4: Using a sample of 25.
An auditor is testing cash disbursements of XYZ Company to test the effectiveness of classification of expenditures.
Internal controls over disbursements include the check signer (a responsible officer) reviewing the voucher for account
coding and agreement of the check with supporting documents and then initialing the voucher to indicate approval. How
many cash disbursements should be selected?
Solution. The auditor may select a sample of 25 disbursements and examine supporting documentation for indication of
performance of the controls and accounting accuracy. If no mistakes in classification (a substantive test) or failure to
perform the control procedure (a test of controls) are detected, the auditor may conclude that classification of
expenditures is effective.
706.8 A Sample of 60. The auditor uses a sample size of 60 for a substantive test of transactions when the conditions in
paragraph 706.2 are met but there are no effective controls pertinent to the aspect of transaction processing being tested.
This will be the case when the entity has no policies and procedures pertinent to the aspect of processing being tested, or
when past experience or a sample of 25 transactions in the current audit, indicates a lack of compliance.
706.9 This sampling approach is not designed to allow the auditor to project the amount of monetary misstatement in the
population. When deviations are detected, the auditor makes a careful qualitative evaluation of the nature and cause of the
deviation. Generally, a single deviation in a sample of 60 will still allow the auditor to conclude that processing is effective.
However, if two or more deviations are detected, additional procedures will generally be needed. In some instances, the
auditor may be able to identify the transactions that are likely to result in monetary misstatement and examine those
transactions 100%. Otherwise, the auditor needs to consider using the nonstatistical sampling approach described in section
704 or statistical sampling to estimate the amount of likely misstatement in the population and evaluate whether the
misstatement could be material.
Documentation of Alternative Approach to Substantive Tests of Transactions
706.10 The authors have designed a Sampling Worksheet for Testing Account Coding and Classifications that may be
used to document the sampling approach explained in this section. The form is presented at ASB-CX-8.3.
CHAPTER 8: AUDIT DOCUMENTATION
Introduction
800.1 Audit documentation is the written record of the audit procedures applied, evidence obtained, and conclusions
reached that support the auditors (a) representation that the audit was performed in accordance with GAAS and (b) opinion
expressed on the financial statements. The style, extent, and form of workpapers may vary considerably; no single approach
has universal acceptance. This chapter explains the documentation necessary to comply with professional standards and
focuses on techniques and approaches to workpaper organization and preparation that are efficient in most audit
engagements.
800.2 In this chapter and throughout this Guide, the authors use the terms audit documentation and workpapers
interchangeably. The term workpapers is still widely used in practice, and the authors continue to use that term to describe all
recording media whether paper, electronic, or other. In addition, Statement on Quality Control Standards (SQCS) No. 8 (QC
10), A Firms System of Quality Control (Redrafted), also includes references to working papers or workpapers in the definition
of engagement documentation.
800.3 AU-C 230, Audit Documentation [Formerly SAS No. 103 (AU 339)] addresses the auditors responsibilities for audit
documentation for an audit of financial statements. It requires the auditor to prepare and retain workpapers; addresses the
form, content, and extent of audit documentation; and specifies requirements for revisions made to documentation after the
date of the auditors report. AU-C 230 primarily contains general documentation requirements. Other AU-C sections include
additional documentation requirements that specify the application of AU-C 230 in the particular circumstances of those other
AU-C sections. Exhibit A of AU-C 230 (AU-C 230.A30) lists other AU-C sections that contain specific documentation
requirements and guidance.
800.4 Appendix 8A-1, Audit Documentation RequirementsFor Audits of Periods Ending on or after December 15, 2012,
summarizes audit documentation requirements under professional standards after the effective date of the clarified auditing
standards and can be used to ensure professional requirements are met. Appendix 8A-2, Audit Documentation
RequirementsFor Audits of Periods Ending Before December 15, 2012, summarizes audit documentation requirements
under professional standards before the effective date of the clarified auditing standards.
1(47)
(There may be additional
documentation requirements specified by regulatory agencies, such as the GAO, PCAOB, or state regulators.)
______________________________
1
The authors have included summaries of documentation requirements for periods both before and after the effective date
of the clarified auditing standards to facilitate referencing to the applicable authoritative literature. The substance of the
documentation requirements has not changed.
800.5 In addition to the requirements in the SASs, Ethics Interpretation 101-3, Performance of Nonattest Services, notes that
practitioners providing nonattest services to their attest clients should establish and document in writing an understanding
with the client. Part of that understanding is the clients acceptance of its responsibilities for the nonattest services. See the
discussion of nonattest services beginning at paragraph 202.33.
Objective
801.1 The objective of the auditor is to prepare documentation that provides
a sufficient and appropriate record of the basis for the auditors report and
evidence that the audit was planned and performed in accordance with GAAS and applicable legal and regulatory
requirements.
Requirements
801.2 The auditor must document the justification for any necessary departure from a presumptively mandatory requirement
of GAAS, along with how alternative procedures performed sufficiently achieved the intent of the requirement. In addition, the
auditor should comply with the requirements summarized in Exhibit 8-1 to achieve the documentation objective at paragraph
801.1.
Exhibit 8-1
Requirements for Audit Documentation
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
Prepare audit documentation on a timely basis. AU-C 230.07 Section 802 ASB-AP-1
Prepare documentation that is sufficient to enable an
experienced auditor, having no previous connection
with the audit, to understand:
The nature, timing, and extent of procedures
performed.
The results of procedures performed and the
audit evidence obtained.
The significant findings or issues, conclusions
reached, and significant professional judgments
made in reaching conclusions.
through
ASB-AP-14
ASB-CX-14
Record the following when documenting the nature,
timing, and extent of procedures:
The identifying characteristics of specific items
or matters tested.
Who performed the work and the date it was
completed.
Who reviewed the work and the date and extent
of that review.
through
ASB-AP-14
ASB-CX-14
Include in the audit documentation abstracts or
copies of significant contracts or agreements
inspected.
Document discussions of significant findings or
issues with management, those charged with
governance, and others, including the nature of the
findings or issues, and when and with whom
discussed.
Document how any information that was inconsistent
with the final conclusion regarding a significant
finding or issue was addressed.
Document the justification for any necessary
departure from a relevant presumptively mandatory
requirement and how alternative procedures
performed sufficiently achieved the intent of that
requirement (must statement; circumstance
expected to be rare).
AU-C
Reference
Primary
Guide
Reference
Text
Guide
Reference
Practice
Aids
For new or additional audit procedures performed or
new conclusions reached after the date of the
auditors report (circumstance expected to be rare),
document:
The circumstances encountered.
The procedures performed, audit evidence
obtained, and conclusions reached, and their
effect on the auditors report.
When and by whom resulting changes to the
documentation were made and reviewed.
Omitted
Procedures and
Subsequent
Discovery of
Facts
For other changes to the audit documentation after
the documentation completion date, document the
specific reasons for the change and when and by
whom they were made and reviewed.
Document the report release date. AU-C 230.15 Section 802 ASB-AP-2
Assemble the final audit file no later than 60 days
following the report release date.
After the documentation completion date, do not
delete or discard any audit documentation before the
specified retention period, which should be at least
five years from the report release date.
Adopt reasonable procedures to maintain the
confidentiality of client information.
* * *
802 PURPOSES AND BASIC REQUIREMENTS OF WORKPAPERS
802.1 The main purpose of workpapers, as identified in AU-C 230.02, is to provide the principal evidence for the auditors
report that includes:
The representation that the audit was performed in accordance with generally accepted auditing standards.
The opinion expressed (or disclaimed) on the financial statements.
In addition to this primary purpose, audit documentation can be used for a variety of other purposes. These additional
purposes are discussed in paragraph 802.5.
Support for Auditors Report
802.2 Auditors should prepare audit documentation with an appropriate amount of detail that provides a clear understanding
of the work performed, the evidence obtained along with its source, and the conclusions reached. AU-C 230.A3 notes that
preparing sufficient and appropriate audit documentation on a timely basis throughout the audit helps to improve the quality
of the audit. Also sufficient and appropriate audit documentation assists in the effective review and evaluation of the audit
evidence obtained and conclusions reached before the auditors report is finalized. Auditors should prepare documentation at
the time such work is performed or shortly thereafter. That documentation is likely to be more accurate than documentation
prepared at a much later time.
802.3 An auditors support for representations in the audit report is not strictly limited to what is in the workpapers. The
primary need to support the representations in the audit report arises in internal and external quality control reviews. Another
less frequent, but important, use arises if the quality of the audit is questioned in litigation, regulatory proceedings, or ethics
disciplinary actions. The workpapers are the principal record of the work done and conclusions reached, but an auditor, in
defending the quality of the audit, might supplement the audit documentation by other means. According to AU-C 230.A7:
On their own, oral explanations by the auditor do not represent adequate support for the work the auditor
performed or conclusions the auditor reached, but may be used to explain or clarify information contained in
the audit documentation.
An auditor does not document every consideration during the course of the audit, but auditors should ensure that the audit
documentation provides a clear understanding of what was done, the evidence gathered, and conclusions that were reached
based on the procedures and evidence obtained. As noted above, the possible use of oral explanations is not a substitute for
sufficient, appropriate audit documentation that supports the auditors report.
802.4 Auditors also need to be aware that certain states and regulatory agencies may have more stringent requirements for
audit documentation. For example, California has adopted rules applicable to both public and nonpublic company audits
containing a rebuttable presumption that an audit procedure not documented was not performed. The burden of proof lies
with the auditor. The presumption can be overcome by a preponderance of the evidence, which ordinarily needs to be more
than just an oral explanation. The authors believe that workpapers need to be prepared with an awareness that someone
external to the auditors firm might review them, whether in a peer review or an adversarial proceeding. Legal liability
considerations for audit workpapers are discussed in section 808.
Other Purposes of Workpapers
802.5 Audit workpapers need to achieve the primary purpose noted in paragraph 802.1, but audit documentation that is
thoroughly prepared with a sufficient amount of detail can be useful for a number of purposes. In fact, firms that adopt
documentation policies that encourage well-designed and prepared workpapers will often achieve a higher degree of audit
effectiveness and efficiency in their engagements for both the current and future years. Some additional purposes of
workpapers include (AU-C 230.03):
Aids in the Planning and Performance of the Engagement. Thorough audit documentation from prior audits allows
team members planning the current engagement to understand matters of continuing significance to be taken into
consideration when developing the audit strategy. Likewise, planning documentation prepared for the current period
engagement can assist with the continued performance of the audit by providing a record of the clients system and
processing characteristics, assessed risks, fraud considerations, strategy decisions reached, and similar
information. This background information can be useful to the audit team when carrying out planned procedures
and reduce the likelihood of redundancies (e.g., asking the same question twice, reinventing the wheel, etc.).
Provides Guidance for Newer Team Members. The review of prior period workpapers by new engagement team
members can be a valuable tool to assist them in understanding the client and their assigned audit duties.
Retaining a Record of Matters of Continuing Significance to Future Audits. Audit workpapers may document
information that can be used in future audits.
Assists in the Conduct of Quality Control Reviews and Inspections. Many firms require a review of the audited
financial statements, auditors report, and other communications and reports by someone who has no other
responsibility on the audit. Engagement quality control reviews, in accordance with SQCS No. 8, are discussed in
section 1811. In addition, most firms perform engagement inspection as a part of their ongoing quality control
monitoring function. See PPCs Guide to Quality Control for discussion of inspection procedures and monitoring.
Reinforces and Demonstrates Accountability. Establishing high standards for documentation promotes
accountability by the audit team for adherence to professional standards and the established audit strategy. The
workpapers demonstrate the accountability of the engagement team for the procedures performed and conclusions
reached.
Aids in Internal Supervision and Review. Proper documentation allows audit team members with supervision and
review responsibility to evaluate the work performed, provide direction and coaching to less experienced team
members, and assess if additional procedures are necessary. Good workpapers provide an organized framework
for the audit. If workpaper files are standardized, an auditor can control the fieldwork more readily and review the
work more efficiently. (See the discussion in sections 803 and 804 for suggestions on a standardized approach for
small business engagements.)
Aids in External Review. Workpapers are a critical element used by internal quality control, regulatory, and peer
reviewers to evaluate compliance with professional standards and the firms system of quality control.
Basic Requirements for Content
802.6 The basic requirements for workpaper content in authoritative pronouncements allow some discretion in deciding on
the specific workpapers to prepare. However, AU-C 230 provides criteria auditors should use in making documentation
decisions and defines significant findings and other matters that should be documented in the workpapers. According to
AU-C 230.08, workpapers should enable an experienced auditor with no previous connection to the audit to understand:
a. The nature, timing, and extent of auditing procedures that were performed to comply with professional standards
and applicable legal or regulatory requirements.
b. The results of the audit procedures that were performed, along with the evidence gathered.
c. The significant judgements made and conclusions reached on significant findings or issues.
802.7 The use of the term experienced auditor with no previous connection to the audit reinforces a documentation concept
practiced by many auditors that indicates workpapers need to stand by themselves. That is, much like a well-written book,
the documentation needs little or no oral explanation as to what was done, who performed the work, and the reasons for the
conclusions that were reached. AU-C 230.06 considers an experienced auditor to be an individual with practical audit
experience and the necessary competency and skill to perform the audit. Such skills and competencies would include an
adequate knowledge of professional standards and applicable legal or regulatory requirements, the audit process, the clients
business environment, and the audit and financial reporting issues that apply to the clients industry.
802.8 As discussed in paragraph 802.6, there are few stringent requirements as to what needs to be contained in the
workpapers. There is no requirement for an auditor to document every item considered during the course of the audit. To do
so would be impractical, if not impossible. Accordingly, the form, content, and extent of the workpapers will be dependent to
some extent on factors that are unique to the engagement. In determining the documentation appropriate for a particular
engagement, auditors may consider:
a. The size and complexity of the entity.
b. The audit methodology and tools used.
c. The identified risks of material misstatement.
d. The nature of the auditing procedures performed.
e. The amount of judgment involved in carrying out the procedure and evaluating the results.
f. The significance of the audit evidence obtained.
g. The nature and extent of exceptions.
h. The need to document or support a conclusion not readily apparent from the documentation of the work performed
or evidence gathered.
802.9 AU-C 230 also provides certain specific audit documentation requirements as follows:
a. Departures from the Requirements in the Auditing Standards. In the rare instances in which an auditor deems it
necessary to depart from a presumptively mandatory requirement of the auditing standards, documentation must be
made of the justification for the departure and how alternative procedures performed were sufficient to achieve the
objectives of the requirement. This requirement is mandatory unless the related presumptively mandatory
requirement is
Not relevant, for example, if the requirement relates to service organizations and the client does not use a
service organization.
Conditional, for example, if the requirement is to document the expectation if not readily determinable when
performing substantive analytical procedures and the expectation is readily determinable.
Paragraph 101.4 provides an additional discussion on presumptively mandatory requirements of the auditing
standards (AU-C 230.13).
b. Abstracts or Copies of the Clients Records. The workpapers should include copies of the clients records and
abstracts or copies of significant contracts or agreements examined, if they are needed to allow an experienced
auditor to understand the work performed and conclusions reached. (AU-C 230.10)
c. Identification of Items Tested. Documentation of procedures performed should identify the items tested (see
discussion beginning at paragraph 802.10). (AU-C 230.09)
d. Individuals Performing and Reviewing the Work, and Associated Dates. When documenting the audit procedures
performed, auditors should record who performed the work, the date of completion, who reviewed specific
documentation, and the date and extent of the review (see discussion beginning at paragraph 802.13). (AU-C
230.09)
e. Significant Findings or Issues. Auditors are required to document information related to significant audit findings or
issues (see discussion beginning at paragraph 802.15). (AU-C 230.11.12)
f. Revisions after the Date of the Auditors Report. Auditors are required to document certain items if revisions to the
workpapers are necessary after the date of the auditors report. Revisions may be attributable to:
Omitted procedures that would have been considered necessary at the time of the audit (see discussion
beginning at paragraph 802.27 and section 1818). (AU-C 230.14)
Subsequent discovery of facts that existed at the date of the report (see discussion beginning at paragraph
802.27 and section 1818). (AU-C 230.14)
Other reasons an auditor considers it necessary to make an addition or change to the workpapers after the
documentation completion date (see discussion beginning at paragraph 802.27). (AU-C 230.18)
g. Report Release Date. The report release date should be recorded in the audit documentation (see paragraph
802.23). (AU-C 230.15)
Documenting Specific Items Tested and Other Procedures
802.10 Audit documentation of the procedures performed should include identifying characteristics of the specific items that
were tested. This requirement includes tests of the operating effectiveness of controls, substantive tests of details involving
inspection of documents or confirmation, and inquiry and observation procedures. For inspection of documents and
confirmation procedures, the authors believe items tested can be identified by listing the items; by including a detail schedule
in the workpapers, such as an aged trial balance, on which the items are identified; or by documenting in the workpapers the
source and selection criteria. For example:
For tests of significant items, documentation may describe the auditors scope and the source of the items (for
example, all invoices greater than $5,000 from the December sales journal).
For haphazard or random samples, documentation may identify the items by their dates and specific invoice
numbers, check numbers, customer account numbers, etc.
For systematic samples, documentation may indicate the source, starting point, and sampling interval (for example,
a selection of checks from the cash disbursements journal for the period 1/1/X2 to 12/31/X2, starting with check
number 2150 and selecting every 100th check thereafter).
802.11 For inquiry and observation procedures, the identifying characteristics may be recorded as follows:
For inquiries, document the dates of the inquiries, the names and job functions of client personnel queried, and the
inquiry that was made.
For observations, document the matter observed, the individuals involved and their responsibilities, and where and
when the observation took place.
802.12 In some cases, more than one file of the same documents is maintained by different client departments. The auditor
may document who maintains the file from which items were selected and where the file is maintained.
Documenting the Identification of Preparer and Reviewer
802.13 Auditors should record who performed the audit procedures and when such work was completed (AU-C 230.09). In
most situations, this is a simple process; normally, the individual who performs the procedure initials and dates the specific
workpaper, checklist, or program step that specifies the work performed. The checklists and audit programs included in this
Guide provide spaces to facilitate this documentation. However, if a program step is supported by workpapers, there is no
need to date both the program step and the supporting workpapers. Doing so creates the possibility of discrepancies in the
dating. Therefore, when completing audit program steps that are supported by workpapers, some auditors may choose to
sign, but not date, such program steps, since the supporting workpapers indicate the date the procedures were performed. In
such cases, it is preferable to cross-reference the program steps to the supporting workpapers.
802.14 AU-C 230.09 also requires documentation of who reviewed specific audit documentation and the date of the review.
AU-C 230 does not indicate the manner or form of recording the evidence of these who and when components of the
review. However, reviewers are not required to evidence their review on each working paper. Often, for detailed reviewers, a
practical and efficient way of indicating who reviewed the audit work and when is for the reviewer to initial and date the
specific workpapers reviewed. However, auditors may adopt other documentation methods to evidence this review as long as
it is clear who reviewed specified elements of the work and when the review occurred. Some auditors, especially those
performing the partner level review, may prefer documenting the evidence of their review in a memo that indicates the
workpaper sections reviewed and the date(s) of their review. Checklists may also be used. The practice aid ASB-CX-14,
Supervision, Review, and Approval Form, serves as a checklist to assist reviewers in performing and documenting their
reviews of the audit work performed. Section 1811 discusses the review process in greater detail.
Documenting Significant Findings or Issues
802.15 The engagement team may be faced with difficult issues that need significant professional judgment to resolve.
Examples of significant audit findings or issues include the following:
Significant matters involving the appropriate selection, application, and consistency of accounting principles, such
as:
The reasonableness of significant accounting estimates and underlying assumptions.
The likelihood of significant contingencies occurring.
Complex or unusual transactions and the application of GAAP to those transactions.
Results of procedures that indicate the financial statements or disclosures could be materially misstated.
Results of procedures that indicate a need to revise prior assessments of the risks of material misstatement and the
auditors responses to such risks.
Circumstances that cause significant difficulty in applying procedures considered necessary.
Other findings that could result in modification of the auditors report.
Audit adjustments identified by the auditor, whether or not recorded by the client, that could, either individually or
when aggregated with others, have a material effect on the financial statements.
802.16 AU-C 230.08 requires auditors to document significant audit findings or issues such as those outlined in paragraph
802.15, actions taken, evidence obtained in addressing them, and significant professional judgments made in reaching
conclusions.
802.17 Discussions of significant findings or issues that occur between the auditor and management should be documented
in a timely manner, including the items discussed and when and with whom they were discussed. In addition, the auditor
should document similar information regarding any discussions of significant findings or issues with internal or external
parties other than management. That may include those charged with governance, lower level employees, or professional
service providers.
2(48)
In other words, documentation of significant findings and issues goes beyond simply documenting
the auditors actions, the relevant evidence gathered, and the basis for conclusion. Auditors are also required to record any
discussions of such matters with parties outside of the audit firm or the engagement team. Minutes of meetings attended by
the auditor at which these matters were discussed can satisfy this documentation requirement.
802.18 Auditors should also document how they addressed information that was contradictory or inconsistent with their final
conclusion on a significant finding or issue. Such documentation might include the auditors procedures to address the
information or consultations regarding differences in professional judgment among audit team members or between the team
and others consulted. This documentation requirement does not necessitate retaining information that is incorrect or
superseded unless it is identified after the documentation completion date as discussed at paragraph 802.24.
802.19 The matters in paragraphs 802.15 and 802.16 can be documented in a memorandum. The authors recommend that
such a memorandum begin with a description of the facts giving rise to the issue, followed with a discussion of the factors
considered and evidence gathered in formulating the conclusion. The auditors conclusion needs to be clearly stated, along
with his or her reasoning process supporting the conclusion. Other items that should be documented include any discussions
as noted in paragraph 802.17, the existence of conflicting evidence or guidance supporting contrary points of view, and any
consultation that occurred in resolving the issue (see paragraphs 802.18 and 1812.44). ASB-CX-16.4, Accounting and
Engagement Issues, provides a form auditors can use to document significant audit findings or issues.
Documenting Revisions after the Date of the Auditors Report
802.20 Timely completion of audit documentation is critical to assure audit quality. As a practical matter, the auditor needs to
strive to prepare audit documentation as the audit progresses to avoid inadvertently omitting critical information or incorrectly
recording aspects of the procedures that were completed or the evidence obtained. When concluding the audit, the auditor
should ensure that the documentation meets the objectives discussed in paragraph 801.1. Professional standards also
include requirements for (1) assembling and completing the workpapers at the conclusion of the audit and (2) making
revisions to the documentation after the date of the auditors report. These requirements are centered on the following key
dates (these dates are also discussed in Chapter 18):
The audit report date.
The report release date.
The documentation completion date.
Those dates, as well as the requirements for assembling and completing the audit file and making changes to the
workpapers, are discussed in the following paragraphs.
802.21 Audit Report Date. The audit report date represents the date that the auditor has obtained sufficient appropriate
evidence to support his or her opinion on the financial statements. Typically, such evidence includes evidence that: (AU-C
700.41)
The audit work has been reviewed.
The financial statements, including disclosures, have been prepared.
Management has taken responsibility for the financial statements.
This means that the auditors report should be dated using a date that signifies the completion of workpaper review, the
preparation of the financial statements, and the receipt of managements representation that they are responsible for the
financial statements (ordinarily in the management representation letter). The auditor cannot simply use the date that the audit
team left the field unless the requirements of this paragraph have been satisfied at that date.
802.22 According to AICPA Technical Practice Aid, The Effect of Obtaining the Management Representation Letter on Dating
the Auditors Report (TIS 9100.06.07), the auditor does not need to be in physical receipt of the management representation
letter on the date of the auditors report, but needs to have the signed letter in hand prior to releasing the auditors report. At
the date of the report, management has to have reviewed the final representation letter and, at a minimum, orally confirmed
that they will sign it without exception on or before the date of the representations. Management representation letters are
802.23 Report Release Date. The report release date is the date that the auditor gives the client permission to use the
auditors report in connection with the financial statements. For most audits, this will be the date that the auditor delivers the
report to the client. AU-C 230.15 requires the auditor to document the report release date in the workpapers. In most cases,
the report release date will be close to the date of the auditors report. If there are significant delays in releasing the report,
auditors need to consider whether to apply the guidance in section 1805 on subsequent events and that in section 1813 on
dating the auditors report.
802.24 Documentation Completion Date. SQCS No. 8 (QC 10.49) specifies that firms should establish policies and
procedures for engagement teams to complete the assembly of final engagement files on a timely basis after the engagement
reports have been released. Those policies and procedures need to comply with any time limits established by professional
standards, laws, or regulations that address the assembly of final engagement files for specific types of engagements.
Professional standards require workpapers to be completed on a timely basis (AU-C 230.07). In addition, the final assembly
and completion of the audit file should occur within 60 days of the report release date. AU-C 230.06 refers to the date that
workpapers should be assembled for retention as the documentation completion date. After that date, the auditor should not
delete or discard any documentation prior to the required five-year retention period discussed in paragraph 805.5. Auditors
may adopt documentation completion periods that are shorter than 60 days, either on an engagement-by-engagement basis,
or as part of the firms policy of quality control. In addition, the auditor needs to consider whether there are regulatory or state
requirements that specify a shorter documentation completion period.
802.25 While AU-C 230 does not specifically require the auditor to document the documentation completion date, as a
practical matter documentation of that date will ensure compliance with the requirement to complete final assembly of the
workpapers within 60 days of the report release date.
802.26 Assembling and Completing the Audit File. AU-C 230.A26 indicates that at any time prior to the documentation
completion date, the auditor is permitted to make changes to the workpapers that are administrative in nature, such as to:
Finalize the documentation and assemble the evidence that was obtained, discussed, and agreed among the audit
team prior to the date of the auditors report, including discarding to-do lists and superseded drafts, correcting
typographical errors, and changing notes that reflect incomplete or preliminary thinking.
Insert information that was received after the date of the auditors report such as replacing faxed copies of
confirmations with originals.
Perform routine file assembly procedures that might include sorting, cross-referencing, collating, and deleting or
discarding superseded documentation.
Sign off on file completion checklists prior to completing and archiving the workpapers.
The examples provided in this paragraph emphasize that changes to the workpapers after the date of the auditors report and
prior to the documentation completion date constitute those that are part of the wrap-up or workpaper filing process. In
order to meet the requirements of paragraph 802.21, the auditor would not be adding or changing information after the date
of the auditors report that was necessary to support the opinion on the financial statements. That is, the auditor should not
make changes after the report date that would have impacted the documentation of the work performed, the evidence
obtained, the conclusions reached, or the review that was conducted prior to that date.
802.27 Making Changes to the Workpapers. AU-C 230.14 provides requirements for audit documentation when the auditor
determines that it is necessary to make additions or other changes to the audit workpapers after the date of the auditors
report other than those activities noted in paragraph 802.26. Such changes may relate to the following:
a. Omitted Procedures That Would Have Been Considered Necessary at the Time of the Audit. In such cases, auditors
should follow the guidance provided by AU-C 585, Consideration of Omitted Procedures After the Report Release
Date. The consideration of omitted procedures is discussed further in section 1818.
b. Subsequent Discovery of Facts That Existed at the Date of the Report. For situations in which the auditor
subsequently becomes aware of information that existed at the date of the report but was not previously known to
the auditor, the provisions of AU-C 560, Subsequent Events and Subsequently Discovered Facts, should be followed.
This situation is discussed further in section 1818.
802.28 For those changes noted in paragraph 802.27, the auditor should make changes to the audit documentation to
record the performance of the new procedure or the new conclusions that were reached. The documentation of the changes
should include:
When and by whom the changes were made and reviewed.
The specific reasons for the change.
The procedures performed, audit evidence obtained, and conclusions reached, and their effect on the auditors
report.
The auditor needs to also consider whether there are regulatory or state requirements that differ from GAAS.
802.29 There might be other reasons an auditor considers it necessary to make an addition or change to the workpapers
after the documentation completion date. AU-C 230.A28 notes that an example of a circumstance in which the auditor may
find it necessary to modify existing documentation or add new documentation after the documentation completion date is the
need to clarify existing audit documentation arising from comments received during monitoring inspections. If the auditor
deems that additions or amendments are necessary for a particular reason, the authors believe that the auditor should
carefully consider the impact on the conclusions previously reached at the date of the auditors report and the opinion
expressed in the report. According to AU-C 230.18, in those situations, the auditor should document
The specific reasons for the change.
When and by whom the changes were made and reviewed.
802.30 The authors believe that the workpapers, whether completed in paper or electronic format, ought to clearly indicate
the items detailed in paragraph 802.28. Auditors ought to exercise care when adding information to an existing workpaper to
ensure that the documentation leaves little doubt as to what items were added, who made the change, and when it was made,
along with the conclusions impacted. In many cases, it may be more appropriate to add workpapers that denote the required
items versus attempting to append an existing workpaper.
802.31 Auditors may question how changes to the permanent file ought to be documented since additions and changes to
that file are made with each subsequent audit. According to AICPA Technical Practice Aid, Current Year Audit Documentation
Contained in the Permanent File (TIS 8350.01), documentation requirements apply to current year audit documentation
maintained in any type of file, including the permanent file, if such documentation serves to support the current years audit
report. This means that documentation completion and retention requirements apply to current year audit documentation
maintained in the permanent file as discussed in the following paragraphs.
802.32 The authors believe that if the auditor adds additional documentation to the permanent file pertaining to an audit
engagement that is past its documentation completion date, then the requirements of paragraph 802.28 would need to be
clearly indicated. Furthermore, if the changes affect any conclusions that were reached, the authors believe that this
information needs to be cross-referenced and documented in the applicable workpapers for the affected period. The authors
also believe that documents may not be deleted from the permanent file prior to the five-year retention period (or other
required period, if longer) discussed in paragraph 805.5. The retention period of the documentation normally will be governed
by the last audited year that the documentation was relevant. Some auditors may wish to establish a separate permanent file
for certain documentation that has expired and has no continuing relevance to current or future audit periods, but cannot be
discarded due to the retention requirements. If so, auditors need to use care to ensure that the nature of the documentation
and its original use and purpose are not altered. To appropriately monitor and provide a trail of items in the permanent file, it
is important that all items be dated when added to the file. The following example illustrates this guidance.
Example 8-1: Making changes to the permanent file.
On July 15, 20X5, the auditor obtains a copy of a significant lease agreement dated December 31, 20X4, and decides to
add it to the permanent file. The lease agreement was considered during the 20X4 audit, but was never added to the
permanent file. The documentation completion date for the 20X4 year-end audit was July 1, 20X5. The auditor is past the
documentation completion date for the first audit period to which the lease agreement relates. When adding that
document to the permanent file, the auditor indicates when and by whom it was added, the reason, and the effect on his
or her conclusions. In this case, the auditor simply initials and dates the agreement and indicates that it was considered
during the 20X4 year-end audit. The lease agreement has a five-year term (i.e., through December 31, 20X9); therefore,
the auditor retains it for five years (or other required retention period, if longer) following the report release date for the
20X9 audit.
802.33 Due to the practical difficulties of ensuring that permanent file changes are appropriately documented, documentation
is not inappropriately altered or deleted, and workpapers are appropriately retained, some auditors may wish to keep
permanent file documentation for each audit period intact and archived as part of that audit periods documentation. For files
maintained electronically, this may not pose any problems since a separate documents file or folder will be maintained for
each audit period. Thus, there would be a 20X1 permanent file supporting the 20X1 audit and a separate 20X2 permanent file
supporting the 20X2 audit, etc. For paper-based files, the auditor may want to photocopy files and records that need to be
carried forward to future periods so that the entire file is retained in its original state as used for a particular audit period.
802.34 Audit Documentation Recommendations. As long as the requirements of AU-C 230 outlined in paragraphs 802.6
and 802.9 are met, most of the decisions about specific workpapers will relate to (a) identifying financial statement
components for which workpapers need to be prepared and (b) the extent of detail on procedures and evidence for each
component. (See other documentation requirements in Appendix 8A.) When preparing workpapers, there are a number of
practical workpaper documentation techniques that the authors recommend auditors follow. Audit workpaper documentation
recommendations include the following:
Always identify the individuals who performed and reviewed the audit work and the dates completed and reviewed.
Clearly describe the purpose of the workpaper and the nature of the audit steps performed. For example, state
Examined vendors invoice, purchase order, and receiving report to determine that item is a proper charge to
repairs and maintenance rather than simply Vouched.
Identify client prepared schedules, including, if applicable, the title of the report, the period covered, and the date
prepared.
Initial and cross-reference from the work program to the documentation supporting the completion of the related
program step.
Document the resolution of all significant questions and issues raised during the audit, including discussions with
management and others. (See paragraphs 802.15802.16.)
Workpaper dos and donts from a legal liability standpoint are discussed in section 808.
802.35 Auditors need to be aware that peer reviewers frequently identify deficiencies related to missing audit programs,
missing workpapers, and inappropriate or incomplete workpaper content. Areas particularly susceptible to inadequate
documentation include:
Consideration of internal controls in planning the audit, including assessing control risk.
Assessment of the risk of material misstatement due to error or fraud, including inquiries of management, and
responses to assessed risks.
Significant audit issues and consultation on significant matters.
Consideration of going concern uncertainties.
Analytical procedures.
Materiality considerations related to unadjusted audit differences.
Corroboration of management inquiries and representations.
Compliance with loan covenants.
Support for significant estimates, including managements assumptions.
Internal control weaknesses reported to management or those charged with governance.
802.36 Summary Memoranda. Sometimes an auditor needs to explain unusual matters or accounting or auditing problems
in memoranda that are not provided for in the ordinary indexing system (see paragraph 802.15). However, some auditors
routinely include a place for a summary memorandum that discusses all the accounting or auditing matters that arose in the
engagement. The authors believe that, ordinarily, it is unnecessary in many smaller engagements to summarize findings in an
overall summary memorandum. Including relevant documentation within each audit area is generally sufficient. Use of audit
summary memoranda is discussed further in section 1817.
Additional Purposes of Workpapers
802.37 In a small business engagement, workpapers usually serve other purposes besides those explained in this section. In
particular, workpapers are often used as a basis to draft the financial statements, tax returns, and other reports. For this
reason, workpapers in a small business engagement may contain more information than would otherwise be required to
conform with professional standards. Since workpapers serve as a source of information, there will probably be more detailed
schedules in support of specific financial statement components.
803 TYPES OF WORKPAPER SCHEDULES
803.1 In many engagements, a large part of the workpapers will consist of detailed schedules. The main types of supporting
schedules are as follows:
a. Account Analyses. An analysis shows the activity in a balance sheet account. It starts with the beginning balance,
shows the transactions (additions and reductions) affecting the balance, and concludes with the ending balance.
Significant types of transactions might be summarized in the account analysis and shown on a cross-referenced
supporting schedule. Account analyses are often prepared for investments; allowance for doubtful accounts;
property, plant, and equipment; long-term debt; and owners equity accounts.
b. Lists or Trial Balances. A list shows the detail making up an ending balance of a balance sheet or income statement
account. In contrast, an analysis shows the activity during the year. This type of workpaper schedule is often used
for accounts receivable, accounts payable, repair and maintenance expense, miscellaneous income and expense,
and legal expense.
c. Reconciliation Schedules. A reconciliation relates an amount in the accounting records to another source of
information. It supports an account balance by showing that the balance agrees with other information. Common
reconciliations include: cash book balance with bank statement, subsidiary accounts receivable balances with
customer confirmation, or accounts payable balances with vendors statements.
d. Comparison Schedules. A comparison is a side-by-side presentation of amounts in the accounting records with
other relevant information, such as prior years amounts, budgeted amounts, related operating data, industry
statistics, or calculations made by the auditor to test overall reasonableness. It is the workpaper record of applying
most types of analytical procedures. Comparison schedules are often used to document analytical procedures,
especially for revenue and expense accounts.
e. Procedure Descriptions or Results. A description of procedures or results is limited solely to explaining auditing
procedures applied or the results of applying procedures. It might be a summary of the results of procedures, e.g.,
summary of inventory observations or an explanation of procedures applied to supporting documents. It might also
be documentation gathered by an auditor when applying procedures, e.g., confirmation replies, representation
letters from the client or lawyers, copies of client agreements, etc.
803.2 Analyses and lists are the primary workpaper schedules that provide information for the preparation of financial
statements, tax returns, and other reports, as well as a record of related audit work. The other workpapers provide a record of
audit work that cannot conveniently be incorporated in analyses or lists. All these workpapers need to be organized and
arranged in a manner that promotes efficiency and effectiveness.
804 WORKPAPER ORGANIZATION AND ARRANGEMENT
804.1 Standardized methods of filing, indexing, and cross-referencing workpapers need to be established so the workpapers
are concise, clear, and complete. Professional standards do not specify any requirements for workpaper mechanics. An
auditor has substantial freedom, but unfortunately some auditors tend to adopt complex methods for basically mechanical
matters, such as indexing. In this area, simplicity needs to be the rule. The following approach is suggested for engagements
where audit documentation is maintained in paper form. However, many of the organization and arrangement concepts
discussed might similarly apply to an electronic environment. Additional guidance unique to electronic workpapers is
presented in section 807.
The Trial BalanceBackbone of the Workpapers
804.2 A general ledger trial balance is often called the backbone of the workpapers. This is particularly true in a small
business engagement because the trial balance:
a. Serves as the means for accumulating and arranging general ledger account balances to prepare financial
statements.
b. Aids planning, review, and control of audit work by showing the relative importance and relationship of account
balances and by identifying supporting schedules.
c. Serves as an overall index of the workpapers for specific account balances.
d. Aids in ensuring that all balances have been tested (either through detailed procedures or analytical procedures).
The format chosen for the trial balance naturally influences the organization of the other workpapers. The main choices in
format are:
a. An unclassified trial balance.
b. A detailed classified trial balance.
c. A condensed classified trial balance.
Most trial balance software provides a classified trial balance format that allows for the efficient preparation of lead or
summary schedules and financial statements.
804.3 Unclassified. An unclassified trial balance simply lists accounts in general ledger order. Both forms of classified trial
balance use financial statement order. An unclassified trial balance is obviously easier and quicker to prepare. However, it is
sometimes necessary to use separate grouping or assembly schedules to combine accounts to prepare financial statements.
In an initial audit, an unclassified trial balance may be the only choice.
804.4 Detailed Classified. A detailed classified trial balance lists all the general ledger accounts, but the accounts are
grouped and subtotaled by financial statement component (line item). Using this approach, separate grouping or assembly
schedules are not needed.
804.5 Condensed Classified. A condensed classified trial balance shows only the components of financial statements (line
items). The account balances that support these components are shown, in detail, in lead or summary schedules. The lead
schedules are filed together with the workpapers for these specific accounts.
804.6 A Suggested Trial Balance Approach. Generally, using a condensed classified trial balance with lead schedules is
unnecessarily cumbersome and complex for many engagements especially smaller audits. The choice between an
unclassified trial balance and a detailed classified trial balance depends on how many accounts are in the general ledger. If
accounts are not too numerous, an unclassified trial balance is usually best. Sometimes the use of assembly or grouping
schedules can be avoided by using reclassification entries to combine accounts. An example of the headings that might be
used in a trial balance is shown in Exhibit 8-2.
Exhibit 8-2
Example Headings for Trial Balance Workpaper
Account
Number
Account
Title
Workpaper
Reference
Audited
Balances
12-31-X1
Book
Balances
12-31-X2
Adjustments or
Reclassifications
Dr. (Cr.)
Audited
Balances
12-31-X2
* * *
Indexing and Organization of the Workpapers
804.7 Workpaper files normally fall into three general categories: (a) the permanent file, (b) the general file, and (c) the
account balance files. There is a great deal of flexibility and individuality in the contents of these files and the way they are
indexed and cross-referenced. The important thing is that some type of well-organized but simple system be uniformly
adopted on all engagements. This Guide includes a section entitled Firm Policies which can be used to document your
firms unique indexing system and other workpaper documentation policies. The authors recommend that firms invest the
necessary time to develop well thought-out indexing and other documentation standards to promote consistency among
engagements, document control, and review efficiencies. SQCS No. 8 indicates that engagement performance quality control
policies and procedures need to encompass appropriate documentation of the work performed and of the timing and extent
of review. The following discussion may be helpful in designing the firms indexing system.
804.8 The Permanent File. The workpapers in this file are either general information about the clients organization and
operations or specific documents supporting transactions over several accounting periods. The permanent file might include:
Possible Index Description
PF-I Carryforward workpapers such as:
PF-I-1 Lease expense.
PF-I-2 Depreciation expense.
PF-I-3 Ratio analysis.
PF-II Information (and related carryforward checklists) about the
clients industry, business, control environment, and
accounting system.
PF-III Copies of articles of incorporation, bylaws, partnership
agreement, etc.
PF-IV Copies or extracts of contracts and agreements such as:
PF-IV-1 Long-term debt agreements.
PF-IV-2 Long-term leases.
PF-IV-3 Bonus or other compensation agreements.
PF-IV-4 Pension or profit sharing plans.
PF-V Initial engagement data such as:
PF-V-1 Correspondence with predecessor auditor.
PF-V-2 Copies of tax returns or financial statements.
804.9 The index illustrated in the preceding paragraph is one of many possible indexes that can be used for the permanent
file. The important thing is to use an index code for the permanent file that is distinct from the index used for the annual audit
workpapers.
804.10 As noted beginning at paragraph 802.31, permanent files can pose challenges when complying with the requirements
of AU-C 230 regarding (a) changes to the audit file after the documentation completion date and (b) workpaper retention.
However, in an electronic environment, a separate documents file or folder may be maintained for each audit period and
carried forward with appropriate additions and deletions made during the audit, making it less complicated to comply with the
previously described requirements.
804.11 The General File. The general file contains forms, schedules, correspondence, etc., that are not directly related to
the financial statement components and supporting schedules. This file might include:
the financial statement components and supporting schedules. This file might include:
Possible Index Description
Gen. Prog. The general programs that list planning, supervision,
completion, and review steps.
F/S Financial statement disclosure checklists, copies of the
referenced financial statements and auditors report, related
worksheets, and note information.
TBs Trial balances and adjustments. (Some firms file these in the
account balance files.)
Plan. Audit strategy and planning documentation, including
checklists, such as the Risk Assessment Summary Form
(ASB-CX-7.1) and documentation of planning materiality.
Super. Control and supervision schedules, e.g., review checklist, time
budget, documentation checklist, misstatement summary and
evaluation form, etc.
Reps. Representations or correspondence, e.g., engagement letter,
management representation letter, legal representation letter,
etc.
Minutes Extracts or copies of minutes.
Sub. Rev. Subsequent events review checklists, extracts of minutes, etc.
R. Party Related party checklists and confirmation letters.
I/C Mat. Internal control related matters (i.e., internal control
deficiencies for possible communication).
804.12 In indexing the general file, the main consideration is using a system that distinguishes these matters from the index
system used for account balance files. A simple, but effective, method is to use tabs or folders to divide the general file into its
major components, e.g., gen. prog., f/s drafts, etc. General workpapers for each component are filed in the appropriate area,
but not individually indexed. Some auditors prefer to consecutively number the contents, e.g., GP-1, GP-2, etc., and add a
table of contents identifying each item in the general file.
804.13 The Account Balance Files. The largest part of the workpapers will be schedules supporting the trial balance
accounts. Common indexing systems use letters, numbers, or a combination of letters and numbers. For example, using the
financial statement components similar to those covered in the chapters of this book, the account balance files might include:
Alpha Index Numeric Index Combination Description
A 1000 A Cash
B 1500 B Accounts Receivable and Sales
C 2000 C Inventory and Cost of Sales
D 2500 D,E, or F Investments and Derivatives
E 3000 L, M, or N Other Assets
F 3500 U or V Property
G 4000 AA, BB, or CC Accounts Payable and Other
Liabilities
H 4500 DD or EE Long-term Debt
I 5000 FF Income Taxes
Alpha Index Numeric Index Combination Description
J 5500 SS Equity
AA 6000 10 Operating Expenses
BB 6500 20 Extraordinary or Unusual Items
804.14 The individual supporting schedules for each component would add numbers to either the letters or numbers for each
component. For example: petty cash could be A-1 or 1000.1; cash in the general account could be A-2 or 1000.2; and cash in
the payroll account could be A-3 or 1000.3. Related workpapers would be indexed accordingly. For example, the bank
reconciliation for cash in the general account might be A-2-1 or 1000.21. A system that is practical on extremely small
engagements is to simply use a divider tab or folder with the name of the account, e.g., cash, receivables, etc., or A, B, C, etc.
Corresponding account workpapers are filed without being individually indexed. At the completion of the audit, before
permanent filing, the pages are numbered in each area, e.g., 1 of 10, 2 of 10, etc.
804.15 Location of Audit Programs. Audit programs are planning information and might be filed in the general file.
However, the authors recommend that the audit programs for a particular engagement be filed by area, i.e., with the other
workpapers for the relevant financial statement component. For example, using the indexing system explained in paragraph
804.13, the work program for cash would be indexed A-Program.
804.16 This form of filing aids a reviewer who needs to assess whether sufficient, appropriate audit evidence was obtained by
the procedures applied. Before a workpaper is prepared, an auditor needs to ask the following:
a. What audit purpose is served by preparing this workpaper?
b. Is preparation of this workpaper essential to achieving one or more specific audit objectives or to complying with
audit documentation requirements?
If work programs are filed with the other workpapers in an area, an auditor is more likely to consider whether a description of
the results of applying procedures in the program is sufficient documentation.
804.17 Use of Tickmarks. Making a record of the audit procedures applied is an important part of workpaper preparation.
One way to accomplish this is by using tickmarks, which are notations on the workpapers next to an amount indicating the
procedure applied to it. For example, a check mark (n) next to a column total might be explained at the bottom of that
workpaper as meaning that the column has been footed.
804.18 Many auditors find it convenient to use standardized tickmarks so a specific notation always means the application of
a particular audit procedure. Standardization of tickmarks makes review of workpapers easier and can save time. Again, a
tendency for unnecessary complexity needs to be avoided. A typical practice is to use initials for common procedures. For
example:
a. TBbalances on a workpaper traced to trial balance.
b. GLbalance traced to general ledger.
c. Fcolumn footed or cross-footed.
d. Camount confirmed.
805 OTHER WORKPAPER CONSIDERATIONS
Ownership, Confidentiality, and Retention
3(49)
805.1 Ownership. The application and other explanatory material section included in SQCS No. 8 provides guidance relating
to the ownership of engagement documentation. QC 10.A62 indicates that engagement documentation is the property of the
firm unless otherwise specified by law or regulation. The firm may choose to make portions of, or extracts from, engagement
documentation available to its clients, as long as doing so does not undermine the validity of the work performed or the
independence of the firm or its personnel, if applicable.
805.2 Client Access. Interpretation 1 of Rule 501 of the AICPA Code of Professional Conduct divides workpapers into four
groups and identifies which workpapers the auditor should provide to the client (or former client) upon request.
a. Client Provided Records. This includes information belonging to the client that was provided to the auditor by or on
behalf of the client and that is normally a part of the clients accounting records, such as property and depreciation
schedules. The auditor should return these records to the client.
b. Client Records Prepared by the Member. This includes accounting or other records prepared by the auditor for the
client, such as tax returns, general ledgers, or payroll detail schedules. These records should be provided to the
client, but may be withheld if they are incomplete or if fees related to the engagement to prepare them are unpaid.
c. Supporting Records. This includes information that is not reflected in the clients books and records but that is
necessary for the clients records to be complete. Examples include journal entries made during the audit (such as
adjusting, closing, reclassification, or consolidating entries). These records (if they relate to a completed audit)
should be provided to the client. However, they may be withheld if there are unpaid fees.
d. Members Workpapers. This includes, among other things, audit programs, analyses, sampling results, and
schedules prepared by the client at the auditors request. These workpapers are the auditors property and there is
no requirement to provide them to the client. However, in some situations, federal or state statutes and regulations
or contractual agreements may impose a requirement to provide certain workpapers to the client. Also, AU-C
230.A29 states that an auditor can provide his or her client with copies of audit documentation on a discretionary
basis, if it does not impact the independence or validity of the audit process.
In addition to the AICPA rules noted above, certain state societies have adopted specific rules regarding withholding client
records. However, Interpretation 1 of Rule 501 makes it clear that it applies even if state law grants the auditor a lien on client
records in his or her possession.
805.3 For records that the auditor has an obligation to return or provide the client, the auditor may:
Charge a reasonable fee for the time and expense incurred in retrieving and copying the records. Such fees may be
payable prior to the time the records are provided.
Provide the records in any format that is usable by the client. However, if the client requests a specified format and
the records are available in that format, the clients request should be honored.
Make and retain copies of the records.
The auditor should honor the clients request for the records as soon as practicable, but unless there are extenuating
circumstances, no later than 45 days following the request.
805.4 Confidentiality. The need to maintain a confidential relationship with a client is expressed in AU-C 230.19 and in Rule
301 of the AICPA Code of Professional Conduct. The Rule states, A member in public practice shall not disclose any
confidential client information without the specific consent of the client. Ordinarily, workpapers can be shown to someone
else only with the clients explicit permission. This is true even if an auditor sells an audit practice to another auditor, and it
also applies to a predecessor communicating with a successor auditor. However, explicit permission is not necessary for
making workpapers available if subpoenaed in connection with a court proceeding, if requested in an ethical disciplinary
proceeding, or if submitted in an AICPA, PCAOB, or state CPA society authorized quality or peer review program. Also, Ethics
Ruling No. 20 under Rule 301 clarifies the auditors responsibility when providing confidential client information to the
auditors professional liability insurance carrier. It provides that the auditor does not need to obtain a clients permission if the
information is provided solely to assist in the defense against an actual or potential claim against the auditor. Auditors should
adopt reasonable procedures to maintain the confidentiality of client information and to prevent unauthorized access to the
workpapers.
4(50)
805.5 Retention. Auditors should establish policies and procedures regarding the retention of workpapers.
5(51)
These
policies should be for a time frame that meets the needs of the auditors practice and considers any regulatory or legal
requirements regarding document retention. (SQCS No. 8, QC 10.51) AU-C 230.17 specifically indicates that this period
should not be shorter than five years from the report release date. In addition, the procedures adopted need to enable the
auditor to access electronic workpapers throughout the retention period (see section 807). Some auditors maintain their
workpapers permanently, either in hardcopy or electronic format. However, keeping workpapers indefinitely is generally both
costly and unnecessary. Many auditors have adopted periods of retention that exceed five years, for example, periods
ranging from 7 to 10 years.
6(52)
The important point is that if workpapers are discarded, it needs to be done in accordance
with professional standards and legal or regulatory requirements following an established firm policy that is consistently
applied.
7(53)
Section 808 discusses various workpaper retention issues relating to managing the risk of legal liability.
Review
805.6 A distinction has to be made between audit review of workpapers and postaudit review. The review of workpapers that
is made at the completion of an engagement is discussed in section 1811. Postaudit reviews, or reviews that might be made
of workpapers after an audit is completed, can take a variety of forms. There may be an in-house inspection of workpapers
made as part of the firms quality control program. There may also be a review by outside parties made as part of a peer
review program or a government agencys quality inspection program. The possibility of outside review need not have any
overriding effect on workpaper practices. Some auditors believe that a large increase in the extent of documentation is
needed if an outside review is likely. That may not be true. A firm ought to adopt workpaper policies and practices that are
necessary for efficient and effective conduct and supervision of audit engagements. Auditors need to be aware, however, that
additional documentation may be necessary to meet the requirements of some outside reviewers, such as federal
government agencies and certain states.
Ensuring the Integrity of Workpapers
805.7 According to SQCS No. 8 (QC 10.50), firms should apply appropriate, reasonable controls to protect the integrity,
retrievability, and accessibility of workpapers. Controls are necessary to prevent workpapers from unauthorized use or
alteration or from becoming lost or damaged. According to QC 10.A56, such controls may:
Enable clear identification of when and by whom documentation was created, changed, or reviewed.
Protect the integrity of the information at all stages of the audit. This is critical when the information is shared among
the audit team or electronically transmitted to other parties.
Permit necessary access to the documentation by the audit team or other authorized parties.
Prevent unauthorized changes to documentation.
The authors recommend that firms develop consistent policies and underlying controls for all audit engagements that address
integrity, retrievability, and accessibility. However, such controls may vary based on the stage of the audit (e.g., field work still
in progress, after field work but before the documentation completion date, and after the documentation completion date) and
the nature of the workpaper media (e.g., paper or electronic). Section 807 discusses procedures that would help achieve
these control objectives for electronic workpapers.
Loss or Destruction of Audit Documentation
805.8 A Technical Practice Aid (TIS 8345.02) addresses the destruction of audit documentation by fire, flood, or natural
disaster. The authors believe the guidance also would apply if workpapers are lost, deleted, or damaged due to other
circumstances. The TPA indicates that if audit documentation is destroyed prior to the issuance of the auditors report, the
auditor must either recreate the audit documentation for the procedures performed or re-perform the audit procedures and
create new documentation. The auditor cannot issue a report indicating that he or she has performed an audit under
professional standards without the required documentation. As noted in paragraph 802.2, an auditor cannot use oral
explanations as the principal support for the work that was performed.
805.9 When determining whether to recreate the documentation or re-perform the procedures, the auditor needs to consider
whether he or she will be able to demonstrate that sufficient audit evidence has been obtained to afford a reasonable basis for
expressing an opinion on the financial statements. The auditor needs to consider the guidance and requirements for audit
documentation outlined in this chapter when making that decision. Except for very small engagements, the authors believe it
is unlikely that the auditor will be able to recreate sufficient documentation without re-performing at least some of the
procedures.
Access by Regulators to Workpapers
805.10 An Auditing Interpretation at AU-C 9230.01.15 provides guidance for auditors who are required to provide access or
copies of audit workpapers to a regulator. The following summarizes the guidance provided by the interpretation.
a. If the auditor is required by law, regulation, or audit contract to provide access to workpapers to regulators, the
auditor may include in the engagement letter an acknowledgment by the client that the workpapers are the property
of the auditor but that regulators may be provided access. The Audit Engagement Letter at ASB-CL-1.1 includes
suggested language that can be used for this acknowledgment.
b. If a regulator has requested access to workpapers pursuant to law, regulation, or audit contract, the auditor may:
(1) Consider notifying the client that a regulator has requested access (and in some cases copies of) the
workpapers and the auditor intends to comply with the request.
(2) Make the necessary arrangements for the review with the regulator.
(3) Maintain control over the original workpapers.
8(54)
(4) Consider submitting a letter to the regulator prior to allowing access that:
(a) States the auditors understanding of the purpose for which access has been requested.
(b) Discusses the audit process and the limitations inherent in an audit of the financial statements.
(c) Discusses the purpose for which the workpapers were prepared and explains that any individual
conclusions must be read in the context of the auditors report on the financial statements.
(d) Communicates, except when not applicable,
9(55)
that the audit was not planned or conducted
contemplating the purpose for which access is being granted or to assess the clients compliance with
laws and regulations.
(e) Communicates that workpapers and the audit should not substitute for other inquiries and procedures that
should be performed by the regulator for its purposes.
(f) Requests confidential treatment under the Freedom of Information Act or similar laws or regulations when
a request is made for the workpapers and that the auditor be notified in writing before any information
contained in the workpapers is transmitted to others, including other governmental agencies, unless such
transfer is required under law or regulation.
(g) Requests that if any copies are to be provided by the auditor, they will be identified as Confidential
Treatment Requested by [CPA Firms Name, address, and telephone number].
The interpretation includes an example letter the auditor can use to communicate the above information to the
regulator.
c. If the auditor has been requested to grant access to workpapers by a regulator and the auditor is not required by
law, regulation, or audit contract to provide such access, the auditor may wish to consult with his or her legal
counsel regarding the request. In addition, the auditor needs to obtain the clients consent, preferably in writing,
before granting access to the regulator.
805.11 The interpretation also provides guidance to auditors who have been requested to provide access to workpapers
before the audit is complete and the report has been issued. In addition, the interpretation notes that the auditor may obtain
an acknowledgment from the regulator that any third parties acting on behalf of the regulator, such as another CPA firm, are
bound by the same restrictions on disclosure and use of the information in the workpapers as the regulator.
806 WORKPAPER EFFICIENCIES
806.1 Chapters 10 through 17 each contain a section on workpaper considerations. Those sections explain the workpapers
that are normally necessary to apply audit procedures for that account balance and provide suggestions on efficient format
and preparation techniques.
806.2 Some general suggestions for efficient workpaper preparation are:
a. Use Existing Client Schedules. Consider the schedules the client regularly prepares, e.g., bank reconciliations, and
assist the client in establishing a format for the schedule that is suitable for audit purposes and can be copied.
b. Use One Schedule for Several Matters. Consolidate related information on a single schedule whenever possible
(e.g., in the receivables area, document subsequent cash receipts directly on the aged trial balance and summarize
confirmation results on the face of the same schedule).
c. Use Summary Procedure Descriptions. Prepare a summary description of procedures instead of a schedule if the
schedule is not needed to satisfy audit objectives or meet documentation requirements. For example, do not
prepare an interbank transfer schedule if a visual comparison of the clients information is sufficient.
d. Avoid Unnecessary Procedures. Do not perform audit procedures simply because a schedule has been prepared for
the workpapers. A schedule may often simply be scanned for reasonableness, and no other procedures may be
necessary.
e. Use Standardized Tickmarks. Adopt a standardized tickmark sheet for procedures that are repeated often.
806.3 Workpaper efficiencies are possible if the auditor is auditing the financial statements of multiple entities with a common
participant. Examples would be multiple joint ventures with the same partner or multiple investment funds with the same
administrator. If the entities have common functions, the same documentation may be relevant for all of the entities. Examples
include a common control environment or a common disbursement system. The auditor can prepare workpapers that
document the common controls that can be used in the audit documentation for each entity. Other efficiencies may also be
possible. For example, the auditor may be able to hold one audit team meeting to discuss common potential fraud and error
risks for the entities and prepare one memorandum to document that discussion that can be used in the working papers for
each entity. The auditor needs to exercise care to ensure that any differences among the entities are recognized and suitably
documented, such as through an addendum memorandum that identifies any unique or unusual matters for particular entities
within the group.
807 ELECTRONIC (PAPERLESS) WORKPAPERS
807.1 In recent years, the auditing profession has moved to performing paperless audits. Paperless engagement software
tools range from program generators that assist staff in planning and risk assessments to comprehensive applications that
allow an engagement team to perform virtually all of its work via computer. Underlying all of these software applications is a
common desire to increase effectiveness and efficiency. Effectiveness can be improved in two waysby using the software to
guide the professional judgments required of engagement team members, and by defining the way auditors perform,
document, and organize their work. Efficiency is also enhanced due to the improved portability of the work product. Work that
is documented electronically can easily be transmitted to other team members or to reviewers for their use. The auditor can
increase the level of electronic workpapers by requesting the client to prepare and submit schedules in electronic format.
807.2 An effective paperless engagement software tool can provide tangible improvements in a firms audit process.
However, moving to a more paperless approach often raises questions regarding workpaper documentation requirements in
an electronic environment. Auditing standards contain minimal guidance regarding electronic workpapers. AU-C 230.A5 notes
that audit documentation can be recorded on electronic or other media. SQCS No. 8 (QC 10.A58) indicates that auditors
need to apply procedures to ensure a faithful copy, both in form and content, when transferring or copying paper
documentation to other media. This section addresses some of the issues firms face using a paperless audit approach.
807.3 Engagement CS from CS Professional Suite automates the engagement process, thereby assisting firms to make a
smooth transition to a more paperless audit approach. Engagement CS allows auditors to prepare, organize, and track every
document that is needed as part of their engagement workpapersincluding Word and Excel documents, documents
prepared in other software applications, and documents such as engagement letters and confirmations that are kept in
hardcopy form. Engagement CS also allows electronic workpapers to be easily shared among engagement team members
and reviewed by authorized reviewers. PPC offers Checkpoint Tools, which are designed to enhance productivity when used
in combination with a PPC audit guide. The Checkpoint Tools include PPCs Workpapers, PPCs Practice Aids, PPCs SMART
Practice Aids, PPCs Interactive Disclosure Libraries, and PPCs Engagement Letter Generator.
PPCs Workpapers provide practice aids not available in PPC Guides and help auditors standardize the format of
their firms workpapers.
PPCs Practice Aids are Word & Excel versions of all editable practice aids contained in a PPC Guide.
PPCs SMART Practice Aids are tools that bring enhanced functionality to existing Practice Aid products by
automating specific audit processes and generating completed practice aids.
PPCs Interactive Disclosure Libraries provide electronic versions of disclosure checklists and real-world examples
illustrating every disclosure required by GAAP.
PPCs Engagement Letter Generator is interactive software that automates the process of drafting engagement
letters.
Checkpoint Tools can be integrated with Engagement CS or used on a stand-alone basis. The PPC products can be ordered
by calling your Thomson Reuters representative at (800) 431-9025. Engagement CS can be ordered at (800) 968-8900 or
from the CS Professional Suite website at http://cs.thomsonreuters.com.
Determining Which Documents to Keep in Hardcopy Form
807.4 A firm using a more paperless audit approach still needs to address which workpapers will be kept in electronic form
and which might be kept in hardcopy form. In addressing this issue, the following three questions may be considered:
What do professional standards require?
What is legally required?
What works best for the firm (that is, what maximizes the firms effectiveness and efficiency in its specific operating
environment)?
807.5 Professional Standards. Professional standards (GAAS) do not restrict the form of audit evidence accumulated to
support a GAAS audit. Accordingly, electronic evidence is permissible. This allows for electronic workpapers without manual
signatures or initials, scanned confirmation replies, etc.
807.6 Email correspondence with third parties (including confirmation replies) would also be acceptable, but the auditor
needs to make sure that the electronic communication channel is secure to ensure that the responses are, in fact, directly
from the third parties without risk of an alteration by the client. Also, when auditors receive confirmation replies by e-mail, they
might consider some of the same additional steps that are considered when a response is received by fax (as discussed in
paragraph 1101.38).
807.7 Legal Considerations. A distinction needs to be drawn between contracts in which the auditor is a party and
documentation accumulated by the auditor as evidential matter to support the performance of an audit under GAAS. For
contracts in which the auditor is a party, retaining a hard copy may be legally required in some states and would therefore be
considered a best practice. This relates to all such documents (for example, management representation letters, engagement
letters or other contracts, and related party confirmations) that are signed.
807.8 Attorneys have advised that CPAs maintain an original signed hard copy of every contract. Even though a copy is often
admitted into evidence, best evidence rules exist under which a copy is not admissible if the original is available. Auditors may
consult their legal counsel and insurance carriers about legal requirements for evidential matter in their applicable
jurisdictions (including all jurisdictions in which they might be held responsible) when deciding which documents need to be
kept in hardcopy form.
807.9 The federal Electronic Signatures in Global and National Commerce Act (the E-Sign Act) provides a framework to
resolve issues related to e-signatures. The law provides that records, signatures, or contracts cannot be denied legal
enforceability solely because they are in electronic form. While e-signatures and electronic contracts will eventually change
the way business is done, some experts indicate that they will take time to catch on. Many legal details related to e-signatures
and electronic contracts remain to be worked out (and many of these issues will likely be resolved through litigation). In
addition, technology for e-signatures is still evolving. For example, possible methods for recording e-signatures include retinal
scans, fingerprint scans, or an image of a persons face, scanned by a computer and matched with code located on the
servers of security companies. Auditors encountering issues related to e-signatures or electronic contracts may consult with
their legal counsel for further guidance.
807.10 Determining What Works Best for the Firm. After considering the requirements of professional standards and
understanding legal considerations, a firm still needs to determine what best meets its individual needs. Two key decisions
are whether the firm will continue to print workpapers (as discussed beginning in paragraph 807.14) and whether the firm will
scan documents. These decisions are influenced by how much priority the firm places on moving to a more paperless audit
approach.
807.11 Scanned Documents. If a firms goal is to achieve a truly paperless audit, then scanning of documents will be
necessary. The desire to achieve a 100% paperless audit clearly needs to be balanced against the time and effort necessary
to scan documents, as well as the legal considerations mentioned in the previous paragraphs.
807.12 Some firms, in the interest of minimizing their need to store hardcopy workpapers, may choose to scan all documents
and keep hard copies of only those documents that legally need to be kept in hardcopy. Firms that scan documents need to
apply appropriate procedures to ensure that they generate a faithful copy, both in form and content, when performing the
scanning. For example, care needs to be taken that both sides of two-sided documents are scanned. Other firms may choose
to not scan any documents, preferring instead to keep all manually-prepared documents in hardcopy form. This is also an
acceptable alternative and needs to be decided based on firm preference. However, firms need to ensure that all
manually-prepared documents are effectively organized and tracked.
807.13 The following are examples of workpapers that some firms prefer to keep in hardcopy form:
Engagement letters.
Management representation letters.
Confirmation replies (especially critical confirmations related to related-party transactions or sales side agreements).
Required auditor communications (such as audit reports and communications of internal control related matters).
Other signed communications (such as communications with predecessor, principal, or other auditors).
Signatures and Sign-offs
807.14 Signatures and sign-offs are important in an audit engagement. They are used by engagement team members to
indicate they have performed work. In a paper environment, audit workpapers are signed or initialed by engagement team
members to indicate they have completed or reviewed the workpaper. Similarly, audit program steps are initialed by team
members to indicate they have performed the steps. In an electronic environment, the same or similar type of sign-off is
needed. However, professional standards (GAAS) do not require manual signatures or initials (in the same way that a manual
signature on the auditors report is not required). Initials and names may simply be typed.
807.15 Auditors performing audits electronically might be concerned if an engagement team member is able to type in
someone elses initials (for example, if an audit staff member could potentially type the partners initials indicating that a
workpaper has been reviewed by the partner). While this is a reasonable concern, this issue is related more to the firms
culture than to the use of an electronic engagement tool. In other words, this same risk currently exists in paper
engagements. Nevertheless, audit documentation should indicate the engagement team members who performed and
reviewed the work, and some electronic engagement software applications provide for an automatic and controlled sign-off
by preparers and reviewers.
Backing up and Archiving
807.16 Firms wishing to pursue electronic engagements need to develop and communicate effective procedures for backing
up documents, backing up engagements, and archiving engagements once the job is complete. Good backup procedures
are critical. As anyone who has ever lost critical documents knows, the resulting frustration and inefficiency can be significant.
In an audit engagement, lost documents or engagements simply are not an option. As noted in paragraph 805.7, auditors
should adopt reasonable and appropriate controls to protect the integrity of the workpapers. Certain of these controls would
apply to the backing up and archiving process. Lost or damaged workpapers are discussed in paragraph 805.8.
807.17 Saving Changes to Documents. When using the computer to create any document, auditors need to save changes
frequently (e.g., every 15 to 20 minutes). This is a simple process in most software applications and helps protect the
auditors work in the event of a power loss or system outage.
807.18 Backing up Engagements. In addition to saving changes to individual documents, the audit engagement team
needs to follow regular back-up and replication procedures during the course of the audit. Work performed on individual PCs
that is to become part of the electronic workpapers needs to be backed up frequently (e.g., hourly as the work is performed,
or at least daily) following typical PC back-up practices. A policy needs to be in place requiring backup of the electronic
engagement workpapers from individual hard drives to a central location (for example, hourly, or at least daily, backups to
another medium such as a USB flash drive, Zip drive, or to a network).
807.19 Backup can often be accomplished most effectively through the use of a backup utility. For example, most versions of
Microsoft Windowsr ship with a simple utility (other backup utilities are available in the market) that allows users to back up
their entire hard drive or selected files to another source such as a USB flash drive, Zip drive, or network drive.
807.20 Once the auditor has made a backup file, the auditor can use the backup utility to restore the saved engagement if
the original files are damaged or lost (for example, if information is lost or corrupted). Even with an effective backup utility,
however, work performed since the last backup may be lost. Also, the restored documents will be restored in the state in
which they existed at the time the auditor backed them up. To minimize the chance of lost work, frequent (hourly, or at least
daily) backups need to be made.
807.21 Archiving Engagements. Archiving an engagement is essentially the same as backing up an engagement, but
archiving occurs at the end of the engagement. Archived engagements serve as the final copies of the workpapers that are
saved for future reference. As with paper engagements, electronic engagements need to be archived and stored once the
engagement is finished. (See related discussion at paragraph 802.24.) The workpapers need to be easily accessible for use in
future engagements, for peer review, or for other purposes. Archiving engagements is particularly important in light of the
SQCS No. 8 (QC 10.50) requirements related to the integrity, accessibility, and retrievability of documentation.
807.22 The following paragraphs discuss archiving and storage issues assuming that engagement workpapers are
completed and reviewed electronically. The audit workpapers are not printed (or all printed copies are destroyed) and the
only hardcopy documents are manual documents such as confirmations, engagement letters, etc. If the firm chooses another
option for printing workpapers, the archiving policies need to be modified accordingly.
807.23 The firms policies for archiving electronic engagements need to ensure that:
All interim backups made during the engagement are deleted.
Any documents still residing on other media or as email attachments are deleted from those locations.
Workpapers printed during the engagement are discarded unless they are intended to be part of the final
workpapers for the engagement.
Superseded memos, to do lists, and other personal electronic documents that are not intended to be part of the
final workpapers are discarded in accordance with firm policy.
Review notes are deleted.
All electronic workpapers not part of the archived files are removed from computers used in the engagement.
Only a limited number of copies of the engagement workpapers are kept.
The engagement workpapers (including any manual hardcopy documents) are kept in a secure location(s) with
controlled access.
The engagement workpapers (including any manual hardcopy documents) are stored in an organized manner so
they can be easily retrieved.
807.24 After the firms policies for archiving are established, the firm needs to take steps to ensure the policies are effectively
implemented. As with any new policies, it is relatively easy to develop the policies, but it takes effort to ensure they are
actually implemented. One of the best ways to ensure that the policies are followed is to make this the responsibility of a
designated member of the engagement team. This will often be the senior or the supervisor, but could be any engagement
team member.
807.25 Prior to completion of the engagement, it is important that individual engagement team members delete from their
hard drives, emails, and personal folders any audit-related information that is superfluous and not intended to be included in
the final archived workpapers. One approach for ensuring that this is done would be for each engagement team member to
confirm in writing that this has, in fact, been done.
807.26 It is also important that electronic workpapers be locked down at the conclusion of the audit so that, in the conduct of
the subsequent years audit, a roll forward or other update does not result in the elimination of the documentation that existed
in support of the prior year audit. In addition, one of the biggest risks in an electronic workpaper environment is the failure to
adequately control and ultimately delete interim draft and in-process documentation and extraneous material that is not
intended to be a part of the final workpapers. When document storage involves transfer of materials from one medium to
another, firms may choose to have a designated and knowledgeable member of the engagement team review the archived
material to ensure that a complete and accurate transfer has been made. The purpose of this review would be to make sure
that draft and extraneous materials are not inadvertently included, and that necessary documents are not inadvertently
omitted.
807.27 To perform the archiving, the auditor can use a backup utility in essentially the same way as described previously for
backing up the engagement. A key difference is that when archiving, the auditor needs to take steps to ensure that all other
versions of the workpapers or the engagement are deleted. Also, the archived engagement needs to be deleted from the
computer on which it was created (unless the auditor intends to use this computer as one of the storage locations for the
engagement).
807.28 To guard against an unexpected loss of data (for example, in case a disk is corrupted or network storage crashes),
multiple copies of the engagement may be kept, and copies may be stored in different locations. The need for redundancy
may be balanced against the need to control access to the engagement workpapers. Again, firms need to develop their own
archiving and storage policies based on their own preferences and technology capabilities.
807.29 Generally, copies of the engagement might be needed for any of the following purposes:
Multiple copies (two or more) in varied locations for security purposes.
Copies for use in subsequent year audits.
Copies to provide to peer reviewers.
Copies to provide to other third parties if needed.
807.30 As a practical matter, the firm may create only the number of archived copies necessary for security purposes. When
additional copies of the engagement are later needed for other purposes (in the subsequent year audit, for peer review, etc.),
copies can be made at that time from the firms existing archived copies. Once these additional copies have served their
purpose, they can simply be deleted.
807.31 Software Applications. Archived workpapers may sometimes be accessed several years after they are created.
Firms need to take steps to ensure that they can still access all the electronic workpapers created in prior years
engagements. This can be accomplished by either:
Communicating with software vendors to ensure that current versions of software can access documents created in
prior versions, or
Keeping old versions of software, and even perhaps hardware, when necessary.
807.32 This would apply to any software used during the engagement to create or store workpapers, including:
Word processing software.
Spreadsheet software.
Data extraction software.
Imaging software (for viewing scanned documents).
Paperless engagement software.
Trial balance software.
Document management software.
Other software (such as depreciation, tax preparation, or sampling software).
Retention of Electronic Workpapers
807.33 Another issue that is closely related to archiving is the question of how long electronic workpapers and engagements
need to be retained. Firms need to use the same guidelines they use for printed workpapers. Paragraphs 805.5 and 808.3
discuss retention requirements and considerations.
807.34 The most important point is that workpapers need to be discarded in accordance with established firm policy and in
compliance with professional standards and legal or regulatory requirements. Inconsistent application of the firms policy can
be very damaging in the event of litigation. Therefore, deviations from the firms policy need to be infrequent, and the reason
for any deviation needs to be documented.
807.35 Also, if engagements are archived to the firms network, consideration needs to be given to how periodic network
backups affect the firms document retention policies. Specifically, if a firm has a policy of discarding engagement
workpapers after a certain period of time, archive copies of the workpapers that are part of the firms network backup files
also need to be deleted.
808 LEGAL LIABILITY CONSIDERATIONS FOR AUDIT DOCUMENTATION
Audit Documentation
808.1 Preparation. The primary focus of audit documentation is to support the auditors report by providing a clear
understanding of the work performed, the evidence obtained along with the source, and the conclusions reached. However,
when preparing and reviewing workpapers, auditors need to maintain a general awareness that there is at least some chance
that the work may someday be challenged in court. The following are some workpaper dos and donts from a legal liability
standpoint:
Avoid recording any extraneous remarks or memoranda that are irrelevant to the engagement that could be seized
upon by opposing counsel, such as, this transaction makes no sense, the clients books are a mess, or these
expenses seem questionable.
When reviewing workpapers, be alert for statements that could be taken out of context and used by a prosecuting
attorney attempting to discredit your work. Even a seemingly meaningless comment may be seized upon by a
plaintiffs attorney, even if the audit area is unrelated to the issue being litigated. For example, delete any gratuitous
comments such as close enough for government work.
Discourage audit staff from maintaining personal files of memos, schedules, etc., related to an engagement. Two
examples of such documentation include (1) the original copies of workpapers that are redone and (2) schedules
that are helpful in understanding an audit area but are not considered significant enough to include in the
workpapers. Keeping such documentation is tempting because it serves as a reminder of how the audit was carried
out. However, the documentation is subject to subpoena. All documentation necessary to support the audit report
needs to be included in the workpapers so that it is readily subject to supervisory review. All superseded
documentation needs to be destroyed prior to the completion of the engagement to minimize the possibility that
someone may be misled as to the procedures followed and conclusions reached by the audit team. This includes
any such documentation saved on the network, hard drives, or USB flash drives. (The process for archiving
electronic workpapers is discussed beginning with paragraph 807.21.)
If a workpaper has to be redone or a memo rewritten, discard the superseded version. Do not paste or staple the
revised document over the top of the superseded version.
10(56)
Avoid whiting out or taping over corrected explanations or sentences. Either line through the incorrect statement or
redo the workpaper and discard the superseded version.
10(57)
Initial and date each audit program step unless an entire section is not applicable. (However, it is not necessary to
sign off or comment on the practical considerations included in PPCs audit programs.) Slash signing by initialing
one step and extending the line down the column for several following steps may lead to important procedures
being overlooked.
Do not sign off an audit program step as not applicable (N/A) unless it truly is not applicable.
Try to avoid signing off an audit program step as not considered necessary (N/C/N) without explaining, at least
briefly, why the step is unnecessary.
Clear all review notes or to do lists and then discard them. The procedures performed in clearing the review notes
need to be recorded in the workpapers, along with the auditors conclusions. An uncleared review note left in the
workpapers is a smoking gun for a plaintiffs attorney.
Document thoroughly your conclusions and support for conclusions regarding any unique issues. As noted in
paragraph 802.36, however, routinely including a place for a summary memorandum that discusses all the
significant accounting or auditing matters that arose in the engagement may be unnecessary. The preparation of
such a memorandum tends to become mechanical. Including relevant documentation within each audit area is
generally sufficient. ASB-CX-16.4, Accounting and Engagement Issues, provides a form that can be used to
document significant accounting or auditing matters.
If a time budget by audit area is maintained in the workpapers, consider explaining any significant budget overages
and underages. Spending significantly less time than budgeted in an audit area can provide a prosecuting attorney
with an inroad for arguing that the auditor performed insufficient testing in that area. Similarly, significant overages
identify an area as one presenting accounting or auditing problems.
When explaining budget overages, do not make statements that may be interpreted negatively with regard to staffing
or supervision.
808.2 Timely completion of audit documentation helps mitigate potential errors or omissions from occurring in the
workpapers that could lead to issues in defending litigation. In general, avoid unreasonable delays in documenting audit
procedures that were performed. The authors recommend establishing work and supervision standards that promote the
recording of evidence collected and associated findings at the time the relevant procedures are performed. Such standards
would normally discourage extensive reliance on memory to complete the audit documentation at a later date. As discussed
beginning in paragraph 802.24, professional standards contain requirements that demand timely completion of audit
documentation.
808.3 Retention. The issue of how long to retain workpapers and files has been a controversial one. Some attorneys believe
that retention is very important, whereas other attorneys who have defended many auditors are sometimes more skeptical.
Workpapers can be a two-edged sword. On one hand, they provide proof that the auditor complied with professional
standards and provide support for the auditors conclusions and report. They may be critical in the defense of a malpractice
claim because claims often reach trial many years after the audit is completed and partners and staff no longer recall key
details without workpapers to remind them. On the other hand, a prosecuting attorney will often attempt to discredit an
auditors work using the workpapers and may find inconsistencies or misstatements that can be used against the auditor.
808.4 AU-C 230.17 states, After the documentation completion date, the auditor should not delete or discard audit
documentation of any nature before the end of the specified retention period. Such retention period, however, should not be
shorter than five years from the report release date. While a retention period of a minimum of five years from the report
release date is required by professional standards, the needs of the practice, legal, regulatory, or other factors may dictate a
retention period in excess of five years. As noted in paragraph 805.5, many auditors have adopted periods of retention
ranging from 7 to 10 years. Because workpapers for public company audit clients are required to be maintained for seven
years, several states have adopted seven-year retention requirements and others are considering adopting similar provisions.
The Uniform Accountancy Act (UAA) Model Rules provide a retention period for attest documentation of five years from the
date of the report.
808.5 Legal or regulatory requirements affecting documentation and retention may also dictate which documents need to be
retained. Also, legislation may include a presumption that audit procedures not documented in the audit workpapers were not
performed. This presumption places a much heavier burden upon auditors to maintain a complete record of their audit tests
and the conclusions they reached. It is important for auditors to be aware of applicable requirements in their jurisdictions.
808.6 Other than the minimum requirement of five years and pertinent legal or regulatory mandates that may apply, the
authors believe that there is no right answer to the question of how long to retain workpapers. Generally, most auditors would
prefer to have their workpapers available if they find themselves in a litigation situation. The workpapers serve as a memory
jogger. However, it is important to ensure that documentation deficiencies, such as those discussed in paragraph 808.1, are
minimized when the workpapers are initially prepared. Also, keeping workpapers indefinitely is generally both costly and
unnecessary.
808.7 The important point is that if workpapers are discarded, it needs to be done in accordance with professional standards
and applicable legal or regulatory requirements following an established firm policy. Inconsistent application of the firms
policy can be very damaging in the event of litigation. Deviations from the firms policy need to be infrequent, and the reason
for any deviation needs to be documented. Exhibit 8-3 provides examples of record retention policies for different types of
records. However, they are only examples. Individual firms need to establish their own retention policies based on practice
preference, AU-C 230 requirements, and applicable legal or regulatory requirements.
Exhibit 8-3
Example Record Retention Policies
a
DESCRIPTION CURRENT CLIENT FORMER CLIENT
Draft financial statements and reports Until completion of engagement N/A
Financial statements and reports Indefinitely 7 years
Correspondence files 7 years 7 years
Permanent files Indefinitely 7 years
Current workpaper files 7 years 7 years
Note:
a
Governmental agencies often have specific retention requirements.
* * *
808.8 Document retention policies need to recognize the need for exceptions in extenuating circumstances. Most notable,
when audit workpapers are the subject of a subpoena or contemplated or threatened subpoena or summons, no file or
document destruction should occur until the related issues have been fully settled. In addition, document destruction should
be deferred pending known governmental, criminal, or disciplinary investigations, even if the audit firm is not currently the
target of the investigation. Even documents that ought to have previously been discarded in accordance with firm policy (such
as personal files or review notes) need to be maintained pending completion of the investigation. This further points out the
need to dispose of unnecessary documentation immediately at the completion of the engagement.
11(58)
808.9 Firms need to consider consulting their attorneys and insurance carriers when establishing their retention policies. In
some cases, government agencies have specific record retention requirements that are made part of the contract for audited
808.10 Storing and Disposing of Electronic Files. As noted in paragraph 807.33, firms generally need to use the same
retention guidelines for workpapers in electronic format that they use for printed workpapers. Electronic files also need to be
discarded at the end of the retention period following the same process as hardcopy workpapers. As with paper files,
inconsistent application of the firms policy can be very damaging in the event of litigation. Therefore, deviations from the
firms policy needs to be infrequent, and the reason for any deviation needs to be documented.
808.11 When using a paperless audit approach, it is imperative that off-line, ad hoc duplication be avoided. However,
maintaining multiple indexed and cross-referenced copies of electronic files may be advisable for security reasons because of
the risk of inadvertent loss or damage to an electronic file. Electronic files need to be stored off-site or in a separate protective
cabinet.
808.12 If engagements are archived to the firms computer network, consideration ought to be given to how periodic network
backups affect the firms document retention policies. Specifically, at the time the engagement workpapers are discarded,
archived copies of the workpapers that are part of the firms network backup files also need to be deleted.
808.13 Finally, firms need to recognize that archived electronic workpapers may need to be accessed several years after they
have been created. This is discussed in greater detail beginning with paragraph 807.31.
Other Documentation
808.14 Correspondence Files. Many firms also maintain correspondence files for each client in which such things as
memos to the client, engagement letters, emails, and report transmittal letters are kept. The content of such files, especially
any correspondence regarding potential litigation, also needs to be controlled. Generally, the engagement partner sees
anything before it is filed in a correspondence file, and individual firm members need to be discouraged from keeping their
own personal correspondence files.
808.15 Email Communications. In this day of electronic communication and virtual offices, auditors are a mere click away
from their clients. However, technology can also create awkward situations and liability exposure if not used wisely. For
instance, email creates an electronic document that is stored on the firms network computer server. Even deleted email
messages can often later be restored from the firms network or its backup files. These files are subject to subpoena and
other legal document production procedures. As a result, electronic communications between firm personnel need to be
professional, both over the firms system and on client systems (such as during the fieldwork phase of an engagement).
Refrain from including derogatory comments of any kind about clients, engagements, or other personnel in email or other
written communications.
808.16 Firms need to use caution when responding to client email inquiries. The informality of email as a communication
medium does not make the information contained in emails informal conversation. The same quality control procedures the
firm follows for written responses to technical inquiries also need to be followed for similar email responses. For instance,
assume that a client emails a staff member for guidance on the proper accounting treatment of a transaction in accordance
with a newly issued accounting standard. Before the advent of email, the staff member would research the issue and draft a
response that provides guidance, complete with support from the professional standards. The response would typically be
reviewed and approved by the engagement partner and appropriate disclaimer language would be added to the
correspondence. A copy of the formal communication would be maintained in the client correspondence file. None of those
steps needs to be excluded simply because the communication is made electronically. Email documentation is still
documentation, and the client has a permanent record of what the firm has advised it to do.
808.17 All incoming and outgoing emails normally need to be deleted as soon as any necessary action has been taken.
When incoming or outgoing emails need to be preserved, they may be transferred to the firms electronic document system
where they can be labeled and indexed. The copy in the email system needs to then be deleted. The authors recommend that
emails remain in the firms email system no more than 30 days.
808.18 Phone Communications. In modern communication environments, some systems maintain a record of phone
messages as well as emails. Many times, the atmosphere of informality with phone messages is even greater than that which
exists for emails. Firms need to caution personnel to treat phone calls in such an environment with care and professionalism.
Similar to that for emails, firms need to adopt policies and procedures regarding the retention and disposal of any phone
messages.
808.19 Time Sheets. Time sheets and other data in the firms time and billing system need to reflect time charged by the
engagement partner and other supervisory personnel. For example, a partner may work on several engagements during a
day and may fail to charge time to each engagement. That can make it difficult to later prove that time was actually spent
reviewing the engagement.
APPENDIX 8A: Audit Documentation Requirements
APPENDIX 8A-1: Audit Documentation RequirementsFor Audits of Periods Ending on or after
December 15, 2012
GAAS includes general documentation requirements as well as numerous requirements to prepare and maintain
documentation related to specific audit areas. This summary provides a useful memory jogger of the specific audit
documentation requirements contained in GAAS, as well as the engagement-related requirements of SQCS No. 8, A Firms
System of Quality Control (Redrafted), and those required by Ethics Interpretation 101-3. (There may be additional
documentation requirements specified by regulatory agencies, such as the GAO or PCAOB.) This summary does not include
documentation requirements for reviews of interim financial information. This Appendix summarizes audit documentation
requirements under professional standards after the effective date of the clarified auditing standards. Appendix 8A-2, Audit
Documentation RequirementsFor Audits of Periods Ending before December 15, 2012, summarizes audit documentation
requirements under professional standards before the effective date of the clarified auditing standards.
1. Prepare audit documentation sufficient to enable an experienced auditor who has no previous connection with the
engagement to understand (a) the nature, timing, and extent of the auditing procedures performed; (b) the results of
audit procedures and the evidence obtained; and (c) the significant judgments made and conclusions reached on
significant findings or issues. (AU-C 230.08)
2. Document the justification for any departure from a relevant presumptively mandatory requirement, including how
alternative procedures performed were sufficient to achieve the intent of the requirement. (AU-C 230.13)
3. Document the following (AU-C 230.09; AU-C 230.11.12; AU-C 230.15; AU-C 220.19; and AU-C 220.A17):
a. The individuals who performed the work, when the work was completed, the person who reviewed the work
(including the engagement partner), and the date and extent of the review.
b. The identifying characteristics of the specific items tested.
c. Discussions of significant audit findings or issues with management, those charged with governance, and others,
including the nature of such findings and issues and when and with whom they were discussed.
d. How information that contradicted or was inconsistent with the final conclusion on a significant audit finding or issue
was addressed.
AU-C 230.A18 indicates that documentation of such an inconsistency may include documentation of items such
as procedures performed in response to the information and consultations on, or resolutions of, differences in
professional judgment among members of the engagement team or between the engagement team and others
consulted.
e. The report release date.
4. Include in the audit documentation abstracts or copies of significant contracts or agreements for procedures related to
the inspection of such contracts or agreements. (AU-C 230.10)
5. In the rare case that additional audit procedures are performed or new conclusions are reached after the date of the
audit report, document the following (AU-C 230.14):
a. When and by whom the changes were made and reviewed.
b. The circumstances encountered.
c. The new or additional procedures performed, the evidence obtained and conclusions reached, and the effect on the
auditors report.
AU-C 230.A23 provides examples of such circumstances, such as those involving audit procedures that had
been omitted (AU-C 585) or the subsequent discovery of facts existing at the date of the auditors report (AU-C
560).
6. If there are reasons other than the need to perform additional procedures or reach new conclusions described in item 4
above, and the auditor considers it necessary to modify or add to the existing workpapers after the documentation
completion date, document the following (AU-C 230.18):
a. The specific reasons for the changes.
b. When and by whom the changes were made and reviewed.
7. Document the agreed-upon terms of the engagement in an engagement letter that includes the following (AU-C 210.10):
a. Objective and scope of the audit.
b. Responsibilities of the auditor and management.
c. Statement that, because of the inherent limitations of an audit and internal control, an unavoidable risk exists that
some material misstatements may not be detected, even though the audit is properly planned and performed.
d. Identification of the applicable financial reporting framework (GAAP).
8. If also performing nonattest services for an audit client, document in writing the understanding with the client concerning
such services. (Ethics Interpretation 101-3)
9. When using a multi-year engagement letter for a recurring audit, document the following relating to the agreed-upon
terms of the engagement (AU-C 210.13 and AU-C 210.16):
a. If the terms do not need to be revised, that management has been reminded of the engagement terms.
b. If the terms need to be revised, the new terms in an engagement letter.
10. Document the following concerning engagement quality control matters (QC 10.28 and AU-C 220.25):
a. Issues identified relating to compliance with relevant ethical requirements and how they were resolved.
b. Conclusions on compliance with independence requirements that apply to the engagement and any relevant
discussions with the firm that support those conclusions.
c. Conclusions regarding the acceptance and continuance of the client relationship and engagement, including
documentation of how any issues were resolved.
11. If the firm withdraws from the engagement or from the engagement and the client relationship, document significant
matters, consultations, conclusions, and the basis for the conclusions. (QC 10.30 and QC 10.A16)
12. If consultation occurred on the engagement, document (QC 10.37; AU-C 220.25; and AU-C 220.A36):
a. The nature and the scope of such consultations.
b. The conclusions resulting from such consultation.
c. The basis for the conclusions.
d. How the conclusions were implemented.
13. Document the following regarding audit planning (AU-C 300.14):
a. Overall audit strategy.
b. Audit plan.
c. Any significant changes made to the audit strategy or audit plan and the reasons for those changes.
AU-C 300.A21.22 indicates that documentation of the overall audit strategy is a record of the key decisions
considered to plan the audit and communicate significant issues to the engagement team. Documentation of the
audit plan is a record of the planned nature, timing, and extent of risk assessment and other audit procedures in
response to assessed risks.
14. Describe the following in the documented audit plan (AU-C 300.09):
a. The nature, timing, and extent of planned risk assessment procedures.
b. The nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material
c. Other audit procedures to be performed to comply with generally accepted auditing standards.
15. Document the following in connection with obtaining an understanding of the entity and its environment (AU-C 315.33
and AU-C 240.43):
a. The discussion among engagement team members regarding the susceptibility of the financial statements to
material misstatement due to error or fraud and the application of GAAP to the clients circumstances, including how
and when the discussion occurred, the subject matter discussed, the audit team members who participated, and
significant decisions reached regarding planned responses at the financial statement and relevant assertion levels.
b. Key elements of the understanding of the entity and its environment, as well as the sources of information and the
risk assessment procedures performed to obtain the understanding for each of the following:
(1) Industry, regulatory, and other external factors.
(2) Nature of the entity.
(3) Selection and application of accounting principles.
(4) Objectives and strategies and the related business risks.
(5) Measurement and review of the entitys financial performance.
(6) The components of internal control.
c. Identified and assessed risks of material misstatement due to error or fraud at both the financial statement and
assertion levels.
d. Significant risks identified and the related controls evaluated.
e. Risks for which substantive procedures alone are not effective and the related controls evaluated.
16. Document the following regarding audit procedures in response to assessed risks of material misstatement due to error
or fraud (AU-C 330.30.31; AU-C 240.44; and AU-C 240.46):
a. Overall responses to assessed risks at the financial statement level.
b. Nature, timing, and extent of further audit procedures performed.
c. Linkage of procedures to assessed risks at the relevant assertion level.
d. Results of audit procedures performed, including procedures performed to address management override of
controls.
e. Conclusions reached regarding the current period use of audit evidence obtained in prior periods about the
f. If a conclusion is reached that the presumption of a risk of material misstatement due to fraud related to revenue
recognition is overcome, the reasons for that conclusion.
17. Document the names of any identified related parties and the nature of the related party relationships. (AU-C 550.28)
18. Document the following concerning accounting estimates (AU-C 540.22):
a. For accounting estimates that give rise to significant risks, the basis for conclusions about the reasonableness of
the estimates and their disclosure.
b. Any indicators of possible management bias.
19. Document the basis for determining not to send external confirmations for accounts receivable if the account balance is
material. (AU-C 330.32)
20. Document the following when substantive analytical procedures have been performed (AU-C 520.08):
a. The expectation, if not readily determinable from the documentation of the work performed, and the factors
considered in developing it.
b. Results of comparing the expectation to the recorded amounts or ratios developed from recorded amounts.
c. Any additional auditing procedures performed in response to significant unexpected differences and the results of
those procedures.
21. Document that the audited financial statements agree or reconcile to the accounting records. (AU-C 330.33)
22. Document any differences of opinion within the engagement team, with those consulted, or, where applicable, between
the engagement partner and the engagement quality control reviewer concerning accounting and auditing conclusions,
including the basis for final resolution of the matter and how the conclusions were implemented. (QC 10.46.47)
SQCS No. 8 notes that a firms policies and procedures should enable a member of the engagement team to
document that members disagreement with the conclusions reached after the consultation.
23. Obtain written representations from management. (AU-C 580)
24. In connection with a clients actual or potential litigation, claims, or assessments (AU-C 501.18 and AU-C 501.20):
a. Include any letter of inquiry from the entitys external legal counsel in the audit documentation.
b. If a determination is made not to communicate directly with the entitys external legal counsel, document the basis
for that determination.
25. Document required communications with those charged with governance as follows (AU-C 260.20):
a. If communicated in writing, retain a copy of the letter.
b. If communicated orally, document the communication, including when and by whom they were communicated.
26. Provide timely communication concerning internal control matters as follows (AU-C 265.11.12):
Written communication to management and those charged with governance (such as the audit committee, board of
directors, or owner/manager in a small business) regarding significant deficiencies and material weaknesses in
internal control identified in the audit, including remediated matters communicated in previous audits.
Written or oral communication to the appropriate level of management regarding other deficiencies in internal
control identified during the audit that are sufficiently important to merit managements attention. If communicated
orally, document the communication.
27. Document any communications with management, those charged with governance, and others about fraud. (AU-C
240.45)
28. Document a description of any identified or suspected noncompliance with laws and regulations and the results of
discussion with management and, when applicable, those charged with governance and other parties inside or outside
the entity. (AU-C 250.28)
29. Document the following relating to materiality, including factors considered in their determination and any revisions made
during the audit (AU-C 320.14):
a. Materiality for the financial statements as a whole.
b. If applicable, materiality level(s) for particular transaction classes, account balances, or disclosures.
c. Performance materiality.
30. Document the following related to misstatements (AU-C 450.12):
a. The amount designated by the auditor below which misstatements need not be accumulated (clearly trivial).
b. All misstatements accumulated and whether they have been corrected.
c. A conclusion as to whether uncorrected misstatements, individually or in the aggregate, cause the financial
statements to be materially misstated, and the basis for the conclusion.
AU-C 450.A28 indicates that the documentation of uncorrected misstatements may take into account
The aggregate effect of uncorrected misstatements.
Whether the materiality level(s) for classes of transactions, account balances, or disclosures were exceeded.
The evaluation of the effect of uncorrected misstatements on key ratios or trends and compliance with
contractual requirements (such as loan covenants) and legal and regulatory requirements.
31. Document the following when conditions or events caused the auditor to believe there is substantial doubt about the
entitys ability to continue as a going concern for a reasonable period of time (AU-C 570.18):
a. The conditions or events that caused the auditor to believe there is substantial doubt about the entitys ability to
continue as a going concern for a reasonable period of time.
b. The elements of managements plans considered significant to overcoming the adverse effects of the conditions or
events.
c. The procedures performed and the evidence obtained to evaluate managements plans.
d. The auditors conclusion about whether substantial doubt about the entitys ability to continue as a going concern
for a reasonable period of time remains or is alleviated and the possible effects on the financial statements,
including disclosures.
e. A conclusion about whether to include an explanatory paragraph in the audit report.
f. If disclosures are inadequate, a conclusion about whether to express a qualified or adverse opinion for the GAAP
departure.
32. For group audits, document the following (AU-C 600.49):
a. An analysis of components indicating those that are significant and the type of work performed on the components.
b. Components for which reference to the reports of component auditors is made in the auditors report on the group
c. Written communications between the group engagement team and the component auditors about the group
engagement teams requirements.
d. For components for which reference is made to a component auditor in the auditors report on the group financial
statements, the financial statements of the component and the report of the component auditor.
33. When assuming responsibility for the work of a component auditor, document the nature, timing, and extent of the group
engagement teams involvement in the work performed by component auditors on significant components, including the
review of relevant parts of the component auditors audit documentation and conclusions. (AU-C 600.64)
34. Document the following concerning income taxes (AU-C 9500.0122):
a. Support for the accounting and disclosure of significant tax-related contingencies, including the significant elements
of tax contingencies or reserves and a roll-forward of material changes.
b. Support for income tax-related disclosures and for the intraperiod tax allocation.
c. Where applicable, the basis for assessing deferred tax assets and valuation allowances and support for applying
the indefinite reversal criteria in FASB ASC 740-30.
d. If support for the tax accrual or contingency matters is based on the opinion of an outside adviser, either the actual
advice or opinion rendered by the adviser or other documentation of the facts addressed and conclusions reached
by the client and adviser.
35. If an engagement quality control review is performed, the reviewer should document (AU-C 220.26):
a. That the procedures required by the firms policies on engagement quality control review were performed.
b. The date the engagement quality control review was completed.
c. That the reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the significant
judgments the engagement team made and the conclusions they reached were not appropriate.
APPENDIX 8A-2: Audit Documentation RequirementsFor Audits of Periods Ending before
December 15, 2012
GAAS includes general documentation requirements as well as numerous requirements to prepare and maintain
documentation related to specific audit areas. This summary provides a useful memory jogger of the specific audit
documentation requirements contained in GAAS, as well as the engagement-related requirements of SQCS No. 8, A Firms
System of Quality Control (Redrafted) and those required by Ethics Interpretation 101-3. (There may be additional
documentation requirements specified by regulatory agencies, such as the GAO or PCAOB.) This summary does not include
documentation requirements for reviews of interim financial information. This Appendix summarizes audit documentation
requirements under professional standards before the effective date of the clarified auditing standards. Appendix 8A-1, Audit
Documentation RequirementsFor Audits of Periods Ending on or after December 15, 2012, summarizes audit
documentation requirements under professional standards after the effective date of the clarified auditing standards.
1. Audit documentation should (SAS 103, AU 339):
a. Permit an experienced auditor who has no previous connection with the engagement to understand (1) the nature,
timing, and extent of the auditing procedures performed, (2) the results of audit procedures and the evidence
obtained, (3) the conclusions reached on significant matters, and (4) that the audited financial statements agree or
reconcile to the accounting records.
b. Indicate the individuals who performed the work, when the work was completed, the person who reviewed the work,
and the date of the review.
2. Audit documentation should include (SAS 103, AU 339):
a. Abstracts or copies of significant contracts or agreements if they are needed to understand the work performed and
conclusions reached.
b. Audit findings or issues that in the auditors judgment are significant, actions taken to address them (including any
additional evidence obtained), and the basis for the final conclusions reached.
c. When applicable, discussions of significant audit findings or issues with management and others, the responses
obtained, and when and with whom the auditor discussed such findings or issues.
d. How the auditor addressed information that contradicted or was inconsistent with final conclusions on a significant
audit finding or issue.
e. Identification of specific items tested for tests of operating effectiveness of controls and substantive tests of details.
f. Justification for any departure from a presumptively mandatory requirement in a Statement on Auditing Standards
including how alternative procedures performed were sufficient to achieve the objectives of the requirement.
g. The report release date.
3. After the documentation completion date, or when responding to circumstances involving (a) omitted procedures (AU
390) or (b) the subsequent discovery of facts existing at the date of the auditors report (AU 561), additions or changes to
audit documentation should include (SAS 103, AU 339):
a. When and by whom the changes were made and, if applicable, reviewed.
b. The specific reasons for the change.
c. The effect of any changes or conclusions reached.
SAS No. 103 (AU 339), Audit Documentation, requires auditors to complete the audit file within sixty days from the
report release date.
4. Document the understanding with the client regarding the audit services to be performed through a written engagement
letter, and for any nonattest services, in the workpapers (but preferably through written communication with the client).
(SAS 108, AU 311; Ethics Interpretation 101-3)
5. If issues involving the acceptance or continuance of the client relationship or a specific engagement were identified and
the firm decided to accept or continue the client relationship or this specific engagement, document how the issues were
resolved. (SQCS 8)
In November 2010, the Auditing Standards Board issued SQCS No. 8, A Firms System of Quality Control. The SQCS
will supersede SQCS No. 7 effective as of January 1, 2012. The SQCS has been redrafted in clarified format (see
discussion in Section 101). SQCS No. 8 includes similar requirements to SQCS No. 7 regarding documentation of
issues on client acceptance and continuance. Auditors should refer to the new SQCS when considering their firms
system of quality control as of the effective date. PPCs Guide to Quality Control contains a complete analysis of SQCS
No. 8.
6. If the firm withdrew from the engagement or from both the engagement and the client relationship, document significant
matters, consultations, conclusions, and the basis for the conclusions. (SQCS 8)
7. If consultation occurred on the engagement, document (SQCS 8):
a. The nature and the scope of such consultations.
b. The conclusions resulting from such consultation.
c. The basis for the conclusions.
d. How the conclusions were implemented.
8. The documented audit plan should include a description of the following (SAS 108, AU 311):
a. The nature, timing, and extent of planned risk assessment procedures.
b. The nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material
c. Other audit procedures to be performed to comply with generally accepted auditing standards.
9. Document (SAS 108, AU 311):
a. Any significant revisions to the overall audit strategy to respond to changes in circumstances.
b. Changes to the original audit plan.
10. Document the following in connection with the identification and assessment of risks of material misstatement (SAS 109,
AU 314):
a. The discussion among engagement team members regarding the susceptibility of the financial statements to
material misstatement, including how and when the discussion occurred, the subject matter discussed, the audit
team members who participated, and significant decisions reached regarding planned responses at the financial
statement and relevant assertion levels.
b. Key elements of the understanding of the entity and its environment, as well as the sources of information and the
risk assessment procedures performed to obtain the understanding for each of the following:
(1) Industry, regulatory, and other external factors.
(2) Nature of the entity.
(3) Objectives and strategies and the related business risks.
(4) Measurement and review of the entitys financial performance.
(5) The components of internal control.
c. The assessment of the risks of material misstatement at both the financial statement level and the relevant assertion
level including the basis for the assessment.
d. Significant risks identified and the related controls evaluated.
e. Risks for which substantive procedures alone are not effective and the related controls evaluated.
11. Document the following in connection with the consideration of fraud (SAS 99, AU 316):
a. The discussion among engagement team members in planning the audit, including how and when the discussion
occurred, the audit team members who participated, and the subject matter discussed.
The authors recommend combining the documentation of the fraud discussion with the documentation in item
10(a).
b. The procedures performed to gather information needed to identify and assess fraud risks.
c. Specific fraud risks identified.
d. A description of the response to identified fraud risks.
e. If applicable, how the presumption that improper revenue recognition is a fraud risk was overcome.
f. The results of procedures to address the risk of management override of controls.
g. Additional conditions and analytical relationships, if any, requiring a response and the response(s) to those risks or
conditions.
h. The nature of communications about fraud with management, those charges with governance, and others.
12. Document the following regarding audit procedures in response to assessed risks of material misstatement (SAS 110,
AU 318):
a. Overall responses to assessed risks at the financial statement level.
b. Nature, timing, and extent of further audit procedures.
c. Linkage of procedures to assessed risks at the relevant assertion level.
d. Results of audit procedures performed.
e. Conclusions reached regarding the current period use of audit evidence obtained in prior periods about the
13. Document the following in connection with confirmation procedures (SAS 67, AU 330):
a. Oral confirmations.
b. If accounts receivable were not confirmed, how the presumption that receivables would be confirmed was
overcome.
14. Document the following for analytical procedures used as the principal substantive test of a significant financial
statement assertion (SAS 56, AU 329):
a. The expectation, if not readily determinable from the documentation of the work performed, and the factors
considered in developing it.
b. Results of comparing the expectation to the recorded amounts or ratios developed from recorded amounts.
c. Any additional auditing procedures performed in response to significant unexpected differences and the results of
those procedures.
15. Document any differences of opinion within the engagement team, with those consulted, or, where applicable, between
the engagement partner and the engagement quality control reviewer concerning accounting and auditing conclusions,
including the basis for final resolution of the matter and how the conclusions were implemented. (SAS 108, AU 311;
SQCS 8)
SQCS No. 8 notes that a firms policies and procedures should enable a member of the engagement team to
document that members disagreement with the conclusions reached after the consultation.
16. Obtain written representations from management. (SAS 85, AU 333)
17. In connection with the inquiry of the clients lawyer concerning litigation, claims, and assessments (SAS 12, AU 337):
a. Inform the clients lawyer, either in the client inquiry letter or in a separate letter to the clients lawyer, that the client
assured the auditor it has disclosed all unasserted claims that the lawyer has advised are probable of assertion and
must be disclosed in accordance with FASB Accounting Standards Codification 450, Contingencies.
b. When an oral response was obtained concerning matters covered by the audit inquiry letter, document the
conclusions reached concerning the need for accounting for or disclosure of litigation, claims, and assessments.
18. Document oral communications with the audit committee, or others charged with governance (such as the board of
directors or owner/manager in a small business), regarding illegal acts. (SAS 54, AU 317)
19. Provide written communication to management and those charged with governance (such as the audit committee, board
of directors, or owner/manager in a small business), regarding significant deficiencies and material weaknesses in
internal control identified in the audit, including unremediated matters communicated in previous audits. (SAS 115, AU
325)
SAS No. 115 (AU 325), Communicating Internal Control Related Matters Identified in an Audit, requires significant
deficiencies and material weaknesses to be communicated in writing to management and those charged with
governance, even if they were communicated in previous audits.
20. Document any oral communications with those charged with governance regarding (SAS 114, AU 380):
a. The auditors responsibilities under generally accepted auditing standards.
b. An overview of the planned scope and timing of the audit.
c. Significant findings from the audit.
Significant audit findings should be communicated in writing, and retained in the workpapers, when oral
communication is not considered adequate.
21. Document the levels of materiality and tolerable misstatement, including any changes to such amounts, and the basis for
their determination. (SAS 107, AU 312)
22. Documentation of misstatements should include (SAS 107, AU 312):
a. A summary of uncorrected misstatements related to known and likely misstatements, other than those considered
trivial.
b. A conclusion as to whether uncorrected misstatements, individually or in the aggregate, cause the financial
statements to be materially misstated, and the basis for the conclusion.
c. All known and likely misstatements identified during the audit that have been corrected by management, other than
those considered trivial.
d. Sufficient documentation that allows the auditor to:
(1) Separately consider the effects of known and likely misstatements, including uncorrected misstatements
identified in prior periods.
(2) Consider the aggregate effect of misstatements on the financial statements.
(3) Consider the qualitative factors that are relevant in determining whether misstatements are material.
23. Document the following when conditions or events caused the auditor to believe there is substantial doubt about the
entitys ability to continue as a going concern for a reasonable period of time (SAS 59, AU 341):
a. The conditions or events that caused the auditor to believe there is substantial doubt about the entitys ability to
continue as a going concern for a reasonable period of time.
b. The elements of managements plans considered significant to overcoming the adverse effects of the conditions or
events.
c. The procedures performed and the evidence obtained to evaluate managements plans.
d. The auditors conclusion about whether substantial doubt about the entitys ability to continue as a going concern
for a reasonable period of time remains or is alleviated and the possible effects on the financial statements,
including disclosures.
e. A conclusion about whether to include an explanatory paragraph in the audit report.
f. If disclosures are inadequate, a conclusion about whether to express a qualified or adverse opinion for the GAAP
departure.
g. Written or oral communication with those charged with governance about:
(1) The nature of the events or conditions identified.
(2) The possible effect on the financial statements and the adequacy of related disclosures in the financial
statements.
(3) The effects on the auditors report.
24. Audit documentation should include the following (AU 9326.06.23):
a. Support for the accounting and disclosure of significant tax-related contingencies, including the significant elements
of tax contingencies or reserves and a roll-forward of material changes.
b. Support for income tax related disclosures and for the intraperiod tax allocation.
c. Where applicable, the basis for assessing deferred tax assets and valuation allowances and support for applying
the indefinite reversal criteria in FASB ASC 740-30.
d. If support for the tax accrual or contingency matters is based on the opinion of an outside adviser, either the actual
advice or opinion rendered by the adviser or other documentation of the facts addressed and conclusions reached
by the client and adviser.
25. Before reporting on financial statements prepared in conformity with the accounting principles of another country, obtain
written representations from management regarding the purpose and uses of such financial statements. (SAS 51, AU
534)
26. If an engagement quality control review was performed, document that (SQCS 8):
a. The procedures required by the firms policies on engagement quality control review were performed.
b. The engagement quality control review was completed before the report was released.
c. The reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the significant
judgments the engagement team made and the conclusions they reached were not appropriate.
27. Before reissuing, or consenting to the reuse of, a report previously issued on the financial statements of a prior period,
obtain representation letters from management of the former client and from the successor auditor. (SAS 58, AU 508)
CHAPTER 9: SPECIAL AUDIT CONSIDERATIONS
900.1 This chapter provides guidance on various audit considerations that are often unique to specific engagements. The
topics discussed in the chapter include the following matters:
a. Auditing consolidated or combined financial statements (for periods ending before December 15, 2012)section
901.
b. Audits of branches or divisions (for periods ending before December 15, 2012)section 902.
c. Using the work of other auditors (for periods ending before December 15, 2012)section 903.
d. Group audits (for periods ending on or after December 15, 2012)section 906.
e. Use of service organizationssection 905.
f. Using specialistssection 906.
g. Using the work of internal auditorssection 907.
h. Auditing supplementary informationsection 908.
i. Initial audit engagements and reauditssection 909.
j. Using computerized data extraction techniquessection 910.
k. Special client considerationssection 911.
l. Reviews of interim financial informationsection 912.
900.2 The key authoritative literature that establishes requirements or provides suggestions that most directly affect the
special audit considerations noted in paragraph 900.1 is as follows:
a. AU-C 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing
Standards , provides guidance regarding the use of specialists who possess expertise in a specialized area of
accounting or auditing.
b. AU-C 300, Planning an Audit, provides guidance pertaining to audit planning and the consideration of whether
specialized skills and specialists are needed to perform the audit. [Formerly SAS No. 108 (AU 311)]
c. AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance when an entity
uses services provided by a service organization that affect the clients information system relevant to financial
reporting. [Formerly SAS No. 70 (AU 324)]
d. AU-C 500, Audit Evidence, provides guidance regarding the use of managements specialists who have expertise in
a field other than accounting or auditing. [Formerly SAS No. 106 (AU 326)]
e. AU-C 510, Opening BalancesInitial Audit Engagements, Including Reaudit Engagements, provides guidance on
the auditors responsibilities relating to opening balances in an initial audit, including reaudit engagements.
f. AU-C 560, Subsequent Events and Subsequently Discovered Facts, provides guidance on a predecessor auditors
responsibilities when reissuing a report to be presented on a comparative basis with audited financial statements of
a subsequent period. [Formerly SAS No. 58 (AU 508)]
g. AU-C 600, Special ConsiderationsAudits of Group Financial Statements (Including the Work of Component
Auditors), provides guidance on the special considerations that apply to group audits, in particular those involving
component auditors. [Formerly SAS No. 1 (AU 543)]
h. AU-C 610, The Auditors Consideration of the Internal Audit Function in an Audit of Financial Statements, provides
guidance when considering the work of internal auditors and using internal auditors to provide assistance in the
audit of the financial statements. [Formerly SAS No. 65 (AU 322)]
i. AU-C 620, Using the Work of an Auditors Specialist, provides guidance on the use of a specialist that possesses
expertise in an area other than accounting or auditing. [Formerly SAS No. 73 (AU 336)]
j. AU-C 720, Other Information in Documents Containing Audited Financial Statements, provides guidance on the
auditors responsibility for other information in documents containing audited financial statements and the auditors
report thereon. [Formerly SAS No. 118 (AU 550)]
k. AU-C 725, Supplementary Information in Relation to the Financial Statements as a Whole, provides guidance on the
auditors responsibility when engaged to report on whether supplementary information outside the basic financial
statements is fairly stated in relation to the financial statements as a whole. [Formerly SAS No. 119 (AU 551)]
l. AU-C 930, Interim Financial Information, provides guidance on the nature, timing, and extent of procedures to be
performed by an independent auditor when conducting a review of interim financial information. [Formerly SAS No.
100 (AU 722)]
m. QC 10, A Firms System of Quality and Control, provides quality control guidance relating to policies and procedures
for client acceptance and continuance, including withdrawal from an engagement or client relationship.
These authoritative pronouncements are explained further at the relevant points in the following sections.
901 AUDITING CONSOLIDATED OR COMBINED FINANCIAL
STATEMENTSPERIODS ENDING BEFORE DECEMBER 15, 2012
1(59)
901.1 While many audits involve only one entity, it is not uncommon for a business or its owner to have ownership interests in
other businesses. In those situations, auditors are sometimes asked to audit consolidated or combined financial statements.
This section discusses some of the unique issues involved in audits of combined or consolidated financial statements.
Accounting Considerations for Consolidated and Combined Financial Statements
901.2 FASB ASC 810, Consolidation, requires all majority-owned subsidiaries to be consolidated with the parent company
except when control over the subsidiary does not rest with the majority owner. In addition, FASB ASC 810-10-45-11 does not
permit parent company financial statements to be distributed to shareholders as the financial statements of the primary
reporting entity. (See section 1108 of PPCs Guide to Preparing Financial Statements for guidance when parent company
financial statements are issued for other purposes.)
901.3 FASB ASC 810-10-45 describes the significant procedures to be followed in preparing consolidated financial
statements, including the following:
Intercompany balances and transactions should be eliminated.
Intercompany investments should be eliminated.
Investments in majority-owned subsidiaries that are not consolidated because control does not rest with the majority
owners may be reported either on the cost or the equity basis. A majority-owned subsidiary that is not consolidated
should be accounted for using the equity method if the parent has the ability to exercise significant influence over
the subsidiary and the cost method if it does not have that influence. If the subsidiary is not consolidated, the
reasons for not consolidating should be considered, along with other facts and circumstances, in deciding whether
the parent has the necessary influence.
Retained earnings of a subsidiary at the date of acquisition should not be included in consolidated retained
earnings.
901.4 Another area of concern for auditors is the appropriate consolidation of entities commonly referred to as variable
interest entities. Such entities are often created to carry out a specified purpose or activity. In a variable interest entity (VIE),
control is achieved through variable interests rather than voting interests. Accounting guidance for VIEs is found in FASB ASC
810. The guidance explains how to identify VIEs and how to assess a companys interests in a VIE to decide whether to
consolidate that entity. It gives guidance on identifying a controlling financial interest established by means other than voting
interest and requires consolidation of a VIE by an enterprise that holds such an interest. Consolidation of VIEs, as well as
unique auditing considerations, is discussed further in Chapter 14.
901.5 Combined Financial Statements. In addition, FASB ASC 810-10-05-6 discusses presenting combined financial
statements in certain circumstances such as (a) when one individual owns a controlling interest in several corporations that
are related in their operations or (b) when companies are under common management. Presentation of combined financial
statements may be more meaningful than separate financial statements in these two situations; however, FASB ASC
810-10-05-6 does not require combined financial statements to be presented. For convenience, the remainder of this section
refers only to consolidated financial statements; however, the guidance can be applied to both consolidated and combined
Factors Affecting Procedures
901.6 When establishing the overall audit strategy for the client as discussed in Chapter 3, the approach for auditing the
consolidated financial statements is critical since it affects scoping decisions; the amount, assignment, and management of
resources; engagement billings; and profitability. In the development of the detailed audit plan, the auditor should determine
the nature, timing, and extent of procedures that should be performed for each entity. The audit procedures performed at
each subsidiary are influenced by the following:
The scope of the auditors report.
The number, size, and nature of individual subsidiaries.
Client expectations.
901.7 Scope of the Auditors Report. If the auditor has been engaged to report only on the consolidated financial
statements as a whole, then the extent of the auditors procedures at the individual subsidiaries normally is less than the
procedures the auditor would perform if reporting on the financial statements of each individual subsidiary. When reporting
only on consolidated totals, audit effort for each individual subsidiary is influenced by how material the subsidiary is to the
consolidated financial statements. However, if the auditor has been engaged to report on the separate financial statements of
a subsidiary (or a branch or division), more extensive audit procedures are necessary. See section 902 for a discussion of
additional considerations when reporting separately on a branch or division.
901.8 Consolidated financial statements present the consolidated or combined totals only; in other words, the financial
statements of the individual companies comprising the group are not presented separately. Consolidating or combining
financial statements, on the other hand, present the financial statements of the individual companies comprising the group in
addition to the consolidated totals. Consolidating or combining financial statements may be treated either as basic financial
statements or as additional information.
901.9 For example, assume that the consolidating or combining trial balances in the auditors workpapers have the following
columns:
(A)
Parent
Company
(B)
Subsidiary
No. 1
(C)
Subsidiary
No. 2
(D)
Subsidiary
No. 3
(E)
Consolidating
(Combining)
Entries
(F)
Consolidated
(Combined)
Totals
Consolidated or combined financial statements contain only column F while consolidating or combining financial statements
would include all the columns A through F. For convenience, the authors use the term consolidating in the following
paragraphs to include both consolidating and combining financial statements.
901.10 There are two basic approaches to reporting on consolidating financial statements, depending on the nature of the
engagement. One approach results in an opinion on each company included in the consolidated totals. In other words, using
the illustration in paragraph 901.9, the auditors would report on columns A through D and F. In such an engagement,
auditors responsibilities with respect to the separate financial statements are the same as their responsibilities with respect to
the consolidated financial statements. Accordingly, the consolidating financial statements and accompanying notes would
include all the disclosures that are necessary for presentation of the separate financial statements of each component in
conformity with GAAP. The authors refer to that approach as the basic financial statement approach.
901.11 An alternative approach is an engagement to express an opinion only on the consolidated financial statements and to
report on the consolidating information as supplementary information to the consolidated financial statements. Using the
illustration in paragraph 901.9, the auditors would express an opinion only on the consolidated totalscolumn F. The other
columns, A through E, would be reported on as supplementary information that would not be considered necessary for the
fair presentation of the consolidated financial statements in conformity with generally accepted accounting principles. The
authors refer to that approach as the supplementary information approach.
901.12 When the document containing audited consolidated financial statements also contains consolidating information, the
auditors often are in a position to recommend a reporting alternative. The basic financial statement approach has certain
disadvantages. For example, it requires a balance sheet, statement of income, and statement of cash flows to be presented
for the consolidated group and for each of the individual companies included in the consolidated group. Accordingly, the
auditors procedures ordinarily must be sufficient to permit the expression of an opinion on each of the companies included in
the consolidated group, even though one or more of the companies may not be material to the consolidated financial
statements taken as a whole. In addition, the consolidating financial statements and accompanying notes should include all of
the disclosures that are necessary for presentation of the separate financial statements of each component in conformity with
GAAP. If any of the components included in the consolidated financial statements are affected by departures from GAAP or
their inconsistent application, scope limitations, or uncertainties, the auditors report on the consolidating financial statements
also should ordinarily be modified even though such factors may not be material to the consolidated totals.
901.13 Presenting consolidating financial statements as supplementary information has significant advantages over the basic
financial statement approach. First, the consolidating financial statements are presented only for purposes of additional
analysis rather than as basic financial statements. When auditors report on supplementary information, their opinion and
materiality judgments relate to the consolidated financial statements taken as a whole rather than to the financial statements
of each component. Supplementary information does not require disclosures about each individual company, nor is it
necessary to present a balance sheet, income statement, and statement of cash flows for each one. The presentation may
consist of just a consolidating balance sheet, a balance sheet and income statement, or any other possible combination.
901.14 Because of the advantages described in the preceding paragraph, the authors recommend that, if possible, the audit
engagement be structured to report on consolidating financial statements using the supplementary information approach.
Chapter 9 of PPCs Guide to Auditors Reports provides guidance for reporting on consolidated and combined financial
statements as well as consolidating information. (Auditors should be aware that, in some cases, credit or other agreements
may require a separate report on one or more of the individual companies included in the consolidated group.)
901.15 Number, Size, and Nature of Subsidiaries. The extent of audit effort at each individual subsidiary is affected by the
number and size of individual subsidiaries that make up the consolidated group. If the consolidated group consists of
subsidiaries of relatively equal size, the auditor will often need to perform audit procedures on significant accounts at each
subsidiary. However, if only one or a few subsidiaries make up a significant portion of the consolidated groups assets and
revenues, the auditor may perform less detailed or less extensive procedures on the financial statements of the other
subsidiaries.
901.16 When there are several smaller subsidiaries that are not individually significant to the consolidated financial
statements but that are material in the aggregate, the auditor will ordinarily need to select subsidiaries for substantive tests of
details. Subsidiaries that are not subject to substantive tests of details annually generally should be tested using a rotational
plan. However, the auditor should avoid predictability in which subsidiaries will be tested.
901.17 The factors that generally should be considered in identifying the subsidiaries to test on-site are as follows (see also
SAS No. 107 at AU 312.16):
Fraud RisksIdentified fraud risks that relate to the subsidiary increase the likelihood of testing.
Number and Nature of SubsidiariesThe existence of few and diverse subsidiaries increases the likelihood of testing
all subsidiaries; the existence of many similar subsidiaries increases the likelihood of testing selected subsidiaries.
Nature and Amount of Assets and TransactionsThe more diverse or greater the number of assets and transactions
at the subsidiary, the more likely the need to be tested.
Prior Audit ResultsHigh rates and amounts of misstatements in prior audits increase the likelihood of testing a
subsidiary.
Profitability Relative to ExpectationsSignificantly higher or lower profitability than expected increases the likelihood
of performing substantive tests of details at a subsidiary.
Extent of Centralization of Management and Accounting InformationAvailability of management and accounting
information only on-site rather than at the parent increases the number of subsidiaries that need to be tested on-site.
Effectiveness of the Control Environment and the Ability of Management to Supervise Activities at the SubsidiaryThe
less effective the control environment or monitoring activities at the subsidiary, the more likely the need to be tested.
Uniformity of Accounting System and ControlsA greater degree of uniformity in the accounting system and uniform
effective controls reduces the number of subsidiaries that need to be tested.
Relative MaterialityThe greater the materiality of assets, liabilities, revenues, or expenses at a subsidiary, the more
likely the subsidiary is to be tested, other matters remaining equal.
Inherent RiskThe greater the inherent risk of material misstatement of assets, liabilities, revenues, or expenses at a
subsidiary, the more likely it is to be tested.
901.18 After the auditor has identified the subsidiaries to test on-site, the auditor needs to consider whether the audit
approach will include reliance on on-site internal controls (that is, tests of the operating effectiveness of controls at a
subsidiary to support a lower assessment of control risk to modify substantive procedures). The efficiency and effectiveness
of this approach may be affected by whether controls are designed or operate differently at the subsidiary level. If that is the
case, the assessments of control risk could vary by subsidiary resulting in varying assessments of the risk of material
misstatement at the subsidiary level and lack of uniformity in the nature, timing, and extent of substantive procedures. This
lack of uniformity can create practical problems in coordinating the audit work across the consolidated entity. If a greater
degree of uniformity in substantive procedures is considered desirable or necessary, the auditor can use the highest (or
worst) assessment of control risk at any of the subsidiaries or might conclude that control testing is not practical. The
understanding of internal control and assessment of risks are discussed in Chapters 3 and 4.
901.19 The auditor should typically perform selected analytical procedures at the parent for the subsidiaries that are not
tested on-site. These procedures might include scanning the account balances of the subsidiary to identify significant
fluctuations and other analytical procedures tailored to the nature and circumstances of the subsidiary. Any questions that
arise from these analytical procedures that cannot be resolved satisfactorily at the parent may require additional detailed audit
procedures.
901.20 Each year, the auditor should be satisfied that there is adequate dollar coverage of the significant accounts of
subsidiaries subjected to substantive tests of details. However, the authors caution that the dollar amount of assets, liabilities,
revenues, or expenses at a particular subsidiary should not be the sole consideration. The auditor should carefully consider
those factors that affect the risk of material misstatement of all relevant assertions. It is particularly important to consider the
completeness assertion. The maximum amount that an account can be overstated is its dollar amount, but there is no limit on
the potential understatement. Thus, the auditor should consider the risk of understatement of liabilities at a subsidiary. For
example, a subsidiarys recorded net assets may be immaterial to the consolidated group, but it may operate in an industry
that exposes the company to significant potential environmental liabilities.
901.21 Client Expectations. Auditors should also consider client expectations when determining the amount of audit effort
for each subsidiary. In some cases, the client may expect audit procedures that are sufficient for expressing an opinion on
each subsidiarys financial statements even though the auditor is only reporting on the consolidated financial statements. In
addition, the client may request the auditor to perform procedures at subsidiaries regardless of materiality or the likelihood of
material misstatements. As long as the client is willing to pay for such extended services, nothing precludes the auditor from
doing more work than the minimum necessary to report on the consolidated financial statements. It is important that the
auditor gain an understanding of the level of service expected by the client and clearly document that understanding in the
engagement letter during the pre-engagement planning process discussed in Chapter 2. Independence considerations when
performing extended audit services are discussed in section 202.
Determining Materiality
901.22 Chapter 3 discusses how to determine planning materiality. When auditing consolidated financial statements or
entities with multiple subsidiaries, the auditor has the following choices as to what planning materiality to use at the individual
subsidiaries:
Consolidated planning materiality.
Adjusted consolidated planning materiality.
Individual subsidiary planning materiality.
The factors discussed beginning in paragraph 901.6 will have an effect on which planning materiality is used when auditing
consolidated financial statements. As noted previously, this guidance also applies to combined financial statements.
901.23 Consolidated Planning Materiality. If the auditor has been engaged to report on only the consolidated financial
statements, planning materiality should be calculated based on the consolidated financial statements (that is, use a
consolidated benchmark such as consolidated total assets or consolidated total revenues). Consolidated tolerable
misstatement should be used to determine the scope of audit procedures to be applied to specific account balances or
classes of transactions at each subsidiary. This approach is based on the assumption that audit procedures are performed for
every subsidiary.
901.24 As noted earlier, if one or more subsidiaries are relatively immaterial to the consolidated group, the auditor may elect
not to perform detailed audit procedures at the smaller subsidiaries. Often, analytical procedures are performed on the
financial statements of these subsidiaries. When that is the case, the authors believe that consolidated tolerable misstatement
can still be used at the subsidiaries subject to detailed audit procedures because the auditor is also performing procedures to
address the balances at the smaller subsidiaries. If, however, audit procedures are not performed for each material
subsidiary, an adjusted planning materiality should be considered.
901.25 Adjusted Consolidated Planning Materiality. If the auditor decides to perform detailed audit procedures on
significant accounts at some subsidiaries and does not perform analytical procedures or other substantive procedures at the
remaining subsidiaries, the authors believe that an adjustment to consolidated planning materiality should be considered. The
adjustment is necessary to take into account the fact that part of the population for a significant account or class of
transactions will not be subject to audit procedures.
901.26 The following formula can be used to adjust consolidated planning materiality when audit procedures are not
performed at all subsidiaries:
Use of this formula will result in a lower planning materiality and tolerable misstatement for determining the extent of detailed
audit procedures at the subsidiaries selected for audit testing. This, in turn, will result in the same extent of procedures as
would have been performed if all subsidiaries were subject to testing.
901.27 Individual Subsidiary Planning Materiality. In some cases, the auditor may be expressing an opinion on the
consolidated financial statements and issuing a separate opinion on one or more subsidiaries. In that situation, in addition to
determining consolidated planning materiality and tolerable misstatement, a separate planning materiality and tolerable
misstatement should be determined based on the financial statements of each entity for which a separate report will be
issued. Consolidated tolerable misstatement can be used for those subsidiaries that are not being reported on separately.
901.28 However, planning materiality for an individual subsidiary should not exceed consolidated planning materiality. This
could be a concern if, for example, planning materiality is based on revenues and the auditor is issuing a separate report on a
subsidiary with significant intercompany sales. Because the intercompany sales are eliminated for the consolidated financial
statements, consolidated planning materiality could be less than the subsidiarys planning materiality. This could also be the
case if, for example, planning materiality is based on assets and a subsidiary has significant intercompany receivables. In
these situations, the auditor should use consolidated planning materiality at the subsidiary being reported on separately to
ensure sufficient procedures are performed to support the auditors opinion on the consolidated financial statements.
901.29 When consolidating information is presented and reported on as a basic financial statement, planning materiality
should be determined separately for each individual subsidiary presented. As discussed in paragraph 901.12, if consolidating
information is presented as a basic financial statement, the extent of audit procedures performed should be sufficient to
express an opinion on each subsidiary. However, as discussed in paragraph 901.13 if consolidating information is presented
and reported on as supplementary information, the auditors materiality judgments relate to the consolidated financial
statements and it is often not necessary to determine a separate planning materiality for each subsidiary.
901.30 However, in some cases where the consolidating information is presented and reported on as supplementary
information, a separate determination of planning materiality for the subsidiary may still be necessary. SAS No. 107 (AU
312.31) states:
When establishing the overall strategy for the audit, the auditor should consider whether, in the specific
circumstances of the entity, misstatements of particular items of lesser amounts than the materiality level
determined for the financial statements taken as a whole, if any, could, in the auditors judgment, reasonably
be expected to influence economic decisions of users taken on the basis of the financial statements. Any
such amounts determined represent lower materiality levels to be considered in relation to the particular
items in the financial statements.
For example, based on the financial statement users needs and expectations, focus might be directed on the financial
performance of a newly acquired subsidiary presented and reported on as supplementary information. In establishing
materiality and determining whether users may have needs or expectations regarding a subsidiarys financial results, the
auditor should consider obtaining the views of management and those charged with governance.
Intercompany Transactions and Balances
901.31 Individual subsidiaries within a consolidated group may engage in transactions with each other and with the parent
company. Common intercompany transactions and balances include:
Sales/purchases of inventory or services.
Receivables and payables.
Loans or advances.
Interest revenue or expense.
Parent company overhead allocations.
Investments in subsidiaries.
Intercompany rents.
Dividends.
As discussed in paragraph 901.3, FASB ASC 810-10-45-1 requires intercompany balances and transactions to be eliminated
in the consolidated financial statements.
901.32 Consolidating entries are often necessary to eliminate intercompany transactions. The nature of the consolidating
entries depends on how the original transactions were recorded on the books of the parties to the transactions. The purpose
of the consolidating entries is to eliminate the grossing up of revenues and expenses and assets and liabilities in the
consolidated financial statements. Many eliminating entries will have no effect on consolidated net income or equity. However,
in some cases, eliminating entries must be made to prevent overstatement of consolidated net income and equity. As
discussed in Chapter 3 and at paragraph 901.36, the auditor is required to obtain a sufficient knowledge of the information
system when obtaining an understanding of internal control, which includes how consolidating entries are made during the
financial reporting process.
901.33 Intercompany Profit. When one company sells a product or asset to another affiliated company in the consolidated
group at an amount greater than the selling companys cost, the selling company appropriately recognizes a profit on the
sale. However, for consolidated financial statements, intercompany profit should not be recognized until the asset is sold to a
nonaffiliate. If, at the end of the period, the purchasing company carries inventory that was purchased from another member
of the consolidated group for greater than the selling companys cost, consolidated inventory, sales, cost of goods sold, net
income, and equity are overstated. As a result, FASB ASC 810-10-45-1 requires the intercompany profit in inventory to be
eliminated for the consolidated financial statements.
901.34 One-sided Entries. Another common occurrence that often gives rise to misstated income and equity is one-sided
entries. They occur most often when one affiliated company records a receivable from another affiliate (and credits an
expense account), and the other affiliate fails to record a corresponding payable (and debit the expense account). These
situations must be resolved by the client so that both affiliates record the transaction, which then can be eliminated in
consolidation, or the originating affiliate reverses its entries.
901.35 Chapter 11 of PPCs Guide to Preparing Financial Statements provides more detailed guidance on consolidation and
elimination entries when preparing consolidated financial statements.
901.36 Audit Considerations. When obtaining an understanding of the clients financial reporting system as discussed in
Chapter 3, the auditor is required to understand the procedures used to record consolidating adjustments to understand how
misstatements may occur. When auditing consolidated financial statements, the auditor should generally determine that all
intercompany transactions and balances are identified and eliminated in the consolidation. The auditors procedures for
identifying intercompany transactions and balances depends on the nature and condition of the clients accounting records. If
the client maintains separate general ledger accounts for all intercompany transactions and performs periodic reconciliations
of those accounts between subsidiaries, the auditors procedures are normally limited to making sure the balances in the
intercompany balance sheet and income statement accounts are eliminated. However, if the client does not keep such
detailed accounting records, audit procedures will be more extensive.
901.37 If the client does not maintain separate accounts for intercompany transactions, the auditor should perform
procedures to ensure that all intercompany transactions and balances have been identified. Procedures that the auditor may
perform include:
Inquiry of the client.
Review of cash receipts and disbursement records.
Review of accounts receivable and accounts payable subsidiary records.
Review of series of source documents reserved for intercompany sales or purchases.
In many cases, after all transactions and balances have been identified, discrepancies exist between subsidiaries that should
be reconciled in order to eliminate the intercompany balances. The auditor should request the client to investigate any
material differences so that the intercompany transactions and balances can be eliminated in the consolidation.
901.38 When the auditor is expressing an opinion on both the consolidated financial statements and the separate financial
statements of one or more significant subsidiaries, additional procedures related to intercompany transactions may be
necessary. In this situation, intercompany transactions eliminated in consolidation may have a material effect on the separate
financial statements of the subsidiary. These related-party transactions need to be audited in accordance with the
requirements of SAS No. 45 (AU 334) and the Auditing Interpretation at AU 9334.18. The Interpretation states as follows:
The risk associated with managements assertions about related party transactions is often assessed as
higher than for many other types of transactions because of the possibility that the parties to the transaction
are motivated by reasons other than those that exist for most business transactions.
The Interpretation explains that, for example, the auditor may perform more extensive tests of the valuation of a related-party
receivable than a trade receivable of the same size. This is because the related party may be motivated to obscure the
substance of the transaction. If the auditor focuses only on the consolidated financial statements, the audit procedures may
be erroneously limited to being satisfied that the intercompany transactions are properly eliminated in consolidation.
902 AUDITS OF BRANCHES OR DIVISIONSPERIODS ENDING BEFORE
DECEMBER 15, 2012
2(60)
902.1 Auditors frequently audit and report on the separate financial statements of components of a company. Examples are
branches or divisions of a parent company. This type of multi-location engagement may present the auditor with the following
scenarios:
a. Audit of a single entity that has separate branches or divisions.
b. Separate audit of a branch or division.
c. Audit of a single entity that has multiple inventory locations.
902.2 For the purposes of determining extent of tests and materiality, the same considerations apply to scenarios a. and b.
as would apply to an audit of subsidiaries of a consolidated entity. Those considerations are discussed beginning in
paragraph 901.6. In other words, if the auditor is reporting on a single entity with multiple branches or divisions, either
consolidated planning materiality or an adjusted planning materiality should normally be used in determining the extent of
audit testing at each branch or division. (However, the auditor should consider whether materiality should be separately
established for a disclosed branch or division if its financial performance might influence the decision of a user as discussed
in paragraph 901.30.) Likewise, if the auditor is issuing a separate report on the financial statements of a branch or division, a
separate planning materiality should be set for that branch or division. As noted in paragraph 901.28, planning materiality for
the branch or division should not exceed planning materiality for the total entity.
Other Considerations for a Separate Audit of a Branch or Affiliate
902.3 When the auditor reports on the separate financial statements of components of a company, additional considerations
apply. Often the auditors report on such a component is used not only by the company but by another principal auditor, who
is reporting on consolidated financial statements that include the components statements. Section 903 of this Guide and
Chapter 10 of PPCs Guide to Auditors Reports give guidance to principal auditors using the work of other auditors.
Paragraph 902.4 and following discuss other matters relevant to audits of the components separate financial statements.
902.4 Related Party Considerations. When a company is directly or indirectly owned or controlled by another company or
under common control with another company, related-party considerations usually are of significant concern. FASB ASC
850-10-20 specifies that related-party transactions include transactions between the parent company and its branches or
divisions. The reason for the heightened concern is that, as FASB ASC 850-10-50-5, states, transactions involving related
parties cannot be presumed to be carried out on an arms-length basis, as the requisite conditions of competitive, free-market
dealings may not exist. Such transactions between components are not eliminated from the separate financial statements as
they are in consolidation. Examples of matters of concern include the following:
The operations of the branch or division whose financial statements are being reported on will be subject to
influence by the affiliates.
Transactions among affiliates may involve conflicts of interest or may be recorded according to their form rather than
their substance. Examples of transactions that raise questions about their substance include:
Borrowing or lending on an interest-free basis or at a rate of interest significantly above or below current market
rates.
Selling real estate at a price that differs significantly from its appraised value.
Exchanging property for similar property in a nonmonetary transaction.
Making loans with no scheduled terms about when or how the funds will be repaid.
Certain income, costs, and expenses common to the affiliates (for example, common management or administrative
expenses) may be allocated on an arbitrary basis.
902.5 Financial Statement Disclosures. When the financial statements issued are those of a branch or division, that fact
should be disclosed in the financial statements. Such disclosure may be made in the heading of the financial statements, e.g.,
ABC Company (a division of DEF Company) or Lexington Branch of DEF Company, in other appropriate captions, or in
the notes to the financial statements.
902.6 The financial statements should also include the disclosures about related-party transactions that FASB ASC 850-10-50
requires:
Nature of the relationship involved.
Description of the transactions, including transactions for which no or nominal amounts are ascribed.
Dollar amounts of transactions.
Amounts due to or from related parties.
902.7 Additional disclosures are usually needed to keep the financial statements from being misleading. The authors believe
that the financial statements should disclose (a) information about how corporate expenses are allocated by the parent to the
branch or division, and (b) the amount of such corporate expenses allocated. When such disclosures are omitted, the
auditors should consider issuing a qualified or adverse opinion for a departure from GAAP.
902.8 Audit Procedures. Section 1806 discusses general procedures for identifying and examining related party
transactions that should be performed in all audits. The Related Party Confirmation at ASB-CL-12.4 can be used to obtain
information from owners, officers, directors, or others about the existence of related party transactions. Principal auditors can
also use ASB-CL-14.2, Letter from Principal Auditor to Other Auditors Regarding Related Parties, to help facilitate timely
communication with other auditors regarding known related parties and related party transactions. In addition, audit
interpretations at AU 9543.04.10 describe inquiries that auditors of a components financial statements should consider
making of principal auditors. The inquiries concern related parties, complex or unusual transactions, adjustments, or other
matters the principal or other auditors may be aware of that might require adjustment to or disclosure in the components
financial statements. The principal auditors also should be asked whether any limitations on the scope of their audit relate to
the audit of the component or limit the principal auditors ability to provide the requested information. If the principal auditors
report any such scope limitations, or if their audit has not progressed to a point sufficient for providing the requested
information, the auditors of the components financial statements may need to qualify their audit report for a scope limitation.
ASB-CL-14.3, Inquiry of Group Auditor by Component Auditor, provides a letter that auditors of a component can use to
make the suggested inquiries of principal auditors. Principal auditors can reply to the other auditors inquiries using
ASB-CL-14.4, Group Auditors Response to Inquiries from Component Auditor.
Multiple Inventory Locations
902.9 A situation similar to auditing a branch or division is an audit of an entity with multiple inventory locations. If the auditor
is requested to report separately on an individual inventory location (which would be rare), the considerations would be the
same as discussed in this section for a separate audit of a branch or division. More commonly, the auditor must decide which
inventory locations will be observed during an inventory observation when the entitys inventory is at several locations. When
this is the case, it may not be efficient to observe inventory at every location. In determining what locations to observe, the
auditor would normally consider any specific risks for particular locations based on the understanding of the entity and its
environment, including internal control, as well as the assessment of control risk for the assertions of existence and
occurrence and whether the auditor plans to modify substantive procedures based on this assessment. However, the
auditors concern will normally be obtaining sufficient observation coverage of the inventory account balance.
902.10 If sampling is used and the auditor is not observing inventory at all locations, the auditor may select a two-stage
sample. In the first stage, the auditor selects a representative sample of locations to observe. At each location selected for
observation, the auditor then selects a sample of inventory items for test counting. An adjustment should be made to the test
count sample size to compensate for the fact that some locations are not being test counted. This adjustment should be
calculated as follows:
The auditor should multiply the sample size adjustment factor by the number of items in the original sample size for each
location. This will allow the auditor to project the results from the locations selected for observation to those locations not
observed.
902.11 The authors believe that the approach discussed in the preceding paragraph is also appropriate if locations are
selected for observation by means other than sampling (for example, based on materiality, misstatements in prior years, or
other factors). In those cases, the sample size determined for test counting procedures at individual locations should still be
grossed up by the sample size adjustment factor.
902.12 However, as discussed in section 1201, the authors recommend an approach to inventory observation that does not
employ sampling. If that approach is used, the adjustment described in the preceding paragraphs is unnecessary. Instead,
the auditor should simply ensure that enough locations are observed to achieve the auditors desired level of coverage.
903 USING THE WORK OF OTHER AUDITORSPERIODS ENDING BEFORE
DECEMBER 15, 2012
3(61)
903.1 Part of the work related to the financial statements on which the auditor is reporting may be performed by other
auditors. That situation is primarily encountered when other auditors audit the financial statements of subsidiaries, divisions,
branches, or other components included in consolidated or combined financial statements. Other auditors also may audit
financial statements underlying investments accounted for by the equity method. Finally, other auditors may perform
procedures with respect to elements, accounts, or items of financial statements.
Definitions
903.2 In the remainder of this section, the authors use the following terms when discussing using the work of other auditors:
Principal Auditors. Auditors who, based on their audit, report on the financial statements of a consolidated or
combined entity that incorporates financial statements audited and reported on by other auditors.
Other Auditors. Auditors who audit and report on the financial statements of one or more subsidiaries, divisions,
branches, components, or investments included in financial statements on which the principal auditors report.
903.3 The primary authoritative literature when using the work of other auditors is SAS No. 1 at AU 543, Part of Audit
Performed by Other Independent Auditors. AU 543 provides authoritative guidance on serving as principal auditors and using
the work and reports of other auditors who have audited the financial statements of one or more subsidiaries, divisions,
branches, components, or investments included in financial statements.
Responsibilities When Using the Work of Other Auditors
903.4 According to SAS No. 1 at AU 543, the primary decisions auditors must make in using the work and reports of other
auditors are:
a. Whether They May Serve as Principal Auditors and Report on the Financial Statements Even Though They Have Not
Audited All of the Subsidiaries, Divisions, Branches, Components, or Investments That Will Be Included in the
Financial Statements. In deciding whether the auditor can serve as the principal auditor, consideration should be
given to factors such as the materiality of the portion of the financial statements to be audited in comparison with the
portion to be audited by other auditors, the extent of knowledge of the overall financial statements, and the
importance of the components to be audited in relation to the enterprise as a whole. Items to consider when
determining if an auditor is the principal auditor are at AU 543.02. (If substantially all of the audit work was
performed by the other auditors, the auditor may not be considered the principal auditor and AU 543 will not apply.
In those circumstances, the auditor should supervise the other auditors as described in AU 230 and AU 311 and
assume full responsibility for their work.)
b. Whether They Are Satisfied with the Independence and Professional Reputation of the Other Auditors. Procedures to
obtain this satisfaction are discussed beginning in paragraph 202.69.
c. The Extent of the Procedures That Are Necessary to Coordinate Their Activities with Those of the Other Auditors to
Achieve a Proper Review of the Matters Affecting the Consolidating or Combining of Accounts in the Financial
Statements.
d. Whether to Refer to the Other Auditors in Their Report. The decision of whether to make reference to another auditor
is beyond the scope of this Guide. However, a comprehensive discussion of when to refer to another auditors work
can be found in PPCs Guide to Auditors Reports, which can be ordered by calling (800) 431-9025 or online at
903.5 An auditing interpretation at AU 9543.01.03, Specific Procedures Performed by the Other Auditor at the Principal
Auditors Request, notes that the principal auditors are responsible for determining the extent of the procedures to be
performed by the other auditors and providing specific instructions and other information on those procedures. The other
auditors are responsible for performing the procedures as instructed and reporting the findings solely for the use of the
principal auditors.
903.6 Regardless of whether or not the principal auditors decide to refer to the other auditors in their report, SAS No. 1 at AU
543.10 contains guidelines about what procedures should be performed when a principal auditor decides to use the work of
other auditors regardless of whether he or she decides to refer to the work of the other auditor. They include the following:
Inquiring about the other auditors professional reputation.
Obtaining a representation from the other auditor that he or she is independent under the requirements of the
AICPA.
Determining that the other auditor is aware of the intended use of his or her financial statements and report.
Determining that the other auditor is familiar with GAAP and GAAS audit and reporting requirements.
Ensuring that the other auditor has been informed about matters affecting the elimination of intercompany
transactions and, if appropriate, the uniformity of accounting principles among the components included in the
903.7 If the results of inquiries and procedures discussed in paragraph 903.6 cause the principal auditors to conclude they
can neither assume responsibility for the work of the other auditors (as discussed in paragraph 903.8) nor make reference to
the other auditors in their report, the principal auditors should modify their opinion on the financial statements. The effect on
the auditors report in these circumstances is discussed in Chapter 10 of PPCs Guide to Auditors Reports.
Decision Not to Make Reference
903.8 If the principal auditors decide not to refer to the work of the other auditors in their report, they assume responsibility
for the adequacy of the other auditors work as if it had been performed by the principal auditors and their staff. In addition to
satisfying themselves about the matters discussed beginning in paragraph 903.3, SAS No. 1 at AU 543.12 indicates that the
principal auditors need to consider whether additional procedures, such as reviewing the other auditors audit programs or
workpapers, are necessary. Additional procedures and practical considerations for principal auditors who decide not to refer
to the work of other auditors are included in the Other General Planning Procedures at ASB-AP-1. The determination of the
extent of additional procedures to be applied, if any, rests solely with the principal auditors who have assumed responsibility
for their opinion on the financial statements.
903.9 An auditing interpretation at AU 9543.18.20, Application of Additional Procedures Concerning the Audit Performed by
the Other Auditor, states that, in determining the extent of additional procedures to be applied when the principal auditors
decide not to make reference, principal auditors may consider the other auditors compliance with quality control policies and
procedures. Other factors principal auditors may consider include their previous experience with the other auditors, the
materiality of the portion of the financial statements audited by the other auditors, the control exercised by the principal
auditors, and the results of the principal auditors other procedures.
When Other Auditors Have Ceased Operations
903.10 An AICPA Technical Practice Aid at TIS 8900.05 provides guidance when other auditors who have audited the
financial statements of one or more subsidiaries, divisions, branches, components, or investments included in a companys
financial statements have ceased operations. The Technical Practice Aid states that the principal auditors may make reference
to the audit of the other auditors or assume responsibility for their work only if:
a. the other auditors have issued an audit report, and
b. the principal auditors were able to complete all of the procedures required by SAS No. 1 at AU 543 (see paragraph
903.3) before the other auditors ceased operations. (The procedures described in AU 543 cannot be appropriately
performed after the other auditors have ceased operations.)
903.11 When the principal auditors are not able to use the work of the other auditors in accordance with AU 543, they must
perform procedures sufficient to provide a reasonable basis for an opinion. However, the principal auditors review of the
other auditors workpapers may affect the nature, timing, and extent of those procedures.
Financial Statements That Include Investments Accounted for by the Equity Method
903.12 When investments are accounted for by the equity method, different auditors may report on the financial statements
of the investor and those of the investee, and one auditor may use another auditors report to obtain evidence about the
investor companys equity in underlying net assets and its share of earnings or losses and other transactions of the investee.
SAS No. 92, Auditing Derivative Instruments, Hedging Activities, and Investments in Securities (AU 332.28), indicates that the
report of other auditors on the financial statements of the investee may constitute sufficient evidential matter with respect to
such investments. Section 1401 of this Guide includes a further discussion on auditing investments in closely held
companies.
903.13 Before using the report of other auditors, SAS No. 1 at AU 543.02 requires auditors to consider:
a. the materiality of the portion of the financial statements they have audited in comparison with the portion audited by
other auditors,
b. the extent of their knowledge of the overall financial statements, and
c. the importance of the components they audited in relation to the enterprise as a whole.
For example, if investments accounted for by the equity method constitute a significant portion of a companys total assets,
the auditors should consider whether they have audited a sufficient portion of the companies underlying such investments to
serve as principal auditors.
Procedures Performed by Other Auditors with Respect to Elements, Accounts, or Items of
903.14 The following situations sometimes generate questions concerning whether SAS No. 1 at AU 543 applies when other
auditors have performed procedures with respect to certain elements, accounts, or items of financial statements:
a. Auditors engage other auditors to perform audit procedures on certain accounts, e.g., to observe property or
inventory in a remote location.
b. Auditors engage the services of employees of another firm on a loan staff basis to assist in the audit of a large client.
c. Auditors, during a current-year engagement, replace other auditors who started the engagement.
903.15 It must be acknowledged that AU 543 only applies to other auditors engaged to audit the financial statements of a
subsidiary, branch, or division. AU 543 does not apply to engagements where other auditors perform procedures on an
element, account, or item of a financial statement. Technically, therefore, the requirements set forth beginning in paragraph
903.3 are not mandatory.
903.16 However, despite the lack of applicability of AU 543 to other auditors who perform procedures on only a part of a
financial statement, it is doubtful that the principal auditors can justify not assuming full responsibility for the work of the other
auditors. Therefore, the firm should have a quality control procedure that requires the independence of other auditors to be
confirmed any time they are used, regardless of that use. In paragraph 903.14, situation c., the other auditors normally will not
be in a position, and will not be willing, to issue a report on elements, accounts, or items of the financial statements. However,
even if the predecessor auditors do not issue a report on elements, accounts, or items of financial statements, the scope of
the successor auditors work may, nevertheless, be reduced by reviewing the other auditors workpapers. In addition, in
situations a. and b. in paragraph 903.14, the requirements of Ethics Ruling No. 112 (ET 191.224.225) related to the use of
third-party service providers may apply. See the discussion in paragraph 202.65.
Using the Work of Predecessor Auditors
903.17 See sections 205 and 910 of this Guide for a discussion on using the work of a predecessor auditor.
904 AUDITS OF GROUP FINANCIAL STATEMENTSPERIODS ENDING ON OR
AFTER DECEMBER 15, 2012
904.1 This section explains the special considerations that apply to the audit of group financial statements, including
particularly the effect of the work of component auditors, under the auditing standards effective for audits of periods ending
on or after December 15, 2012.
904.2 The authoritative literature that applies to group audits is AU-C 600, Special ConsiderationsAudits of Group Financial
Statements (Including the Work of Component Auditors). AU-C 600 is effective for audits of periods ending on or after
December 15, 2012, and early adoption is not permitted. However, auditors that want to implement aspects of AU-C 600 early
may do so as long as they also comply with the existing standards discussed in sections 901, 902, and 903. AU-C 600
replaces AU 543, Part of the Audit Performed by Other Independent Auditors, but its application is much broader.
Consequently, if adopted early, the requirements in all areas would also comply with the existing standards in AU 543. The
objectives and requirements of AU-C 600 are summarized beginning in paragraph 904.7.
904.3 Approach to Presentation of Group Audit Requirements. Planning and performing a group audit involves all of the
same steps in the audit process as outlined in paragraph 102.2. In a group audit, however, each of those steps has special
considerations that apply particularly to a group audit. The approach in this section is to focus on those special
considerations and aspects of group audits that are incremental to the normal audit steps. However, generally the procedures
performed, information obtained, and decisions reached are done as an integral part of performing and documenting the
usual steps in an audit. Exhibit 9-1 outlines audit activities that are particularly relevant to group audits in relation to audits in
general.
Exhibit 9-1
Audit Activities Particularly Relevant to Group Audits
Step in the Audit Process Aspect of Step Relevant to a Group Audit
Perform procedures regarding
acceptance/continuation of the client
relationship, evaluate compliance
with ethical requirements (including
independence), and establish an
understanding with the client in an
engagement letter.
Obtain an understanding of the group, its components, and
their environments sufficient to make the following
decisions:
Identify components that are likely to be significant
components.
Determine whether sufficient appropriate evidence can
be obtained to act as group auditor.
Develop a preliminary audit strategy,
establish planning materiality, and
perform risk assessment procedures
to gather information about the entity
and its environment that may be
Assess the extent to which the group engagement team will
use the work of component auditors.
Determine the type of work to be performed on each
components financial information, e.g., audit of financial
information; audit of specified account balances, transaction
relevant in identifying risks of
material misstatement of the financial
statements.
classes, or disclosures; specified audit procedures; review;
or analytical procedures at the group level.
Determine and document materiality levels, including
Component materiality for those components for which
an audit or review will be performed.
Component performance materiality.
Threshold for misstatements clearly trivial to the group
their environments, including component auditors.
Revise the initial identification, if necessary, of components
that are likely to be significant.
Determine whether to make reference to a component
auditor in the auditors report on the group financial
statements.
When assuming responsibility for the work of component
auditors
Discuss the components business activities of
significance to the group with the component auditor or
component management to identify potential risks of
material misstatement of the group financial
statements.
Discuss with the component auditor the susceptibility
of the components financial information to material
misstatement resulting from error or fraud.
Evaluate the appropriateness of performance
materiality at the component level.
Gather the information to understand
and evaluate the design and
implementation of the entitys
internal control system.
their environments, including
Group-wide controls.
The consolidation process.
Synthesize the information gathered,
identify risks (both overall and
specific) that could result in material
statements, and finalize the overall
audit strategy.
Identify risks of material misstatement particularly relevant to
the group audit, including the consolidation process.
auditors, review the component auditors documentation of
identified significant risks of material misstatement of the
Assess the risks of material
misstatement of the entitys financial
statements.
Assess risks of material misstatement particularly relevant to
the group audit, including the consolidation process.
auditors, evaluate their planned responses to significant
risks of material misstatement of the group financial
statements and decide whether it is necessary to be
involved in those procedures.
Develop and perform appropriate
responses (further audit procedures)
to the assessed risks of material
statements considering the overall
audit strategy and planning
materiality.
Decide whether to test the operating effectiveness of
group-wide controls and who (group engagement team or
component auditor) should perform the testing.
Design and perform further audit procedures on the
consolidation process.
Design and perform procedures to evaluate the
appropriateness, completeness, and accuracy of
consolidation adjustments and reclassifications.
consolidation adjustments and reclassifications.
Design and perform procedures for components whose
financial statements are beginning subjected to audit
procedures to identify subsequent events and decide who
(group engagement team or component auditor) should
perform the testing.
Design and conduct appropriate communications between
the group engagement team and the component auditors
to
Communicate the group teams requirements to the
component auditor on a timely basis.
Obtain from the component auditor matters relevant to
the group teams audit conclusions.
Based on the type of work to be performed on components
for which responsibility will be assumed, determine the
nature, timing, and extent of the group engagement teams
involvement in the work of component auditors.
Evaluate audit findings and
evidence.
Evaluate the component auditors communication and the
sufficiency of their work.
If applicable, read the components financial statements and
component auditors report.
Prepare required reports and
communications.
Communicate with management and those charged with
governance of the group about specific matters relevant to
the group audit.
* * *
904.4 Definitions Relevant to Group Audits. According to AU-C 600.11, group audits are audits of group financial
statements, which are financial statements that include the financial information of more than one component. A component is
any entity or business activity for which group or component management prepares financial information that is required by
accounting standards to be included in the group financial statements. Thus, under GAAP, as explained in paragraph 901.2,
consolidated financial statements are group financial statements. However, group financial statements also include combined
financial statements that aggregate the financial information of components under common control as well as financial
statements that aggregate components of other organizational structures, such as branches or divisions. For example, group
financial statements include all of the following types of aggregations of financial information into financial statements:
Parent company and one or more subsidiaries.
Joint ventures.
Investor and investee accounted for by the equity or cost method.
Head office and one or more branches or divisions.
Other combinations of entities or activities organized by function, process, product or service, or geographical
location.
904.5 AU-C 600.11 defines a component auditor as an auditor who performs work on the financial information of a
component that will be used as audit evidence for the group audit. Component auditors are not just other auditors. A
component auditor may be part of the group engagement partners firm, a network firm of the group auditor, or another
auditing firm. Thus, even when firm offices other than the lead partners office are involved in the audit, the requirements of
AU-C 600 apply. An auditor who performs work on a component when the group engagement team will not use that work to
provide audit evidence, however, is not considered a component auditor.
904.6 AU-C 600.11 also defines the group engagement team as the partners and staff who establish the group audit strategy,
communicate with component auditors, perform work on the consolidation process, and evaluate the audit evidence for the
purpose of reporting on the group financial statements. AU-C 600.A9 further indicates that auditors who do not meet the
definition of a member of the group engagement team are considered component auditors. Thus, if all of the auditors
participating in an audit of group financial statements are members of the group engagement team, there are no component
auditors. That may be the case, for example, when a single-office firm performs the entire group audit. Accordingly, the
authors believe the provisions of AU-C 600 do not need to be applied when members of the same office of a firm, working
together as a collective engagement team, perform the entire audit of an entity with one or more components. Other
definitions related to group audits are explained at relevant points in the discussion.
904.7 Objectives. The objectives of the auditor of group financial statements are to do the following:
Determine whether to act as the auditor of group financial statements.
Determine whether to make reference to the audit of a component auditor in the auditors report on group financial
statements.
Communicate clearly with component auditors.
Obtain sufficient appropriate evidence about the financial information of the components and the consolidation
process.
Exhibit 9-2
Requirements for Audits of Group Financial Statements(Including the Work of Component Auditors)Effective for
Audits of Periods Ending on or after December 15, 2012
AU-C
Reference
Guide
Reference
Practice
Aids
Responsibilities of the Group Engagement Partner
Assume responsibility for (1) the direction, supervision, and performance
of the group audit in accordance with professional standards, applicable
legal and regulatory requirements, and the firms quality control policies,
and (2) determining whether the auditors report is appropriate in the
circumstances.
AU-C 600.13 ASB-CX-14
Determine whether it is reasonable to expect that sufficient appropriate
audit evidence can be obtained regarding the consolidation process and
the financial information of the components on which to base the opinion.
AU-C 600.14 ASB-CX-1.1
Evaluate whether the group engagement team will be able to obtain
sufficient appropriate audit evidence, through its work or use of the work of
component auditors (that is, by assuming responsibility for the work of
component auditors or by making reference to a component auditor in the
auditors report), to act as the auditor of and report on the group financial
AU-C 600.15 ASB-CX-1.1
AU-C
Reference
Guide
Reference
Practice
Aids
statements.
Review and approve the overall group audit strategy and group audit plan. AU-C 600.19 ASB-AP-1
After gaining an understanding of each component auditor, decide
whether to make reference to a component auditor in the auditors report
on the group financial statements.
AU-C 600.24 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
ASB-CX-11.6
Evaluate the effect on the group audit opinion of any uncorrected
misstatements and any inability to obtain sufficient appropriate audit
evidence.
AU-C 600.44 ASB-CX-14
Responsibilities of the Group Auditor (Firm)
If it will not be possible, due to restrictions imposed by management, to
obtain sufficient appropriate audit evidence, and the possible effect of that
inability will result in a disclaimer of opinion on the group financial
statements:
1. in the case of a new engagement, do not accept the engagement,
2. in the case of a continuing engagement, withdraw from the
engagement, or
3. when the entity is required by law or regulation to have an audit,
disclaim an opinion on the group financial statements.
AU-C 600.16 ASB-CX-1.1
Agree upon the terms of the group audit engagement. AU-C 600.17 ASB-CL-1.1
Do not make reference to a component auditor in the auditors report on
the group financial statements unless:
1. the components financial statements are prepared using the same
financial reporting framework as the group financial statements,
2. the component auditor performed an audit of the components
financial statements in accordance with GAAS, and
3. the component auditor issued an unrestricted report.
AU-C 600.25 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
When a decision has been made to make reference to a component
auditor in the auditors report on the group financial statements, clearly
indicate in the report that the component was not audited by the group
auditor but was audited by the component auditor, and include the
magnitude of the portion of the financial statements audited by the
component auditor.
AU-C 600.27 Not included in
this Guide
a
If a decision is made to name a component auditor in the auditors report
on the group financial statements:
1. Obtain the component auditors express permission.
2. Present the component auditors report together with the auditors
report on the group financial statements.
this Guide
a
If the opinion of a component auditor is modified or the report includes an
emphasis-of-matter or other-matter paragraph, determine the effect that
this may have on the auditors report on the group financial statements.
When appropriate, modify the opinion on the group financial statements or
include an emphasis-of-matter or other-matter paragraph in the auditors
this Guide
a
AU-C
Reference
Guide
Reference
Practice
Aids
If a decision is made to assume responsibility for work of a component
auditor, do not make reference to the component auditor in the auditors
this Guide
a
Responsibilities of the Group Engagement Team
For purposes of determining whether sufficient appropriate audit evidence
can be obtained, obtain an understanding of the group, its components,
and their environments sufficient to identify components that are likely to
be significant.
AU-C 600.14 ASB-CX-1.1
Establish an overall group audit strategy and develop a group audit plan.
In developing the group audit plan, assess the extent to which the work of
component auditors will be used and whether the auditors report on the
group financial statements will make reference to a component auditor.
In connection with identifying and assessing the risks of material
misstatement through obtaining an understanding of the entity and its
environment:
1. Enhance the understanding of the group, its components, and their
environments, including group-wide controls, obtained during
acceptance or continuance.
2. Obtain an understanding of the consolidation process, including the
instructions issued by group management to components.
AU-C 600.20 ASB-CX-3
ASB-CX-4
Obtain an understanding that is sufficient to:
1. Confirm or revise the initial identification of significant components.
2. Assess the risks of material misstatement of the group financial
statements.
AU-C 600.21 ASB-CX-7.1
ASB-CX-11.6
Regardless of whether reference to a component auditor will be made in
the auditors report, obtain an understanding of the following:
1. Whether the component auditor understands and will comply with
relevant ethical requirements and is independent.
2. The component auditors professional competence.
3. The extent of the group engagement teams involvement in the work
of the component auditor.
4. Whether the group engagement team will be able to obtain
information affecting the consolidation process from the component
auditor.
5. Whether the component auditor operates in a regulatory environment
that actively oversees auditors.
AU-C 600.22 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
ASB-CL-14.6
ASB-CL-14.7
When a component auditor does not meet relevant independence
requirements or there are serious concerns about compliance with ethical
requirements or professional competence, obtain sufficient appropriate
audit evidence about the financial information of the component without
making reference to the component auditor in the auditors report or
otherwise using the component auditors work.
AU-C 600.23 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
When a decision has been made to make reference to a component
auditor in the auditors report, obtain sufficient appropriate audit evidence
about the component by performing the following procedures:
1. The procedures required by AU-C 600, except for the additional
AU-C 600.26 ASB-AP-1,
Audits of
Group Financial
StatementsPe
AU-C
Reference
Guide
Reference
Practice
Aids
procedures required when assuming responsibility for the component
auditors work.
2. Reading the components financial statements and the component
auditors report to identify significant findings and issues and, when
considered necessary, communicating with the component auditor
about those matters.
riods Ending on
or after
December 15,
2012
Determine the following:
1. Materiality, including performance materiality, for the group financial
2. Materiality for particular classes of transactions, account balances, or
disclosures when such items exist in the group financial statements
for which misstatements of lesser amounts than materiality for the
group financial statements as a whole could reasonably be expected
to influence the economic decisions of users taken on the basis of the
3. Component materiality for those components that will be audited or
reviewed. Determine component materiality taking into account all
components, regardless of whether reference is made to the audit of
a component auditor. Determine component materiality in an amount
lower than materiality for the group financial statements as a whole,
and component performance materiality in an amount lower than
performance materiality for the group financial statements as a whole.
4. The threshold for trivial misstatements.
AU-C 600.31 ASB-CX-2.1
ASB-CX-2.2
Test, or have a component auditor test, the operating effectiveness of
controls if the nature, timing, and extent of the work to be performed on
the consolidation process or the financial information of the components
are based on an expectation that groupwide controls are operating
effectively or when substantive procedures alone will not provide sufficient
appropriate audit evidence.
Design and perform further audit procedures on the consolidation process
to respond to the assessed risks of material misstatement of the group
financial statements arising from that process, including evaluating
whether all components have been included in the group financial
statements.
Evaluate the appropriateness, completeness, and accuracy of
consolidation adjustments and reclassifications and evaluate the existence
of any fraud risk factors or indicators of possible management bias.
If the financial information of a component has not been prepared in
accordance with the same accounting policies as the group financial
statements, evaluate whether the components financial information has
been appropriately adjusted for purposes of the preparation and fair
presentation of the group financial statements.
Determine whether the financial information identified in the component
auditors communication as the information on which they are reporting is
the financial information incorporated in the group financial statements.
If the group financial statements include the financial statements of a
component with a different periodend, evaluate whether appropriate
adjustments have been made to those financial statements.
When a component is audited, perform procedures designed to identify
events at the component occurring between the date of the components
ASB-CL-14.8
AU-C
Reference
Guide
Reference
Practice
Aids
financial information and the date of the auditors report on the group
financial statements that may require adjustment to, or disclosure in, the
group financial statements. (These procedures may be performed by the
group auditor or the component auditor.)
ASB-CL-14.9
Communicate requirements to the component auditor on a timely basis,
including:
1. A request that the component auditor confirm that they will cooperate
with the group engagement team.
2. The relevant ethical requirements and, in particular, the
independence requirements.
3. A list of related parties. Also (1) request the component auditor to
communicate on a timely basis related parties not previously
identified and (2) identify those additional related parties to other
component auditors.
4. Significant risks of material misstatement of the group financial
statements that are relevant to the work of the component auditor.
AU-C 600.40 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
ASB-CL-14.8
ASB-CL-14.9
Request a component auditor to communicate matters relevant to
concluding on the group audit, including:
1. Whether the component auditor has complied with relevant ethical
requirements, including independence and professional competence.
2. Identification of the financial information of the component on which
the component auditor is reporting.
3. The component auditors overall findings, conclusions, or opinion.
AU-C 600.41 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
ASB-CL-14.8
ASB-CL-14.9
Evaluate the component auditors communication and discuss significant
findings and issues arising from that evaluation with the component
auditor, component management, or group management.
AU-C 600.42 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
Evaluate whether sufficient appropriate audit evidence on which to base
the group audit opinion has been obtained from the audit procedures
performed on the consolidation process and the work performed on the
financial information of the components.
AU-C 600.43 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
Communicate to group management and those charged with governance
of the group material weaknesses and significant deficiencies in internal
control that are relevant to the group.
If fraud has been identified or information indicates that fraud may exist,
communicate this on a timely basis to the appropriate level of group
management.
AU-C 600.46 ASB-AP-2,
Potential Fraud
or Violation of
Laws or
Regulations
AU-C
Reference
Guide
Reference
Practice
Aids
When a component auditor has been engaged to express an opinion on
the components financial statements, request group management to
inform component management of matters of which the group
engagement team becomes aware that may be significant to the financial
statements of the component, but of which component management may
be unaware. If group management refuses, discuss the matter with those
charged with governance of the group. If the matter remains unresolved,
consider whether to advise the component auditor not to issue the
auditors report on the financial statements of the component until the
matter is resolved and whether to withdraw from the engagement.
AU-C 600.47 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
Communicate the following matters with those charged with governance of
the group:
1. An overview of the type of work to be performed on the financial
information of components, including the basis for the decision to
make reference to a component auditor in the auditors report on the
2. An overview of the nature of the group engagement teams planned
involvement in the work of the component auditors on significant
components.
3. Instances in which the group engagement teams evaluation of the
work of a component auditor gave rise to a concern about the quality
of that auditors work.
4. Any limitations on the group audit.
5. Fraud or suspected fraud involving (a) group management, (b)
component management, (c) employees who have significant roles in
groupwide controls, or (d) others in which a material misstatement of
the group financial statements has or may have resulted from fraud.
AU-C 600.48 ASB-AP-2,
Potential Fraud
or Violation of
Laws or
Regulations
ASB-CL-5.1
ASB-CL-5.2
1. An analysis of components indicating those that are significant and
the type of work performed on the financial information of the
components.
2. Components for which reference to the reports of component
auditors were made in the auditors report on the group financial
statements.
3. Written communications between the group engagement team and
the component auditors about the group engagement teams
requirements.
4. For components for which reference is made to a component auditor
in the auditors report on the group financial statements, the financial
statements of the component and the component auditors report.
AU-C 600.49 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
ASB-CX-11.6
ASB-CL-14.6
through
ASB-CL-14.9
Additional Requirements When Assuming Responsibility for the Work
of a Component Auditor
Evaluate the appropriateness of performance materiality at the component
level.
AU-C 600.50 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
AU-C
Reference
Guide
Reference
Practice
Aids
Determine the type of work to be performed by the group engagement
team or by component auditors on the financial information of the
components and the nature, timing, and extent of involvement in the work
of component auditors.
AU-C 600.51 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
For a component that is significant because of its individual financial
significance to the group, perform an audit of the components financial
information using component materiality.
AU-C 600.52 ASB-CX-11.6
For a component that is significant not because of its individual financial
significance but because it is likely to include significant risks of material
misstatement of the group financial statements, perform one or more of
the following:
1. An audit of the components financial information using component
materiality.
2. An audit of one or more account balances, classes of transactions, or
disclosures relating to the likely significant risks of material
misstatement of the group financial statements.
3. Specified audit procedures relating to the likely significant risks of
material misstatement of the group financial statements.
AU-C 600.53 ASB-CX-11.6
Perform analytical procedures at the group level for components that are
not significant.
AU-C 600.54 ASB-CX-11.6
If sufficient appropriate audit evidence on which to base the group audit
opinion will not be obtained from the work performed on significant
components, the work performed on groupwide controls and the
consolidation process, and the analytical procedures performed at the
group level, select additional components that are not significant and
perform, or request a component auditor to perform, one or more of the
following:
1. An audit of the components financial information using component
materiality.
2. An audit of one or more account balances, classes of transactions, or
disclosures.
3. A review of the components financial information using component
materiality.
4. Specified audit procedures.
Vary the selection of such individual components over a period of
time.
AU-C 600.55 ASB-CX-11.6
When a component auditor performs an audit or other specified audit
procedures on a significant component, be involved in the risk assessment
of the component to identify significant risks of material misstatement of
the group financial statements, including the following:
1. Discussing with the component auditor or component management
the components significant business activities.
2. Discussing with the component auditor the susceptibility of the
component to material misstatement due to fraud or error.
3. Reviewing the component auditors documentation of significant risks
AU-C 600.56 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
AU-C
Reference
Guide
Reference
Practice
Aids
of material misstatement of the group financial statements.
When significant risks of material misstatement of the group financial
statements have been identified in a component, evaluate the
appropriateness of the further audit procedures to be performed to
respond to the significant risks. Determine whether it is necessary to be
involved in the further audit procedures.
AU-C 600.57 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
When component auditors perform work other than audits of a
components financial information, request the component auditors to
notify the group engagement team if they become aware of events
occurring between the date of the components financial information and
the date of the auditors report on the group financial statements that may
require an adjustment to, or disclosure in, the group financial statements.
AU-C 600.58 ASB-CL-14.9
Communicate the work to be performed and the form and content of the
component auditors communication with the group engagement team.
Also communicate, in the case of an audit or review of the components
financial information, component materiality (and any amounts lower than
component materiality for particular classes of transactions, account
balances, or disclosures) and the threshold for trivial misstatements.
AU-C 600.59 ASB-CL-14.9
Request communication from the component auditor about the following:
1. Whether the component auditor complied with the group
engagement teams requirements.
2. Information about instances of noncompliance with laws or
regulations at the component or group level that could result in a
3. Significant risks of material misstatement of the group financial
statements identified by the component auditor in the component and
the component auditors response. Request the component auditor to
communicate significant risks on a timely basis.
4. A list of corrected and uncorrected misstatements of the components
financial information.
5. Indicators of possible management bias in accounting estimates and
the application of accounting principles.
6. Description of material weaknesses and significant deficiencies in
internal control at the component level.
7. Other significant findings and issues that the component auditor
communicated or expects to communicate to those charged with
governance of the component, including fraud or suspected fraud
involving (a) component management, (b) employees who have
significant roles in internal control at the component, or others that
resulted in a material misstatement of the components financial
information.
8. Any other matters that may be relevant to the group audit or that the
component auditor wishes to bring to the attention of the group
engagement team, including exceptions in the written representations
that the component auditor requested from component management.
AU-C 600.60 ASB-CL-14.9
After evaluating a component auditors communication, determine whether
it is necessary to review other relevant parts of a component auditors
AU-C 600.61 ASB-AP-1,
Audits of
AU-C
Reference
Guide
Reference
Practice
Aids
audit documentation. Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
If the work of a component auditor is considered insufficient, determine
additional procedures to be performed and whether they should be
performed by the component auditor or by the group engagement team.
AU-C 600.62 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
Determine which material weaknesses and significant deficiencies in
internal control that component auditors have brought to the attention of
the group engagement team should be communicated to group
management and those charged with governance of the group.
Document the nature, timing, and extent of the group engagement teams
involvement in the work performed by component auditors on significant
components, including the group engagement teams review of relevant
parts of the component auditors audit documentation and conclusions.
AU-C 600.64 ASB-AP-1,
Audits of
Group Financial
StatementsPe
riods Ending on
or after
December 15,
2012
Note:
a
PPCs Guide to Auditors Reports provides guidance and report examples for group audits, including how to make
reference to a component auditor in the auditors report on group financial statements, how to report when the
component auditors opinion is modified or their report includes an emphasis-of-matter or other-matter paragraph that
affects the auditors report on the group financial statements, and how to report when a component auditor is named in
the auditors report on the group financial statements.
* * *
Determining Whether to Act as the Auditor of Group Financial Statements
904.9 AU-C 600.14 indicates that the group engagement partner should determine whether sufficient appropriate audit
evidence can reasonably be expected to be obtained regarding the consolidation process and the financial information of the
components on which to base the group audit opinion. To make this determination, the group engagement team should
obtain an understanding of the group, its components, and their environments sufficient to identify components that are likely
to be significant components.
904.10 A significant component, according to AU-C 600.11 is one that
a. is of individual financial significance to the group, or
b. due to its specific nature or circumstances, is likely to include significant risks of material misstatement of the group
The identification of components that are likely to be significant components is preliminary based on the initial understanding
and is either confirmed or revised when the auditor later enhances this understanding by performing additional risk
assessment procedures.
904.11 In making the determination to act as group auditor, the group engagement partner evaluates whether sufficient
appropriate evidence can be obtained through the engagement teams own work or using the work of component
auditorseither by assuming responsibility for their work or through making reference to them. In deciding whether to act as
group auditor, relevant factors include the materiality of the portion of the financial statements to be audited in comparison
with the portion to be audited by component auditors, the extent of knowledge of the overall financial statements, and the
extent to which significant risks of material misstatement of the group financial statements are included in components
audited by component auditors.
Determining Whether to Make Reference to the Audit of a Component Auditor
904.12 AU-C 600.22 indicates that regardless of the decision concerning reference, the auditor should obtain an
understanding of a component auditor. That understanding should include the following:
The component auditors understanding of and willingness to comply with relevant ethical requirements, including
independence requirements.
The component auditors professional competence.
The extent of involvement the group engagement team will be able to have in the work of the component auditor.
The ability of the group engagement team to obtain information affecting the consolidation process from a
component auditor.
The extent to which the component auditor operates in a regulatory environment that actively oversees auditors.
904.13 In the initial year, information about the component auditor may be obtained by communicating with the component
auditor (see ASB-CL-14.6 and ASB-CL-14.7); visiting the component auditor; reviewing peer review or inspection reports; or
inquiring of other auditors, bankers, or creditors about the component auditors professional reputation and standing.
Information about competence may also be obtained from the AICPA, state licensing boards, state societies of CPAs, or other
professional organizations. After the initial year, this understanding may be based on previous experience with the component
auditor, and the component auditor may be requested to confirm whether anything has changed. Naturally, when a
component auditor is another domestic office of the same firm, this information will generally be known, and obtaining the
understanding about independence and competence may be limited to reviewing the results of quality control monitoring (for
example, monitoring of independence and continuing professional education).
904.14 AU-C 600.23 and 600.25 indicate that reference to the audit of a component auditor should not be made unless all of
the following conditions are met:
The component auditor understands and will comply with independence and other ethical requirements.
The component auditor is competent.
The components financial statements are prepared on the same accounting basis as the group financial statements
(for example, GAAP or an OCBOA).
The component auditors report is unrestricted.
If the component auditor does not meet independence requirements or there are serious concerns about competence, the
auditor should not make reference to the component auditor or otherwise make use of the work of that component auditor. A
component auditors lack of industry-specific knowledge or other less serious concerns about competence do not preclude
making reference to the component auditor if the concerns can be overcome by the group auditor being more involved in the
component auditors work or performing additional procedures on the components financial information.
904.15 The decision about whether to make reference to the work of a component auditor can be documented at
ASB-CX-11.6. When there are two or more component auditors, the decision to make reference is made individually for each
one. For example, the auditor may decide to assume responsibility for the work of a component auditor that is a member of
the same firm or a network firm, but to make reference to the work of a component auditor from another firm.
904.16 Other than the requirements explained in paragraph 904.14, AU-C 600 does not provide any additional guidance on
when to make reference. Some practical considerations relevant to this decision are legal liability and client expectations.
Other things remaining equal, legal exposure and potential liability is generally regarded as lower when reference is made.
Client expectations relate to total audit cost and perception of an auditors report that makes reference. Total audit costs
would normally be expected to be greater when reference is not made. On the other hand, even though the auditors report
that makes reference is an unmodified opinion, some clients find the report to be less desirable than a standard auditors
report. Unless the client objects, if the conditions for making reference are met, the authors recommend making reference for
efficiency reasons.
Communications with Component Auditors
904.17 AU-C 600 emphasizes the importance of effective two-way communication between the group auditor and
component auditors. It provides specific requirements about information that should be obtained from component auditors
and information that should be provided to component auditors. When making reference to a component auditor, the
communications generally are as follows:
Communication about the matters in paragraph 904.14.
Communication of requirements to the component auditor, including
a request for cooperation that specifies the context in which their work will be used,
a list of known related parties and a request for notification about other unidentified related parties,
identified significant risks of material misstatement of the group financial statements that are relevant to their
work, and
a request for notification of subsequent events that may require adjustment to, or disclosure in, the group
Communication of findings from the component auditor, including the financial statements and their auditors report.
Communications with component auditors when reference will be made are provided at ASB-CL-14.6 and ASB-CL-14.8. If
there are no findings to report (such as previously unidentified related parties or subsequent events) the communication from
the component auditor to whom reference will be made may consist of a transmittal of the financial statements and their
auditors report.
904.18 When assuming responsibility for the work of a component auditor, the communications are more extensive and
generally include the following:
Communication about competence and compliance with independence and other ethical requirements.
Communication of requirements to the component auditor, including
a request for cooperation that specifies the context in which their work will be used,
the work to be performed,
the form and content of their expected communication,
in the case of an audit or review, component materiality; materiality for particular account balances, transaction
classes, or disclosures (if applicable); and the threshold for trivial misstatements,
a list of known related parties and a request for notification about other unidentified related parties,
identified significant risks of material misstatement of the group financial statements that are relevant to their
work, and
a request for notification of subsequent events that may require adjustment to, or disclosure in, the group
Communication of findings and conclusions from the component auditor that identifies the financial information
about which they are communicating and indicates
whether they complied with the group auditors requirements,
material noncompliance with laws and regulations,
significant risks of material misstatement of the group financial statements identified by them and their
responses,
corrected and uncorrected misstatements that exceed the threshold for trivial misstatements,
indicators of possible management bias in accounting estimates and the application of accounting principles,
material weaknesses and significant deficiencies in internal control at the component,
other significant findings or issues, such as fraud or suspected fraud, that will be communicated to those
charged with governance of the component, and
any other matters relevant to the group audit, including exceptions to component management representations.
Communication about competence and compliance with independence and other ethical requirements to obtain an
understanding of the component auditor often takes the form of a confirmation (see ASB-CL-14.7). The group engagement
teams requirements are often communicated in a letter of instructions (see ASB-CL-14.9). A component auditors
communication often takes the form of a memo or report of work performed.
904.19 Communication does not have to be in writing. For example, it could be accomplished orally or by reviewing the
component auditors audit documentation, which would ordinarily be made available as part of cooperating with the group
auditor. Any written communications should be included in the workpapers. In addition, the components financial statements
and auditors report, if applicable, should be included in the workpapers. In the absence of written communication, the
requirement to document the nature, timing, and extent of involvement in the component auditors work, including the review
of their documentation and conclusions thereon, as well as general requirements for audit documentation apply.
904.20 The group auditor should read the components financial statements and auditors report, if applicable; evaluate other
communications received from component auditors; and discuss significant findings and issues with the component auditor,
component management, or group management, as appropriate.
904.21 Communication with the group auditor about matters of significance to the component may be initiated by the
component auditor. Such matters may include (a) transactions, adjustments, or other matters that have come to the group
engagement teams attention that may require adjustment to or disclosure in the components financial statements or (b)
limitations on the scope of the group audit that relate to the components financial statements or that limit the group auditors
ability to respond to the component auditors inquiries. The letters at ASB-CL-14.3 and ASB-CL-14.4 can be used to make and
respond to these inquiries.
Obtaining Sufficient Appropriate Evidence on Group Financial Statements
904.22 A group audit, as explained in paragraph 904.3, involves the same steps as other GAAS audits. In a group audit,
however, there are several matters with respect to audit work performed that are in addition to or an expansion of audit work
in a GAAS audit. These matters include the following:
Obtaining an understanding of group-wide controls.
Obtaining an understanding of the consolidation process.
Determining component materiality.
Other procedures when assuming responsibility for the work of component auditors.
904.23 Group-wide Controls. These are controls designed, implemented, and maintained by group management over
group financial reporting. This understanding is obtained as part of understanding the group, its components, and their
environment using ASB-CX-4.1 and ASB-CX-4.2. According to AU-C 600.32, if the nature, timing, and extent of the work to be
performed on the consolidation process are based on an expectation that group-wide controls are operating effectively, those
controls should be tested. The tests can be performed by the group engagement team or by a component auditor on the
teams behalf.
904.24 Consolidation Process. The group engagement team should obtain an understanding of the consolidation process
for preparing the group financial statements, including the instructions issued by group management to components. As part
of that understanding, the group auditor considers whether the reporting instructions issued to components are clear and
whether they (a) adequately describe the accounting policies to be followed, (b) address disclosures needed to comply with
GAAP, (c) provide a means of identifying intercompany balances and transactions, and (d) require approval of financial
information by component management. The understanding is obtained when completing ASB-CX-4.2.
904.25 The group engagement team also should do the following:
Design and perform further audit procedures on the consolidation process to respond to assessed risks of material
misstatement of the group financial statements arising from the consolidation process.
Evaluate whether all components have been included in the group financial statements.
Evaluate the appropriateness, completeness, and accuracy of consolidation adjustments and reclassifications.
Evaluate whether any fraud risk factors or indicators of possible management bias exist.
Determine whether the financial information identified in the component auditors communication is the information
incorporated in the consolidation.
Determine whether appropriate adjustments have been made when the financial information of a component is not
prepared on the same accounting basis as the group financial statement or when the component has a year-end
that differs from the groups year-end.
These additional procedures are performed using the tests for investments accounted for by the equity or consolidation
method in the audit program at ASB-AP-8.
904.26 Component Materiality. The group auditor should determine component materiality for those components on which
the group engagement team will perform (or request a component auditor to perform) an audit or review of component
financial information. However, when a separate auditors report will be issued on the financial statements of a component
(regardless of whether reference will be made), it can ordinarily be expected that the materiality amount determined by the
component auditor for purposes of the separate report will be acceptable for purposes of the group audit. Thus, when a
separate report on the financial statements of component will be issued by a component auditor, the group auditor is not
responsible for determining component materiality.
904.27 AU-C 600.31 explains that component materiality should be determined taking into account all components,
regardless of whether reference is made to a component auditor. AU-C 600 also specifies that:
Component materiality should be lower than the materiality for the group financial statements as a whole.
Component performance materiality should be lower than performance materiality for the group financial statements
as a whole.
Different component materiality amounts may be established for different components.
The aggregate of component materiality may exceed group materiality.
904.28 In other words, component materiality need not be determined based on the ratio of each components benchmark
(such as total assets or total revenue) to the group benchmark, that is, based on a straight allocation of group materiality.
However, AU-C 600 does not provide specific guidance about how to determine component materiality. In an audit of group
financial statements, the authors believe the auditor should consider the following amounts when determining component
materiality:
Group materiality.
Adjusted group materiality.
Separate component materiality.
Based on those amounts, and considering the auditoris reporting responsibilities; the number, size, and nature of
components; and client expectations, the auditor applies judgment to determine an appropriate amount for component
materiality. As discussed in the following paragraphs, group materiality would typically be considered the ceiling for
component materiality, and separate component materiality would typically be considered the floor.
904.29 Group Materiality. Group materiality is determined based on the consolidated financial statements (that is, auditors
use a consolidated benchmark such as consolidated total assets or consolidated total revenues). When audit procedures are
performed for every component, conceptually that amount may also be used for component materiality, and group
performance materiality (tolerable misstatement) can be used to determine the scope of audit procedures to be applied to
specific account balances or transaction classes at each component. This is because, using the audit approach in this Guide,
which is based on MUS sampling, the consolidated financial statements are considered a single population of dollars and the
auditor is testing the entire population to the precision of tolerable misstatement. Therefore, there is no need to allocate
materiality. However, auditing standards specifically require component materiality to be lower than the materiality for the
group financial statements as a whole. Group materiality may, therefore, be viewed as the ceiling for component materiality,
but an adjusted materiality amount should be considered.
904.30 Adjusted Group Materiality. The authors believe an adjusted group materiality amount can be used as a guide for
determining component materiality. Adjusted group materiality is an amount lower than group materiality based on the
relative size of all components audited (including components for which reference is made) to the group.
904.31 The following formula can be used to determine adjusted group materiality:
Use of this formula will result in lower materiality levels for determining the extent of detailed audit procedures at the
components selected for audit. Although the authorsi approach, as discussed in paragraph 904.27, is to apply judgment
when determining an appropriate amount for component materiality, if the auditor is not comfortable using a judgmentally
determined component materiality, then using adjusted group materiality is acceptable (and conservative, thus, possibly
resulting in overauditing).
904.32 Separate Component Materiality. In some cases, the auditor may be expressing an opinion on the consolidated
financial statements and issuing a separate opinion on one or more subsidiaries. In that situation, in addition to determining
group materiality and group performance materiality (tolerable misstatement), separate materiality levels should be
determined based on the financial statements of each component for which a separate report will be issued.
904.33 Separate component materiality should not exceed group materiality. This could be a concern if, for example, group
materiality is based on revenues and the auditor is issuing a separate report on a subsidiary with significant intercompany
sales. Because the intercompany sales are eliminated for the consolidated financial statements, group materiality could be
less than the separate componentis materiality. This could also be the case if, for example, group materiality is based on
assets and a subsidiary has significant intercompany receivables. To ensure sufficient procedures are performed to support
the auditoris opinion on the group financial statements, the auditor should not use an amount greater than group materiality
at the subsidiary being reported on separately. Also, auditing standards specifically require component materiality to be less
than group materiality.
904.34 Generally, separate component materiality is the lowest amount that would be used (the floor) for component
materiality. However, when a separate report will not be issued for a component, using this amount for component materiality
may result in overauditing at the group level.
904.35 Other Considerations. As indicated in paragraph 904.27, when a component is audited for reasons other than its
inclusion in the financial statements of the group, for example, because its debt agreements require audited financial
statements, it can ordinarily be expected that the level of materiality determined by the component auditor for purposes of that
audit will be less than group materiality and, therefore, acceptable for the group audit. However, an equity method investee
may be larger than the investor and, consequently, the materiality used by the investees auditor may be larger than group
materiality. In that case, the auditor considers the investors ownership percentage and share of profits and losses when
evaluating whether there are potential issues with respect to component materiality.
904.36 Auditors also need to consider client expectations when determining the amount of audit effort for each component.
In some cases, the client may expect audit procedures that are sufficient for expressing an opinion on financial statements of
the components even though the auditor is only reporting on the group financial statements. In addition, the client may
request that the auditor perform procedures regardless of materiality or the likelihood of material misstatements. Nothing
precludes the auditor from doing more work than the minimum necessary to report on the group financial statements. It is
important that the auditor gain an understanding of the level of service expected by the client during the pre-engagement
planning process.
904.37 As mentioned in paragraph 904.27, component materiality only has to be determined for component financial
information that will be subject to audit or review. In other words, if the only procedures that will be applied to component
financial information are analytical procedures at the group level, then component materiality need not be determined for
those components. AU-C 600.54 indicates that the group engagement team should perform analytical procedures at the
group level for all components that are not significant components. Thus, component materiality only needs to be determined
for significant components, unless, in accordance with AU-C 600.55, the auditor determines that sufficient appropriate
evidence will not be obtained without performing an audit or review at additional components that are not significant
components.
904.38 When the procedures to be performed at a component consist of an audit of specified elements or specified audit
procedures directed at specific risks of material misstatement, the component materiality communicated to the component
auditor may be the component materiality for particular account balances, transaction classes, or disclosures. In addition, the
auditor needs to communicate to component auditors a threshold for clearly trivial misstatements that do not need to be
reported to the group auditor. The Component Materiality Worksheet at ASB-CX-2.2 can be used to determine and
document component materiality.
904.39 Additional Procedures When Assuming Responsibility for the Work of Component Auditors. If the group
engagement partner has decided to assume responsibility for the work of a component auditor, then the additional
requirements in Exhibit 9-3 apply.
904.40 When assuming responsibility for the work of component auditors, the group auditor is responsible for determining
the type of work that component auditors should perform. For components that are financially significant to the group, AU-C
600.52 indicates that the type of work should be an audit of component financial information (adapted as necessary) using
component materiality. Such an audit may also be performed on components that are not financially significant, as necessary
to obtain sufficient audit evidence for the group financial statements. Because a complete set of component financial
statements, including all disclosures, ordinarily is not prepared unless it is required for external reporting, AU-C 600 refers to
an audit of financial information rather than an audit of financial statements. Typically, the parent entity provides instructions
to components specifying the financial information that is needed for the group financial statements, and may also provide
standard formats for accumulating that information. For example, the component may be requested to provide trial balance
information summarized into financial statement account groupings; identification of intercompany account balances,
transactions, profits, or losses; and selected information for financial statement disclosures. In an audit of financial
information, that information is subjected to audit procedures in accordance with GAAS, using component materiality.
However, the audit may be adapted as necessary. That is, certain procedures that would ordinarily be performed in an audit
of financial statements, such as communicating with the entityis legal counsel, may not be necessary at the component level
because those communications will be made at the group level. The group auditor is responsible for communicating
instructions for the audit of financial information to the component auditor.
904.41 For components that are not significant, the group auditor may decide it is necessary to perform more than just
analytical procedures at the group level. One option is to perform, or have another auditor perform, a review of component
financial information in accordance with SSARS, using component materiality. As with an audit, the review may be adapted as
necessary in the circumstances. Because a review provides only limited assurance that there are no material modifications
that should be made to the financial information for it to be in accordance with GAAP, the group auditor may specify
additional procedures to supplement this work.
Exhibit 9-3
Additional Requirements of AU-C 600 When Assuming Responsibility for Work of a Component Auditor
1. Evaluate the appropriateness of performance materiality at the component level, that is, evaluate how the component
auditor applied component materiality to determine the scope of substantive procedures.
2. Determine the type of work to be performed (either by the group engagement team or by component auditors on their
behalf) on the financial information of components for which reference will not be made.
a. For components that are significant due to their financial significance to the group, the type of work should be an
audit of the financial information using component materiality (adapted as necessary).
b. For components that are significant because they are likely to include significant risks of material misstatement of
the group financial statements due to their specific nature or circumstances (rather than because of financial
significance), perform one or more of the following:
(1) An audit of the component financial information using component materiality (adapted as necessary).
(2) An audit of one or more account balances, classes of transactions, or disclosures relating to the likely
significant risks of material misstatement of the group financial statements (adapted as necessary).
(3) Specified audit procedures relating to the likely significant risks of material misstatement of the group financial
statements.
Adapted as necessary means the work may be modified to exclude some procedures that are performed at the
group level such as work on litigation, claims, and assessments.
c. For components that are not significant, perform analytical procedures at the group level. These procedures might
include scanning the account balances of the component to identify significant fluctuations and other analytical
procedures tailored to the nature and circumstances of the component. Any questions that arise from these
analytical procedures that cannot be resolved satisfactorily may require additional detailed audit procedures.
d. If sufficient appropriate evidence is not obtained from the work performed on significant components, analytical
procedures at the group level, and the work performed on group-wide controls and the consolidation process,
select additional components that are not significant and perform one or more of the following:
(1) An audit of the component financial information using component materiality (adapted as necessary).
(2) A review of the component financial information using component materiality (adapted as necessary).
(3) An audit of one or more account balances, classes of transactions, or disclosures (adapted as necessary).
(4) Specified audit procedures.
This may occur, for example, when several components are not individually significant to the group financial
statements but are material in the aggregate. The auditor should vary the selection of individual non-significant
components over a period of time.
3. When a component auditor performs work on the financial information of a significant component, involve the group
engagement team in the identification and assessment of significant risks of material misstatement of the group financial
statements. This involvement, at a minimum, should include the following:
a. Discuss the components business activities of significance to the group with the component auditor or component
management.
b. Discuss with the component auditor the susceptibility of the components financial information to material
c. Review the component auditors documentation of identified significant risks of material misstatement of the group
4. Evaluate the appropriateness of the component auditors planned audit procedures to respond to identified significant
risks of material misstatement of the group financial statements and determine whether it is necessary to be involved in
their performance.
5. Determine based on communications from the component auditor whether it is necessary to review other parts of the
component auditors audit documentation.
6. If the component auditors work is insufficient, perform additional procedures or request that the component auditor
perform them.
7. Determine which material weaknesses and significant deficiencies communicated by the component auditor should be
communicated to group management and those charged with governance.
8. Include the following in the group audit documentation:
a. The nature, timing, and extent of the group auditors involvement in the work performed by component auditors on
significant components.
b. If applicable, the review made of the component auditors audit documentation and conclusions thereon.
* * *
Other Considerations
904.42 AU-C 600 also establishes requirements in the following areas related to group audits:
How to make reference in the group auditors report to a component auditor.
What communications should be made to group management and those charged with governance.
What to document concerning the group audit.
904.43 Audit Reporting. If the group auditor decides to assume responsibility for work of a component auditor, then no
reference should be made to that auditors work in the auditoris report on the group financial statements. If the group auditor
decides to make reference, then according to AU-C 600.27, the report should clearly indicate that the component was not
audited by the group auditor, and should include the magnitude of the portion of the financial statements audited by the
component auditor. PPCs Guide to Auditors Reports provides additional guidance and report examples for group audits,
including how to make reference to a component auditor in the auditoris report on group financial statements, how to report
when the component auditors opinion is modified or their report includes an emphasis-of-matter or other-matter paragraph
that affects the auditors report on the group financial statements, and how to report when a component auditor is named in
the auditors report on the group financial statements.
904.44 Communications with Management and Those Charged with Governance. The group auditor should
communicate the following matters to group management:
Material weaknesses and significant deficiencies in internal control relevant to the group, whether identified by the
group engagement team or by component auditors.
Any fraud or indications of fraud identified by the group engagement team or brought to its attention by a
component auditor. (Communication should be made on a timely basis to an appropriate level of group
management.)
In addition, if information comes to the group engagement teams attention during the audit that may be significant to the
financial statements of a component being audited by a component auditor, but of which component management may not
be aware, the group auditor should ask group management to provide that information to component management. If
management refuses, the group auditor should discuss the matter with those charged with governance. If the matter remains
unresolved, the group auditor should consider whether to advise the component auditor not to issue their report until the
matter is resolved and whether to withdraw from the engagement.
904.45 The group auditor should communicate the following matters to those charged with governance, in addition to those
matters required by AU-C 260 (discussed in section 1815):
Material weaknesses and significant deficiencies in internal control that are relevant to the group.
An overview of the type of work to be performed on the financial information of components, including the basis for
a decision to make reference to a component auditor in the auditors report.
An overview of the engagement teams planned involvement in the work to be performed by component auditors on
significant components.
Any instances in which evaluation of the work of a component auditor raised concerns about the quality of that work.
Any limitations on the group audit, such as restricted access to information of components.
Actual or suspected fraud involving (a) group management, (b) component management, (c) employees who have
significant roles in group-wide controls, or (d) others where the fraud involves a material misstatement of the group
Any refusal by group management to discuss with component management a matter significant to the financial
statements of the component.
904.46 Group Audit Documentation. The group engagement team should include the following in its audit documentation:
a. An analysis of components indicating
(1) Significant components.
(2) The type of work performed on the financial information of components.
(3) The components for which reference is made in the group auditors report.
The worksheet at ASB-CX-11.6 can be used to document these matters.
b. Written communications between the group engagement team and component auditors.
c. The audited financial statements and component auditors report for any components for which reference is made.
d. When assuming responsibility for the work of a component auditor
(1) The nature, timing, and extent of the group auditors involvement in the work performed by component auditors
on significant components.
(2) If applicable, the review made of the component auditors audit documentation and conclusions thereon.
905 USE OF SERVICE ORGANIZATIONS
905.1 AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization,
4(62)
is applicable whenever a
service organization provides services that are part of the clients information system relevant to financial reporting by
affecting
a. how the clients transactions are initiated,
b. the accounting records, supporting information, and specific financial statement accounts involved in processing
and reporting the clients transactions,
c. the accounting processing involved from initiation of the clients transactions to their inclusion in the financial
statements, or
d. the financial reporting process used to prepare the clients financial statements.
AU-C 402 refers to the auditor who audits the financial statements of an entity that uses a service organization as the user
auditor. The auditor who reports on the controls of the service organization is referred to as the service auditor.
5(63)
In this
section, the authors generally refer to the user auditor as simply the auditor.
905.2 AU-C 402 emphasizes the importance of obtaining an understanding of how the entity uses the services of a service
organization and how those services and the activities of the service organization affect the risks of material misstatement.
The procedures to obtain that understanding include specifically reading the relevant contractual terms. For example, does
the agreement with a broker give discretion to the broker to initiate securities trades? The requirements emphasize obtaining a
broad and deep understanding of the role of the service organization in the user entitys financial reporting system and
making a rigorous assessment of information about the service organization, including a probing analysis of a service
auditors report if one is relied on by the user entitys auditor.
905.3 Objectives. The objectives of the auditor when the entity uses the services of a service organization are:
To obtain an understanding of the nature and significance of the services provided by the service organization, and
their effect on the user entitys internal control, sufficient to identify and assess the risks of material misstatement.
To design and perform audit procedures responsive to those risks.
Exhibit 9-4
Requirements for Use of Service Organizations
AU-C
Reference
Guide
Reference
Practice
Aids
When obtaining an understanding of the entity, obtain an understanding of
how the entity uses the services of a service organization in its operations,
including the following:
The nature of services provided by the service organization and their
significance to the user entity, including their effect on the user
entitys internal control.
The nature and materiality of the transactions processed or accounts
or financial reporting processes affected by the service organization.
The degree of interaction between the activities of the service
organization and those of the user entity.
The nature of the relationship between the user entity and the service
organization, including relevant contractual terms.
AU-C 402.09 ASB-CX-4.2.2
When obtaining an understanding of internal control, evaluate the design
and implementation of relevant controls at the user entity that relate to the
services provided by the service organization, including controls applied to
transactions processed by the service organization.
AU-C 402.10 ASB-CX-4.1
ASB-CX-4.2
Determine whether a sufficient understanding of the nature and
significance of the services provided by the service organization and their
effect on the user entitys internal control has been obtained to provide a
basis for identifying and assessing risks of material misstatement.
AU-C 402.11 ASB-CX-4.2.2
If unable to obtain a sufficient understanding from the user entity, obtain
that understanding from one or more of the following procedures:
Obtaining and reading a type 1 or type 2 report.
Contacting the service organization (through the user entity) to obtain
specific information.
Visiting the service organization and performing procedures that will
provide the necessary information.
AU-C 402.12 ASB-AP-1, Use
of Service
Organizations
AU-C
Reference
Guide
Reference
Practice
Aids
Using another auditor to perform procedures that will provide the
necessary information.
In determining the sufficiency and appropriateness of audit evidence
provided by a type 1 or type 2 service auditors report, be satisfied about
the following:
The service auditors professional competence and independence
from the service organization.
The adequacy of the standards under which the type 1 or type 2
report was issued.
of Service
Organizations
If a type 1 or type 2 report will be used as audit evidence to support the
user auditors understanding about the design and implementation of
controls at the service organization, do the following:
Evaluate whether a type 1 report is as of a date, or a type 2 report is
for a period, that is appropriate for the user auditors purposes.
Evaluate the sufficiency and appropriateness of evidence provided by
the report for the understanding of user entity controls.
Determine whether complementary user entity controls identified by
the service organization are relevant in addressing the risks of
material misstatement for relevant assertions in the user entitys
financial statements and, if so, obtain an understanding of whether
such controls have been designed and implemented.
of Service
Organizations
In responding to assessed risks of material misstatement
determine whether sufficient appropriate audit evidence about the
relevant financial statement assertions is available from records at the
user entity and, if not,
perform further audit procedures to obtain sufficient evidence or use
another auditor to perform those procedures at the service
organization.
of Service
Organizations
When reliance on controls at the service organization is planned, obtain
audit evidence about the operating effectiveness of those controls from
one or more of the following procedures:
Obtaining and reading a type 2 report.
Performing appropriate tests of controls at the service organization.
Using another auditor to perform tests of controls at the service
organization.
of Service
Organizations
If a type 2 report will be used as audit evidence that controls at the service
organization are operating effectively, determine whether it provides
sufficient appropriate audit evidence about the effectiveness of the
controls to support the user auditors risk assessment by:
Evaluating whether the type 2 report is for a period that is appropriate
for the user auditors purposes.
Determining whether complementary user entity controls identified by
the service organization are relevant in addressing the risks of
material misstatement for relevant assertions in the user entitys
financial statements and, if so, obtaining an understanding of whether
such controls have been designed and implemented and testing their
operating effectiveness.
Evaluating the adequacy of the time period covered by the tests of
controls and the time elapsed since the tests were performed.
Evaluating whether the tests of controls performed by the service
of Service
Organizations
AU-C
Reference
Guide
Reference
Practice
Aids
auditor and the results described in the service auditors report are
relevant to the assertions in the user entitys financial statements and
provide sufficient appropriate audit evidence to support the user
auditors risk assessment.
If a type 1 or a type 2 report that excludes the services provided by a
subservice organization will be used, and those services are relevant to
the audit of the user entitys financial statements, apply the requirements
of this standard with respect to the services provided by the subservice
organization.
of Service
Organizations
Inquire of user entity management about whether the service organization
has reported or the user entity is otherwise aware of, any fraud,
noncompliance with laws and regulations, or uncorrected misstatements
affecting the user entitys financial statements. Evaluate how those matters
affect the nature, timing, and extent of further audit procedures, including
the effect on the user auditors conclusions and report.
AU-C 402.19 ASB-CX-3.3
Modify the opinion in the user auditors report if unable to obtain sufficient
appropriate audit evidence about the services provided by the service
organization relevant to the audit of the user entitys financial statements.
this Guide
a
Do not refer to the work of a service auditor in a report containing an
unmodified opinion.
this Guide
a
If reference to the work of a service auditor is relevant to understanding a
modified opinion, indicate in the user auditors report that such reference
does not diminish the user auditors responsibility for the opinion.
this Guide
a
Note:
a
Making reference to the work of a service auditor in the user auditors report when relevant to understanding the reason
for a modified opinion is not permitted under the auditing standards in effect for audits or periods ending before
December 15, 2012. Auditors reports are discussed further in PPCs Guide to Auditors Reports.
* * *
Determining Whether a Services Organizations Services are Part of the Clients Information
System
905.5 AU-C 402 does not apply to a service organizations services that are not a part of the clients information system
relevant to financial reporting, and it may apply to some, but not all, of the services provided by a service organization. That
may occur, for example, in a directed investment arrangement under which a broker-dealer executes securities purchases
and sales at the direction of the client. Typically, those transactions are electronic transfers of shares that are in the
broker-dealers name, and the issuer of securities and its agents have no record of the clients involvement. Accordingly, the
broker-dealer provides only two servicesholding the securities and servicing the securities, as follows:
a. Holding the Securities. The broker-dealer acts as custodian for the clients shares since the clients interest in those
shares exists only in electronic form at the broker-dealer. That service is often referred to as holding securities. The
broker-dealer executes securities purchases and sales only at the direction of the client and the client maintains the
accounting records for those transactions. Therefore, in the circumstances of a directed investment arrangement,
the broker-dealers holding services are not part of the clients information system, and AU-C 402 does not apply to
them.
b. Servicing the Securities. Because the issuer and its agents have no record of the clients involvement, only the
broker-dealer can inform the client of corporate actions such as stock splits and dividends that affect the clients
investment. Those services are referred to as servicing securities and are part of the clients information system
because the broker-dealer provides all of the accounting information about those transactions. AU-C 402 therefore
applies to those services.
905.6 When the broker-dealer has discretion in trading securities, the situation is more complex and generally all of the
services should be considered part of the user entitys information system. In this situation, the broker-dealer initiates
transactions, holds securities, and services securities. Because all of the information available to the auditor is based on the
service organizations information, the auditor may be unable to sufficiently limit audit risk without obtaining audit evidence
about the operating effectiveness of one or more of the service organizations controls. For example, the auditor would be
concerned about whether the service organizations investment advisory department was independent of the holding and
servicing of securities, and whether the information about securities in these separate departments was independently
reconciled on a systematic and timely basis. Thus, all of the departments at the broker-dealer involved in the securities
transactions would be part of the user entitys information system relevant to financial reporting and the auditor would need to
understand the controls and assess risks of material misstatement.
Fraud, Noncompliance with Laws and Regulations, and Uncorrected Misstatements Related to
Activities at the Service Organization
905.7 For audits of periods ending on or after December 15, 2012, whenever the client uses the services of a service
organization that are part of its information system relevant to financial reporting, the auditor should inquire of client
management whether they are aware of any fraud, noncompliance with laws and regulations, or uncorrected misstatements
at the service organization that affect the financial statements of the user entity, either reported by the service organization or
otherwise known by the client. If such matters exist, the auditor should evaluate their impact on the nature, timing, and extent
of the auditors procedures, and on the auditors conclusions and report. If additional information from the service
organization is needed to make this evaluation, the client can be asked to coordinate obtaining the necessary information
from the service organization.
Obtaining an Understanding of the Service Organizations Services and Internal Control
905.8 When obtaining an understanding of the entity as discussed in Chapter 3, the auditor is required to understand how
the entity uses the service organization in its operations. This understanding includes:
a. The nature and significance of services provided by the service organization, including their effect on the entitys
internal control.
b. The nature and materiality of transactions processed or accounts or financial reporting processes affected by the
service organization.
c. The degree of interaction between the activities of the service organization and those of the entity.
d. The nature of the relationship between the entity and the service organization, including relevant contractual terms.
905.9 The understanding of the nature of services provided by the service organization can be obtained from a variety of
sources, including:
a. User manuals.
b. System overviews.
c. Technical manuals.
d. The contract or service level agreement between the client and the service organization.
e. Reports by service organizations, internal auditors, or regulatory authorities on the information system and other
controls placed in operation by the service organization.
f. Service auditor reports.
g. Inquiring of or observing personnel at the client or at the service organization.
In addition, if the services and the service organizations controls over those services are highly standardized, information
obtained through the auditors prior experience with the service organization may be helpful when obtaining the
understanding.
905.10 The auditor should determine the significance of service organization processing to the clients internal control over
financial reporting. Typically, in making a determination of whether service organization processing is significant to the client,
the auditor considers the interaction of the clients controls (user controls) with the service organization, the nature of the
services provided, and the nature and materiality of transactions processed by the service organization. The degree of
interaction between the activities of the service organization and those of the user entity refers to whether the client is able to
implement effective controls over transactions processed by the service organization.
905.11 AU-C 402 needs to be viewed together with, rather than separate from, AU-C 315, Understanding the Entity and Its
Environment and Assessing the Risks of Material Misstatement, as discussed in Chapter 3. The basic requirements for
consideration of controls are prescribed by AU-C 315. AU-C 402 only supplements that guidance to address situations when
the clients transactions are subject to a service organizations controls. For example, AU-C 402 does not change the basic
requirement of AU-C 315 to obtain an understanding of controls sufficient to assess the risk of material misstatement of the
financial statements and enable the auditor to
a. design tests of controls, when applicable, and
b. design substantive procedures.
Thus, when obtaining an understanding of internal control at the user entity, the auditor should evaluate the design and
implementation of relevant controls that relate to the services provided by the service organization, including controls applied
to transactions processed by the service organization.
905.12 Generally, if the client has effective controls, the service organizations controls over its services are not a significant
part of the controls over the cycle of initiating, recording, processing, and reporting transactions. The client is more likely to
have effective controls in place when it interacts with the service organization. To illustrate
a. In some situations, the clients interaction is low, and therefore the service organizations controls are the only
controls to which the transactions are subject. For example, in a discretionary investment arrangement, the service
organization may initiate securities transactions and the client may choose to rely entirely on the results reported by
the service organization rather than, for example, implementing monitoring controls. In that situation, the service
organizations controls are the only controls over the cycle.
b. In other situations, the client has a high degree of interaction and has effective controls over the cycle so that the
service organizations controls are redundant. For example, in the directed investment arrangement described in
paragraph 905.5, the client initiates transactions and may implement reconciliation controls. As another example, a
client that uses a service organization to process its payroll transactions, including the required tax filings, may
implement effective controls over those transactions through reconciliations and by testing the service organizations
calculations.
Obtaining an Understanding or Testing Service Organization Controls
905.13 AU-C 402.11 requires the auditor to ensure that he or she has obtained a sufficient understanding of the nature and
significance of services provided by a service organization and their effect on the clients internal control to provide a basis for
identifying and assessing risks of material misstatement. In some cases, the understanding obtained at the user entity as
described beginning in paragraph 905.8 may be sufficient for that purpose. That is, depending on the facts and
circumstances, the auditor may not need to obtain an understanding or test the service organizations controls in order to
assess the risk of material misstatement and plan and perform the audit. That may be, for example, because the client has
effective user controls and the services provided by the service organization are generally limited to processing and recording
the transactions, as contrasted to transaction initiation and authorization. In other situations, the nature of the services being
provided by the service organization do not affect the clients information system as discussed in paragraph 905.1. However,
the auditor needs to carefully consider the nature of the services to determine if there could be a potential impact on the
financial statements. For example, if a client is self-insured for health care benefits to employees and outsources the
administration function to a third-party service provider, the auditor may need to obtain an understanding of the service
organizations controls since there may be a risk of material understatement of the unpaid claim liability due to improper
processing.
905.14 In some cases, the auditor may be unable to obtain a sufficient understanding of the nature and significance of the
service organizations services and their impact on the clients internal control to identify and assess the risks of material
misstatement based only on information at the user entity. If the auditor is unable to obtain a sufficient understanding from the
user entity, the auditor is required to obtain the necessary understanding by performing one or more of the following
procedures:
a. Obtain and read a type 1 or type 2 report (see paragraph 905.20).
b. Obtain specific information by contacting the service organization through the user entity.
c. Visit the service organization and perform procedures to obtain the necessary information about relevant controls.
d. Use another auditor to perform procedures to obtain the necessary information.
905.15 The procedures that may be necessary are influenced by matters such as the following:
Size of the client and the service organization.
Complexity of the clientis transactions and of the services provided by the service organization.
Location of the service organization.
Effectiveness of the procedures in providing the auditor with sufficient appropriate audit evidence.
Nature of the relationship between the user entity and the service organization.
905.16 If the auditor plans to assess control risk at a low or moderate level for one or more financial statement assertions as
discussed in Chapter 4, the auditor should identify one or more controls over those assertions and gather audit evidence
about their operating effectiveness. Those may be client controls or service organization controls. For example, if a service
organization initiates trades for the client under a discretionary arrangement, all of the information available to the auditor is
based on the service organizations information. The auditor may be unable to sufficiently limit audit risk without obtaining
audit evidence about the operating effectiveness of one or more of the service organizations controls. An example of such
controls is establishing independent departments to provide the investment advisory services and the holding and servicing of
securities, then reconciling the information about the securities that is provided by each department.
905.17 Audit evidence about the operating effectiveness of service organization controls should be gathered through tests
performed by the user entitys auditor, or by an auditor engaged by either the user entitys auditor or the service
organization
a. as part of a type 2 engagement as described in SSAE No. 16 (AT 801),
b. as part of an agreed-upon procedures engagement, or
c. to work under the direction of the user entitys auditor.
905.18 If a type 2 report is not available and a determination has been made that a type 2 engagement is needed, contacting
the service organization to request that a service auditor be engaged needs to be coordinated through the client. If the user
auditor or another auditor engaged by the user auditor will perform the control tests, the auditor also needs to coordinate with
the client and the service organization to obtain permission.
905.19 A service organization may use another service organization, referred to as a subservice organization, to provide
some of the services provided to the client that are relevant to the clients internal control. The auditor may need to consider
the controls at the subservice organization. Those controls are considered the same way as controls at the service
organization as discussed in this section.
Using Service Auditors Reports
905.20 Types of Service Auditors Reports. A service auditor is an auditor who reports on controls at a service
organization. There are a number of different types of service auditors reports and engagements.
6(64)
The primary reports
that relate to obtaining an understanding of controls at a service organization that are likely to be relevant to user entities
internal control over financial reporting are as follows:
a. Report on Managements Description of a Service Organizations System and the Suitability of the Design of Controls.
This type of report expresses an opinion on whether (a) managements description of the service organizations
system fairly presents the service organizations system that was designed and implemented as of a specified date
and (b) the controls related to the control objectives stated in managements description of the service
organizations system were suitably designed to achieve those control objectives as of the specified date. This type
of report, also known as a type 1 report, may be helpful in providing a sufficient understanding of the service
organization controls. However, this type of report has the following limitations:
(1) This type of report is not intended to provide any evidence of the operating effectiveness of controls that would
support assessing control risk as either low or moderate.
(2) The report gives assurance only with respect to the control objectives specified in the description. There is no
assurance that the specified objectives include all those that would be relevant to the user.
(3) The report may contain a caveat that the stated control objectives may be achieved only if the user entity
applies controls contemplated in the design by the service organization. (The auditor needs to be alert to this
type of caveat and determine whether the user entity has implemented the necessary procedures. For example,
completeness of processing payroll transactions may depend on the user entitys validating that all payroll
records sent were processed by checking a control total.)
b. Report on Managements Description of a Service Organizations System and the Suitability of the Design and
Operating Effectiveness of Controls. This type of report expresses an opinion on whether (a) managements
description of the service organizations system fairly presents the service organizations system that was designed
and implemented throughout the specified period, (b) the controls related to the control objectives stated in
managements description of the service organizations system were suitably designed throughout the specified
period to achieve those control objectives, and (c) the controls related to the control objectives stated in
managements description of the service organizations system operated effectively throughout the specified period
to achieve those control objectives. In other words, it adds tests of the operating effectiveness of controls to the
report on the service organizations system and design (item a) and covers a specified period rather than being as of
a specified date. This type of report, also known as a type 2 report, may be helpful in determining whether controls
have been implemented and assessing control risk at either a low or moderate level when relevant controls are
applied only at the service organization. This type of report is subject to the same limitations as the report on design
with respect to specified control objectives [items a.(2) and a.(3)].
c. Reports on Agreed-upon Procedures. A report on agreed-upon procedures may cover tests of controls, substantive
tests, or both. If the service auditor is engaged to perform procedures at the request of the auditor of the user entity,
the appropriate form of report is an agreed-upon procedures report. Agreement needs to be reached among the
user entity and its auditor and the service organization and service auditor on the specific procedures to be
performed. This type of report may be more effective for the user entity auditor than the more general reports on
internal control because it can be directed to those policies and procedures or financial statement assertions of
direct interest to the user entitys auditor in the circumstances.
905.21 Using a Service Auditors Report. A service auditors report may be used to
7(65)
a. Gather Information When Obtaining an Understanding of Internal Control at the Service Organization and Identifying
Risks. The service auditors report may assist the auditor in obtaining an understanding of relevant controls at the
service organization that affect the processing of the clients transactions, as well as control objectives that affect the
clients financial statement assertions. The report normally provides information about the flow of transactions
through the service organizations system that can aid in identifying where material misstatements can occur. When
a subservice organization is used, the service auditors report generally provides information on those services and
whether the controls at such an organization are included in the scope of the report. A type 1 report may be
sufficient for this purpose. (In this situation, the report is normally obtained during the planning stage of the audit.)
As a practical matter, whenever the client uses a service organization to provide services that are part of the clients
information system, the auditor inquires whether the client has received a service auditors report. If it has, the
auditor reads the report for information that may be useful in planning the audit.
b. Assess Control Risk as Either Low or Moderate for Transactions Processed at the Service Organization to Modify
Substantive Procedures. The service auditors type 1 or type 2 report may provide information about whether
controls at the service organization are suitably designed and implemented to prevent or detect and correct errors in
the clients financial statements. However, only a type 2 report or an agreed-upon procedures report on tests of
controls provides information about the operating effectiveness of relevant controls. The auditor is responsible for
evaluating the evidence provided by the service auditors report and for determining its effect on the control risk
assessment.
c. Obtain Evidence of Balances or Transactions Processed by the Service Organization to Be Used as Part of the
Evidence Necessary to Support the Opinion on Financial Statements. A report on agreed-upon procedures that are
substantive tests would be necessary for this purpose.
905.22 When determining whether the audit evidence provided by a service auditors report is sufficient and appropriate, the
auditor should be satisfied that (1) the service auditor is competent and independent from the service organization and (2) the
standards under which the report was issued are adequate. The auditor normally makes inquiries about the service auditor of
other practitioners and the service auditors professional organization, such as the AICPA. In addition, the auditor typically
determines if the service auditor is subject to licensing requirements and peer reviews. In certain cases, the auditor might use
a service auditors report that is issued under standards other than those established by the AICPA. For example, the service
auditor may practice outside of the United States. In those instances, the auditor should be satisfied about the adequacy of
such standards.
905.23 User entity auditors should evaluate whether a type 1 report is as of a date, or a type 2 report is for a period, that is
appropriate for the user entity auditors purposes. For example, a report that is as of a date or for a period outside the current
reporting period may be useful in obtaining an understanding of the controls placed in operation at a service organization if it
is supplemented with current information from other sources. If the report is as of a date or for a period prior to the beginning
of the period being audited the user entity auditor normally updates the information in the description of controls to determine
whether there have been any changes relevant to the audit. Procedures to update information in the description of controls
may include:
a. Discussions with client personnel in a position to know about changes at the service organization.
b. Reviewing current documentation and correspondence from the service organization.
c. Discussions with service organization personnel.
If significant changes have occurred, the auditor needs to gain an understanding of the changes and consider their effect on
the audit.
905.24 When evaluating whether a type 2 report is for a period that is appropriate for the user auditors purposes, the user
auditor considers the time period covered by the tests of controls and the time elapsed since the tests were performed. For
certain assertions, the shorter the period covered by the tests of controls and the longer the time elapsed since the tests were
performed, the less audit evidence the type 2 report provides. If there is little overlap between the period covered by the
report and the period of reliance by the auditor, the auditor may need an additional type 2 report that covers a preceding or
subsequent period or may need to perform tests of controls at the service organization. If the tests of controls were performed
at an interim date, the auditor may need to obtain additional evidence about significant changes in relevant controls since that
date and determine what additional procedures need to be performed to test the remaining period. If the testing period in a
type 2 report is completely outside the clients financial reporting period, the auditor cannot rely on such tests to conclude
that controls at the service organization are operating effectively unless other procedures are performed. Chapter 6 discusses
the use of audit evidence about the operating effectiveness of controls obtained in prior audits.
905.25 When using the information in a service auditors report as audit evidence to support the understanding of the design
and implementation of controls or, for a type 2 report, to conclude whether controls are operating effectively, the auditor is
required to evaluate the sufficiency and appropriateness of the evidence. For example, the auditor considers the scope of the
service auditors work and the services and processes covered, the controls tested and the tests performed, how the tested
controls relate to the user entitys controls, the results of the service auditors procedures, and the service auditors opinion.
Therefore, the auditor reads the report to determine whether it provides information the auditor needs, for example, by
addressing service organization controls relevant to the assertion the auditor is testing. If the service auditors report is not
sufficient to meet the auditors objectives, the auditor needs to gather the desired information from other sources, such as
those discussed in paragraph 905.8 and paragraph 905.16.
905.26 Complementary Controls. In some cases, the services provided by the service organization are designed on the
assumption that the user entity will implement certain controls. For example, the service organization may design a service
that assumes the user has controls to ensure transactions are properly authorized before being sent to the service
organization. Such controls are referred to as complementary controls. The type 1 or type 2 report may contain a description
of complementary controls. Auditors are required to determine whether such controls are relevant when assessing the risks of
material misstatement and, if so, to obtain an understanding of whether the controls have been designed and implemented by
user entity. When the auditor is using a type 2 report as audit evidence about the operating effectiveness of service
organization controls that depend on complimentary user controls, the auditor should also test the complimentary controls.
906 USE OF A SPECIALIST
906.1 This section discusses the auditors use of work performed by specialists. The section separately discusses
requirements that are effective for audits of periods ending on or after December 15, 2012, and requirements that are effective
for audits of periods ending before that date.
Audits of Periods Ending on or After December 15, 2012
906.2 In the context of the audit, a specialist may fall into one of three categories:
a. Auditors Specialist. This term is applied to individuals or organizations that possess expertise in an area other than
accounting or auditing whose work is used by the auditor. An auditors specialist can either be an internal specialist
within the auditors firm or a network firm or an external specialist. The auditors responsibilities when using the work
of these specialists are primarily addressed in AU-C 620, Using the Work of an Auditors Specialist.
b. Managements Specialist. These are individuals or organizations that have expertise in a field other than accounting
or auditing who are used by the entity to assist in preparing the financial statements. The auditors responsibilities
when using the work these specialists are primarily addressed in AU-C 500, Audit Evidence.
c. Other Specialist. The authors use this term to refer to individuals on the engagement team or other individuals or
organizations with whom the auditor consults who possess expertise in a specialized area of accounting or auditing.
Situations involving those specialists are addressed in AU-C 220, Quality Control for an Engagement Conducted in
Accordance With Generally Accepted Auditing Standards, and AU-C 300, Planning an Audit.
906.3 Objectives and Requirements. Auditing standards contain the following objectives and requirements related to using
the work of a specialist.
906.4 Objectives. The objectives of the auditor regarding the use of an auditors specialist are:
To determine whether to use the work of a specialist.
To determine whether the work of a specialist, when used, is adequate for the auditors purposes.
The auditors objectives when using the work of a managementis specialist or other specialist are not specifically delineated
in the auditing standards. However, the auditor has an overall objective to design and perform audit procedures that will
obtain sufficient appropriate audit evidence to draw reasonable conclusions as a basis for the auditors opinion.
906.5 Requirements. The requirements that should be followed to achieve those objectives with respect to using the work of
a specialist are summarized in Exhibit 9-5.
Exhibit 9-5
Requirements for Use of a Specialist
Effective for Audits of Periods ending on or after December 15, 2012
AU-C
Reference
Guide
Reference
Practice Aids
General
For the engagement partner, be satisfied that the engagement team
and any auditors specialists, collectively, have the appropriate
competence and capabilities to (1) perform the engagement in
accordance with professional standards and applicable legal and
regulatory requirements and (2) enable the issuance of an auditors
report that is appropriate in the circumstances.
AU-C 220.16 ASB-CX-1.1
Consider whether specialized skills are needed in performing the audit. AU-C 300.12 ASB-AP-1
If specialized skills are needed, seek the assistance of a professional
with those skills, who either may be on the auditors staff or an outside
professional.
When a specialist is used, have sufficient knowledge to
communicate the objectives of the specialists work;
evaluate whether the specified audit procedures will meet the
objectives; and
evaluate the results of the audit procedures applied.
Auditors Specialist
If expertise in a field other than accounting or auditing is necessary to
obtain sufficient appropriate audit evidence, determine whether to use
AU-C
Reference
Guide
Reference
Practice Aids
the work of a specialist.
In determining the nature, timing, and extent of procedures, consider
the following:
The nature of the matter to which the work of the specialist relates.
The risks of material misstatement of the matter to which the work
of the specialist relates.
The significance of the specialists work in the context of the audit.
Previous knowledge of, and experience with, work performed by
the specialist.
Whether the specialist is subject to the firms quality control
policies and procedures.
AU-C 620.08 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Evaluate whether the specialist has the necessary competence,
capabilities, and objectivity. In the case of an external specialist, inquire
about interests and relationships that may create a threat to the
specialists objectivity.
AU-C 620.09 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Obtain a sufficient understanding of the field of expertise of the
specialist to:
determine the nature, scope, and objectives of the specialists
work, and
evaluate the adequacy of that work for the auditors purposes.
AU-C 620.10 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Agree, in writing when appropriate, with the specialist regarding the
following:
The nature, scope, and objectives of the specialists work.
The respective roles and responsibilities of the auditor and the
specialist.
The nature, timing, and extent of communication between the
auditor and the specialist, including the form of any report to be
provided by the specialist.
The need for the specialist to observe confidentiality
requirements.
AU-C 620.11 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Evaluate the adequacy of the specialists work for the auditors
purposes, including:
The relevance and reasonableness of the specialists findings and
conclusions and their consistency with other audit evidence.
If the work of the specialist involves the use of significant
assumptions and methods
obtaining an understanding of those assumptions and
methods and
evaluating the relevance and reasonableness of those
assumptions and methods in the circumstances and in
relation to the auditors other findings and conclusions.
If the work of the specialist involves the use of significant source
data, the relevance, completeness, and accuracy of the source
data.
AU-C 620.12 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
AU-C
Reference
Guide
Reference
Practice Aids
If the work of the specialist is not adequate for the auditors purposes
agree with the specialist on the nature and extent of further work
to be performed by the specialist, or
perform additional audit procedures appropriate to the
circumstances.
AU-C 620.13 ASB-AP-1,
Using the Work
of an Auditors
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Do not refer to the work of a specialist in an auditors report containing
an unmodified opinion.
this Guide
a
If reference to the work of an external specialist is relevant to
understanding a modified opinion, indicate in the auditors report that
such reference does not reduce the auditors responsibility for the
opinion.
this Guide
a
Managements Specialist
When information to be used as audit evidence was prepared using
the work of a managements specialist
evaluate the competence, capabilities, and objectivity of the
specialist;
obtain an understanding of the work of the specialist; and
evaluate the appropriateness of the specialists work as audit
evidence for the relevant assertion.
AU-C 500.08 ASB-AP-1,
Using the Work
of a
Managements
SpecialistAudit
s of Periods
Ending on or
after December
15, 2012
Note:
a
Auditors reports are discussed further and illustrative reports are provided in PPCs Guide to Auditors Reports.
* * *
906.6 Using the Work of an Auditors Specialist. AU-C 620, Using the Work of an Auditors Specialist, addresses the
auditors responsibilities when using the work of individuals or organizations that possess expertise in an area other than
accounting and auditing. An auditors specialist can either be an internal specialist within the auditors firm or a network firm
or an external specialist.
906.7 Examples of Auditors Specialists. The following are examples of specialists with expertise in matters other than
accounting and auditing that might be used in an audit engagement:
Appraisers used to value real estate collateral for a note receivable.
Valuation specialists used to value nonfinancial assets and liabilities measured at fair value, such as assets and
liabilities acquired in a business combination, intangible assets, and impaired assets.
Engineers to quantify inventories that are difficult to measure, observe, or estimate, such as stockpiled materials or
oil and mineral reserves.
Actuaries to perform complex calculations, such as determination of future employee benefits or self-insurance loss
reserves.
Environmental consultants used to estimate environmental remediation costs.
Attorneys to interpret legal requirements contained in regulations or contracts.
Valuation specialists to determine the fair value of derivatives and securities using complex valuation models or
pricing structures or to assess the appropriateness of such valuations or estimates obtained from the client,
broker-dealers, or other third parties.
Information technology specialists to assist the auditor in determining the effect of computer processing on the
audit; understanding controls; or designing and performing tests of automated controls over complex computer
systems, including computer applications that transmit, process, maintain, or access significant information about
derivatives and securities.
Tax attorneys who analyze complex and unusual tax compliance matters.
906.8 When determining whether an individual or organization constitutes an auditors specialist for purposes of applying the
guidance in AU-C 620, a key consideration is whether the specialist has expertise in a field other than accounting and
auditing or not. This distinction is important because the requirements that apply to specialists with expertise in a field other
than accounting and auditing are more rigorous than those that apply to individuals with expertise in a specialized area of
accounting and auditing. The reason for this difference is that auditors are considered experts in accounting and auditing and,
as a result, their responsibilities ought to be different when they use the work of someone outside their field of expertise than
when they use the work of someone within their field of expertise.
906.9 Distinguishing between expertise in a specialized area of accounting or auditing and expertise in another field may be
straightforward. For example, an expert in deferred tax accounting can be distinguished from a tax attorney. The latter would
be considered an auditors specialist (a legal expert) while the former would not. However, in some cases making the
distinction may be a matter of professional judgment, especially in emerging areas of accounting or auditing expertise.
Applicable professional rules and standards related to education and competency requirements for accountants and auditors
may help in making that judgment. If an individual has expertise in accounting or auditing as well as another field of expertise
(for example, a tax attorney may also have expertise in accounting), the determination of whether the person is an auditors
specialist depends on the nature of the work performed by the individual.
906.10 An important distinction between auditing standards that apply for periods ending on or after December 15, 2012,
and standards that apply for periods ending before that date, is that, for periods ending on or after December 15, 2012, an
auditors specialist may be a member of the auditors firm. The auditing standards for using the work of a specialist in effect
prior to that date specifically excluded specialists employed by the firm. Consequently, complying with the requirements
discussed in this section may require additional documentation than under previous standards, for example, to evidence the
agreement with the internal specialist as discussed beginning in paragraph 906.22. However, as indicated beginning in
paragraph 906.29, procedures performed with respect to an internal specialist may be less extensive than procedures
performed with respect to an external specialist because the internal specialist is subject to the firms quality control policies.
906.11 General Requirements. All of the general requirements for using the work of specialists in AU-C 300, Planning an
Audit, and AU-C 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing
Standards, as listed in Exhibit 9-6, apply when an auditors specialist is used. AU-C 300.12 establishes a general requirement
for the auditor to consider whether specialized skills are needed to perform the audit. If such specialized skills are needed, the
auditor should seek the assistance of a professional who may be either on the auditors staff or an outside professional. In
addition, the auditor should have sufficient knowledge to:
Communicate the objectives of the specialists work.
Evaluate whether the specified audit procedures will meet the auditors objectives.
Evaluate the results of the audit procedures applied as they relate to the nature, timing, and extent of further audit
procedures.
906.12 Furthermore, AU-C 220.16 establishes a general requirement that the engagement partner be satisfied that the
engagement team and any auditors specialists, collectively, have the appropriate competence and capabilities to:
Perform the audit in accordance with professional standards and applicable legal and regulatory requirements.
Enable the issuance of an auditors report that is appropriate in the circumstances.
906.13 Client Notification. When the auditor uses a specialist that is not employed by the auditors firm, the requirements of
Ethics Ruling No. 112 (ET 191.224.225) under Rule 102, Integrity and Objectivity, may apply. Ethics Ruling No. 112 requires
that clients be informed, preferably in writing, if the audit firm will outsource professional services to a third-party service
provider. If the audit firm intends to use a third-party service provider (that is, an entity not controlled by the audit firm or an
individual not employed by the audit firm), the client should be informed before confidential information is shared with the
service provider. If the client objects, the auditor should perform the services without using the third party or should decline
the engagement. The engagement letter at ASB-CL-1.1 includes suggested language that can be used to inform the client.
Ethics Ruling No. 1 (ET 391.001.002) under ET Section 300, Responsibilities to Clients, requires a contractual agreement
between the audit firm and the service provider to maintain the confidentiality of client information. This rule also requires
members to be reasonably assured that the service provider has procedures in place to prevent the unauthorized release of
confidential information.
906.14 Determining the Need for a Specialist. Whenever specialized expertise in an area other than accounting or auditing is
needed to obtain sufficient appropriate audit evidence, the auditor should determine whether to use the work of a specialist. A
specialist might be needed to assist the auditor in any stage of the audit process, from obtaining an understanding of the
entity to evaluating the audit evidence obtained in order to form an opinion on the financial statements.
906.15 When deciding whether to use the work of an auditors specialist or whether to obtain the needed expertise in other
ways, the auditor might consider factors such as the following:
Whether management has used a specialist in preparing the financial statements.
The nature, significance, and complexity of the matter.
The risk of material misstatement associated with the matter.
The expected nature of procedures to respond to identified risks.
The auditors knowledge of, and experience with, the work of specialists in such matters.
The availability of alternative sources of audit evidence.
906.16 The auditors decision about whether to use an auditors specialist may be influenced by whether management of the
entity has used a specialist. To assist with the decision, the auditor might obtain an understating of certain aspects of
managements use of a specialist. In particular, the auditor might seek to understand:
Whether managements specialist is employed by the entity or is engaged on a contract basis to provide the
services.
The nature, scope, and objectives of the work of the managements specialist.
The competence and capabilities of the specialist.
Whether the specialist is subject to technical performance standards, professional, or industry requirements.
The extent of control or influence exercised by management over the specialists work.
Controls within the entity over the specialists work.
The auditors ability to evaluate the work and findings of the managements specialist without using an auditors
specialist.
906.17 Competence, Capabilities, and Objectivity. AU-C 620.09 requires the auditor to evaluate the specialists competence,
capabilities, and objectivity for the auditors purposes. The auditor is not only concerned with whether the specialist has the
necessary expertise, but also whether the specialist has the available time and resources to achieve the auditors objective.
To evaluate the competence, capabilities, and objectivity of a specialist, the auditor might consider the matters listed in Exhibit
9-6.
Exhibit 9-6
Matters to Consider When Evaluating the Competence, Capabilities, and Objectivity of an Auditors Specialist
Previous experience with the work of the specialist.
Experience of others with the work of the specialist.
Discussions with the specialist.
Professional certifications, memberships in professional bodies or industry associations, licensing, or other external
recognition of competence.
Published papers or books written by the specialist.
Technical performance standards and industry or licensing requirements related to the specialists field of expertise.
Relevance of the specialists field or experience to the matter for which the specialists work will be used.
Competence of the specialist with respect to accounting and auditing requirements that relate to the matter for which the
specialists work will be used.
Unexpected events, changes in conditions, or audit evidence obtained that indicate it may be necessary to reconsider
the initial evaluation of the specialists competence, capabilities, and objectivity.
Circumstances that threaten objectivity, such as self-interests, advocacy, familiarity, self-review, or intimidation.
* * *
906.18 In the case of an auditors external specialist, the evaluation of objectivity should include making inquiries about
interests and relationships that may threaten the specialists objectivity. Inquiries may be made of the entity and the specialist
about financial interests, business or personal relationships, or other services that the specialist may be performing for the
entity. Also, the auditor might discuss with the specialist if there are any safeguards, such as professional requirements, to
reduce those threats to an acceptable level. The auditor may consider obtaining a written representation from the specialist
about such matters.
906.19 When the auditor believes that there are relationships or interests that may impair the specialists objectivity, the
auditor may perform additional procedures relating to the assumptions, methods, or findings of the specialist or engage
another auditors specialist.
906.20 Understanding the Specialists Field of Expertise. AU-C 620.10 requires the auditor to obtain a sufficient
understanding of the specialists field of expertise to (a) determine the nature, scope, and objectives of the specialists work
and (b) evaluate the adequacy of that work for the auditors purposes. The auditor might gain this understanding through
discussions with the specialist, experience in auditing other entities that required such expertise, and education or
professional development in the field of expertise.
906.21 The auditors understanding of the field of expertise would normally include the following:
Whether there are specialty areas within the specialists field that are more relevant to the audit (for example, an
attorney that specializes in income taxes vs. franchise taxes).
Whether any professional or other standards and regulatory or legal requirements apply to the field.
Assumptions, methods, and models used by the specialist and whether they are generally accepted within the field
and appropriate for financial reporting purposes.
The nature of internal and external data used by the specialist.
906.22 Agreement with the Specialist. The auditor is required to reach agreement with the auditors specialist on the following
matters:
a. Nature, scope, and objectives of the specialistis work. Among other things, the agreement might include relevant
technical performance standards or other professional or industry requirements that the specialist will follow. An
important consideration is whether the specialists work is subject to any reservation, limitation, or restriction and the
possible implications of that for the auditor.
b. Roles and responsibilities of the auditor and the auditors specialist. The agreement might address, for example,
responsibilities for detailed testing of source data; consent for the auditor to discuss the specialists findings or
conclusions with the entity or others and to include them in the basis for a modified opinion; any agreement to
inform the specialist of the auditors conclusions about the specialists work; and agreement about access to, or
retention of, each others working papers.
c. Nature, timing, and extent of communication between the auditor and the specialist. Among other things, the
agreement should specify the form of any report to be provided by the specialist. In addition, the auditor might
consider including names of partners and staff that will interact with the specialist and procedures for
communication.
d. Need for the specialist to observe confidentiality requirements. ET 391.001 requires auditors to enter into a
contractual agreement with third-party service providers to maintain the confidentiality of client information. In
addition, other confidentiality requirements might be imposed by law or regulation or by the entity. See also
paragraph 906.13.
The preceding requirements apply regardless of whether the specialist is external to or internal to the audit firm; however,
agreement about the need to observe confidentiality requirements might not be necessary for internal specialists because
they are subject to the same ethical requirements that apply to the auditor.
906.23 The agreement with the specialist is normally in the form of a written engagement letter. However, auditing standards
do not explicitly require a written agreement; instead they specify that the agreement should be in writing when appropriate.
The appendix to AU-C 620 lists matters that the auditor may include in engagement letters or other forms of written agreement
with the specialist.
906.24 If there is no written agreement with the specialist, evidence of the agreement may be included in the audit
documentation, for example, in a planning memo or audit program. Also, the policies and procedures of the audit firm might
provide evidence of agreement for an auditors internal specialist by detailing the policies and procedures that apply to the
use of their work. However, additional documentation may be needed in the workpapers if the firms policies and procedures
are not sufficiently detailed.
906.25 The matters discussed in paragraph 906.29 may affect the level of detail and formality of the agreement with the
auditors specialist, including whether the agreement should be in writing. Factors that may warrant having a more detailed
agreement or putting it in writing might include the following:
The specialist will have access to sensitive or confidential information.
The roles or responsibilities of the parties are different from those normally expected.
Multijurisdictional legal or regulatory requirements apply.
The subject matter is highly complex.
The specialist is new to the auditor.
The work of the specialist is especially significant or used extensively in the audit.
906.26 Evaluating the Adequacy of the Specialists Work. AU-C 620.12 requires the auditor to evaluate the adequacy of the
work of the auditors specialist for the auditors purposes, including the following:
a. Relevance and reasonableness of the specialistis findings and conclusions and their consistency with other audit
evidence. When evaluating the relevance and reasonableness of the specialists findings and conclusions, the
auditor might consider whether the findings and conclusions are (1) presented consistently with relevant standards
of the specialists profession or industry; (2) clearly expressed with reference to the agreed-upon objectives, scope
of work, and standards applied; (3) based on an appropriate period with consideration of relevant subsequent
events; and (4) based on a consideration of errors and deviations that the specialist found.
b. Significant assumptions and methods used by the specialist. The auditor should obtain an understanding of the
specialists assumptions and methods and evaluate their relevance and reasonableness. The auditors evaluation
should consider the rationale and support provided by the specialist and take into account the auditoris other
findings and conclusions. Factors relevant to evaluating whether the assumptions and methods are appropriate and
reasonable include whether they are: (1) generally accepted in the specialistis field; (2) consistent with GAAP; (3)
consistent with those used by management and, if not, the reasons and effects of differences; and (4) dependent on
the use of specialized models.
c. Relevance, completeness, and accuracy of significant source data used by the specialist. The auditor or the
specialist may test source data used by the specialist. For example, if the source data is highly technical in the
specialists field, the specialist may test the data. In such cases, the auditor may make inquires of the specialist or
might supervise or review the tests performed by the specialist in order to evaluate the datas relevance,
completeness, and accuracy. Procedures performed to test source data may include verifying the origin of the data,
including understanding and possibly testing internal controls over the data and its transmission, and reviewing the
data for completeness and internal consistency.
906.27 When evaluating the adequacy of the specialists work, the auditor might perform one or more of the following
procedures:
Inquire of the specialist.
Review the specialists workpapers and reports.
Observe the specialists work.
Examine published data, such as statistical reports.
Confirm relevant matters with third parties.
Perform detailed analytical procedures.
Reperform the specialists calculations.
Inquire of other specialists when, for example, the findings or conclusions of the auditors specialist are not
consistent with other audit evidence.
Discuss the specialists report with management.
906.28 If the work of the specialist is not adequate for the auditors purposes, the auditor is required to (1) agree with the
specialist on the nature and extent of additional work that the specialist needs to do to remedy the situation or (2) perform
additional audit procedures. In some cases, both the auditor and the specialist may need to perform additional procedures or
the auditor may find it necessary to engage another specialist.
906.29 Considering the Nature, Timing, and Extent of Audit Procedures. The auditors procedures discussed in paragraphs
906.14906.28 are likely to vary based on the circumstances. When determining the nature, timing, and extent of those
procedures, AU-C 620.08 requires consideration of the following:
a. The nature of the matter to which the specialists work relates.
b. The risks of material misstatement of the matter.
c. The significance of the specialists work in the context of the audit.
d. Previous knowledge of, and experience with, work performed by the specialist.
e. Whether the specialist is subject to the audit firms quality control policies and procedures (that is, for internal
specialists and those in a network firm that shares common quality control procedures).
906.30 Factors may be present that indicate the need to apply more extensive or different procedures relating to the
specialist and his or her work. For example, the auditor may consider it necessary to increase procedures for verifying the
competence, capabilities, and objectivity of the specialist; expand the depth of understanding of the specialists field; obtain a
detailed, written engagement letter; or obtain additional or more reliable audit evidence regarding the adequacy of the
specialists work, if one of more of the following factors are present:
The work of the specialist relates to a significant finding or issue involving subjective and complex judgments.
The specialist is new to the auditor and there is no prior knowledge of the competence, capabilities, and objectivity
of the specialist.
Procedures performed by the specialist are integral to the audit versus limited to providing advice on an individual
matter.
The specialist is an external specialist and not subject to the audit firms quality control policies and procedures.
906.31 References to the Specialist in the Auditors Reports. An auditor should not make reference to the work of a specialist
in a report with an unmodified opinion. However, if the auditor issues a modified opinion, it may be necessary to make
reference to the work of an external specialist if it is relevant to understanding the modification. If reference is made to the
work of the specialist in such situations, the auditor is required to indicate in the report that the reference does not reduce the
auditors responsibility for the opinion. When reference to the specialist is necessary, the auditor may need the specialists
permission before the reference is made. Auditors might consider detailing such potential communications in the agreement
with the specialist discussed beginning in paragraph 906.22. Additional reporting guidance can be found in PPCs Guide to
Auditors Reports.
906.32 Using the Work of a Managements Specialist. Management may use a specialist with expertise in a field other than
accounting or auditing to assist with the preparation of the financial statements. Such specialists may be employees of the
entity or may be external specialists engaged by the entity. Management uses such specialists because it does not have the
expertise that is necessary in a particular area to prepare its financial statements. For example, management may hire an
actuary to determine the obligation for pension benefits. Depending on the nature of the transaction, the failure by
management to use a specialist increases the risks of material misstatement and may result in a significant deficiency or
material weakness in internal control. Managements specialists may be hired for the same purposes indicated in paragraph
906.7 for auditors specialists.
906.33 When the work of a managements specialist is used by an entity in the preparation of its financial statements, the
auditor may use the specialists work as audit evidence. In those situations, AU-C 500.08 requires the auditor to:
a. Evaluate the competence, capabilities, and objectivity of the specialist.
b. Obtain an understanding of the specialists work.
c. Evaluate the appropriateness of the work as audit evidence for the relevant assertion.
In broad terms, these requirements are similar to the requirements for using the work of an auditors specialist as discussed
906.34 Competence, Capabilities, and Objectivity. When evaluating the competence, capabilities, and objectivity of a
managements specialist, the auditor might consider the matters listed in Exhibit 9-7 for an auditors specialist. Also, an
auditors specialist that assists in obtaining evidence about information produced by a managements specialist might be
another source used by the auditor for evaluating the competence, capability, and objectivity of managements specialist.
906.35 When evaluating the specialists objectivity, the matters and guidance discussed in paragraph 904.19 regarding
threats to objectivity and applicable safeguards are relevant. However, the auditor generally does not obtain a written
representation from a managements specialist as might be done for an auditors specialist. In addition, specialists who are
employees of the entity cannot be considered more objective than any other employee of the entity.
906.36 Understanding the Work of Managements Specialist. As part of understanding the work of managements specialist,
the auditor obtains an understanding of the specialists field of expertise similar to that discussed for an auditors specialist
beginning in paragraph 906.20. The auditor might gain this understanding through discussions with the specialist, experience
in auditing other entities that required such expertise, and education or professional development in the field of expertise. In
addition, the auditors understanding of the specialists field of expertise might include the matters outlined in paragraph
906.21 for auditors specialists.
906.37 When a managements specialist is engaged by the entity, an engagement letter between the entity and the specialist
normally exists. The auditor might review the letter as part of understanding the work of the specialist. In particular, the letter
might provide information about the appropriateness of the following:
Nature, scope, and objectives of the specialists work.
Respective roles and responsibilities of management and the specialist.
Nature, timing, and extent of communication between management and the specialist, including the form of any
report to be provided by the specialist.
When managements specialist is employed by the entity, an engagement letter might not exist. In that case, the auditors
understanding of the preceding matters is normally obtained through inquiries of the specialist and appropriate members of
management.
906.38 Evaluating the Work of Managements Specialist. AU-C 500.A49 notes that when evaluating the appropriateness of
the work of managements specialist as audit evidence for a relevant assertion, the auditor might consider:
The relevance and reasonableness of the specialists findings or conclusions, their consistency with other audit
evidence, and whether they are appropriately included in the financial statements.
The relevance and reasonableness of any significant assumptions and methods used.
The relevance, completeness, and accuracy of significant source data used.
The authors believe that the guidance discussed beginning in paragraph 906.26 relating to the auditors evaluation of the
adequacy of the work of an auditors specialist generally applies to evaluation of the work of a managements specialist.
906.39 Other Specialists. As discussed in paragraph 906.2, this term is used by the authors to refer to individuals on the
engagement team or other individuals or organizations with whom the auditor consults who possess expertise in a specialized
area of accounting or auditing. Since the auditor has expertise in the field of accounting and auditing, many of the explicit
requirements relating to specialists discussed beginning in paragraphs 906.6 and 906.32 do not apply to an individual or
organization with expertise in a specialized area of accounting or auditing. Individuals with expertise in a specialized area of
accounting or auditing might include experts in accounting for business combinations, postretirement benefits, complex
financial instruments, or income taxes.
906.40 Specialists on the Engagement Team. Specialists in an area of accounting or auditing who are members of the
engagement team may include individuals who are employees of the firm or nonemployees engaged by the firm. However,
individuals who provide only consultation are not considered to be members of the engagement team. (AU-C 220 provides
guidance for consultation and notes that an engagement team can consult outside the firm when the firm lacks appropriate
internal resources.)
906.41 Auditors using the work of specialists on the engagement team are subject to the general requirements in Exhibit 9-6.
In addition, AU-C 220.A19 indicates that when the engagement team includes a member with expertise in a specialized area
of accounting or auditing, direction, supervision, and review of the persons work is the same as for any other engagement
team member. Among other things, that includes:
Agreement with the team member about the nature, scope, and objectives of the individuals work, their role on the
engagement team, and communication responsibilities.
Evaluating the adequacy of the team members work, including the relevance and reasonableness of findings or
conclusions and their consistency with other audit evidence.
Therefore, an individual with expertise in a specialized area of accounting or auditing who is a member of the engagement
team is responsible for fulfilling all of the professional standards that apply to engagement teams and their individual
members.
Audits of Periods Ending before December 15, 2012
906.42 AU 336 applies to specialists hired by the client or the auditor, including specialists engaged by the client for advisory
services who are employees of the auditors firm. Paragraph 906.7 provides examples of specialists with expertise in fields
other than accounting and auditing that the auditor might use. AU 336 does not apply to specialists employed by the auditors
firm or outside professionals who effectively function as members of the audit team. For instance, if the auditors firm employs
an appraiser and uses that appraiser as part of the audit team to evaluate carrying values of properties, then AU 336 does not
apply. AU 311, Planning and Supervision, applies in that situation. Also, if the auditor uses an IT specialist, whether employed
by the auditors firm or on a contract basis, as part of the audit team to help determine the effect of information technology on
the audit, understand the companys controls, or design and perform tests of controls (when applicable) and substantive
tests, AU 311, rather than AU 336, applies to the work of that specialist.
906.43 AU 336 requires the auditor to evaluate the professional qualifications of the specialist to determine that the specialist
possesses the necessary skills and knowledge in the particular field. The following are suggested considerations when
evaluating the professional qualifications:
Professional certification, license, or other recognition of competence in the specialists field.
The specialists reputation and standing in the views of peers and others familiar with the specialists capability and
performance.
Experience of the specialist in the type of work to be performed.
906.44 The auditor should also gain an understanding of the nature of the work performed by the specialist. The auditor
should:
Understand the objectives and scope of the specialists work and the appropriateness of using it for the intended
purpose.
Evaluate the relationship of the specialist to the client. AU 336 does not prohibit using specialists who are employees
of or related to the client as long as the relationship does not impair the specialists objectivity. Objectivity might be
impaired if the client can directly or indirectly control or significantly influence the specialist because of an
employment, ownership, contractual right, or family relationship with the specialist. In such circumstances, the
auditor should assess the risk that the specialists objectivity may be impaired and may need to perform additional
procedures to test the reasonableness of the specialists assumptions, methods, or findings. The auditor might
decide that another specialist should be engaged for this purpose.
Understand the methods and assumptions used by the specialist and compare them with those used in the
preceding period.
Make appropriate tests of the data, whether financial or nonfinancial, provided to the specialist (such as the number
of employees or other employee data included in pension information provided to an actuary), taking into account
the auditors assessment of control risk. The implication is that the auditor would need to substantiate data provided
to the specialist unless the data is produced by a system with a relatively low control risk. Also, the extent of testing
considered necessary would depend on the nature and materiality of the related financial statement assertion.
Evaluate whether the specialists findings support particular financial statement assertions.
Those considerations should generally be documented in the audit workpapers.
906.45 AU 336 states that, normally, the auditor should not make reference to the specialist in an unqualified audit report
because doing so might imply that the audit opinion is qualified or that the auditor is not taking responsibility for the work of
the specialist. However, the auditor may mention a specialists work when a qualified or adverse opinion is issued.
906.46 When the auditor uses a specialist that is not employed by the auditors firm, the requirements of Ethics Ruling No.
112 (ET 191.224.225) under Rule 102, Integrity and Objectivity, may apply. Revised Ethics Ruling No. 112 requires that
clients be informed, preferably in writing, if the audit firm will outsource professional services to a third-party service provider.
If the audit firm intends to use a third-party service provider (that is, an entity not controlled by the audit firm or an individual
not employed by the audit firm), the client should be informed before confidential information is shared with the service
provider. If the client objects, the auditor should perform the services without using the third party or should decline the
engagement. The engagement letter at ASB-CL-1.1 includes suggested language that can be used to inform the client. Ethics
Ruling No. 1 (ET 391.001.002) under ET Section 300, Responsibilities to Clients, requires a contractual agreement between
the audit firm and the service provider to maintain the confidentiality of client information. This rule also requires members to
be reasonably assured that the service provider has procedures in place to prevent the unauthorized release of confidential
information.
907 USE OF INTERNAL AUDITORS
907.1 Some larger clients may have formal internal audit functions that perform a variety of duties, including documentation
and testing of internal controls, testing of physical inventory counts, and other procedures. Other clients may assign various
internal audit duties to operations or financial personnel, but they do not have a formal internal audit function. This section
applies to audits of entities that have formal internal audit functions.
907.2 Internal audit is an aspect of an entitys internal control, and the auditor should obtain an understanding of it as part of
the overall understanding of internal control as discussed in Chapter 3. In addition, if the entity has internal auditors, AU-C
240, Consideration of Fraud in a Financial Statement Audit (AU-C 240.19), notes that the auditor should inquire of them about
the risks of fraud. The specific inquires are listed in ASB-CX-3.3, Fraud Risk Inquiries Form. After obtaining that
understanding, the auditor may be able to use internal auditors to reduce the work on the financial statement audit if their use
is efficient. Internal auditors may be used in the following ways:
a. Direct Use. The auditor may use internal auditors to perform certain procedures (such as performing tests of
controls or substantive tests) under the external auditors direction and supervision.
b. Indirect Use. The auditor may be able to use the regular work performed by the internal auditors during the year to:
(1) assist in obtaining an understanding of internal control (such as by obtaining documentation relating to the
entitys internal control and responding to the auditors inquiries), and
(2) modify the nature, timing, or extent of further audit procedures (i.e. tests of controls or substantive procedures).
An auditor may use internal auditors or their work in one or a combination of ways on a given audit engagement. The
following paragraphs discuss general considerations for using internal auditors as well as considerations for both direct and
indirect use.
Assessing the Competence and Objectivity of Internal Auditors
907.3 Before using internal auditors to reduce the work required on the financial statement audit, the auditor should first
assess the objectivity and competence of the internal auditors. That assessment helps determine the degree to which the
external auditors can make use of the internal auditors. The auditor bases the assessment on information obtained from prior
experience with the internal auditors, discussions with management, and other sources.
907.4 According to AU-C 610, The Auditors Consideration of the Internal Audit Function in an Audit of Financial
Statements,
8(66)
assessing the competence of the internal auditors should include consideration of such factors as the
following:
a. The internal auditors:
(1) Education and experience.
(2) Professional certifications.
(3) Continuing professional education.
(4) Performance evaluations.
b. Internal audit policies, programs, and procedures.
c. Practices for assigning internal auditors to specific tasks or projects.
d. Supervision and review of internal auditors activities.
e. Quality of the internal auditors workpaper documentation, reports, and recommendations.
907.5 According to AU-C 610, assessing the objectivity of internal auditors should include consideration of such factors as
the following:
a. Organizational status of the internal auditor who is responsible for the internal audit function, such as whether:
(1) the internal auditor reports to an officer with sufficient authority to ensure (a) broad internal audit coverage and
(b) adequate consideration of, and action on, the internal auditors findings and recommendations;
(2) the internal auditor has direct access and reports regularly to the board of directors or audit committee; and
(3) the board of directors or audit committee oversees employment decisions relating to the internal auditor.
b. Policies that maintain the internal auditors objectivity with respect to specific areas. Examples of such policies
include those that prohibit internal auditors from auditing areas where:
(1) they were recently assigned or are about to be assigned after transferring from internal audit, and
(2) they have relatives in important or audit-sensitive positions.
In certain instances, internal auditors may be involved in original accounting functions, such as reconciliation of bank
accounts. The authors believe that internal auditors would not be considered objective in those areas, and reduction of the
independent auditors work based on the internal auditors work in those areas would not be appropriate.
Using Internal Auditors Directly
907.6 AU-C 610 indicates that internal auditors may be used to provide direct assistance to the auditor by performing some
aspect of the auditors work. Examples of direct assistance include the following:
a. Obtaining an Understanding of Internal Control. Internal auditors can assist in the preparation of the control
environment, risk assessment, information and communication, and monitoring portions of the Understanding the
Design and Implementation of Internal Control form (ASB-CX-4.1) and in the preparation of the Financial Reporting
System Documentation Forms (ASB-CX-4.2).
b. Performing Tests of Controls. Internal auditors can perform certain tests of controls, such as reperformance or
document inspection tests, which can make tests of controls more cost-effective to use.
c. Performing Substantive Tests. Internal auditors can perform routine substantive tests, especially in nonsubjective
areas, such as the following:
(1) Procedures relating to confirmations with customers, including investigation of responses with exceptions or
application of alternate procedures for nonreplies.
(2) Tests of account reconciliations.
(3) Tracing inventory test counts to the inventory detail and inventory price testing.
(4) Tests of details of specific transactions, such as asset purchases and sales.
907.7 AU-C 610 provides the following guidance regarding the direct use of internal auditors:
a. Competence and Objectivity of the Internal Auditors. The independent auditor should assess the internal auditors
competence and objectivity.
b. Nature of the Audit Area. The extent to which internal auditors work can be used to reduce the independent auditors
work is a matter of judgment based on the following:
(1) The materiality of the audit area.
(2) The assessed risk of material misstatement for the assertions being tested.
(3) The amount of judgment involved in evaluating the results of the tests being performed.
As those factors increase, the extent to which internal auditors can be used decreases. Accordingly, it is generally
more efficient to use internal auditors for routine, nonsubjective procedures and low-risk assertions in significant
audit areas because that allows the independent auditor to achieve greater reductions in his or her own work.
c. Responsibilities of the Independent Auditor. The independent auditor should supervise, review, evaluate, and test
the internal auditors work to the extent considered necessary. The authors believe that the extent of the supervision,
review, and testing required should be based on the two preceding factorscompetence and objectivity of the
internal auditors and the nature of the audit area. However, regardless of the circumstances, the independent
auditor should:
(1) inform the internal auditors about matters relevant to their procedures (such as their responsibilities, objectives
of their tests, and possible accounting or auditing issues), and
(2) explain that all significant accounting and auditing issues that are identified by the internal auditors should be
brought to the independent auditors attention.
Also, the independent auditor generally should test some of the internal auditors work by reperforming some of their
procedures.
Using Internal Auditors Indirectly
907.8 AU-C 610 indicates that independent auditors can use internal auditors indirectly by using the internal auditors regular
work during the year to reduce the work needed for the financial statement audit. The following are examples of how that work
can be used:
a. Understanding of Internal Control. Internal auditors often prepare their own documentation of the entitys internal
control, and the independent auditor may be able to use that documentation in obtaining an understanding of
internal control. For example, if the internal auditor has prepared a flowchart of the sales/accounts receivable
system, the external auditor may review the flowchart to obtain an understanding of the system in lieu of preparing
the Financial Reporting System Documentation FormSignificant Transaction Classes (ASB-CX-4.2.1). (The
external auditor would obtain a copy of the internal auditors documentation for the workpapers.)
b. Modifying the Nature, Extent, and Timing of Further Audit Procedures. The internal auditors work may provide
sufficient evidence that will allow the independent auditor to modify the nature, extent, and/or timing of tests of
controls (when assessing control risk at either a moderate or low level) or substantive procedures. For example:
(1) If the internal audit work is equivalent to tests of controls, that may allow the auditor to modify the nature,
extent, or timing of control testing the auditor might otherwise have done.
(2) The role and organization of internal auditors within the entity along with the nature of their testing may
contribute to a strong control environment and, correspondingly, a lower assessment of risks at the financial
statement level. As a result, the auditor may have a higher level of confidence that would allow the performance
of audit procedures at an interim date, modification of the nature of audit procedures where, in some cases,
less persuasive audit evidence might be needed, or reduction in the extent of evidence that is needed.
(3) If the internal audit work is equivalent to substantive tests (such as confirmation of accounts with customers),
the auditor may be able to consider that as evidence provided from other substantive procedures. In sampling
applications, the internal auditors work might be used to reduce the other procedures risk, which in turn would
reduce the sample size. In nonsampling applications, the internal auditors work might be used to reduce the
desired percentage of coverage from scope testing. In addition, on multilocation engagements, if the internal
auditors have performed relevant work at various locations during the year, the auditor may coordinate work
with the internal auditors and reduce the number of locations at which the auditor may need to perform
procedures.
907.9 The extent of modification to the nature, extent, and timing of further audit procedures is a matter of judgment based
on such factors as the following:
The nature, timing, and extent of the internal auditors work.
The results of the internal auditors work (such as the number and types of deviations or misstatements noted).
The competence and objectivity of the internal auditors, as discussed beginning in paragraph 907.3.
The quality and extent of documentation of the internal auditors work.
The nature of the assertions involved.
The authors believe that the effectiveness of the internal audit function should be taken into account when the auditor makes
his or her risk assessments that are documented at the Risk Assessment Summary Form (ASB-CX-7.1). In some cases,
depending on the nature of the risks, an effective internal audit function may be a mitigating factor that allows the auditor to
reduce his or her risk assessments in certain areas.
907.10 When using the work of the internal auditor indirectly, the auditor has a responsibility to test the work of the internal
auditor. The extent of the tests depends on the auditors judgment about the importance of the audit objectives. As discussed
in paragraph 907.7, tests may include reperformance of procedures performed by the internal auditor. In addition, the auditor
may examine similar items and observe the internal auditors procedures. For example, the auditor may perform certain
inquiry and observation tests of internal audit work when the internal auditors are providing indirect assistance to the auditor.
907.11 Other factors to consider when testing the regular work performed by the internal auditor throughout the period
include whether:
The scope of the work is appropriate to meet the external auditors objectives.
The audit programs are adequate.
The internal auditors workpapers adequately document the work performed (including appropriate supervision and
review).
Conclusions reached are appropriate in the circumstances.
Reports are consistent with the results of the work performed.
907.12 While considering the scope of work and audit programs of internal auditors, determine whether the internal auditor
has had unrestricted access to corporate as well as local records and personnel. For example, does the internal auditor have
unrestricted access to the computerized general ledger? Are there areas, such as officers travel and entertainment expenses
that are off-limits to the internal auditors? Limitations on the scope of the internal auditors work have implications for the
objectivity of internal auditors as well as the effectiveness of their work.
907.13 Coordination with Internal Audit. The auditor normally determines the internal auditors audit plan for the period
under audit if the auditor intends to indirectly use the work of the internal auditor. If the work of the internal auditor is a
significant factor in determining the nature, timing, and extent of the auditors procedures, it is desirable for the internal auditor
and external auditor to agree in advance on the extent of audit coverage (such as sample sizes and locations visited) and the
extent of the external auditors supervision and review.
907.14 When the audit plan anticipates that the work of the internal auditor is a significant factor influencing the nature,
timing, and extent of audit procedures, the auditor might consider including the involvement of internal auditors as a matter in
the engagement letter (as discussed in Chapter 2) and in the communication to those charged with governance (as
discussed in section 1814).
Documentation
907.15 When using the work of internal auditors, either directly or indirectly, the auditor ordinarily documents the following in
the workpapers:
The auditors assessment of the competency and objectivity of the internal audit function and the basis for that
assessment.
The areas in which the auditor is using the work of the internal auditors and whether the auditor is using the internal
auditor directly or indirectly.
The procedures performed to test the work of the internal auditors.
Any significant findings or issues discussed with internal auditors.
The auditors documentation of these items may be in the form of a memo. As mentioned in paragraph 907.2, the inquires of
internal auditors about fraud required by AU-C 240 can be documented in ASB-CX-3.3.
Caution about Overusing the Work of Internal Auditors
907.16 Independent auditors should be careful not to overuse the work of internal auditors. The independent auditor is
ultimately responsible for the results of the financial statement audit, and, therefore, he or she should make the risk
assessments and judgments about such matters as materiality, sufficiency of audit evidence, and evaluation of results of audit
procedures. In addition, the independent auditor normally performs his or her own tests for audit areas or assertions in which
either the risk of material misstatement or the degree of subjectivity involved is high. Examples of such areas include the
following:
Assessing the adequacy of the allowance for obsolete inventory.
Assessing the need for accrual or disclosure of loss contingencies.
Assessing the need for disclosure of related-party transactions or subsequent events.
In the preceding examples, internal auditors may assist in gathering information in those areas, but the independent auditor
should make the decisions and judgments. (As discussed in paragraph 907.9, the auditor normally considers the
effectiveness of the internal audit function when making risk assessments that are documented at ASB-CX-7.1.) Furthermore,
for those areas or assertions in which use of internal auditors is appropriate, the independent auditor should generally
reperform some of the internal auditors work rather than merely relying on a review of their workpapers.
908 AUDITING SUPPLEMENTARY INFORMATION
908.1 The following authoritative literature provides guidance related to responsibilities for financial and nonfinancial
information outside the basic financial statements:
AU-C 720, Other Information in Documents Containing Audited Financial Statements.
AU-C 725, Supplementary Information in Relation to the Financial Statements as a Whole.
AU-C 730, Required Supplementary Information.
908.2 AU-C 730 is beyond the scope of this Guide. Under AU-C 720 and AU-C 725, auditors reporting responsibilities are as
follows:
AU-C 720 Other Information in Documents Containing Audited Financial Statements applies to information in
documents containing audited financial statements and the auditors report. Other information is defined as
financial and nonfinancial information (other than the financial statements and the auditors report thereon) that is
included in a document containing audited financial statements and the auditors report thereon, excluding required
supplementary information. If the auditor is not engaged to report on other information, he or she has no
responsibility for determining whether the information is properly stated, but should read the other information to
identify material inconsistencies with the financial statements.
AU-C 725, Supplementary Information in Relation to the Financial Statements as a Whole applies whenever the
auditor is engaged to report on whether supplementary information presented outside the basic financial statements
is fairly stated, in all material respects, in relation to the financial statements as a whole. Supplementary information
is defined as information presented outside the basic financial statements, excluding required supplementary
information, that is not considered necessary for the financial statements to be fairly presented in accordance with
the applicable financial reporting framework. Such information may be presented in a document containing the
audited financial statements or separate from the financial statements.
Other Information in Documents Containing Audited Financial Statements
908.3 As indicated in the preceding paragraph, AU-C 720 applies to other information in documents containing audited
financial statements and the auditors report. Documents containing audited financial statements refers to annual reports (or
similar documents) that are issued to owners or similar stakeholders). The guidance in AU-C 720 might also be applied,
adapted as necessary, to other documents where the auditor has devoted attention at managements request. Examples of
other information might include:
Reports by management or those charged with governance.
Financial summaries or highlights.
Employment data.
Planned capital expenditures.
Financial ratios.
Names of officers and directors.
Selected quarterly data.
908.4 The auditor is required to read other information in the document to identify any material inconsistencies with the
audited financial statements. The reason for this requirement is that the other information may undermine the creditability of
the audited financial statements if there are material inconsistencies between the audited financial statements and the other
information. To implement this requirement, the auditor should make appropriate arrangements with management or those
charged with governance to obtain the other information before the report release date. If it is not possible to obtain the other
information before the report release date, the auditor should read it as soon as practicable.
908.5 If the auditors reading of the other information identifies a material inconsistency with the audited financial statements,
the auditor should determine which needs to be revised. When the audited financial statements require revision and
management refuses to make the revision before the date of the auditors report, the auditor should modify the auditors
opinion. When the other information requires revision and management refuses to make the revision before the date of the
auditors report, the auditor should notify those charged with governance and consider the effect on the auditors report and
the engagement. The auditors alternatives are generally as follows:
Include a paragraph in the auditors report that describes the material inconsistency, but does not modify the
opinion.
Withhold the auditors report.
Withdraw from the engagement unless that is not possible under applicable law or regulation.
Selection of the appropriate alternative may be based on advice from the auditors legal counsel.
908.6 If the auditor becomes aware of an apparent material misstatement of fact rather than an inconsistency, the auditor
should discuss the matter with management and consider any advice received by management from its legal counsel. If the
auditor continues to believe that there is a material misstatement of fact that management refuses to correct, the auditor
should notify those charged with governance and take any further appropriate action, such as obtaining advice of legal
counsel, withholding the auditors report, or withdrawing from the engagement.
908.7 If the auditor does not become aware of a material inconsistency until after the date of the auditors report or the report
release date and the financial statements require revision, the auditor should apply the relevant requirements in AU-C 560,
Subsequent Events and Subsequently Discovered Facts. (See section 1818.) If the other information requires revision and
management agrees to make the revision, the auditors procedures may include reviewing steps taken by management to
ensure users are informed of the need for revision. If management refuses to revise other information that requires revision,
the auditor should notify those charged with governance and take any further appropriate action, such as obtaining advice of
legal counsel.
908.8 The auditor should communicate the following information with those charged with governance:
The auditors responsibility with respect to the other information (typically communicated in the engagement letter).
Procedures performed relating to the other information.
The results of the auditors procedures.
Supplementary Information
908.9 AU-C 725 applies when the auditor has been engaged to report on whether supplementary information is fairly stated,
in all material respects, in relation to the financial statements as a whole. Supplementary information is presented outside the
basic financial statements and is not considered necessary for the financial statements to be fairly presented in accordance
with GAAP.
908.10 The manner of reporting depends on whether the supplementary information is presented separate from the financial
statements or presented with the audited financial statements. When the supplementary information is presented with the
financial statements, the auditor should report on it either in a separate paragraph following the opinion paragraph in the
auditors report on the financial statements or in a separate report. When the supplementary information is presented separate
from the financial statements, the auditor should report on it in a separate report. The audit programs and practice aids in this
Guide assume that the auditor has been engaged to report on supplementary information that will be presented with the
audited financial statements.
908.11 The Auditors Objective and Procedures. The auditors objective is to evaluate the presentation and report on
whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements as a
whole. The requirements the auditor should follow to achieve that objective are as follows:
Determine that specified conditions are met, including that (a) the supplementary information is derived from, and
relates directly to, the underlying accounting records used to prepare the financial statements, (b) the
supplementary information relates to the same period as the financial statements, (c) the financial statements were
audited and the auditor served as the principal auditor, (d) neither an adverse opinion nor disclaimer was issued on
the financial statements, and (e) the supplementary information will accompany the financial statements or the
financial statements will be made readily available to users.
Obtain the agreement of management that it acknowledges and understands its responsibility (a) for preparation of
the supplementary information, (b) to provide written representations, (c) to include the report on the supplementary
information in any document that contains the supplementary information and indicates that the auditor reported on
it, and (d) to present the supplementary information with the audited financial statements or make the financial
statements readily available to users.
Perform specified procedures in addition to the procedures performed during the audit of the financial statements.
908.12 The additional procedures should be performed using the same materiality level used in the audit of the financial
statements and include the following:
Inquiring of management about the purpose of the information and criteria used to prepare it.
Determining whether the supplementary information complies with the criteria.
Obtaining an understanding of preparation methods and determining whether methods have changed and the
reasons for changes.
Comparing and reconciling the information to the underlying accounting and other records used to prepare the
financial statements or to the financial statements themselves.
Inquiring about significant assumptions or interpretations underlying measurement or presentation.
Evaluating the appropriateness and completeness of the information considering the results and knowledge
obtained during the audit of the financial statements.
Obtaining certain specified written representations from management. (The illustrative management representation
letters at ASB-CL-3.5 and ASB-CL-3.5 contain the required representations.)
The auditor has no responsibility to consider subsequent events with respect to the supplementary information unless that
information affects the financial statements and comes to the auditors attention before release of the report on the financial
statements. If information about subsequent events that may have resulted in a report revision comes to the auditors attention
after release of the report, the auditor should consider the requirements for subsequently discovered facts in section 1818.
908.13 The Auditors Reporting on Supplementary Information. Whether the adds a paragraph to the s report or issues a
separate report, the paragraph or report should include a statement that
the audit was conducted for the purpose of forming an opinion on the financial statements as a whole,
the supplementary information is presented for purposes of additional analysis and is not a required part of the
financial statements,
the supplementary information is the responsibility of management and was derived from, and relates directly to, the
underlying accounting and other records used to prepare the financial statements,
the supplementary information has been subjected to the auditing procedures applied in the audit of the financial
statements and certain additional procedures in accordance with U.S. generally accepted auditing standards,
the additional procedures included comparing and reconciling such information directly to the underlying
accounting and other records used to prepare the financial statements or to the financial statements themselves and
other additional procedures,
the supplementary information is fairly stated, in all material respects, in relation to the financial statements as a
whole (when the auditor has so concluded and has issued an unmodified opinion on the financial statements).
When the auditor has issued a qualified opinion on the financial statements and the qualification affects the supplementary
information, the opinion on the supplementary information should also be qualified.
908.14 A separate report on supplementary information, in addition to the information in paragraph 908.13, should include a
reference to the report on the financial statements, the date of that report, the nature of the opinion on the financial
statements, and any report modifications. The date of the report on the supplementary information should not be earlier than
the date on which the auditor completed the required procedures on the supplementary information. If the auditor expressed
an adverse opinion or disclaimed an opinion on the financial statements, the auditor is precluded from expressing an opinion
on the supplementary information as indicated in paragraph 908.12. In that case, the auditor may withdraw from the
engagement if permitted by law or regulation or may disclaim an opinion on the supplementary information.
908.15 If the supplementary information is materially misstated in relation to the financial statements as a whole, the auditor
should discuss the matter with management and propose appropriate revisions. If the revisions are not made, the auditor
should either modify the opinion on the supplementary information and describe the misstatement in the auditors report or
withhold the report on the supplementary information if it is being issued as a separate report.
909 USING COMPUTERIZED DATA EXTRACTION TECHNIQUES
Introduction
909.1 Computer-assisted audit techniques (CAATs) is a broad term referring to the use of software in conducting an audit.
Some popular examples of CAATs are as follows:
Trial Balance Software automates the trial balance preparation and maintenance process and allows for analysis of
period changes in balances.
Spreadsheets are used for calculations and analysis of transactions or activity comprising accounts or other financial
statement components.
Word Processing Software may be used for preparing confirmations, memos, and financial statements.
Flowchart Software may be used for documenting aspects of the clients internal control such as the financial
reporting system.
Databases may be used to maintain large sets of information for tracking and reporting purposes.
Electronic Workpapers may serve as an electronic version of audit workpapers (for example, PPCs Checkpoint
Tools). Section 807 discusses electronic workpapers and PPCs Checkpoint Tools.
Text Retrieval Systems allow users to search libraries of information for key terms or other information.
Data Extraction Software (DES) allows an auditor to extract information from the clients computer files for analysis
and testing.
909.2 Since most clients now maintain much of their information electronically, DES is a common and important audit tool. It
is especially important for situations in which the client maintains very large data files or processes substantially all of its
activities electronically. This section discusses the factors to consider when deciding whether to use DES and explains the
key considerations for implementing it on a financial statement audit.
Overview
909.3 Data extraction software enables an auditor to analyze information that is downloaded from a clients computer system.
Once the information is downloaded, an auditor can perform a variety of tasks on electronic data using DES, such as the
following:
Mathematical testing.
Detailed analytical procedures.
Comparison of separate databases.
Aging of data.
Exception reporting.
Sampling.
Graphing of results.
909.4 When an auditor hears that DES allows auditing with the computer, the natural question is, What does that do for
me? DES offers the following benefits:
Improved audit efficiency.
Better quality audits.
Improved opportunities to offer new consulting services.
909.5 Improved Audit Efficiency. In many cases, automated procedures are simply more efficient than manual procedures,
especially when the clients data files are large. DES enables auditors to automate many of the traditional rote, mundane
auditing procedures that are typically performed by auditors. Use of DES should improve efficiency for the following reasons:
Manual, Labor-intensive Tasks Can Be Performed Much More Quickly. Data extraction software can quickly check
the mathematical accuracy of schedules, stratify information for scope testing (such as listing out all items over a set
dollar amount), match subsequent cash receipts against individual receivable balances, and other labor-intensive
procedures.
Less Time Spent on Selecting Samples. Data extraction software allows auditors to automatically generate samples.
For confirmations, the sample items can quickly be downloaded into a word processing document for quick
production of confirmations and mailing labels with less opportunity for error. For other samples (such as inventory
price tests), the sample items can be downloaded into a spreadsheet (thereby eliminating the need to rekey data).
Exhibit 9-7 presents some examples of the automated equivalents of manual audit procedures that are commonly performed
during an audit.
Exhibit 9-7
Automated Equivalents of Manual Audit Procedures
Manual Audit Procedure Automated Audit Procedure
1. Test the mathematical accuracy of a
computerized report on a sample basis.
1. Foot and recalculate the entire file.
2. Vouch payroll rates to supporting
documentation.
2. Compare payroll rates between human
resource and payroll files.
3. Scan accounts receivable reports for unusual
items.
3. Extract all customers with net credit balances,
isolate all related-party balances, and
summarize by customer all credits after year
end that relate to year-end receivables.
4. Manual sample selection and confirmation
request creation.
4. Automated sample selection and
confirmation request creation.
5. Analytical procedures calculated manually at
a very aggregated level.
6. Automated analytical procedures calculated
at a very detailed level.
* * *
909.6 DES can be used throughout the audit to perform tests of controls, analytical procedures, or tests of details of
transactions or balances. Paragraph 909.49 lists examples of specific procedures that can be performed by DES.
909.7 Better Quality Audits. Auditing through the computer is a benefit because it enables auditors to do things they could
not do otherwise. For example, certain types of computer controls are programmed controls that may be difficult or
impossible to test with manual procedures. Using DES, auditors can employ a number of techniques to test those controls.
For example, if a billing system has a programmed control that will not create a sales invoice without entering a shipping
document number, the auditor can use DES to search for any sales invoices in the current year file without shipping
document numbers.
909.8 Sometimes, clients perform substantially all of their activities and maintain substantially all of their information
electronically. AU-C 500, Audit Evidence (AU-C 500.A12.A13), describes those situations this way:
The nature and timing of the audit procedures to be used may be affected by the fact that some of the
accounting data and other information may be available only in electronic form or only at certain points or
periods in time. For example, source documents, such as purchase orders and invoices, may exist only in
electronic form when an entity uses electronic commerce or may be discarded after scanning when an
entity uses image processing systems to facilitate storage and reference.
Certain electronic information may not be retrievable after a specified period of time (for example, if files are
changed and if backup files do not exist). Accordingly, the auditor may find it necessary, as a result of an
entitys data retention policies, to request retention of some information for the performance of audit
procedures at a later point in time or to perform audit procedures at a time when the information is available.
In those situations, using DES may be the most cost-effective way to apply certain audit procedures.
909.9 Besides allowing more procedures, DES gives auditors more flexibility in determining the timing of their procedures.
For example, controls could be monitored continually throughout the year, which may not be cost-effective using manual
audit procedures. Exception reports could be processed at interim points throughout the year to monitor key controls or risks.
909.10 Traditionally, the auditor has applied substantive tests only to a portion of the clients transactions and records. For
example, the auditor would typically manually test the pricing of selected items comprising the clients inventory. Also, manual
analytical procedures may be applied at an aggregated level because that is the most cost-effective approach.
909.11 DES improves the cost-effectiveness of many audit procedures. In many situations, the time incurred to apply audit
procedures to 100% of the records in a clients data file using DES may be less than testing a sample of the records manually.
Likewise, analytical procedures can be performed at a very detailed level as easily as at an aggregated level. The result is a
higher level of precision in applying those audit procedures. The following are some other examples of increased audit
precision:
Comparisons. Comparing old computer system closing balances to new computer system opening balances during
a computer conversion or comparing the current year balance of each fixed asset to its prior year balance.
Analytical Procedures. Calculating differences between individual inventory parts or stratifying customer sales.
Recalculations. Recalculating depreciation, royalty, or interest expense on each applicable asset or liability and
isolating exceptions.
Exception Reporting. Detecting inventory parts not used in a specified time period or detecting inventory items with a
unit cost that is significantly different from a comparable items unit cost.
909.12 Increased Opportunities to Offer New Consulting Services. The capabilities of DES can provide opportunities for
selling consulting or other services to existing and prospective clients. Examples of additional services that may be provided
using DES include the following:
Fraud Audits. DES can be used to compare employee addresses to vendor addresses in order to identify potential
fraudulent disbursements.
Cash Management Reviews. DES can be used to identify duplicate payments, financial discounts not taken, interest
lost for paying invoices too early, etc.
Internal Audit Outsourcing Engagements. Data extraction software can continuously monitor client information
through periodic downloads.
Business Process Reviews. Data extraction software can pinpoint areas where large quantities of data are being
processed inefficiently.
Litigation Support. DES can be used in any part of litigation support that requires the analysis of data.
Data Conversions. Data extraction software delivers the power of a mainframe with the ease of use of a personal
computer. This comes in handy when converting data from various computer systems. As discussed further in this
section, data extraction software can handle data from all sources.
909.13 The authors believe that DES can benefit most CPA firms that conduct audits. However, DES is more cost-effective for
some engagements than others. Thus, it is prudent to evaluate the pros and cons of DES before implementing it on a
particular engagement.
909.14 Cautions for Using DES. As previously mentioned, DES is better suited to some situations than others. Factors that
may influence the decision to use DES on a particular engagement include the following:
Cost.
Access to client data.
909.15 Cost. Before deciding to use DES on a particular engagement, the auditor needs to assess the initial costs associated
with using DES for the first time. Initial costs include the cost of setting up the DES to read the clients data, setting up the
procedures to be applied, and setting up the reports to be produced. These costs are generally incurred only in the first year
that DES is used on an audit engagement. For subsequent engagements, the costs of using DES are minimal unless the
client changes the file structure of the data files used for DES.
909.16 Access to Client Data. Clients sometimes do not understand the need for auditors to download data files from their
computer systems. Thus, auditors often need to take an active role in identifying the files and data necessary to apply the
DES procedures. They need to also be able to set up the DES to read the clients data and interpret it properly. Factors to
consider relating to access to the clients data include the following:
Can all of the relevant client data be obtained in a form that can be read by the DES?
Do the client and auditor have the equipment and software needed to transfer the clients data to the DES
computer?
Will the appropriate client personnel be available to assist in transferring the data?
909.17 In assessing the cost-effectiveness of DES, auditors may wish to try out the software before purchasing it and
incurring the necessary training costs. The software vendors will generally provide copies of their software for evaluation
purposes. However, it may be difficult to accurately assess DES without adequate training. Thus, the auditor may wish to
obtain some training before evaluating the software. As an alternative, some firms outsource the processing of data to firms
that provide DES services. (See the discussion beginning in paragraph 909.56.)
Process of Using DES
909.18 Although DES may be used in many ways on an audit, there is a basic process that is followed any time it is used.
Exhibit 9-8 provides an overview of the basic steps to using DES on an audit.
Exhibit 9-8
Using DES on an Audit
* * *
909.19 Planning for the Use of DES. To effectively and efficiently use DES, the auditor needs to plan how it can best be
used on the audit well before the start of the engagement. The auditor needs to identify the specific risks to be addressed and
decide which capabilities of DES can respond to those risks. The authors caution against producing reports using DES just
because the access to the data and the production of the reports is easily accomplished. The most effective way to guard
against this is to document what audit objective the production of the report satisfies. Those decisions are based on the
cost-benefit of the procedures, as discussed in paragraph 909.15.
909.20 Obtaining Data from the Client. The auditor can meet with the appropriate client personnel (generally the primary
contact for the audit and a key contact in information systems) to make arrangements to obtain copies of the specific client
data based on the desired reports identified in the planning stage. Matters to be discussed include the following:
Specific data needed.
Type of data file needed and format.
Record layout of the file.
Supporting information needed to verify data.
Timing and method of transmitting the data.
When using client data files to perform automated audit procedures, it is important to note that the auditor ought to work with
copies of the data files, not the original data files.
909.21 The auditor may wish to follow up the meeting with a letter confirming the arrangements agreed to. ASB-CL-12.5
provides a drafting example.
909.22 Type of Data File Needed and Format. Most data extraction software can access a wide range of file types. However,
the auditor needs to know which type he or she will be receiving to appropriately plan for the use of DES. Some files are
easier to work with than others. The easiest are raw data files. The most difficult are print files. Both are usable; however, the
print file may take longer to import into the audit software. In addition, some print files are not formatted in a way that makes
them easily accessible by DES. Personal computer files can usually be imported into DES; however, there is a wide variety of
possible formats. Most DES products available today can work easily with the following types of data files:
dBase (.dbf),
ASCII fixed length or delimited,
EBCDIC fixed length, and
files created in Excel, Lotus, or Access.
Based on the auditors knowledge of the clients system, he or she can request a file type the client can provide that is easiest
for the auditor to work with.
909.23 Record Layout of the File. After requesting data, the auditor may receive a direct file download that contains no
column headings, no column delimiters, and no way of determining the fields included in the data. Accurate record layouts
are needed for the auditor to understand the record type and length and define the data fields to the audit software. The
record layout also enables the auditor to quickly determine whether all requested data elements have been provided. The
record layout should indicate the starting position, length, and format (for example, character or numeric) for each field in the
record. A description of the contents of each field is also useful. The auditor will also need an explanation of any coding
structures (such as location or transaction codes) within the data.
909.24 For example, a data record from an accounts receivable file might appear as follows:
122599A14798453578XYZ Plumbing 1049.27
To make sense of the data, the auditor needs a record layout from the client that enables the auditor to identify each data field
and define the file to the audit software. A sample record layout for the illustrated accounts receivable record is provided in
Exhibit 9-9.
Exhibit 9-9
Sample Record Layout for an Accounts Receivable File
Raw data record:
122599A14798453578XYZ Plumbing 1049.27
Record layout:
Field Name
Starting
Byte Position
Field Length
in Bytes Field Type
Invoice date 1 6 Date
Invoice number 7 8 Character
Customer number 15 4 Character
Customer name 19 20 Character
Invoice amount 39 12 Numeric
Based on the record layout, the raw data record reads as follows:
Invoice Date Invoice Number Customer Number Customer Name Invoice Amount
122599 A1479845 3578 XYZ Plumbing 1049.27
* * *
909.25 In many cases, the DES recognizes the data columns and makes it easier for the auditor to define the data. In
addition, the DES may contain a data import utility that walks the auditor through the process of defining the data. For certain
file types (for example, dBase files), the record definition is contained in the data file itself and can be read directly by the
DES. However, a description of the contents of each field and coding structures is still needed. Once the auditor has defined
a file, the next time an identical download is requested, the auditor may be able to copy that definition into the new file without
having to repeat the file definition process.
909.26 Supporting Information Needed to Verify Data. It is imperative that the auditor receive supporting information to verify
the completeness of the data. That usually means obtaining record counts or control totals of significant numeric fields. The
auditor also can request a printout of a selected number of records (for example, the first 100) for verification of the data.
Without verification, the auditor is assuming the data is accurate and complete and it may not be. Periodically, the auditor may
receive a download that is incomplete, contains duplicate data, or is as of the wrong date. All of those errors will affect the
performance of planned audit procedures. The data request ought to specify the supporting information needed to verify the
data files. When the data is received, the auditor needs to make sure the client provided the necessary documentation.
909.27 Method of Transmitting Data. There are many ways to transfer data to a DES computer, depending on the equipment
of the client and auditor. Examples of possible data transfer methods include the following:
Email.
CD-ROM.
Tape.
High storage disks (such as DVDs and other optical disks).
FTP or network transfers.
Flash drives (USB devices).
Flash memory cards (such as SD cards).
909.28 DES can read data files from almost any computer system. Also, popular DES software packages (discussed in
paragraph 909.53) can use ODBC technology to download client data directly from any compliant database system with
minimal assistance from client personnel.
909.29 Security is important for all data transmission methods, especially email. The auditor can use encrypted files or
passwords to access the data. The record layout may also be emailed; however, the authors recommend that it be sent in a
separate email so the risk of someone obtaining both is reduced. Auditors can also have the client hand deliver the data files
on a removable storage device. After transferring the data to the auditors computer, the auditor can delete the information
from the removable storage device. In addition, once the information is resident on the auditors computer, he or she needs to
make sure the new files are backed up and secured.
909.30 If data is transmitted using CD-ROM, software may be needed to compress files to reduce the number of CDs. Not
only does the host need the software, so does the auditor. Usually, CD-ROM is a safe method for transmitting data since it is
more secure than email. Whatever method of data transmission is chosen, the auditors written request can specify the
medium to be used.
909.31 Sometimes, the client may be reluctant to provide data files to the auditor, especially if this has not been done in prior
audits. In that case, the auditor needs to be prepared to explain how providing this data can benefit the client (for example,
fewer demands on the client for reports or preparing confirmation requests).
909.32 Another issue that may arise is the availability of the clients data. The client may not normally retain all the transaction
histories or other data that might be needed to perform the planned automated audit procedures. In those cases, the auditor
would consider whether the client can make special arrangements to provide that data. If not, the auditor may need to revise
the planned audit procedures.
909.33 Corroboration of Client Data. It is important to corroborate client data before processing it. There are two reasons
for this. First, the auditor needs to confirm that the data file received from the client is complete, accurate, and not subject to
client manipulation during the transfer process. Second, the auditor needs to ensure that the data has been read correctly by
the DES. For example, if the auditor is using DES to compare year-end inventory quantities to annual usage in order to test for
obsolescence, the auditor needs to make sure that the file being used for inventory quantities reconciles to the general ledger
balance for raw material inventory.
909.34 In addition, when applying automated audit procedures, it is easy for auditors to inadvertently rely on computer
information without sufficient testing. Remember that the client data file being used is merely part of the clients accounting
records. As such, the data cannot be considered sufficient evidential matter without corroboration. Before applying automated
audit procedures to client data, it is important to take steps to ensure that the auditor is working with the intended data and
that the data is valid. Procedures such as the following need to be performed in order to test the validity of the data before
performing automated procedures:
Compare the information in the data file to a printed report.
Compute totals for key data fields and compare them to client control totals.
Select a sample of data items and agree them to supporting documentation.
909.35 The corroboration of data cannot be stressed enough. An auditor would not want to find out, after using DES to
efficiently (a) select a sample of accounts receivable, (b) merge the sample with the customer address file, (c) merge the
information into a word processing program, and (d) print the confirmations, that the data file used was as of 10/31/XX instead
of the intended confirmation date of 12/31/XX. Therefore, adequate procedures to corroborate the validity of the clients data
file are crucial.
909.36 Processing of Data. After determining that the data file is accurate and complete, the auditor can apply the planned
automated procedures. The case study at paragraph 909.43 illustrates this process.
909.37 While the best effort is made to identify the uses for DES during the planning stage, the auditor needs to be prepared
to perform additional testing if the results warrant it. For example, the auditor may have planned to use DES to review journal
entries made during the year for large or unusual transactions. As part of this analysis, the auditor decided to summarize all
journal entries by general ledger account number and noticed journal entries made to some accounts that have an automatic
interface with their subsidiary ledger (for example, transactions processed by the accounts receivable module are
automatically interfaced with the general ledger). The auditor investigates why journal entries are being made to an account
that should have an automatic interface. Thus, DES can be used by the auditor to retrieve and analyze data; however,
additional audit procedures may still be necessary after processing the DES report.
909.38 After the automated procedures are completed, the auditor assesses the results of those procedures. First, the
auditor considers whether:
there were an unusual number of exceptions or unusually large differences from expectations. If so, the auditor
considers whether the DES read the data correctly (as discussed beginning at paragraph 909.33).
the automated procedures are properly designed. For example, if a sample of items was selected, the auditor
considers whether the sample appeared to be selected properly so that a representative sample was achieved. If
confirmations were prepared, the letters need to be reviewed for accuracy.
909.39 When the auditor is satisfied that the automated procedures were appropriately applied, the audit implications of the
results are considered. Any exceptions, significant differences, etc., are investigated like those arising from manual audit
procedures.
909.40 Documentation of DES Procedures. To maximize their benefit as audit evidence, automated procedures should be
documented. The documentation typically includes at a minimum the following:
Client contact information.
Computer system information.
Description of client data files.
Procedures performed to corroborate the clients data files.
Description of the automated procedures (including their objectives).
Results of the automated procedures, including any reports or other output produced.
Conclusions about the audit objectives.
Suggestions for next year.
909.41 The auditors objective in preparing documentation is to ideally provide enough information for the auditor or a
reviewer to replicate the procedures performed and their results and to provide information about the validity of the testing
approach in accomplishing the audit objectives. This can often be accomplished with a combination of summary memos and
computer-generated reports and other electronic documentation (such as electronic logs of procedures performed and
copies of the data files used). Many DES products contain features to help produce this documentation. In addition, the Data
Extraction Software Analysis Documentation Form at ASB-CX-11.5 is a form that auditors may use to document their
automated audit procedures performed using DES.
909.42 Like all audit procedures, the performance of the automated audit procedures and the documentation of their results
should be reviewed in accordance with firm policies and auditing standards. Section 1811 discusses workpaper review in
more detail.
Case StudyReceivables Existence Testing
909.43 The following paragraphs present a case study on the use of DES. This case study illustrates some of the capabilities
of DES that might be useful on an audit. The case study is not intended to present a standard or recommended DES audit
strategy. Auditors need to design their automated audit procedures based on the circumstances of the engagement.
909.44 Receivables Existence Testing. An auditor is performing an audit of year-end accounts receivable with a year-end
balance of $14,460,000 (consisting of 57,774 invoices). She decides to use DES rather than manual procedures because of
the large volume of invoices. She performs an analytical procedure to stratify the receivables invoices. The results of the
stratification are shown in the graph in Exhibit 9-10.
Exhibit 9-10
Sales Invoices by Dollar Range
* * *
909.45 By reviewing the stratification, the auditor notices that more than 48,000 invoices (the bar to the extreme left on the
graph) comprise only $1,000,000 of the closing receivables balance while 263 invoices (all invoices over $100,000) comprise
almost 50% of the open receivables balance.
909.46 With further analysis, the auditor notes that 64 of the 263 invoices over $100,000 comprise 45% of the open
receivables balance. She decides to test these receivables and select a sample of 27 additional items from the remaining
population (calculated using ASB-CX-8.2). DES is used to extract both the 64 high-dollar and 27 random items. The auditor
then uses the compatibility of Microsoftr Word and Microsoftr Excel to print the necessary confirmation forms.
909.47 After one month, 40 confirmation replies have been received. The auditor decides to compare the remaining 51 items
to cash receipts for the subsequent period. She obtains a cash receipt file for the two months after year end and uses DES to
compare that file to the year-end receivables file. (The auditor had tested the completeness and accuracy of the cash receipts
file.) Using this automated approach, it is determined that 47 of the 51 receivables items were paid, leaving only four invoices
to be tested using manual procedures.
909.48 Testing the existence of receivables required 38 hours in the prior year (with manual procedures) but only 18 hours in
the current year (with DES). Aside from the hourly decrease, more coverage of the audit balance was obtained in the current
year and client service was enhanced since the client did not have to produce confirmation requests. Exhibit 9-11 illustrates a
completed Data Extraction Software Analysis Documentation Form (ASB-CX-11.5) for this case study.
Exhibit 9-11
Illustrated Documentation for DES Procedures
Company: ABC Manufacturing Company Balance Sheet Date: 6/30/XX
Completed by: JR Debbitt Date: 7/21/XX
Instructions: This form may be used to document the use of data extraction software (DES) to perform
automated audit procedures. DES is most effectively and efficiently used when its use is planned before the
engagement starts. The auditor identifies the specific objectives to be addressed and decides which DES
capabilities can efficiently satisfy those objectives. The decision to use DES is ordinarily based on the
cost/benefit of the procedures. Section 909 discusses using DES.
CLIENT CONTACT INFORMATION
Name: Joe Smith Title: Controller
Phone Number: (703) 555-5555 Email Address: Joe@ABCManuf.com
SYSTEM INFORMATION
Type of computer system: Dell Pentium III, 500 MHz server, Windows NT 4.0, 10 users ( 5 users have access to accounting
applications)

Accounting software: MAS 90, version 3.3 (General Ledger, Accounts Receivable, Inventory, Accounts Payable, Payroll, Sales
Order Processing, Purchase Order Processing)

DES TIME REQUIREMENTS
Budget Actual
Planning 3.0 2.5
Data transfer 2.0 2.5
Corroboration of data 1.0 1.0
Processing of reports 2.0 1.5
Documentation of results 1.0 1.0
Total 9.0 8.5
Explanation of budget variances: No significant variances.

SUGGESTIONS FOR NEXT YEAR
Obtain the A/R file and C/R file in database format next year instead of print report file format. This can be done per discussion
with Joe Smith, controller. The names of the files are ar630.dbf and julcr.dbf.

AUDIT OBJECTIVES AND DATA PROVIDED BY CLIENT
Audit
Area
Audit
Objective
Reports
Produced
Data File
Name
Description of
Data File Content
Data File
Type
Method of
Data File
Transfer
Data
Corroboration
Procedures
Accounts
Receivable
Existence Stratification of A/R AR630.prt Accounts
Receivable Detail as
of 6/30/XX
Print
Report
Zip Disk Compared report
total to general
ledger. Agreed a
sample of 10
invoices to support.
Accounts
Receivable
Existence Confirmation
Selection &
Confirmation
Production
Master.dbf Customer Address
Master File
Data
Base
Zip Disk Compared five
customer addresses
to year-end printed
statements.
Accounts
Receivable
Existence/Valuation Comparison of
Subsequent Cash
Receipts to Year-end
A/R
JulXX
CR.prt
Cash Receipts for
July XX
Print
Report
Zip Disk Selected a sample of
10 C/R and agreed
to bank deposit slip.
* * *
Examples of Opportunities to Use DES
909.49 DES is an extremely powerful tool that can be used on an audit engagement to improve efficiency, quality and client
service. The number and types of uses for DES are only limited by the innovation of a particular audit engagement team.
Although not intended to be all inclusive, Exhibit 9-12 lists some examples of how DES can be used in an audit.
Exhibit 9-12
Common Uses for DES in an Audit
Cash
Extract cash disbursements by vendor or supplier name to identify disbursements made to unusual vendor addresses,
such as mail drops, and paid vendor invoices that have the same names, addresses, or phone numbers as employees.
Identify duplicate checks.
Identify activity in long-dormant bank accounts.
Accounts Receivable
Compare accounts receivable customer balances to the prior year by customer.
Calculate days sales outstanding by major customer category.
Compare cash receipts in subsequent period to year end accounts receivable balance.
Select and list accounts over a specified dollar amount and past due more than a specified number of days.
Select a sample of accounts receivable invoices to confirm and prepare confirms.
List out all credit balances.
List out credit memos issued after year end.
Recalculate the aging of accounts receivable.
Identify slow billinglag between shipping date and invoice date.
Inventory
Compare the current year inventory file with the prior year and list the items with unit costs greater than a specified dollar
amount or percentage.
Recalculate extended prices for all inventory items.
Scan the inventory tag listing and identify any missing or duplicate numbers.
Select a sample of inventory items for price testing.
List any inventory items where the inventory cost exceeds the net realizable value.
Compare the year-end inventory unit cost to the most recent purchase price.
Compare current versus prior years unit cost for all inventory items.
Compare ending unit costs versus subsequent sales.
Compare ending inventory quantities to current year usage.
Calculate inventory turnover (in total, by product, by location).
Property
Recalculate depreciation expense.
Compare useful lives by asset category.
Identify assets with useful lives or depreciation rates exceeding specified criteria.
Select (randomly or on a specified basis) assets for physical inspection.
Accounts Payable/Cash Disbursements
Identify cash disbursements over a specified dollar amount.
Compare year end accounts payable by vendor to the prior year.
Identify credit memos issued after year end.
Identify related party payables.
Identify debit balances.
Age the accounts payable detail.
Identify duplicate checks written.
Identify gaps between checks written.
Sort cash payments by vendor and analyze to see if many small payments are made and to see if vendors are being
paid too quickly or if a credit card system should be employed.
Income Taxes
Calculate tax provisions.
Compare book and tax depreciation.
Reconcile taxes to taxable income and statutory tax.
Income and Expenses
Calculate and sort percentage variances in accounts between periods.
Calculate ratios between expense accounts and base amounts such as sales, inventory.
Summarize and print payroll by specified criteria for review purposes.
Identify changes in gross pay, hourly rates, salary amounts, etc.
Summarize costs for overtime.
Compare time card rates and pay to payroll and indicate variances.
Tests of Controls
Select samples for tests of controls (for example, cash disbursements and payroll transactions).
Extract all user accounts with high level security access. (This will identify users with high level access for review and
determination of whether the access is warranted.)
Extract particular error codes in system log reports. (This will identify errors that should have a heightened review by
management.)
Extract unusual time of access in order to review for unusual access granted after normal working hours.
General Ledger
Identify large/unusual journal entries made during the year.
Calculate and sort percentage variances in accounts between periods.
Calculate financial ratios (and changes) for sales/assets, debt/equity, etc.
Fraud Tests
Classify the vendor master file changes by approver.
Compare addresses per payroll file to addresses per vendor file for identification of possible unauthorized vendors.
Compare checks paid per bank records to those per companys check register.
Compare current year to prior year vendor master file to detect additional/deleted vendors.
Compare names per payroll file to names per vendor file for identification of possible unauthorized vendors.
Compare phone numbers per payroll file to phone numbers per vendor file for identification of possible unauthorized
vendors.
Extract all invoices over X% of the average invoice for the vendor.
Extract payments to related parties using a key word search in the vendor master file.
Identify large/unusual journal entries made during the year.
* * *
909.50 Essential Uses of DES. AU-C 240 requires the auditor in every audit to examine journal entries and other
adjustments for evidence of possible misstatement due to fraud. In todays complex computerized environments, reviewing
the general ledger for nonstandard journal entries has changed significantly from years ago when the general ledger could be
manually scanned. There may be no practical substitute for using DES to identify significant or unusual entries for additional
evaluation.
Requirements of DES
909.51 The decision to use DES requires an investment in technology and training. Perhaps more importantly, it requires a
change in the auditors perspective. Traditionally, auditors have focused on printed reports, manual controls and procedures,
and tests designed with limited precision. With DES, the auditor focuses on client data, automated controls and procedures,
and tests with high levels of precision. The following paragraphs discuss the key factors auditors consider in deciding whether
the investment and changes in approach are worthwhile.
909.52 DES Requirements. As previously noted, using DES requires an investment in software, computer equipment, and
training. Those requirements are discussed in more detail in the following paragraphs.
909.53 Software. The two leading DES products are IDEAt and ACL.t Exhibit 9-13 presents purchase information for
IDEAt and ACL.t Both are well-regarded and widely used.
Exhibit 9-13
ACLt tt t AND IDEAt tt t
ACLt tt t Audit Exchange Interactive Data Extraction & Analysis (IDEAt tt t)
Organization Organizations
ACL Services Ltd.
Phone: (888) 669-4225
Email: sales@acl.com
Fax: (604) 669-3562
www.acl.com
CaseWare International Inc.
www.caseware.com
Audimation Services, Inc.
Phone: (888) 641-2800
Email: info@audimation.com
Fax: (281) 749-0205
www.audimation.com
* * *
909.54 Computer Equipment. Exhibit 9-14 presents the minimum system requirements for the latest versions of ACLt and
IDEA.t
Exhibit 9-14
System Requirements for ACLt tt t and IDEAt tt t
ACLt tt t IDEAt tt t
Operating System Windows XP (SP3)/Vista Ultimate
Edition (SP3)
Windows 2000 (SP4)/XP (SP2 or
above)/Vista/Windows 7
Processor Pentium 1.8 GHz or faster Pentium 1.2 GHz
Memory 1 Gb RAM 1 Gb RAM
Hard Drive Capacity Application components and data
files150 GB
300 Mb hard disk
Other Internet Explorer 7.0 or higher. DVD
Drive. TCP/IP connectivity.
* * *
909.55 Other equipment may also be needed depending on how the auditor plans to transfer client data onto the DES
computer. For example, the auditor may need a high capacity portable drive, tape drive, modem, or network card, depending
on how the data will be transferred.
909.56 Training and Other Costs. Over the years, DES has become increasingly easy to learn and use. However, proper
training can help auditors maximize the benefits of DES and facilitate its implementation. In that training, the auditor will learn
efficient techniques for structuring audit applications and accessing the clients data. Proper training typically includes
modules on the following:
Formalizing a data request.
Understanding data formats on various computer systems.
Transferring data to personal computers using various media.
909.57 Many firms prefer to designate certain individuals to be responsible for using DES in their respective firms. Other firms
provide general training to several firm members or staff and more intensive training to selected persons. In all situations, the
practicality of using DES depends on the availability of the firms DES personnel.
909.58 In some cases, it may be useful to engage specialists to assist in the use of DES. Such assistance usually takes the
form of vendor technical support in exporting information from a certain software package to a computer-readable form. This
assistance could also take the form of a data conversion expert who could assist in downloading data to a tape cassette or
reel for conversion into a PC-readable format.
909.59 Auditors who are interested in training or specialist assistance can contact the DES vendor or AuditWatch for those
services. AuditWatch also provides outsourcing services, whereby they will apply the DES procedures for audit firms. For
more information, contact AuditWatch at (800) 775-9866 or www.auditwatch.com.
910 INITIAL ENGAGEMENTS AND REAUDITS
910.1 This section explains the planning, and some aspects of performance, of audit procedures in an initial engagement.
Chapter 2 explains the pre-engagement activities in an initial engagement of accepting a new client and establishing the terms
of the engagement. These activities include communication with a predecessor auditor concerning management integrity or
disagreements with management on significant accounting or auditing matters. (In some cases, the communication may be
made when proposing for a potential new client. See section 202.) Chapters 3 and 4 explain risk assessment procedures and
the development of audit plans for an initial or a continuing engagement.
910.2 This section focuses on the audit procedures in an initial engagement that should be added to the core procedures.
Chapters 10 through 17 explain efficient and effective approaches to the common audit areas in a continuing audit
engagement. In an initial engagement, additional procedures are necessary in most of these areas. This section explains the
considerations involved in the selection of additional procedures in the variety of circumstances that may exist in an initial
engagement. This section also addresses the responsibilities of a predecessor auditor in connection with the reissuance of
his or her report in comparative financial statements.
910.3 Objectives. The objectives of the auditor with respect to opening balances in an initial audit engagement, including a
reaudit, are to obtain sufficient appropriate audit evidence about whether:
Opening balances contain misstatements that materially affect the current periods financial statements.
Appropriate accounting policies reflected in the opening balances have been consistently applied in the current
periods financial statements or changes in policies are appropriately accounted for and adequately presented and
disclosed.
The objective of the predecessor auditor when a predecessors report is reissued in comparative financial statements is to
perform specified procedures to determine whether the previously issued report is still appropriate.
Exhibit 9-15
Requirements for Initial Audits, Reaudits, and Reissuance of a Predecessors Report
Effective for Audits of Periods Ending on or after December 15, 2012
AU-C
Reference
Guide
Reference
Practice
Aids
Opening Balances in Initial Audits and Reaudits
Read the most recent financial statements and the predecessor auditors
report for information relevant to opening balances, disclosures, and
consistency.
AU-C 510.06 ASB-IA-1
Request management to authorize the predecessor auditor to allow a
review of the predecessors audit documentation and to respond fully to
the auditors inquiries.
ASB-CL-13.1
ASB-CL-13.2
ASB-CL-13.3
Obtain sufficient appropriate evidence about whether the opening
balances contain misstatements that materially affect the current periods
financial statements by
Determining whether the prior periods closing balances have been
correctly brought forward to the current period or, when appropriate,
restated.
Determining whether the opening balances reflect the application of
appropriate accounting policies.
Evaluating whether audit procedures performed in the current period
provide evidence about the opening balances and performing one or
both of the following:
When the prior years financial statements were audited,
reviewing the predecessors audit documentation to obtain
evidence about opening balances.
Performing specific audit procedures to obtain evidence about
opening balances.
through
ASB-IA-13
If the opening balances contain misstatements that could materially affect
the current periods financial statements, perform additional procedures to
determine the effect.
If such misstatements exist, communicate them to the appropriate
level of management and those charged with governance.
If the prior period was audited by a predecessor, follow the guidance
in AU-C 510.12 .13 for financial statements reported on by a
predecessor that may require revision.
Obtain sufficient appropriate evidence about whether:
Accounting policies reflected in the opening balances have been
consistently applied.
Changes in accounting policies have been appropriately accounted
AU-C
Reference
Guide
Reference
Practice
Aids
for and adequately presented and disclosed.
If the predecessors opinion was modified, evaluate the effect of the matter
when assessing the risks of material misstatement of the current periods
If information obtained during the current audit indicates financial
statements reported on by a predecessor may require revision
Request management to inform the predecessor and arrange for all
three parties to discuss and attempt to resolve the matter.
Communicate to the predecessor information the predecessor may
need to consider to meet its responsibilities for subsequently
discovered facts.
If management refuses to inform the predecessor that the prior period
financial statements may require revision, or if not satisfied with the
resolution of the matter, evaluate the implications for the current audit and
whether to withdraw from the engagement, or, if withdrawal is not possible
under applicable law or regulation, disclaim an opinion.
Do not make reference to the report or work of the predecessor auditor as
the basis, in part, for the opinion on the financial statements.
this Guide
a
If unable to obtain sufficient appropriate evidence about opening
balances, express a qualified opinion or disclaim an opinion on the
this Guide
a
If the opening balances contain a misstatement that materially effects the
current periods financial statements, and the effect is not appropriately
accounted for or disclosed, express a qualified opinion or an adverse
opinion on the financial statements.
this Guide
a
If the current periods accounting policies are not consistently applied in
relation to opening balances or a change in accounting policies is not
appropriately accounted for or disclosed, express a qualified opinion or an
adverse opinion on the financial statements.
this Guide
a
Modify the opinion on the current periods financial statements if a
modification of opinion in the predecessor auditors report remains
relevant and material to the current period.
this Guide
a
Predecessor Auditors Requirements When Reissuing Its Report
Before reissuing an auditors report on comparative financial statements,
perform the following procedures to determine whether the previously
issued report is still appropriate:
Read the subsequent period financial statements to be presented on
a comparative basis.
Compare the prior period financial statements on which the
predecessor reported with the subsequent period financial
statements to be presented on a comparative basis.
Inquire of, and request written representations from, management of
the former client at or near the reissuance date about whether (1) any
information has come to managements attention that would cause it
to believe its previous representations should be modified or (2) any
subsequent events have occurred that would require adjustment to,
or disclosure in, the prior period financial statements.
Obtain a representation letter from the successor auditor stating
whether its audit revealed any matters that might have a material
AU-C 560.19 ASB-CL-3.4
ASB-CL-13.6
AU-C
Reference
Guide
Reference
Practice
Aids
effect on, or require disclosure in, the prior period financial
statements.
If a subsequently discovered fact becomes known, apply the procedures
for subsequent discovery of facts after the report release date presented in
section 1818.
AU-C 560.20 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
Note:
a
PPCs Guide to Auditors Reports provides guidance and report examples for initial audits, including the type of opinion
that is appropriate when unable to obtain sufficient evidence about opening balances, when inconsistency exists, when
misstatements in opening balances materially affect the current periods financial statements, or when the predecessors
report is modified.
* * *
Audit Procedures in an Initial Engagement
910.5 The auditors additional procedures in an initial engagement usually fall into one or more of the following categories:
a. To obtain preliminary knowledge of the client, its business, its operating characteristics, and its internal control,
particularly its control environment and financial reporting system.
b. To assess the reasonableness of the opening balances of significant balance sheet accounts.
c. To obtain reasonable assurance of the accounting principles and their method of application in the prior year.
The auditor should always read the most recent financial statements and the predecessor auditors report, if any, for
information about opening balances, including disclosures, and about the consistency of application of accounting policies.
910.6 Preliminary Knowledge of Client. As explained in Chapters 2 and 3, pre-engagement activities and the risk
assessment procedures necessary to obtain an understanding of the client and its environment are usually more extensive
and time-consuming in an initial engagement. Naturally, the auditors knowledge increases as the engagement progresses.
ASB-CX-1.1, Engagement Acceptance and Continuance Form, provides information related to the auditors preliminary
knowledge of the client. The following practice aidsUnderstanding the Entity and Identifying Risks (ASB-CX-3.1),
Understanding the Design and Implementation of Internal Control (ASB-CX-4.1), and the Financial Reporting System
Documentation Form (ASB-CX-4.2)are useful in obtaining the initial understanding of the client and its environment,
including internal control, that is required by AU-C 315. Normally, these forms are completed in conjunction with applying the
relevant procedures noted in the General Planning Procedures audit program at ASB-AP-1. These forms are discussed in
Chapter 3.
910.7 The practice aids in your Guide provide a separate set of audit programs for initial audit engagements. The audit
program, Additional General Planning Procedures for an Initial Audit (ASB-IA-1), contains additional procedures that are
usually necessary during the pre-engagement and planning stages of the initial audit. The audit program, Additional Auditing
and Completion Procedures for an Initial Audit (ASB-IA-2) contains additional general procedures that are usually necessary
during the performance of the audit. As indicated in practical considerations at the related program steps, some of the
additional procedures apply both to replacing a predecessor auditor and to circumstances when there was no predecessor.
Other additional procedures apply only to replacing a predecessor or only when there was no predecessor. Other initial audit
programs (e.g., cash, accounts receivable, etc.) present additional procedures in two categorieswhen information from a
review of the predecessor auditors workpapers will be used as evidence for opening balances and when it will not be used.
The additional general procedures for initial audits are not divided in that way to permit separate decisions on individual
procedures (e.g., an auditor may wish to use information from a review of the predecessors analysis of minutes of directors
meetings of prior periods but make his own analysis of contracts and similar documents).
910.8 All of the additional general procedures for initial audits are extensions of core procedures and are applied in
conjunction with the core procedures. Initial audit procedures for beginning balances in other audit areas may be performed
in conjunction with the core procedures applied to the ending balance. The additional procedures are presented separately
rather than as part of the core procedures programs to permit flexibility in applying them to particular circumstances.
910.9 Opening Balances. In an initial engagement, the auditors objective is to obtain sufficient evidence about whether the
opening balances contain misstatements that materially affect the current periods financial statements. Normally, in most
engagements, there is no need for the auditor to express an opinion on the opening balances. Accordingly, the audit
procedures applied to opening balances are usually more limited than the procedures applied to the closing balances of the
current period.
910.10 Specific procedures that should be performed with respect to opening balances include all of the following:
a. Determining whether the prior period closing balances have been properly carried forward to the current period (or
when appropriate, have been restated). Generally, the auditor traces the opening balances in the current periods
general ledger to the prior periods closing balances that support the financial statements to ensure that the
balances were properly carried forward.
b. Determining whether the opening balances reflect the application of appropriate accounting policies.
c. Evaluating whether current period audit procedures provide evidence about opening balances.
d. Performing one or both of the following:
(1) Specific audit procedures directed at the opening balances.
(2) Reviewing the predecessor auditors audit documentation to obtain evidence about opening balances.
(Replacing a predecessor auditor is discussed beginning in paragraph 910.25.)
910.11 According to AU-C 510.A12, the nature and extent of audit procedures that are necessary depend on matters such as
the following:
a. Accounting policies followed.
b. Significance of opening balances relative to the current period financial statements.
c. Whether the prior period was audited and, if so, whether the predecessor auditor issued a modified opinion.
d. Nature of the account balances, classes of transactions, and disclosures, and the auditors risk assessment for the
current audit.
The authors approach for obtaining audit evidence about opening balances is discussed in the following paragraphs.
910.12 Nature of Opening Balances. The auditor focuses on the opening balances that affect the current periods ending
balances or that affect results of operations for the current period. The extent of additional procedures applied to the opening
balance depends on the extent to which items in the opening balance are also in the closing balance and on the audit
approach to the ending balance. This is especially true when the prior period financial statements were not audited or the
auditor will not use information from the review of the predecessors audit documentation as evidence. Generally, the account
balances that the auditor is concerned with will fall into one of the following categories:
a. All, or a substantial portion, of the ending balance is accounted for by the opening balance, and the audit approach
in a continuing engagement is to focus on the items that increase or decrease the opening balance to substantiate
the ending balance (e.g., property and equipment and owners equity).
b. All, or a substantial portion, of the ending balance is accounted for by the opening balance, and the audit approach
in a continuing engagement is to substantiate directly all or most of the items in the ending balance (e.g.,
investments in marketable securities, notes receivable, and notes payable).
c. The account balance turns over at least once each accounting period, and none of the items in the opening balance
are normally included in the ending balance (e.g., cash, accounts receivable, inventory, and accounts payable).
Naturally, the auditors additional procedures are most extensive for the first category and, if the auditor uses information from
the review of the predecessor auditors workpapers as evidence, the use of that information as evidence is normally
considerable. If the prior period was unaudited, the auditor may obtain evidence about this category of opening balances by
examining accounting records and other information underlying the opening balances, such as vendor invoices and cash
disbursement records. The auditors procedures are generally the least extensive for the second category because the audit
procedures applied to the ending balance (such as confirmation) also support the opening balance. For the last category,
the auditors primary concern is the effect of misstatement of the opening balance on the current periods operating results.
Audit evidence about this category of opening balances may be obtained from procedures performed in the current audit. For
example, collection of opening accounts receivable balances during the current period provides audit evidence about their
existence, rights and obligations, completeness, and valuation at the beginning of the period. In the case of inventory,
however, current period audit procedures generally provide little audit evidence about the opening balance. As a result,
additional audit procedures directed towards the opening balance of inventories ordinarily are necessary. Opening inventory
balances in an initial audit are discussed in paragraph 910.71.
910.13 With the passage of time, certain opening balances are more easily determinable. For example, after a year the
valuation of accounts receivable may be more certain. The adequacy of year end accruals and accounts payable liabilities
may be more easily evaluated if a year has passed.
910.14 Special Additional Procedures by Audit Area. For each of the balance sheet account categories (i.e., cash, accounts
receivable, etc.), additional audit procedures that are appropriate in an initial audit have been provided in ASB-IA-3 through
ASB-IA-13. The additional procedures are divided between those that apply when the auditor uses information from the review
of the predecessor auditors workpapers as audit evidence and those that apply when the auditor does not or cannot use
such information.
910.15 As explained beginning with paragraph 910.25, generally the decision to use information from a review of the
predecessor auditors workpapers as evidence is made by audit area (e.g., the auditor may decide to use information from his
or her review of the predecessors workpapers extensively in the inventory area, but not at all in the notes payable area).
910.16 Avoid Overauditing. The suggested additional procedures are designed to be efficient and effective in the
circumstances that exist for many businesses. The extensiveness of procedures varies with the normal effect of the opening
balance on the current financial statements, as explained in paragraph 910.12, and the resulting use of information from
review of the predecessor auditors workpapers that is necessary. One of the greatest sources of inefficiency in an initial
engagement is a more extensive review of a predecessors workpapers than is necessary to achieve the auditors objectives.
Simply because there are workpapers that can be reviewed, the auditor might do more work in an area than would be done if
the prior period financial statements were unaudited.
910.17 Misstatements in Opening Balances. If the opening balances contain misstatements that could materially affect the
current periods financial statements, the auditor should perform additional procedures to determine the effect of the
misstatements on the current periods financial statements. If the auditor determines that the current periods financial
statements are materially misstated, the auditor should communicate the misstatements to the appropriate level of
management and those charged with governance as discussed in section 1815. If the prior period financial statements were
audited, the auditor should ask management to inform the predecessor auditor and arrange for all three parties to discuss
and attempt to resolve the matter. If management refuses to inform the predecessor that the prior period financial statements
may require revision, or if not satisfied with the resolution of the matter, the auditor should evaluate the implications for the
current audit and whether to withdraw from the engagement or disclaim an opinion. The auditor may need to seek legal
advice when making that evaluation. The successor should also communicate information to the predecessor that the
predecessor may need to consider to meet its responsibilities for subsequently discovered facts (see section 1818).
910.18 Consistency. The suggested additional audit procedures for an initial engagement include procedures designed to
identify the accounting principles and methods of application followed in the prior period to permit the auditor to evaluate
whether there has been a change in accounting policies. Usually, there is no problem in identifying significant accounting
principles (e.g., inventory and depreciation methods). However, the auditor is also concerned with the methods of application
(e.g., expense accounts included in overhead and treatment of discounts and freight). Also, the auditor is concerned with the
year-end closing routines followed at the end of the prior and current periods because of the effect on current operating
results (e.g, the dates and methods of establishing cutoffs). If accounting policies changed in the current period, the auditor
should determine that the changes are properly accounted for and adequately presented and disclosed in the financial
statements.
910.19 There is very little guidance in authoritative literature about procedures for determining the consistency of application
of accounting policies for initial audits. In an initial audit, the auditor needs to adopt procedures that are practicable and
reasonable in the circumstances. Achieving assurance as to consistency is usually feasible when client records are adequate.
But, if a clients records are inadequate, an auditor usually cannot implicitly provide assurance on consistency and may have
difficulty doing sufficient work on beginning balances to express an unqualified opinion on the current years financial
statements. Essentially, an auditor only needs to be concerned that accounting records are kept in sufficient detail to permit
determination of what accounting principles and methods were used in the previous year and to permit the application of
certain auditing procedures to the opening balances. The extent of procedures necessary depends on whether the
engagement involves replacing a predecessor auditor or whether the client has never engaged auditors before.
910.20 Balance Sheet Only Initial Audit. The basic guidance in this Guide applies to an initial audit that is a balance sheet
only engagement. Since the auditors opinion will not address the income statement, the authors believe that the auditor may
not need to perform some or many of the procedures included in the income statement audit program. After performing the
risk assessment procedures and assessing the risk of material misstatement related to the balance sheet audit, the auditor
might conclude that the assessed risks at the relevant assertion level will be appropriately addressed through a selection of
basic or extended audit procedures from the applicable balance sheet audit programs along with the preliminary and final
analytical procedures in the General Planning Procedures and General Auditing and Completion Procedures programs at
ASB-AP-1 and ASB-AP-2. The auditor might consider some of the income and expense audit program steps if they address
risks at the relevant assertion level based on the assessed risks of what could go wrong relative to classes of transactions,
balance sheet accounts, and disclosures. For example, the auditor may determine that a risk exists for the property and
equipment accounts and decide that extended analytics and/or testing of repairs and maintenance expense accounts will be
performed.
Client Relations in an Initial Engagement
910.21 An initial audit engagement can be a particularly stressful time for client relations. If there was no predecessor auditor,
the clients personnel will not be familiar with the interruptions and inconvenience that normally occur during an audit. Also,
the audit staff will be unfamiliar with the accounting records and client operations. In these circumstances, it is worthwhile to
spend some extra time preparing the audit staff for the engagement.
910.22 Planning meetings can be used very effectively in an initial engagement to increase the staffs familiarity with the client
and to emphasize the importance of the initial impressions the staff makes on management and the client personnel who will
be involved in the audit. The partner responsible for the audit typically introduces the staff to client personnel at appropriate
levels. In addition, AU-C 240, Consideration of Fraud in a Financial Statement Audit and AU-C 315, Understanding the Entity
and Its Environment and Assessing the Risks of Material Misstatement, require that members of the audit team discuss the
susceptibility for material misstatement due to error or fraud as part of planning the audit. The standards indicate that key
members of the audit team should be included in the discussion.
910.23 Relations with management in an initial engagement deserve particular attention. The auditor should make sure that
management understands that audited financial statements are still the representations of management and that at the end of
the engagement a representation letter will be requested that acknowledges managements responsibility. Also, the need for
some procedures, such as obtaining written confirmations from customers and representations from attorneys, need to be
explained well before management is asked to sign the requests for such information.
910.24 In preliminary discussions with management, the auditor ought to explain the advantages of client assistance in
preparing detailed schedules for audit workpapers. This can be particularly important in an initial engagement because there
is generally a greater need for comparative schedules.
Replacing a Predecessor Auditor
910.25 AU-C 510 defines the term predecessor auditor as an auditor from a different audit firm who reported on the most
recent audited financial statements or was engaged to perform but did not complete an audit of the financial statements. That
may include an auditor who was engaged to perform an initial audit but did not complete the audit. It may also include an
auditor who was engaged subsequent to the most recent audited financial statements (that is, a successor auditor) who did
not complete the audit. In the latter case, there may be two predecessor auditorsthe auditor who reported on the most
recent audited financial statements and the successor auditor who did not complete the audit.
910.26 When a predecessor auditor has completed an audit of prior periods financial statements, it is usually efficient and
effective for the successor auditor to use information from his or her review of the predecessors workpapers to determine
how much evidence the successor needs to obtain to substantiate beginning balances. This avoids duplication of effort and
helps to keep the audit fee reasonable. Using information from a review of the predecessor auditoris workpapers as evidence
about opening balances is not required by professional standards because it is primarily a matter of audit efficiency. Also, no
reference to the predecessor auditor is appropriate in the audit report because the successor auditors responsibilities for
opening balances and consistency are not reduced. However, if the successor is to reaudit periods already reported on by
the predecessor, the successor auditor cannot use information from a review of the predecessor auditoris workpapers as
evidence. See the discussion beginning with paragraph 910.73 for guidance if the successor auditor has been engaged to
report on prior year financial statements that have already been audited and reported on by the predecessor auditor.
910.27 The first essential step when there is a predecessor is to ask management to authorize the predecessor to allow a
review of the predecessors audit documentation and to fully respond to the successor auditors inquiries. The authorization
should be requested for all predecessor auditors. However, when a predecessor did not complete an audit, the successor is
generally unable to use information from a review of the predecessors workpapers to provide evidence about beginning
balances or consistency. A drafting example of a client request for a predecessor auditor to release information is presented
at ASB-CL-13.1. In order to reduce misunderstandings about the scope of the authorization, the predecessor auditor might
request a consent and acknowledgment letter from the client. A drafting example of the consent and acknowledgement letter
is presented at ASB-CL-13.3.
910.28 After the clients authorization to communicate with the predecessor has been obtained, the auditor usually has the
following concerns:
a. Consideration of the predecessors independence and general competence.
b. Review of the predecessors audit workpapers overall and in detail for specific asset and liability accounts.
c. Consideration of the reporting options for the prior periods financial statements.
910.29 Consideration of Predecessors Independence and Competence. The auditors decision about whether to use
information from a review of the predecessor auditors workpapers as part of the auditors risk assessment procedures or as
evidence about opening balances is influenced by the auditors evaluation of the predecessors independence and
competence. Although the predecessor auditor is not a component auditor, as defined in AU-C 600, Special
ConsiderationsAudits of Group Financial Statements (Including the Work of Component Auditors), the auditor may make
inquiries similar to those listed in AU-C 600 (and discussed in section 904) about the professional competence and
independence of the predecessor auditor. These inquiries are not required of a predecessor. However, unless the
predecessor is well-known to the auditor, it may be prudent to find out about these matters. The review of the predecessors
audit documentation also provides information about the predecessors professional competence by demonstrating an
adequate understanding and application of auditing and other relevant professional standards and that the firm possessed
the special skills (for example, industry-specific knowledge or knowledge of relevant financial reporting and accounting
requirements) that were necessary to perform the audit.
910.30 Review of the Predecessors Workpapers. The primary purposes of the review of the predecessoris workpapers
are as follows:
a. Obtain information to assist in planning the audit. Information obtained from the review of the predecessors audit
documentation may assist the auditor in developing the audit strategy, making planning decisions, and developing
the audit plan. The review may serve as a risk assessment procedure for the current periods audit and provide
information relating to the understanding of the entity and its environment; identification of risks including fraud;
control deficiencies; material misstatements and significant audit issues identified by the predecessor; and other
matters useful in planning the audit. If the predecessor auditors report on the prior periods financial statements
contains a modified opinion, the auditor should evaluate the effect of the modification when assessing the risks of
material misstatement in the current period.
b. Obtain information to assist in performing the audit (that is, evidence about opening balances and the consistency of
accounting policies). In all initial audits, auditors are required to read the most recent financial statements, including
the predecessor auditors report, if any, to obtain information about opening balances, including disclosures, and
the consistency of application of accounting policies. In addition, the review of the predecessor auditors audit
documentation may be a source of audit evidence about opening balances.
910.31 Typically, the predecessor auditor permits the auditor to review audit documentation relating to planning; risk
assessment procedures; further audit procedures; audit results; and other matters of continuing accounting and auditing
significance, such as the analysis of balance sheet accounts, contingencies, and the schedule of uncorrected misstatements.
AU-C 510 does not require the predecessor to allow access to those listed workpapers. The extent of access to the
workpapers permitted by the predecessor is a matter of judgment. Reasons for not granting access could include pending
litigation or unpaid fees. However, any limitation or denial on the part of the predecessor would often affect the successors
risk assessment and the nature, timing, and extent of auditing procedures related to opening balances and the consistency of
accounting principles in the current periods audit.
910.32 Normally, the predecessors workpapers are reviewed at the predecessors office at a time convenient to the
predecessor. Often the impressions gained merely by visiting the predecessors office are helpful in assessing the
predecessors competence.
910.33 Evidence about Opening Balances and Consistency. The amount of audit evidence to be obtained by the successor
auditor relating to opening balances and consistency in application of accounting policies is a matter of professional
judgment. AU-C 510.A1 states:
Audit evidence. . .may include the most recent audited financial statements, the predecessor auditors report
thereon, the results of inquiry of the predecessor auditor, the results of the auditors review of the
predecessor auditors audit documentation relating to the most recently completed audit, and audit
procedures performed on the current periods transactions that may provide evidence about the opening
balances or consistency.
910.34 In other words, the predecessors workpapers alone do not constitute sufficient evidence. The successor auditors
review of the predecessor auditors workpapers may affect the nature, timing, and extent of the successor auditors work
relating to the opening balances and consistency; however, the audit work performed and the conclusions reached are solely
the responsibility of the successor auditor. Generally, an auditoris own procedures on opening balances will include
scanning, following up on unusual items, and evaluating whether the results of the audit tests in the current year indicate
problems with opening balances, e.g., do write-offs of receivables during the current period indicate an inadequate opening
allowance for uncollectible accounts?
910.35 For example, the successor auditor may review the predecessors workpapers related to fixed assets and be satisfied
with the predecessors assessment of internal control, substantive tests, and evaluation of misstatements. Based on this
review, and the results of the successors procedures on current year transactions and analytical procedures on accumulated
depreciation, the successor may conclude that additional procedures on prior year transactions are not considered
necessary.
910.36 The variety of purposes served by reviewing the predecessors workpapers are outlined in Exhibit 9-16. These
purposes are generally accomplished in two stagesoverall review of the workpapers and a detailed review of the
workpapers for specific asset and liability accounts.
Exhibit 9-16
Purposes Served by Review of a
Predecessor Auditors Workpapers
To make an evaluation of:
1. the general competence of the predecessor;
2. the predecessors adherence to generally accepted auditing standards; and
3. the procedures applied to specific asset and liability accounts.
To obtain information on:
1. the control environment, the financial reporting system and, in some cases, related control
activities;
2. identified risks of material misstatement;
3. identified control deficiencies;
4. aspects of contracts, agreements, and matters of continuing accounting or auditing significance;
5. accounting policies used in the prior period;
6. the nature and amount of any misstatements in opening balances;
7. any disagreements with managements accounting estimates; and
8. detailed schedules of accounting data carried forward from prior periods.
* * *
910.37 Overall Review of Predecessors Workpapers. The overall review of the predecessors workpapers is intended to
provide the auditor with a basis for evaluating the predecessors general competence and general adherence to generally
accepted auditing standards. Some departures from professional standards or good practice, such as failure to use written
audit programs, poorly organized and sloppily prepared workpapers, and failure to obtain client and attorney representations
or confirm receivables, may be quickly noted.
910.38 During the overall review of the predecessors workpapers, the auditor needs to give particular attention to matters
that would identify potential problem areas in the audit. In particular circumstances, some or all of the following procedures
might be useful:
a. Read the predecessors planning memo and other planning workpapers. (This may assist in identifying risks,
significant audit areas, and the nature of the predecessors procedures in those areas.)
b. Read the predecessors management letter or communication of internal control related matters, and client and
attorney representation letters. (This helps to assess the condition of the financial reporting system and to identify
control deficiencies and unusual accounting or auditing risks.)
c. Scan the workpaper summary of adjusting journal entries. (This provides an indication of the clients expectations on
accounting assistance and helps to identify potential risks that may result in time-consuming areas.)
d. Scan the summary and evaluation workpaper that accumulates uncorrected misstatements. (This helps to identify
risk areas and identifies possible uncorrected misstatements in opening balances.)
e. Read the predecessors engagement summary memo (if available). (This may identify potential risk areas of the
engagement and how the predecessor addressed those risk areas.)
f. Scan the time budgetplanned and actual. (This helps to identify areas that required more than the anticipated time
and can identify risk areas.)
A predecessor may be sensitive about permitting review of the planned and actual time budget. In that case, the auditor may
merely inquire about areas that caused difficulty.
910.39 Detailed Review of Specific Workpapers. If the overall review of the workpapers indicates that the auditor may be able
to use information in the predecessors audit documentation as audit evidence, then a detailed review of the workpapers for
specific asset and liability accounts is generally the next step. Each of the initial audit programs for specific balance sheet
accounts, ASB-IA-3 through ASB-IA-13, includes procedures that are appropriate in an initial audit when the auditor intends to
use information from the review of the predecessor auditors workpapers as evidence for opening balances and consistency.
910.40 Approaches to the detailed review of the predecessors workpapers vary considerably in practice. Some auditors use
the same checklist on supervision and review that is used in the CPA firms own practice and apply it to the predecessors
workpapers. Some auditors use special audit programs that are designed specifically for the detailed review of the
predecessors specific workpapers. These approaches are certainly acceptable, but the authors believe that they are not
particularly efficient for many engagements.
910.41 The authors recommend the following approach as usually efficient and effective in most audit engagements. Scan
the suggested additional audit procedures for an initial engagement for each specific account balance before inspecting the
predecessors workpapers for that balance. For some account balances, most or all of the procedures can be accomplished
in the predecessors office. For other account balances, the procedures can be performed when applying procedures to the
clients accounting records. When the predecessors workpapers will be needed for later application of auditing procedures,
request copies of the predecessors workpapers.
910.42 This approach allows selective use of information from the predecessors workpapers and permits the most efficient
and effective approach to be used for a particular account balance. It is important to avoid the tendency of making a detailed
review of all workpapers simply because they are available. After the review, the auditor should prepare audit programs for
the current audit and include those additional procedures for opening balances that are appropriate in the circumstances.
910.43 Case Study on Reliance on a Predecessor. Mongo Freed, a partner in a two-partner firm with a professional staff of
10, has succeeded Dee Mills, a sole practitioner, in the audit of Sterling Enterprises, a small manufacturer of stainless steel
utensils. Mongo Freed will be reporting only on the 20X4 financial statements. Dee Mills had previously audited and reported
on the 20X3 financial statements. Relations between Mr. Sterling and Dee Mills are cordial, but both have agreed that Sterling
has gotten too large for Mills to handle the audit. Mongo Freed visits Mills office at a previously agreed-upon time and makes
an overall review of the workpapers for the audit of the 20X3 financial statements. Freed is convinced that Mills is very
competent and has excellent technical knowledge. However, the audit workpapers are not well organized, Mills writing
requires a painstaking word-for-word deciphering, and Mills is really too busy to provide all the supplemental explanation
necessary to facilitate Freeds detailed review.
910.44 Solution: Based on the overall review of Mills audit documentation, Freed decides not to use information from Mills
audit documentation as evidence about opening balances other than inventory. Sterling does not keep perpetual records and
determines inventory by a complete annual physical count. In this way, Freed is able to spend most of the time that Mills has
been able to allocate to explaining the workpapers to an area that is efficient and effective in the circumstances. Without using
information from his review of Mills work in the inventory area, Freed believes it would probably be necessary to disclaim an
opinion on results of operations for the year-ended December 31, 20X4.
910.45 Successor Auditor Acknowledgment Letter. Before permitting access to the workpapers, the predecessor may
request confirmation of the successor auditors agreement related to use of the audit documentation. ASB-CL-13.2 provides a
drafting example of this letter. (The letter presented at ASB-CL-13.2 is based on a nonauthoritative example letter in AU-C 510,
Exhibit C.)
910.46 The authors believe that, as a practical matter, the letter constitutes an agreement between firms, it may provide some
protection to the predecessor should litigation arise, and the successor may gain access to additional workpapers by signing
the letter. While there may be no harm to the successor in signing such letters, this is a legal issue and firms might wish to
consult their legal counsel. The following paragraphs discuss some of the issues that the letter raises.
910.47 The letter states the understood purpose of the successors review of workpapers. It, in essence, says that the
purpose is to assist the successor in planning and performing his or her audit. In particular, the letter states that the
successor accepts sole responsibility for the nature, timing and extent of audit work performed and the conclusions reached
in expressing his or her opinion on the financial statements. The review of predecessor workpapers is made to determine how
much evidence the successor will need to obtain regarding the beginning balancesnot to use specific predecessor
workpapers as audit evidence. Auditors need to be cautious, therefore, to avoid statements in their workpapers indicating that
specific predecessor workpapers are being used as audit evidence.
910.48 If the successor auditor signed an acknowledgement letter similar to the one at ASB-CL-13.2, the successor auditor
would be precluded from commenting on whether the predecessors audit was performed in accordance with generally
accepted auditing standards. This does not, however, relieve the successor of the responsibility under AU-C 510 if he or she
believes the financial statements on which the predecessor reported may require revision. That standard requires the
successor to request that the client arrange for the client, the successor, and the predecessor to discuss and attempt to
resolve the matter.
910.49 As noted in Exhibit 9-16, one of the purposes of reviewing the predecessors workpapers is to evaluate the
predecessors adherence to generally accepted auditing standards. The letter does not preclude that evaluation, it only
precludes the successor from commenting orally or in writing about that evaluation.
910.50 If, based on his or her review of the predecessors workpapers, the successor decides not to use information from
that review as evidence about beginning balances because he or she does not believe the predecessor performed a GAAS
audit, the successor is precluded from commenting to the client as to the reasons for performing additional procedures if he
or she has signed an acknowledgment letter similar to the letter at ASB-CL-13.2. However, if the successor discovers that the
predecessor did not perform a GAAS audit through means other than the review of the predecessors workpapers (for
example, if discovered while the successor performs audit procedures), then the successor is not precluded from
commenting to the client as to the reasons for performing additional procedures.
910.51 If the successor is provided copies of the predecessors workpapers, the letter requires the predecessors permission
before access to the successors workpapers is voluntarily provided to a third party. As discussed in section 805, the
successor may in some engagements be required by law, regulation, or audit contract to provide access to regulators.
910.52 Consideration of Reporting Options. When a predecessor auditor has audited the prior periods financial
statements, there are several options in the presentation of financial statements in the current period. Exhibit 9-17 presents an
outline of these options. As explained in paragraph 910.55, the choice of options affects procedures the predecessor should
apply.
Exhibit 9-17
Reporting Options in
Replacing a Predecessor
PRESENT SINGLE-PERIOD FINANCIAL STATEMENTS
PRESENT COMPARATIVE FINANCIAL STATEMENTS
1. Reference. Refer to predecessors audit and report in the scope paragraph, but do not present
predecessors report.
2. Reissuance. Present predecessors reissued report on prior periods financial statements.
3. Reaudit. Report on all periods presented.
* * *
910.53 Single-period. One option is to present only the current periods financial statements. This approach does not change
the auditors responsibility in applying auditing procedures for opening balances or for consistent application of accounting
policies. However, it does avoid a number of problems that potentially may arise when the financial statements audited by a
predecessor are presented (e.g., as explained below, reissuance requires the predecessor to apply additional procedures).
Also, even when reference is made instead of reissuance, complications arise if there are changes in the manner of
presentation of the prior periods statements (e.g., changes in classification or extent of aggregation). However, single-period
financial statements may not meet the clients needs.
910.54 Comparative. If comparative financial statements are presented, two of the alternatives are, technically, equally
acceptable.
a. The predecessor may reissue the report on the prior period financial statements.
b. The successor may refer to the predecessors report in the report on the current period financial statements.
Usually the simplest and least costly of these two alternatives for the client is for the successor to refer to the predecessors
report.
910.55 If the predecessor auditors report is reissued, the predecessor should apply several procedures, and the cost to the
client is likely to be increased. AU-C 560.19 indicates that the predecessor should do the following:
a. Read the financial statements for the current period.
b. Compare the prior period financial statements that the predecessor reported on with the financial statements to be
presented for comparative purposes.
c. Obtain a representation letter from the successor auditor and the management of the former client.
The purpose of the representation letter from the successor is to determine whether the successors audit revealed any
matters that might have a material effect on, or require disclosure in, the financial statements reported on by the predecessor.
ASB-CL-13.6 may be used to obtain representation from the successor auditor. The representation letter from management
addresses whether any prior management representations made have changed and whether any subsequent events have
occurred which affect the prior period financial statements. (ASB-CL-3.4 is an example Updating Management
Representation Letter.) If a subsequently discovered fact becomes known, the predecessor should apply the procedures for
subsequent discovery of facts after the report release date discussed in section 1818.
910.56 If the successor reports on all periods presented, the guidance beginning with paragraph 910.73 for reaudits should
be followed.
910.57 Additional guidance on audit reporting in these circumstances may be found in PPCs Guide to Auditors Reports.
No Use of a Predecessor Auditors Workpapers
910.58 In an initial engagement, there are a variety of circumstances when there is no use of a predecessor auditors
workpapers. Generally, these circumstances fall into one of the following categories:
a. A business previously audited by a predecessor auditor.
b. A business with no previous audit but with previous accounting services.
c. An existing business with no previous accounting or auditing services.
d. A new business that began operations in the current period.
e. The successor is reauditing periods already reported on by the predecessor.
910.59 Previous Audit by a Predecessor. There may be no use of a predecessors workpapers when the auditor concludes
that the predecessor was incompetent or not independent. Also, the predecessor may not permit review or copying of
workpapers and files because of a fee dispute with the client or because of pending litigation with the client or others. Or, the
predecessor may have ceased operations and the workpapers may not be available. Naturally, the auditor needs to consider
any increase in audit risk that results from the particular circumstances.
910.60 When no information from a review of the predecessors audit documentation is used as audit evidence, the auditors
primary sources of evidential matter are the clients accounting records, documents in the clients possession, and analytical
procedures. In many cases, analytical procedures can be very effective in an initial engagement because of the passage of
time. For example, uncollectible accounts receivable in the opening balance are normally readily identifiable. Usually, in an
initial engagement, physical examination or confirmation of items in an opening balance are not practical.
910.61 Each of the audit programs for specific balance sheet accounts, ASB-IA-3 through ASB-IA-13, includes special
additional procedures that are appropriate in an initial engagement when information from a review of the predecessors audit
documentation will not be used as audit evidence for opening balances and consistency.
910.62 Previous Accounting Services. A client may have obtained compiled or reviewed financial statements in prior
periods. The accounting services may have been provided by the auditors own firm or by another CPA firm. An auditor is not
required to communicate with a predecessor accountant who provided accounting services before accepting an audit
engagement. However, it is usually worthwhile to communicate with a predecessor accountant and obtain copies of detailed
schedules for account balances.
910.63 The additional audit procedures that should be applied to opening balances are not reduced when there are previous
accounting services. The same additional procedures for an initial engagement when information from a review of the
predecessors audit documentation will not be used as audit evidence for opening balances and consistency are appropriate.
However, considerable time may be saved when detailed schedules are available.
910.64 No Previous Accounting or Auditing Services. Generally, the most time-consuming and difficult initial audit
engagement is for an existing business with no previous accounting or auditing services. The additional audit procedures that
should be applied to opening balances are the same procedures referred to earlier for circumstances when information from
a review of the predecessors audit documentation will not be used as audit evidence for opening balances and consistency.
However, there is an increased likelihood that the condition of the accounting records will not permit the application of
necessary procedures.
910.65 In an initial engagement, the auditors primary concern with significant current asset balance sheet accounts is the
effect on current operating results. Unless the auditor can determine the reasonableness of the opening balances in these
accounts, it will usually be necessary to disclaim an opinion on results of operations, cash flows, and consistency because of
a scope limitation. Even though the auditor does not express an opinion on consistency, the inability to evaluate whether
there has been an accounting change is also a scope limitation. Inventory is likely to present the greatest difficulty, but similar
problems may arise with accounts receivable and accounts payable.
910.66 Naturally, the auditor needs to assess the possibility of this type of scope limitation at the start of the engagement and
discuss the type of report that will be necessary with the client. As a practical matter, the auditor needs to discuss the
possibility of other than an unmodified opinion with the client whenever that circumstance arises. Even when a scope
limitation will preclude expression of an unmodified opinion, the auditor does not ignore opening balances of current asset
accounts as it may be possible to identify and correct a material distortion of operating results.
910.67 A New Business. The initial audit of a new business started in the current period does not usually have the difficulties
associated with other initial engagements. Generally, the additional audit procedures for an initial engagement do not apply
because those procedures are directed to opening balances, which are zero for a new entity since there is no prior period
balance sheet.
910.68 Nevertheless, some modifications of the procedures for a continuing engagement may be necessary. More attention
is focused on equity accounts and the transactions involved in the creation and capitalization of the business. Also, long-term
assets, such as property, require more attention in this type of engagement because more detailed work is necessary to
establish ownership and acquisition cost and to initially create the detailed property records.
910.69 There may also be unique accounting problems associated with the founding of a new business (e.g., accounting
principles for development stage companies may apply). Also, the absence of historical experience for evaluation of
accounting estimates (e.g., little history of claims on sales warranties or little customer paying experience on receivables) may
make it more difficult to audit allowances for warranties or uncollectible receivables. AU-C 540.13 indicates that in evaluating
the reasonableness of an accounting estimate, the auditor should use one or a combination of the following approaches:
a. Review and test the process used by management to develop the estimate.
b. Develop an independent expectation of the estimate to corroborate the reasonableness of managements estimate.
c. Review subsequent events or transactions occurring prior to the date of the auditors report.
d. Test the operating effectiveness of controls over managements process for developing the estimate and perform
appropriate substantive procedures.
In an initial audit engagement of a new business, the auditor may have little basis for developing an independent expectation.
Thus, the auditor will need to place greater emphasis on the other approaches, particularly the review of subsequent events
and transactions.
910.70 Audit Reporting. Guidance on audit reporting for the circumstances described in this section may be found in the
following sections of PPCs Guide to Auditors Reports:
a. Previous audit by a predecessor (section 804).
b. Previous accounting services (section 805).
c. No previous accounting or auditing services (sections 405, 703, and 805).
d. New business (section 108).
910.71 Special Considerations for Observation of Inventory. In some cases, the auditor may not be able to observe the
physical inventory on the balance sheet date (for example, the auditor may not have accepted the engagement until after the
clients year end or the auditor may have been engaged to reaudit a prior period). According to AU-C 501.A35, the auditor
may be able to obtain sufficient evidence regarding the existence of inventory at the balance sheet date by performing
alternative procedures. In addition, alternative procedures will be necessary if beginning inventory was not observed by a
predecessor auditor and the auditor is giving an opinion on the current periods income statement. Such alternative
procedures include, but are not limited to:
Observe Inventory at a Subsequent Date. The auditor may perform some test counts of the clients inventory at a
subsequent date. Tests of transactions between the balance sheet date and the subsequent date can be performed
in order to reconcile the subsequent count to the clients count at the balance sheet date. For opening balances, the
current physical inventory count can be reconciled to the opening inventory quantities.
Review Documentation of the Clients Count. The auditor may review documentation of the clients count at the
balance sheet date. Selected quantities can be vouched from the inventory listing to the count sheets (or tags) and
quantities per the count sheets (or tags) can be traced to the inventory listing. These same procedures can also be
performed for the clients inventory count at the beginning of the period.
Perform Gross Profit Tests. Comparison of sales and cost of sales for the last month of the prior period and the first
month of the current period may determine if cutoff is reasonable at the beginning of the year. For year-end cutoff,
the auditor can compare gross profit for the last month of the current period to gross profit for the first month of the
subsequent period.
Test Prior and Subsequent Transactions. The auditor can examine subsequent sale of specific inventory items
acquired or purchased before the physical inventory date to obtain evidence of their existence at that date. This may
be effective for a business such as an auto dealership where items in inventory are specifically identifiable.
The effectiveness of alternative procedures is affected by the length of the period that the alternative procedures cover.
910.72 These alternative procedures may provide sufficient appropriate audit evidence regarding the existence of beginning
inventories only if the auditor is able to become satisfied about the current (ending) inventory. If the auditor does not observe
any physical counts of the inventory, or is unable to satisfy himself through these alternative procedures, then the audit report
should be modified for a scope limitation. The authors believe that auditors need to exercise caution when there has been no
observation of beginning inventories or no information from a review of the predecessor auditors inventory observation
workpapers can be used as audit evidence. In situations where beginning inventories are material, inventory transactions
throughout the period are numerous, or the nature and major components of inventories have changed during the period
under audit, it may be difficult to reduce audit risk to a sufficiently low level through the use of alternative procedures to avoid
a scope limitation. (Chapter 4 of PPCs Guide to Auditors Reports provides guidance on modifying the auditors report for a
scope limitation.)
Audits of Financial Statements Previously Audited (Reaudits)
910.73 Reporting options when replacing a predecessor are shown in Exhibit 9-17. The first two options are discussed in
paragraph 910.53 and also beginning in paragraph 910.54. Occasionally, the reaudit option may occur. In a reaudit, an
auditor may be asked to audit and report on a clients financial statements for a period that was previously audited and
reported on by a predecessor auditor. This differs from the situation discussed beginning in paragraphs 910.53 and 910.44 in
which the auditor is reporting on the financial statements for a period subsequent to the period audited and reported on by
the predecessor auditor. The discussion beginning in paragraph 910.25 describes the auditors procedures when he or she
intends to use information from a review of the predecessor auditors workpapers as a source of evidence when planning the
audit and substantiating opening balances. The discussion beginning in paragraph 910.58 describes procedures performed
by the successor auditor to substantiate opening balances when the auditor does not intend to use the work of the
predecessor as audit evidence. The following paragraphs discuss issues when an auditor is performing a reaudit.
910.74 The following questions have arisen in practice about the responsibilities of the successor and predecessor auditor in
a reaudit situation:
What communications are required between the successor and predecessor auditors?
How much audit evidence can be obtained from the work of the predecessor auditor?
What is the impact on the successor auditors report?
Those matters are discussed in the following paragraphs.
910.75 Communications with the Predecessor Auditor. As discussed beginning in paragraph 202.19, the successor
auditor is required to ask management to authorize the predecessor to allow a review of the predecessoris workpapers and to
respond fully to the successors inquiries regarding matters that will assist in the engagement acceptance decision. If
management refuses, or limits the predecessors response, the auditor should inquire about the reasons and consider their
implications when deciding whether to accept the engagement. These communications should also be made when engaged
to audit and report on financial statements previously audited and reported on by a predecessor auditor. When making the
inquiries, the successor auditor needs to clearly communicate that the purpose of his or her inquiries is to obtain information
about whether to accept an engagement to report on financial statements previously audited and reported on by the
predecessor auditor.
910.76 Requesting Access to Workpapers. When the auditor has been engaged to audit and report on financial statements
for a period previously audited by a predecessor auditor, the successor would normally request access to and review the
predecessors workpapers for the period under audit (the reaudit period) and the period prior to the reaudit period. As
discussed in this section, after accepting a new engagement, the successor auditor requests access to the predecessors
workpapers for the prior period to plan the audit, obtain evidence about beginning balances, and evaluate the consistency in
application of accounting policies. In a reaudit situation, the auditor reviews the workpapers for the period to be reaudited for
purposes of obtaining information to be used in planning his or her reaudit. Paragraph 910.77 and following discuss the use
of the predecessors workpapers as audit evidence. A drafting form at ASB-CL-13.1 includes a request for permission to
examine the predecessors workpapers.
910.77 Using the Work of the Predecessor. As previously discussed, when performing a reaudit, the successor auditor
reviews the predecessors workpapers for the reaudit period and the period prior to the reaudit period. However, the purpose
of the successors review of the predecessors workpapers for the reaudit period cannot be to use the predecessors
workpapers as evidence. Instead, the purpose for reviewing the workpapers for the reaudit period is to obtain information that
might be useful in planning the reaudit. Because the successor auditor has been engaged to perform a reaudit, the audit work
performed and the conclusions reached are the responsibility of the successor auditor. If the successor relies on the
predecessors workpapers to support his or her opinion, the successor has not obtained sufficient evidence for expressing an
opinion. In addition, the work and report of the predecessor auditor cannot be treated as that of a specialist or as the work of
an internal auditor.
910.78 In other words, the successor auditor should perform the procedures considered necessary to report on the financial
statements as if they had not been audited by the predecessor auditor. For example, the successor auditor cannot use the
procedures documented in the predecessors workpapers as evidence to validate accruals and other liabilities. Additional
procedures, such as recalculation or examination of subsequent payments, need to be performed by the successor auditor.
The authors believe, however, that the review of the predecessors workpapers may provide information that can be used as
part of the auditors risk assessment procedures relating to the reaudit period. The authors caution that such information
would normally only supplement the auditors risk assessment procedures performed for the reaudit period as discussed in
Chapter 3.
910.79 For purposes of substantiating the beginning balances of the reaudit period and evaluating the consistency in
application of accounting principles, the successor may use information from his or her review of the predecessors
workpapers for the period prior to the reaudit period. The guidance beginning in paragraph 910.25 would apply to the review
of the workpapers for the period prior to the reaudit period.
910.80 Effect on the Successors Audit Report. When an auditor is reporting on financial statements that have been
previously audited and reported on by a predecessor auditor, the successor auditor cannot assume responsibility for the work
of the predecessor or make reference to the report of the predecessor auditor. However, if the financial statements of the
reaudit period and the period prior to the reaudit period (which were not reaudited by the successor auditor) are presented,
the guidance beginning in paragraph 910.52 would apply.
910.81 Providing Access to Workpapers in a Reaudit Situation. When the predecessor auditor is requested to provide
access to workpapers in a reaudit situation, it is generally considered a professional courtesy to provide that access.
However, there may be circumstances in which the request will not be accommodated. Valid business reasons may lead the
predecessor auditor to decide not to allow a review of his or her working papers. A situation that might cause a local
practitioner to consider not providing access is when a client is going public. In some cases, firms are precluded by their
insurance carrier from doing audit work for public companies. In that case, the SEC requires multiple years to be presented
and the successor may be requested to report on all periods presented. If the successor uses information from the
predecessors work and an audit failure later occurs, the predecessor may be viewed as having performed audit work for
public companies, and its insurance coverage could be jeopardized. One solution is for the predecessor to provide access
only to workpapers for the period prior to the reaudit period. Another is for the predecessor to obtain written confirmation from
the successor that the successor accepts sole responsibility for the nature, timing, and extent of audit work performed and
conclusions reached as a basis for the successors report on the reaudited periods.
911 SPECIAL CLIENT CONSIDERATIONS
911.1 The following paragraphs provide guidance on special considerations relating to relationships with clients and other
issues that may arise during the audit engagement.
Suing for Fees
911.2 As a general rule, auditors ought to avoid suing clients for unpaid fees. Doing so frequently gives rise to a countersuit
by the client alleging malpractice, and any potential fee recovery is generally not worth the potential litigation costs. When the
auditor brings legal action against the client in order to avoid an automatic judgment against it, the client will have to engage
an attorney and file a response. Because the client will be forced to take these steps anyway, little further effort will be
required to file a counterclaim against the auditor. The following are some things firms can do to avoid suits to recover unpaid
fees:
a. Consider a prospective clients fee payment history when making a client acceptance decision.
b. Consider including a mediation clause in the audit engagement letter, as discussed in paragraph 204.28.
c. Progress bill and include a statement in the engagement letter that work will be suspended if payments become past
due, as discussed in paragraph 204.17.
d. Consider obtaining a retainer, as discussed in paragraph 204.20.
e. Consider having the client execute a note for the unpaid fees.
f. Consider charging interest on past-due balances.
911.3 A firms insurance coverage may not cover countersuits resulting from the firms suing to recover unpaid fees. If a firm
decides, based on specific circumstances, that a suit for unpaid fees is worth the risk, the firms insurance carrier and legal
counsel need to be consulted. In addition, the authors recommend that firms avoid asserting, in any suit to recover unpaid
fees from a third party, that a relationship with the third party was the equivalent of contractual privity (for example, the firm
would not assert that it did the work for the benefit of a third party even though the engagement letter was signed only by the
client). These situations can arise in business acquisitions when the buyer agrees to pay the fee for an audit of financial
statements by the sellers auditor.
Rejection Letters
911.4 A firm will sometimes turn down a prospective client. When this occurs, the authors recommend that firms inform the
rejected client in writing that the company must look elsewhere for auditors. Such a letter will prevent the would-be client from
subsequently blaming the firm for the clients failure to provide creditors with timely audited financial statements or some
other required service. Rejection letters also typically warn that any advice that the firm gave in the course of the client
acceptance interview should not be relied on as it was offered without an investigation of the underlying facts and without an
opportunity to refer to authoritative literature. Appendix 10E of PPCs Guide to Managing an Accounting Practice includes an
example rejection letter.
Withdrawing from an Engagement
911.5 Even with the tightest possible engagement acceptance and continuance procedures, situations will sometimes occur
that cause the firm to consider withdrawing from an engagement. Reasons that might cause a firm to withdraw from an audit
include:
a. The clients unwillingness to make a material correction to the financial statements or accept a modified report.
b. Failure by the client to take remedial action with regard to noncompliance with laws or regulations that might be
discovered during the audit.
c. The discovery of facts after the audit commences that may have caused the firm to reject the engagement, had
those facts been known prior to starting the work.
d. Inability to accept managements representations.
911.6 Statement on Quality Control Standards (SQCS) No. 8, A Firms System of Quality Control, requires firms to establish
policies and procedures for the acceptance and continuance of client relationships and specific engagements. If the firm
obtains information that would have caused it to decline an engagement if that information had been available earlier, policies
and procedures on the continuance of the engagement and the client relationship should include consideration of the
professional and legal responsibilities that apply to the circumstances, and the possibility of withdrawing from the
engagement or from both the engagement and the client relationship. SQCS No. 8 (QC 10.A16) states that firms policies and
procedures on withdrawal from an engagement or from both the engagement and the client relationship may address
documenting significant issues, consultations, conclusions, and the basis for the conclusions. In addition, those procedures
may include the following:
Discussing with the appropriate level of the clients management and those charged with its governance the
appropriate action that the firm might take based on the relevant facts and circumstances.
Considering whether there is a professional, regulatory, or legal requirement for the firm to remain in place, or for the
firm to report the withdrawal from the engagement or from both the engagement and the client relationship, together
with the reasons for the withdrawal, to regulatory authorities.
If the firm determines that it is appropriate to withdraw, discussing with the appropriate level of the clients
management and those charged with its governance withdrawal from the engagement or from both the engagement
and the client relationship, and the reason(s).
911.7 Obviously, a decision to withdraw or discontinue services is a serious matter and, consequently, it is important to
carefully consider communication of this decision to the client. For example, withdrawing from an audit may subject the firm
to legal actions by the clients or stockholders of the client. Legal counsel needs to be consulted whenever this possibility
exists. When a decision has been made to terminate services to a client, the client needs to be notified immediately in writing.
ASB-CL-1.3 is a drafting form for a termination letter. As discussed in paragraph 204.17 and included in the illustrative
engagement letter at ASB-CL-1.1, certain statements made in the engagement letter may also provide protection against a
breach of contract claim should the auditor be forced to withdraw from an engagement.
Fraud Consulting Services
911.8 If clients become aware that employees have committed fraud or suspect that fraud may be taking place, they may
attempt to engage the auditor to perform fraud investigation consulting services. Such an engagement can take various
forms. Before accepting such engagements for audit clients, auditors ought to assess the potential liability associated with
their servicesparticularly if the alleged fraud, due to collusion or concealment, was not detected during the firms audit. To
avoid any appearance of a conflict of interest, as required by Statement on Standards for Consulting Services No. 1, the fraud
investigation services should ordinarily be performed by someone other than the personnel involved in the audit. If such an
engagement is accepted, all communications and documentation need to be carefully considered to ensure that the firms
self-interest is not abandoned. Caution is essential, however, because if the firm takes any actions that appear to be a cover
up, that will create additional risks. For this reason, some firms decline such engagements, and in all cases the firm ought to
also consider consulting legal counsel. In addition, the auditors understanding with the client regarding the performance of
these nonattest services should be documented.
Maintaining Positive Client Relationships
911.9 One of the best ways to help ensure that engagements operate smoothly and avoid potential malpractice claims is to
maintain good client relationships. This means, above all, it is important to stay in constant communication with the client by
keeping the client informed of the progress of the engagement, the costs that are being incurred, the problems that have
been encountered, and how the firm intends to address them. Good client communications also require the firm to
demonstrate concern for the clients welfare by bringing matters to the clients attention and suggesting ways the client might
improve its operations or finances. Clients treated in this manner tend to openly cooperate and are less likely to commence a
legal action against their CPA firm. Indeed, a firm that has a close relationship with the client can often avoid a liability claim,
even in the face of significant scrutiny by third parties or a significant loss to the client such as a client employee defalcation.
Client communications related to internal control matters and those charged with governance are discussed in section 1814.
912 INTERIM REVIEWS
Standards and Conditions for Performing the Review
912.1 AU-C 930, Interim Financial Information, establishes standards and provides guidance on the procedures to be
performed by an independent auditor engaged to review interim financial information. Reviews of the interim financial
information of public companies are subject to the requirements of the Public Company Accounting Oversight Board
(PCAOB). AU-C 930 applies to reviews of the interim financial information of nonissuers, including companies participating in
unregistered private equity exchanges.
912.2 Under AU-C 930, interim financial information represents financial information or statements prepared and presented in
accordance with an applicable financial reporting framework (for example, GAAP) covering a period or periods less than a full
year or covering a 12-month period ending on a date other than the entitys fiscal year end. Interim financial information may
be condensed or in the form of complete financial statements.
912.3 Applicability. AU-C 930 applies when a nonpublic entity engages the auditor to perform a review of interim financial
information and all of the following conditions are met:
a. the entitys latest annual financial statements have been audited by the auditor or a predecessor;
b. the auditor either (1) has been engaged to audit the entitys current year financial statements, or (2) the auditor
audited the entitys latest annual financial statements and, when it is expected that the current year financial
statements will be audited, the appointment of another auditor to be engaged to audit the current year financial
statements is not effective prior to the beginning of the period covered by the review;
c. the entity prepares its interim financial information in accordance with the same financial reporting framework as that
used to prepare the annual financial statements; and
d. when if the interim financial information is condensed information, all of the following conditions are met:
(1) The condensed interim financial information purports to conform with an appropriate financial reporting
framework, which includes appropriate form and content of interim financial statements; for example, FASB
ASC 270, Interim Reporting, and Article 10 of SEC Regulation S-X with respect to accounting principles
generally accepted in the United States of America, or International Accounting Standard No. 34, Interim
Financial Reporting, with respect to IFRS issued by the IASB may be appropriate financial reporting frameworks
for interim financial information. This Guide assumes the interim financial information will be prepared following
U.S. GAAP.
(2) The condensed interim financial information includes a note that the financial information does not represent
complete financial statements and should be read in conjunction with the entitys latest annual audited financial
statements.
(3) The condensed interim financial information accompanies the latest audited annual financial statements or
such audited annual financial statements are made readily available by the entity. The financial statements are
readily available if a third party user can obtain the financial statements without any further action by the entity
(for example, financial statements on an entitys website may be considered readily available, but being
available on request is not considered readily available).
The most likely circumstances when an audit firm will be applying AU-C 930 are when the firm has performed an annual audit
and then performs the review or when the firm has been engaged to perform the audit, but performs the first review before the
audit is completed.
912.4 If the conditions in the preceding paragraph are not met, the auditor cannot perform a review under AU-C 930. In that
case, the review of interim financial information of a nonpublic entity should be performed under SSARSs, following the
guidance in PPCs Guide to Compilation and Review.
912.5 Form of Interim Financial Information. Interim financial information of nonpublic entities may be condensed or in the
form of complete financial statements. However, GAAP does not provide minimum requirements for what should be included
in condensed interim financial statements of nonpublic entities. FASB ASC 270, Interim Reporting, provides accounting and
disclosure guidance related to recognition and measurement in interim financial information, but does not contain guidance
on the form and content of condensed interim financial statements. A Technical Practice Aid at TIS 1900.01 indicates that
nonpublic entities providing condensed interim financial statements would look to Article 10 of SEC Regulation S-X for form
and content guidance when preparing those financial statements. Therefore, GAAP for condensed interim financial
information of nonpublic entities consists of Article 10 of SEC Regulation S-X, Interim Financial Statements, for form and
content and FASB ASC 270, Interim Reporting, for recognition and measurement.
912.6 Reporting. The reporting requirements for reviews of interim financial information for interim periods of fiscal years
beginning before December 15, 2012, differ from the reporting requirements for interim periods of fiscal years beginning on or
after that date.
912.7 Interim Periods of Fiscal Years Beginning before December 15, 2012. Under SAS No. 100 (AU 722), the independent
auditor is generally not required to issue a written report on a review of interim financial information. A written report is
required in the following circumstances:
a. The entity states in a report, document, or written communication containing the reviewed interim financial
information that the interim financial information has been reviewed by an independent public accountant or makes
other reference to the auditors association.
b. The auditor determines that it is appropriate to issue a written report to address the risk that a user of the interim
financial information may associate the auditor with the interim financial information and, in the absence of a review
report, inappropriately assume a higher level of assurance than that obtained. (AU 722.03)
912.8 In other words, generally the auditor may agree to report on the review orally or to provide a written report. If the
auditor provides a written report, the entity is not required to include it with the interim financial information. However, if the
entity states the information was reviewed by an independent public accountant or identifies the auditor by name, the auditor
should insist on presentation of a written report. In addition, the auditor, as a matter of professional judgment, might decide to
insist on inclusion of a written report if the auditor believes that doing so is desirable to avoid having users assume that a
higher level of assurance than intended has been provided.
912.9 Interim Periods of Fiscal Years Beginning on or after December 15, 2012. The auditor is required to issue a written
review report when engaged to report on interim financial information even though third parties may choose not to require that
a written auditors review report on such information be provided to users of the entitys interim financial information.
912.10 Overall Objectives and Approach. The overall objective of a review is to provide the auditor with a basis for
reporting whether he or she is aware of any material modifications that should be made to the interim financial information for
it to conform with GAAP by performing limited procedures. A review of interim financial information is substantially less in
scope than an audit and, therefore, does not provide a basis for expressing an opinion about the fairness of presentation of
the interim financial information in conformity with GAAP. A review consists primarily of performing analytical procedures and
making inquiries of client personnel responsible for financial and accounting matters. The overall approach is influenced by
the fact that the review is performed by an auditor who either has or will perform an audit of the annual financial statements.
As a result, some of the steps in a review can be combined with similar steps for the annual audit, and various efficiencies can
be achieved by performing some audit work in the course of performing the interim review.
Interim Review Steps and Procedures
912.11 The steps and procedures that are ordinarily appropriate for the review of interim financial information of a nonpublic
company are as follows:
a. Assess engagement acceptance or continuance.
b. Agree on the terms of engagement.
c. Obtain or update an understanding of the entity and its internal control.
d. Perform analytical procedures, inquiries, and other review procedures.
e. Obtain a management representation letter.
f. Evaluate the results of the review procedures performed.
g. Communicate to management and those charged with governance.
h. Issue the review report.
As explained in the following paragraphs, because review steps and procedures can be combined with related steps and
procedures in the annual audit, some of the same forms and checklists may be used. Using the same forms and performing
some audit procedures in the course of a review does not elevate the engagement to an audit. If the auditor was engaged to
perform a review, the responsibility for the interim financial information remains a review and not an audit responsibility.
912.12 Assess Engagement Acceptance or Continuance. As with most engagements, the first step in performing a review
of interim financial information is to assess client acceptance or continuance. The client acceptance/continuance is performed
prior to each review, but may often be based on a review of the documentation prepared in conjunction with the annual audit.
Assessments may be performed as follows:
For a new or existing client, the auditor can review the Engagement Acceptance and Continuance Form for audit
engagements at ASB-CX-1.1. For a new client, if the client is acceptable for the annual audit, the client is ordinarily
also acceptable for performance of the interim reviews, unless new information about the client has come to light
since the initial client acceptance. The auditor should also ensure that there have been no changes in independence
since the audit assessment was performed.
For existing audit clients, generally, if the auditor is willing to continue its audit relationship with a client, there is no
problem performing the interim reviews unless there have been significant adverse changes since the audit
assessment. The auditor should also ensure that there have been no changes in independence since the audit
assessment was performed.
912.13 For a new engagement, the auditor should also follow the requirements for initial engagements in AU-C 210, Terms of
Engagement, which addresses contacting the entitys predecessor auditor and making certain inquiries before accepting the
engagement. In addition, before accepting the engagement, the auditor should obtain managements agreement that it
acknowledges its responsibility for certain matters, including its responsibility to establish and maintain controls that are
sufficient to provide a reasonable basis for the preparation of reliable interim financial information in accordance with GAAP. If
management does not acknowledge its responsibility the auditor should not accept the engagement.
912.14 Agree on the Terms of Engagement. AU-C 930.10 states that the auditor should agree on the terms of engagement
with management and those charged with governance and should document that understanding through an engagement
letter or other suitable form of written agreement. The understanding can be covered in a combined engagement letter for the
audit and review. A suggested combined letter is provided in ASB-IR-1. The understanding with the client should include the
following matters:
9(67)
The objectives and scope of the engagement.
The limitations of the engagement.
Managements responsibilities.
The auditors responsibilities.
The applicable financial reporting framework to be used in preparing the interim financial information.
912.15 Obtain or Update an Understanding of the Entity and Its Internal Control. AU-C 930 states that to perform a
review of interim financial information, the auditor should have an understanding of the entity and its environment, including
internal control as it relates to the preparation of both annual and interim financial information, to accomplish the following:
a. Identify the types of potential material misstatements in the interim financial information and consider the likelihood
of their occurrence.
b. Select the inquiries and analytical procedures that will provide the auditor with a basis for reporting whether he or
she is aware of any material modifications that should be made to the interim financial information for it to conform
with GAAP.
The approach to achieving these objectives generally depends on whether the auditor has audited the most recent annual
912.16 If the auditor has audited the most recent annual financial statements, the auditor would generally have obtained most
of the knowledge needed to plan the review in the course of planning the audit. The auditor needs to review the relevant audit
planning documentation and consider how the internal control over the preparation of interim financial information may differ
from internal control over the preparation of annual financial statements. The auditor should inquire of management about
changes in the entitys business activities, whether significant changes in internal control as it relates to the preparation and
presentation of interim financial information have occurred, and transactions with related parties. The auditor might find it
useful to prepare a supplemental memorandum describing how the accounting principles and practices used for interim
financial information differ from those for the annual financial statements and the effects on internal controls that operate for
the preparation of interim financial information. This memorandum can be carried forward and updated as appropriate for any
significant changes in policies, procedures, and personnel as identified by management.
912.17 The auditor should read documentation from the prior audit and prior interim reviews of the current year and consider
any corrected material misstatements, uncorrected misstatements, risks of material misstatement due to fraud (including the
risk of management override of controls), and other matters of continuing significance, such as significant deficiencies and
material weaknesses. In addition, the auditor should read the most recent annual and comparable prior interim financial
information and consider the results of any current year audit procedures performed.
912.18 If the auditor has not audited the most recent annual financial statements, it will still be necessary to obtain the
equivalent of an audit-base of knowledge. In addition to reading the most recent annual and prior interim financial information
and making inquires of management about changes in business activities and internal controls, the auditor can obtain a base
of knowledge by completing the relevant audit documentation while performing the review. For example, the auditor could
complete ASB-CX-3.1, Understanding the Entity and Identifying Risks, and ASB-CX-4.1, Understanding the Design and
Implementation of Internal Control. The auditor might review the predecessors relevant documentation with the
predecessors permission solely for the purpose of the successors own understanding. The auditor would also focus on how
the process for preparing interim financial information differs from that for annual information.
912.19 Perform Analytical Procedures, Inquiries, and Other Review Procedures. After obtaining or updating his or her
understanding of the entity and its environment, including internal control, the auditor needs to design and perform the review
proceduresconsisting primarily of inquiry and analytical procedures.
a. Analytical ProceduresAU-C 930.13 describes the following types of analytical procedures that should be used to
identify and provide a basis for inquiry about relationships and individual items that appear to be unusual and that
may indicate a material misstatement:
(1) Comparing the interim financial information with comparable information for the immediately preceding interim
period, if applicable, and with the corresponding period(s) in the previous year, giving consideration to
knowledge about changes in the entitys business and specific transactions.
(2) Considering plausible relationships among both financial and, if relevant, nonfinancial information. The auditor
also might wish to consider information developed and used by the entity, such as information in a directors
information package or in a senior committees briefing materials.
(3) Comparing recorded amounts, or ratios developed from recorded amounts, to expectations developed by the
auditor. Expectations might be developed by using plausible relationships developed from the auditors
understanding of the clients business and industry.
(4) Comparing disaggregated revenue data, for example, comparing revenue reported by month and by product
line or operating segment in the current interim period with that of comparable prior periods.
The selection of accounts to which analytical procedures will be applied is a matter of professional judgment based
on materiality, the auditoris understanding of the entity and its environment, including internal control, and the
results of risk assessments relating to the prior audit.
b. Inquiries and Other Review ProceduresAU-C 930.14 describes the following inquiries and other review procedures
the auditor should perform:
(1) Reading available minutes of meetings of stockholders, directors, and appropriate committees, and inquiring
about matters dealt with at meetings for which minutes are not available.
(2) Obtaining and reviewing reports from other accountants, if any, who have reviewed interim information of
significant components, subsidiaries, or other investees, or inquiring of those accountants who have not issued
reports.
(3) Inquiring of members of management who have responsibility for financial and accounting matters concerning
conformity of the information with GAAP consistently applied; unusual or complex situations; reliability of
underlying accounting records; significant transactions late in the period; status of prior period uncorrected
misstatements; subsequent events; knowledge of fraud, suspected fraud, or allegations of fraud; significant
journal entries and adjustments; changes in related parties or related party transactions; communications from
regulatory agencies; significant deficiencies and material weaknesses; and matters about which questions have
arisen in the course of applying other review procedures.
(4) Obtaining evidence that interim financial information agrees with or reconciles with the accounting records.
(5) Reading the interim financial information to consider whether, based on the results of review procedures
performed and other information that has come to the auditors attention, the information to be reported
conforms with GAAP.
(6) Reading other information in documents containing the interim financial information to consider whether such
information or the manner of its presentation is materially inconsistent with the interim financial information.
912.20 If information comes to the auditors attention about litigation, claims, or assessments that may indicate the financial
information is not prepared in accordance with GAAP, inquires should be made of the clients internal or external legal
counsel if the auditor believes they may have relevant information.
912.21 If conditions or events indicating substantial doubt about the entitys ability to continue as a going concern existed at
the date of the prior period financial statements or, while applying review procedures on the current interim period financial
information, if the auditor becomes aware of conditions or events indicating the possible inability of the entity to continue as
going concern, the auditor should make inquires of management about its plans for dealing with the adverse effects of the
conditions and events. Also, the auditor should consider the adequacy of the related disclosures.
912.22 The following practice aids can be used to document performance of the procedures ordinarily performed in a review
of interim financial information.
a. ASB-IR-2Interim Review Program
b. ASB-IR-3Interim Review Inquiries Checklist
912.23 For a review, the auditor ordinarily is not required to corroborate managements responses to inquiries. However, the
auditor should consider the reasonableness and consistency of managements responses in relation to other review
procedures and the auditors knowledge of the entitys business and internal control. If the auditor becomes aware of
information that leads him or her to believe that the interim financial information may not be in conformity with GAAP, the
auditor should make additional inquiries or perform additional procedures as necessary to provide an adequate basis for the
review report.
912.24 Obtain a Management Representation Letter. AU-C 930.21 indicates that written representations from management
should be obtained for all periods covered by the review and identifies specific representations that should be obtained. The
Management Representation LetterInterim Review at ASB-IR-6 is an example of a representation letter that is appropriate
for interim reviews of the financial information of nonpublic companies. The representation letter needs to be tailored as
necessary to include additional representations related to matters specific to the entitys business or industry.
912.25 Evaluate the Results of the Review Procedures Performed. In an interim review, a misstatement is the auditors
best estimate of the total misstatement in the account balances or classes of transactions on which the auditor has performed
review procedures. The auditor is required to accumulate misstatements, including inadequate disclosure, identified during
the performance of the review procedures or brought to the auditoris attention during the review. For the purpose of
accumulating misstatements for evaluation, the auditor can use ASB-IR-4, Misstatement Evaluation FormInterim Review.
For purposes of evaluating the appropriateness of the procedures performed and the consistency of the results of those
procedures with the report the auditor expects to issue, the auditor can use ASB-IR-7, Supervision, Review, and Approval
FormInterim Review.
912.26 When evaluating misstatements from interim review procedures, the auditor considers matters such as (a) the nature,
cause (if known), and amount of the misstatements; (b) whether the misstatements originated in the preceding year or interim
periods of the current year; (c) materiality judgments made in conjunction with the current or prior years annual audit; and (d)
the potential effect of the misstatements on future interim or annual periods. In addition, the auditor considers the
appropriateness of offsetting a misstatement of an estimated amount with a misstatement of an item capable of precise
measurement and recognizes that an accumulation of immaterial misstatement in the balance sheet could contribute to
material misstatements in future periods.
912.27 Communicate to Management and Those Charged with Governance. If, as a result of conducting a review of the
interim financial information, the auditor becomes aware of matters that cause him or her to believe that a material
modification should be made to the interim financial information for it to conform with GAAP or that the entity issued the
interim financial information prior to completion of the review (in those circumstances when a review is required), then the
auditor should communicate the matter(s) to the appropriate level of management. If, in the auditors judgment, management
does not respond appropriately to the auditors communication within a reasonable period of time, the auditor should inform
those charged with governance of the matter(s) as soon as practicable. If, in the auditors judgment, those charged with
governance do not respond appropriately to the auditors communication within a reasonable period of time, the auditor
should consider withdrawing from the engagement and, if applicable, from serving as the clientis auditor. In such cases, the
authors believe that the auditor should consult legal counsel.
912.28 If during the course of performing the review engagement, the auditor becomes aware of fraud or noncompliance with
laws or regulations, the auditor needs to obtain an understanding of the matter and sufficient other information to evaluate the
possible effects on the interim financial information and the auditors review report. The auditor also needs to consider the
implications for other aspects of the review (for example, reliance on managements representations). The matter and the
need for any further investigation should be discussed with an appropriate level of management, normally at least one level
above those involved. Fraud that involves senior management or results in material misstatement of the interim financial
information, should be communicated directly to those charged with governance. Identified or suspected noncompliance with
laws and regulations that should be considered when preparing interim financial information should be communicated to
those charged with governance, unless clearly inconsequential. If additional work or investigation is necessary, the auditor
ought to obtain an amended engagement letter to authorize additional procedures. Also consult AU-C 240 and AU-C 250,
912.29 In addition, the auditor should communicate to management and those charged with governance any significant
deficiencies or material weaknesses in internal control that come to the auditors attention during the course of performing the
interim review procedures.
912.30 When conducting a review of interim financial information, the auditor should also determine whether any of the
matters described in AU 260, The Auditors Communication With Those Charged With Governance, as they relate to the
interim financial information, have been identified. If so, the auditor should communicate the matters to those charged with
governance. (See section 1815.)
912.31 All of these communications may be oral or written, unless firm policy dictates otherwise. However, if the information
is communicated orally, the auditor should document the communication. Communications with those charged with
governance need to be made sufficiently timely to enable them to take appropriate action.
912.32 If the auditor cannot complete the review, the auditor should communicate to the appropriate level of management
and those charged with governance (a) the reason why the review cannot be completed, (b) that the auditor is precluded
from issuing a review report because the incomplete review does not provide a basis for reporting and, (c) any material
modifications of which the auditor has become aware that should be made to the interim financial information.
912.33 Issue the Review Report. For reviews of interim periods of fiscal years beginning before December 15, 2012, as
discussed beginning in paragraph 912.7, the auditor may agree to report on the results of the review orally or in writing. For
reviews of interim periods of fiscal years beginning on or after December 15, 2012, a written review report is required. Interim
review reporting examples and guidance can be found in PPCs Guide to Auditors Reports.
912.34 If the client represents in a report, document, or written communication containing the reviewed interim financial
information that the auditor has reviewed the interim financial information, the auditor should request that the client include the
review report in the report, document, or written communication. If the client does not agree to include the review report, the
auditor should request that their name neither be associated with the interim financial information nor referred to in the
document. If the client does not agree to remove the auditors name, the auditor should (a) advise the client that they are not
permitted to use or make reference to the auditors name, (b) communicate the noncompliance with the request to those
charged with governance, and (c) consider what other actions might be appropriate. When appropriate, the auditor might
recommend that the client consult with its legal counsel about the application of relevant laws and regulations. Also, the
auditor might consider consulting with the firms legal counsel.
Coordinating the Interim Review and Annual Audit
912.35 Because the auditor doing the interim review will normally be performing the review between annual audits, various
efficiencies can be achieved by coordinating the work. Certain procedures can be performed on the information accumulated
to date at the date of the interim review and used in the audit. The following are examples:
a. Reading Minutes. Reading available minutes of meetings of stockholders, directors, and appropriate committees is a
requirement in both interim reviews and annual audits. When performing a review, the auditor can read the minutes
up through the interim date and read only those minutes remaining unread in the annual audit.
b. Reviewing Major Transactions or Events. If a nonpublic company has revenue that consists of relatively few,
individually large revenue transactions or other major transactions or events, such as business combinations or
restructuring, the auditor can audit those that have occurred through the date of the interim review.
c. Testing Internal Control. If the auditor intends to rely on the effective operation of controls during the entire period, in
performing the review the auditor can perform tests of controls on transactions that have occurred to date. During
the audit the auditor can decide what procedures are appropriate to extend the conclusion from the interim date to
year end.
d. Performing Major Substantive Tests at Interim Dates. The auditor might decide to perform certain major substantive
tests, such as conformation of receivables, at an interim date. These substantive procedures can be performed
during the interim review and the auditor can decide what procedures are necessary at year end to extend the
conclusions to that date.
e. Reviewing Accounting Estimates Retrospectively for Bias. AU-C 240.32 requires the auditor to perform a
retrospective review of significant accounting estimates reflected in the financial statements of the prior year to
determine whether managements related judgments and assumptions indicate a possible bias. This retrospective
review can be performed during the first interim review performed after the annual audits. By performing this work on
a more timely basis better contemporaneous information may be available.
f. Evaluating the Business Rationale for Significant Unusual Transactions. AU-C 240.32 requires the auditor to gain an
understanding of the business rationale for significant transactions outside the normal course of business (or that
otherwise appear unusual) of which the auditor becomes aware. This work can be performed during the interim
review if the auditor becomes aware of them during that time.
g. Examining Journal Entries and Other Adjustments for Evidence of Possible Material Misstatement Due to Fraud.
Managements use of nonstandard journal entries to perpetrate fraud is a well-known technique. AU-C 240.32
imposes a requirement to review journal entries and other adjustments for indications of fraud. This requirement
extends throughout the period covered by the annual financial statements. This review of transactions and
adjustments to date can be performed during the interim review. The interim review may be particularly effective
because fraudulent financial reporting can begin during the period and escalate at year end.
By coordinating the review procedures and annual audit procedures, the auditor can improve the efficiency and effectiveness
of both engagements.
Practice Aids for an Interim Review
912.36 Practice aids that can be used in a review of interim financial information can be found in the IR section of this Guide.
CHAPTER 10: CASH BALANCES
1000 INTRODUCTION
General
1000.1 Typically, cash represents an insignificant portion of total assets; however, a relatively large share of the total audit
effort is often spent on this component of the balance sheet. Many of the cash audit procedures that have evolved as
customary in all audits are designed primarily for the detection of fraud. Also, since cash is relatively easy to substantiate,
there is a tendency to extend procedures to an extreme simply because it is feasible. This chapter explains why audit
procedures designed to obtain a precise accounting for cash are neither necessary nor desirable in many cases.
Accounting Standards
1000.2 Since cash presents few valuation problems, Generally Accepted Accounting Principles (GAAP) for cash are more
concerned with disclosure than measurement. The primary disclosure matters that the auditor considers when designing the
audit program are:
a. Amounts that do not meet the definition of cash in FASB ASC 230-10 must be classified as cash equivalents or as
other short-term investments. Generally, only highly liquid investments with original maturities of three months or
less qualify as cash equivalents. A companys policy concerning which short-term, highly liquid investments are
considered cash equivalents should be consistently followed.
1(68)
(See FASB ASC 230-10-45-6; 230-10-50-1;
305-10-20.)
b. Significant amounts of cash and cash equivalents that are not readily available for normal disbursements because of
withdrawal restrictions should be appropriately disclosed, and consideration should be given to the classification of
those amounts as noncurrent assets. (See FASB ASC 210-10-45-4 and 440-10-50-1.)
c. Normally, material bank overdrafts are presented as a separate caption among current liabilities. Similarly, material
dollar amounts of checks dated at or before the balance sheet date (and reflected as outstanding checks on the
bank reconciliation) that were not released until after the balance sheet date should be reclassified as accounts
payable. (These are commonly referred to as held checks.)
1001 AUDIT PROCEDURES FOR OBTAINING AUDIT EVIDENCE
1001.1 AU-C 500.06 states:
The auditor should design and perform audit procedures that are appropriate in the circumstances for the
purpose of obtaining sufficient appropriate audit evidence.
1001.2 AU-C 500, Audit Evidence [formerly SAS No. 106 (AU 326)], states that those audit procedures consist of the
following:
Risk assessment procedures.
Tests of controls.
Substantive procedures.
Risk assessment procedures and tests of controls contribute to the formation of the auditors opinion but do not, by
themselves, provide sufficient appropriate audit evidence. AU-C 330, Performing Audit Procedures in Response to Assessed
Risks and Evaluating the Audit Evidence Obtained [formerly SAS No. 110 (AU 318)] at AU-C 330.18, states that regardless of
the assessed risk of material misstatement, the auditor should design and perform substantive procedures for all relevant
assertions related to each material class of transactions, account balance, and disclosure. Substantive procedures consist of
(a) tests of details of transactions, account balances, and disclosures, and (b) substantive analytical procedures.
1001.3 Relevant assertions for a particular audit area are assertions that have a meaningful bearing on whether the related
account balances, transaction classes, or disclosures are fairly stated. The auditor uses relevant assertions in assessing the
risks of material misstatements by considering the different types of potential misstatement that may occur (that is, what could
go wrong in the financial statements), and then designing audit procedures that are responsive to the assessed risks. For
each relevant assertion within an account balance, class of transactions, or disclosure, the auditor assesses the risks of
material misstatement and, based on that assessment, determines the nature, timing, and extent of the substantive
procedures necessary to obtain sufficient appropriate audit evidence.
1001.4 Chapter 4 discusses the considerations when responding to assessed risks of material misstatement at the relevant
assertion level. That chapter also discusses the PPC audit programswhich include basic, extended and other audit
procedures. Chapter 5 discusses considerations when choosing substantive procedures and discusses substantive analytical
procedures and tests of details. Auditors need to be familiar with the concepts discussed in those chapters when selecting the
nature, timing and extent of substantive audit procedures for cash.
Relevant Assertions for Cash
1001.5 The relevant assertions for cash are as follows:
Existence or occurrence (E/O)Cash reflected in the financial statements exists, and cash transactions occurred
and pertain to the entity.
Completeness (C)All cash transactions have been recorded. Cash balances reflect all cash and cash items on
hand, in transit, or on deposit with third parties. Related disclosures are complete.
Rights or obligations (R/O)Cash is owned by the entity, and any restrictions on the availability of funds are
identified and properly disclosed.
Cutoff (CO)Cash balances reflect a proper cutoff of receipts and disbursements.
Accuracy or classification (A/CL)Cash transactions have been properly recorded as to account and amount. Cash
balances are properly classified in the balance sheet, and the information about cash required by GAAP is disclosed
fairly at appropriate amounts.
Valuation is ordinarily not be relevant to cash accounts unless currency translation is involved.
Substantive Audit Procedures for Cash
1001.6 In general, the substantive audit procedures for cash primarily focus on obtaining assurance about the reliability of
the entitys bank reconciliation, which provides audit evidence about existence or occurrence, completeness, accuracy or
classification, and cutoff. Auditors often confirm the balance of selected cash accounts as the primary test of the existence
assertion as well as to obtain evidence about rights or obligations. However, if the client has one or two primary accounts and
numerous secondary accounts that have minimal activity or risk, confirmations might only be requested for the primary
accounts. For the accounts not confirmed, the bank balance shown on the bank reconciliation can simply be agreed to the
bank statement. (Cash confirmations are not required by GAAS. Depending on the combined assessed level of inherent and
control risk over the existence of cash, the auditor might limit substantive procedures to inspecting client-provided bank
statements rather than confirming cash balances. See additional discussion on bank confirmations beginning with paragraph
1002.2.)
1001.7 Other substantive audit procedures for cash generally consist of analytical procedures, such as scanning bank
reconciliations for reasonableness and scanning cash receipts and disbursements for significant or unusual transactions near
year end, which provide assurance about existence or occurrence, rights or obligations, completeness, and cutoff. Other than
scanning, there are no particular substantive analytical procedures that are generally useful for cash. Balance-sheet account
balances that can be materially affected by relatively minor differences in the timing of transactions are not predictable
enough at the balance-sheet date to be adequately tested using analytical procedures. Cash is an outstanding example
because small differences in the timing of cash receipts or disbursements and in cash management policies and practices
can significantly change the ending balance.
1001.8 Vouching and tracing may not be necessary on all bank account reconciliations, but there is a tendency to perform
these procedures automatically. For example, some auditors have routinely applied tracing and vouching procedures to every
bank account reconciliation even though the activity (and level of risk) in certain accounts did not warrant those additional
procedures. Generally, tracing and vouching are necessary only for cash accounts with a higher assessed risk of material
misstatement. As part of audit planning, the authors recommend asking the client whether its bank still returns cancelled
checks with the bank statement. If cancelled checks will not be available, the auditor may need to tailor the tracing and
vouching procedures or rely on controls. In many instances, the clients bank may provide online electronic banking services,
which include images of cancelled checks. In such cases, the auditor might be able to use this as evidence when performing
tracing and vouching procedures. See the case study beginning at paragraph 1004.10.
1001.9 In addition to reviewing confirmations received from financial institutions, auditors might also review loan and debt
agreements and corporate minutes and make inquiries of management to obtain audit evidence about the following matters,
which relate to assertions about presentation and disclosure (for example, the accuracy of disclosures and appropriate
classification):
Guarantees, endorsements, and/or letters of credit, including guarantee arrangements for related parties.
Amounts designated for special purposes.
Amounts that are restricted in any manner, including withdrawal restrictions and minimum balance requirements.
Whether amounts are appropriately classified as cash, cash equivalents, or other short-term investments.
Auditors generally coordinate those procedures with debt and contingency procedures in other audit program areas,
including steps in the general program. Assurance about the completeness of disclosures is ordinarily obtained by filling out a
disclosure checklist, as part of general auditing and completion procedures.
1001.10 If the client has numerous interbank transfers and the auditor has assessed a higher risk of material misstatement
associated with cutoff of transferred funds, a schedule of interbank transfers made within a specified number of days before
and after the balance sheet date (e.g., five business days) might be prepared and tested. Essentially, this procedure is often
performed when there is a higher assessed risk of fraud since the primary risk would be that cash is double-counted in two
or more bank accounts in the same accounting period, for example due to kiting. For each transfer, the schedule typically
reflects the date recorded in the accounting records and the dates cleared in each bank statement. The auditor tests the
schedule to ensure that transfers were recorded properly in same accounting period. Furthermore, the auditor will often trace
transferred amounts to the bank statements for each bank and for any transfers not clearing the bank in the same accounting
period as initiated in the accounting records. The auditor determines whether such amounts are properly reflected as
reconciling items on the bank reconciliations. For example, if a transfer is recorded prior to period end and appears as a
deposit on the bank statement of account A, but has not cleared on the bank statement of account B, the bank reconciliation
for account B should reflect the transfer as an outstanding check. On the other hand, if a transfer appeared as a deposit on
the bank statement of account A prior to period end, but was not recorded in the accounting records until after period end,
this might be an indication that kiting has occurred.
1001.11 The auditor might perform other substantive audit procedures in situations where there are higher assessed risks of
fraud. (Section 1006 discusses responding to the risks of fraud.) A proof of cash might be performed in certain rare instances,
for example, if there is a risk of unrecorded (or improperly recorded) cash receipts and disbursements or defalcation. (In
addition to fraud risks, a proof of cash might be performed if the client has control deficiencies over the completeness of
recording cash receipts and disbursements.) The proof of cash schedule is an expanded version of the bank reconciliation
that reconciles:
Beginning-of-the-period balances per the bank statement and the books.
Current-period cash receipts per the bank statement to the corresponding items in the general ledger.
Current-period cash disbursements per the bank statement to the corresponding items in the general ledger
End-of-period balances per the bank statement and the books.
1001.12 In addition, the auditor might modify procedures related to cash disbursements. For example, when the auditor has
identified fraud risks, selected checks might be examined to determine unusual payees, endorsements, addresses, or
amounts.
1001.13 Note that the authors do not believe physical examination (i.e., counting cash) is a necessary procedure on a typical
audit engagement. If cash on hand is clearly a material item as might be the case in a retail client such as a restaurant or
grocery store, this procedure might be necessary to achieve the objective of existence. However, counting petty cash funds
or other small cash accounts is normally not necessary. Although not normally the case, if the client keeps significant
amounts of certificates of deposit on hand (or negotiable securities), the auditor may physically examine the certificates to
determine if any have been pledged to secure indebtedness. The practice aid at ASB-CL-8.1, Receipt for Securities Counted
by Auditor, can be used for this purpose. (Section 1002 discusses confirmation procedures if the certificates are held in
safekeeping by a bank.)
1002 WORKPAPER CONSIDERATIONS
1002.1 The workpapers listed below are common when performing the cash audit procedures. The workpaper content and
the extent of the auditors documentation will generally not be influenced by whether the workpapers are prepared in paper or
electronic format. However, if the auditor uses electronic workpapers, any client-prepared schedules and detail need to be
obtained in electronic format, if possible, to reduce the extent of paper documents that will be retained in the audit file
(electronic workpapers are discussed in section 807).
a. A trial balance or lead schedule that reflects all cash accounts.
b. Standard bank confirmations for cash accounts selected for confirmation at the balance sheet date.
c. Bank reconciliations for all accounts with significant balances or activity.
Bank Confirmations
1002.2 Preparation, mailing, and receipt of bank confirmations do not present major problems on most audits.
2(69)
Occasionally, because of poorly prepared confirmations or delays in processing them at the bank, audit inefficiencies can
occur. The following suggestions may be helpful in avoiding unnecessary problems (see also the practical considerations on
the confirmation form at ASB-CL-6.1):
a. Before mailing, check the account numbers or certificate of deposit numbers entered on the confirmation to the
bank statements or certificates. Transpositions in these usually long numbers are easy to make.
b. The standard bank confirmation form does not provide for the confirmation of certificates of deposit held in
safekeeping by the bank. If certificates of deposit held in safekeeping are significant, consider confirming with the
bank that the certificates of deposit are held in the clients name. The letter at ASB-CL-8.3, Confirmation of
Securities Held by a Third Party, can be used for this purpose. This procedure provides additional assurance that
certificates have not been assigned to a third party.
c. Ideally, the confirmation request is sent on or near the balance sheet date. Occasionally this is not possible, and the
confirmation request is sent a number of months after the balance sheet date. There is a tendency for banks to
automatically record the clients balance as of the month end closest to the date the request is received (instead of
the date actually requested). Also, there is a tendency on November or January fiscal year-end clients for the bank
to confirm the balance as of December 31. To avoid these problems, a caution note specifying the confirmation date
stapled to the face of the standard confirmation form may be helpful.
d. It is always beneficial to retain a copy of the bank confirmation request in case a second mailing is needed. Also,
consider a telephone call to the bank in lieu of a second letter.
e. If the client has only a few bank accounts, the auditor may send confirmations for every account. However, in some
cases, the client may have one or two primary accounts and numerous secondary accounts that have minimal
activity. In that case, the auditor may only send confirmations on the primary accounts. For the accounts not
confirmed, the auditor can review the reconciliations for unusual reconciling items and agree the bank balance to
the bank statement and the book balance to the general ledger.
f. Even if confirmations are sent for every account, inefficiencies can be avoided by relying on alternative procedures
for secondary account confirmations not received. Rather than incur significant time trying to follow up on
nonresponses for secondary accounts, the auditor might elect to agree the bank balance per the bank reconciliation
to the bank statement or access the information directly by online inquiry, if available.
g. In addition to confirming bank accounts open at year-end, some auditors confirm all bank accounts closed during
the year. The main purpose for this procedure is to detect unrecorded debt. However, it is the authors opinion that
this procedure is not the most effective for detecting unrecorded liabilities. Detail audit testing and analytical
procedures on other balance sheet and income statement accounts are generally adequate to detect any material
unrecorded debt.
The AICPA has a standard bank confirmation form that can be used to confirm checking accounts, savings accounts, other
deposit accounts, and direct loans. The form is available with or without the auditors name imprinted on it. Forms can be
ordered by calling the AICPA at (888) 777-7077 or by using the online catalog at www.cpa2biz.com. A copy of the
confirmation form can also be found at ASB-CL-6.1. An editable version of the standard bank confirmation is also available in
PPCs Practice Aids in Checkpoint Tools. Matters such as compensating balances, contingent liabilities, and other financing
arrangements are normally confirmed separately with a bank official who is responsible for the clients relationship or is
knowledgeable about such transactions or arrangements. ASB-CL-10.5, ASB-CL-10.6, and ASB-CL-10.7 present illustrative
letters that may be used to confirm compensating balances, lines of credit, and contingent liabilities, respectively.
1002.3 Special Considerations on the Use of Electronic Bank Confirmations. Some financial institutions no longer
respond to paper confirmation requests. Instead, they only respond to electronic confirmation requests submitted via a
designated third party provider. Such providers serve as an intermediary who provides a secure link between the auditor and
a validated financial institution. Auditors ought to be alert for financial institutions that might choose to only process electronic
confirmation requests.
1002.4 The definition of external confirmation in AU-C 505, External Confirmations, indicates that a confirmation in electronic
form represents audit evidence. When using electronic confirmations, auditors consider the following risks to the reliability of
such information:
Response might not be from an authentic source.
Respondent may not be knowledgeable about the information.
Integrity of the transmission might be compromised.
1002.5 An electronic confirmation can be considered as a sufficient, valid confirmation response if the auditor is satisfied that
the:
Electronic confirmation process is secure and properly controlled.
Information is obtained from a third party who is the intended respondent.
Information is a direct communication in response to a request.
In determining whether the electronic confirmation process meets these requirements, the auditor might review an assurance
trust services report or another auditors report on that process. Typically, the auditor would determine if the report addresses
the three risks noted in paragraph 1002.4. If not, the auditor may perform additional procedures to address those risks such
as telephoning the sender of the information.
1002.6 The use of an electronic confirmation process through a third party provider may provide the following benefits to the
auditor:
Provides a secure link to a valid financial institution.
Provides significantly faster response times since the confirmation is received directly by a bank employee who is
designated by the institution to respond to such confirmations.
Removes the possibility of fraudulent or unauthorized recipients or interception of confirmation requests by the
client.
1002.7 Auditors consider whether the clients financial institution(s) requires the use of a third party confirmation service
when performing engagement planning. By doing so, the auditor (1) will have appropriate time to learn about the service, (2)
can determine whether the service addresses the risks discussed in paragraph 1002.4, and (3) can discuss modifications in
the confirmation process with the client, as well as any additional fee considerations, if necessary. The improper use of paper
confirmation requests in such situations may result in additional delays to complete the confirmation process, as well as to
finalize the audit.
1002.8 Currently, numerous financial institutions have designated Capital Confirmation, Inc. as the third party provider for
submitting electronic confirmation requests. Additional information on Capital Confirmation, Inc. can be obtained via their
website at www.confirmation.com.
Bank Reconciliations
1002.9 Bank reconciliations are typically prepared by the client and copied for the workpapers. But bank reconciliations
prepared in the clients monthly format may not be adequate for audit purposes. Also, if the bank statement date is other than
the balance sheet date, some clients prepare the bank reconciliation as of the bank statement date rather than the balance
sheet date. Time and effort can be wasted trying to adapt procedures to a poorly designed reconciliation. Accordingly, the
following suggestions may be helpful:
a. Meet with the client before the balance sheet date and request that a special reconciliation format be used as of the
balance sheet date.
b. The reconciliation ought to describe, by date and deposit slip total, all deposits in transit. Any interbank deposits
need to be identified.
c. The reconciliation ought to include a complete listing of outstanding checks, showing check number, date written,
payee, and amount. That information will be needed for performing tests with subsequent bank statement activity
and for reconciling accounts payable confirmations during application of liability-related procedures. Avoid letting
the client give you long lists of outstanding checks that do not identify these key elements.
d. Other reconciling items need to be clearly described and dated on the reconciliation.
PPCs Workpapers for Nonpublic Companies in Checkpoint Tools provides an electronic version of a bank reconciliation form
and supporting schedules that auditors may provide for their clients to use.
Other Workpaper Considerations
1002.10 Audit efficiency may also be improved by considering the following workpaper suggestions:
a. Interbank Transfers. As noted in paragraph 1001.10, an interbank transfer schedule may be necessary for an entity
with numerous bank accounts and numerous interbank transfers where the risk of material misstatement is higher.
In most smaller audits, however, this procedure might be accomplished in connection with testing the bank
reconciliations. When vouching deposits in transit, determine whether any of those deposits represent interbank
transfers. Then compare deposits in transit for incoming transfers with the corresponding outstanding check from
the other account for the outgoing transfers. If there is no corresponding outstanding check, determine whether the
client recorded the outgoing transfer. This approach can be documented merely by signing the audit program step
and cross-referencing each applicable deposit in transit to the corresponding outstanding check. However, when
using this approach, it is important for the auditor to review significant deposits in transit on all bank accounts (even
accounts where limited procedures are otherwise performed) to determine whether those deposits represent
interbank transfers. This is sometimes accomplished by placing copies of bank reconciliations for all accounts in the
workpapers.
b. Elaborate Documentation. A common fear among auditors is that failure to perform substantial audit procedures on
any schedule included in the workpapers results in substandard auditing. While it is important to document
procedures performed on a workpaper, remember that many workpapers may only be used for scanning for
reasonableness, e.g., bank reconciliations of infrequently used and immaterial bank accounts. Avoid the temptation
of documentation overkill on those schedules.
c. Schedule of Several Bank Reconciliations. In some situations, one workpaper reflecting the reconciliation of several
small bank accounts may be more practical. Procedural documentation can be minimized.
d. Standard Tickmark Sheet. Audit procedures performed on each bank account can be repetitive. Accordingly, a
standard tickmark sheet may be more efficient than repeatedly documenting the same procedures.
e. Memos. A brief memo may be more efficient for documenting work performed on several small bank accounts.
However, memos need not be prepared if they are redundant and restate the steps performed on the audit program.
Memos ought to be used only to reduce the documentation on numerous workpapers or to discuss the cause and
resolution of complex audit problems.
f. Documenting the Proof of a Bank Statement. In the rare situation where a bank statement needs to be proved, as
noted in paragraph 1001.11, a memo regarding the proofing procedures may be more appropriate than including
copies of the bank statement and other documentation.
g. Program Sign Off. In some cases, an auditor may consider signing off and dating an audit program as adequate
documentation of procedures performed, especially scanning procedures. However, for tests involving a selection of
items or inquiry, there are minimum documentation requirements. Chapter 8 discusses audit documentation
requirements in more detail.
1003 COMMON OVER (UNDER) AUDITING TENDENCIES
1003.1 As mentioned earlier, there is a common tendency to overaudit cash. As discussed in Chapter 4, the auditor designs
the nature, timing, and extent of substantive procedures based on the assessed risks of material misstatement at the relevant
assertion level and need not be tempted to apply procedures that are not necessary given the level of assessed risks. The
following lists of over- and underauditing tendencies are not all-inclusive and are intended as general indications.
Overauditing Tendencies
1003.2 The following overauditing tendencies are common:
a. Counting Cash on Hand. Normally, this procedure is not necessary. (See also paragraph 1001.13.)
b. Routinely Requesting Cutoff Bank Statements. Many auditors have historically sent out requests for a cutoff bank
statement along with the confirmation request. However, in many cases, the timing of the audit or assessed level of
risk does not warrant requesting a cutoff bank statement. For many audits, the use of subsequent bank statement
activity (or in some cases, the clients online banking services) when performing tracing and vouching procedures
will be sufficient. However, when a cutoff bank statement is not requested, the auditor needs to be satisfied that
subsequent bank statements that are used have not been altered. See the case study beginning at paragraph
1004.2.
c. Testing Immaterial Cash Accounts. There is a tendency to perform detail testing of the year-end reconciliations of all
bank accounts. However, in many cases only one account, the general disbursements and receipts account, has
enough activity or reconciling items to require cutoff testing. Sufficient assurance on payroll bank accounts and
other small accounts can generally be obtained by confirming the bank balance (or reviewing the bank statement)
and scanning the reconciling items for unusual entries. (See paragraph 1001.8.)
d. Workpaper Inefficiencies. Often elaborate workpapers are prepared out of tradition when they may not be
necessary, e.g., interbank transfer schedules. (See paragraph 1002.10.)
e. Matching of Individual Items on Deposit Slips to Accounts Receivable. This procedure is a traditional fraud
procedure to discover lapping. Fraud procedures are not necessary unless they are performed in response to
identified fraud risks. (Section 307 discusses the auditors responsibility to identify and assess risks of material
misstatement due to fraud in a financial statement audit.)
f. Immaterial Reconciling Items. Significant time and effort can be spent trying to determine the cause of many small
reconciling items on a bank reconciliation. If an auditor is satisfied as to the nature of the reconciling item, any
concerns over the cause can be expressed in a management letter. The auditor might also suggest a separate
engagement at a later date to evaluate the causes of problems with the accounting system.
g. Routinely Performing a Proof of Cash. As noted in paragraph 1001.11, a proof of cash is a bank reconciliation that
includes not only the prior-period and current-period balances but also reconciles the book receipts and
disbursements for the period(s) with the bank statement(s). A proof of cash can provide evidence about the
existence and completeness assertions for transactions that were recorded on the books or bank statements;
however, many of the other audit procedures discussed in section 1001 are more efficient and just as effective. A
proof of cash is essentially a fraud procedure aimed at detecting recurring cash defalcations. The authors believe it
would only be performed if misappropriation of cash is an identified fraud risk or if there is a high risk of material
misstatement of cash. In such cases, it would be performed for the entire audit period.
h. Unnecessary Vouching of Transactions. Companies that invest idle funds in certificates of deposit often renew them
over an extended period. It is usually unnecessary to vouch each certificate transaction, especially if those
certificates have been confirmed at each year end.
Underauditing Tendencies
1003.3 Because the temptation is to design audit procedures to obtain a precise accounting for cash, there is a greater
tendency to overaudit than to underaudit. However, GAAP presentation requirements are often overlooked, and facts found
during the audit of cash may not be properly related to other audit areas. The following tendencies may occur:
a. Classification Deficiencies. Short-term investments vs. cash equivalents, restricted cash, cash overdrafts, and held
checks may not be identified because of a lack of familiarity with the definitions and disclosure requirements for
these items. (See paragraph 1000.2.)
b. Relating Facts to Other Audit Areas. Information regarding interest rates, balances, and collateral on debt may not be
related to corresponding audit work on debt. Likewise, the auditor may be unable to reconcile accounts payable
confirmations from vendors without relating outstanding checks noted during the audit of cash.
c. Failure To Test Completeness of Outstanding Check List. The outstanding check lists of significant bank accounts
ought to be tested for completeness. That test is generally accomplished by tracing canceled checks clearing the
subsequent bank statements to the outstanding check list. Vouching outstanding checks (that is, tracing from the
bank reconciliation to the canceled checks) does not test completeness.
1004 CASE STUDIES AND OTHER CONSIDERATIONS
Case Studies
1004.1 The following case studies illustrate common cash audit problems.
1004.2 Proof of a Bank Statement. The auditor determines that it is not necessary to request a cutoff bank statement on the
companys main bank account. The client receives the normal subsequent period statement and reconciles the account as
usual. Upon arriving to perform cash audit procedures, the auditor decides to test the subsequent period bank statement to
determine that it is complete and unaltered. However, that bank statement contains over 300 checks. What does the auditor
do to verify the completeness and integrity of the subsequent bank statement?
1004.3 Solution: The auditor bears in mind that a subsequent period bank statement is obtained to test the bank
reconciliation (when considered necessary based on the assessment of risks). That is, it is obtained to substantiate the
deposits in transit and to determine whether the outstanding check list is complete. The completeness of the outstanding
check list is tested by verifying that it includes all checks that (a) clear in the subsequent period and (b) are dated as of the
previous period. When a cutoff statement is obtained directly from the bank, it provides stronger evidence than a bank
statement obtained from the client. Accordingly, when subsequent statements are obtained from the client, additional
procedures are sometimes necessary to determine that the client has not altered the statement or pulled out any canceled
checks. Those additional procedures may include the following:
a. Examining the bank statement for apparent changes.
b. For clients that have established online banking relationships with their bank(s), account information can be
obtained online directly from the bank. Available online information may include daily ending account balances by
individual account, as well as transaction level activity of checks clearing and deposits posting. The auditor ought to
have the client access and print the online information in his or her presence. (In some cases, the auditor might also
apply additional procedures to determine the validity of the online website.)
c. For significant deposits in transit, comparing validated deposit slips to the detail on the face of the bank statement.
d. For the canceled checks clearing the subsequent bank statement, pulling five or 10 checks from the statement and
having a client employee (preferably one with no responsibility for bank reconciliations) foot the remaining checks to
a blind total. The auditor can then add back the pulled checks and compare the total to the amount on the face of
the bank statement. Alternatively, if relatively few large checks comprise a substantial portion of the canceled check
total, the auditor may obtain adequate evidence by tracing significant checks from the list of canceled checks per
the bank statement to the related canceled checks.
1004.4 Held Checks. The auditor notes that the bank reconciliation has a long list of checks in numerical sequence, all
dated December 31, the balance sheet date. What procedure might be performed to determine if there are any held checks
(checks dated on December 31 but not released until the following month)?
1004.5 Solution: If the auditor was observing inventory on December 31, the solution to this problem might be stopping by
the accounting department and recording the last check number written and mailed at the end of the day. The auditor could
then later compare that check number to the check numbers on the outstanding check list and question any additional
checks dated on December 31. Alternatively, for checks in question, the auditor can record on the workpaper copy of the
bank reconciliation the date of the first bank endorsement of the checks clearing in the subsequent period. A consistent trend
of long clearing delays may indicate a held check problem that would result in a reclassification to accounts payable.
1004.6 Surprise Cash Count. The auditor decides to perform a surprise count of cash register totals for a small
family-owned grocery store. He times the surprise count when little traffic is in the store to avoid disrupting normal customer
check-outs. The store has three cash registers, and it ordinarily takes only about fifteen minutes to count each one. When no
one is in the store, the auditor, accompanied by the owner, arrives at the check-out stands to count the cash. Each clerk is
asked to observe the count at the clerks register. Suddenly, three bus loads of kids (on the way to a ski trip) enter the store
and begin lining up at the check-out counters. What does the auditor do?
1004.7 Solution: Exchange clerks, having one clerk count the others register while the auditor observes. This procedure is
also effective in counting numerous teller windows at a small bank.
1004.8 Bank Charge for Processing Confirmation. In mid-November, a client tells her auditor that she has just been
notified by the bank that it now charges a fee for processing standard bank confirmations. The auditor thinks of the number of
firm clients that use the same bank and will be requesting confirmations for year-end audits, and is concerned about the effect
the new policy will have on the cost of audits. What does the auditor do?
1004.9 Solution: The AICPA has advised that the best way to handle that situation is for the auditor, the client (the banks
customer), or the state CPA society to communicate with the banks officers and emphasize the advantages of bank
confirmation to both the bank and its customers. For example, banks rely on audited financial statements for credit evaluation
purposes. In the past, those efforts at the local level, where the parties are known in the local financial community, have been
successful. If they are not, the AICPA asks members to contact the Audit and Attest Standards Team for help in resolving the
matter.
1004.10 Bank Does Not Return Canceled Checks with Bank Statements. The clients bank no longer returns canceled
checks to the client along with the monthly bank statement. The auditor wonders if it is possible to perform an effective audit
without examining canceled checks (for example, when auditing the main disbursements account or as support for
transactions in other audit areas) and what to do in the present circumstances.
1004.11 Solution: In some cases, the auditor may consider having the client communicate with appropriate bank personnel
to determine if special arrangements can be made well in advance to obtain canceled checks along with the subsequent or
cutoff bank statement. The decision may depend on the auditors risk assessment. Banks that do not routinely return
canceled checks typically hold the checks or a microfiche copy for a period of time and may make selected copies available
upon request. As the need arises during the audit, the auditor may also be able to request copies of specific checks paid by
the bank during the year. If the auditor cannot or does not obtain checks, the following alternative procedures may provide
satisfactory evidence about disbursements:
a. Some banks list the payee on the bank statement as well as the check number, amount, and date paid. This detail
may provide sufficient evidence of the actual payee listed in the clients records.
b. The details of the disbursement can be confirmed with the payee if neither the check nor a sufficiently detailed bank
statement is available and the auditor wants evidence independent of the clients records.
c. The auditor may be able to rely on a combination of data on the bank statement (check number, amount, and date
paid), the clients internally generated information about the disbursement, and client control procedures related to
disbursements such as the following:
(1) Use of prenumbered checks and numerical control of checks used.
(2) Recording of check numbers in the disbursements journal.
(3) Designation of authorized check signers.
(4) Restricted access to checks and signature plates.
(5) Approval of payments, signing of checks, and timely preparation of bank reconciliations by persons other than
the one who prepares checks and posts disbursements to the accounts.
The Control Activities Form for Cash at ASB-CX-5.7 lists other control procedures for cash.
However, the auditor might investigate whether canceled check images can be obtained in another manner if the
physical checks cannot be practically obtained. For example, many financial institutions that have abandoned the
practice of returning canceled checks offer customers online bank statement activity, which often includes images of
processed checks. In such situations, the auditor would need to take appropriate steps to determine the validity of
the online banking site and obtain permission from the client to gain or coordinate access.
1005 AUDIT PROGRAM
1005.1 The core audit program at ASB-AP-3 presents basic and extended substantive audit procedures for cash. Using the
core audit program, the auditor chooses the procedures that will be adequate to obtain sufficient audit evidence for the
relevant assertions. The specified risk audit program at ASB-AP-3-S presents the substantive audit procedures for cash that
are normally adequate to respond to a set of underlying risk assessments (provided at the front of the audit program)
considered typical of many smaller businesses. The use of PPCs audit programs is discussed in section 405.
1006 RESPONDING TO FRAUD RISK
1006.1 Section 307 discusses the auditors responsibility to identify and assess risks of material misstatement due to fraud.
Based on that assessment, the auditor may determine that an audit response is necessary. Audit responses may be overall or
specific. Overall responses, such as considering the extent of supervision planned for the audit, affect the overall conduct of
the audit. Auditors generally use overall responses to address fraud risks that are pervasive to the financial statements.
Specific responses involve the nature, timing, and extent of further audit procedures. Specific responses are used to address
fraud risks in individual audit programs, that is, at the account balance, transaction class, or financial statement assertion
level.
1006.2 Numerous different types of fraud schemes may be used to perpetrate either fraudulent financial reporting or
misappropriation of assets. Auditors need an understanding of fraud schemes and how they are perpetrated, concealed,
detected, and prevented so they can design appropriate audit responses and advise their clients about fraud prevention and
detection matters. Examples of common fraud schemes related to cash and procedures that may be performed in response
to those schemes are provided for both misappropriation of assets (Exhibit 10-1) and fraudulent financial reporting (Exhibit
10-2). For misappropriation of assets, Exhibit 10-1 also lists the symptoms (also called red flags or indicators) auditors may
observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting schemes presented in
Exhibit 10-2, symptoms generally relate to fraud risk factors such as the desire to minimize reported earnings for
tax-motivated reasons. Those risk factors may provide an incentive or pressure to manipulate the financial statements. (See
the discussion beginning at paragraph 302.47 for additional discussion of fraud risk factors.)
Exhibit 10-1
Common Cash Fraud Schemes, Symptoms, and Related Audit Responses
Misappropriation of Assets
Fraud Scheme Symptoms
Audit Responses
a
Skimming all or part of a
cash sale.
Cash sales or receipts differ
from normal or expected
patterns.
Cash deposit totals differ
patterns.
Compare inventory sold to
the change in inventory.
Analyze gross profit.
Inventory discrepancies.
Audit Responses
a
Unusual amount or pattern of
cash over/short.
Receipts in currency
decrease, while customer
checks and credit card
receipts increase or remain
constant.
Customer complaints.
Declining gross profit.
Theft of a daily deposit. Cash sales or receipts differ
patterns.
Cash deposit totals differ from
normal or expected patterns.
Lack of segregation of duties.
Missing deposit slips.
Missing sales invoices.
Unusual journal entries or
unusual items on the bank
reconciliation.
Differences between daily list
of receipts and deposits on
bank statement.
Compare bank deposits to
cash receipts records.
Prepare proof of cash.
Review journal entries.
Review bank reconciliations.
Less cash schemes (that is,
shorting the deposit).
Less cash on deposit tickets.
patterns.
Unusual reconciling items on
bank reconciliations.
Unusual journal entries
affecting cash accounts.
Deposits per the bank
statement that do not match
the companys copy of
deposit tickets.
Lack of segregation of duties.
Compare bank deposits to
cash receipts records.
Voids and sales returns
schemes.
Unusual or unexpected voids
or sales returns.
patterns.
Unusual activity on the daily
cash register tape.
Discrepancies between sales
Review daily cash register
tapes.
Compare sales prices to list
prices.
Compare inventory sold to the
change in inventory.
Inspect and account for
returned merchandise.
Match sales returns with
original sales.
Confirm sales returns with
Audit Responses
a
prices and list prices. customers.
Analyze voids and sales
returns.
Theft of cash on hand. Discrepancies between the
cash count and the account
balance.
Unusual or unexpected
fluctuations in cash on hand.
Personal checks included in
cash funds (swapping checks
for cash).
Cash shortages.
Increased use of petty cash
fund.
Conduct surprise cash counts.
Note:
a
In addition to the specific responses listed, the auditor may also interview client personnel in areas where the auditor is
concerned about the risk of fraud or test controls designed to detect the fraud. The auditors overall response to fraud
risks involves more general, or overall, considerations separate from the specific responses illustrated.
* * *
Exhibit 10-2
Common Cash Fraud Schemes and Related Audit Responses
Fraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Holding cash receipts records open after the
balance sheet date or closing cash
disbursement records early.
Inspect deposits and canceled checks for dates
they cleared the bank and note any unusual
patterns.
Kiting. Prepare and review interbank transfer schedule.
Improperly accounting for held checks. Inspect deposits and canceled checks occurring
around period end for dates they cleared the
bank.
Examine support for held checks.
Overstating capitalized interest to increase cash
flow from operations.
Test the validity of interest capitalized during the
period.
Note:
a
In addition to the specific procedures listed, the auditor may also interview client personnel in areas where the auditor is
* * *
1006.3 A risk of misappropriation of assets may exist in many entities. However, as discussed in section 307, the auditor is
not responsible for immaterial fraud, and many frauds involving misappropriation of assets are not material to the financial
statements. Consequently, auditors need not automatically perform additional procedures related to misappropriation simply
because a risk of misappropriation exists. The auditor should develop an audit response for identified risks of material
1006.4 Paragraphs 1001.10 through 1001.12 and the core audit programs in this Guide provide some of the more common
additional procedures the auditor may perform in response to identified fraud risks.
CHAPTER 11: ACCOUNTS RECEIVABLE AND SALES
1100 INTRODUCTION
General
1100.1 Traditional audit programs for accounts receivable focus on confirming customer balances and testing the adequacy
of the allowance for bad debts. In todays competitive environment, it can be difficult to balance the need for efficient auditing
with the need to address complex issues involving audit sampling, the completeness assertion, improper revenue recognition,
improper revenue recognition, and accounting estimates (i.e., estimated bad debts). This chapter discusses key
considerations for auditing accounts receivable and sales and suggests techniques to help improve audit effectiveness and
efficiency.
1100.2 Generally accepted accounting principles (GAAP) for accounts receivable are primarily concerned with the
measurement of amounts owed to the company and the valuation of those receivables. Financial statement presentation
usually concerns the proper classification of receivables as current or noncurrent assets. Disclosure standards also require
adequate disclosure of related party, employee, pledged, discounted, assigned, and other categories of significant
receivables. Disclosure of accounting policies for trade receivables, doubtful accounts, charge-offs, and past due receivables
also may be required. Although recognition of related party and pledged receivables is sometimes difficult, the biggest
problem in complying with GAAP for many small-sized to mid-sized audit engagements is often the proper valuation of the
accounts. The valuation of accounts receivable is subjective and can be challenged based on information obtained after the
date of the financial statements.
1100.3 GAAP for sales is primarily concerned with revenue recognition. Generally, revenue should be recognized (and an
appropriate provision for uncollectible amounts should be made) when a transaction is completed. When the buyer has the
right to return the merchandise sold, revenue should be recognized only if certain criteria are met. Revenue and cost of sales
recognized when a right of return exists should be reduced for estimated returns, and expected costs or losses related to
sales returns should be accrued. GAAP generally does not require specific disclosures about revenues. However, revenue
recognition can be complex and specific disclosures are required in certain industries or for certain types of transactions,
such as real estate transactions, computer software, and multiple deliverable arrangements. The method of recognizing
revenue is also ordinarily disclosed if it involves recognizing revenue at other than the point of sale.
1100.4 FASB ASC 825 requires certain disclosures for significant group or individual credit risk concentrations. A group
concentration is a group of customers with similar activities and similar characteristics that can affect their ability to pay their
debts. For example, if a companys customers were all in the same industry or region, this might be considered a group
concentration. Among other things, disclosure is required of the nature of the group, maximum credit loss exposure, and
information on any collateral obtained. For a typical nonpublic business, a description of the companys principal activities will
usually provide adequate disclosure. For instance, a retailer may be able to meet the disclosure requirements by discussing
the business, its location, and whether credit is granted to its customers. According to FASB ASC 825-10-50-3, disclosures
about concentrations of credit risk are optional for nonpublic companies that (a) have total assets at the balance sheet date of
less than $100 million and (b) have no instrument that, in whole or in part, is accounted for as a derivative other than
commitments related to the origination of mortgage loans to be held for sale during the reporting period.
1101.1 AU-C 500.06 states:
following:
Tests of controls.
Risk assessment procedures and tests of controls contribute to the formation of the auditors opinion, but do not, by
risks of material misstatements by considering the different types of potential misstatements that may occur (that is, what
could go wrong in the financial statements), and then designing audit procedures that are responsive to the assessed risks.
For each relevant assertion within an account balance, class of transactions, or disclosure, the auditor assesses the risks of
assertion level. That chapter also discusses the PPC audit programswhich include basic, extended, and other audit
procedures. Chapter 5 discusses considerations when choosing substantive procedures, including substantive analytical
procedures and tests of details. Auditors need to be familiar with the concepts discussed in those chapters when designing
the nature, timing, and extent of substantive audit procedures for accounts receivable and sales.
Relevant Assertions for Accounts Receivable and Sales
1101.5 The relevant assertions for accounts receivable and sales generally are as follows:
Existence or occurrence (E/O)Accounts receivable reported in the balance sheet exist and represent sales in the
normal course of business. Sales reported in the income statement represent valid transactions that occurred during
the period and pertain to the entity.
Completeness (C)Accounts receivable include all amounts owed to the company at the balance sheet date. All
sales that should be included in the income statement are recorded. Related disclosures are complete.
Rights or obligations (R/O)Accounts receivable are authentic rights held by the company.
Valuation or allocation (V)Accounts receivable is recorded net of an allowance for uncollectible accounts, and the
allowance is adequate but not excessive. If the direct write-off method is used, all significant doubtful accounts have
been written off, and the bad debt exposure in the remaining accounts is insignificant.
Cutoff (CO)Accounts receivable and sales are recorded in the proper accounting period.
Accuracy or classification (A/CL)Accounts receivable and sales transactions have been properly recorded as to
account and amount. Accounts receivable are properly classified in the balance sheet and all significant categories
of receivables are presented separately in the balance sheet or disclosed (e.g., trade receivables and amounts due
from officers, employees, directors, stockholders, or affiliates). Information about accounts receivable and sales
required by GAAP is fairly disclosed at appropriate amounts.
Substantive Audit Procedures for Accounts Receivable and Sales
1101.6 A significant part of the audit of accounts receivable is directed toward obtaining audit evidence to substantiate the
existence assertion through the use of confirmations. The auditor often obtains audit evidence for other assertions related to
accounts receivable primarily through the use of inquiry and analytical procedures. Examples of substantive procedures at
the account balance level for accounts receivable are as follows:
Compare the balance in trade accounts receivable with the balance for prior years or other expectations and
investigate unexpected results.
Compute the ratio of accounts receivable to current assets, total assets, and/or net worth and compare with the
ratios for prior years or other expectations and investigate unexpected results.
Compute the ratio of the accounts receivable balance to net credit sales and the number of days sales in accounts
receivable for the current and prior years or other expectations and investigate any unexpected results.
Review a reconciliation of the aged accounts receivable trial balance to the general ledger account balance, and
document an explanation for any unusual reconciling items. Consider whether it is necessary to review
documentation supporting the reconciling items and explanations.
Scan the trial balance for unusual items, such as large credit balances, unusual customer names, nontrade items, or
receivables from known related parties, and propose reclassifications, if necessary.
Confirm selected accounts from the aged trial balance.
Test the adequacy of the allowance for doubtful accounts by performing analytical procedures such as comparing
the balances in the allowance for doubtful accounts, sales returns and allowances, and bad debt expense with prior
years or other expectations and investigating any unexpected results.
Scan the sales journal and investigate large or unusual transactions near the balance sheet date, both before and
after. For higher assessed risks of material misstatement for cutoff, compare sales for the last month of the year to
sales for the rest of the year and to the first month after year-end, and compare sales returns and credit memos for
the last few months of the year to the first few months after year-end.
1101.7 Other procedures in the cash, debt, and related-party areas of the audit also may provide evidence related to
receivables. Loan agreements, other confirmations, and the review of minutes can provide information about pledged,
discounted, or assigned receivables that need to be disclosed in the financial statements. Assurance about the completeness
of disclosures is ordinarily obtained by filling out a disclosure checklist as part of general auditing and completion
procedures. In addition, informing the audit team of known related parties (for example, during the discussion among the
engagement team as discussed in Chapter 3) will help to make each auditor more alert for significant related-party
receivables.
1101.8 Because of the interrelationship of accounts receivable and sales, substantive tests of sales (often analytical
procedures) provide audit evidence for assertions related to sales and may also provide audit evidence for assertions related
to accounts receivable. Examples of substantive analytical procedures for sales are as follows:
Inquire of management (normally as part of planning) about, and evaluate, changes in revenue recognition policies
and significant, unusual, and complex revenue transactions occurring at or near year-end.
Scan a schedule summarizing sales, sales returns, and allowances by major product line and geographic location
for the year and perform analytical procedures such as comparing amounts to those of prior years or other
expectations and to budgeted amounts, and investigate any unexpected results.
1101.9 In addition, as discussed in Chapter 3, AU-C 240 creates a rebuttable presumption that there is a risk of material
misstatement due to fraud relating to improper revenue recognition (AU-C 240.26). If the auditor does not overcome that
presumption, the auditor should perform procedures relating to revenue to respond to that risk. See also the discussion
Completeness Procedures
1101.10 Completeness is the most elusive financial statement assertion to test, especially for revenue-related accounts, i.e.,
sales and accounts receivable. There are two views on how to test the completeness assertion. One view is that, because
substantive tests are not very effective in testing completeness, audit objectives about completeness cannot be achieved
without some tests of controls that support an assessed level of control risk as low or moderate for the completeness
assertion. In particular, those who hold this view believe that controls are needed to assure that all transactions that should be
recorded are in fact recorded. However, in many nonpublic companies, lack of segregation of duties may potentially preclude
testable controls that provide reasonable assurance that the accounting system captures all transactions. For example, a
company may use prenumbered shipping documents and require that they be attached to sales invoices to ensure that all
merchandise shipped is invoiced, but management can easily intercede to conceal a sale by preventing the preparation of the
shipping document.
1101.11 The other view is that the auditor need not be overly concerned about completeness because the risk of unrecorded
revenue in many nonpublic companies is minimal, and, even if it were discovered, an account receivable often would not be
recorded because it would be uncollectible. The authors believe that the proper approach to testing completeness falls
somewhere between these two extreme views. The authors believe that an assessment of control risk as low or moderate is
not required to satisfy audit objectives about the completeness assertion (except for some transactions, such as cash
revenues of a retailer or charitable organization, where it may be difficult to limit audit risk without assessing control risk below
the maximum). However, the auditor is required to perform some substantive procedures for each relevant assertion for
account balances and transaction classes that are material, and sales and receivables are ordinarily material. Thus, the
auditor needs to perform some substantive tests for the completeness assertion.
1101.12 Tests for completeness do not have to be elaborate or time-consuming. The most effective tests incorporate a
combination of inquiry, observation, and analytical procedures, such as predictive tests of recorded revenue. Paragraph
506.38 begins a discussion on how such procedures might be performed. Typically, as the auditors assessed level of the risk
of material misstatement for the completeness assertion increases, the level of detail and needed precision of predictive and
other analytical procedures for sales completeness also increases. In addition, AU-C 240.22 and AU-C 240.34 require the
auditor to perform preliminary analytical procedures related to revenue through the end of the reporting period to identify
unusual or unexpected relationships that may indicate fraudulent financial reporting. Those procedures may also provide
evidence relating to the completeness of revenue. (See Chapter 3.)
1101.13 A procedure often performed out of tradition is a test of sales transactions. These procedures are sometimes
elaborate and include testing the accountability of sales invoices and proper matching to shipping documents. AU-C 330.A48
states that tests of details related to the completeness assertion may involve selecting from items that are expected to be
included in the relevant financial statement amount and investigating whether they are included. Accordingly, if the auditor
selects a sample of sales (a recorded transaction) and traces them to shipping documents, that test does not address
completeness. Testing recorded transactions does not provide information about unrecorded transactions. The proper
approach would be to select the sample from shipping documents, then to match these to sales invoices. That is more apt to
determine if the sales are indeed being recorded. However, even when such sales tests are performed correctly, they cannot
discover situations where a sale was concealed by simply not preparing a shipping document. (See the discussion in
paragraph 1101.10.) Again, simple inquiry, observation, and analytical tests often can be more effective and less
time-consuming than a sales test.
Confirmation of Accounts Receivable
1101.14 AU-C 505, External Confirmations, and AU-C 330, Performing Audit Procedures in Response to Assessed Risks and
Evaluating the Audit Evidence Obtained [formerly SAS No. 67 (AU 330)], provide guidance on several matters relating to audit
confirmations, especially confirmation of accounts receivable. Matters covered by AU-C 505 and AU-C 330 include:
External confirmation procedures. (See paragraph 1101.18.)
Use of negative confirmations. (See paragraph 1101.23.)
Factors affecting the reliability of confirmations. (See paragraph 1101.25.)
Managements refusal to allow external confirmations. (See paragraph 1101.30.)
Alternative procedures. (See paragraph 1101.32.)
Evaluation of confirmation results. (See paragraph 1101.36.)
Use of nontraditional confirmations. (See paragraph 1101.38.)
1101.15 Objectives and Requirements. This section summarizes the objectives and requirements for the auditors
responsibilities when using external confirmations.
1(70)
1101.16 Objective. The objective of the auditor when using external confirmation procedures is to design and perform those
procedures to obtain relevant and reliable audit evidence.
1101.17 Requirements. The requirements that should be followed to achieve that objective are summarized in Exhibit 11-1.
Exhibit 11-1
Requirements for External Confirmations
AU-C
Reference
Guide
Reference
Practice Aids
Performing Audit Procedures in Response to Assessed Risks
and Evaluating the Audit Evidence Obtained
Consider whether external confirmation procedures will be
performed as substantive audit procedures.
AU-C 330.19 ASB-AP-3 through
ASB-AP-14
Use external confirmation procedures for accounts receivable
unless one or more of the following applies:
The overall account balance is immaterial.
External confirmation of accounts receivable would be
ineffective.
The assessed risk of material misstatement at the relevant
assertion level is low, and other planned substantive
procedures address the risk. (In many cases, both external
confirmation procedures and other substantive procedures are
necessary to reduce risk to an acceptably low level.)
When material balances in accounts receivable are not confirmed,
document why the accounts were not confirmed.
External Confirmations
When using external confirmation procedures, maintain control over
external confirmation requests, including:
Determining the information to be confirmed or requested.
Selecting the appropriate confirming party.
Designing the confirmation requests, including determining
that they are properly directed to the appropriate confirming
party and that the response will be sent directly to the auditor.
Sending the original and follow-up requests to the confirming
party.
ASB-AP-14
If management refuses to allow the performance of external AU-C 505.08 ASB-AP-4,
AU-C
Reference
Guide
Reference
Practice Aids
confirmation procedures:
Inquire about managements reasons for the refusal and seek
audit evidence about the validity and reasonableness of the
reasons.
Evaluate the implications of managements refusal on the risk
assessment, including the risk of fraud, and on the nature,
timing, and extent of other audit procedures.
Perform alternative procedures to obtain relevant and reliable
audit evidence.
Managements
Refusal to Allow
External
Confirmations
If managements refusal to allow the performance of external
confirmation procedures is deemed unreasonable, or relevant and
reliable audit evidence cannot be obtained from alternative audit
procedures, communicate with those charged with governance.
Also, determine the implications for the audit and the auditors
opinion.
AU-C 505.09 ASB-AP-4,
Managements
Refusal to Allow
External
Confirmations
If factors are identified that cause doubts about the reliability of the
response to a confirmation request, obtain further audit evidence to
resolve the doubts.
ASB-AP-14
If a response to a confirmation request is deemed not reliable,
evaluate the implications on the risk assessment, including the risk
of fraud, and on the related nature, timing, and extent of other audit
procedures.
ASB-AP-14
For each nonresponse, perform alternative audit procedures to
obtain relevant and reliable audit evidence
ASB-AP-14
When a written response to a positive confirmation request is
considered necessary to obtain sufficient appropriate audit
evidence and the written confirmation cannot be obtained,
determine the implications for the audit and the auditors opinion
ASB-AP-14
Investigate exceptions to determine whether they indicate
misstatements.
ASB-AP-14
Do not use negative confirmation requests as the sole substantive
audit procedure to address an assessed risk of material
misstatement at the assertion level, unless all of the following are
present:
The assessed risk of material misstatement is low, and
sufficient appropriate audit evidence about the operating
effectiveness of controls relevant to the assertion has been
obtained.
The population of items subject to negative confirmations
consists of a large number of small, homogeneous account
balances, transactions, or conditions.
A very low exception rate is expected.
There are no circumstances or conditions that would cause
recipients of negative confirmation requests to disregard them.
AU-C 505.15 ASB-CL-7.4
Evaluate whether the results of the external confirmation procedures
provide relevant and reliable audit evidence or whether further audit
evidence is necessary.
ASB-AP-14
* * *
1101.18 Confirmation Procedures. Consistent with the guidance in AU-C 500 and AU-C 330 that (a) evidence obtained from
a knowledgeable independent source outside the entity is more reliable than evidence obtained from the client and (b) the
greater the risk of material misstatement, the less detection risk that can be accepted, and, consequently, the greater the
extent of substantive procedures, AU-C 330.20 requires that accounts receivable be confirmed unless at least one of the
following conditions is met:
The balance is immaterial.
Using confirmations would be ineffective.
The risk of material misstatement (the combined assessment of inherent and control risk) is low and other
substantive procedures will be adequate to provide sufficient appropriate audit evidence for relevant assertions.
(Paragraph 403.51 and Exhibit 4-8 discuss combining the inherent and control risk assessments.)
Accounts receivable confirmation procedures might be ineffective, for example, if the auditor determines that (1) the response
rate to confirmation requests will be inadequate or (2) responses are known or expected to be unreliable. The auditor may
make that determination based on prior years audit experience with the client or experience with similar entities. For example,
the auditor might determine through previous experience with the client that response rates to confirmations have been poor,
ultimately resulting in the performance of extensive alternative procedures. Auditors who omit confirmation procedures when
the balance is material are required by AU-C 330.32 to document the reasons they were able to do so. It is not sufficient to
merely assert in the workpapers that the use of confirmations would be ineffective without providing some type of evidence or
analysis to substantiate that assertion. Also, in that case, the auditor needs to design effective alternative procedures.
1101.19 For purposes of accounts receivable confirmation, accounts receivable means (a) amounts due from customers that
arise from the sale of goods or services in the normal course of business, and (b) financial institution loans. Thus, there is no
requirement in professional standards to confirm receivables such as related party, employee, or other types of receivables
that do not arise from the sale of goods or services. Those items may be confirmed, however, based on the auditors risk
assessment. If items other than trade receivables are confirmed, the requirements in Exhibit 11-1 from AU-C 505 apply to the
confirmation process.
1101.20 Examining Subsequent Cash Collections. In many audits of nonpublic companies, a significant portion of the
year-end accounts receivable may be collected before the auditor performs his or her testwork. That situation was sometimes
viewed as one in which confirmation of accounts receivable was unnecessary. That option is not appropriate under AU-C 330
unless, as noted in paragraph 1101.18, accounts receivable are immaterial, confirmations would be ineffective, or the
combined assessed level of inherent and control risk is low. Since the combined assessment for the applicable financial
statement assertions (primarily existence of accounts receivable) will rarely be low, confirmation of receivables will usually be
necessary if their use would be effective, even if there are significant subsequent collections. However, the authors believe
that confirmation of individually significant items may often be adequate in that situation. The case studies in section 1104
illustrate that approach.
1101.21 Another consideration when examining subsequent cash collections is whether the specific payment being tested
relates to the year-end receivable balance. That is, it would be inappropriate to conclude that a year-end receivable balance
was collected if the customers payment was actually for a purchase made after year-end. Consequently, if there is some
question as to how the client is applying subsequent payments, subsequent collections may not provide reliable audit
evidence about the existence of year-end accounts receivable balances. When examining subsequent cash collections,
consider the need to obtain evidence that the source of the payment was, in fact, the customer and that it pertains to the
customers receivable balance at the balance sheet date.
1101.22 Types of Confirmations. AU-C 505.06 defines an external confirmation as a direct response to the auditor from a
third party either in paper form or by electronic or other means, such as through the auditors direct access to information
held by a third party. The types of accounts receivable confirmations used varies depending on the companys situation and
the nature of its operations. The following are the forms of confirmations normally used:
Positive. This form requests recipients to reply directly to the auditor and make a positive statement whether they
agree or disagree with information included.
Negative. This form requests recipients to reply directly to the auditor only if they disagree with the information
presented on the form.
Blank. This form requests recipients to provide the auditor with the balance or invoice amounts owed to the
company. Auditors ought to note that the use of blank forms might result in a lower response rate and a higher
incidence of apparent exceptions. Blank forms may be most appropriate when confirming the terms of a transaction
rather than the amount.
Expanded Field. This form requests recipients to identify which (if any) of several balances provided on the form is
correct. This form is seldom used in practice and is not discussed further in this chapter.
Positive confirmation procedures typically provide the primary audit evidence for the existence assertion in a nonpublic
company audit.
1101.23 Negative confirmations are often inappropriate for nonpublic company audits. AU-C 505.15 states that negative
confirmations may be used as the sole substantive procedure only when:
a. The assessed risk of material misstatement is low, and relevant controls have been tested for operating
effectiveness.
b. A large number of small, homogeneous balances is involved.
c. A very low exception rate is expected.
d. The auditor believes the confirmation recipients will consider the requests.
The first criterion is often not met. However, if all of the above criteria are met, such as for audits of certain financial institutions
or retail businesses, the auditor may want to consider using negative confirmations. When using negative confirmations,
auditors ought to bear in mind that negative confirmations do not provide any evidence that the requests were actually
received or verified by the recipient. Therefore, negative confirmations provide only limited audit evidence. In addition, the use
of negative confirmations is not a sampling application and the results may not be projected to the population. Because of the
limited evidence provided by negative confirmations, they are best used to supplement evidence obtained from other auditing
procedures. Generally, only positive confirmations are used to confirm individually significant items.
1101.24 Negative confirmations can be used as a supplement to positive confirmations to provide evidence about the
existence of customers as well as the overall nature and level of disagreements about account balances. Auditors might
consider sending negative confirmations for accounts not selected for positive confirmation to obtain that evidence. This can
be effective, especially on a first year audit where there are numerous small accounts. If the auditor chooses to send negative
confirmations, the authors suggest coordinating their mailing with the mailing of customer statements. One approach is to
have the client stamp or otherwise annotate the customer statements with the negative confirmation request, include the firms
return envelope with the mailing, and mail the statements under the auditors supervision. Alternatively the Negative
Accounts Receivable Confirmation Request at ASB-CL-7.4 can be modified for mailing with customer statements. (However,
this may be inefficient if there are numerous accounts due to the need to include the appropriate customer name on each
confirmation request.) If numerous statements are returned undeliverable or if there are numerous disagreements about
account balances, the auditor might want to consider performing additional procedures related to the existence, rights or
obligations, or valuation assertions for accounts receivable.
1101.25 Confirmation Design. When designing accounts receivable confirmations, AU-C 505.A5 indicates that the auditor
considers the following:
a. The Form of Confirmation and Method Used. (Discussed in paragraphs 1101.22 and 1101.26.)
b. Prior Experience. If prior experience with the client or on similar engagements indicates that confirmations are not
effective (e.g., because of poor response rates), the auditor might consider whether the confirmation design can be
improved. For example, the confirmation may not provide the customer with enough information to respond, the
confirmation may be directed to the wrong person, or the customer may more easily be able to respond to individual
invoice requests instead of the entire balance. If properly designed confirmations prove to be ineffective, the
necessary audit evidence should be obtained in other ways (e.g., examination of subsequent payments or shipping
documents and sales orders).
c. The Nature of the Information Being Confirmed and Risk. For accounts receivable confirmations, this consideration
relates to such things as:
(1) Whether to confirm invoices or balances. That decision depends on the design of both the clients and the
customers accounting systems.
(2) Whether unusual transactions are noted (e.g., unusually large sales at or near year-end). The auditor needs to
understand the nature of unusual transactions in order to properly design the confirmations. An example would
be bill and hold transactions, for which the auditor might design the confirmation to specifically request
confirmation of those terms. A confirmation request designed for bill and hold transactions is included at
ASB-CL-7.6. (The audit program at ASB-AP-4 also includes additional procedures related to bill and hold
transactions.) When confirming the terms of unusual transactions, the confirmations may need to be addressed
to higher-level customer management personnel, who would be familiar with the details of the transactions.
(3) The possibility of oral agreements. If there is a significant risk that there are oral agreements between the client
and the customer (e.g., regarding the right to return merchandise), the auditor ought to consider confirming
both the existence and terms of any such modifications. The confirmation request forms at ASB-CL-7.1,
ASB-CL-7.2, ASB-CL-7.3, and ASB-CL-7.5 include illustrative language to confirm the existence of special sale
or payment terms.
d. The Intended Respondent. The customers ability to confirm the requested information needs to be considered. For
example, some customers may be able to confirm individual invoices, whereas others may only be able to confirm
balances. Also, confirmations need to be directed to those who are knowledgeable of the information being
requested. If information comes to the auditors attention concerning the competence, knowledge, or ability of the
respondent to respond to a confirmation request, or about the respondents objectivity with respect to the client, the
auditor should consider that information when designing confirmation requests and evaluating results. In some
cases, such as for material transactions, the auditor may need to consider those factors with a heightened degree of
professional skepticism to determine whether the confirmation is being sent to a respondent who can provide
meaningful and competent evidence. If there are doubts about the reliability of a respondent, the auditor should
perform procedures to resolve the doubts. If the doubts cannot be resolved and the respondent is considered
unreliable, the auditor should evaluate the implications on the risk assessment, including fraud risks, and the need
to modify planned audit procedures.
1101.26 Electronic Confirmations. With the increased use of electronic communications, auditors are beginning to use
electronic confirmations rather than a mailed written communication. Electronic confirmations can be considered reliable
audit evidence. However, as with any confirmations, AU-C 505.A13 indicates auditors need to consider the following risks to
the reliability of such information:
Response might not be from an authentic source.
Respondent may not be knowledgeable about the information.
Integrity of the transmission might be compromised.
1101.27 An electronic confirmation can be considered as a sufficient, valid confirmation response if the auditor is satisfied
that the electronic confirmation process is secure and properly controlled. In determining whether the electronic confirmation
process is secure, the auditor might review an assurance trust services report or another auditors report on that process.
Typically, the auditor would determine if the report addresses the three risks noted in paragraph 1101.26. If not, the auditor
may perform additional procedures to address those risks such as telephoning the sender of the information.
2(71)
1101.28 Timing of Confirmation Procedures. Confirmation procedures may be performed as of a date on, before, or after
the balance sheet date. If the procedures are not performed as of the balance sheet date, the accounts receivable balance
should ordinarily be rolled forward or backward to the balance sheet date. Since effective internal control is one consideration
in deciding whether to perform confirmation procedures at a date other than the balance sheet date, it may be most effective
to confirm receivables as of the balance sheet date. The audit program at ASB-AP-4 also includes additional procedures for
confirmations at an interim date.
1101.29 Selecting the Accounts to Be Confirmed. The receivables of a nonpublic company often have a small number of
accounts and can be divided into several natural groups. As discussed in Chapter 7, it is important to divide the population, if
possible, to identify individually significant items (that is, those items for which 100% testing is appropriate). That approach
produces an efficient audit, since sampling is unnecessary if groups tested 100% are sufficient to satisfy the objectives.
Natural groups for receivables may include:
a. Individual customer accounts and notes with large dollar balances.
b. Accounts with unusual characteristics (e.g., unusual name, serious past due balances, likelihood of misstatement,
etc).
c. Related party accounts.
d. Credit balance accounts.
e. All other accounts.
Based on the nature and assessed level of risk, the auditor might also wish to confirm receivables that relate to complex
transactions, customers that have historically received adjustments or nonstandard terms, and new customers.
1101.30 Management Refuses to Allow External Confirmations. If the client objects to sending a confirmation to a
particular customer, the auditor should inquire about the reason for the refusal, obtain corroborating evidence to support the
clients reasoning, and evaluate the implications on the risk assessment and planned audit procedures. If the reason is
considered valid, alternative procedures should be applied to obtain sufficient audit evidence related to the customers
account. The auditor might also consider obtaining a representation in the management representation letter regarding the
reasons for not confirming. Auditors ought to be alert to the fact that a clients request that an account not be confirmed
because it is in dispute may be intended to divert the auditor from an inappropriate transaction. If the clients reason is not
considered valid, or sufficient evidence cannot be obtained from alternative procedures, the auditor should communicate with
those charged with governance and consider the possible effect on the audit, such as the ability to rely on managements
representations. If the restrictions significantly limit the scope of the audit, it may be necessary to modify the auditors report.
1101.31 Sampling Considerations. The auditor normally would confirm 100% of groups a., b., and c., described in
paragraph 1101.29. Group d., the credit balances, may be considered for reclassification and for confirmation in the accounts
payable section. Group e. is the typical candidate for sampling applications. Sometimes other substantive procedures applied
to group e., such as procedures performed when testing for doubtful accounts, may be as effective and more efficient than
mailing additional confirmations for a sample of accounts in the group. For example, if subsequent collections are posted to
the aged trial balance through a date close to the date of the auditors report, testing of those collections during the review for
doubtful accounts may often provide adequate additional evidence about the existence of accounts in the remaining group.
Also, sampling would not typically be necessary if accounts confirmed from groups a., b., and c. are sufficient to reduce the
remaining balance below tolerable misstatement. However, when the accounts receivable balance consists primarily of a
large number of small balances, then sampling may be the most efficient way to test group e. Section 702 discusses the
steps necessary to determine whether sampling is appropriate in a specific audit. If it is necessary to confirm a sample from
group e., the auditor might consider confirming individual invoices instead of balances. This will often increase the response
rate and reduce exceptions. The auditor ought to also be aware that misstatements projected for sampled groups apply only
to the groups sampled. Actual misstatements identified in groups tested 100% are added to the projected misstatements for
sampled groups to determine the total misstatement for receivables. See the case studies in section 1104 of this chapter for
illustrations of sampling considerations in the audit of accounts receivable.
1101.32 Alternative Procedures. When using positive confirmations, the auditor ordinarily sends second requests and
occasionally third requests to nonrespondents. If there is still no response, the auditor should perform alternative procedures.
The auditor typically performs alternative procedures by first examining subsequent cash collections and then, if necessary,
examining shipping documents and sales orders. (As noted in paragraph 1101.21, examining subsequent cash collections
provides reliable evidence of existence only if the auditor can match the payment to the actual year-end receivable balance.)
1101.33 AU-C 505.A26 affirms that it is not always necessary to perform alternative procedures (beyond the evaluation of
results) on all nonresponses. The nonresponses can simply be treated as misstatements if doing so does not affect the
auditors decision about whether the financial statements are materially misstated. Before doing that, however, the auditor
needs to consider whether there is some systematic circumstance or qualitative characteristic common to the unreturned
confirmations. For example, if sampling is used and a significant number of unreturned confirmations relate to year-end
transactions, the auditor would ordinarily consider performing additional procedures focused specifically on year-end
transactions.
1101.34 When alternative procedures are performed in lieu of confirmation (for example, because the auditor concludes the
use of confirmations would be ineffective), it may be appropriate to modify the nature or extent of alternative procedures by
applying a combination of procedures or applying procedures to a larger number of items than would have been confirmed.
1101.35 An oral response to a confirmation request does not constitute an external confirmation because it is not a direct
written response to the auditor. However, the auditor may take the oral response into consideration when determining the
nature and extent of alternative audit procedures required to be performed. Additional procedures may be performed
concerning the reliability of the oral response, such as calling the respondent using an independently verified telephone
number. The additional evidence provided by contacting the respondent directly, together with the clients statement or other
correspondence received from the customer, may provide sufficient evidence. Documentation of the oral response may
include the identity of the respondent, his or her position, and when the conversation occurred.
1101.36 Evaluating Confirmation Results. AU-C 505.16 indicates the auditor should assess whether enough evidence
about the assertions being tested has been obtained through confirmations and performing alternative procedures. If the level
of evidence is not adequate, the auditor should send additional confirmations, perform additional procedures, or both.
Evaluation of accounts receivable confirmation results may consist of:
Projecting the results from any sampling applications. As discussed in paragraph 1101.23, the use of negative
confirmations is not a sampling application.
Assessing whether the projection indicates that sampling risk is too high.
Adding projected misstatements from sampling applications to actual misstatements identified in groups confirmed
100%.
Considering whether detected misstatements indicate some systematic problem that would warrant additional audit
procedures focused on a particular segment of the accounts receivable population (e.g., all receivables originated
during the last week of the year).
Assessing whether total misstatements cause accounts receivable or the financial statements as a whole to be
materially misstated.
Assessing the reliability of responses.
Assessing whether the nature of misstatements indicate possible fraud or internal control related matters that should
be communicated in accordance with professional standards.
The completion of the Confirmation Summary Form (ASB-CX-11.2) and Sampling Planning and Evaluation
FormSubstantive Procedures (ASB-CX-8.2) may be useful to the auditor when evaluating confirmation results. The case
studies in section 1104 illustrate a sampling application.
1101.37 An important consideration in evaluating confirmation results relates to the reliability of responses. Factors to
consider when evaluating reliability include:
Whether the confirmation was received indirectly rather than directly from the confirming party.
Whether the confirmation did not appear to come from the intended recipient.
Whether the confirmation contains restrictive language.
Whether only an oral response or no response was received when the auditor determined that a written response
was necessary to address risk.
If doubt exists about the reliability of a confirmation, the auditor should perform procedures to resolve the doubts. Such
procedures may include evaluating the nature and substance of restrictive language, contacting the confirming party directly,
and requesting written follow-up to be sent directly to the auditor. If, after performing those procedures, the auditor concludes
that the response to a confirmation is not reliable, the auditor should evaluate the implications on the risk assessment,
including fraud risk, and on planned audit procedures. When a written confirmation is considered necessary but cannot be
obtained, a limitation on the scope of the audit exists, and the auditor should evaluate the implications for the audit and the
auditors report.
1101.38 Nontraditional Confirmations. Respondents sometimes use nontraditional means such as fax machines or email to
answer confirmation requests. In those cases, AU-C 505.A14 states that additional evidence may be required to verify that the
responses are valid. For example, fax responses involve special risks because it may be difficult to determine the source of
the response. Auditors who receive nontraditional responses may consider the following additional steps:
a. Verifying the source and content of the response over the telephone and documenting in the workpapers that this
was done.
b. Requesting that the respondent mail the original confirmation directly to the auditor.
As with confirmations received by mail, the auditor should receive the response directly. If the response is received by the
client, the auditor should perform procedures to verify its authenticity. This is most easily done by confirming its contents with
the respondent by telephone and requesting that the original be sent to the auditor directly by mail.
1101.39 An alternative form of confirmation is to directly access a third partys information about the clients account balance
through online inquiry. Such a procedure meets the definition of an external confirmation when, for example, the confirming
party provides the auditor with access information for a secure website that contains the information being requested. The
auditors access may also be facilitated by a third-party service provider. When access information is provided by the client,
however, the procedure does not constitute an external confirmation.
1101.40 Using Client Personnel to Clear Confirmation Exceptions. AU-C 505.14 Indicates that the auditor should
investigate exceptions to confirmation requests to determine if they represent misstatements. As long as an auditor maintains
control over selection, mailing, and receipt of confirmations as required by AU-C 505.07, he or she can use client personnel to
help in clearing confirmation exceptions. Generally, the auditor will make a copy of a confirmation that has been returned with
an exception, or a copy of the original confirmation request in cases of nonresponding confirmations, and request that the
client provide the original documents that support the transaction (i.e., invoices, shipping documents, deposit slips,
remittance advices, etc.). The auditor will examine the original documents to determine if the account is misstated. Exhibit
11-2 provides a format the client can use to reconcile the client and confirmed balances.
Exhibit 11-2
Reconciliation of Confirmations
AMOUNT
1. Balance per confirm reply (vendor or customer)
2. Deduct items recorded by vendor/customer; not by client:
Ref. Number Date Comments (items in transit, disputed, etc.)
a.
b.
c.
d.
e.
f. Total
3. Add items recorded by client; not by vendor/customer:
a.
b.
c.
d.
e.
f. Total
4. Balance per client
5. Client researcher:
* * *
Doubtful Accounts Procedures
1101.41 Adequate evidence regarding the valuation assertion is not obtained merely by inquiry of management. No matter
what the assessed level of the risk of material misstatement, the auditor will normally perform various analytical procedures
such as computing one or more of the following ratios and comparing to those for prior years or other expectations, and
investigate any unusual relationships or trends:
Comparison of the balances in the allowance for doubtful accounts, sales returns and allowances, and bad debts
expense with prior periods or other expectations.
Allowance as a percentage of accounts receivable.
Allowance as a percentage of net credit sales.
Age of receivables.
Each aging category as a percentage of net credit sales.
Open customer balances as a percentage of total year-to-date sales by customer.
1101.42 For higher assessed levels of risk, the auditor might review and test subsequent collections, credit memos, and
write-offs after the period end that relate to the ending aged accounts receivable trial balance. In addition, for significant
balances that remain uncollected subsequent to period end, the auditor might review supporting documentation that relates
to the outstanding balances such as customer correspondence and credit files. From this evidence, the auditor might
estimate an acceptable range of amounts to evaluate the adequacy of the allowance for doubtful accounts. If the companys
recorded balance is not within this acceptable range, the misstatement would be the difference between the recorded amount
and the closest amount in the range. Any recorded balance within the acceptable range is considered appropriate. Chapter
18 discusses the evaluation of estimates in greater detail.
1101.43 Many business software application packages have the ability to add finance charges on past due accounts.
Auditors ought to be alert to whether their client routinely assesses finance charges, and the collectibility of those amounts.
Customers may pay the bill without including the finance charges, and the client ends up writing them off. This leads to the
question of the collectibility of material amounts of finance charges included in accounts receivable at the balance sheet date.
When examining subsequent cash collections, be aware of whether customers are routinely excluding finance charges from
their payments.
1101.44 Many smaller companies use the specific write-off method to provide for doubtful accounts. The auditor typically
reviews the companys write-off policy and decisions made regarding the accounts to be written off. Although the specific
write-off method is not in accordance with GAAP, it may approximate GAAP if all material doubtful accounts have been written
off and the company has not experienced a significant increase in bad debts in recent years. Consequently, if the specific
write-off method is used, the auditor needs to be very careful to determine that all doubtful accounts have been written off or
are immaterial.
Using Data Extraction Software
1101.45 Depending on the client, accounts receivable may represent one of the best opportunities to use data extraction
software in an audit. Accounts receivable data files may contain numerous invoices. Scanning client records for significant or
unusual items, such as large credits, and identifying subsequent cash collections can be difficult and time-consuming when
data files are large. In addition, both the auditor and the client may save significant time by automating the accounts
receivable confirmation process. Other advantages of using data extraction software include a reduction in the number of
errors that can occur when confirmations are prepared manually, the ability to determine the exact amount of the aged
accounts receivable trial balance that remains unpaid as of the date of the auditors report (that is, to test 100% of the file for
subsequent collections), and the ability to integrate the accounts receivable aging with the subsequent cash receipts testing
to analyze the aging for only the uncollected accounts.
1101.46 Before the auditor can perform procedures using data extraction software, electronic copies of the clients data files
will need to be obtained. The auditor will access the data files and define the necessary data fields. Accessing client data may
be the most difficult part of using data extraction software. Once the files have been defined, however, the file definitions
generally can be reused in subsequent audits, generating a great deal of efficiency.
1101.47 Accounts receivable audit procedures that can potentially be efficiently performed using data extraction software
include:
Testing the clerical accuracy of the aged accounts receivable trial balance.
Dividing the population of accounts into natural groups (such as accounts with large dollar balances, accounts with
unusual characteristics, related party accounts, and credit balance accounts) to identify individually significant items.
Selecting accounts for confirmation and preparing confirmation letters.
Matching subsequent cash collections to the aged accounts receivable trial balance.
Testing the accounts receivable aging.
Identifying significant credit memos issued after year-end.
Performing analytical procedures (such as comparing sales for the last month of the year to sales for the rest of the
year and the first month after year-end and comparing sales returns and credit memos for the last few months of the
year to the first few months after year-end) to test sales cutoff.
Section 909 discusses data extraction software in more detail. Exhibit 9-12 lists additional examples of how DES can be used
on an audit.
Sales or Revenue Procedures
1101.48 The evidence obtained in auditing receivables, combined with analytical procedures performed for sales, may
provide sufficient audit evidence related to the existence/occurrence and accuracy/classification assertions for recorded sales
or revenue. The primary difficulties are often designing effective analytical procedures that provide persuasive evidence and
deciding whether obtaining sufficient audit evidence related to the completeness assertion requires some transaction testing.
More extensive testing also may be required if the auditor has identified a fraud risk related to improper revenue recognition.
1101.49 Revenue Recognition Issues. GAAP generally requires that, for revenue recognition to be appropriate, all of the
following criteria must be met:
evidence of the final understanding between the parties to the exchange transaction exists,
delivery has occurred or services have been performed,
the sales price is fixed or determinable, and
collectibility is reasonably assured.
1101.50 Certain conditions may preclude the recognition of revenue because the earnings process (as outlined in paragraph
1101.49) is not complete. Those conditions include but are not limited to:
The transaction requires subsequent approval or the execution of another agreement (for example, letters of intent
are used instead of signed contracts).
The buyer has the right to cancel the sale or return products without obligation.
Payment is contingent on the occurrence of some future event (such as resale of the product, obtaining financing, or
future performance by the seller).
The seller is obligated to repurchase the product.
The risks and rewards of ownership do not rest with the buyer (for example, the buyer is not responsible for goods
damaged in its warehouse).
Sometimes buyers and sellers enter into side agreements that modify the original terms of a sale. Side agreements may
contain customer acceptance, cancellation, or termination provisions that affect revenue recognition. Those provisions raise
questions about whether delivery has occurred (customer acceptance provisions) or whether the sales price is fixed or
determinable (cancellation and termination provisions). The existence of a subsequently executed side agreement may
indicate that the original terms of the sale were not final and revenue recognition is not appropriate.
1101.51 Factors related to the control environment that may indicate an increased risk of improper revenue recognition
include:
a. Aggressive accounting policies or practices.
b. Pressure from management to increase revenues and earnings.
c. Lack of involvement by those responsible for the accounting function in sales transactions.
1101.52 Other conditions that may indicate improper revenue recognition practices and warrant special consideration
include:
a. Sales recorded for products shipped in advance of the scheduled shipping date without the customers consent.
b. Invoicing of products prior to shipment (for example, bill and hold sales or billing for items still being
manufactured).
c. Sales recorded for shipments made after year-end.
d. Transactions with related parties.
e. Shipments made on canceled or duplicate orders.
f. Shipments made to a warehouse or another location without instructions from the customer.
g. Barter transactions.
h. Significant sales or volume of sales near year-end.
i. Longer-than-expected payment terms or installment receivables.
j. Altered dates on contracts or shipping documents.
k. Unusual volume of sales to distributors or resellers.
l. Sales recorded based on letters of intent or purchase orders.
m. Shipments to freight companies pending return to the seller because the customer has canceled or requires
modifications prior to delivery.
n. Shipments of only a portion of the product when the portion not delivered is a significant part of the product.
o. A change in the companys revenue recognition policy.
p. The existence of side agreements.
1101.53 In performing risk assessment procedures, the auditor gains an understanding of the clients business and products,
its marketing and sales policies, its internal control over revenue, and its accounting policies and procedures related to
revenue recognition (i.e., accepting orders, shipping, billing, recording sales, and relieving inventory). The control
environment is probably the most important factor influencing the integrity of reported revenue. Therefore, the auditors
understanding of the clients business related to revenue recognition includes understanding how controls over revenue
transactions may be overridden and what the clients motivation to misstate revenue may be. In performing risk assessment
procedures, the auditor considers the industry in which the client operates (for example, whether the clients sales terms and
accounting practices are consistent with the industry), changes in the clients policy or practices related to revenue
recognition, general economic trends, and earnings pressures. Well-designed preliminary analytical procedures also help the
auditor identify situations that may represent risks of improper revenue recognition that require overall or specific audit
responses to ensure revenue recognition is proper. (See paragraph 1101.55.) An overall response to a risk of improper
revenue recognition may be to assign more experienced audit staff to perform related audit procedures. Specific responses
may be to perform additional audit procedures such as the following:
a. Inquiry of relevant personnel, such as sales and marketing employees.
b. Review of sales contracts.
c. Physical inventory observation procedures (e.g., observation of inventory in shipping areas, inquiries regarding
segregated inventory, and cutoff procedures). (See Chapter 12.)
d. Confirmation of sales terms and confirming the existence of side agreements.
1101.54 Auditors may find it helpful to obtain representations from management concerning specific revenue recognition
issues. The management representation letter drafting form at ASB-CL-3.5 includes illustrative wording related to receivables
and sales terms. In addition, communications with those charged with governance may include a discussion of the
companys revenue recognition practices. Auditors can consult the AICPA Audit Guide, Auditing Revenue in Certain
Industries, for further guidance on revenue recognition. The publication is available from the AICPAs website at
www.cpa2biz.com, on Checkpoint, or by calling Thomson Reuters at (800) 431-9025 or visiting the website at
ppc.thomsonreuters.com. SEC Staff Accounting Bulletin (SAB) No. 104, Revenue Recognition in Financial Statements, is
authoritative for public companies, but auditors of nonpublic companies may also find the guidance helpful. SAB No. 104 can
be found at www.sec.gov/interps/account.shtml or in the FASB Accounting Standards Codification at FASB ASC
605-10-S99.
1101.55 As discussed in section 301, AU-C 240.22 requires auditors to perform preliminary analytical procedures related to
revenue to identify unusual or unexpected relationships that may indicate fraudulent financial reporting. The results of those
procedures should be considered when identifying the risks of material misstatement due to fraud. The analytical procedures
related to revenue should be updated during the final review stage of the audit, that is, the procedures should be performed
through the end of the reporting period. In addition, AU-C 240.26 requires auditors to presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. The auditor may be able
to overcome that presumption, but, if so, should document how the presumption was overcome. If the auditor is unable to
overcome the presumption, then a response to the risk of improper revenue recognition is required.
1101.56 Auditors may respond to a risk of improper revenue recognition by tailoring the basic audit procedures for revenue
in ASB-AP-4, for example, by increasing the extent of those procedures, or by performing additional procedures. The audit
program at ASB-AP-4 includes additional procedures related to revenue recognition. The program also includes the following
additional procedures that may be appropriate to respond to identified fraud risks related to revenue recognition:
Completeness of sales (see the extended procedures at ASB-AP-4).
Sales cutoff (see the extended procedures at ASB-AP-4).
Bill and hold transactions (see the other audit procedures at ASB-AP-4).
Deferred revenue recognition (see the other audit procedures at ASB-AP-4).
Sales returns (see the other audit procedures at ASB-AP-4).
1101.57 Other procedures auditors may consider performing when an increased risk of improper revenue recognition exists
include:
Performing substantive analytical procedures related to revenue using disaggregated data.
Confirming contract terms and the absence of side agreements.
Inquiring of employees outside the accounting department regarding sales or shipments near year-end and
knowledge of any unusual terms or conditions.
For inventory at multiple locations, observing inventory counts at all locations on the same day or at selected
locations on an unannounced basis.
Observing goods being shipped or readied for shipment (or returns awaiting processing) at year-end.
Testing controls over revenue transactions.
Comparing revenue patterns during the current and prior years.
Reviewing large or unusual sales at or near year-end.
Reviewing all nonstandard or adjusting journal entries or postings to the general ledger control account from
sources other than the sales journal.
1101.58 Because revenue recognition practices vary by industry and are dependent on the particular facts and
circumstances, auditors typically develop procedures related to revenue recognition based on their understanding of the
company and its environment, including the composition of revenues, specific attributes of revenue transactions, and industry
considerations obtained during the risk assessment process.
1101.59 Designing Effective Analytical Procedures. To design and perform effective analytical procedures, auditors need
to have a good understanding of the clients business so appropriate expectations can be developed. The following
information obtained during the risk assessment process may help the auditor design and perform more effective analytical
procedures:
The kinds of products and services sold.
Whether sales are seasonal or cyclical.
Customary marketing and sales policies for the industry.
The clients policies for pricing, sales returns, discounts, delivery, and payment.
Compensation arrangements related to revenue (for example, bonuses or commissions based on sales or
collections).
Significant classes of customers (for example, related parties, resellers or distributors, end users, etc.).
Whether sales contracts are standardized.
1101.60 The effectiveness of an analytical procedure depends on the precision of the underlying expectation. The precision
of the expectation about sales or revenue can often be improved by basing it on some operating statistic or data independent
of the financial reporting system. In some industries, such as health care and financial institutions, there are key operating
statistics that provide a sound measure of capacity and a reliable base for evaluating the reasonableness of total sales or
revenue. In other cases, reliable operating data, such as unit production and unit sales, may be available from the client.
Expectations may also be based on data derived from the financial reporting system. If data produced by the clients
information system is used in performing analytical procedures or other audit procedures, AU-C 520.05 indicates that the
auditor should obtain audit evidence about the accuracy and completeness of that data. The requirement relates to both
financial and nonfinancial information produced by the system.
1101.61 An auditor might test revenue by comparing monthly or quarterly sales by product line or geographic location with
comparable amounts from the prior period, budgeted amounts, or other auditor-developed expectations. Amounts within the
period also might be compared to each other (for example, the auditor may compare sales by month or even by week).
However, such comparisons are effective analytical procedures only if the auditor expects there to be a reasonable
relationship between the amounts compared. For example, a comparison of sales by month to comparable amounts in the
prior year would be an effective analytical procedure only if the auditor believes the prior year amount provides a reasonable
expectation of the current year amount. Often, auditors perform these comparative analyses without really considering
whether a reasonable expectation of the current year amount has been developed. The understanding of the client gained
during the performance of risk assessment procedures and procedures in other audit areas may provide a basis for
developing reasonable expectations for analytical procedures. Additional guidance on the effective use of analytical
procedures is provided beginning in paragraph 505.8. Documentation requirements related to analytical procedures are
discussed beginning in paragraph 505.70.
1101.62 Transaction Tests. Ordinarily, the auditor gives some consideration to completeness of recorded sales when the
completeness of receivables is considered. The combined effect of those procedures and analytical procedures for sales or
revenue may be sufficient to restrict detection risk for completeness assertions about sales or revenue to an acceptable level.
However, if the auditor considers it necessary based on the assessment of risks of material misstatement, a sample of original
shipping documents, or other reliable documentation of transaction origination, may be selected and traced through
processing to related accounting records. This is a substantive test of sales or revenue transactions for completeness. It is
important to trace from the shipping document (or similar origination documentation) to the accounting record. Selecting
sales invoices will not accomplish the objective, and the test cannot be performed at all unless reliable evidence of transaction
origination exists.
1101.63 It ought to be emphasized that transaction testing would be undertaken only if the auditors risk assessment
indicates it is necessary. Usually, it is impractical to substantiate a transaction total by transaction testing unless control risk is
assessed at moderate or low. For large companies, where transaction testing is done routinely, the transaction tests are a
coordinated combination of tests of controls and substantive procedures. Also, the usual response to an ineffective control in
those cases is a significant expansion of substantive tests of the related balance sheet account, not more transaction testing.
Other Considerations
1101.64 Additional or modified procedures may be necessary for receivables with unique characteristics in order to properly
respond to risks. For example, when evaluating collectability for related party receivables from officers and owners, the
auditor might consider whether such items should be reflected as salary or dividends rather than an outstanding receivable
by examining or inquiring about the nature of the receivable, reviewing the history of similar transactions, and determining
whether a pattern of write-offs exist for such items.
1101.65 Many clients may include categories of receivables in the aged trial balance that require reclassification for
disclosure purposes. As noted in paragraph 1101.6, the aged trial balance ought to be scanned for nontrade receivables for
possible reclassification. For significant items, the auditor might typically need to apply confirmation and collectibility
procedures to those items apart from those for trade receivables.
1101.66 The Other Audit Procedures for Accounts Receivable and Sales at ASB-AP-4 provides procedures for accounts
receivable and sales circumstances that are less common.
1102.1 The workpapers created to document the audit procedures performed for accounts receivable and sales will vary
depending on the risks identified and the responses developed for those accounts. The workpapers listed below represent
some common examples of the types of accounts receivable and sales documentation prepared by auditors of nonpublic
companies. The workpaper content and the extent of the auditors documentation will generally not be influenced by whether
the workpapers are prepared in paper or electronic format. However, if the auditor uses electronic workpapers, any
client-prepared schedules and detail need to be obtained in electronic format, if possible, to reduce the extent of paper
documents that will be retained in the audit file or require scanning (electronic workpapers are discussed in section 807).
a. The working trial balance or a separate lead schedule that includes all accounts receivable balances.
b. An aged accounts receivable trial balance reconciled to the general ledger balance at the balance sheet date.
c. Evidence of confirmation procedures performed.
d. Returned confirmations.
e. Documentation of sampling procedures, if applied, and evaluation of results.
f. A memo regarding completeness.
g. Analysis of allowance for doubtful accounts and support for evaluation of the allowance.
h. Schedule documenting the analytical procedures performed to test accounts receivable and sales.
The auditors documentation of the procedures performed should include the identifying characteristics of the specific items
that were tested. Section 802 discusses how the auditor might document the identifying characteristics of the specific items
tested, including tests involving inspection of documents, confirmation, inquiries, and observation.
Completeness Documentation
1102.2 The primary evidence regarding completeness of receivables is often obtained from analytical procedures related to
revenue. Accordingly, documentation may consist of a memo in the workpapers explaining the various sources of evidence
that support the completeness of revenues and, thus, receivables. It need not be a complicated discussion. Exhibit 11-3
illustrates how an auditor might document the consideration of the completeness assertion in a memo. Those procedures
may often provide sufficient audit evidence to support the completeness assertion for revenue and accounts receivable.
However, the auditor needs to apply judgment to determine that the procedures performed are sufficient to respond to risks
identified during the risk assessment process.
Exhibit 11-3
Completeness Documentation
XYZ Company
Memorandum Regarding Completeness
of Accounts Receivable and Sales
12/31/X2
The completeness assertion related to receivables and sales has been supported by the following procedures:
Analytical Tests. Based on the volume of purchases of inventory, a predictive test was performed to calculate the net
sales appropriate for the business using the industry-standard 100% retail markup rate. Calculations were made of
inventory turnover ratios and number of days sales in receivables for the past three years.
Also, the amount of sales in December and January were compared to other months during 20X2 and similar
months in prior years for unusual variation.
These analytical tests revealed no unusual variation or relationships that could not be explained by supporting
business reasons. The predictive test produced an estimate of sales that was only 1.5% different from recorded
sales. These analytical procedures are documented at ASB-AP-4.
Inquiry and Observation. During our planning procedures (and updated on 2/16/X3) we made inquiries of the
owner/manager, Mr. John Doe, who indicated that the following steps are taken to ensure all sales are recorded:
1. Very few sales are for cash. Instead, most sales are shipped to the customer after credit checks, usually five
days after purchase.
2. The warehouse manager must be given a delivery ticket (typed at the same time as the invoice) before an item
is shipped.
3. Salesmen keep records of their sales and closely monitor the accounting departments preparation of the sales
invoice. Salesmen are paid on a commission basis.
On several visits to the store during the weeks of 2/16/X3 and 2/23/X3, we observed these procedures being
followed.
* * *
Aged Accounts Receivable Trial Balance
1102.3 Documentation of accounts receivable audit procedures often includes an aged accounts receivable trial balance.
That trial balance relates to all the other procedures in the accounts receivable area. The auditor reviews the reconciliation of
the trial balance to the general ledger balance at the balance sheet date to verify its accuracy and completeness. Without this
reconciliation, the trial balance is of questionable benefit. The following suggestions may be helpful in performing the work
regarding the trial balance:
a. It may be most efficient to use the detailed account listing that the client normally maintains. However, that listing
needs to identify the customers, indicate the age of the balances, and reconcile to the clients general ledger to be
useful to the auditor. If the client maintains such a schedule as part of the company accounting system, it is
preferable to use a copy of the clients schedule instead of requiring another workpaper to be prepared. When a test
of the clients aging is performed, it can be documented by placing tickmarks on the copy of the clients schedule.
b. When testing clerical accuracy of the aged trial balance, foot the total column. It is also beneficial to foot the column
containing the oldest account balances on the schedule. The total line of all pages and accounts can be
cross-footed to determine that the trial balance is clerically accurate.
c. The auditor can use the clients employees to assist in determining the clerical accuracy of the trial balance. If the
trial balance is very long, the auditor can remove one of the pages and ask one of the clients employees to add the
totals of all the other pages. The auditor may then insert the total obtained from the extracted page to determine that
the grand total is accurate.
d. If the aged trial balance is produced by an IT application, it may be possible to obtain the clients maintenance or
utility program (or use audit software) to recompute the totals of the trial balance. However, computer-assisted
techniques may not be efficient unless there are numerous individual accounts, there is good system file
documentation, and the auditor is knowledgeable in IT auditing. (See paragraph 1101.45 and section 909.)
e. The auditor may be able to attach additional columns to a client-prepared trial balance for information such as
subsequent receipts, confirmation steps, and comments regarding collectibility.
Confirmation Workpapers
1102.4 The auditor should document the extent of confirmation work performed and summarize the results of those
confirmation procedures. Returned confirmations should ordinarily be retained in the workpapers, even when a schedule of
confirmation results is prepared for the workpapers.
3(72)
Hard copy confirmations may be retained even when the auditor
utilizes electronic workpapers as the primary documentation format (see related discussion at paragraph 807.13). It is often
most efficient to document the reconciliation of confirmation replies and the performance of alternative procedures for
nonreplies directly on the confirmation reply or a copy of the confirmation request. By documenting the results directly on the
copies, the auditor eliminates the need for another workpaper. If client personnel are used to reconcile confirmation replies, a
format such as the one illustrated in Exhibit 11-3 can be used. The following suggestions are provided for more efficient
confirmation procedures:
a. The auditor can mark the individual accounts selected for confirmation by a tickmark or other reference on the face
of the aged trial balance. This provides a concise summary of the accounts selected for confirmation and satisfies
the professional standards requirement noted in section 802 to identify the items tested.
b. A positive confirmation that includes a statement supporting the balance, or, alternatively, an open-item listing is the
best means of obtaining a usable response. Response rates are better if confirmations are easy to understand and
ask for only the essential information. (See the illustrations at ASB-CL-7.1 and ASB-CL-7.2.)
c. The auditor may want to discuss with the client the timing of preparation of the confirmation letters to minimize
interruption in the clients flow of work and to determine that the proper balances will be available at that time.
Timing the mailing so requests are sent as soon as possible after balances are known will improve response rates
and allow more time for responses to be returned.
d. The auditor may want to document confirmation results in summary form to allow review of the results by the auditor
with final engagement responsibility. The format of the document depends on whether nonsampling or sampling
applications are used. If nonsampling is used, i.e., a group of individually significant items is selected for 100%
confirmation, forms similar to the ones presented at ASB-CX-8.1 and ASB-CX-11.2 can be used. If sampling is used,
an additional form may be necessary, similar to that shown in the case study at paragraph 1104.13 and presented at
ASB-CX-8.2. If both nonsampling and sampling are used, both summaries are appropriate.
e. If possible, avoid alternative procedures until near the end of the audit. Alternative procedures for nonreplies to
confirmation requests are often more efficient when subsequent receipts are examined first. After subsequent
receipts are examined to determine the accounts to which they apply, the remaining balances of nonreplies can be
compared to the supporting sales invoices and shipping documents. This approach normally reduces time needed
for alternative procedures and allows more time for responses to come in. However, it is not very effective if the
company has numerous collection problems. In addition, even if subsequent receipts are examined, review of sales
invoices and shipping documents may be necessary if the auditor has identified sales cutoff as a risk (see paragraph
1103.3, item e.). As discussed in paragraph 1101.33, it may not be necessary to subject all nonreplies to alternative
procedures. Instead, the total amount of a nonreply can be considered an error.
f. Alternative procedures are often also applied to undeliverable requests and those customers who return the letter
but are unable to confirm the information requested. Those accounts would be classified as nonreplies. Auditors
ordinarily report nonreplies and undeliverable requests to management or another client official outside the
accounts receivable department.
g. The best results are ordinarily obtained if the auditor uses request forms that are individually hand signed by an
important client official or one known to the customer. Wording needs to be clear and the confirmation request
needs to identify the entity being audited. It also may be helpful to send the request to a specified individual, if
practical. The requests should be sent from a secure location (mail slots which go to a basement pick up site are not
appropriate). First class postage may be used to enhance response rates. Also, the envelope might carry a boldly
printed notice such as Important Audit Information Enclosed to attract the recipients attention.
h. A deadline response date on the confirmation request might accelerate, though not necessarily increase, responses.
For instance, the caption Reply Requested within Five Days could be printed on the confirmation in boldface type.
i. The auditor always provides the firms return address on the envelopes in which the requests are mailed. In addition,
the confirmation requests are ordinarily accompanied by addressed, business-reply (postage paid) return envelopes
to enhance the response rate. An even higher response rate might be obtained by using a postage stamp on the
return envelope rather than a business reply permit, since customers are less likely to discard stamped material.
j. The use of a prearranged date to mail second request copies can also improve responses. Photocopies of the
original letters can be made for use as second requests. It may also expedite response if the caption Second
Request is stamped or written in red ink on the letter before remailing.
k. A possible alternative approach to the second request letter mentioned above is to send the second request on the
CPA firms letterhead rather than on the clients. If this is done, the first sentence of the confirmation letters at
ASB-CL-7.1, ASB-CL-7.2, ASB-CL-7.3, and ASB-CL-7.5 can be revised to state: We are conducting an annual audit
of the financial statements of (Name of Client Company), and the letter would be signed by the CPA firm. The
clients permission needs to be obtained before adopting this approach. In addition, the following might be added
below the CPA firms signature on the confirmation letter: Please supply the information requested above to our
auditors, signed by the client. Although this approach requires preparing new letters rather than mailing
photocopies of the first request, it may still be efficient if a reply can be obtained and more costly alternative
procedures are avoided.
l. If the second request does not elicit a response, the auditor might, with the clients permission, directly contact the
customer by telephone. Also consider asking the client to help with phone calls reminding customers to respond in
a timely manner. (See discussion of oral confirmations at paragraph 1101.37.)
m. Gratuitous customer comments can create inefficient procedures if the auditor tries to address them all. The best
approach is to address those comments only if they are of audit significance. However, comments that provide
indications of possible fraud or illegal transactions should be carefully assessed. Gratuitous comments that the
auditor does not address can be given to the client for follow up. Consistent customer complaints noted in
confirmation replies might also be mentioned in the management letter.
n. It is often helpful to use a standard workpaper format to reconcile confirmation exceptions and to use client
personnel to the extent possible to perform the initial reconciliation. Exhibit 11-2 provides a format the client can use
to reconcile the client and confirmed balances. In addition, the Confirmation and Correspondence Control at
ASB-CX-17.4 can be used to monitor the status of confirmation requests. Unreconciled differences ordinarily are
reported to management or another client official outside the accounts receivable department.
Analysis of Collectibility
1102.5 The primary workpaper for the analysis of collectibility is usually the aged trial balance (discussed in paragraph
1102.3). When reviewed and tested as part of the audit plan, subsequent receipts can be posted to the auditors copy through
a date close to the date of the auditors report. Naturally, the longer the auditor waits to perform the review of collectibility, the
better the information about subsequent collections.
1102.6 A workpaper often prepared to review the collectibility of accounts receivable is an analysis of bad debt statistics
(e.g., bad debts as a percentage of receivables, sales, etc.) for the past several years. However, this analysis tends to be
effective only when a company has a large number of customer accounts or the clients business or industry experiences
unusually long collection periods. Accordingly, this procedure may be unnecessary if adequate collectibility information is
obtained from analysis of subsequent receipts.
Other Considerations for Accounts Receivable Workpapers
1102.7 Accounts receivable audit efficiency may also be increased by the following workpaper considerations:
a. Use of Memos. The auditor may be able to use a memo to summarize the results of confirmation procedures or the
analysis of collectibility rather than a detailed presentation of all individual amounts supporting the conclusion.
However, to meet the requirements of AU-C 230, Audit Documentation, the workpapers should indicate the accounts
confirmed and identify other items selected for testing in substantive tests of details. Returned confirmations should
also ordinarily be retained. Section 802 details documentation requirements.
b. Carryforward Schedules. A schedule of the transactions affecting the allowance for doubtful accounts from year to
year is often maintained in a permanent file or carried forward in the audit workpapers. The auditor may consider
maintaining such a schedule if the information is useful for analytical procedures. However, such data is often
time-consuming to maintain and may add little assurance. Auditors can use ASB-CX-11.3, Accounts Receivable
Statistics Form when they want to maintain a carryforward schedule of transactions affecting the allowance account
or trends in the aging of accounts receivable from year to year.
Sales Workpapers
1102.8 Sales workpapers often include a schedule documenting the analytical procedures performed to test sales including
the development of expectations, the data used, and the results of comparing expectations with actual results. Because of the
relationship between sales and cost of sales, it is often efficient to document the analytical procedures for both components
on the same schedule. Frequently, expectations about each are based on the same underlying data. For data that is used to
develop expectations in performing analytical procedures, AU-C 520.05 indicates that the auditor should evaluate its reliability
(see paragraph 505.26). The requirement relates to both financial and nonfinancial information.
1103.1 Some of the problems involved in the audit of accounts receivable have been discussed in previous sections of this
chapter. The following summary presents common overauditing and underauditing tendencies. This summary, while not
comprehensive, provides helpful guidance to the auditor to eliminate common misconceptions related to auditing accounts
receivable.
1103.2 The following are typical examples of overauditing in accounts receivable and sales:
a. Sampling When It Is Not Warranted. This occurs when auditors fail to first group the receivables and select
individually significant balances for confirmation. The remaining balance may be immaterial, or perhaps it can be
effectively tested with other substantive procedures. However, if the accounts receivable balance consists primarily
of numerous small balances, then sampling may be the most efficient approach for testing the remaining balance.
(See paragraph 1101.31.)
b. Confirming Accounts Receivable in the Hands of a Collection Agency. This procedure does not provide evidence of
collectibility that cannot be obtained through other more efficient procedures, such as a review of subsequent cash
collections, discussions with management, and review of pertinent correspondence in the clients files.
c. Analyzing Statistical Trends in the Allowance for Doubtful Accounts. Overly detailed analyses of trends relating to the
allowance for doubtful accounts may be unnecessary if the audit approach anticipates that the reasonableness of
the allowance can be more effectively addressed through the examination of subsequent cash receipts and other
supporting documentation.
d. Performing Excessive Alternative Procedures. Although alternative procedures are appropriate, they may not need to
be performed if they would not change the evaluation of the confirmation results; that is, if the auditors evaluation
would not change even after assuming the nonreply is totally misstated. This approach can reduce the time spent
on insignificant nonreplies. (See paragraph 1101.33.)
e. Spending Excessive Time Investigating Minor Differences in Confirmed Balances. For the same reasons as noted
above regarding nonreplies, it is often most efficient to treat insignificant confirmation differences as misstatements.
f. Failing to Use the Client. This involves not using the client to foot the trial balance and reconcile exceptions. The
client can normally reconcile exceptions faster than audit staff because of familiarity with the system. The clients
work can be tested by examining supporting documents to produce efficient reconciliation procedures. (See
paragraph 1101.40.)
g. Processing Replies Each Time One Is Received. Replies can be collected and processed in substantial groups to
save time in this mechanical process.
h. Premature Testing of the Aging of Accounts Receivable. Many times, when the selected audit approach dictates
testing of the aged trial balance and subsequent receipts, the aging is tested first. Wait until subsequent cash
collections are posted to the trial balance to eliminate testing the aging of accounts receivable more than once.
i. Premature Analysis of Collectibility. It is most efficient to post subsequent cash receipts to the aged trial balance as
long as possible before considering collectibility. For many accounts, subsequent payments will prove their
collectibility. (See paragraph 1102.5.)
j. Inappropriate Tests of Sales Transactions. Some auditors perform a test of individual sales transactions to obtain
evidence about the completeness of recorded sales. If these tests do not use the original documents generating
such sales as a source document (such as a shipping or delivery ticket), the test is invalid and provides evidence
about occurrence instead of completeness.
k. Duplication of Sales Audit Evidence. Some auditors combine tests of individual sales transactions with extensive
analytical procedures and, in effect, obtain every type of audit evidence reasonably possible for this area. The
auditor needs to carefully select procedures and apply only those procedures that are necessary based on results of
the risk assessment.
l. Excessive Details Tested for Sales Transactions. Some auditors examine all details associated with individual sales
transactions when performing tests to support occurrence or completeness. Such items as discount percentages
and other minor matters may not have to be recalculated to obtain sufficient audit evidence regarding those
assertions.
1103.3 The following are typical examples of underauditing in accounts receivable and sales:
a. Inadequate Bad Debt Evidence. A common deficiency is failing to determine sound business reasons for
deterioration of the aging of accounts receivable, and also relying heavily on the clients responses to questions
about collectibility without obtaining corroborating evidence. This can result in failure to obtain sufficient audit
evidence relating to the valuation assertion.
b. Inappropriate Use of Negative Confirmations. Auditors sometimes use negative confirmations when the client does
not have effective internal controls. As noted in paragraph 1101.23, negative confirmations may be used as the sole
substantive procedure only when the combined assessed level of inherent and control risk is low and controls have
been tested. In addition, the use of negative confirmations is not a sampling application and the results cannot be
projected to the population.
c. Failure to Test Sales for Completeness. Many auditors fail to directly address the assertion of completeness
regarding sales. Completeness may typically be tested by performing effective analytical procedures, particularly a
reliable predictive test of total sales or revenue. Completeness can also be supported by performing a test of original
shipping documents and tracing them to evidence that the sale was recorded. The approach selected to test
completeness should be based on the auditors assessment of the risk of material misstatement for the
completeness assertion.
d. Inappropriate Reliance on Aging Schedules. The auditor often uses client aging schedules to test the adequacy of
the allowance for bad debts. In such cases, it is important to test the aging schedule to determine whether the
accounts were aged properly.
e. Inadequate Sales Cutoff Procedures. If the auditor determines there is a risk of misstatement of revenue related to
the cutoff assertion, procedures should be performed to respond to the risk. Procedures often include basic
accounts receivable tests, such as confirmation, and analytical procedures. Additional sales cutoff tests may need to
be performed in situations such as the following:
(1) Accounts receivable are confirmed as of an interim date.
(2) Large inventory quantities awaiting shipment are noted during a year-end inventory observation.
(3) There has been a large increase in sales during the last month of the year under audit or the first month of the
next year.
(4) There has been a large increase in sales returns in the first few months after year-end.
f. Inadequate Review of Sales Returns. In performing subsequent events procedures, the auditor needs to be alert for
unusually large numbers of sales returns and credit memos issued after year-end.
g. Deficiencies in Disclosure. Failing to look for pledged, discounted, or related-party receivables, or other such items
requiring disclosure, is a common underauditing tendency. Auditors also should ensure that disclosure of
accounting policies for trade receivables, doubtful accounts, charge-offs, and past due receivables is adequate and
in compliance with GAAP.
h. Failure to Consider the Reliability of Confirmation Replies. Factors that may affect the reliability of confirmations
include not being received directly by the auditor, oral or other nontraditional replies, replies from someone other
than the intended recipient, restrictive language, and not obtaining a written response when one is considered
necessary. The auditor needs to carefully evaluate these matters and perform appropriate procedures to ensure that
the audit evidence is sufficient and reliable. Failure to obtain a written response when one is considered necessary is
a scope limitation that may affect the auditors report.
1104 CASE STUDIES
Nonsampling Application for a Manufacturer
1104.1 Plas-Cup, Inc., is a privately owned company that manufactures plastic drinking glasses, containers for pantyhose,
and various small medical containers. The auditor is planning the 20X3 audit after performing the 20X2 audit the previous
year. Plas-Cup customers are primarily small accounts but include several large airlines and hotels. Sales order entry and
credit approval are simple, but they appear appropriate for the size of the company.
1104.2 The following is a summary of financial statement balances:
Per Books
12/31/X3
Audited
12/31/X2
Trade accounts receivable (82 accounts in 20X3) $ 343,005 $ 378,108
Allowance for bad debts (4,704) (19,401)
Accounts receivable, net $ 338,301 $ 358,707
Total assets $ 1,354,667 $ 1,230,264
Revenue, net $ 2,334,270 $ 1,737,115
1104.3 During the preliminary planning process, the auditor used the planning materiality worksheet (ASB-CX-2) to calculate
tolerable misstatement at $22,000 (not illustrated). From past experience with the client and other factors, the auditor
assesses the risk of material misstatement as moderate for accounts receivable existence. In auditing accounts receivable,
the auditor plans to confirm selected customer balances, review subsequent collections (in connection with auditing the
allowance for doubtful accounts), and apply other procedures. The subsequent collections review is expected to supplement
the confirmation procedures and provide additional audit evidence about assertions for accounts receivable. Considering
these matters, the auditor wonders how many confirmations should be mailed.
1104.4 Solution: Following the advice about identifying individually significant items discussed in section 702, the auditor
completes a Planning Worksheet to Determine Extent of Substantive Tests (ASB-CX-8.1), which is shown in Exhibit 11-4. In
the initial calculation on the worksheet, the auditor identifies 10 items that are individually significant based on a cutoff amount
of one-third of tolerable misstatement. If she confirms only these accounts, a total of $236,775 of the account balance would
be tested, but the remaining balance would be $106,230 ($343,005 $236,775), which is greater than tolerable misstatement
of $22,000. The auditor now considers what procedures, if any, are needed to test the remaining balance. The options are
listed in Step 5 of Exhibit 11-4. After considering the risk of material misstatement, the auditor determines that some
procedures are needed to test the remaining balance. Also, she decides that analytical procedures would not be effective
enough and that reviewing subsequent collections alone will not be sufficient to meet the audit objectives. Thus, the remaining
options are audit sampling and testing more individually significant items.
Exhibit 11-4
ASB-CX-8.1: Planning Worksheet to Determine Extent of Substantive Tests
Entity: Plas-Cup Inc. Balance Sheet Date: 12-31-X3
Completed by: Mary Senior Date: 2-10-X4
Assertion(s): E/O, R/O, A/CL
Instructions: This worksheet is designed to help you (1) identify and document individually significant items in
the account balance or transaction class you plan to test and (2) determine the extent of substantive
procedures necessary for the remaining balance.
PART 1Initial Calculation
1. Identify the dollar amount for individually significant items. (You may use any amount up to tolerable misstatement.)
2. Identify unusual items not included in Step 1 that are individually significant by their nature.
3. Calculate the remaining balance.
Number of Items Amount
a. Total account balance 82 $ 343,005
b. Individually significant dollar items [amount = $ 7,300
(amount cannot exceed tolerable misstatement
calculated at ASB-CX-2)] 10 236,775
c. Unusual items (other than those in b.). Briefly describe
the nature of the unusual items:
None

d. Remaining balance [a. (b. + c.)] 72 $ 106,230
e. Tolerable misstatement (ASB-CX-2) $ 22,000
4. After completing the initial calculation, if the remaining balance (d.) is greater than tolerable misstatement (e.), go to part
2. If d. is less than e., additional testing of d. may not be necessary, and you may go directly to part 3. However, this
decision is a matter of professional judgment.
PART 2Consideration of Remaining Balance
5. If the remaining balance (d.) is greater than tolerable misstatement (e.), decide what audit procedures, if any, are needed
to obtain sufficient audit evidence concerning d. See paragraph 702.14. Select one or more of the following options:
a. No Further Testing of d. This option may be appropriate if you, in your professional judgment, believe the remaining
risk of material misstatement of d. is sufficiently low. [Note: You will have already scanned the account for unusual
items in Step 2.]
b. Applying Analytical Procedures. Consider using analytical procedures if they can provide adequate audit assurance
with respect to d.
c. Relying on Other Substantive Procedures. If other planned substantive procedures in this audit area relate to the
same assertion(s), consider whether those other substantive procedures provide adequate audit assurance with
respect to d.
d. Sampling. Consider sampling the balance in d. if (1) it consists of numerous items (such as 200 items or more) and
(2) the expected misstatement of d. does not exceed one-third of tolerable misstatement.
e. Testing More Individually Significant Items. Consider this option if (1) analytical procedures and/or other substantive
procedures do not provide adequate audit assurance and (2) sampling is impractical.
Documenting your decision. If you select Option e, complete Step 6. Otherwise, go to part 3.
6. Recalculate the remaining balance using a lower amount for individually significant dollar items.
a. Account balance (see 3a.) 82 $ 343,005
b. Individually significant dollar items.
Amount used: $ 4,500 18 285,968
c. Unusual items (see 3c.) None
d. Remaining balance [a.(b. + c.)] 64 $ 57,037
e. Tolerable misstatement (see 3e.) $ 22,000
7. If 6d. exceeds 6e., reconsider the options in Step 5. If 6d. is less than 6e., additional testing of 6d. may not be necessary.
Document your decision by completing part 3.
PART 3Summary of Testing to be Performed
8. Briefly describe the audit procedures to be applied to individually significant items. Positive confirmation of all accounts
over $4,500.

9. Briefly describe the audit procedures (if any) to be applied to the remaining balance, 3d. or 6d., as applicable. If
sampling will be used, complete ASB-CX-8.2. Additional confirmation of the remaining $57,037 is not necessary because
past audit experience indicates that the likelihood of a material misstatement in this balance is low and a substantial
portion of this balance is expected to be collected prior to completion of the audit.

* * *
1104.5 In reviewing the accounts comprising the remaining balance, the auditor notes that by expanding her test of
individually significant items, she would test eight more items. Then the remaining balance of $57,037 would consist of 64
accounts with an average size of $891 ($57,037 64). If she used audit sampling, her sample size would be as follows
(assuming moderate risk of material misstatement and moderate other procedures risk):
1104.6 Based on the preceding information, the auditor decides to expand the test of individually significant items.
Considering the risk of material misstatement of the remaining balance of $57,037, she believes that reviewing subsequent
collections will provide adequate audit assurance on the remaining balance.
Accounts Receivable Audit Procedures for a Service Company
1104.7 The Plugem Dry Drilling Company is a closely held oil and gas drilling company that produces most of its revenue
from oil and gas drilling contracts. Plugems customers are other oil companies or oil operators who contract with Plugem to
drill for them. All drilling arrangements are set forth in individual drilling contracts that specify the fees to be charged by
Plugem.
1104.8 The following is a summary of significant financial information about Plugem. (The 20X2 general ledger trial balance
has not been closed, and interim information is not readily available. Revenues are estimated based on an interim sales
report. The auditor has only the 20X2 year-end accounts receivable trial balance.) The auditor has been engaged to audit the
financial statements for the year ended 20X2.
Year-end
20X2 20X1
Current assets $ 1,770,000
Total assets $ 4,070,000
Current liabilities $ 1,970,000
Total liabilities $ 3,020,000
Stockholders equity $ 1,050,000
Revenue (estimated) $ 16,000,000 $ 7,500,000
Net income before tax $ 650,000
Net income $ 430,000
Accounts receivable $ 2,779,650 $ 1,288,000
Accounts receivable as a % of revenue 17.4% 17.2%
Number of individual accounts 172
The auditor has established a preliminary estimate of planning materiality of $104,000 (not illustrated). He also has decided
that tolerable misstatement will be $78,000 (.75 $104,000). (See Chapters 3 and 7.) This use of estimated revenue is
considered reasonable because 20X2 ending accounts receivable as a percentage of revenue is comparable to 20X1.
1104.9 Next, the auditor completes ASB-CX-8.1 (not illustrated) to determine if confirming individually significant items alone
would be adequate. Using $26,000 (one-third of $78,000) as an individually significant amount, the auditor scans the trial
balance and identifies six individually significant amounts totalling $1,328,130. (No items are considered significant because
of their unusual nature.) This leaves an untested balance of 166 accounts totaling $1,451,520; a balance that is significantly
greater than tolerable misstatement of $78,000. Thus, the auditor needs to consider what procedures, if any, are needed to
test the remaining balance.
1104.10 Solution: First, the auditor considers the risk of material misstatement of the remaining balance. Historically, the
client has had a very low misstatement rate in accounts receivable. Based on that factor and completion of an Inherent Risk
Assessment Form, ASB-CX-7.2 (not illustrated), the auditor assesses inherent risk for the accounts receivable (existence
assertion) as moderate. Since no tests of controls were performed, control risk is assessed as high and the combined risk of
material misstatement for this assertion is moderate.
1104.11 In deciding what procedures, if any, are needed to test the remaining balance, the auditor considers his options as
follows:
Option a. No Testing of Remaining Balance. This option is inappropriate because the
remaining balance is over half the account balance and the risk of material
misstatement is too high.
Option b. Analytical Procedures. In this case, there are no analytical procedures that can
provide adequate audit assurance for accounts receivable existence.
Option c. Other Substantive Procedures. This option may be appropriate because many of
the remaining accounts may be tested while reviewing subsequent collections (in
auditing the allowance for doubtful accounts). Based on historical experience, the
auditor can expect 50%80% of the remaining balance of receivables to be
collected within two months after year-end. Thus, review of subsequent collections
provides some assurance about the existence of receivables.
Option d. Audit Sampling. Based on the preceding information, the sample size is computed
as follows:
The risk factor is based on a moderate risk of material misstatement and moderate
other procedures risk. (Paragraph 704.17 explains how to determine appropriate
risk factors.) This sample size calculation assumes that the sample would be
stratified. If the auditor decides not to stratify, the sample size would be 36 (an
increase of 20%, which the auditor considers appropriate based on the variability of
account balances).
Option e. Testing More Individually Significant Items. While reviewing the accounts
comprising the remaining balance, the auditor determines that by lowering the
amount for individually significant items to $10,000, the auditor could confirm 10
more items totalling $814,870. If those items were selected, the remaining balance
would consist of numerous relatively small balances, but at $636,650 the remaining
balance is still too large.
1104.12 After reviewing the preceding options, the auditor selects Option e. (testing more individually significant items) and
Option c. (other substantive procedures) to test accounts receivable existence. This approach is considered appropriate for
the following reasons:
a. After testing more individually significant items, the remaining balance will consist of many relatively small amounts.
Consequently, numerous misstatements would have to occur for the remaining balance to be materially misstated.
Also, as discussed in paragraph 1104.10, the client historically has a very low rate of misstatement in this account.
Thus, the auditor believes the risk of material misstatement of the remaining balance (after the additional individually
significant items have been tested) will be low.
b. Given the low risk of material misstatement of the remaining balance, the auditor believes performance of the other
substantive procedures (that is, reviewing subsequent collections) will provide adequate audit assurance with
respect to the remaining balance.
The auditors judgments in this case are based on a preliminary estimate of annual revenues. If the auditor later discovers that
actual revenues were significantly less than the original estimate (e.g., by 20% less than was estimated), the auditor would
have to consider the need to perform additional testing of the account. However, such additional testing may not be needed if
adequate assurance was obtained through other substantive procedures such as examining subsequent cash receipts.
Sampling Application for a Newspaper
1104.13 The Western Express News Company publishes a daily newspaper of the same name serving several localities in
New Mexico. Over 85% of its revenues are from display and classified ads, and circulation revenue makes up the remainder.
Summarized financial data at December 31, 20X1, are as follows:
No. of
Accounts Amount
Accounts Receivable:
Display 238 $ 83,781
Classified 434 16,184
Total Accounts Receivable 672 $ 99,965
Current Assets $ 451,398
Total Assets $ 1,594,525
Revenue:
Advertising $ 911,818
Circulation 144,083
Total Revenue $ 1,055,901
Pretax Income $ 14,215
1104.14 The auditor plans to confirm receivables as of year-end and to derive substantial audit assurance from that
procedure. Tolerable misstatement (calculated as 75% of planning materiality) was computed on ASB-CX-2 (not illustrated) as
$17,000. By scanning the year-end accounts receivable aged trial balance, which includes both display and classified ad
accounts, the auditor determines that only nine accounts have individually significant balances; those are all display ad
accounts and total $37,631. The remaining accounts have an average balance of approximately $94 ($62,334 663).
Scanning the aged trial balance indicates no unusual items, material credit balances, or apparent related party or disputed
accounts. Also, display and classified ad accounts are processed in an identical manner. How many positive confirmations
should be mailed?
1104.15 Solution: The auditor decides to confirm all nine individually significant accounts, which leaves a remaining balance
of 663 accounts totalling $62,334. Because of the large number of accounts and the fact that the auditor expects
misstatement of less than one third of tolerable misstatement, he decides to use sampling. The auditor computes sample size
as follows:
The auditor chooses a risk factor of 3 based on high assessments of the combined inherent risk and control risk (i.e., the risk
of material misstatement) and other substantive procedures risk (i.e., the risk that other substantive procedures directed
toward the same audit assertion will fail to detect a material misstatement).
1104.16 Because the receivables trial balance is computerized, it is feasible to stratify the remaining balance into a group
made up of balances greater than the $94 average and a group of balances below $94. The sample size of 11 computed in
the previous paragraph is allocated two-thirds, i.e., eight units, to the group of balances above the $94 average, and
one-third, i.e., three units, to the group of balances below the $94 average. The auditor haphazardly selects accounts to
confirm from each group and determines the dollar amount of the samples. The resulting stratification is as follows:
Remaining Population Sample Size
Units $ Amount Units $ Amount
Group with larger dollar items (allocate two-thirds of sample
units to this group) 456 $ 47,048 8 $ 2,106
Group with smaller dollar items (allocate one-third of sample
units to this group) 207 15,286 3 243
Total 663 $ 62,334 11 $ 2,349
1104.17 The auditor separately projects the misstatement found in each sample group as follows:
Upper Stratum Lower Stratum
(1) Misstatements noted in the items sampled $ 18 $
(2) Dollar value of sample 2,106 243
(3) Dollar value of remaining population sampled 47,048 15,286
(4)
Projected misstatement in remaining population sampled (1) [(2)
(3)]
$ 402 $ -0-
Normally, the projected misstatement from each stratum is added to compute the total projected misstatement in the sample.
Since there were no misstatements in the lower stratum, the projected misstatement for the sample is equal to the projected
misstatement for the upper stratum. Exhibit 11-5 documents the sampling application.
Exhibit 11-5
ASB-CX-8.2: Sampling Planning and Evaluation FormSubstantive Procedures
Entity: Western Express News Co. Balance Sheet Date: 12/31/X1
Completed by: Kermit Swindall Date: 1/23/X2
Assertion(s): E/O, R/O, A/CL
Instructions: This form is appropriate when sampling is used in a substantive procedure to test an account
balance or a transaction class. When testing controls, use ASB-CX-10.2.
PART 1Planning
1. Describe the population being tested (if there are individually significant items, consider first completing ASB-CX-8.1):
Accounts receivable balances consisting of both display and classified accounts. Few significant balances and no
unusual items, material credit balances, or disputed balances.

Units Amount
a. Items to be examined 100% (individually significant items). 9 $ 37,631
b. Population being sampled. 663 $ 62,334
c. Total of account balance or transaction class (a. + b.). 672 $ 99,965
2. Briefly describe the test and the objective of the test to be performed using audit sampling (or cross reference to the
corresponding audit program step):
Positive confirmation. See audit program Step 4 at W/P AP-4-2. [Not illustrated.]

3. Describe the sampling unit (such as individual customer invoice, individual inventory code, etc.):
Individual customer accounts

4. Describe how completeness of the population has been considered:
Selected accounts from aged trial balance that agrees to general ledger balance.

5. Describe what will be considered a misstatement:
Unreconciled difference between the customer balance and book balance.

6. Sample selection method to be used: Haphazard n Random Systematic
Expected Misstatement
7. Tolerable misstatement (from ASB-CX-2): $ 17,000
8. One-third of tolerable misstatement (one-third of Step 7): $ 5,666
9. Expected misstatement (The amount of projected misstatement you expect to find in
the sample. This means misstatements, not bookkeeping adjustments for accruals or
deferrals made to close the books.): $ 0
Note: If Step 9 exceeds Step 8, sampling is normally not appropriate, and the client should take steps to correct the
population.
Sample Size Calculation
10. Compute sample size, as follows:
Population being sampled
(Step 1b.) $ 62,334
Tolerable misstatement
(Step 7) $ 17,000
Risk
factor 3
= Sample
size 11
[The risk factor is selected from the following table. The factor is determined by assessing the risk of material
misstatement of the relevant assertion(s) for the account or transaction class (or portion thereof) from which the sample
will be selected and by assessing the other substantive procedures risk. Ensure that your assessment of the risk of
material misstatement is consistent with your assessed risk of material misstatement documented at ASB-CX-7.1. The
other substantive procedures risk is the risk that other substantive procedures, such as analytical procedures, related to
the same assertion(s) as the sampling procedure will not detect a material misstatement. The selection of the appropriate
risk factor and the ultimate acceptance of the sample size is a matter of professional judgment to be exercised by the
auditor.]
RISK FACTORS
Other Substantive Procedures Risk
Risk of Material Misstatement High Moderate Low
High 3.0 2.3 1.9
Low 1.9 1.2 0.9
11. If it is not practical to stratify the population, multiply the sample size in Step 10 by
1.20 (or other judgmentally determined multiplier up to 2.0). N/A
PART 2Evaluation
Note: This part of the form assumes that the sample items are representative of the population. If the sample is not
representative, it needs to be reselected. You also need to document the selected sample items, as discussed in Chapter 8.
Projection of Misstatement: If the population is stratified, project the misstatement by stratum and add the projections
together. If the population is not stratified, you may use the Stratum #1 column to project the misstatement.
Stratum #1 Stratum #2 Total
12. Dollar amount of misstatements noted in the sample: $ 18 $ 0
13. Dollar amount of the sample: $ 2,106 $ 243
a. Population being sampled:
4(73)
$ 47,048 $ 15,286
14. Projected misstatement [(Step 12 Step 13) Step 13a.]
$ 402 $ n/a $ 402
15. Dollar amount of misstatements noted in items tested 100%
(dollar amount of misstatements found when testing Step
1a.): $
16. Total factual and projected misstatement (Step 14 + Step
15):
5(74)
$ 402
Evaluation of Test Results
17. Explain the nature and cause of misstatements.
Isolated clerical error

example, because source documents that were used cannot be located, should be treated as a misstatement.
18. Does the level of sampling risk appear acceptable? (Compare the total in Step 14 to the amounts in Step 8 and Step 9.)
Yes n No *
* Although projected misstatement exceeds expected misstatement, it is significantly less than 1/3 of tolerable misstatement.
(See Step 8.)
19. Does the sample provide a reasonable basis for drawing conclusions about the population tested? Yes n No
20. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size, asking the client
to investigate and correct misstatements, or modifying the nature, timing, or extent of planned substantive procedures,
because of test results and (b) the effect of misstatements on other aspects of the audit:
None


* * *
Predictive Test of Sales
1104.18 The Squeeze Company manufactures three sizes of plastic containers that are sold to 10 regular customers. The
manufacturing equipment the company uses has very specific operating capabilities as described in the maintenance
contract covering the equipment. The company operates 24 hours a day and maintains detailed records of any shut-downs
due to maintenance or other problems. The inventory is physically counted monthly, and the general ledger is adjusted
accordingly. How can the auditor effectively use analytical procedures to test sales?
1104.19 Solution: The auditor can predict the quantity of products the equipment could produce at capacity. By subtracting
an allowance for average maintenance time and spoilage, an estimate of products produced can be obtained. If the number
of products is relatively few, this calculated quantity can be used to predict total sales for the year (after considering the
effects of beginning and ending inventories). Any significant difference needs to be adequately explained, or alternative
additional tests should be performed.
1105 AUDIT PROGRAM
1105.1 The core audit program at ASB-AP-4 presents basic, extended, and other substantive audit procedures for accounts
receivable and sales. Using the core audit program, the auditor chooses the procedures that will be adequate to obtain
sufficient audit evidence for the relevant assertions. The specified risk audit program at ASB-AP-4-S presents the substantive
audit procedures for accounts receivable and sales that are normally adequate to respond to a set of underlying risk
assessments (provided at the front of the audit program) considered typical of many smaller businesses. The use of PPCs
audit programs is discussed in section 405.
1106 RESPONDING TO THE FRAUD RISK ASSESSMENT
1106.1 Sections 307 and 404 discuss the auditors responsibility to identify and assess risks of material misstatement due to
fraud. Based on that assessment, the auditor may determine that an audit response is necessary. Audit responses may be
overall or specific. Overall responses, such as considering the extent of supervision planned for the audit, affect the overall
conduct of the audit. Auditors generally use overall responses to address fraud risks that are pervasive to the financial
statements. Specific responses involve the nature, timing, and extent of further audit procedures. Specific responses are used
to address fraud risks in individual audit programs, that is, at the account balance, transaction class, or financial statement
assertion level.
detection matters. Examples of common fraud schemes related to accounts receivable and procedures that may be
performed in response to those schemes are provided for both misappropriation of assets (Exhibit 11-6) and fraudulent
financial reporting (Exhibit 11-7). For misappropriation of assets, Exhibit 11-6 also lists the symptoms (also called red flags or
indicators) auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting
schemes presented in Exhibit 11-7, symptoms generally relate to fraud risk factors such as the desire to minimize reported
earnings for tax-motivated reasons. Those risk factors may provide an incentive or pressure to manipulate the financial
statements. (See the discussion beginning at paragraph 302.47 for additional discussion of fraud risk factors.)
Exhibit 11-6
Common Accounts Receivable Fraud Schemes, Symptoms, and Related Audit ResponsesMisappropriation of
Assets
Assets
Audit Responses
a
Lapping Customer complaints.
Increased, unexplained aging
of receivables balances.
Unexplained discrepancies in
receivables confirmations.
Different dates between
deposits and credits to
customer accounts.
Discrepancies between
deposit slip names and
amounts of credits to
customer accounts.
Lifestyle changes in potential
suspects.
Persons with access to cash
receipts and related records
do not take annual vacations.
Send confirmation.
b
Review of journal entries.
Review of reconciling items.
Review of detail of accounts
receivable.
Conduct interviews.
Trace deposits, paying
particular attention to
composition of each deposit.
Review the allowance for
doubtful accounts.
False credits, discounts, and other
write-offs
Unusual or unexplained
credits.
Unusual or unauthorized
discounts.
Unusual, unexpected, or
unauthorized write-offs.
suspects.
Send confirmations.
b
Review reconciling items.
Review detail of accounts
receivable.
Review the allowance for
doubtful accounts.
Conduct interviews.
Inspect credit memos.
Inspect deposit slips.
Unauthorized shipments Receivables with unusual
characteristics.
credits and/or discounts.
Increase in delinquent
accounts.
Customers with unusual
names, addresses, or phone
numbers.
Shipments to parties not
approved for credit.
Shipments without sales
invoices.
suspects.
Send confirmation.
b
Examine sales and shipping
documentation.
Analyze pattern of sales and
shipments.
Consult information sources
(such as Dun & Bradstreet).
Conduct interviews.
Diversion of shipments of goods Receivables with unusual
characteristics.
Send confirmation.
b
Audit Responses
a
Diversion of shipments of goods Receivables with unusual
characteristics.
credits and/or discounts.
Increase in delinquent
accounts.
Unusual addresses on
shipping documents.
Shipments to parties not
approved for credit.
Shipments without sales
invoices.
suspects.
Send confirmation.
b
Examine credit memos.
Examine sales and shipping
documentation.
Analyze patterns of sales and
shipments.
Conduct interviews.
Collection agency schemes Unusual proportion of
write-offs by a collection
agency.
Unusually low collection rate
by a collection agency.
Send confirmation.
b
Notes:
a
b
In addition to written confirmation, the auditors may also follow up with phone calls to customers.
* * *
Exhibit 11-7
Common Accounts Receivable Fraud Schemes and Related Audit
ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Manipulation of shipping or billing to record false
sales or to improperly accelerate actual sales.
Obtain an understanding of revenue-related procedures.
Review sales returns in subsequent periods.
Perform analytical procedures.
Confirm with third parties.
b
Fraud Scheme
Audit Responses
a
Examine sales, shipping, and related documents.
Recording sales in which the buyers obligation to
pay depends on an uncertain future event.
Confirm the terms as well as the amount of sales
transactions (including the existence of side agreements)
with third parties.
b
Evaluate the collectibility of receivables.
Inquire of company sales personnel, their knowledge of
any unusual terms or conditions associated with
customers.
Recognizing sales in which there is a substantial
continuing involvement by the seller.
with third parties.
b
Inquire of company sales personnel, their knowledge of
any unusual terms or conditions associated with
customers.
Recording sales in which there is a lack of
economic substance (sham transactions).
with third parties.
b
Identify and gain an understanding of large, unusual, or
complex transactions (particularly those that are
individually material or that occur late in the period).
Consider the business purpose of the transaction from
the sellers and buyers perspectives.
Consider whether parties to the transaction may have an
undisclosed relationship to the company or its
management.
Review the nature and extent of business transacted with
major customers, suppliers, borrowers, lender, or
guarantors to consider whether any of them are related
parties.
Identify and investigate all material cash outflows as
possible sources of funds for the buyers payment of all
or a portion of the sales price.
Manipulation of percentage of completion or
proportion of service.
b
Examine contracts and related documents.
Test percentage of completion.
Notes:
a
b
* * *
1106.4 The core audit programs in this Guide provide some of the more common additional procedures the auditor may
perform in response to identified fraud risks.
CHAPTER 12: INVENTORY AND COST OF SALES
1200 GENERAL
1200.1 Inventory is one of the most complex accounts to audit in any size company. The existence and valuation assertions
may require many different procedures, e.g., observing inventory, reperforming counts, testing clerical accuracy, testing costs
and lower of cost or market, and identifying obsolescence. Adding to the complexity is the number of different valuation
methods and the wide variety of cost accounting systems encountered in practice. Because of these complexities, the
inventory accounts are very susceptible to both over- and underauditing.
1200.2 In addition, auditors have questioned the applicability of sampling to audits of inventory accounts. Is sampling used to
observe inventory? Is sampling used when testing costs? These and other questions about sampling are discussed in this
chapter.
1200.3 Accounting for inventory in conformity with GAAP can present several significant problems. The following accounting
principles deserve special consideration:
a. Inventory amounts should be stated at the lower of cost or market. That requires adjusting obsolete and
slow-moving inventory downward to its market value. Obsolescence can be difficult to identify and quantify.
b. Direct and indirect manufacturing costs should be included in the valuation of inventory at cost. Determination of the
proper amount of labor and overhead may necessitate that the auditor utilize creative techniques to compensate for
the lack of sophistication in a clients cost accounting system.
c. Various cost flow methods are allowed under GAAP, including first-in, first-out (FIFO); last-in, first-out (LIFO);
average; specific identification; and other methods (e.g., retail method). The cost used under these various methods
should be based on actual purchase cost or actual manufactured cost. Valuing inventory based on standard costs is
also allowable under GAAP if it is not significantly different than actual cost. Valuing inventory under any of these
methods can be difficult and time-consuming.
1201.1 AU-C 500.06 states:
following:
Risk assessment procedures
Tests of controls
Substantive procedures
could go wrong in the financial statements), and then designing audit procedures that are responsive to the assessed risks.
For each relevant assertion within an account balance, class of transactions, or disclosure, the auditor assesses the risks of
procedures and tests of details. Auditors ought to be familiar with the concepts discussed in those chapters when designing
the nature, timing, and extent of substantive audit procedures for inventory and cost of sales.
Relevant Assertions for Inventory and Costs of Sales
1201.5 The relevant assertions for inventory generally are as follows:
Existence or occurrence (E/O)Inventories reported in the balance sheet physically exist and represent items held
for sale or use in the normal course of business. Costs of sales reported in the income statement represent
inventoriable costs associated with valid sales that occurred during the period.
Completeness (C)Inventory quantities include all products, materials, and supplies on hand, in transit, or stored at
outside locations. Costs of sales represent all appropriate costs of goods that were sold during the period. The
financial statements include all required disclosures related to inventories.
Rights or obligations (R/O)The entity has legal title or similar rights of ownership to the inventories, and the
inventories exclude items billed to customers or owned by others.
Valuation or allocation (V)Inventories are stated at the lower of cost or market. Cost includes amounts
appropriately capitalized and is determined in accordance with the entitys cost flow method. Slow-moving, excess,
defective, and obsolete items included in inventories are properly identified and valued. Costs of sales are measured
properly and recorded in the appropriate accounts.
Cutoff (CO)Inventories and costs of sales are recorded in the proper accounting period.
Accuracy or classification (A/CL)Inventory listings are accurately compiled, extended, footed, and summarized,
and the totals are properly recorded in the inventory accounts. Inventories are properly classified in the balance
sheet. The major categories of inventories and their bases of valuation and the pledge or assignment of any
inventories are appropriately disclosed.
Substantive Audit Procedures for Inventory and Costs of Sales
1201.6 The particular substantive procedures that are necessary to obtain audit evidence for relevant assertions related to
inventory depend on the nature of inventory items held by an entity. (For example, some entities have mainly purchased items
that are held for resale, and others manufacture their products and may have raw material, work in process, and finished
goods inventory categories.) Regardless of the nature of the inventory, however, many of the auditors substantive procedures
are primarily focused on obtaining audit evidence related to the existence and valuation assertions. Examples of substantive
procedures at the account balance level for inventory that might be commonly applied (depending on the assessed level of
risks of material misstatement) are as follows:
Compare balances of inventory, inventory classification ratios, and inventory turnover with those of prior periods or
other expectations and investigate any unexpected results.
Inquire about the entitys procedures for counting inventory and observe the count, performing test counts to test
the entitys counting procedures and inspecting shipping and receiving documents for a period surrounding the
inventory observation date for later testing of cutoff. Observe the condition of the inventory for items that may be
obsolete, slow moving, or in excess quantities.
Obtain a copy of the entitys physical inventory summary and (a) test the clerical accuracy of the summary, (b)
reconcile the summary to the general ledger account balance, (c) trace inventory test counts to the summary, and
(d) on a test basis, compare tag or count sheet control numbers obtained during the inventory observation to those
used to compile the inventory summary.
Test cutoff by tracing all shipping and receiving transactions selected for testing during the inventory observation to
the appropriate journals or list of accounts payable.
Update the understanding obtained during risk assessment about the entitys procedures for valuing inventory; test
the cost of items in ending inventory by vouching to the most recent vendor invoices (assuming the FIFO method is
used to value the inventory); test the overhead rate for manufactured inventories; relate the cost of the items tested
to the costs used to price similar products, and relate the costs of untested items to prices used for the same items
in prior years.
Inquire (or update the understanding obtained during risk assessment) about the entitys procedures for identifying
scrap, obsolete, unsalable, damaged, slow-moving, or overstocked items and determine whether appropriate
allowances have been recorded; compare information obtained during the inventory observation to the final
inventory, and relate sales by product line to inventory categories for possible overstock or obsolete inventory items.
Test lower of cost or market valuation through comparison of costs to current sales prices.
Inquire about inventory that is held on consignment for others, held on a bill and hold basis, or purchased from
related parties.
1201.7 Because of the interrelationship of inventory and costs of sales, substantive tests of costs of sales (generally analytical
procedures) may also provide additional audit evidence for assertions related to inventory. Examples of substantive analytical
procedures for costs of sales are as follows:
Compare costs of sales balances and the gross profit margin by product line or division with prior years and budget,
if available, and cost of sales for the last month of the fiscal year to cost of sales for the first month after the
balance-sheet date; investigate unusual differences.
Determine the average or standard markup percentage for goods sold and compare it to the actual profit
percentage realized during the period; investigate unusual differences.
1201.8 The following procedures that might be performed during other aspects of the audit can also contribute to the audit
evidence for inventory:
The search for unrecorded liabilities often provides secondary support for the completeness and cutoff assertions.
Inspecting debt and similar agreements and minutes for evidence of pledged or assigned inventory, long-term
purchase contracts, and warranty obligations often provides audit evidence to support assertions such as
rights/obligations and completeness, including completeness of disclosures.
1201.9 The paragraphs and sections that follow provide additional discussion of certain procedures discussed in the
preceding paragraphs, as well as further considerations and procedures that may apply when auditing inventory and cost of
sales areas. As discussed in Chapter 4, the auditor should design and perform further audit procedures whose nature, timing,
and extent are responsive to the assessed risks of material misstatement at the relevant assertion level. As a result, the
substantive procedures that will be performed for inventory and costs of sales for a particular client should be tailored to
consider the assessed risks.
The Inventory Observation
1201.10 According to AU-C 501.11, it is generally necessary for auditors to observe the clients inventory counts. The authors
believe that immateriality of inventory balances is the only reason not to observe inventory. If inventory is not observed due to
immateriality, the authors believe auditors should document that conclusion. See also the discussion beginning at paragraph
1201.29.
1201.11 Objective. The objective of the auditor is to obtain sufficient appropriate audit evidence about the existence and
condition of inventory.
1201.12 Requirements. The requirements that should be followed to achieve that objective are summarized in Exhibit 12-1.
Exhibit 12-1
Requirements for Audit EvidenceSpecific Considerations for Selected Items (Inventory)Effective for Audits of
Periods Ending on or after December 15, 2012
AU-C
Reference
Guide
Reference
Practice Aids
When inventory is material to the financial statements, obtain sufficient
appropriate audit evidence about the existence and condition of
inventory by:
Attending the physical inventory counting (unless impractical) to:
evaluate managements instructions and procedures for
recording and controlling the results of the count,
observe the performance of the count procedures,
inspect the inventory, and
perform test counts.
AU-C 501.11 ASB-CX-11.1
ASB-AP-6
Performing audit procedures over the final inventory records to
determine whether they accurately reflect actual inventory count
results.
If the physical inventory count is performed at a date other than the
date of the financial statements, in addition to the preceding
requirements, perform procedures to obtain audit evidence about
whether changes in inventory between the count date and the date of
the financial statements are properly recorded.
AU-C 501.12 ASB-AP-5,
Inventory Tested
at an Interim
Date
If unable to attend the count due to unforeseen circumstances, make
or observe some counts on an alternative date and perform
procedures on intervening transactions.
AU-C 501.13 ASB-AP-6,
Inventory
Observed
Subsequent to
the
Balance-sheet
Date
If attendance at physical inventory counting is impracticable, perform
alternative procedures to obtain sufficient appropriate audit evidence
about the existence and condition of inventory. If this is not possible,
modify the opinion in the auditors report.
If inventory held by a third party is material, obtain sufficient
appropriate audit evidence about the existence and condition of that
inventory by performing one or both of the following:
AU-C 501.15 ASB-CL-9.1
ASB-CL-9.2
ASB-AP-6,
AU-C
Reference
Guide
Reference
Practice Aids
Request confirmation from the third party about the quantities
and condition of inventory.
Perform inspection or other procedures appropriate in the
circumstances.
Inventory Held
by Public
Warehouses or
Other Outside
Custodians
* * *
1201.13 Count Instructions. The success of an inventory count usually depends on the planning, emphasis, and direction
provided by management. AU-C 501.11 indicates that one of the primary purposes of attending the physical inventory
observation is to evaluate managements instructions and the procedures for recording and controlling the results of the
inventory count. Written instructions ought to be prepared in advance and reviewed by all employees assigned to the count.
However, many smaller to mid-sized businesses have unsophisticated and undocumented counting instructions, thus
creating an environment where inaccurate counts can occur. Also, it is not unusual for the client to rely on the auditors advice
regarding supervision of the counters and how to record the counts. To overcome this problem, the form titled Inventory
Counting Procedures (ASB-CX-11.1) can be used to assist the client in communicating sound written instructions for the
count.
1201.14 Test Counts. The auditor is required by AU-C 501.11 to observe the performance of the entitys count procedures
and to perform test counts. The discussion of the role of sampling, beginning in paragraph 1201.40, addresses the role of test
counts in the inventory observation. The auditor can generally minimize the number of recorded test counts necessary by
concentrating on individually significant items of inventory. Those items can be identified by reviewing the prior years
inventory summary, by inquiry, by observation, and by becoming familiar with the manufacturing process.
1201.15 Other items to consider when selecting test counts include:
Inadvertent predictability in the selection of items for test counts can be avoided by, for example, selecting some low
dollar items, not only selecting items at eye level, selecting items that are difficult to count, such as items
measured in yards or square feet, etc.
Ordinarily, auditors take more test counts than they record. Auditors are not required to document all of the test
counts they take.
The auditor might consider taking some test counts when not in the clients presence. Some inventory frauds have
been perpetrated by the client observing what items the auditor counted and later changing counts for items the
auditor did not count.
Often, inventory with identical product codes is stored in different locations of the plant or store. For example, there
may be a shelf supply designed for easy access and a backup supply at a different location. Normally (and
preferably) these different storage locations are counted on different tags or count sheets, necessitating a
summarization procedure to accumulate one grand total quantity. The auditor ought to determine whether the
companys summarization procedure leaves an adequate audit trail to enable test counts taken at one of the several
locations to be reconciled with the final total on the inventory listing. If not, the auditor may need to record test
counts at all separate locations of the product to test the grand total that will appear on the final listing.
1201.16 Chapter 9 discusses audit considerations when the client has inventory at multiple locations.
1201.17 Work in Process. The auditor needs to obtain a thorough understanding of the cost accounting system before
assessing the adequacy of the companys procedures for counting work in process. Also, it is important to understand how
significant the cost components of labor and overhead will be to the financial statements. Some manufacturing processes are
labor and overhead intensive, thus recording a reasonable estimate of labor and overhead cost during the work in process
count becomes very important. Other manufacturing processes are material intensive; consequently, a precise determination
of labor and overhead may not be essential.
1201.18 There are two general techniques for counting work in process. One approach is to identify on the count tag or
sheet the raw material codes issued to work in process and then determine the number of labor (or machine) hours charged
to the work in process jobs. After the observation, those components are costed and an overhead rate is applied to the labor
hours (or machine hours).
1201.19 An alternative approach is to estimate the equivalent finished good stage of completion of material, labor, and
overhead. Those percentages are then applied to the cost components of the finished goods being manufactured to compute
a value for work in process.
1201.20 Regardless of the approach, the production process preferably should be stopped, and movement of material
between manufacturing stages should cease. If goods will be moving during the count, it is critical that the client have proper
controls and procedures to track the flow of goods in, out, and around the companys facilities. Documents evidencing the
movement ought to be obtained for later testing of the reconciliations. The auditor needs to be cautious of double counting,
e.g., material counted as work in process ought not be counted again as finished goods.
1201.21 Cutoff. Cutoff procedures are designed to ensure that movements of inventory are posted to the appropriate
accounting records in the appropriate accounting period. For example, receipts of purchased goods before the inventory
count should be posted to the accounts payable and related inventory (or purchases) general ledger accounts before such
accounts are adjusted by the physical count. Conversely, receipts after the count should be excluded from both the count
and the preadjustment accounting records. Sales shipped before the count should be recorded in the appropriate general
ledger accounts before such accounts are adjusted for the physical count. Inventory on hand shipped after the count should
be included in the physical count, and the sale should not be reflected in the preadjustment accounting records.
1201.22 The auditors cutoff procedures at the observation date consist mainly of inquiry of company personnel, inspection
of shipping and receiving documents, and observation of receiving and shipping docks. Copies of the last shipping/receiving
documents before the inventory and the first documents after the inventory (typically, five of each) is often obtained for later
testing. Examining significant transactions for a period surrounding the cutoff date is not considered sampling. Therefore, the
results are not required to be extrapolated to the remaining population.
1201.23 Retail Inventory Count. A retail companys count procedures may differ from a manufacturers because retailers
may use portable electronic devices to count entire store sections instead of using tags to count individual product codes.
That approach eliminates documentation of the quantities of each item on hand and produces totals of the retail price of
products grouped by prearranged sections of the store. To test those procedures, the auditor needs to have a thorough
understanding of the sections that will be summarized by each count team. Such information is normally available in the form
of a map of the store with each section labeled. Two methods can be used to test the procedures. One involves counting all
items in one section and obtaining both quantity and retail price for each item included. The total extended amount can later
be traced to the inventory summary. Another method is observation of the count teams accuracy. The auditor can count one
or two items ahead of the count teams. As the team counts the items selected, the auditor can compare the count and retail
price to those recorded by the count team. Normally, it is necessary to observe numerous count teams to obtain adequate
evidence about the accuracy and consistency of the procedures used by the teams.
1201.24 Cycle Counts. Cycle counts involve counting different portions of the inventory on a continuous basis. Over time
(generally over the course of a year) the entire inventory is counted at least once. Cycle counts are used to adjust perpetual
inventory records. Cycle counts are only appropriate if clients have adequate perpetual inventory records and reliable
controls over cutoff. Clients that perform cycle counts may not take a complete physical inventory at year-end. However,
procedures that apply to a complete physical inventory observation can also be applied to cycle counts. When making test
counts, care is necessary to ensure the client properly identifies the items counted so that appropriate perpetual records are
updated. For example, clients need to properly identify and count all locations in the plant or warehouse for selected product
codes.
1201.25 Because auditors do not observe counting of 100% of the inventory, they need evidence that cycle counting
procedures were functioning effectively throughout the period (rather than just when observed) and that cycle counts were
applied to all items of inventory. That evidence can be obtained by reviewing worksheets, entries in the perpetual inventory
records, and other evidence of the regularity of cycle counts, and evaluating the results. When evaluating the results of cycle
counts, auditors consider the frequency of counts, significance of differences between cycle counts and perpetual records,
and quality of investigation of significant differences between physical counts and perpetual records. When cycle counts are
found to be reliable, perpetual inventory records may serve as the equivalent of a complete physical inventory at year-end.
1201.26 Make Inventory Count Time Efficient. Professional standards (AU-C 501.11) require the auditor to inspect the
inventory as part of the physical inventory observation. Inspection assists in verifying the existence of the inventory and also in
identifying damaged, obsolete, or slow-moving inventory. In addition, other procedures performed while at the inventory
count site can be very efficient if they are performed while waiting for various parts of the counting process to finish. Such
procedures may include examining major equipment additions, inquiring regarding property abandonments, selecting
accounts receivable balances for confirmation, obtaining bank account confirmation requests, observing and recording
disbursement checks held, and, when appropriate, counting securities on hand and performing other confirmation
procedures that are convenient to perform at that time.
1201.27 Procedures on the Final Inventory Listing. Information gathered by the auditor during the physical inventory
observation is used later to verify that the final inventory listing accurately reflects the results of the physical count. Obtaining
information useful for subsequent audit procedures and performing procedures using information gathered at the physical
inventory are discussed beginning in paragraph 1202.2.
1201.28 Inventory Observed on a Different Date. Sometimes, the physical inventory observation is performed at a date
other than the balance sheet date. That may occur, for example, when inventory is observed at an interim date or when
unforeseen circumstances necessitate that the auditor observe inventory on a subsequent date. In those cases, the auditor
still performs the basic inventory observation procedures discussed in this section and is also required by AU-C 501.12 to
perform procedures to ensure that changes in inventory between the balance sheet date and the count date are properly
recorded.
1201.29 Observation Not Feasible. When inventory is material, professional standards require the auditor to attend the
physical inventory counting unless it is not feasible to do so. Factors related to the nature and location of the inventory (such
as circumstances that threaten the auditors safety) may make it infeasible to observe the physical inventory. However,
unforeseen circumstances, inconvenience, difficulty, or obstacles related to the time or cost involved in attending the physical
inventory observation are not sufficient justification for omitting the procedure. If the auditor concludes that attendance at the
physical inventory observation is not feasible, AU-C 501.14 requires the auditor to perform alternative procedures to obtain
evidence about the existence and condition of inventory. If sufficient evidence cannot be obtained from the performance of
alternative procedures, it is necessary to modify the auditors opinion for a scope limitation.
1201.30 When attendance at the physical inventory observation is not feasible, the authors believe the alternative procedures
performed should include making or observing some physical counts of the inventory whenever possible. The authors believe
it is difficult to obtain sufficient evidence about the existence and condition of inventory without making or observing some
physical counts. Alternative procedures that may be considered when attendance at the physical inventory observation is not
feasible include the following:
Observe a subsequent physical inventory count and reconcile it to the inventory quantities at the balance sheet date.
Inspect documentation of the subsequent sale of specific inventory items acquired before the observation date.
In a multiyear or initial engagement, if only the prior years inventory observation could not be attended, observe
inventory for the current year and test prior transactions or review the records of prior counts.
The effectiveness of alternative procedures depends on the length of the period the alternative procedures cover. For
example, alternative procedures performed to reconcile a subsequent count observed three months after the balance sheet
date to the count at the balance sheet date are more likely to provide sufficient audit evidence than alternative procedures
related to a prior year count.
1201.31 When unforeseen circumstances prevent the auditor from attending the physical inventory observation, AU-C 501.13
requires the auditor to make or observe some counts on a different date and perform procedures on transactions between the
date of the physical count and the balance sheet date, as discussed in paragraph 1201.28.
1201.32 Chapter 9 discusses procedures the auditor may perform on initial audits when the auditor is unable to observe the
physical inventory for beginning or ending inventory balances.
1201.33 Use of an Outside Inventory Firm. Some companies use an outside firm of nonaccountants specializing in
physical inventories to assist in determining the inventory. Those firms may be engaged only to count the inventory, or they
may also price and extend the inventory. In those cases, the auditor still performs the same basic procedures relating to
inventory that would be performed if only company personnel were used. However, the auditor may be able to reduce the
extent of the tests if an outside firm is used. Any reduction in the extent of auditor test counts ought to be supported by a
memo explaining the basis for the reduction. Using the work of a managements specialist is discussed in section 904.
1201.34 Any reductions in the extent of tests should be determined by the auditor using appropriate professional judgment
and not by the client. Any reductions or restrictions imposed by the client in these situations may be a scope limitation.
The Role of Sampling
1201.35 Valuation Tests Using Individually Significant Items. As noted in Chapter 7, many businesses, especially those
that are small, have characteristics that may make it unnecessary to consider sampling when designing substantive
procedures. Those characteristics are (a) account populations contain a relatively small number of items, (b) individually
significant items, once tested, result in a significant level of assurance about the population, and (c) effective analytical
procedures can be performed on the remaining items in the population. An auditor initially scanning the inventory summary
may erroneously conclude that those characteristics are not present for inventory; i.e., there appear to be numerous items
(product codes) and few individually significant items. However, a closer inspection will often reveal that those account
characteristics also are true for inventory. The key lies in identifying individually significant items.
1201.36 Individually significant items in an inventory account include more than those product codes with large extended
values. Individually significant items also include those products that have a prior history of costing errors or are otherwise
prone to misstatement and may include product codes that are representative of many similar items in the inventory. For
example, if 11-gauge steel is the primary raw material used in all product codes, that code is individually significant to all
finished goods costs, regardless of whether there happens to be a significant quantity of the raw material on hand. By testing
that product code, the auditor may be able to analytically extrapolate the results to a significant portion of work in process and
finished goods prices. Also, analytical comparisons to the cost of other gauges of steel can be performed once a specific
gauge is tested. The same would be true of the testing of a finished good that is the basic manufactured product of the
company if all products are derived from or similar to that basic product.
1201.37 The most efficient procedure in many audits of nonpublic companies is to identify and test individually significant
items, analytically extrapolate the results to all relevant items, and then perform other analytical procedures on the remaining
items in the population. Other analytical tests would include comparisons of untested items to individually significant costs
tested and investigation of unusual variations. Also, untested costs can be compared to prior year costs, and factors such as
inflation, changes in labor rates, and changes in overhead rates can be considered in evaluating the reasonableness of
variations. Scanning the inventory listing and applying those procedures normally results in sound, efficient testing of
inventory valuation.
1201.38 Valuation Tests Using Sampling. Testing individually significant items as described in the preceding paragraphs is
not sampling. If sampling is used, the auditor needs to be cautious about projecting misstatements in an inventory account
balance. Pricing attributes of product codes tend to be significantly different. For example, the pricing attributes of steel (tons
converted to pounds, gauge, alloy, etc.) may have nothing in common with the pricing attributes of paint (number of gallons,
type of ingredients, color, etc.). An error noted in the cost of steel may have no relation to an error in the cost of paint. When a
pricing error is noted in inventory, generally it is best to isolate the product codes that may contain the error, then expand the
testing of those codes to determine whether the error is common to the stratum of like products.
1201.39 In summary, valuation tests that employ sampling normally are not efficient for many entities with inventories such as
those previously discussed. However, if an account balance has numerous items and no concentration of individually
significant items, sampling may be the best choice. Chapter 7 explains efficient and effective sampling approaches for small
business engagements. Also, the case studies starting at paragraph 1205.8 illustrate inventory sampling applications.
1201.40 Sampling in Inventory Observation. Another often-asked question is the role of sampling in the observation of
inventory. The answer is complex and it is not clear-cut in all cases. First, it is necessary to review the primary purpose of the
observationto evaluate the reliability of the companys counting procedures. An inventory observation is thus a test of client
procedures. However, the observation is also designed to test the physical existence of quantities recorded in the inventory
summary. Thus, the observation is also a substantive test.
1201.41 In fulfilling the objectives of the inventory observation, one view is that the auditor substantively evaluates the clients
inventory count based solely on the number of test counts recorded. Since the auditor cannot recount the entire inventory,
sampling is used when recording test counts.
1201.42 Another view, similar to that on valuation testing, is that the auditor, when observing inventories, normally
concentrates on test counts of individually significant items. For the remainder of the inventory, the auditor employs
procedures such as inquiry, visual observations, predictive analytical tests of the reasonableness of recorded inventory, and,
in some circumstances, confirmation procedures. Those several procedures are evaluated together in a complex but logical
thought process to arrive at a conclusion about the adequacy of the counting procedures and the existence of inventory.
Following that approach, the auditor is not making an evaluation about the inventory based solely on test counts but
evaluating based on a complex interaction of procedures applied to the entire inventory. Thus, sampling is not employed.
1201.43 Both views seem to be, in part, correct. However, common sense ought to prevail in their application. First, in many
engagements, the auditor would normally avoid determining the number of test counts to record based on an approximation
from a statistical sample size table. Instead, the auditor would make the decision about the number of test counts based on
factors such as (a) individually significant product codes, (b) the number of count teams involved, and (c) the point when the
auditor arrives at the count. If there are numerous concentrations of high dollar items, that could minimize the need to make
numerous test counts of other items. Conversely, inventories composed of a large number of items (such as a wholesale auto
parts inventory) will ordinarily call for numerous counts. If several count teams are involved, test counts would be expanded to
determine that all teams are complying with instructions. If the auditor is present throughout the count, test counts can be
supplemented with observations of count teams. Thus, the auditor would normally record fewer test counts by arriving before
the count is completed.
1201.44 Second, the auditor considers the significance of any miscounts discovered through the test counts, inquiries, and
observations. However, that does not necessarily mean the auditor needs to mathematically project all the miscounts into the
total inventory. Normally, the auditor considers whether any miscounts discovered relate to a specific count team, location, or
product. If so, the auditor would typically ask the client to recount the applicable portion of the inventory. In the rare case
where the cause of the miscounts cannot be isolated, the auditor may request a recount of the entire inventory. In either case,
if the auditor decides that the inventory count is unsatisfactory, the normal response is to request a recount of the inventory
instead of proposing an adjustment.
1201.45 Needless to say, the debate on the role of sampling will continue. Considering all the factors mentioned above, the
authors believe that the auditor will not ordinarily apply sampling to the inventory observation. However, if sampling is used,
haphazard selection is usually the only practical selection method.
Using Data Extraction Software
1201.46 Auditing inventories can present opportunities to use data extraction software, even for many small to mid-sized
company audits. Inventory listings can contain numerous items. As a result, testing clerical accuracy and extensions can be
time-consuming. In addition, it can be difficult to identify individually significant items, making it problematic for the auditor to
obtain sufficient assurance about the inventory balance when taking test counts and selecting items for price testing. Using
data extraction software, auditors can quickly test footings and extensions. Data extraction software can also be used to
identify significant items, which may eliminate the need to perform audit sampling. If sampling is used, data extraction
software can be used to efficiently select the sample.
1201.47 Before the auditor can perform procedures using data extraction software, electronic copies of the clients data files
need to be obtained. The auditor would access the data files and define the necessary data fields. Accessing client data may
be the most difficult part of using data extraction software. Once the files have been defined, however, the file definitions
generally can be reused in subsequent audits, generating a great deal of efficiency.
1201.48 Inventory audit procedures that can be performed efficiently using data extraction software include:
Testing clerical accuracy of the physical inventory summary.
Recalculating inventory extensions.
Determining individually significant items for consideration during the physical inventory and for price tests.
Selecting a sample of items for price tests.
Comparing costs with vendor invoice files, prior years, or costs of related inventory items.
Comparing costs with current sales prices.
Identifying slow-moving or overstocked inventory.
Section 909 discusses data extraction software in more detail.
Cost of Sales
1201.49 When designing analytical procedures, expectations about production costs ordinarily can be developed with the
necessary precision based on either (a) the nonfinancial information used to develop expectations about sales or revenues or
(b) their relationship with sales or revenues. For example, an expectation about materials cost charged to cost of sales may
be developed by applying the expected cost per unit to the number of units sold. Similarly, if sales are based on the
prescribed mark-up of cost, the auditor may develop an expectation about cost of sales by converting sales to expected cost
using the prescribed mark-up. The precision of expectations about production or service costs can often be improved by
developing them at a more detailed level, such as by product line or location. If the company is a manufacturer, identifying the
separate cost components and developing an expectation for each may improve precision.
1201.50 In some industries, vouching cost transactions is a necessary additional procedure. For example, in the construction
industry, audit evidence for assertions related to contract accounting (percentage-of-completion or completed contract) can
usually be obtained only by applying audit procedures to cost transactions. Also, some manufacturing companies have
complex costing procedures that require application of procedures to costing transactions to price test inventory.
Other Audit Considerations for Inventory and Cost of Sales
1201.51 The Other Audit Procedures for Inventory and Cost of Sales at ASB-AP-5 and Other Audit Procedures for
Inventory Observation at ASB-AP-6 provide specific audit procedures relating to less common circumstances including:
Inventory held by public warehouses or other outside custodians.
Inventory observed subsequent to the balance-sheet date (see also paragraph 1201.28).
Cycle counts (see also paragraph 1201.28).
Intercompany profit in inventory.
Use of the retail inventory method (see also paragraph 1201.23).
LIFO inventory method (see also paragraph 1203.5).
Inventory tested at an interim date (see also paragraph 1201.28).
Auditors ought to consider the use of these procedures when such circumstances apply.
1202.1 The workpapers listed below are commonly used to document the performance of inventory audit procedures. The
workpaper content and the extent of the auditors documentation will generally not be influenced by whether the workpapers
are prepared in paper or electronic format. However, if the auditor uses electronic workpapers, any client-prepared schedules
and detail need to be obtained in electronic format, if possible, to reduce the extent of paper documents that will be retained
in the audit file or require scanning (electronic workpapers are discussed in section 807).
a. Trial balance that includes individual inventory accounts.
b. Inventory observation workpapers.
(1) Client inventory-taking instructions.
(2) Memo discussing procedures performed and the results.
(3) Schedule listing individual test counts recorded during the observation of the physical inventory count.
(4) Documentation of confirmation of significant inventories held by third parties at outside locations.
(5) Schedules that account for inventory count tags or inventory count sheets to determine that those items have
been properly controlled.
(6) Reconciliation of extended inventory count to year-end adjusted inventory general ledger balance.
c. Schedule documenting the analytical procedures performed on inventory balances and to test cost of sales.
d. Other inventory testing workpapers.
(1) Final inventory summary that includes quantities and costs used to value the inventory quantities.
(2) Inventory cutoff tests of shipping and receiving documents.
(3) Schedule documenting price tests of individual items, including identification of the items tested.
(4) Schedule presenting calculation of direct labor and materials components of inventory, if applicable.
(5) Schedule containing computation of overhead applied to inventory and cost of sales.
(6) Schedule documenting inventory obsolescence or other valuation tests (only if problems identified).
Inventory Count
1202.2 If the business is a retail or wholesale operation, the inventory count may be documented by either listing individual
test counts or by obtaining, if applicable, a copy of the actual count sheets used by the client. If it is a manufacturing
company, the documentation of the inventory count procedures may be accomplished in a similar manner, except that care
needs to be taken to identify separate counts for raw materials, work in process, and finished goods. The following
suggestions can aid in the efficient documentation of inventory count procedures:
a. If the client uses count sheets, it is normally more efficient to obtain copies of those sheets and document test
counts on the copies with a tickmark.
b. If the client uses tags, it is normally more efficient to document test counts on a separate workpaper.
c. When recording test counts, record sufficient detail so the counts may be traced into the clients final physical
inventory summary. In addition to tag or count sheet numbers, record the specific inventory item identification as it
will appear in the final inventories.
d. After the observation, account for all count tags or sheets. If tags are used, the company should prepare an
inventory count tag control list to provide an accounting of tags used, unused, and voided. Test a copy of the
schedule by examining the physical tags on a test basis and retain it for the workpapers.
e. If count sheets are used, one of the easiest methods to document control of the sheets is to obtain a copy of all
count sheets used before leaving the inventory count location. If that is not feasible, the auditor can prepare or
obtain a listing of used and unused sheets and make copies of selected sheets outside the clients presence. Any
inventory sheets that are partially completed ought to be lined-out in the unused space to prevent later additions.
Inventory Cutoff
1202.3 Inventory cutoff tests are typically documented by obtaining information at the time of the physical inventory count. If
the information is not obtained at or shortly after the count date, it will be very difficult to substantiate the validity of the cutoff
information. The following are suggested methods to document the cutoff procedures:
a. The receiving and shipping transactions selected for testing need to be recorded in the workpapers in a manner that
will allow the auditor to subsequently trace the information to the respective journals. A copy of the last few
sequentially prenumbered shipping/receiving documents used before the physical count and the first few used after
the physical count (typically, five of each) may be helpful in obtaining this information. The auditor needs to be
familiar with the clients approach to recording those items, to determine that adequate documentation is obtained.
b. If the auditor determines that large shipping or receiving transactions occurred near the count date, those
transactions can be documented by identifying information such as the following:
Receiving Shipping
Date Received Date Shipped
Vendor Bill of Lading Number
Bill of Lading Product Description
Product Description Product Number(s)
Product Number(s) Quantity
Quantity Customer
In many cases, it may be more efficient to photocopy the receiving and shipping documents.
Final Inventory Summary
1202.4 The workpapers normally contain a copy of the companys final inventory summary. That summary ordinarily includes
the description of individual items, quantities of each item, location (if appropriate), individual costs, and extended values.
Most testing and valuation procedures are often documented on the face of that summary. The following are suggestions for
efficiently documenting those procedures:
a. The reconciliation of the final listing to the general ledger balance is best documented on the last page of the
summary.
b. Document the work performed to trace individual test counts to the final listing on the face of the final inventory
summary. That summary can also include documentation of any vouching of costs of selected items (if such tests
are not highly complicated), particularly if the client is involved in retail or wholesale operations.
c. Consider using data extraction software to recalculate the final balance and reperform the extension of quantities
and costs. (In some cases, the clients detailed inventory listing can be exported into an electronic worksheet such
as Microsoftr Excel. In those cases, it may be possible for the auditor to use the functionality of the worksheet to
easily foot or extend the detailed listing.)
d. If the company has identical inventory items at various locations in the plant or store, individual count totals are
summarized by product code to obtain the grand total entered on the summary. When that is done, the audit trail
may be lost between original test counts at one location and the grand total on the final inventory listing. That
problem can be avoided if the auditor test counts all of the many locations of a product code during the inventory
observation. At a minimum, the auditor needs to understand the clients procedures to summarize the inventory and
ensure that the documentation is retained to provide an audit trail. In certain rare instances where the inventory
summarization does not provide an audit trail of the summarization of each of the multiple locations counted, and it
is not feasible to apply test counts for each location, the auditor may need to consider whether a computer specialist
will need to be involved to help test the inventory summarization programs.
Inventory Costs and Market Value
1202.5 If tests of details of inventory costs are performed, there are generally two ways to document those tests. One
approach is to document the test of inventory cost directly on the face of the final inventory summary. The alternative is to
prepare a summary price test that includes information concerning individual items selected for testing. The following
suggestions are presented to provide an efficient and effective approach to documenting tests of inventory valuation.
a. If the company is a retailer or wholesaler, it may be easier to document the test of appropriate cost by tickmark
directly on the face of the final inventory summary.
b. Documentation of inventory cost for a manufacturing company is more difficult than for a wholesaler. The auditor
needs to consider the methods used to determine manufactured inventory cost and the various components
included in the total item costs. It is preferable to document tests on separate workpapers, making sure to identify
the items tested. It is important not to perform tests of labor and overhead costs simply because they exist. The
decision to perform such tests should be based on the assessed risk and significance of those components.
c. Make separate calculations for the last-in, first-out (LIFO) cost method if the client uses that method to cost the
inventory. If LIFO is used, it is best to maintain a permanent file schedule to document the LIFO inventory layers and
continuing LIFO valuation reserve. See the discussion beginning with paragraph 1203.5.
d. Present inventory subject to long-term contract and percentage-of-completion accounting on separate summary
workpapers. Those inventory items should be observed, if significant, to determine that the percentage of
completion used is reasonable. One possible method to document the observation and the completion percentages
is to use photographs and include them in the workpapers.
e. Photographs might also be used to document the relative condition of major inventory items when obsolescence (or
the existence of other physical condition valuation issues) is a potential problem for significant inventory items, or
when it is essential to gain substantial evidence about the percentage of completion of work in process (for example,
for a building or other construction project).
Summary Memorandum
1202.6 Traditionally, the inventory procedures performed and results obtained are often included in a summary memo.
Normally, this memo is redundant. Using such a memo is efficient only when it is a substitute for more extensive
documentation. However, if a memo is used, it should identify the items tested when performing substantive tests of details
involving inspection of documents, such as inventory price tests. The authors believe items tested can be identified by listing
the items; by including a detail schedule in the workpapers, such as the physical inventory listing on which the items are
identified; or by documenting in the workpapers the source and selection criteria. For example:
a. For tests of significant items, documentation may describe the auditors scope and the source of the items (e.g., all
inventory balances greater than $5,000 from the 12/31/X2 extended inventory listing).
b. For haphazard or random samples, documentation should include the identifying characteristics of the items (e.g.,
the specific product codes, SKUs, etc.).
c. For systematic samples, documentation may indicate the source, starting point, and sampling interval (e.g., a
selection of inventory items from the 12/31/X2 extended inventory listing, starting with product number 2150 and
selecting every 100th item thereafter).
Cost of Sales Workpapers
1202.7 Cost of sales workpapers generally consist of a schedule documenting the analytical procedures performed to test
cost of sales including the development of expectations, the data used, and the results of comparing expectations with
recorded amounts or ratios developed from recorded amounts. If additional audit procedures are considered necessary in
response to unexpected differences, those procedures should be documented along with the results. Because of the
relationship between sales and cost of sales, it is often efficient to document the analytical procedures for both components
on the same schedule. Frequently, expectations about each are based on the same underlying data.
1203 AUDITING INVENTORY VALUATION
1203.1 There are several ways that inventory can be valued. Some of the more common are:
a. First-in, first-out (FIFO).
b. Last-in, first-out (LIFO).
c. Average cost.
d. Standard cost.
e. Specialized industry methods.
The auditors inventory procedures need to fit the individual principles the client uses. Thus, it is critical that the auditor
understand how the client values its inventory. This section briefly discusses the common inventory accounting methods and
explains common audit procedures. PPCs Guide to Preparing Financial Statements discusses inventory accounting in more
detail.
First-in, First-out
1203.2 The FIFO method assumes that goods are sold in the order they are purchased or made. Thus, the year-end FIFO
inventory represents the latest inventory acquired or produced. Companies with formal perpetual inventory records compute
their inventory cost continually throughout the year. Others compute their inventory cost periodically, such as each month end
or year end, based on the cost of the latest items added to inventory. Some businesses informally price their inventory using
the very last purchase price of each item.
1203.3 Using the formal approach to testing FIFO inventories, the auditor selects certain items and vouches enough recent
purchases of those items to equal their year-end inventory quantities. For example, suppose an auditor is conducting a FIFO
price test of a wholesalers December 31, 20X1 inventory. One of the items selected for the price test is 100,000 Type A gears.
The auditor would vouch Type A gear purchases beginning with the latest 20X1 purchase and work backward until 100,000
gears were vouched. Then the auditor would compare the total cost of those gears to the clients extended inventory.
1203.4 Sometimes auditors can shortcut that formal approach. The auditor can select certain items and scan the clients
inventory purchases or vendor files for the year to determine whether purchase prices for those goods varied during the year.
If there were no significant price changes, the auditor can use the latest purchases to test the clients cost for those items. The
procedure can be documented with tickmarks on the final inventory summary. The shortcut method is most effective if prices
are stable and inventory turns over quickly.
Last-in, First-out
1203.5 Under the LIFO method, ending inventory represents the oldest goods available for sale. There are several ways to
compute LIFO inventories, but the link chain method is most commonly used. PPCs Guide to Preparing Financial Statements,
Chapter 12, provides guidance on applying various LIFO methods. Regardless of the method used, most companies record
their inventory at current cost (using FIFO, average cost, or another method) and establish a LIFO reserve to reduce current
inventory to LIFO cost.
1203.6 Auditing LIFO inventory valuation is essentially a two-step process
a. The auditor tests the current inventory cost of selected items based on the clients inventory method.
b. The LIFO calculation is tested, generally through reperformance of the clients calculations. As previously
mentioned, auditors frequently keep permanent file workpapers summarizing the LIFO layers.
Note that auditors need to test both the current inventory costing and the LIFO calculation.
Average Cost
1203.7 The average cost method calculates a weighted average of goods available for sale (that is, beginning inventory plus
purchases during the period). That average is the unit cost of ending inventory. Auditors may have difficulty performing
conventional price tests on average cost inventories because matching inventory items to specific purchases is not always
possible. Some common methods used to test average cost inventories are:
a. FIFO Approach. (See paragraph 1203.3.) This method generally works best when the client prices its inventory at
least monthly and the inventory turns over a minimum of three times per year.
b. Reperformance. This approach involves understanding the procedures the client uses to calculate average cost and
reperforming those calculations for certain items. This method requires a good formal inventory system and a
sufficient audit trail.
c. Reasonableness Test. This is similar to the FIFO shortcut approach (see paragraph 1203.4). The extent of testing
depends on the volatility of inventory prices and the inventory turnover.
Standard Cost
1203.8 Some manufacturers may develop standard costs to value their products. Sometimes they use standard costs only
for the labor and overhead components, especially when materials costs are more significant. Auditors generally test
standard costs of selected items by independent calculation or reperformance of the clients calculations, depending on:
a. When the standards were updated. (Standards over one year old generally do not reflect current costs.)
b. Complexity of the calculations. (Complex standards may be difficult to compute independently.)
c. Condition of the inventory records. (Independent calculations may be needed if there is not a clear audit trail.)
In many audits, especially those of smaller companies, the clients inventory system is relatively simple and is based on a
FIFO assumption. Accordingly, independent valuation is often the most efficient approach to test inventory costing.
Lower of Cost or Market
1203.9 Although cost is the primary basis for inventory pricing, a departure from cost is required when the loss of usefulness
or reduction in replacement or selling price of an item reduces its recoverable value below cost. The lower-of-cost-or-market
method eliminates inventory costs that, in all probability, will not be recovered in the future. Under this method, losses from
damage, deterioration, obsolescence, changes in price structure, etc., are chargeable against revenues in the period in which
such losses occur, rather than in the later period when the item is sold or scrapped.
1203.10 In applying the lower-of-cost-or-market method, market is generally defined as current replacement cost, except
that:
a. Market cannot be greater than net realizable value.
b. Market cannot be less than net realizable value reduced by a normal gross profit margin.
1203.11 Replacement cost of purchased materials should be based on the purchase of the usual quantities under normal
circumstances. Net realizable value means selling price less estimated costs to complete and sell. Selling expenses that are
directly related to disposing of the item (commissions, freight, packaging, etc.) are properly included in the determination of
cost to complete and sell, but other selling expenses, advertising, general and administrative expenses, etc., should be
excluded.
1203.12 An essential part of applying the lower-of-cost-or-market method is determining the net realizable value of obsolete
and excess items. Obsolete inventory includes items that are not expected to be used or sold in the normal course of
business. Excess inventory includes items on hand that are in excess of a reasonable supply based on normal and
anticipated usage. What constitutes a reasonable supply will vary between companies, inventories, and items. However, one
years estimated requirements is often used as a broad general guide, unless the apparent excess has been accumulated
for a good business reason. Market for obsolete and excess inventory usually is net realizable value which, in some instances,
may be the estimated scrap value. The preferable practice is to write down specific items that are obsolete or in excess. An
alternative, which may be appropriate in cases where it is not practicable to consider individual items, is to use predetermined
percentages to reduce various inventory classes in accordance with their ages. Similar considerations apply to other
inventories with characteristics that present a higher level of risk relating to the valuation assertion. Such inventories might
include those that are damaged, returned, and used for demonstration or rental purposes. For many businesses, such
inventories are often inconsequential. However, for certain industries, inventories similar to these may be material.
1204.1 As previously discussed, there are many potential areas for overauditing inventory and cost of sales. When inventory
is significant to the financial statements and the risk of material misstatement is high, more extensive procedures should
ordinarily be performed by the auditor to respond to identified risks for relevant assertions. However, some auditors simply
perform traditional time-consuming inventory procedures in all cases.
1204.2 The following are some areas that are frequently subject to overauditing:
a. Excessive Test Counts. Test counts have traditionally been performed without regard to potential grouping of
inventory. Grouping the inventory into significant items can reduce the number of test counts recorded while
increasing or, at least, not reducing, the level of assurance obtained. In addition, auditors ordinarily will take more
test counts than they record. Auditors are not required to document all of the test counts they take and generally it is
unnecessary and inefficient to do so.
b. Understanding and Testing Internal Control. As discussed in Chapter 3, auditors are required to obtain an
understanding of the design and implementation of internal control sufficient to assess the risk of material
misstatement and design further audit procedures. However, in many audits, it is often not necessary for auditors to
test the operating effectiveness of controls, even if the client uses a perpetual inventory system, given the risks and
that it may be more efficient to apply substantive procedures. However, in other situations, when considering the
risks of material misstatement, the auditor may determine that a further understanding of control activities, as well as
tests of operating effectiveness of relevant controls, may be necessary; for example, when a client performs cycle
counts of inventory and does not take a complete physical inventory at year end. (See paragraph 1201.24.) It might
also be necessary for auditors to obtain a further understanding of controls and test controls when the method of
valuing the inventory is complex, such as the inventories of construction contractor clients because of the
complexities of percentage-of-completion accounting and the importance of an adequate cost accounting system.
(See PPCs Guide to Construction Contractors.)
c. Excessive Inventory Count Observation. If a company maintains inventory at various locations, the auditor can
sometimes select only certain locations or high dollar items for test counts. Other locations, if significant, may be
visited merely to observe general volume of inventory compared to final valuations. This approach can significantly
reduce test counting procedures. (Chapter 9 discusses considerations when the client has inventory at multiple
locations.)
d. Recounting All Inventory Items. Some auditors feel they must count each item in the inventory to properly observe
the physical count. This approach may be necessary to avoid a scope limitation if the client does not generate
appropriate physical count documentation. However, this approach is normally excessive and will require significant
audit time.
e. Excessive Calculation of Inventory Extensions. The auditor can select items for reperformance of inventory
extensions based on obtaining a representative group and providing a high dollar coverage. That will usually
produce the minimum number of items necessary for testing.
f. Failure to Identify Individually Significant Items. Many inventories are most efficiently tested for valuation and
existence by first grouping the inventory into individually significant items. Significant items can be tested and then
analytically compared to the remainder of the items in the population. Sampling for valuation evidence is often
unnecessary in many audits. (See the discussion beginning at paragraph 1201.35.)
g. Elaborate Labor and Overhead Tests. Unnecessary work can result if labor and overhead components of work in
process and finished goods are tested without consideration of the relative significance of those amounts to the
financial statements. If those components do not represent significant balances, they might not be tested. When
testing is appropriate, analytical procedures can often be designed to test the overall reasonableness of those
components. The auditor need not recalculate all the intricate details of the costing system. Recalculation can be
inefficient and does not always produce satisfactory evidence about the total of such costs.
h. Unnecessary Net Realizable Value Calculations (Except for Obsolescence). Although GAAP requires inventory to be
stated at the lower of cost or market, it is usually not necessary to recalculate the net realizable value of all work in
process and finished goods to determine compliance with GAAP. When it is obvious from inventory turnover rates
and relative inventory volumes compared to sales history that there is limited exposure from declines in the market
value of inventory, there is no reason to perform individual calculations of the net realizable value of inventory.
1204.3 The following items are typical underauditing tendencies for inventory:
a. Failure to Identify Significant Obsolescence. The auditor needs to be alert for potential obsolescence and market
value problems of significant inventory items. This may be done for various types of inventory by determining the
inventory turnover ratio and identifying items that physically appear to have been on hand for a significant period of
time (accumulated dust, prior year count tags attached, deterioration, etc.). In addition, the clients website may be a
good source of information about current sales prices of products to help identify market value problems, such as
obsolescence or net realizable value issues.
b. Inadequate Control of Count Tags and Sheets. Count tags or sheets need to be reconciled as used, voided, or
unused before the auditor leaves the inventory observation. Otherwise, there is no later procedure to test for items
added after the count. Inexperienced staff often do not recognize the importance of maintaining tag control.
c. Failure to Coordinate Receivables and Payables Cutoff Tests with Inventory Procedures. For example, the auditor
can compare cutoff misstatements found in receivables or payables tests to the inventory cutoff records to
determine if those errors affect inventory or cost of sales.
d. Failure to Test Count in Both Directions. When performing test counts, the auditor ought to select items from both
the floor (comparing to the inventory listing) and the inventory listing (comparing to the floor count). Testing both
directions allows the auditor to test for both overstatements and understatements of inventory.
e. Failure to Determine Reasonableness of Gross Profit. Some auditors perform many detailed tests of transactions but
fail to assess the reasonableness of the overall gross profit percentage. A seemingly minor change in a gross profit
percentage from one year to the next (e.g., from 20% to 22%) can have a significant effect on net income and will
usually require an explanation. Also, gross profit analysis often provides a good indication of the reasonableness of
the ending inventory balance.
1205 CASE STUDIES
Inventory Observation and Price Tests
1205.1 Plas-Cup, Inc., makes two basic products: plastic drinking cups and pantyhose containers. The manufacturing
process for each product is the same. One of three types of plastic crystal is combined with other resins and machine-molded
into various sizes and shapes of cups and containers. Product costs vary by the amounts of the ingredients needed and the
machine run time. (Those factors increase with the size or complexity of the product.) At year end, the company takes a
physical inventory count of all raw materials (plastic crystals stored in silos, various other resins, and packing cartons) and
finished goods. Counting inventory is relatively simple, as there is no work in process. The inventory count is extended at
estimated FIFO cost to determine year-end inventory.
1205.2 The controller prices the physical inventory of raw materials at latest vendor invoice cost. Finished goods costs
include the cost of the purchased raw materials components and a standard cost developed from bills of material prepared
by the plant production engineer. Standard costs include labor and overhead factors derived from total machine hours for the
year divided into total labor and overhead costs for the year. The prior year summarized financial statements of the company
follow:
20X2
Inventory
Raw Materials $ 171,000
Finished Goods 199,000
Total Inventory $ 370,000
1205.3 The auditor is planning the 20X3 inventory observation and price tests and is reviewing the prior year inventory
summary to determine if there are individually significant inventory items (product types) that should be test counted and
price tested. The prior year listing shows the following concentrations:
Location
Product
Types
% of
Inventory
Value
Raw Materials:
Polystyrene crystal Silo #1 1 25
Medium-impact crystal Silo #2 1 28
Polypropylene crystal Silo #3 1 4
Various other resins and packing
supplies Plant 50 43
100%
Finished Goods:
Plastic drinking cups Plant 35 51
Plastic pantyhose containers Plant 22 32
Other miscellaneous products Plant 100 17
100%
How does this information affect the auditors planned procedures?
1205.4 Solution: The auditor plans the test counts and price tests based on knowledge of the inventory and manufacturing
process and the assessed level of risks. Given this knowledge and the assessed risks (not illustrated) the auditor has planned
the following procedures:
a. Raw Materials. The summary of raw materials suggests that the auditor concentrate test counts and price tests on
the products in Silos 1 and 2. Since few, if any, of the 50 resins or packing supplies product types in the plant are
likely to be individually significant, the auditor plans to observe the clients inventory count, make appropriate
inquiries, and take some test counts to assess the reliability of the clients counting procedures. The lack of
individually significant resins or packing supplies might seem to suggest that sampling will be necessary to price
test these items. However, the auditor knows that the costs of resins and packing supplies (cartons) vary in
proportion to their weight and size, respectively. Thus, the auditor plans to test the unit cost of a pound of resin and
one size carton and visually scan the listing for reasonableness based on the tested unit costs and relative weights
and sizes.
b. Finished Goods. At first glance, it may appear that sampling will be necessary to test finished goods. However, the
summary of finished goods suggests that the auditor may be able to easily test count 100% of plastic drinking cups
and pantyhose containers and assess the clients count of the remaining areas based on observation, inquiry and
some limited test counts. Also, the auditor knows that the prices of the various types of cups and pantyhose
containers are proportional to their relative size and shape. Thus, the auditor will test the cost build-up of two
products (one a drinking cup and the other a pantyhose container) and analytically extrapolate the results to a
significant portion of the finished goods inventory. In testing the cost build-up of the two finished goods items, the
auditor can use the costs of the raw materials components previously tested and test the standard overhead cost
factors. Then the auditor can compare the two finished goods product codes tested to the untested codes and
investigate any prices that do not appear reasonable, based on their relative size and shape.
Alternatives to a 100% Observation
1205.5 The auditor is planning the 20X2 inventory observation of Go Go Gas, a self-service gasoline and convenience
grocery store chain with 60 stores (20 stores have both gas and groceries, 40 stores have only gas) located in 15
southwestern states. The summarized financial statements of Go Go Gas for 20X1 follow:
20X1
Inventory:
Gas $ 2,400,500
Groceries 580,000
Total Inventory $ 2,980,000
Net Income before Tax $ 700,000
1205.6 The number of store locations and their wide geographic dispersion present a challenging problem to the single office
CPA firm. Grocery inventory is counted on adding machine tapes at retail values, then converted to cost using an average
mark-up percentage. Gasoline inventory is counted by measuring the depth of underground storage tanks and converting to
gallons based on the dimensions of the tanks. An average grocery store maintains $35,000 in retail value of groceries (cost
approximately $25,000) and has total available gasoline storage of 45,000 gallons when the tanks are full (actual number of
gallons on hand is dependent on the date of the last delivery from the supplier). Observation of the grocery inventory takes
about six hours per store. Gasoline takes about one-half hour to measure and convert per store. The auditor estimates that a
100% observation would require about 150 hours of observation time (30 hours for gasoline and 120 hours for groceries), not
including about 120 hours of travel time plus travel cost. How should the auditor observe the inventory?
1205.7 Solution: The auditor may consider several alternatives to a 100% observation depending on the assessed level of
risk:
a. A 100% observation of all stores is not required by professional standards. Analytical tests can be performed on
stores not observed to test the reasonableness of gasoline and grocery inventories. The physical existence of the
stores can be substantiated by examining property titles during the fixed asset work or by inspecting gasoline and
grocery delivery tickets from vendors servicing the remote stores. Stores selected for observation ought to be
rotated each year and visited on a surprise basis.
b. Convenience stores are normally clustered around major metropolitan areas; therefore, an auditor can normally visit
and measure gasoline at 5 to 10 stores in one day. Counting of grocery inventory need only be observed at one or
two randomly selected stores. An average inventory per square foot, based on counts observed, can then be
established. During the gasoline counts of other stores, the auditor can simply obtain a measurement of the stores
square footage, predict the retail value of inventory on hand, and compare that to the store managers perpetual
records maintained from store deliveries and cash register sales.
c. Reduce out-of-town travel cost by using another CPA firm in remote cities to visit the stores.
Valuation Tests Using Sampling
1205.8 Speed-Way Motors is an auto dealership with the following prior year summarized financial statements:
20X1
Inventory:
New and Used Cars $ 3,700,000
Parts and Accessories 380,000
20X1
Total Inventory $ 4,080,000
Net Income before Tax $ 250,000
1205.9 The auditor has completed the observation of autos and parts and is now preparing to test the value of inventory. The
auto inventory consists of 300 new cars (five different styles) and 30 used cars (all makes and models). The parts inventory is
composed of approximately 3,000 different part numbers, none of which is individually significant to the financial statements.
After completing ASB-CX-2 (not illustrated), the auditor has determined planning materiality and tolerable misstatement to be
$135,000 and $101,000, respectively. What is a possible approach for the auditor to test the cost of inventory?
1205.10 Solution: The auditor decides to test the cost of five new cars (one for each style), then compare the tested cost to
the cost of all remaining new autos. This quick test provides a 100% test of the reasonableness of the new car inventory. Used
car values are not significant, but the auditor decides to select several used cars and compare their carrying value to the car
dealers wholesale price book to determine if there is a net realizable value problem.
1205.11 The parts and accessories inventory presents a more challenging problem. The inventory is atypical to that found in
most small businesses, i.e., there are numerous line items and an absence of individually significant items. Accordingly, the
auditor decides the parts inventory is a candidate for sampling. The parts inventory is maintained on a computer listing, and
individual part numbers are valued at average cost. The sampling planning and evaluation form for this work follows in Exhibit
12-2. See Chapter 7 for a discussion of sampling in a small business engagement.
Exhibit 12-2
ASB-CX-8.2: Sampling Planning and Evaluation Form Substantive Procedures
Entity: Speed-Way Motors Balance Sheet Date: 10/31/X2
Completed by: Barnabas McGregor Date: 3/1/X3
Account Balance or Transaction Class: Retail parts inventory
Assertions(s): V, A/CL
Part 1Planning
Retail parts inventory consisting of approximately 3,000 different part numbers, none individually significant.

Units Amount
Units Amount
a. Items to be examined 100% (individually significant
items). $
b. Population being sampled. 3,000 $ 380,000
c. Total of account balance or transaction class (a + b). 3,000 $ 380,000
Examine vendor invoices to test unit costsee Step 5 at W/P AP-5.8 [not illustrated].

Part number.

Observed inventory and tested the accumulation of quantities in final inventory listing. Reviewed reconciliation of final
inventory listing to general ledger and randomly selected part numbers from that listing.

Latest vendor invoice(s) cost for a part is significantly different from average cost.

6. Sample selection method to be used: Haphazard Random n Systematic
deferrals made to close the books.): $ 10,000
population.
(Step 1b.) $ 380,000
(Step 7) $ 101,000
Risk
factor 3
= Sample
size 12
auditor.]
RISK FACTORS
Risk of Material Misstatement Other Substantive Procedures Risk
High Moderate Low
High 3.0 2.3 1.9
Low 1.9 1.2 0.9
1.20 (or other judgmentally determined multiplier up to 2.0). 14
Part 2Evaluation
Projection of misstatement: If the population is stratified, project the misstatement by stratum and add the projections
12. Dollar amount of misstatements noted in the sample: $ 150 $ N/A
13. Dollar amount of the sample: $ 5,423 $ N/A
a
$ 380,000 $ N/A
14. Projected misstatement [(Step 12 Step 13) Step
13a.]: $ 10,511 $ N/A $ 10,511
15. Dollar amount of misstatements noted in items tested
100% (dollar amount of misstatements found when
testing Step 1a.): $
16. Total factual and projected misstatement (Step 14 +
Step 15):
b
$ 10,511
Isolated clerical error

Yes n No *
* Projected misstatement was approximately equal to expected misstatement but significantly less than 1/3 of tolerable
misstatement.
19. Does the sample provide a reasonable basis for drawing conclusions about the population tested?
Yes n No
20. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size; asking the client
to investigate and correct misstatements; or modifying the nature, timing, or extent of planned substantive procedures,
because of the test results and (b) the effect of misstatements on other aspects of the audit:
None

Notes:
a
Ensure that the sum of the stratum populations equals the amount at Step 1b.
b
ASB-CX-12.1 and ASB-CX-12.2 can be used to record misstatements after considering the level of sampling risk.
* * *
Deciding Whether to Sample Inventory Costs
1205.12 Puttum-Up Fence Co. manufactures wooden and chain link fences that are distributed wholesale to nurseries,
building contractors, farm and ranch stores, and fence and lumber dealers throughout Montana. The client has taken its
November 30, 20X1, year end physical inventory, priced it on a FIFO basis, and prepared a trial balance for the auditor. The
trial balance shows the following summarized financial data:
Material
Cost
Labor and
Overhead Total
Material
Cost
Labor and
Overhead Total
Inventories:
Raw Material $ 1,208,412 $ $ 1,208,412
Work in Process 35,348 12,489 47,837
Finished Goods 80,490 27,341 107,831
Total Inventory $ 1,324,250 $ 39,830 $ 1,364,080
Net Sales $ 15,302,200
Pretax Income $ 786,905
1205.13 The manufacturing process is simple, and relatively little labor or machine time is required to cut, shape, and
assemble the raw materials into fencing lengths. Labor and overhead is applied to the ending inventory based on average
labor/overhead rates for the year times estimated direct labor hours in work in process and finished goods inventory. (This
method has been tested by the auditor and considered reasonable.) Planning materiality and tolerable misstatement have
been computed at $101,000 and $75,700, respectively.
1205.14 Ninety-seven percent of the dollar value of the inventory is raw materials consisting mainly of boards of different
types and grades of wood, rolls of chain link, wire, and fence posts. Only the materials components of the work in process
and finished goods are included in the priced out listing; as previously mentioned, labor and overhead are added by an
overall calculation. Using the extent of tests worksheet (ASB-CX-8.1, as shown in Exhibit 12-3), the auditor reviews the listing
and identifies one item over $25,200 (one-third of tolerable misstatement) and nine more items over $9,600. The ten items
total $170,853. How many raw material items should be price tested?
Exhibit 12-3
ASB-CX-8.1: Planning Worksheet to Determine Extent of Substantive Procedures
Entity: Puttum-Up Fence Co Balance Sheet Date: 11/30/X1
Completed by: Sue Kemp Date: 12/22/X1
Account Balance or Transaction Class: Raw Material Inventory
PART 1Initial Calculation
a. Total account balance 3,165 $ 1,324,250
b. Individually significant dollar items [amount = $ 9,600
calculated at ASB-CX-2)] 10 170,853
None

d. Remaining balance [a. (b. + c.)] 3,155 $ 1,153,397
e. Tolerable misstatement (ASB-CX-2) $ 75,700
PART 2Consideration of Remaining Balance
items in Step 2.]
with respect to d.
same assertion(s) audit objective, consider whether those other substantive procedures provide adequate audit
assurance with respect to d.
a. Account balance (see 3a.) $
Amount used: $
c. Unusual items (see 3c.)
d. Remaining balance [a.(b. + c.)] $
e. Tolerable misstatement (see 3e.) $
PART 3Summary of Testing to Be Performed
8. Briefly describe the audit procedures to be applied to individually significant items. Recent vendor invoices will be
examined to verify the unit cost.

sampling will be used, complete ASB-CX-8.2. Sampling will be used to test the remaining balance. Vendor invoices will
be examined for sampled items.

* * *
1205.15 Solution: The auditor decides to test all ten items over $9,600. She finds a total $6,671 overstatement in the tested
items. She knows that she cannot project this misstatement to the items in the remaining balance because the 100% test was
not a sampling application. The untested remaining balance amounts to $1,153,397, which is too large to leave untested;
therefore, the auditor needs to decide how to test this category.
1205.16 The auditor considers alternatives for testing the remaining balance considering assessed risks. She can scan the
items under $9,600 and review the reasonableness of the unit prices based on the unit prices she has tested for similar items
in the group of individually significant items. However, that approach might not be efficient because there are over 3,000 items
in the remaining balance. (The listing is almost 100 pages long.) Also, most of the items in the remaining balance are less
than $500 each, so lowering the criteria for individually significant dollar items is impractical.
1205.17 The alternative is sampling. Tolerable misstatement is $75,700. Since the auditor also plans to perform analytical
tests of the related cost of goods sold and inventory turnover, she assesses the other procedures risk to be moderate. Her
combined assessment of inherent and control risk is high. A sample size of 35 is calculated. The worksheet in Exhibit 12-4
shows the results of the sampling application. Note that the auditor increased the sample by approximately 20% to 42 items
because it was impractical to stratify the $1,153,397 remaining balance into two groups.
Exhibit 12-4
Entity: Puttum-Up Fence Co. Balance Sheet Date: 11/30/X1
Completed by: Sue Kemp Date: 12/22/X1
Account Balance or Transaction Class: Raw Material Inventory
Part 1Planning
Material costs for raw materials inventory.

Units Amount
a. Items to be examined 100% (individually significant
items). 10 $ 170,853
b. Population being sampled. 3,155 $ 1,153,397
c. Total of account balance or transaction class (a + b). 3,165 $ 1,324,250
corresponding audit program step): Examine vendor invoices to test unit costsee Step 5 at W/P AP-5.12 [not
illustrated].

Individual inventory code.

Observed inventory and tested the accumulation of quantities in final inventory listing. Reviewed reconciliation of final
inventory listing to general ledger and randomly selected inventory codes from that listing.

Difference between client amount and extended amount based on recent vendor invoices.

6. Sample selection method to be used: Haphazard Random n Systematic
deferrals made to close the books.): $ 7,500
population.
(Step 1b.) $ 1,153,397
(Step 7) $ 75,700
Risk
factor 2.3
= Sample
size 35
the same assertion(s) as the sampling procedures will not detect a material misstatement. The selection of the
appropriate risk factor and the ultimate acceptance of the sample size is a matter of professional judgment to be
exercised by the auditor.]
RISK FACTORS
Risk of Material Misstatement Other Substantive Procedures Risk
High Moderate Low
High 3.0 2.3 1.9
Low 1.9 1.2 0.9
1.20 (or other judgmentally determined multiplier up to 2.0). 42
Part 2Evaluation
12. Dollar amount of misstatements noted in the sample: $ 129 $ N/A
13. Dollar amount of the sample: $ 18,571 $ N/A
a
$ 1,153,197 $ N/A
14. Projected misstatement [(Step 12 Step 13) Step
13a.]: $ 8,012 $ N/A $ 8,012
15. Dollar amount of misstatements noted in items tested
100% (dollar amount of misstatements found when
testing Step 1a.): $ 6,671
16. Total factual and projected misstatement (Step 14 +
Step 15):
b
$ 14,683
Inventory unit costs were based on latest invoice cost instead of matching cost of quantities on hand to quantities
purchased as required under FIFO.

Yes n No *
* Projected misstatement was approximately equal to expected misstatement but significantly less than 1/3 of tolerable
misstatement.
19. Does the sample provide a reasonable basis for drawing conclusions about the population tested?
Yes n No
20. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size; asking the client
to investigate and correct misstatements; or modifying the nature, timing, or extent of planned substantive procedures,
because of the test results and (b) the effect of misstatements on other aspects of the audit:
None


Notes:
a
Ensure that the sum of the stratum populations equals the amount at Step 1b.
b
ASB-CX-12.1 and ASB-CX-12.2 can be used to record misstatements after considering the level of sampling risk.
* * *
Cost of Sales Analysis
1205.18 The Squeeze Company uses only two main raw materials in the manufacturing process for its containers. These two
materials are mixed evenly to produce the containers, and then a molding process is applied. The manufacturing process
requires a relatively small amount of labor. About 70% of the final cost is represented by materials. The company maintains its
cost of sales segregated by raw materials, labor, and overhead. How could the auditor apply analytical procedures to obtain
evidence about cost of sales?
1205.19 Solution: One possible approach might be for the auditor to determine an average quantity of materials content in
each container. Then, by using an average materials cost for the year, the auditor can calculate the average materials cost
per unit and compare it to a similar cost determined from the production records. For example:
General Ledger Materials Purchasing Records
Total materials cost of sales $ 500,000 Cost of materials purchased $ 527,425
Units sold
5,000,000
Pounds purchased
1,241,000
Average materials cost per unit
sold $ .10 Cost per pound $ .425
Ounces of material per unit
3.750
Conversion to ounces
16
Cost per ounce $ 0.0267 Cost per ounce $ 0.02656
Based on this analysis, the auditor could conclude that cost of sales for materials is reasonable.
1206 AUDIT PROGRAM
1206.1 The core audit program at ASB-AP-5 presents basic, extended, and other substantive audit procedures for inventory
and cost of sales. Using the core audit program, the auditor chooses the procedures that will be adequate to obtain sufficient
audit evidence for the relevant assertions. The specified risk audit program at ASB-AP-5-S presents the substantive audit
procedures for inventory and cost of sales that are normally adequate to respond to a set of underlying risk assessments
(provided at the front of the audit program) considered typical of many smaller businesses. The use of PPCs audit programs
assertion level.
detection matters. Examples of common fraud schemes related to inventory and procedures that may be performed in
response to those schemes are provided for both misappropriation of assets (Exhibit 12-5) and fraudulent financial reporting
(Exhibit 12-6). For misappropriation of assets, Exhibit 12-5 also lists the symptoms (also called red flags or indicators)
auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting schemes
presented in Exhibit 12-6, symptoms generally relate to fraud risk factors such as the desire to minimize reported earnings for
Exhibit 12-5
Common Inventory Fraud Schemes, Symptoms, and Related
Audit ResponsesMisappropriation of Assets
Audit Responses
a
Theft of inventory or scrap. Unexpected out-of-stock condition.
Excessive or unusually large
adjustments after a physical count.
Significant, unexplained increases in
cost of goods sold.
Unusual, unexpected, or unexplained
fluctuations in any inventory account.
Significant decrease in gross margins.
Unusual journal entries to inventory.
Count physical inventory.
Review inventory detail.
Confirm with third parties
and inspect documents.
Perform analytical
procedures.
Perform cutoff procedures.
Scrapping and selling good
inventory.
Unexpected out-of-stock condition.
cost of goods sold.
Lack of separation of duties among
inventory purchasing, scrap
processing, and sale of inventory.
Analyze scrap sales.
Analyze materials usage.
Perform cutoff procedures.
Sales return schemes. Unexpected out-of-stock condition.
cost of goods sold.
Increase in credit memos.
Analyze scrap returns.
Concealment of other frauds
through inventory accounts.
cost of goods sold.
Audit Responses
a
Perform analytical
procedures.
Note:
a
* * *
Exhibit 12-6
Common Inventory Fraud Schemes and Related
Audit ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Altering inventory counts for items not tested by the
auditor.
Obtain copies of all inventory count sheets, tags,
etc. before leaving from physical inventory
observation.
Scrutinize underlying documents, such as
purchase and sales documents.
Perform analytical procedures focusing on the
reasonableness of quantities counted.
Counting the same inventory at two locations by
physically moving goods.
Observe all inventory locations simultaneously.
Including items in inventory for which payables have
not been recorded or including inventory in transit in
the count in circumstances when that is inappropriate.
Perform expanded cutoff procedures.
Review vendor shipping terms.
Review subsequent journal entries.
Confirm accounts payable with third parties.
Including items in inventory that are false or
mislabeled.
Open containers and match contents to labeling.
Observe inventory stacks for hollow squares.
Test the quality (purity, grade, or concentration) of
liquid inventories, such as perfumes or specialty
chemicals.
Including items in inventory that are sold (such as bill
and hold sales), held on consignment, rented, or for
which return credit has been taken.
Perform expanded cutoff procedures.
Review vendor shipping terms.
Confirm accounts payable with third parties.
Examine subsequent period sales.
Scrutinize underlying documents, such as
Fraud Scheme
Audit Responses
a
purchase and sales documents.
Misapplying the lower-of-cost or market test to avoid
writedowns or to increase amounts above cost.
Compare products to recent and subsequent sales
activity.
Obtain explanation from management and examine
available documentation (such as correspondence
and sales returns).
Manipulating labor and overhead rates to inflate unit
costs or charging inappropriate costs (such as general
and administrative expense) to inventory.
Perform detailed price testing (including testing of
labor and overhead rates).
Require management to justify any questionable
determinations that could have a material effect.
Failing to identify obsolete or slow-moving inventory
items or disposing of such items at inflated prices in (a)
barter transactions or (b) fictitious or sham sales.
Conduct physical inspection.
Review sales activity by product type.
Examine subsequent period sales.
Scrutinize barter transactions.
Note:
a
* * *
CHAPTER 13: PROPERTY
1300 INTRODUCTION
General
1300.1 The property component of the balance sheet often amounts to a significant portion of total assets. However, property
usually requires a much smaller proportion of total audit time. This is because transactions that affect property are usually
relatively few in number. Also, the accounts may not change materially from year to year, and some accounts, such as land,
may not change for years at a time. Asset accounts in the property component of the balance sheet usually include the
following:
a. Property ordinarily not subject to depreciation or depletion, such as land used for industrial or commercial purposes
or long-lived assets held for sale.
b. Property subject to depreciation, such as buildings, machinery and equipment, automobiles and trucks, office
furniture and equipment, tools, patterns, dies, etc.
c. Property subject to depletion, such as timber, oil, and mining properties.
d. Property leased under lease agreements that meet the criteria for capitalization under GAAP.
1300.2 Accounting principles that affect property include both measurement and disclosure principles. The measurement
principles for property are:
a. Property should be stated at cost unless it is clear that there has been a permanent impairment in value that should
be reflected in the accounts. Impaired assets should be stated at fair value.
b. Property accounts should reflect the total cost of property in service. This requires sound policies for capitalizing
additions and major replacements and removing the cost of property physically retired from service or abandoned.
c. Property cost may include various indirect costs, such as interest on borrowed funds, in addition to the direct cost of
acquiring the asset.
d. Depreciation or depletion should be allocated over the estimated useful lives of the properties on a systematic and
rational basis. Asset lives should be estimated based on the normal period of time such property should be useful
for the purpose acquired.
e. Long-lived assets held for sale should be carried at the lower of carrying amount or fair value.
1300.3 Cost of acquisition includes not only the invoiced amount for the asset but also such items as freight, sales tax,
transportation, and installation cost. Generally, property acquired in exchange for notes, mortgages, capital stock, or other
noncash consideration should be recorded at amounts equivalent to the fair values of either the asset acquired or the
consideration given in exchange, whichever is more clearly evident. In a basket purchase, where several items are
purchased for a single price, the gross purchase price should be allocated to the individual items based on the relative fair
values of the items. Assets constructed by the client should include interest, labor, and overhead costs in addition to materials
cost.
1300.4 The primary disclosure requirements for property include:
a. Disclosure of balances for major classes of depreciable assets.
b. Disclosure of accumulated amounts of depreciation, by major class or in total.
c. Description of depreciation methods.
d. Depreciation expense for the period.
e. Disclosure of amounts of capitalized interest included in balances.
f. Disclosures required for capital leases.
g. Disclosures required when impaired assets have been written down.
h. Disclosures required when the entity carries long-lived assets held for sale.
i. Disclosures required when the company has long-lived asset retirement obligations.
The practice aid at ASB-CX-13, Disclosure Requirements for Financial Statements of Nonpublic Companies, provides the
primary financial statement disclosure requirements for nonpublic businesses as required by generally accepted accounting
principles.
1301.1 AU-C 500.06 states:
following:
Tests of controls
Risks and Evaluating the Audit Evidence Obtained, [formerly SAS No. 110 (AU 318)] at AU-C 330.18 states that regardless of
risk of material misstatement by considering the different types of potential misstatements that may occur (that is, what could
nature, timing, and extent of substantive audit procedures for property.
Relevant Assertions for Property
1301.5 The relevant assertions for property generally are as follows:
Existence or occurrence (E/O)Property, plant, and equipment reflected in the accounts exists and is physically on
hand. The costs and related depreciation applicable to all sold, abandoned, damaged, or obsolete property have
been properly removed from the accounts. Property, plant, and equipment transactions occurred and pertain to the
entity.
Completeness (C)All property, plant, and equipment transactions have been recorded. Property, plant, and
equipment reflected in the accounts represent a complete listing of the capitalizable cost of assets purchased,
constructed, or leased by the entity and related disclosures are complete.
Rights or obligations (R/O)Property, plant, and equipment are owned by the entity.
Valuation or allocation (V)Property, plant, and equipment are valued in accordance with GAAP. The balances in
the depreciation allowance accounts are reasonable, considering the expected useful lives of the property units and
estimated salvage value, and depreciation charged to income during the period is adequate but not excessive and
has been computed on an acceptable basis consistent with that used in prior years. Accordingly, the net carrying
values of property presented in the financial statements are expected to be recoverable in the ordinary course of
business.
Cutoff (CO)Property, plant, and equipment are recorded in the proper accounting period.
Accuracy or classification (A/CL)Property, plant, and equipment are properly classified in the balance sheet;
noncapitalizable costs are properly expensed, and capitalizable costs are excluded from maintenance or other
expense accounts. Liens, significant fully depreciated assets, idle property, and property held for investment are
identified and properly disclosed. The financial statements also include disclosure of information about property,
plant, and equipment required by GAAP.
Substantive Audit Procedures for Property
1301.6 As noted in paragraph 1300.1, transactions that affect property usually are relatively few in number. In addition, even
when transactions are material, the accounting generally is not complex. Accordingly, auditors often assess the risk of
material misstatement related to property as low. (In contrast, transactions that involve a high degree of judgment and
subjectivity, amounts derived from accounting estimates, and unusual or complex transactions have a higher risk of material
misstatement.)
1301.7 Because the property component of the balance sheet generally is material, auditors are required to design and
perform substantive procedures for all relevant assertions related to property. (See the discussion in paragraph 1301.2.)
However, when the risk of material misstatement is low, substantive analytical procedures generally provide the auditor with
sufficient appropriate audit evidence for relevant assertions related to property, and tests of details, such as (a) vouching
property additions, retirements, and maintenance accounts, and (b) recalculating depreciation, are often not necessary. In
addition, because auditors generally will have audited the property accounts in prior years, current period substantive
procedures can focus primarily on additions and dispositions during the year.
1301.8 Examples of substantive analytical procedures at the account balance level to obtain audit evidence for relevant
assertions related to property are as follows:
Compare activity and balances in the property and accumulated depreciation and amortization accounts with
balances for prior years or other expectations and investigate any unexpected results.
Inquire of the client about whether there has been any change in depreciation or amortization lives or methods and
whether there are significant amounts of fully depreciated or amortized assets.
Scan the schedule of property and consider whether the lives of assets are reasonable, whether depreciation and
amortization methods are in accordance with GAAP and consistent, and whether depreciation and amortization
expense for the year appears reasonable.
Consider whether conditions exist that indicate assets may not be recoverable, that is, they may be impaired.
1301.9 The following procedures performed during other aspects of the audit also contribute to audit evidence for property:
Observing major additions, retirements, damaged, or obsolete property (for example, during inventory observation
or plant tours) and relating them to recorded amounts provide audit evidence to support the existence,
completeness, and valuation assertions.
Inspecting loan documents, lease agreements, debt confirmations and minutes for evidence of liens, pledged
assets, financing arrangements, capitalizable leases, and property held for investment provide audit evidence to
support the rights/obligations and completeness assertions, as well as assertions related to presentation and
disclosure. (Many of these procedures may be done as part of the general procedures programs.)
1301.10 However, if the auditors assessment of the risks of material misstatement for one or more assertions is high,
additional substantive procedures such as the following might be performed for property:
Testing of mechanical accuracy of the schedule of opening and ending property balances and transactions.
Testing of additions to property by vouching the costs and authorization through examination of supporting
documentation.
Inspecting lease agreements for significant assets and determining whether the assets have been properly
capitalized.
Reviewing analyses of repairs and maintenance and vouching to determine whether significant or unusual items
should have been capitalized.
Testing of dispositions of property by vouching proceeds and recalculating whether the disposition has been
properly reflected in the accounting records under GAAP.
Testing depreciation expense through additional analytical procedures or recomputation on selected assets.
Reviewing impairment analyses and testing the clients method and assumptions.
Inquiring of the client and using the results of procedures in other areas to determine the propriety of the
identification and classification of items such as idle property, property held for sale, property subject to liens and
encumbrances, and capitalized leases.
For risks of fraud, physically counting fixed assets.
1301.11 Audit programs at the account balance and transaction class level often do not include extensive tests related to
presentation and disclosure. Generally the only specific matters related to presentation and disclosure that are considered in
the audit programs at the account balance and transaction class level are (a) the proper classification of accounts for financial
statement presentation (for example, property held for sale or for investment) and (b) ensuring that the workpapers include
information needed for disclosures and that such information has been subjected to appropriate audit procedures (for
example, occurrence, accuracy, and valuation). The completeness and understandability of disclosures are ordinarily
considered in the steps in the general auditing and completion program (ASB-AP-2 or ASB-AP-2-S).
1301.12 While performing substantive audit procedures for property, the auditor needs to be alert for signs that any
significant assets may be impaired. The following conditions may indicate that an asset has been impaired:
a. A significant decline in the market price of the asset. (This applies particularly to assets that are held for sale or
expected to be sold in the foreseeable future.)
b. A significant adverse change in the extent or manner of the assets use (for example, a significant decline in the use
of a machine).
c. A significant adverse physical change in an asset (for example, physical damage).
d. A significant adverse change in legal factors or in the business climate that affects the value of the asset or an
adverse assessment or action by a regulator (for example, a machine suddenly becomes obsolete, or changes in
environmental regulations significantly restrict the use of a particular machine or plant).
e. Significant cost overruns beyond the amount originally expected to be needed to acquire or build the asset.
f. A current period operating or cash flow loss combined with a history of operating or cash flow losses associated
with the use of a long-lived asset.
g. Budgets or prospective financial information showing continuing losses associated with a revenue producing asset
(for example, a plant site is expected to generate significant operating losses for the foreseeable future).
h. It is more likely than not that an asset will be sold or disposed of significantly before the end of its estimated useful
life.
1301.13 Often, the auditor or CPA firm is also engaged to prepare the companys income tax returns.
1(75)
To avoid
unnecessary duplication of effort between audit and tax personnel, the auditor will normally obtain the following information
for additions or retirements, even though they may be immaterial to the financial statements:
a. Description of asset acquired or retired.
b. Date acquired.
c. Date of disposition.
d. Cost of asset.
e. For dispositions, amount of accumulated depreciation to date of disposition.
f. Depreciation method.
g. Life used.
h. Proceeds from disposition.
i. Gain or loss upon disposition.
1302.1 The workpapers listed below are common when performing the property audit procedures. The workpaper content
and the extent of the auditors documentation will generally not be influenced by whether the workpapers are prepared in
paper or electronic format. However, if the auditor uses electronic workpapers, client-prepared schedules and detail need to
be obtained in electronic format, if possible, to reduce the extent of paper documents that will be retained in the audit file or
require scanning (electronic workpapers are discussed in section 807).
a. Summary schedule of property accounts or a copy of the detailed property records.
b. A schedule to test depreciation (unless detailed property records are used).
c. Analysis of maintenance and repairs accounts, if material.
Workpapers for Property
1302.2 Detailed Property Records. Depending on the assessed risks of material misstatement and audit approach selected,
it may be more efficient to audit directly from the companys detailed property records. Those records normally contain the
following information for each property account:
a. A description of each asset in the account.
b. The date acquired.
c. The original cost of the asset (where the total of the individual costs of all assets in the account grouping ties to the
balance in the general ledger account).
d. Depreciation method.
e. Estimated useful life.
f. Accumulated depreciation at the beginning of the period.
g. Depreciation expense during the period.
h. Accumulated depreciation at the end of the period.
If the files are long, they can be maintained in separate bulk files that become part of the workpapers. Also, remember that
property records do not have to be elaborately tested just because they are included as audit workpapers. When appropriate,
the auditor might scan the additions to determine that acquisition dates are reasonable and depreciation methods are
appropriate. Most errors result from data entry mistakes (i.e., an incorrect acquisition date that results in improper or no
depreciation).
1302.3 Summary Schedule. A summary schedule of activity in the property accounts can be used in lieu of detailed
property records. If the property records are extremely long, such a schedule that includes the following columnar headings
may be more efficient:
a. Prior year-end asset balance.
b. Current year asset additions.
c. Current year asset retirements and dispositions.
d. Other adjustments.
e. Current year-end asset balances before audit adjustments.
f. Audit adjustments.
g. The final adjusted asset balance.
h. Depreciation method and life.
i. Prior year-end accumulated depreciation balance.
j. Additions to accumulated depreciation for current year depreciation expense.
k. Reductions of accumulated depreciation for retirements or dispositions.
l. Current year-end accumulated depreciation balance, before adjustments.
m. Adjustments.
n. The final adjusted accumulated depreciation balance.
1302.4 Test of Depreciation. If detailed property records are included in the workpapers, depreciation is normally tested by
scanning the computations for reasonableness or by reperforming selected computations. Otherwise, a schedule or memo
documenting an analytical test (predictive test of the current year expense) of depreciation may be used.
1302.5 Repairs and Maintenance. An analysis of repairs and maintenance accounts is prepared only when the account
balance totals for these accounts are material and the risks of material misstatement dictate a review of the analysis. If an
analysis is needed, it ordinarily provides the following information:
a. Vendor identification.
b. Transaction reference number.
c. Description of the nature of the expenditure.
d. Date of transaction.
e. Amount.
The primary purpose of this analysis is to identify property additions that may have been improperly expensed.
1302.6 Additions and Retirements. If analyses of property additions and retirements are necessary given the assessed level
of risk, the following information is ordinarily obtained:
a. Description of asset.
b. Date of acquisition.
c. Transaction reference number.
d. Estimated useful life.
e. Cost.
f. Date of disposal.
g. Accumulated depreciation at disposition date.
h. Net carrying value.
i. Proceeds from disposition, if any.
j. Gain or loss, if any, from disposition.
Other Workpaper Considerations
1302.7 Many times, the low risk of material misstatement generally associated with property accounts does not justify the
need for detailed workpapers. A memo explaining that detailed property schedules have been scanned, depreciation tested
for reasonableness, physical observations performed, inquiries made, and debt and lease documents inspected may be
adequate documentation in those circumstancesespecially when the work is performed by an experienced auditor.
However, when detail testing of significant additions, retirements, or repairs and maintenance is necessary, documentation
should identify the items tested. When inquiries are made, the authors recommend that documentation include the name and
title of the person queried along with date and nature of the inquiry. Also, if observations are performed, the authors
recommend that documentation include what was observed, where and when the observation took place, and the names and
responsibilities of any individuals that were involved in the observation. See the discussion beginning at paragraph 802.10. In
addition, if analytical procedures are performed to test depreciation expense, they should be documented in accordance with
AU-C 520, Analytical Procedures (see paragraph 505.70).
1303.1 The primary area of overauditing in the audit of property is the performance of procedures that are clerically oriented
to an extent that financial statement assertions are more than adequately supported. Some examples of those procedures
are:
a. Overtesting Depreciation Expense. The auditor often wastes time testing the calculation of depreciation for each
asset in the property records. An overall predictive or reasonableness test may be more efficient.
b. Differences between Tax Depreciation and Book Depreciation. In a small business, the depreciation schedules may
be prepared on the basis used for income tax purposes. The auditor may spend significant time auditing the
conversion of such schedules to GAAP methods. If tax and GAAP methods are not materially different, the client
may not need to keep two sets of depreciation records. If there are material differences, keep GAAP records only on
the significant assets, not all assets.
c. Extensive Testing of Additions and Disposals. An auditor who has tax return preparation responsibility may generate
listings of asset additions and disposals necessary for tax computations. Including those schedules as audit
documentation does not automatically require extensive audit procedures. Scanning the lists for unusual or large
dollar amounts may be the only procedure necessary.
d. Capitalization of Leases Where Difference Is Not Material. The determination that a lease meets the criteria for a
capital lease does not eliminate the auditors judgment about the materiality of the adjustment. The time needed to
determine the appropriate adjustment may not be warranted when preliminary estimates of the amounts are
immaterial.
1303.2 Underauditing in the property section is caused primarily by the failure to recognize transactions affecting property.
Examples of such underauditing tendencies are:
a. Failure to identify equipment constructed by the client, including all components of costs such as labor and
overhead.
b. Failure to identify significant disposals of property or to determine if pledged assets were incorrectly sold.
c. Failure to address capitalized interest and related disclosures.
d. Lack of awareness of property additions or idle equipment during performance of other procedures, i.e., during
inventory observation.
e. Failure to identify sale and leaseback transactions, especially those to related parties.
f. Failure to identify significant capital leases.
g. Failure to consider the need to recognize losses on impaired assets, as discussed in paragraph 1301.12.
h. Failure to identify improperly capitalized costs, i.e., items that should have been immediately charged to expense.
1304 CASE STUDY
1304.1 The following case study illustrates a common issue when auditing property.
Trade-ins
1304.2 The client replaced a substantial number of trucks during the year by trading in old trucks and paying an additional
amount in cash. What problems does this present to the auditor?
1304.3 When machinery and equipment are traded in on new equipment, and the client pays additional cash (or other boot),
the GAAP and tax rules may differ. For tax purposes, no gain or loss is recognized on the exchange, and the new assets are
recorded at the basis of the asset traded in, plus the amount of the boot. For book purposes, the exchange is recorded based
on fair value unless it meets one of the exceptions in FASB ASC 845 allowing cost basis reporting. However, even if both
book and tax record the transaction using cost basis, differences can arise if:
a. The client incurs a loss on the exchange (for example, if the fair value of the asset traded in is less than its book
value).
b. The amount of boot exceeds 25% of the fair value of the exchange.
c. The client receives boot.
d. The transaction involves trading real estate.
e. The client uses different depreciation methods for tax and GAAP depreciation.
PPCs Guide to Preparing Financial Statements discusses the tax and accounting treatment of trade-ins in detail.
1305 AUDIT PROGRAM
1305.1 The core audit program at ASB-AP-7 presents basic, extended, and other substantive audit procedures for property.
Using the core audit program, the auditor chooses the procedures that will be adequate to obtain sufficient audit evidence for
the relevant assertions. The specified risk audit program at ASB-AP-7-S presents the substantive audit procedures for
property that are normally adequate to respond to a set of underlying risk assessments (provided at the front of the audit
program) considered typical of many smaller businesses. The use of PPCs audit programs is discussed in section 405.
either overall or specific. Overall responses, such as considering the extent of supervision planned for the audit, affect the
overall conduct of the audit. Auditors generally use overall responses to address fraud risks that are pervasive to the financial
statements. Specific responses involve the nature, timing, and extent of auditing procedures. Specific responses are used to
address fraud risks in individual audit programs, that is, at the account balance, transaction class, or financial statement
assertion level.
detection matters. Examples of common fraud schemes related to property and procedures that may be performed in
response to those schemes are provided for both misappropriation of assets (Exhibit 13-1) and fraudulent financial reporting
(Exhibit 13-2). For misappropriation of assets, Exhibit 13-1 also lists the symptoms (also called red flags or indicators)
auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting schemes
presented in Exhibit 13-2, symptoms generally relate to fraud risk factors such as the desire to minimize reported earnings for
Exhibit 13-1
Common Property Fraud Schemes, Symptoms, and Related Audit Responses
Audit Responses
a
Theft of property. Unusual or unexpected asset
purchases.
fluctuations in balance or
depreciation accounts.
Unusual or unexpected changes
in ancillary accounts.
Missing assets.
Count property.
Review fully depreciated
assets.
Analyze salvage and scrap
sales.
Match sales of assets to
reorders of replacement
assets.
Review reconciliation between
detail and general ledger.
Analyze capital expenditures.
Personal use of assets. Unusual or unexpected
Unusual or unexpected asset
purchases.
Missing assets.
Unusual or unexpected increases
in repairs and maintenance on
machinery and equipment
susceptible to personal use.
Personal capital improvements
paid by entity.
Changes in lifestyle.
Count property.
Review fully depreciated
assets.
Analyze salvage and scrap
sales.
Match sales of assets to
reorders of replacement
assets.
Inspect capital improvements.
Audit Responses
a
Manipulation of records to
conceal other fraud.
Count fixed assets.
Note:
a
* * *
Exhibit 13-2
Common Property Fraud Schemes and Related Audit ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Recording inventory manufacturing costs, research
and development costs, maintenance expenses,
interest expense, start-up costs or other operating
expenses as property and equipment.
b
Review the companys cost capitalization policy and
consider whether it is similar to competitors
policies.
Scrutinize additions to property and equipment.
For self-constructed assets, inspect supporting
documentation for labor allocations.
For self-constructed assets, consider whether it is
appropriate to capitalize further costs (that is, if the
asset is complete and available for its intended use
or if the capitalized costs exceed net realizable
value).
Compare capitalized costs for the period to
authorized expenditures or capital budgets.
Review property and equipment detail records.
Analyze gross profit trends.
Buying personal assets for the owner/manager to
own and recording them as company assets.
Scrutinize additions to property and equipment.
Understating depreciation. Test depreciation calculations.
Assess propriety of depreciation methods, estimated
useful lives, estimated salvage values compared to
those used in prior periods. Obtain explanations and
review supporting documentation for changes.
Calculate an average amortization period for the
companys depreciable asset base and compare it
to prior periods and benchmarks.
Not removing assets disposed of from the books. Perform physical inventory of property.
Inspect records for miscellaneous cash receipts and
other income for evidence of proceeds from fixed
Fraud Scheme
Audit Responses
a
asset dispositions.
Failing to write down impaired assets. Interview operations personnel and others who
might have knowledge of indications of impairment.
Physically inspect potentially impaired assets as
considered necessary.
Improperly classifying assets as held for sale to
avoid future depreciation charges.
Interview owner/manager and others who might
have knowledge of (1) the current ability to remove
assets from operations, (2) a formal plan of disposal,
and (3) an active program to complete the plan.
Review capital replacement and other strategic
plans for evidence of a plan to dispose of assets.
Review minutes of board meetings for approval of a
plan of disposal.
Changing the approach used to determine
write-downs to manipulate earnings.
Review the determination of write-downs for
consistency with prior periods.
Interview owner/manager about the reasons for
changes in the approach used to determine
write-downs.
Notes:
a
b
Some owners/managers may record excess property and equipment to hide instances when they have overstated sales.
Therefore, when overstated property and equipment are identified, it is important to identify what account was credited
as part of the transaction.
* * *
1306.3 A risk of misappropriation of assets may exist in many small businesses. However, as discussed in section 307, the
auditor is not responsible for immaterial fraud, and many frauds involving misappropriation of assets are not material to the
financial statements. Consequently, auditors need not automatically perform additional procedures related to
misappropriation simply because a risk of misappropriation exists. The auditor should develop an audit response for identified
CHAPTER 14: OTHER ASSETS
1400 INTRODUCTION
General
1400.1 This chapter discusses the audit procedures for several common categories of other assetsprepaid expenses,
deferred charges, goodwill and intangibles, investments in securities, and derivatives. Audit procedures for these assets often
are simple because the amounts are immaterial to the financial statements. However, immateriality is often overlooked, and
overauditing occurs. At the other extreme, when these assets are indeed material, audit procedures tend to be inadequate to
provide the auditor with sufficient appropriate audit evidence, especially for relevant assertions for investments in closely held
companies. Audit procedures for long-lived assets held for sale are discussed in Chapter 13, although for financial statement
purposes such assets may be reported as other current or noncurrent assets rather than property.
1400.2 Several accounting principles are relevant to the other asset category. Some of the more significant are:
a. Long-term investments should be classified as noncurrent assets in the financial statements.
b. Investments in debt securities and investments in equity securities that have readily determinable fair values should
be classified into one of three categories: trading, held-to-maturity, or available-for-sale. These categories are based
on (1) the type of security (equity or debt) and (2) the companys ability and intent to hold the security to maturity.
Debt securities classified as held-to-maturity are carried at amortized cost. Debt securities not classified as
held-to-maturity and equity securities that have readily determinable fair values (such as marketable equity securities
and most investments in mutual funds) are carried at fair value. (FASB ASC 320-10-25-1 and 320-10-35-1) (PPCs
Guide to Preparing Financial Statements provides a detailed discussion.)
c. Realized gains and losses on investments in securities should be reported in the income statement in the period
they occur for each of the three categories. (FASB ASC 320-10-40-1 and 40-2)
d. For investments classified as trading securities, unrealized gains and losses are included in the income statement.
For investments classified as available-for-sale, unrealized gains and losses are reported as other comprehensive
income (except for those related to securities hedged in fair value hedges, which are included in earnings). (FASB
ASC 320-10-35-1)
e. Investments in debt and equity securities, including investments in equity securities accounted for using the cost
method, are written down if they are other-than-temporarily impaired. For equity securities, impairment losses are
recognized in earnings equal to the difference between an assets cost and its fair value. The fair value then
becomes the new amortized cost basis and should not be adjusted for subsequent increases in fair value. For debt
securities, if the entity intends to sell (or is likely to sell) the security, the difference between amortized cost and fair
value is recognized in earnings. If the securities will not be sold, the portion of the other-than-temporary loss
representing credit loss is recognized in earnings with the remainder recognized in other comprehensive income.
The previous amortized cost less the other-than-temporary impairment becomes the new amortized cost and should
not be adjusted for recoveries in fair value. The loss in value of an equity method investment that is other than
temporary should also be recognized. (FASB ASC 320-10-35-34 through 35-34D; 323-10-35-31 and 35-32;
325-20-35-2)
f. Financial statements of investee companies in which the investor maintains more than 50% ownership should be
consolidated unless control does not rest with the majority owner. In addition, entities controlled through means
other than voting interests (i.e., through variable interests) should be consolidated. Also, parent company only
financial statements may not be issued as general purpose financial statements of the primary reporting entity (but
may be issued for other purposes). (FASB ASC 810-10-15-8; 810-10-15-10; 810-10-15-14; 810-10-45-11)(Chapter 9
discusses considerations when auditing consolidated financial statements.)
g. Investments in stock of an investee representing 20% to 50% of the total voting shares outstanding are normally
accounted for using the equity method. (FASB ASC 323-10-15-3 and 15-8) Investments representing less than 20%
that do not have readily determinable fair values are normally accounted for using the cost method. (FASB ASC
325-20-05-1; 325-20-25-1; 325-20-30-1; 325-20-35-1 and 35-2)
h. Derivatives should be measured at fair value and reported in the balance sheet as assets or liabilities. Gains and
losses (i.e., changes in fair value) should be included in earnings or other comprehensive income depending on
whether the derivative is designated as a hedge and, if so, the type of hedge. (FASB ASC 815-10-25-1; 815-10-30-1;
815-10-35-1 and 35-2; 815-20-35-1) (For additional guidance on accounting for derivatives, see PPCs Guide to
Preparing Financial Statements or PPCs Guide to GAAP.)
i. Research and development costs (other than tangible and intangible assets acquired in a business combination that
are used for research and development activities) should be charged to expense when incurred. (FASB ASC
730-10-25-1)
j. Intangible assets should be initially recognized and measured based on their fair value. An intangible asset with a
finite useful life should be amortized; an intangible asset with an indefinite useful life should not be amortized. Costs
of developing, maintaining, or restoring intangible assets that are not specifically identifiable, that have indeterminate
lives, or that are inherent in the activities of a continuing business should be expensed when incurred. (FASB ASC
350-20-25-3; 350-30-25-1 and 25-2; 350-30-30-1 and 30-2; 350-30-35-1)
k. Business combinations (that is, transactions or other events in which an acquirer obtains control of one or more
businesses) should be accounted for under the acquisition method of accounting. Under that method, the acquirer
recognizes and measures at fair value the identifiable assets acquired, liabilities assumed, and any noncontrolling
interest in the acquiree as of the acquisition date. (FASB ASC 805-10-05-4; 805-20-25-1; 805-20-30-1)
l. Goodwill acquired in a business combination should not be amortized. Goodwill and other intangible assets not
subject to amortization should be tested for impairment annually, or more frequently if circumstances warrant.
1(76),
2(77)
(FASB ASC 350-20-35-1; 350-20-35-28; 350-20-35-30)
m. Costs of start-up activities, including organization costs, should be expensed as incurred. (FASB ASC 720-15-25-1)
n. A barter credit asset should be recorded at the fair value of the nonmonetary asset exchanged. Fair value should not
be based on an estimate of the value of the barter credits to be received. Subsequently, an impairment loss should
be recognized if the fair value of remaining barter credits is less than the carrying amount or if it is probable that all
of the remaining barter credits will not be used. (FASB ASC 845-10-30-17 through 30-19)
1400.3 Fair Value. FASB ASC 820-10, Fair Value Measurements and Disclosures, defines fair value, establishes a framework
to measure fair value within GAAP, and provides the disclosures about fair value measurements.
3(78)
FASB ASC 820-10
applies under other authoritative guidance that requires or permits fair value measurements, such as measuring fair value of
investments.
1401.1 AU-C 500.06 states:
following:
Tests of controls.
Risks and Evaluating the Audit Evidence Obtained [formerly SAS No. 110 (AU 318) at AU-C 330.18], states that regardless of
risks of material misstatement by considering the different types of potential misstatements that may occur (that is, what could
1401.4 Chapter 4 discusses the auditors considerations when responding to assessed risks of material misstatement at the
relevant assertion level. That chapter also discusses the PPC audit programswhich include basic, extended, and other audit
the nature, timing, and extent of substantive audit procedures for prepaids, investments, and other assets.
Relevant Assertions for Other Assets
1401.5 The relevant assertions for prepaids, investments, and other assets generally are as follows:
Prepaids, Deferred Charges, Goodwill,
Intangibles, and Similar Assets Investments and Derivatives
Existence or
occurrence
(E/O)
Prepaids and other assets reflected in the
accounts exist.
Investments and derivatives reflected in
the accounts exist.
Completenes
s (C)
accounts represent a complete listing of
the companys costs that are allocable to
future periods. Disclosures required by
GAAP have been made.
Investments and derivatives reflected in
the accounts represent a complete listing
of all investments and derivatives.
Disclosures required by GAAP have been
made.
Rights or
obligations
(R/O)
accounts are the assets of the entity.
The entitys ownership of investments
and derivatives is evidenced by securities
or other appropriate legal documents
either physically on hand or held in
safekeeping by others.
Valuation or
allocation (V)
Prepaids and other assets can
reasonably be expected to be realized
through future operations and are
properly amortized or written off on an
Investments and derivatives are
appropriately valued at cost or fair value
in accordance with GAAP. Impairment of
investments is recognized by
Prepaids, Deferred Charges, Goodwill,
Intangibles, and Similar Assets Investments and Derivatives
acceptable basis consistent with
methods used in prior periods;
impairment of balances is recognized by
write-downs.
write-downs.
Cutoff (CO) Prepaids and other assets and any
related amortization or write-downs are
recorded in the proper accounting
period.
Assets, investment income or loss,
valuation allowances, gains or losses,
and changes in fair value are recorded in
the proper accounting period.
Accuracy or
classification
(A/CL)
Prepaids and other assets and any
properly described and classified.
Prepaids and other assets and any
recorded in the proper accounts at
appropriate amounts. Information about
prepaids and other assets, including
restrictions, pledges, or liens against
other assets, is disclosed fairly at
appropriate amounts.
Investments are properly identified and
classified. Assets, investment income or
loss, valuation allowances, gains or
losses, and changes in fair value are
recorded in the proper accounts at
appropriate amounts. Information about
investments and derivatives, including
any restrictions, pledges, or liens against
the assets, is disclosed fairly at
appropriate amounts.
Substantive Audit Procedures for Prepaids, Investments, and Other Assets
1401.6 For many entities, balances for prepaids, investments, and other assets are immaterial. Accordingly, substantive
audit procedures generally consist of a combination of inquiry and analytical procedures. If balances are material, substantive
procedures may also include vouching (for example, vouching activity during the year and comparing market values to
quoted prices), confirmation, and inspection. Examples of inquiry and analytical procedures at the account balance level for
prepaids, investments, and other assets are as follows: (Additional auditing guidance for specific accounts is discussed
beginning at paragraph 1401.7.)
Scan the activity during the year in the prepaids, investments, and other asset accounts; compare current asset and
expense balances to those of the prior year or other auditor-developed expectations; and investigate unusual items.
(E/O, C, V, A/CL, CO)
Consider the proper financial statement descriptions and balance sheet classification between current and
noncurrent assets. For securities, obtain an understanding of managements process for classifying securities as
trading, available-for-sale, or held-to-maturity; determine that securities are appropriately valued, and that realized
and unrealized gains and losses are properly classified in equity or the income statement. (V, A/CL)
Evaluate the reasonableness of carrying amounts and unamortized balances. Consider whether knowledge of the
client and its business and industry indicate an impairment that requires a writedown or a change in useful life. (V)
Inquire about pledged assets, liens, or restrictions on the assets and relate to audit procedures in other areas (for
example, bank and debt confirmations and review of minutes and debt agreements). Summarize information for
financial statement disclosure. (R/O, A/CL)
Prepaids
1401.7 Rarely are prepaid expenses material to the financial statements of any size entity. Audit tests normally can be limited
to scanning and analytical procedures, or audit tests can be applied only to material balances, for example, significant
insurance premiums or deposits. Avoid the temptation to prepare elaborate analysis schedules when the balances are not
material. One common analytical review procedure is comparison of current year and prior year account balances. Often, the
auditors preliminary and final analytical procedures, along with the auditors risk assessment procedures, provide sufficient
audit evidence about immaterial prepaids.
1401.8 Many auditors test prepaid insurance regardless of the size of the balance to evaluate a companys insurance
coverage. However, testing the adequacy of a companys insurance does not relate to any of the financial statement
assertions, nor does accounting literature require disclosure of the adequacy of insurance (FASB ASC 450-20-50-7). The
authors recommend reviewing insurance coverage as a client service only when there is an obvious high risk of loss, e.g.,
inventory is stored in a warehouse with high theft or fire risk or flammable products are stored by the company.
Cash Surrender Value of Life Insurance
1401.9 Cash surrender values normally are immaterial, but the auditor might feel obligated to confirm those balances as a
client service. Generally, reviewing the reasonableness of the major cash surrender values is sufficient. When balances are
confirmed, consider confirming them a month prior to the balance sheet date, e.g., confirm the balance as of 11-30-X2 for a
12-31-X2 audit. The client can adjust the books before year end based on the confirmation. The resulting balance will be
incorrect by one month, but that ought to be immaterial. This procedure will eliminate delays in receiving the confirmation
letter and reduce the number of adjusting entries processed through the audit.
Investments in Debt and Equity Securities
1401.10 Businesses outside the financial services industry often do not engage in significant investment activities.
Accordingly, balances are usually immaterial, or the portfolio of securities has only a few items. Tests in those circumstances
are relatively simple. If the entity has large portfolios of securities, the audit procedures and accounting standards can be
complex.
1401.11 Key considerations when auditing investments in debt and equity securities include evaluating whether securities are
properly classified as trading, available-for-sale, or held-to-maturity, whether they are properly valued at fair value or
amortized cost, and the proper treatment of unrealized gains or losses. Evaluating impairment is discussed beginning in
paragraph 1401.52. The core audit program at ASB-AP-8 includes procedures for auditing material investments in debt and
equity securities.
1401.12 In addition, investment portfolios may sometimes be held by a custodian, such as a broker/dealer or bank trust
department. In some cases (depending on the nature of transactions processed by the custodian), the auditor may need to
consider obtaining a service auditors report on the custodians internal controls to gain an understanding of controls
sufficient to assess the risk of material misstatement and design further audit procedures. For example, confirmation is
generally sufficient if custody services are provided by a regulated, financially sound custodian.
4(79)
However, if the
custodian has discretionary trading authority and the client does not maintain and cannot generate independent accounting
records, a service auditors report may be necessary. Chapter 9 discusses the use of a service organization.
1401.13 For audits of financial statements for periods ending before December 15, 2012, AU 332, Auditing Derivative
Instruments, Hedging Activities, and Investments in Securities, is applied to all investments in securities. For audits of periods
ending on or after December 15, 2012, AU-C 501, Audit EvidenceSpecific Considerations for Selected Items, provides
requirements and application guidance for certain aspects of auditing investments in debt and equity securities measured at
fair value. Specifically, it requires the auditor to
determine if GAAP specifies a method for measuring fair value,
evaluate whether fair value is measured in accordance with that method,
test managements determination of fair value, or if applicable, understand the method used by a broker-dealer or
other third party to determine fair value and consider the guidance for use of a managements specialist, and
evaluate managements conclusion about the need for an impairment loss and test any impairment adjustment,
including compliance with GAAP.
For specific requirements related to auditing fair value accounting estimates, the auditor would turn to the guidance in AU-C
540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures, which is discussed
in section 1809. AU-C 501 specifically notes that more detailed guidance on planning and performing auditing procedures on
investments in securities can be found in the AICPA Audit Guide, Auditing Derivative Instruments, Hedging Activities, and
Investments in Securities.
5(80)
Investments Accounted for Using the Cost, Equity, or Consolidation Methods
1401.14 While there is a tendency to overaudit most categories of other assets, the opposite is true of investments in closely
held companies. It is not uncommon to have a material investment and/or ownership interest in another corporation,
partnership, or joint venture. Underauditing can occur because (a) the auditor does not realize that the financial statements of
the investee should be subjected to audit procedures and (b) accounting methods selected to record the investment may be
incorrect.
1401.15 Audit Requirements. For audits of periods ending on or after December 15, 2012, AU-C 600, Special
ConsiderationsAudits of Group Financial Statements (Including the Work of Component Auditors), provides requirements
and application guidance for auditing investments accounted for using the equity or consolidation methods. AU-C 600 applies
to audits of all types of financial statements that aggregate financial information of equity method investees, subsidiaries, joint
ventures, variable interest entities, and other components. AU-C 600 specifies the types of procedures that need to be applied
to the financial information of a component depending on its materiality and risk characteristics, which may be an audit of
financial information; audit of specific elements, accounts, or items of a financial statement; specified audit procedures; a
review; or analytical procedures. Under that guidance, an equity method investee or consolidated entity that is material should
be audited. Thus, audit evidence would include audited financial information of the investee. The audit work may be
performed by the auditor of the consolidated financial statements or by another auditor on his or her behalf, referred to as a
component auditor. AU-C 600 also provides guidance on matters such as determining whether to make reference to
component auditors, determining materiality for components, communications with component auditors, and additional
responsibilities when assuming responsibility for the work of component auditors. The requirements of AU-C 600 are
discussed in section 904. SAS No. 92 (AU 332) establishes audit requirements for significant investments in closely held
businesses. Audit evidence for such investments normally should include audited financial statements of the investee. If
unaudited data is used, e.g., internally prepared financial statements or a copy of the investees tax return, the auditor will
probably have to apply some audit procedures to this data. If another audit firm performs the audit or additional procedures
on the investee, the investors auditor should consult AU 543, Part of Audit Performed by Other Independent Auditors.
(Chapter 9 includes a discussion on using the work of other auditors.)
1401.16 For audits of periods ending before December 15, 2012, the auditor also needs to be aware that a report
modification (except for qualification, going concern uncertainty, or disclaimer) on the investees financial statements, if
material, could carry through to the report on the investors financial statements. In addition, the auditor also performs
procedures to ensure that material transactions between the company and the investee are identified and properly disclosed
and the companys share of any unrealized intercompany profit or loss is properly eliminated. Investments also should be
reviewed for impairment, as discussed beginning in paragraph 1401.53.
1401.17 Accounting Methods. The accounting method that is appropriate for an investment in a closely held company
depends on the investors ownership interest and degree of influence over the operations of the investee. There are three
basic accounting methods:
a. Cost Method. Under the cost method, an investor records an investment in common stock of an investee at cost.
The investor generally recognizes revenue only when dividends are received. Changes in the financial position of the
investee are not recognized by the investor unless the changes represent an other-than-temporary decline in the
value of the investment. Generally, investments of less than 20% of the outstanding voting stock of an investee are
accounted for by the cost method. [As discussed in paragraph 1400.2, FASB ASC 320 requires investments in
equity securities with readily determinable fair values to be accounted for at fair value. Those investments are
discussed beginning in paragraph 1401.10.]
b. Equity Method.
6(81)
Under the equity method, an investor initially records an investment in common stock of an
investee at cost and records its proportionate share of changes in the net assets of the investee as an adjustment of
the carrying value of the investment. Generally, investments of 20% to 50% of the outstanding voting stock of an
investee are accounted for by the equity method.
c. Consolidation Method. Under the consolidation method, the financial statements of the investee are combined with
those of the investor and intercompany amounts are eliminated. The consolidation method differs from the equity
method only in form; both methods result in the same income and equity for the investor. The equity method is
sometimes referred to as a one-line consolidation. The consolidation method is required when the investor owns
more than 50% of the voting stock of the investee, unless control does not rest with the majority owner. In addition,
entities controlled through means other than voting interests (i.e., through variable interests) must be consolidated.
1401.18 An area of concern is the appropriate consolidation of entities commonly referred to as variable interest entities.
Such entities are often created to carry out a specified purpose or activity. In a variable interest entity (VIE), control is
achieved through variable interests rather than through voting interests. Accounting guidance for VIEs is found in FASB ASC
810, Consolidation. FASB ASC 810 generally requires consolidation of entities that are controlled through variable interests.
Detailed guidance on accounting for VIEs can be found in PPCs Guide to Related Parties (Including Variable Interest Entities),
PPCs Guide to GAAP, and PPCs Guide to Preparing Financial Statements.
1401.19 Auditors need to be alert for the existence of variable interest entities. Auditors may consider the following broad
steps when addressing variable interest entities:
a. Identify the population of VIEs.
b. Consider the involvement of related parties.
c. Identify VIEs in which the client is the primary beneficiary.
d. Determine if the VIE has been properly accounted for in the consolidated financial statements when the client is the
primary beneficiary.
e. For VIEs where the client is not the primary beneficiary, determine if the client has accounted for its interests in
accordance with GAAP.
f. Consider if additional evidence is needed.
g. Consider the appropriateness of disclosures for VIEs in which the client is involved.
h. Obtain appropriate representations from management.
i. Consider whether, as a result of the auditors procedures, special reporting (i.e., scope limitation) is needed.
1401.20 The authors believe procedures performed to determine whether a small or midsize nonpublic entity has identified
all related party relationships and transactions, as discussed in section 1806, will ordinarily be sufficient to determine whether
it has identified all interests in other entities that might require consolidation under the variable interest entities guidance in
FASB ASC 810. If there are interests in entities that might require consolidation, procedures ordinarily will include reviewing
operating agreements and making inquiries of management and others to determine whether the company has properly
identified which entity controls the VIE. Procedures to test the consolidation of VIEs are generally the same as procedures to
test the consolidation of entities that are controlled through ownership of a majority voting interest, as discussed beginning in
paragraph 1401.14.
1401.21 Deferred Taxes. When investments are accounted for under the equity method, often a difference results between
the book and tax basis of the asset. Accordingly, the auditor needs to be especially aware of the need to evaluate whether
deferred taxes have been provided in that situation.
1401.22 Basis of Accounting. A common oversight in applying consolidation or equity accounting to an investment in
another company is forgetting to determine if the investor and the investee are on the same basis of accounting. If the
financial statements of the investor are on the accrual basis, the financial statements of the investee should also be on the
accrual basis. If the basis of accounting of the investee is not converted to agree with the investors before applying
consolidation or equity accounting, and the auditor believes the effect is material, the auditors report should be qualified for a
GAAP departure. However, if the investee operates in a specialized industry that follows a specialized basis of accounting,
that basis of accounting is retained in the financial statements of the investor, and there is no GAAP departure. For example, if
the investee is an investment company or broker/dealer in securities that uses a fair value basis of accounting, that basis of
accounting should not be changed for purposes of consolidation or equity accounting even though the investors basis of
accounting differs.
1401.23 Date of the Investees Financial Statements. An often-asked question is whether the date of the results of
operations of the investor must coincide with the date of the results of operations of the investee. For example, if the financial
statements of the investor are dated December 31, 20X1, must the equity in earnings of the investee also be recorded through
December 31, 20X1? FASB ASC 810-10-45-12 indicates that where the difference is not more than about three months, it
usually is acceptable to use the investees statements for its fiscal period. When this is done, recognition should be given by
disclosure or otherwise to the effect of intervening events that materially affect the financial position or results of operations of
the investor.
7(82)
1401.24 Losses That Exceed the Original Investment. The investors share of losses of an investee may equal or exceed
the carrying amount of an investment accounted for by the equity method. The investor normally should discontinue applying
the equity method when the investment is reduced to zero. However, FASB ASC 323-10-35-20 states that if the investor has
guaranteed obligations of the investee or is otherwise committed to provide further financial support, losses should continue
to be recorded by the investor to the extent of additional funds committed. (See also AICPA Technical Practice Aid TIS
2220.12.) An investment that has been reduced below zero should be presented as a liability in the balance sheet of the
investor.
1401.25 Differences between Cost and Underlying Equity in Net Assets of Investee. There may be a difference between
the cost of an investment and the investors proportionate equity in the investees net assets at acquisition. The investor
assigns the difference to specific assets of the investee based on their fair values, with any remainder attributable to goodwill.
(FASB ASC 323-10-35-13) The investor subsequently records additional depreciation or amortization related to the difference
as if it were actually recorded by the investee. (As a practical matter, however, unless the difference is material, it usually is
accounted for as goodwill following the provisions of FASB ASC 350-20.) If the carrying amount of the investment in the
investors financial statements reflects factors that are not recognized in the investees financial statements, auditors need to
obtain sufficient appropriate audit evidence to support those amounts.
Business Combinations
1401.26 It is not unusual for a nonpublic company to acquire another business. In most cases, the substance of the
transaction is relatively straightforward. That is, the acquirer issues cash or debt in exchange for assets and liabilities of
another business that are often contractually identified. However, business combinations can present a number of challenges
for the acquiring entity, along with heightened risks of material misstatement, which the auditor will need to carefully assess
when planning the engagement. Some of the key challenges and risks include:
Identification of Assets Acquired and Liabilities Assumed. A business combination may not contractually identify all
individual assets acquired and liabilities assumed. Furthermore, the acquiring business may need to recognize
assets and liabilities that were not previously recognized by the acquiree.
Measurement of Assets Acquired, Liabilities Assumed, and Noncontrolling Interest in the Acquiree. As noted in
paragraphs 1401.28, most assets acquired and liabilities assumed in a business combination are measured at fair
value. Any noncontrolling interests in the acquiree must also be measured at fair value. In some cases, quoted
prices in an active market may not be available for the determination of fair value. As a result, other valuation
techniques may need to be employed and may require unobservable inputs as discussed in FASB ASC 820-10.
Recognition and Measurement of Goodwill. The proper recognition and measurement of goodwill recognized in a
business combination is dependent upon the proper identification and recognition of (a) identifiable assets acquired
and liabilities assumed, including the recognition and measurement of deferred income tax assets and liabilities
under FASB ASC 740; (b) the consideration transferred; and (c) any noncontrolling interest in the acquiree. As a
result, a misstatement in any of these variables will result in a misstatement in the determination of goodwill.
1401.27 Accounting Requirements. The guidance in FASB ASC 805, Business Combinations, indicates that business
combinations should be accounted for using the acquisition method. The acquisition method requires the following:
a. Identifying the acquirer.
b. Determining the acquisition date.
c. Recognizing and measuring:
(1) Identifiable assets acquired, liabilities assumed, and noncontrolling interests.
(2) Goodwill or a gain from a bargain purchase.
1401.28 Identifiable assets acquired, liabilities assumed, and noncontrolling interests should be measured at fair value as of
the acquisition date. Goodwill is recognized at the acquisition date and is measured as the excess of (a) over (b) as follows:
a. The aggregate of the (1) consideration transferred, (2) fair value of any noncontrolling interest in the acquiree, and
(3) acquisition-date fair value of any previously held equity interest in the acquiree, if the business combination was
achieved in stages.
b. Net amount of identifiable assets acquired and liabilities assumed as of the acquisition date.
1401.29 Audit Considerations. The following procedures are normally applied when material business combinations have
occurred:
a. Obtain and read copies of the purchase, merger, or other similar agreements. Include in the current or permanent
workpaper files abstracts or copies of the agreements.
b. Examine the support for identified assets acquired (including identifiable intangible assets), liabilities assumed, and
noncontrolling interests in the acquiree.
c. Examine the support and determine the reasonableness of the acquisition date fair values of identifiable assets
acquired (including identifiable intangible assets), liabilities assumed, and noncontrolling interests in the acquiree.
d. Examine the support and determine the reasonableness of the acquisition date fair value of the consideration
transferred.
e. Review the calculations and determine the reasonableness of amounts assigned to deferred taxes and goodwill.
f. If applicable, review supporting documentation for adjustments to provisional amounts during the measurement
period.
Derivatives
1401.30 FASB ASC 815, Derivative and Hedging, requires all entities to measure derivatives at fair value and recognize them
as either assets or liabilities in the balance sheet. The complex accounting requirements related to derivatives are beyond the
scope of this Guide. Chapter 20 of PPCs Guide to Preparing Financial Statements and Chapter 9 of PPCs Guide to GAAP
provide in-depth discussions on accounting for derivatives. A brief overview follows.
1401.31 What Is a Derivative? A derivative is a financial instrument or other contract with all three of the following
characteristics:
a. It has at least one underlying (such as an interest rate, security price, commodity price, foreign exchange rate, price
or rate index, or other variable, including the occurrence or nonoccurrence of a specified event) and at least one
notional amount (such as a specified number of currency units, shares, bushels, pounds or other units) or payment
provision (such as a fixed or determinable settlement to be made if the underlying performs in a specified manner)
or both.
b. It requires no initial net investment or an initial net investment less than required for other types of contracts
expected to respond similarly to changes in market factors.
c. Its terms require or allow net settlement, it can readily be settled net by a method outside the contract, or it provides
for delivery of an asset that puts the recipient in a position similar to net settlement.
A derivative may be a stand-alone contract or it may be embedded in another contract, such as a loan agreement, bond,
insurance contract, or lease agreement. In some cases, an embedded derivative should be accounted for separately from the
host contract.
8(83)
An issuer of a loan commitment related to the origination of a mortgage loan to be held for sale must
account for the loan commitment as a derivative instrument.
1401.32 Accounting for Derivatives. FASB ASC 815 requires derivatives to be measured at fair value and reported in the
balance sheet as assets or liabilities. Accounting for gains and losses (that is, changes in fair value) depends on the intended
use of the derivative. Gains and losses on derivatives not designated as hedging instruments should be recognized in
earnings in the period of the change in fair value. For example, an investment in a speculative option to buy units of foreign
currency should be reported as an asset and adjusted to its fair value, with changes in fair value included in net income.
Accounting for gains and losses on hedging instruments depends on the type of hedge, as follows:
a. Fair Value Hedge. If the derivative is intended to hedge the exposure to changes in the fair value of a recognized
asset or liability or an unrecognized firm commitment, the gain or loss on both the derivative and the hedged item
generally should be included in earnings in the period of the change. This treatment is also applicable to a derivative
designated as a hedge of a foreign currency exposure of an unrecognized firm commitment or a recognized asset
or liability (including an available-for-sale security).
b. Cash Flow Hedge. If the derivative is intended to hedge the exposure to variable cash flows of a forecasted
transaction, the gain or loss on the hedge generally should be included as a component of other comprehensive
income until the forecasted transaction affects earnings. A hedge of a foreign currency exposure of a
foreign-currency-denominated forecasted transaction should also be treated as a cash flow hedge.
c. Foreign Currency Hedge. If the derivative is intended to hedge the foreign currency exposure of a net investment in a
foreign operation, the gain or loss in fair value should be reported in other comprehensive income as part of the
cumulative translation adjustment.
1401.33 FASB ASC 815 establishes detailed rules for determining whether a derivative qualifies for hedge accounting and
also establishes specific documentation requirements for derivatives designated as hedging instruments. Those requirements
are discussed in more detail in Chapter 20 of PPCs Guide to Preparing Financial Statements and Chapter 9 of PPCs Guide to
GAAP.
1401.34 Common Uses of Derivatives. Derivatives offer a way for small and medium-sized entities to manage their
exposure to risks and to speculate on changes in market conditions. Common derivatives, often referred to as plain vanilla
derivatives, are available through banks and other sources. The following paragraphs explain the use of an interest rate swap.
Other uses of derivatives, such as options to establish a range of interest rates, the use of forward contracts, and options to
buy foreign currency, are explained in PPCs Guide to Preparing Financial Statements.
1401.35 Interest Rate Swap. An interest rate swap is a derivative that may be used to convert a variable interest rate to a
fixed rate or vice versa. To illustrate, assume that an entity has a $100,000 note that is payable to a bank in three years and
bears interest annually at a rate equal to the U.S. Treasury rate plus 3%. To help stabilize cash flow requirements, the entity
wants to fix its interest payments at 8%. It therefore enters into an interest rate swap contract with the bank under which the
entity makes a small up-front payment and annually writes or receives a check equal to the difference between interest on
$100,000 at a fixed rate of 8% and at the Treasury rate plus 3%.
1401.36 The swap has each of the characteristics required for a derivative
a. It has an interest rate underlying, and its notional amount is the $100,000 base on which interest receipts and
payments are calculated.
b. It requires a small initial net investment.
c. Net settlement is permitted by only receiving or paying cash for the effect of the difference between the two interest
rates.
1401.37 To illustrate how the swap operates, assume that shortly after the note was issued, the Treasury rate rose to 7% and
that during the first year the note was outstanding, the variable rate was 10% (which equals the 7% Treasury rate plus 3%).
For the first interest payment
The entity owes the bank $10,000 for interest on the note (which is the product of the $100,000 principal balance
and the 10% variable interest rate).
Under the swap, the entity owes the bank $8,000 (which is the product of the $100,000 principal balance and the 8%
fixed rate), and the bank owes the entity $10,000 (which is the product of principal and the variable interest rate).
The entity therefore receives a $2,000 payment from the bank for the excess of the $10,000 due from the bank over
the $8,000 due to the bank.
1401.38 The entity records interest expense of $8,000 for the excess of the $10,000 paid under the variable rate provision
over the net $2,000 received under the swap agreement. That equals interest on the $100,000 principal balance at the 8%
fixed rate the entity desired.
1401.39 FASB ASC 815 provides an exception to the requirement to assess hedge effectiveness at inception and on a
continuing basis for certain interest rate swaps that might typically be encountered in small and midsize businesses.
Companies can assume interest rate swaps that meet specified criteria are completely effective (that is, that changes in the
fair value of the derivative will completely offset changes in the fair value or cash flows of the hedged item) and elect to use a
simplified method of accounting for the hedge, referred to as the shortcut method. Use of the shortcut method is discussed
further in PPCs Guide to Preparing Financial Statements. The authors believe many interest rate swaps encountered in small
and midsize businesses will meet the specified criteria for use of the shortcut method.
1401.40 Auditing Considerations. Most small and midsize businesses (other than companies in the financial services
industry, companies that conduct business with foreign entities, or companies in industries where commodity contracts are
common) have few derivative instruments. However, when they are material, derivatives present unique auditing
considerations due to the complex nature of derivative transactions and the accounting rules that apply to them. As part of the
risk assessment process, auditors obtain an understanding about aspects of the companys operations that might present
risks hedged using derivatives and inquire about the extent of derivative use, the types of derivatives used, the entitys
purpose in using derivatives, and the entitys controls over derivatives transactions. Auditing procedures should be tailored for
the type of use and related risks.
1401.41 For audits of periods ending on or after December 15, 2012, AU-C 501, Audit EvidenceSpecific Considerations for
Selected Items, provides requirements and application guidance for certain aspects of auditing the fair value of derivative
instruments. For specific requirements related to auditing fair value accounting estimates, the auditor would turn to the
guidance in AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,
which is discussed in section 1809. AU-C 501 specifically notes that more detailed guidance on planning and performing
auditing procedures on derivative instruments can be found in the AICPA Audit Guide, Auditing Derivative Instruments,
Hedging Activities, and Investments in Securities.
9(84)
For audits of periods ending before December 15, 2012, SAS No. 92,
(AU 332) Auditing Derivative Instruments, Hedging Activities, and Investments in Securities, provides guidance for auditing
derivative instruments. Auditors may need special skill or knowledge to plan and perform auditing procedures for certain
assertions about derivatives. Necessary skill or knowledge may be obtained from specialists following the guidance
1401.42 Key considerations when auditing derivatives include identifying derivative instruments, including those that are
embedded; evaluating whether derivative instruments are properly designated as hedging instruments and, if so, the type of
hedge; evaluating whether derivative instruments are properly valued at fair value; and assessing the proper treatment of
changes in fair value. For derivatives designated as a hedge, the auditor is also concerned with whether the entity has
assessed the effectiveness of the hedging relationship at inception and when financial statements are prepared (or at least
every three months). In addition, if the derivative has been designated as a fair value hedge, the auditor should determine that
the changes in fair value of the hedged item are properly accounted for. For cash flow hedges of forecasted transactions, the
auditor evaluates managements determination about whether the forecasted transaction is probable of occurring. The auditor
ordinarily needs to obtain written representations from management about its intent and ability to enter into a forecasted
transaction for which hedge accounting has been applied. In addition, the auditor considers obtaining representations about
other aspects of derivatives that affect assertions in the financial statements.
1401.43 The first step in auditing derivatives is to assess whether all derivative instruments have been identified by the client
and recorded in the financial statements. Because derivatives may not involve an initial net investment, when designing tests
for completeness, auditors cannot focus exclusively on evidence relating to cash receipts and disbursements. In more
sophisticated organizations, it may be difficult to limit audit risk for assertions about the completeness of derivatives to an
acceptable level without performing tests of controls. Accordingly, the auditor may need to test controls either at the client or
at a service organization. Common procedures performed to identify derivative instruments (that is, to test for completeness)
include:
a. Inquiry of management or the owner/manager to determine if the entity has entered into any contracts that meet the
definition of a derivative.
b. Inspecting agreements (such as loan agreements, leases, insurance contracts, purchase contracts, etc.) to identify
embedded derivatives and determine whether they are properly accounted for.
c. Requesting information from the counterparty to financial instrument contracts.
d. Confirming the existence of derivatives with counterparties who are frequently used, but with whom the accounting
records indicate there are currently no derivatives.
e. Performing analytical procedures. For example, an analytical test of interest expense may identify the existence of an
interest rate swap.
f. Inspecting documentation for activity after year end that may indicate the existence of derivatives at year end.
g. Reading other information such as the minutes of board of directors meetings for approval of derivatives
transactions.
1401.44 If the company holds derivative financial instruments, the auditor may consider confirming significant terms with the
counterparty to the contract or executing broker. Auditors may also consider confirming with counterparties or executing
brokers the derivatives activity during the year. Activity may be scanned and compared with the description of the entitys use
of derivatives provided by the client to validate the clients description. In addition, if the derivative instrument has been
designated as a hedge, the auditor may inspect managements documentation of the hedging relationship to determine that
the derivative qualifies for hedge accounting. As discussed in paragraph 1401.33, in order to qualify for hedge accounting,
the entity must comply with specific documentation requirements at the inception of the hedge. Therefore, it is important for
the auditor to verify the timeliness of the documentation of the hedging relationship.
1401.45 The fair value of derivatives may be based on quoted market prices, fair value estimates from broker-dealers or other
third-party sources, or determined by the entity using a valuation model. If the fair value estimates are obtained from
broker-dealers or other third-party sources based on valuation models, the auditor should understand the method they used
to develop the estimates and consider the relevance and reliability of the information to be used as audit evidence. In
addition, the auditor should consider the guidance on using the work of specialists discussed in section 906 when using their
work as audit evidence. If the fair value estimates are determined by the client using a valuation model, the auditor should
perform procedures to obtain sufficient audit evidence to support managements assertions about fair value. Procedures the
auditor may perform to assess the reasonableness of the clients fair value estimate include:
a. Assessing the reasonableness and appropriateness of the clients model. For example, the auditor determines
whether the market variables and other assumptions used by the client are reasonable.
b. Calculating the fair value using a model developed by the auditor or a specialist as an independent expectation to
corroborate the reasonableness of the clients valuation.
c. Comparing the fair value with recent or subsequent transactions.
Guidance on auditing accounting estimates, including fair value estimates, is discussed in section 1809.
1401.46 As a practical matter, the authors believe small and midsize entities can obtain estimates of the fair value of most of
their derivatives from banks and broker-dealers.
10(85)
Otherwise, the entity can use a variety of estimation techniques to
estimate the fair value of derivatives; for example:
a. Nonexchange-traded stock options can be valued using the Black-Scholes model. Templates are available through
the Internet that will calculate an options fair value by applying the Black-Scholes model to information entered by
the accountant. The templates can be found using the major Internet search engines, for example, by searching on
Black-Scholes. Some sites are free-of-charge, and others charge only a nominal fee. In addition, computer
spreadsheets can be designed to perform Black-Scholes calculations.
b. Discounted cash flows can be used to estimate the fair value of a variety of common derivatives, such as swaps and
forward contracts. As examples:
(1) The fair value of an interest rate swap can be estimated by discounting estimated cash flows using both the pay
and receive rates; the zero-coupon method is one such technique.
(2) The fair value of a foreign currency forward contract can be estimated by discounting estimated purchases and
sales of foreign currency using the forward rate.
Computer spreadsheets are helpful tools in performing such calculations.
1401.47 If quoted market prices are obtained from broker-dealers who are market makers for certain derivatives, special
knowledge may be needed to understand the circumstances in which the quote was developed. For example, those quotes
may only be an indication of interest rather than an actual price at which a counterparty would purchase or sell the underlying
derivative.
Barter Credits
1401.48 A company might exchange a nonmonetary asset, such as inventory, for barter credits that can be used to purchase
goods or services, such as advertising time. The transaction might be facilitated by a barter company that arranges
transactions among principals, or might be directly between principals. The arrangement might require the payment of cash
in addition to the barter credits to receive the goods or services. The barter credit would often be classified as a prepaid,
deferred charge, or other asset. An audit risk related to such transactions includes the risk that management might be
exchanging excess, slow-moving, or obsolete inventory for an advertising credit of dubious utility to avoid recognizing a loss
on inventory.
1401.49 Accounting Considerations. Because the asset acquired in a barter transaction may be recorded at the fair value
of the asset given in exchange, or the asset acquired, whichever is more clearly evident, barter transactions sometimes create
difficult audit practice issues. FASB ASC 845-10-30-17 makes the auditing of barter transactions easier by creating a
presumption that the fair value of the nonmonetary asset exchanged is more clearly evident than the fair value of the barter
credits received. Generally, the barter credits should be recorded at the fair value of the nonmonetary asset given up in the
exchange. If the fair value of the asset exchanged is less than its carrying amount, an impairment loss should be recognized
prior to recording the exchange. The presumption might be overcome, but only if there is persuasive evidence that the
company could convert the barter credits into an amount of cash in the near term that approximates the proposed value.
1401.50 Subsequent to the initial recording of the barter credit, it may be necessary to recognize an impairment loss if the fair
value of unused barter credits is less than the carrying amount or if it is probable that the company will not use all of the
remaining barter credits. If the remaining barter credits are long-lived assets or certain amortizable intangibles, FASB ASC
360-10 establishes accounting standards for the recognition and measurement of impairment losses.
1401.51 Auditing Considerations. The auditors primary focus for barter transactions concerns whether there is an
impairment loss either on the nonmonetary asset exchanged or, subsequently, on the barter credits remaining. For example,
if inventory is exchanged for advertising credits, the auditor may consider whether there is evidence that physical
deterioration, obsolescence, changes in price levels, or other causes have reduced the net realizable value of inventory below
cost. Generally, the audit procedures are the same as for identifying excess, slow-moving, or obsolete inventory, but the
auditor applies them with an added degree of professional skepticism because of the barter transaction. In subsequent
periods, the auditor may review the use of the barter credits in relation to prior and projected advertising expenditures to
evaluate whether the barter credit asset has become impaired.
Evaluating Impairment
1401.52 While performing substantive audit procedures, the auditor needs to be alert for signs that any significant assets may
be impaired. The following conditions may indicate that an asset has been impaired:
a. A significant decline in the market price of the asset. (This applies particularly to marketable investments.)
b. A significant adverse change in the extent or manner of the assets use. (For example, a company buys a franchise
to sell a particular product and later decides to discontinue selling the product.)
c. A significant adverse change in legal factors or in the business climate that affects the value of the asset or an
adverse assessment or action by a regulator. (For example, a purchased contractual right is later invalidated or an
asset suddenly becomes obsolete.)
d. Significant cost overruns beyond the amount originally expected to be needed to acquire or build the asset. (For
example, costs incurred to acquire a contractual right are substantially higher than expected.)
e. A current period operating or cash flow loss combined with a history of operating or cash flow losses associated
with the use of a long-lived asset. (For example, a company owns a franchise right for a retail operation that is
experiencing operating or cash flow losses.)
f. Budgets or prospective financial information showing continuing losses associated with an asset. (For example,
revenues generated by an asset are not expected to be sufficient to recover the assets cost over its remaining
estimated life.)
g. It is more likely than not that an asset will be sold or disposed of significantly before the end of its estimated useful
life. (For example, a purchased contractual right is expected to be sold as part of a transaction to dispose of an
unprofitable line of business.)
1401.53 Cost Method Investments. Impairment indicators specifically related to cost method investments may include the
following:
a. Significant deterioration in the investees earnings, credit rating, assets quality, or business prospects.
b. Significant adverse changes in the investees regulatory, economic, or technological environment.
c. Significant adverse changes in the investees industry or geographic market.
d. An offer to buy or sell, or a completed purchase or sale of, the same or similar security at an amount less than cost.
e. Conditions that cause significant concern about the investees ability to continue as a going concern.
1401.54 Equity Method Investments. Impairment indicators specifically related to equity method investments may include
the following:
A series of operating losses of an investee.
Absence of an ability to recover the carrying amount of the investment.
Inability of the investee to sustain an earnings capacity that would justify its carrying amount.
A decline in the quoted market price below the carrying amount.
It is not appropriate to separately test an investees underlying assets for impairment. However, the investor should recognize
its share of any impairment charge recorded by an investee as part of recording its equity in earnings. It is also necessary to
consider the effect of the investees impairment losses on basis differences discussed in paragraph 1401.25, and whether
basis differences related to assets written down by the investee should be written down in the investors financial statements.
1401.55 Debt and Equity Securities. When the fair value of an available-for-sale or held-to maturity investment is less than
its amortized cost at the balance sheet date, a determination should be made as to whether the impairment is
other-than-temporary. (For purposes of this discussion, the term amortized cost represents the original acquisition cost
adjusted for accretion, amortization, collection of cash, other-than-temporary impairment losses previously recognized in
earnings, foreign exchange, and fair value hedge adjustments.) The assessment depends on whether the investment is an
equity or debt security.
1401.56 Equity Securities. When making a determination about whether the impairment of an equity security is
other-than-temporary, all relevant accounting guidance should be considered. If an impaired available-for-sale equity security
will be sold shortly after the balance sheet date and the fair value is not expected to recover before the sale date, the security
is considered other-than-temporarily impaired in the period the decision to sell is made. (However, an impairment loss should
be recognized even if a decision to sell has not been made if the impairment is deemed to be other than temporary.)
1401.57 The following factors may indicate that impairment is other than temporary:
The length of time and the extent to which the decline in fair value has existed.
The financial condition and near-term prospects of the issuer of the investment, including any specific events that
may influence its operations, industry, or geographic area.
The reduction or elimination of dividends.
The intent and ability of an entity to retain the investment for a sufficient period of time to allow for any anticipated
recovery in fair value.
Evidence needs to be obtained about the relevant factors and the auditor needs to consider whether the evidence
corroborates or conflicts with managements conclusion about whether an other-than-temporary impairment exists.
1401.58 Debt Securities. Indicators of impairment specifically related to debt securities may include the following:
Fair value is significantly below cost and
The decline is attributable to adverse conditions specific to the security or specific conditions in an industry or
geographic area.
The decline has existed for an extended period of time.
Management does not have both the intent and ability to hold the security for a sufficient period of time to allow
for anticipated recovery in the fair value.
A rating agency has downgraded the security.
The issuers financial condition has deteriorated.
Scheduled interest or principal payments have not been made.
Losses from the security were recorded subsequent to year-end.
Adverse changes have occurred in the present value of current estimated cash flows related to a debt security or
beneficial interest.
1401.59 If an entity intends to sell an impaired debt security, an other-than-temporary impairment is deemed to have
occurred. If there is no intention to sell, available evidence needs to be considered to evaluate whether it is more likely than
not the entity will be required to sell the security before recovery of the amortized cost basis. If it is more likely than not the
entity will be required to sell the security before recovery of amortized cost, the impairment is other-than-temporary.
1401.60 Even when the entity does not intend to sell an impaired debt security, an assessment needs to be made of whether
the entire amortized cost of the security will be recovered by comparing the present value of cash flows expected to be
collected with the amortized cost basis. If the present value of cash flows is less than the amortized cost basis (a credit loss),
an other-than-temporary impairment exists. All available information relevant to the collectibility of the security, including
information about past events, current conditions, and forecasts, needs to be considered when developing an estimate of
cash flows expected to be collected.
1401.61 In situations such as those described beginning in paragraph 1401.52, AU-C 501.09 indicates that the auditor
should evaluate whether the asset is impaired and the carrying amount of the asset should be written down. Relevant
accounting guidance is as follows:
FASB ASC 360-10, Property, Plant, and EquipmentOverall, provides guidance on the determination of and
accounting for impaired long-lived assets and amortizable intangibles.
FASB ASC 350-20, IntangiblesGoodwill and OtherGoodwill, provides guidance on recognition and
measurement of impairment losses for goodwill and other intangible assets with indefinite useful lives.
11(86), 12(87)
FASB ASC 323, InvestmentsEquity Method and Joint Ventures, provides guidance on accounting for impairment of
investments accounted for using the equity method.
FASB ASC 320-10, InvestmentsDebt and Equity SecuritiesOverall, provides guidance on accounting for
impairment of investments in debt and equity securities, including investments in equity securities accounted for
using the cost method.
AU-C 501.09 further requires the auditor to obtain sufficient appropriate audit evidence and evaluate whether the client
complied with GAAP when an impairment adjustment is needed. PPCs Guide to Preparing Financial Statements and PPCs
Guide to GAAP provide guidance regarding measuring impairment losses for various types of assets.
1402.1 Workpaper formats for other assets need to be flexible and tailored to the unique type of other asset. Too often,
workpaper analyses for other assets are complex and time-consuming to prepare. The workpaper content and the extent of
the auditors documentation will generally not be influenced by whether the workpapers are prepared in paper or electronic
format. However, if the auditor uses electronic workpapers, client-prepared schedules and detail need to be obtained in
electronic format, if possible, to reduce the extent of paper files that will be retained in the audit file or require scanning
(electronic workpapers are discussed in section 807). This section discusses possible creative alternatives to the traditional
other asset workpapers.
Prepaid Insurance
1402.2 One of the most time-consuming schedules to prepare is an analysis of prepaid insurance. As discussed in
paragraph 1401.7, such a schedule generally is not necessary if the balance is immaterial. However, if the amounts are
material and the auditor decides such an analysis is necessary, the analysis normally has the following column headings:
(1)
Insurance
Company
(2)
Policy
Number
(3)
Type of
Coverage
(4)
Coverage
Limits
(5)
Policy
Term
(6)
Premium
Paid
(7)
Date
Premium
Paid
(8)
Prepaid
Balance
12-31-X1
(9)
Additions
(10)
Amortizat
ion
(11)
Prepaid
Balance
12-31-X2
1402.3 An optional approach that is sometimes effective, especially if the companys insurance policies are in disarray, is to
request that the companys insurance agency prepare a listing of insurance policies, including the information in paragraph
1402.2. The auditor can use that listing to evaluate the prepaid balances on major policies.
Investment Securities and Derivatives
1402.4 If the companys securities portfolio is significant, analysis schedules need to be obtained showing the details of the
portfolio, e.g., type of security, number of shares, date purchased, original cost, current or noncurrent status, fair value, and
classification as trading, held-to-maturity, or available-for-sale. Also, an analysis is needed to test activity during the year, e.g.,
type of security sold, date sold, and cost. Before requesting that such a schedule be prepared, determine if the companys
brokerage house already provides that information on summary sheets. If so, request a copy of those analyses from the
broker. (This can be done when requesting confirmation of securities held in safekeeping by the broker, such as using
ASB-CL-8.2.) Similar analyses of open and closed derivative positions may also be needed, including indication of whether
the derivative is designated as a hedge and the type of hedge. The authors recommend that auditors document their
discussions with management about the companys investment strategies and purpose in using derivative instruments.
Equity Method Investments
1402.5 Workpapers for equity method investments normally include copies of the investees financial statements. Audit
procedures and computation of equity in earnings can be documented on the face of those statements or in attached memos.
1403.1 Overauditing and underauditing tendencies, which are discussed in other sections of this chapter, are summarized
below.
1403.2 Overauditing or inefficient tendencies include:
a. Excessive Prepaid Insurance Calculations. Many auditors routinely recalculate the prepaid insurance balance and
reconcile insurance expense to the prepaid analysis without considering materiality. Also, auditors tend to review the
adequacy of insurance coverage, even though authoritative accounting and auditing literature does not require such
a review.
b. Analysis of Prepaid Expenses. For many prepaids, the balance is recalculated regardless of its significance. The
client can be requested to present a calculation of the prepaid balance and, in most cases, reviewing the
comparative general ledger balances is all that is needed.
c. Unnecessary Cash Surrender Value Confirmations. Some auditors send confirmations to verify cash surrender values
whenever such policies exist. The auditor needs to determine whether any potentially significant cash surrender
values (or significant policy loans) will exist at year end and only confirm those amounts. Also, such balances can
be considered for confirmation at an interim period.
d. Review of Investment Transactions. Some auditors examine supporting documents for all security transactions
during the period. Although it may be appropriate to vouch selected items to supporting documents, it is rarely
necessary to apply the procedure to all transactions.
e. Excessive Physical Inspection of Investments. Some auditors feel it is necessary to examine support for physical
ownership or safekeeping for all investments held. Investments are not significantly different from other types of
assets. Investments need not be inspected unless the balances are material and, even if the balances are material,
the need for a 100% examination is not likely.
1403.3 Underauditing or ineffective tendencies include:
a. Inadequate inspection or confirmation of the physical existence of major investments.
b. Overlooking testing for impairment in the carrying values of investments, goodwill, and other assets.
c. Failure to require audited financial statements (or to apply audit procedures) for material investments accounted for
using the consolidation or equity method. Also, overlooking how a report modification on the financial statements of
an investee may affect the auditors report on the investor.
d. Failure to identify inappropriate selection of accounting methods (cost, equity, or consolidation) for closely held
investments.
e. Failure to consider the basis of accounting and financial statement dates used by an investee.
f. Failure to identify temporary differences between book and tax basis of other assets.
g. Failure to apply the accounting requirements of GAAP to material debt and equity securities and derivatives.
h. Overlooking inappropriate capitalization of start-up costs (see paragraph 1400.2, item m).
i. Failure to identify derivatives.
j. Failure to identify variable interest entities and apply the appropriate accounting requirements of GAAP.
k. For business combinations, failure to understand the scope of the acquisition transaction and consider the
completeness of assets acquired and liabilities assumed, along with their proper measurement under fair value
standards.
1404 CASE STUDIES
Financial Statement Dates of Investor and Investee Are Different
1404.1 The general ledger of Greenleaf Nurseries, Inc., an audit client, includes an investment in a subsidiary (Lakewood
Landscapes, Inc.) representing 60% ownership in the total Lakewood shares outstanding. The following statistics apply to the
two companies at their most recent year end:
Fiscal Year
Ended Total Assets Sales Net Income
Greenleaf 12/31/X2 $ 1,000,000 $ 4,000,000 $ 450,000
Lakewood 1/31/X3 450,000 2,000,000 190,000
Can the auditor consolidate these financial statements for different year ending dates?
1404.2 Solution: FASB ASC 810-10-15-11 and 810-10-45-12 would allow Greenleaf to consolidate the January 31, 20X3,
Lakewood financial statements because the difference in year ends is not over three months. However, disclosure or
adjustment should be made in the consolidated financial statements for the effects of any material transactions in the period
from December 31, 20X2 to January 31, 20X3.
Losses in a Real Estate Limited Partnership Investment
1404.3 Grey Manufacturing has a 50% investment in a real estate limited partnership, Townhouse Ltd. Grey is a limited
partner, and Greys initial capital contribution was $100,000. At December 31, 20X1, Townhouse Ltd.s K-1 tax return shows
Greys tax deductible losses for the year total $150,000 (made up of the initial $100,000 contribution plus $50,000 of
additional deductions because of Greys portion of nonrecourse debt on the financial statements of Townhouse). Grey has a
December 31, 20X1 year end, and its financial statements are prepared in accordance with GAAP. What amount should be
recorded by Grey for the investment in Townhouse Ltd.?
1404.4 Solution: The investment should be reduced to zero, but not beyond zero, since Grey has no additional financial
obligations to Townhouse because the $50,000 debt is nonrecourse.
13(88)
1404.5 Assume that Grey is able to use the $150,000 K-1 tax loss from Townhouse. Are there any temporary differences that
require deferred tax accounting? If so, what is the amount of the temporary difference?
1404.6 Solution: There would be a temporary difference of $50,000, i.e., $150,000 of tax deduction should be recognized
(assuming that the amount of Greys tax deduction is not limited) but the loss for book purposes would remain at $100,000,
the amount of the original investment. The difference occurs because real estate partnerships are allowed to deduct losses to
the extent of nonrecourse debt. Deferred taxes should be provided on the $50,000 temporary difference.
Losses in an Oil and Gas Tax Shelter Investment
1404.7 Grey also has a 50% investment in an oil and gas limited partnership, Mineral Exploration (MX), totaling $100,000.
Grey is a limited partner, but has guaranteed $100,000 of MXs recourse debt. MX had an excellent year, drilling several
successful wells that generated significant proved oil and gas reserves. However, there has been no production to date from
the wells, pending the completion of a gathering system. At December 31, Grey received a K-1 form for MX showing
deductible losses of $200,000. (The $200,000 losses occurred solely because MX elected to expense the intangible drilling
cost on the successful wells.) Assuming that the amount of Greys tax deduction is not limited, what amount should be
recorded on Greys financial statements for the investment in MX?
1404.8 Solution: The investment should remain at $100,000, and a $200,000 temporary difference should be
recognized.
14(89)
For GAAP purposes, MX would not have shown a loss because intangible drilling cost (IDC) on successful
wells is not written off in the year it is incurred. Instead, IDC is amortized on a unit-of-production method over the lives of the
properties. If the loss for MX had been a GAAP loss of $200,000, Grey would have recorded a negative investment (liability) of
$100,000 because it has guaranteed $100,000 of MXs recourse debt.
1405 AUDIT PROGRAMS
1405.1 The core audit programs at ASB-AP-8 and ASB-AP-9 present basic, extended, and other substantive audit procedures
for investments and derivatives and other assets. Using the core audit program, the auditor chooses the procedures that will
be adequate to obtain sufficient audit evidence for the relevant assertions. The use of PPCs audit programs is discussed in
section 405.
assertion level.
detection matters. Examples of common fraud schemes related to investments and other assets and procedures that may be
financial reporting (Exhibit 14-2). For misappropriation of assets, Exhibit 14-1 also lists the symptoms (also called red flags or
Exhibit 14-1
Common Investment and Other Asset Fraud Schemes, Symptoms, and Related Audit ResponsesMisappropriation
of Assets
Audit Responses
a
Theft of investment or diversion of
income or gains.
Unexpected or
unexplained fluctuations
in investment balances.
Unexpected or
unexplained fluctuations
Confirm with third party
Vouch and trace
information.
Conduct predictive tests of
Audit Responses
a
in investment-related
income or expense
accounts.
investment income or
expenses.
Conduct interviews.
Borrowing schemes. Sales of investments from
the organization to an
employee.
Securities held by unusual
party.
Indications that securities
may be pledged.
Review investment
documents and records.
Confirm with third party
Vouch and trace
information.
Conduct interviews.
Unauthorized trading with diversion
of personal losses to the
organization or diversion of gains to
the thief.
Unexpected decreases in
realized gains or
increases in losses.
Review and test policy for
authorization and
execution of trading.
Test for unrecorded trading
by selecting items from
records of the executing
broker.
Note:
a
* * *
Exhibit 14-2
Common Investment and Other Asset Fraud Schemes and Related Audit ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Recording fictitious investments, or investments not
owned by the company.
Confirm with third parties and inspect
investments.
Determine the legitimacy and viability of
investment custodians.
Failing to record sales of investments. Confirm with third parties and inspect
investments.
Determine the legitimacy and viability of
investment custodians.
Misclassifying or misstating the value of investments. Review the classification of securities with
professional skepticism.
Verify value of securities using published sources
or multiple brokers.
Consider whether there has been a
nontemporary decline in value for debt securities
Fraud Scheme
Audit Responses
a
held until maturity, available-for-sale equity
securities, and investments accounted under the
equity method.
Failing to disclose liens on securities. Review collateral provisions of debt instruments
and confirm details of loan agreements with
lenders.
Perform procedures to detect unrecorded debt,
as illustrated in Exhibit 15-2.
Deferring costs that should be charged to expense. Scrutinize documentation supporting amounts
capitalized as intangible assets.
Overstating the value of intangible assets. Scrutinize documentation supporting amounts
capitalized as intangible assets.
Analyze the amortization of intangibles with finite
lives and assess the propriety of amortization
periods and methods.
Analyze intangible assets for evidence of
impairment. (This may require the service of a
valuation specialist.)
Note:
a
* * *
CHAPTER 15: LIABILITIES AND EQUITY
1500 INTRODUCTION
General
1500.1 This chapter discusses the audit of liability accounts (except income taxes and contingencies) and equity accounts.
The audit of income taxes is discussed in Chapter 16, and the audit of contingencies (including inquiries of legal counsel) is
discussed in Chapter 18. The audit of liabilities normally centers around three classifications of accountsaccounts payable,
accrued liabilities, and debt arising from borrowed funds. The audit of owners equity is influenced by the legal form of
organization, e.g., corporation, S corporation, partnership, joint venture, or proprietorship, and the complexity of agreements
that affect equity, e.g., restrictive debt covenants or stock options.
1500.2 Accounts Payable and Accrued Liabilities. Accounting standards for accounts payable and accrued liabilities focus
on the timing of the purchase of an asset, recognition of an expense, or recording of a deposit. Accounts payable for the
purchase of goods and services are created with the passage of title to the goods or with the receipt of the benefit from the
services. Trade payables are usually recorded on the passage of title to items purchased; the point when title passes varies
with the terms of purchase. It is common practice to record the liability for purchases when goods are received; however, it is
necessary to record material inventory in transit and the related obligation if notice of shipment has been received and title
has passed. Accounts payable normally reflect obligations for which creditors invoices are received, and which constitute
liabilities at the balance sheet date. Accounts payable may also include items for which invoices are not received, such as
progress payments on construction contracts, employee withholdings, excise taxes, etc.
1500.3 Contractual obligations (rents, interest, royalties, etc.) and other liabilities, such as taxes, should be recognized at the
balance sheet date even though no invoice or statement has been or will be received.
1(90)
Significant known liabilities should
be accrued even though the exact amount may not then be determinable. Accrued liabilities usually represent provision for
costs that are not immediately payable because the accounting period and the contractual or obligatory period do not
coincide. The accrued liabilities are recorded because the related expense has been incurred during the accounting period.
Accruals generally require computation by the company; they may not be substantiated either currently or at a later date by a
creditors invoice, as in the case of accounts payable. Costs of disposal activities are accrued only for present obligations
owed, not for costs expected to be incurred.
1500.4 Deposits arising from the receipt of money in advance of the delivery of goods or services are usually treated as
liabilities because they will be satisfied by the delivery of goods or rendering of services.
1500.5 Debt Obligations. Accounting standards for obligations for borrowed funds are concerned primarily with
classification and disclosure. The portion of long-term debt obligations maturing within one year, and demand notes and
other obligations with a maturity not subject to company control, including debt containing loan covenant violations that the
lender will not waive, ordinarily are classified as current liabilities. Debt disclosure standards include disclosure of pledged
assets, restrictive loan covenants, interest rates, terms, maturities, etc. An often-overlooked disclosure is a listing of long-term
debt maturities for the five years from the balance sheet date, a requirement of FASB ASC 440-10-50. One of the most
complex series of accounting standards related to recognition of debt is FASB ASC 840. Those standards deal with
recognition and disclosure of capital leases.
1500.6 Equity. Accounting standards for equity relate to terminology, the extent of detail to be presented in the equity section
of the balance sheet, and the form and content of the presentation of changes in equity during the period. The equity section
should be suitably titled, e.g., stockholders equity, partners capital, or proprietors capital. For corporations, the major
components of equitycapital stock, additional paid-in capital, retained earnings, and accumulated other comprehensive
incomeare presented. For partnerships and proprietorships, these distinctions are not made on the balance sheet. FASB
ASC 505-10-50 requires that changes in stockholders equity accounts be disclosed whenever financial statements purport to
present financial position and results of operations. Changes in capital are also usually disclosed for entities other than
corporations, and S corporations often disclose changes in the separate components of retained earnings. FASB ASC 480
generally requires entities to account for mandatory redeemable equity interests as a liability. However, the FASB has
provided exemptions for nonpublic entities. For those entities, the only equity interests required to be accounted for as a
liability are those that must be redeemed on a fixed date and for an amount that is either fixed or referenced to an external
index. More detailed guidance on accounting issues, presentation, and disclosure related to owners equity may be found in
PPCs Guide to Preparing Financial Statements, Chapter 5.
1500.7 A listing of primary financial statement disclosure requirements for nonpublic businesses as required by generally
accepted accounting principles can be found in the practice aid at ASB-CX-13, Disclosure Requirements for Financial
Statements of Nonpublic Companies.
1501.1 AU-C 500.06 states:
1501.2 AU-C 500, Audit Evidence, [formerly SAS No. 106 (AU 326)], states that those audit procedures consist of the
following:
Tests of controls
Risks and Evaluating the Audit Evidence Obtained [formerly SAS No. 110 (AU 318), at AU-C 330.18] states that regardless of
risks of material misstatement by considering the different types of potential misstatements that may occur (that is, what could
each relevant assertion within an account balance, class of transactions or disclosure, the auditor assesses the risks of
proceduresas well as specified risk audit programs. Chapter 5 discusses considerations when choosing substantive
procedures and discusses substantive analytical procedures and tests of details. Auditors need to be familiar with the
concepts discussed in those chapters when selecting the nature, timing, and extent of substantive audit procedures for
liabilities and equity.
Relevant Assertions for Liabilities and Equity
1501.5 The relevant assertions for liabilities and equity generally are as follows:
1501.5 The relevant assertions for liabilities and equity generally are as follows:
Accounts
Payable
Accrued
Liabilities Debt Equity
Existence or
occurrence (E/O)
Accounts payable
reflected in the
financial
statements exist.
Accrued liabilities
reflected in the
financial
statements exist.
Notes payable,
long-term debt,
and debt
equivalents
reflected in the
financial
statements exist.
Equity interests
reflected in the
financial
statements exist.
Completeness (C) Accounts payable
reflected in the
accounts
represent a
complete
presentation of
authorized current
obligations that
arose from the
purchase of
goods and
services.
Accrued liabilities
reflected in the
accounts
represent a
complete
presentation of
unpaid costs and
expenses for
which the benefit
has been
received in the
current period.
Notes payable,
long-term debt,
and debt
equivalents
reflected in the
accounts
represent a
complete
presentation of
authorized debt.
Equity interests
reflected in the
accounts
represent a
complete
presentation of
authorized equity
transactions.
Rights or
obligations (R/O)
Accounts payable
reflected in the
accounts are the
obligations of the
entity.
Accrued liabilities
reflected in the
accounts are the
obligations of the
entity.
Notes payable,
long-term debt,
and debt
equivalents
reflected in the
accounts are the
obligations of the
entity.
Equity interests
reflected in the
accounts
represent the
residual interests
in the net assets
of the entity that
are owed to the
owners.
Valuation or
allocation (V)
Accounts payable
are valued in
accordance with
GAAP.
Accrued liabilities
are valued in
accordance with
GAAP.
Notes payable are
valued in
accordance with
GAAP.
Equity interests
are recorded in
accordance with
GAAP.
Cutoff (CO) Accounts payable
are recorded in
the proper
accounting
period.
Accrued liabilities
are recorded in
the proper
accounting
period.
Notes payable,
long-term debt,
and debt
equivalents are
recorded in the
proper
accounting
period.
Equity
transactions are
recorded in the
proper
accounting period
Accuracy or
classification
(A/CL)
Accounts payable
are properly
classified as
current liabilities,
and disclosure is
made of related
party payables,
payables with
explicit payment
terms, and assets
Accrued liabilities
are computed,
classified and
described in a
consistent
manner.
Notes payable,
long-term debt,
and debt
equivalents are
properly classified
between current
and long-term
portions, and
required
disclosures have
Equity interests
are recorded
correctly as to
account and
amount, and the
equity section of
the balance sheet
is properly
described and
disclosed in
Accounts
Payable
Accrued
Liabilities Debt Equity
pledged as
collateral against
payable balances.
been made. accordance with
GAAP and legal
requirements.
Substantive Audit Procedures for Liabilities and Equity
1501.6 The audit of liabilities concentrates primarily on the financial statement assertions of completeness, cutoff, and the
presentation and disclosure assertions of accuracy or classification. The other assertionsexistence or occurrence, rights or
obligations, and valuationare addressed within the audit procedures designed to test the primary assertions. The audit of
equity concentrates primarily on the financial statement assertions of existence, especially the authorization aspect of
existence, and accuracy or classification. Disclosures should consider both legal and accounting requirements. In other
respects, the auditors approach to equity is similar to the audit of debt because there are generally very few transactions that
are material in amount. The following paragraphs describe examples of substantive audit procedures for those audit areas.
1501.7 Accounts Payable. Examples of substantive procedures for accounts payable are as follows:
Compare the balances in trade accounts payable and purchases with those of prior years, relating the level of
activity to inventory and sales levels, and investigate any unusual fluctuations.
Trace receiving cutoff information obtained during the inventory observation to the accounting records, noting
whether the liability for merchandise is recorded in the proper accounting period.
Scan the listing of accounts payable for related party accounts payable and any other unusual items and consider
whether appropriate financial statement disclosures have been made.
Inquire of the client about their knowledge of unprocessed invoices and whether accruals have been made for such
items.
Perform a search for unrecorded liabilities by reviewing support for material disbursements and remaining
unprocessed invoices subsequent to the balance sheet date to determine if related liabilities were properly accrued.
1501.8 The auditors decision about the extent of procedures necessary to obtain sufficient appropriate audit evidence
depends, in part, on the sophistication of the accounting system. If the company does not record year-end expense accruals,
the auditor may propose the necessary adjustments as a bookkeeping service. Many small businesses operate on a cash
basis throughout the year and recognize accounts payable only at year-end. In those situations, procedures might be
performed to control and list unpaid invoices as of year-end. Also, the extent of the search for unrecorded liabilities
procedures might be increased, for example, by reducing the auditors scope or examining invoices through the date of the
auditors report. As discussed in paragraph 1501.22 and in Chapter 12, accounts payable cutoff tests need to be coordinated
with inventory procedures to determine if cutoff adjustments affect inventory or cost of sales.
1501.9 Accrued Liabilities. Examples of substantive procedures for accrued liabilities are as follows:
Compare the balances in accrued liabilities with those of prior years and investigate any unusual results.
Scan the working trial balance and determine those accrued liabilities that require additional testing, such as
predictive tests; consider whether immaterial balances are reasonable and whether any necessary accruals have
been omitted.
Scan expense accounts in the working trial balance and compare balances with prior periods or other expectations.
Investigate unusual fluctuations or the absence of accrued expense items that existed in prior periods.
1501.10 Substantive analytical procedures that may be appropriate to test material accruals depend on the nature of the
accrual. One example is comparison of the accrued amount divided by the related expense, such as accrued property taxes
divided by property tax expense, for the current and prior period. Accruals that are paid in the next month, such as payroll,
can be tested by computing the ratio of the number of days expense being accrued to the number of days in the payment
period and multiplying the ratio times the next months payment. For estimates such as warranty expense payable, the auditor
can compare the ratio of warranty expense to units sold in the current period to the same ratio for the prior year and current
budget. In some cases, a comparison of warranty expense to costs of sales is sufficient. For employee benefit related items,
the expense and accrual can be related to the number of covered employees. Additional considerations for accrued liabilities
are discussed beginning at paragraph 1501.24.
1501.11 Debt. Examples of substantive procedures for debt are as follows:
Compare balances of notes payable, long-term debt, capitalized lease obligations, and other financing transactions
and related interest expense with those of prior years and investigate any unusual results.
Confirm significant notes that are not confirmed on the standard bank confirmation.
Analytically test the reasonableness of accrued interest and accrued interest payable.
Consider the need to impute interest on any noninterest bearing notes.
1501.12 Inspecting loan documents and lease agreements and review of minutes, which may be done as part of the general
procedures program, together with client inquiries also provide audit evidence about restrictive covenants.
1501.13 Equity. Examples of substantive procedures for equity are as follows:
Read minutes and note authorized equity transactions. (This procedure may be done as part of the general
procedures program.)
Compare balances in the equity accounts with those of the prior year; test significant transactions (for example,
examine supporting documents) and consider whether they are accounted for in accordance with GAAP.
Test significant transactions that occurred in capital stock, paid-in capital, contributed capital, or treasury stock by
examining supporting documents.
Scan the retained earnings account for unusual transactions that might indicate improper accounting. Reconcile
changes in retained earnings to net income for the period.
Review the analysis of other comprehensive income for the period and agree the activity to testing performed in
other audit areas.
Review new agreements associated with rights or restrictions on equity accounts (for example, debt agreements,
buy-sell agreements, or related options to buy company stock), consider whether any transactions resulting from
such agreements are accounted for in accordance with GAAP, and summarize restrictions on equity for disclosure
in the financial statements.
Much of the audit evidence regarding the equity accounts may already be available in the prior years workpapers, which only
need to be updated for any transactions in the current year.
1501.14 Financial Statement Disclosures. Audit programs at the account balance and transaction class level often do not
include extensive tests related to presentation and disclosure. Generally the only specific matters related to presentation and
disclosure that are considered in the audit programs at the account balance and transaction class level are (a) the proper
classification of accounts for financial statement presentation (for example, the current and long-term classification of capital
lease obligations and debt) and (b) ensuring that the workpapers include the information needed for required disclosures and
that such information has been subjected to appropriate audit procedures (occurrence, accuracy, and valuation). (See
paragraphs 1500.5 and 1500.6 for common examples.) The completeness and understandability of disclosures are ordinarily
considered in the steps in the general auditing and completion program (ASB-AP-2 or ASB-AP-2-S).
The Role of Sampling in Substantive Tests
1501.15 In most audits, sampling is not used in auditing accounts payable. One reason is that sampling procedures
generally are more effective in testing for overstatement (i.e., existence assertion) while accounts payable procedures are
directed primarily toward testing for understatement (i.e., completeness assertion). Also, sampling normally is not an efficient
application for:
a. Search for Unrecorded Liabilities. Sampling generally is effective only when the population consists of numerous
items and little or no misstatement is expected. In many small business audits, the auditor expects some unrecorded
liabilities. Accordingly, it is normally more efficient to examine items over a specified dollar amount instead of
sampling.
b. Confirmation with Vendors. As noted in paragraph 1501.16, accounts payable confirmation typically is used only to
supplement the search for unrecorded liabilities. Thus, if confirmation procedures are performed, confirmation with
major vendors is generally sufficient and sampling is unnecessary.
However, when little or no misstatement is expected, some auditors may decide to use sampling to test subsequent
disbursements as part of the search for unrecorded liabilities. In such cases, the sample size needs to be computed based on
the amount of the subsequent disbursements instead of the accounts payable balance.
External Confirmation Considerations
1501.16 It is often unnecessary to confirm accounts payable to obtain sufficient appropriate audit evidence about accounts
payable recorded in the financial statements. A search for unrecorded liabilities generally is an appropriate completeness test
for payables. However, the authors believe that accounts payable need to be confirmed in the following situations:
There is a high risk of material misstatement that accounts payable are incomplete, and the period for conducting
the search for unrecorded liabilities is not considered long enough to detect material unrecorded liabilities.
The client has extended payment terms with vendors.
There are significant debit memos included in the accounts payable balances.
Based on consideration of identified fraud risks, the auditor decides to modify procedures related to accounts
payable balances.
When confirmation procedures are necessary, the auditor should comply with the provisions of AU-C 505, External
Confirmations. The major provisions of AU-C 505 are discussed in Chapter 11.
1501.17 Type of Confirmation Request. The two primary types of confirmations are (a) a request of the creditor to confirm
the balance in the companys records and (b) a request of the creditor to furnish the balance along with a copy of the vendor
statement (sometimes referred to as a blind request). Often, the more effective and efficient method for payables is the blind
request because:
a. the vendor does not have to agree with the companys balance or reconcile the information,
b. a detailed vendors statement provides information necessary to reconcile balances, and
c. confirmation requests can be prepared and mailed before the companys determination of accounts payable.
Nontraditional forms of confirmations are discussed in section 1101.
1501.18 In lieu of mailing accounts payable confirmations, auditors might be able to access a clients accounts payable
balance or outstanding vendor invoice detail directly through the vendors online system.
1501.19 Timing of Confirmations. Confirmations of accounts payable need to be mailed on, or shortly before, the balance
sheet date, so the vendor can respond to the auditors request through the normal billing process. Vendors are more likely to
respond if they are not required to take special steps outside their normal time for billing. If the physical inventory is
conducted before the balance sheet date, the auditor may also confirm accounts payable at that earlier date. (Chapter 5
discusses the auditors considerations for testing the remaining period when substantive tests are performed at an interim
date.)
1501.20 Selection of Specific Accounts for Confirmation. Accounts selected for confirmation primarily needs to include
major suppliers of goods or services. The auditor needs to select vendors based on a review of purchase journals,
disbursement journals, and prior months accounts payable listings. (It may be efficient to maintain a carryforward list of major
suppliers in the permanent file and update it annually.) Since the accounts are selected before the accounts payable listing is
prepared, the selection usually includes some accounts of new vendors, accounts expected to have a small or zero balance,
and accounts payable to officers/related parties. Otherwise, once a client became aware of the vendors that were selected for
confirmation, it would be possible to understate accounts payable and expenses by delaying the recording of certain
purchases from other vendors until after the audit was completed. All returned confirmations should be retained in the
workpapers. A sample confirmation letter is included at ASB-CL-10.1.
1501.21 Reconciliation of Confirmation Responses. Differences between the vendors confirmed balance and the
companys recorded balance can occur for a number of reasons. Differences caused by payments in transit and shipments in
transit normally are not unrecorded liabilities. However, the auditor ought to vouch significant timing differences to
disbursement records and receiving reports. Nontiming differences such as clerical errors, disputes with vendors, and
unrecorded invoices need to be investigated and a determination made of whether a misstatement exists in the clients
balance. Alternative procedures normally are not necessary on nonreplies because the search for unrecorded liabilities
normally compensates for those alternative procedures. However, if the auditor believes that the misstatements noted when
processing confirmation replies are not isolated, testing needs to be expanded by performing alternative procedures on other
balances. Such procedures may include one or more of the following:
a. Obtain statements received by the client and reconcile as necessary.
b. Confirm orally by telephone.
c. Examine documentation supporting payments after the balance sheet date.
d. Examine unpaid invoices held by the client.
e. Determine the existence of vendors not replying by looking them up on the Internet or in trade directories, telephone
books, etc.
Search for Unrecorded Liabilities
1501.22 As previously discussed, the auditor is primarily concerned about completeness (understatement of liabilities). If risk
is low, the search for unrecorded liabilities may be limited to the following steps:
a. Inquiring of responsible client personnel about their knowledge of additional sources of unprocessed invoices.
b. Reviewing receiving cutoff information obtained during the inventory observation.
However, it is usually necessary for the auditor to also perform the following procedures, the extent of which depends on the
risk assessment:
Review cash disbursements after the balance sheet date, obtain supporting detail for material disbursements, and
determine whether goods and services on the paid invoices were received on or before the balance-sheet date. If
so, determine whether the liability was included in accounts payable at the balance sheet date.
Inspect files of unprocessed invoices and vendor statements. If the goods or services were received on or before
year-end, determine whether the liability is included in the accounts payable listing (or the listing of accrued
liabilities).
If the company uses a voucher system, the same procedures are performed, except the auditor may examine transactions
vouchered after the balance sheet date and unvouchered invoices rather than cash disbursements and unpaid invoices.
When designing the search for unrecorded liabilities, the auditor needs to consider the system used by the client.
1501.23 It is not necessary to inspect every vendor invoice or disbursement. Normally, a dollar amount is established, and
transactions equal to or greater than that amount are inspected. That dollar amount ordinarily is determined based on the
amount of coverage (that is, the percent coverage of subsequent disbursements) desired, considering the auditors
assessment of the risk of material misstatement. Other transactions below that amount can be scanned for reasonableness. If
inspection or scanning reveals unrecorded inventory purchases, an audit adjustment may be necessary to debit either
inventory or cost of sales, depending on whether the inventory balance already includes those purchases. If the search
procedures reveal unrecorded liabilities for services that have been rendered or assets where title has passed, the proposed
adjustment would be to the appropriate expense or asset account. To meet the requirements of AU-C 230.09, the workpapers
should identify the items inspected (for example, the auditor may identify the source and selection criteria, such as all
disbursements over $2,000 from the cash disbursements journal for the period 1/1/X2 through ).
Accrued Liabilities
1501.24 Accrued liabilities normally include the following:
a. Accrued salaries or bonuses.
b. Employee and employer withholding and FICA taxes payable.
c. Compensated absences, such as vacation, sick leave, holiday, etc.
d. Accrued commissions.
e. Accrued property taxes.
f. Accrued interest, normally tested in conjunction with the audit of the debt.
g. Accrued professional fees.
h. Costs relating to employee benefit plans (such as pension plans, ESOPs, or other postretirement benefits).
i. Costs relating to benefits provided former employees (such as severance, insurance, or educational benefits).
j. Accrued sales taxes.
1501.25 The substantive audit procedures for accrued liabilities focus on supporting the methods of determining the accrued
amounts. For defined benefit plan accruals the auditor might perform additional procedures to test disclosure of actuarial
present values of vested and nonvested benefits. Many smaller accruals such as accrued property taxes can be tested
through analytical procedures. (See paragraph 1501.9.) The auditor needs to also consider whether revenue/expense
procedures indicate accruals not recorded. Focusing only on a schedule of accrued liabilities prepared by the client can
result in the auditor failing to identify unrecorded accruals. Understanding the clients business and thinking about the types
of liabilities accrued by other clients can help identify missing items. In addition, recorded accruals that appear immaterial
need to be evaluated to consider the likelihood of a material understatement of the balance. The auditor does not document
that the balance is immaterial, but rather that the balance is reasonable based on the auditors knowledge of the account.
However, that does not require preparation of extensive analysis schedules for immaterial accrued expenses.
Other Considerations for Accrued Liabilities
1501.26 Presentation and disclosure requirements include disclosure of material commitments and contingencies. A
commitment is an existing agreement or responsibility to perform, such as long-term leases, pension plans, contracts for
capital asset acquisition, letters of credit, etc. Contingencies include existing conditions, situations, or sets of circumstances
that involve a degree of uncertainty as to whether a liability will be incurred. Audit procedures performed in all areas plus
inquiries of legal counsel provide audit evidence regarding commitments and contingencies. Chapter 18 discusses these
audit procedures.
1501.27 The Other Audit Procedures for Accounts Payable and Other Liabilities at ASB-AP-10 provides specific audit
procedures relating to less common circumstances including:
Compensated absences.
Employee benefit plans.
Postemployment benefits.
Postretirement benefits.
Deferred credits.
Customer rebates.
Warranty costs.
Asset retirement obligations.
Costs of exit or disposal activities.
Guarantees.
The Other Audit Procedures for Inventory and Cost of Sales at ASB-AP-5 provides specific audit procedures relating to
vendor rebates or allowances. Auditors need to consider the use of these procedures when such circumstances apply.
Notes Payable and Debt Obligations
1501.28 Generally, confirmation of debt terms provides the auditor with sufficient appropriate audit evidence for relevant
assertions for notes payable and debt obligations. However, auditors may decide not to confirm debt that was confirmed in
prior years. With the increasing complexity of debt agreements, inspection of loan agreements is also often a necessary
procedure to identify restrictive covenants, pledged assets, terms, etc. That inspection, along with inquiry of the client,
provides the auditor with details about the financing arrangement to confirm with the financial institution. Details of financing
agreements and transactions, such as lines of credit, collateral and pledged assets, loan agreements and related covenants,
and contingent liabilities, including oral and written guarantees,
2(91)
are normally confirmed directly with the appropriate
party at the financial institution responsible for the clients account. All returned confirmations should be retained in the
workpapers. Sample confirmation letters are included in the CL section. Also, inspection of lease documents is normally
performed in the notes payable procedures to identify capital leases.
1501.29 If inspection of the loan agreement reveals a debt covenant violation, it may be necessary to classify the loan as a
current liability. According to FASB ASC 470-10, debt that is callable because of such violations should be classified as
current unless one of the following conditions is met:
a. The lender has waived or lost the right to call the loan within a year from the balance sheet date.
b. The loan has a grace period that allows the debtor to cure the covenant violation within that period and it is probable
that the violation will be cured.
Accounting for loan defaults is discussed in more detail in PPCs Guide to Preparing Financial Statements, Section 307. When
auditors find loan covenant violations, they need to request that the client obtain a waiver letter, unless the company cures the
violation within the grace period. Paragraph 1501.33 discusses additional considerations when assessing the clients
compliance with loan covenants and obtaining waivers.
1501.30 Some long-term loan agreements include due on demand clauses. In those cases, classification of the debt
depends on whether the client obtains an unconditional waiver of the lenders rights to call the debt for over one year from the
balance sheet date. If an unconditional waiver is obtained, the debt can be classified as noncurrent. If such a waiver is not
obtained, the debt should be classified as current. Also, some loan agreements have subjective acceleration clauses, which
allow the lender to call the debt based on subjective criteria such as material adverse changes. FASB ASC 470-10-45-2 and
470-10-50-3 apply to these situations. In the authors opinion, if the auditor believes that it is likely the lender will call the loan
based on such criteria, the debt should be classified as current unless the acceleration clause is waived unconditionally for
over one year from the balance sheet date. If the likelihood of acceleration of the due date is remote, neither reclassification of
the debt nor disclosure of the existence of the clause is required. Evidence that the likelihood of acceleration of the due date
is remote includes:
a. History with the lender (the lender hasnt accelerated due dates of loans containing similar clauses).
b. The entitys financial condition is strong.
1501.31 Classification of revolving debt agreements can also be an issue. According to FASB ASC 470-10-45-3 through 45-6,
if a line of credit both (a) contains a subjective acceleration clause and (b) requires customer payments to be made directly to
a lock-box account that is then applied directly to the outstanding balance of the line of credit, it needs to be classified as a
current liability even though the agreement may not expire until more than one year after the balance sheet date. These
agreements may be fairly common and the classification issues can be easily overlooked by basing the classification on the
expiration date of the agreement.
1501.32 When a client obtains a waiver letter for a covenant violation or a demand clause, the auditor needs to evaluate
whether the waiver is sufficient to classify the debt noncurrent. To be an adequate waiver, the lender must have forfeited the
right to call the loan because of that clause or that violation, and the waiver needs to extend throughout the next fiscal year. If
not, the waiver is inadequate and the debt should be classified as current. The authors offer the following additional guidance
for evaluating the effectiveness of waiver letters:
a. Wording such as the violation of the debt to equity ratio is waived at December 31, 20X1 would not be sufficient
because the violation would theoretically reoccur on January 1, 20X2, requiring the debt to be classified as a current
liability.
b. Wording such as The lender does not presently intend to enforce its rights under the Agreement would not be
sufficient because the lender may change its intentions during the next fiscal year.
c. A waiver through some date before the end of the next fiscal year would not be sufficient if the company is likely to
be in violation of the debt covenant at that point.
d. When the violation relates to a single transaction, such as a sale of equipment without obtaining bank approval, the
waiver need only extend through the balance sheet date, if there are no other violations after that date.
1501.33 In addition, the auditor needs to consider the following procedures to address the possible effects of loan
covenants:
a. Obtain written acknowledgement of lender waivers of loan covenant violations and of the lenders lack of knowledge
of any violations or intent to call the debt. An oral agreement by a financial institution to waive a covenant violation is
not sufficient evidence to classify debt as long-term. As discussed in paragraph 1501.32, covenant waivers need to
be carefully evaluated to determine whether the lender has truly waived the right to call the loan.
b. Carefully review loan amendments that management represents as curing a violation of a loan covenant to assess
whether the lender has waived or amended all covenants or clauses providing the right to call the loan.
c. Consider obtaining a legal opinion from the clients attorney in respect to technical covenant violations.
d. Obtain representations from management regarding known covenant violations and communications with creditors
regarding violations or waivers during the period.
e. Assess the effect of passed audit adjustments on the clients compliance with loan covenants. (Section 1812
provides a further discussion of evaluating passed audit adjustments.)
f. Consider the effects of escalating quarterly loan covenants that cover the quarterly period rather than the end of the
quarter. These covenants may cause the client to be in compliance at the end of one quarter but to be immediately
in noncompliance if a more restrictive covenant is effective for the next quarterly period beginning on the following
day. Written waivers of these covenants may also need to be obtained.
g. Be alert for cross default provisions where a violation of one loan covenant affects other loan covenants.
1501.34 AU-C 700.41 requires the auditors report be dated no earlier than the date the auditor has obtained sufficient audit
evidence to support the auditors opinion. Accordingly, auditors should not date their audit report until they have obtained
written waiver of covenant violations, and their subsequent events procedures should be extended until that date.
1501.35 FASB ASC 470-10-45 refers to short-term obligations as those scheduled to mature within one year after the date
of a companys balance sheet. Normally such obligations are included in current liabilities. However, they may be included
with noncurrent liabilities if both of the following conditions are met:
a. Intent to RefinanceThe company intends to refinance the obligation on a long-term basis.
b. Ability to Consummate the RefinancingAbility may be demonstrated in either of the following ways:
(1) Post Balance Sheet Date Issuance of a Long-term Obligation or Equity Securities. After the balance sheet date
but before the financial statements are issued, a long-term obligation or equity securities have been issued for
the refinancing.
(2) Financing Agreement. Before the financial statements are issued, the company has entered into a financing
agreement that clearly permits refinancing on terms that are readily determinable, and all of the following
conditions are met:
(a) the agreement does not expire within one year (or within the operating cycle) from the balance sheet date
and the agreement is not cancelable by the lender (or callable) except for violation of a provision with
which compliance is objectively determinable or measurable;
(b) no violation of any provision in the agreement exists at the balance sheet date, and no available
information indicates that a violation has occurred prior to the issuance of the financial statements, or if
there has been a violation, a waiver has been obtained; and
(c) the lender is expected to be financially capable of honoring the agreement.
1501.36 Tests of interest expense and accrued interest usually include an overall calculation, based on the average principal
amounts outstanding during the period and contractual interest rates. If this computation results in a reasonable expense
when compared to recorded interest expense, the adequacy of accrued interest payable is also tested. A significant difference
between the auditors computation and recorded interest expense could indicate the existence of a derivative. Derivatives are
discussed beginning in paragraph 1401.30.
Equity Accounts
1501.37 The typical audit procedures for equity accounts are inspection of company documents and vouching significant
transactions. Company documents include articles of incorporation, bylaws, and minutes. For a partnership, the partnership
agreement or contract is a significant document because it specifies division of profits and related matters such as
maintenance of capital at specified levels and restrictions on partners drawings.
1501.38 A small corporation will usually maintain its own stock certificate book, and the auditor will often inspect the
certificate book, reconcile the information on number of shares issued, canceled, and held in treasury, and compare the
accounting records. Also, the auditor needs to inspect company agreements that create rights or restrictions related to equity
accounts, e.g., debt agreements, stock option plans, or buy-sell agreements.
3(92)
1501.39 The auditor may vouch significant transactions affecting equity accounts, e.g., dividends or other changes in
retained earnings and capital additions or reductions, to supporting documents and should document the items selected.
Also, the auditor will need to consider whether those transactions were authorized and appropriate by reference to minutes,
agreements, and legal requirements.
1501.40 Accounting for certain equity transactions can be complicated and small business auditors may not frequently
encounter complex equity transactions. When auditing equity transactions, therefore, it may be necessary to consult other
accounting or auditing professionals. (If consultation is necessary, see the discussion beginning in paragraph 1812.44.)
1501.41 A client may report accumulated other comprehensive income related to items such as unrealized holding gains or
losses on securities, changes in fair value of certain derivative instruments in accordance with FASB ASC 815, items
associated with pension or other postretirement benefit plans, or foreign currency translation adjustments. These balances
generally can be audited by rolling forward the balance from the previous period, reviewing the propriety of classifications,
and agreeing the activity in the accounts to the related testing in other areas. For example, changes in accumulated other
comprehensive income related to unrealized gains and losses on available-for-sale securities are ordinarily tested in
conjunction with the procedures performed to audit investments. An area that is often overlooked is the need to allocate
income tax expense or benefit to each component of other comprehensive income. See the discussion of interperiod tax
allocation at paragraph 1600.5.
1501.42 Other Audit Considerations for Equity. The Other Audit Procedures for Equity at ASB-AP-13 provide specific
audit procedures relating to less common circumstances including:
Situations where there is an independent registrar or stock transfer agent.
Share-based compensation plans.
Auditors need to consider the use of these procedures when such circumstances apply.
1502.1 The workpapers listed below are commonly used to document the performance of the liabilities audit procedures. The
workpaper content and the extent of the auditors documentation will generally not be influenced by whether the workpapers
are prepared in paper or electronic format. However, if the auditor uses electronic workpapers, client-prepared schedules and
detail need to obtained in electronic format, if possible, to reduce the extent of paper documents that will be retained in the
audit file or require scanning (electronic workpapers are discussed in section 807).
a. Schedule of trade accounts payable by vendor.
b. Analysis of notes payable and related interest accounts.
c. Capital lease amortization schedule.
d. Analysis of various accrued expenses as deemed necessary.
e. Summary analysis schedule of beginning balances, transactions, and ending balances for all equity accounts. (If
some transaction categories include numerous transactions, supporting schedules of transactions may be
prepared, e.g., dividends paid, stock issued, etc.)
Schedule of Trade Accounts Payable
1502.2 The schedule needs to show vendor name, detail of the balance owed, and any other information that may assist in
reconciling confirmation responses, such as invoice numbers, vendors account number for the company, etc. Information
about aging of accounts is also beneficial.
Analysis of Notes Payable
1502.3 The workpaper format for notes payable needs to be flexible and tailored to the type of debt maintained by the
company. Information about classification and note disclosures can be accumulated on the face of the confirmation. If a
company has a large volume of loan activity, a more sophisticated schedule may be necessary. For example, a schedule that
summarizes the activity for each individual note may be prepared. These schedules can take more time to prepare than it
takes to audit the individual note; however, they may be helpful when drafting the statement of cash flows and footnote
disclosures. If possible, have the client prepare the schedule. Such a schedule may have the following column headings:
a. Notes payable balance at beginning of period.
b. Notes incurred or additional advances.
c. Note principal payments.
d. Notes payable balance at end of period.
e. Maturities in each of the five years after the balance sheet date.
f. Accrued interest at beginning of period.
g. Interest expense or additional accruals.
h. Interest payments.
i. Accrued interest at end of period.
Capital Lease Amortization Schedule
1502.4 The schedule needs to show, for each periodic lease payment, the amount allocated to reduction of the lease
obligation and the amount allocated to interest expense. It needs to also reflect the unamortized balance of the lease
obligation as of each payment date for the life of the lease.
Analysis of Accrued Expenses
1502.5 Workpapers for accrued liabilities need to be designed to describe the method of calculating the accrued amount and
the financial information needed to apply the computation. The format of such schedules will vary with the type of liability
involved.
Summary Schedule of Equity Accounts
1502.6 Many entities have only a few simple equity transactions. This means the auditor can usually design one schedule to
summarize all procedures for equity accounts. All details the auditor intends to test can be identified in the analysis. The
schedule needs to include a description of the equity units, such as shares of stock, and, normally, matters requiring
disclosure, such as restrictions on dividends, can also be included on the same schedule.
1503.1 This section summarizes overauditing and underauditing tendencies that have been discussed in other sections of
this chapter.
a. Confirming accounts payable when there is a moderate or low risk of understatement.
b. When accounts payable are confirmed, postponing selection of accounts payable confirmations until the account
listing has been completed. This delays response time and may overlook vendors who are not recorded on the
listing.
c. Performing extensive alternative procedures on nonreplies when such tests normally are not necessary.
d. Preparing extensive analysis schedules for immaterial accrued expenses.
e. Performing extensive testing of notes payable and accrued interest for companies with a simple debt structure.
f. Performing complex interest tests when analytical procedures may be adequate.
g. Attempting to apply sampling procedures to liability accounts.
h. Attempting to vouch all equity transactions when, in the rare case, equity transactions are voluminous.
1503.3 Underauditing or ineffective tendencies include:
a. If accounts payable are confirmed, sending confirmations to only material outstanding balances at the balance sheet
date.
b. Lack of proper inspection of debt instruments.
c. Inadequate inspection of lease documents that overlooks capital leases. Also, disclosures for both capital and
operating leases are often overlooked.
d. Inadequate testing of disclosure information required for employee benefit plans, especially defined benefit pension
plans.
e. Inappropriate timing of accounts payable work. It may be necessary to perform some accounts payable testwork as
of the same date as the inventory observation.
f. Inadequate coordination of procedures for the search for unrecorded liabilities. For example, the auditor only
examines subsequent disbursements without considering unprocessed invoices after the balance sheet date.
g. Overlooking appropriate classification of note agreements containing due on demand or subjective acceleration
clauses.
h. Overlooking violations of debt covenants, legal requirements, or equity agreements.
i. Overlooking disclosure of long-term debt maturities for each of the five years following the balance sheet date.
j. Failing to consider whether the company has the ability to pay current debt maturities or to refinance the debt.
k. Overlooking the need to impute interest when the stated interest rate on notes payable exchanged for property,
goods, or services is not reasonable in comparison with prevailing market conditions.
l. Failing to identify unrecorded accruals.
1504 CASE STUDY
Audit Sampling and the Search for Unrecorded Liabilities
1504.1 XYZ Company has an accounts payable balance of $800,000 at 12-31-X1. The auditor has established planning
materiality at $40,000 and tolerable misstatement for accounts payable at $30,000. The auditor believes the risk of a material
misstatement of accounts payable arising from unrecorded liabilities is high. He expects to find some, but relatively little,
misstatement. As part of the search for unrecorded liabilities, the auditor plans to select a sample of cash disbursements
subsequent to the balance sheet date and has estimated a sample size using the formula explained in section 704
[(populations recorded amount tolerable misstatement) risk factor]:
Is this approach acceptable?
1504.2 Solution: This approach is not acceptable. The auditor has defined the population improperly. The account balance
of $800,000 used to determine sample size is not the population from which the auditor is selecting sample items.
1504.3 Generally, the most efficient approach for searching for unrecorded payables is to avoid sampling. The auditor
establishes a cutoff amount and examines all disbursements in the subsequent period above the cutoff amount. The cutoff is
determined based upon the amount of coverage desired, considering the auditors assessment of the risk of material
misstatement. The auditor needs to keep in mind that the population being tested is subsequent disbursements, not the
year-end accounts payable balance.
1504.4 Another procedure the auditor may want to consider is the possibility of confirming accounts payable in conjunction
with examining subsequent disbursements. The auditor can select vendors for confirmation on the basis of activity during the
period rather than the size of the year-end payable balance, e.g., the 5, 10, or 25 vendors having the highest volume of
annual purchases, in addition to selected other vendors as discussed in paragraph 1501.20. The number of vendors is
determined judgmentally because the auditor is identifying significant vendors and not sampling.
1505 AUDIT PROGRAM
1505.1 The core audit programs at ASB-AP-10, ASB-AP-11, and ASB-AP-13 present basic, extended, and other substantive
audit procedures for liabilities and equity. Using the core audit programs, the auditor chooses the procedures that will be
adequate to obtain sufficient audit evidence for the relevant assertions. The specified risk audit programs at ASB-AP-10-S,
ASB-AP-11-S, and ASB-AP-13-S present the substantive audit procedures for liabilities and equity that are normally adequate
to respond to a set of underlying risk assessments (provided at the front of the audit program) considered typical of many
smaller businesses. The use of PPCs audit programs is discussed in section 405.
assertion level.
detection matters. Examples of common fraud schemes related to liabilities and equity and procedures that may be
financial reporting (Exhibit 15-2). (Section 1706 provides examples of common fraud schemes related to accounts payable
and payroll disbursements.) For misappropriation of assets, Exhibit 15-1 also lists the symptoms (also called red flags or
Exhibit 15-1
Common Liabilities and Equity Fraud Schemes, Symptoms, and
Related Audit ResponsesMisappropriation of Assets
Audit Responses
a
Unauthorized borrowing Unexpected liens on company
assets.
changes in lifestyle of potential
suspects.
Confirm or contact lenders.
Search public records and
credit reports.
Examine loan documents.
Interview lender.
Diversion of loan proceeds. Unexpected loss of cash flow. Vouch and trace loan
proceeds.
Diverting equity proceeds for
personal use.
Unexpectedly low cash flow. Vouch and trace equity
proceeds.
Underpaying dividends and
diverting the difference.
Complaints from investors.
Unusual payees or
endorsements on dividend
checks.
Vouch and trace.
Selling shares of stock more than
once.
Missing, duplicate, or forged
stock certificates.
Complaints from investors.
Vouch and trace.
Conduct interviews.
Note:
a
* * *
Exhibit 15-2
Common Liabilities and Equity Fraud Schemes and Related Audit
ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Failing to disclose status of loan covenants. Confirm with lenders.
Misclassifying currently maturing debt as long-term
(especially for covenant violations, demand clauses,
or acceleration clauses).
Inspect loan documents.
Confirm with lenders.
Analyze status of loan covenants.
Recompute current maturities of long-term debt.
Unrecorded debt or undisclosed liens on assets (such
as recording loan proceeds as cash sales).
Confirm with lenders.
Search public records (such as UCC filings).
Inspect credit reports.
Inspect accounting records and supporting
documentation.
Inspect board of directors minutes for
authorization of debt.
Failing to record or understating contingent liabilities. Analyze legal expenses for evidence of work on
pending or threatened litigation.
Review documentation of pending or threatened
litigation.
Communicate with the organizations attorneys.
Analyze other potential contingencies (warranty
costs, guarantees of other debt, standby letters of
credit, losses on firm commitments, etc.).
Recording debt as equity. Analyze the terms of equity arrangements and
compare to current accounting treatment.
Confirm terms of agreements with shareholders if
necessary.
Understating dividends. Inspect stockholder records, articles of
incorporation, board of directors minutes, etc. to
determine the required dividend levels.
Inspect records of dividends paid.
Analyze dividend calculations.
Failing to recognize receivables or seller obligations
for issuance of stock.
Inspect agreements for equity transactions.
Vouch cash proceeds from sale of stock.
Inspect board of directors minutes for evidence
of unusual terms of stock sales.
Confirm details of transactions (including whether
there are any side agreements) with the
stockholders.
Fraud Scheme
Audit Responses
a
Note:
a
* * *
CHAPTER 16: INCOME TAXES
1600 INTRODUCTION
General
1600.1 Income tax is often one of the most material items in the financial statements of nonpublic companies. The
expenseprovision for income taxesmay be one of the larger expense items in the income statement, and the current
liabilityincome taxes payableand related deferred taxes, if any, can be material to the balance sheet. This chapter is
concerned with income taxes for a commercial corporation. The accounting and auditing problems related to other types of
entities, e.g., proprietorships, partnerships, S corporations, limited liability companies, and nonprofit organizations, are not
discussed. However, those types of organizations are generally exempt from income taxes, and accounting and auditing
issues are largely concerned with disclosure of the existence and maintenance of that tax status. This chapter reflects
accounting standards under FASB ASC 740, Income Taxes. Detailed guidance on accounting for income taxes is provided in
PPCs Guide to Preparing Financial Statements, Chapter 4 and PPCs Guide to GAAP. In addition, PPCs Guide to Accounting
for Income Taxes, deals exclusively and comprehensively with the topic. The basic approach to the audit of income taxes is
not significantly altered by changes in tax law or accounting standards.
Characteristics of Income Taxes
1600.2 The characteristics of income taxes have an important influence on the approach to income taxes in the audit.
Generally, these characteristics are:
a. Income tax depends on the other costs and expenses and the revenue recognized during the period. This creates a
critical need for coordination between this area and other areas of the audit.
b. Taxable income and the related liability for income taxes are determined according to tax statutes and regulations
that can be extremely complex, and many nonpublic companies require assistance in determining their tax liability.
This usually means that the auditor, or CPA firm, will have responsibility for tax return preparation in addition to audit
responsibilities.
1(93)
c. There can be significant differences between the accounting treatment of items under generally accepted
accounting principles and the treatment under the tax statutes and regulations. Expert knowledge in both taxes and
accounting may be required. The tax work and audit work need to be carefully coordinated.
d. If there are significant differences between accounting and tax treatment, the tax allocation accounting principles are
among the most complex and controversial in the entire body of generally accepted accounting principles. When
differences exist, there is a critical need for efficiency and effective coordination.
These characteristics are discussed further at relevant points in this chapter.
1600.3 One of the few areas in accounting standards that rivals accounting for income taxes in complexity and volume of
standards is leases. Although accounting for leases has an edge in the volume of standards accounting for income taxes
generally represents the most complex audit area for many small to midsized entities. As a result, this explanation of
accounting standards is presented in a different format than the other chapters.
1600.4 This chapter presents an outline of the accounting standards for income taxes. The outline is designed to allow an
auditor to recognize when an accounting issue exists for a particular client and know where to look for detailed guidance.
(Three sources of guidance are PPCs Guide to Preparing Financial Statements, Chapter 4, PPCs Guide to GAAP, and PPCs
Guide to Accounting for Income Taxes.) The outline of this section begins with a subheading indicating the area of accounting
for income taxes involved. The subheading is followed by a brief explanation of the accounting principle and definitions of
terms, if any, necessary to understand that explanation. The explanation is followed by references to the authoritative
standards that apply and the issues covered in those standards.
1600.5 Interperiod Tax AllocationMeasurement of Income Tax Expense and Deferred Taxes. FASB ASC 740, Income
Taxes, provides requirements for accounting for income taxes in annual financial statements.
2(94)
It is a comprehensive
standard that provides the principal guidance on all aspects of accounting for income taxes. Accounting for income taxes
focuses on the balance sheet and on calculating deferred tax assets and liabilities. Under the asset and liability approach, the
tax effects of transactions are reported in the year that the underlying transactions are recorded in the financial statements,
but the tax effects are based on tax rates expected to be in effect in the period that the differences reverse. Changes in tax
rates are recognized in the period that they are enacted (i.e., signed into law by the President). Deferred income tax
provisions are the differences between deferred tax balance sheet accounts from period to period.
1600.6 In the determination of taxable income, when allowable deductions exceed revenue, there is an operating loss. The
tax benefits of realizable carrybacks of operating losses should be recognized in determining net income for the year of the
loss. Tax benefits of loss carryforwards should also be recognized. However, a valuation allowance for the related deferred
tax asset should be recorded if there is more than a 50% chance that some portion or all of the carryforwards will not be
realized. Disclosure should be made of refundable taxes arising from carrybacks and of the future tax benefits and expiration
dates of carryforwards.
1600.7 The basic calculation of income taxes consists of the following elements:
a. Calculate the current tax provision for the period.
b. Calculate the deferred tax effects at the end of the period of (1) differences between transactions recorded in the
financial statements and those recorded in the tax return and (2) operating loss and tax credit carryforwards.
c. Provide a valuation allowance for the portion of deferred tax assets for which there is not more than a 50% chance of
realization.
d. Subtract the deferred tax asset and liability at the beginning of the year from the amounts at the end of the year in
steps b. and c.
e. Total the amounts calculated in steps a. and d. to obtain the total tax provision or benefit for the year.
f. If necessary, allocate the total tax expense or benefit between continuing operations and other applicable items (for
example, extraordinary items, comprehensive income, etc.).
1600.8 Important terms in understanding interperiod tax allocation are:
a. Permanent Differences. Although not used in professional standards, the authors use the term permanent difference
to describe differences between financial and income tax reporting that have no tax consequences (that is,
differences that are reported in the financial statements but never will be reported in the tax return). Examples of
permanent differences include interest income on certain municipal bonds, the nondeductible portion of business
meals and entertainment expense, and some types of premiums paid on an owner/managers life insurance.
b. Temporary Differences. Temporary differences are differences between financial and income tax reporting that have
future tax consequences (that is, differences between the financial and tax basis of assets and liabilities that will
result in future taxable or deductible amounts).
c. Taxable Differences. A taxable difference is a temporary difference that leads to the recognition of a deferred tax
liability. Taxable differences generally represent expenses that have been deducted in the tax returns but will be
expensed in future financial statements or income recognized in the financial statements that will be taxable in future
tax returns. For example, if accelerated depreciation methods are used for tax purposes, the basis of equipment for
financial reporting will exceed its tax basis during the first portion of the life of the equipment. If the equipment is sold
during that period, any gain on the sale will be higher for tax reporting than for financial reporting. Therefore, a
deferred tax liability exists for the excess future taxable income over future financial statement income.
d. Deductible Differences. A deductible difference is a temporary difference that leads to the recognition of a deferred
tax asset. Deductible differences generally represent expenses that have been recognized in the financial statements
but will be deducted in future tax returns or income recognized in the tax returns but deferred for financial statement
reporting. For example, if an allowance for doubtful accounts is established for financial statement purposes, the tax
basis of trade accounts receivable will exceed the basis for financial reporting purposes. Consequently, future tax
deductions for bad debts will exceed future expense for financial reporting, and a deferred tax asset for future tax
deductions exists.
The distinction between taxable differences and deductible differences is important because deferred tax assets and liabilities
need to be calculated separately. The calculation is discussed in paragraph 1601.16.
1600.9 The professional literature that applies to measurement of income tax expense and deferred taxes is contained in
FASB ASC 740-10 and 740-20. The issues covered in that guidance include the following:
a. Basis differences that are not temporary differences (called permanent differences by the authors).
b. Temporary differences.
c. Change in tax status.
d. Alternative minimum tax.
e. Applicable tax rate used to measure deferred taxes.
f. Changes in laws or rates.
g. Asset acquisitions that are not accounted for as business combinations.
h. Establishment of a valuation allowance for deferred tax assets.
i. Interest and penalties.
j. Tax allocation within a period. (This means apportionment of tax expense among income before extraordinary items,
extraordinary items, and direct adjustments of equity.)
As discussed beginning in paragraph 1600.18, guidance for uncertain tax positions in FASB ASC 740 clarifies the criteria for
recognizing tax benefits of tax positions taken in tax returns. A more detailed discussion is presented in section 1602.
1600.10 Presentation and Disclosure of Income Tax Expense and Deferred Taxes. The financial statements should
disclose the composition of income tax expense, and deferred taxes should be classified into a net current amount and a net
noncurrent amount (for each taxing jurisdiction). Income tax expense, for example, might be composed of:
a. taxes estimated to be payable currently,
b. tax effects of temporary differences,
c. tax effects of operating losses,
d. tax effects of changes in tax laws or rates, and
e. tax effects of most changes in the valuation allowance for deferred tax assets.
Generally, the classification of a deferred tax debit or deferred tax credit is determined by the current or noncurrent status of
the related asset or liability. However, if no asset or liability is associated with the deferral, classification is based on the
expected reversal date of the specific temporary difference.
1600.11 The professional literature that applies to financial statement presentation and disclosure of income tax expense and
deferred taxes is contained in FASB ASC 740-10-45, 740-20-45, and 740-10-50. The issues covered in that guidance include:
a. Balance sheet classification of income tax accounts.
b. Income statement presentation of certain measurement changes to income tax accounts.
c. Income statement classification of interest and penalties.
d. Allocation of income tax or benefit for the year.
e. Allocation to continuing operations.
f. Allocations to items other than continuing operations.
g. Balance sheet related disclosures.
h. Income statement related disclosures.
i. Income tax expense compared to statutory expectations.
j. Unrecognized tax benefit related disclosures.
k. Policy related disclosures.
1600.12 Investment Tax CreditsMeasurement and Disclosure. Prior to the Tax Reform Act of 1986 (TRA), an investment
tax credit (ITC) could be recognized in determining the provision for income taxes, subject to certain limitations. There were
two acceptable methods of recognition:
a. Deferral Method. The allowable investment tax credit was reflected in net income over the productive life of acquired
property.
b. Flow-through Method. The allowable investment tax credit was reflected in net income as a reduction of income
taxes of the year in which the credit arose.
1600.13 TRA eliminated ITC for acquisitions after January 1, 1986, and reduced ITC carryforwards by 35%. Since ITC has
been repealed, accountants have questioned whether the method of accounting for ITC should continue to be disclosed. The
authors believe that disclosure would be necessary only if the financial statements include a tax provision that is significantly
affected by the credits. Accordingly, the authors believe that disclosure of the method used to account for ITC is required only
so long as ITC benefits are being amortized under the deferral method.
1600.14 The professional literature that applies to measurement and disclosure of investment tax credits is FASB ASC
740-10-25-45 and 25-46; FASB ASC 704-10-45-26 through 45-28; and 740-10-50-20. The issues covered in that guidance
include:
a. Use of the deferral method.
b. Use of the flow-through method.
c. Presentation of investment tax credits under the deferral method.
d. Disclosure of investment tax credits recognition policy.
1600.15 Special Areas. In certain special areas, temporary differences arise that may not reverse until indefinite future
periods or that may never reverse. Thus, providing for deferred taxes on these temporary differences may not be appropriate.
Outside of these designated special areas, it is not permissible to apply the criterion of indefinite reversal.
1600.16 Deferred taxes should not be recognized for the following types of temporary differences unless it becomes
apparent that they will reverse in the foreseeable future:
a. Investments in foreign subsidiaries or foreign corporate joint ventures that are essentially permanent in nature.
b. Undistributed earnings of domestic subsidiaries or domestic corporate joint ventures that are essentially permanent
in duration and arose in fiscal years beginning on or before December 15, 1992.
c. Bad debt reserves for tax purposes of U.S. savings and loan associations (and other qualified thrift lenders) that
arose in tax years beginning before December 31, 1987.
d. Policyholders surplus of stock life insurance companies that arose in fiscal years beginning on or before December
15, 1992.
1600.17 The professional literature that applies to these special areas is included in FASB ASC 740-30, 942-740, and
944-740-25-2 and 25-3.
1600.18 Accounting for Uncertain Tax Positions. Depending on the facts and circumstances, there may be varying views
on the appropriate income tax treatment of a transaction. Therefore, there may be uncertainty about whether a tax position
would be sustained by the taxing authority in the event that it examined the position. According to FASB ASC 740-10-20, a tax
position represents a position in a previously filed tax return or one that is expected to be taken in a future tax return and is
reflected in the measurement of current or deferred income tax assets and liabilities. Tax positions would include, among
other things, (a) a decision not to file a return, (b) the allocation of income between jurisdictions, (c) the characterization of
income or a decision to exclude reporting income in a tax return, (d) a decision to classify a transaction, entity, or other
position in the return as tax exempt, and (e) an entitys status, for example, as a pass-through entity or a tax exempt nonprofit
entity.
3(95)
1600.19 FASB ASC 740 requires that computations of current and deferred income tax assets and liabilities only consider tax
positions that more likely than not would be sustained if the taxing authority examined the positions. In that context, the
phrase more likely than not means that there is greater than a 50% chance. In determining whether a tax position meets the
more-likely-than-not criterion, the entity assumes that the tax return for the year in which the position is taken will be examined
and that, not only will the taxing authority examine the return, it will also examine the position.
1600.20 Because an entity is required to recognize and measure the financial statement effects of a tax position based on the
more-likely-than-not criterion, a liability may be created for unrecognized tax benefits. A liability for unrecognized tax benefits
is created when current tax benefit amounts taken in tax returns differ from amounts recognized in the financial statements.
Furthermore, the recognition and measurement criteria for uncertain tax positions may impact the determination of tax bases
of assets and liabilities and the resulting calculation of temporary differences and deferred tax assets and liabilities. Section
1602 presents an overview of accounting for uncertain tax positions. Appendix 1G of PPCs Guide to Accounting for Income
Taxes discusses accounting for uncertain tax positions for small and midsized nonpublic entities in detail.
1601.1 AU-C 500.06 states:
following:
Tests of controls.
Risks and Evaluating the Audit Evidence Obtained [formerly SAS No. 110 (AU 318)], at AU-C 330.18 states that regardless of
could go wrong in the financial statements) and then designing audit procedures that are responsive to the assessed risks.
For each relevant assertion within an account balance, class of transactions, or disclosure, the auditor assesses the risk of
the nature, timing, and extent of substantive audit procedures for income taxes.
Relevant Assertions for Income Taxes
1601.5 The relevant assertions for income taxes generally are as follows:
Existence or occurrence (E/O)Tax laws and regulations have been properly applied and the current tax liability or
receivable is adequate but not excessive. The provision for income taxes and balance sheet accounts for deferred
taxes are based on transactions that actually occurred.
Completeness (C)The provision for income taxes and related balance sheet accounts reflect the tax effect of all
transactions recognized in the financial statements. Deferred tax assets and liabilities reflect the tax effect of all
temporary differences as required by applicable accounting standards. Related disclosures are complete.
Rights or obligations (R/O)Income tax assets and liabilities reflect current and deferred tax benefits and obligations
that pertain to the entity as a result of transactions recognized in the financial statements.
Valuation or allocation (V)The valuation account for deferred tax assets is adequate but not excessive. Income tax
expense or benefit has been properly allocated between continuing operations and other applicable items, such as
extraordinary items and comprehensive income, as necessary.
Cutoff (CO)Income tax expense or benefit and related balance sheet accounts reflect the application of tax laws
and income tax accounting provisions to transactions that have been recorded in the proper accounting period.
Accuracy or classification (A/CL)Current and deferred income tax assets and liabilities have been properly
calculated, recorded, and classified in the balance sheet in accordance with GAAP and applicable tax laws and
regulations. Information about the composition of income taxes and other matters required by GAAP are fairly
disclosed at appropriate amounts.
Substantive Audit Procedures for Income Taxes
1601.6 Designing substantive audit procedures for income taxes requires expert knowledge of tax laws and regulations as
well as knowledge of the applicable accounting principles. In many nonpublic company engagements, the substantive audit
procedures are closely linked to the preparation of the tax return, which creates a need for coordination with other audit areas
and with the firms tax department. Examples of substantive procedures for income taxes are as follows:
Review the prior year tax return and compare it to taxes payable or refundable recorded in the financial statements.
Determine the reason for any significant differences and that any necessary accounting adjustments have been
made.
Review the results of IRS examinations during the year, if any, and determine that any necessary accounting
adjustments have been made.
Review the calculation of the provision for income taxes and reconcile income before taxes on the financial
statements to taxable income and the effective tax rate to the statutory rate, and determine the reason for any
significant differences. Determine that all necessary permanent and temporary differences were reflected in the
income tax calculation and are consistent with those of prior years.
Determine whether current and deferred tax provisions exclude any tax benefit from significant tax positions that do
not meet the more-likely-than-not threshold and limit other significant tax positions to the largest amount of tax
benefit that meets the more-likely-than-not threshold.
Evaluate the adequacy of the amount for income taxes payable in the balance sheet. Evaluate the liability for
unrecognized tax benefits at the end of the period and changes in the liability during the period. Determine whether
appropriate penalties and interest have been recognized for the liability for unrecognized tax benefits.
Consider whether the classification of the deferred tax asset or liability as current or noncurrent is appropriate.
If deferred tax assets are recorded, determine whether it is more likely than not that they will be realized (that is,
whether a valuation allowance is necessary).
1601.7 Substantive procedures for income taxes generally are applied near the end of the audit so that, to the extent
possible, the auditor can identify any misstatements affecting revenue and expense accounts and resolve with the client
which entries will be recorded prior to performing the majority of income tax procedures. If the auditor also prepares the
clients tax return, however, it is usually more efficient to gather information needed for preparation of the tax return as the
audit progresses. The following paragraphs provide further discussion on certain of these procedures and additional
considerations that are frequently encountered in the income tax area. Certain of the matters discussed may be modified by
the auditor based on the risk assessment and the clients role in the tax return preparation process.
Preliminary Scanning
1601.8 The auditor often begins the substantive procedures for income taxes with preliminary steps to become familiar with
the clients tax situation. The auditor typically identifies the applicable taxing jurisdictions (if not done during planning), scans
the taxes payable account, and reviews prior years returns. The expense and liability for income taxes should include all
taxes levied against income by federal, state, and local jurisdictions. This chapter focuses on federal income tax and the IRS
Form 1120 (U.S. Corporation Income Tax Return), but in some cases, state income taxes for one or more states may be a
significant factor.
1601.9 The opening balance of the income tax payable account is often traced to the prior years workpapers, and support
for payment of estimated taxes and any assessments resulting from IRS examinations are typically inspected. If the auditor, or
the audit firm, has provided tax services to the client in the past, a reminder list or calendar may be maintained to assure that
all returns are prepared and filed and estimated payments made on a timely basis. If not, the auditor needs to review the
clients methods and may want to offer suggestions for improvement.
Tax Return Preparation
1601.10 Preparation of a draft tax return might be an efficient step when performing substantive procedures for income taxes.
For CPA firms large enough to have a separate tax department, policies vary on return preparation and review. In some
cases, the audit staff is expected to prepare the return, but review and sign-off by the tax staff is necessary. Some firms have
all corporate returns prepared by the tax staff, and the audit staff makes the review for matters of accounting or auditing
significance. Whatever approach is taken, there is a heightened need for coordination between the tax staff and audit
staff.
4(96)
1601.11 A great deal of the information needed to prepare the draft tax return can be gathered most efficiently when
performing procedures on other audit areas. The relationship between audit areas and information needed for return
preparation is indicated in Exhibit 16-1. In some cases, detailed schedules will be prepared and procedures will be applied to
transactions as part of return preparation and not for audit purposes, e.g., see the discussion on property (Chapter 13) and
income and expenses (Chapter 17).
Exhibit 16-1
Information Gathered for Tax Return Preparation
by Audit Area
a
Inventory
Cost of goods sold analysis (Form 1125-A).
LIFO calculations (for review for consistency with elections).
Property
Depreciation schedules for depreciation summary (Form 4562).
Property acquisitions and dispositions identified as to specific asset, dates acquired or sold, cost, depreciation
method, life, amount of accumulated depreciation, and the amount of gain or loss involved (investment credit
recaptureForm 4255, and supplementary schedule of gains and lossesForm 4797).
Prepaids, Investments, and Other Assets
Amortization of intangibles (Form 4562).
Dividend income by source (Schedule C).
Capital gains and losses (Schedule D).
Necessary pension or profit sharing plan information.
Equity
Stock ownership by officers (Schedule E).
Income Taxes
Reconciliation of taxable and accounting income (Schedule M-1 or M-3).
Reconciliation of financial statement captions to descriptions required by the income tax return.
Listing of amounts and dates of income tax payments (not a required tax return disclosure, but necessary to determine
the unpaid balance and possible penalties).
b
Identification and computation of applicable tax preference items.
Income Statement
Officers names and amount of compensation, including time devoted to business, percent of ownership, social
security number, and expense code allowances (Schedule E).
A schedule of noncash contributions that describes the kind of property contributed and the method used to
determine its fair market value.
Installment sales income.
Miscellaneous income and expense.
Travel, entertainment, and business meals expense.
Wage expense qualifying for tax credits (Form 5884).
Research expense qualifying for tax credit (Form 6765).
Interest expense on life insurance loans.
Expense accruals payable to related parties (disallowed for tax purposes under IRC Sec. 267).
Warehousing costs that must be capitalized for tax purposes but are expensed for financial reporting purposes.
Notes:
a
The related tax schedule, form, or other purpose in addition to preparation of Form 1120 is indicated in parentheses.
b
IRC Sec. 6656 discusses failure to make deposits on a timely basis and resulting penalties.
* * *
1601.12 Careful consideration needs to be given to the possibility of overlooked or omitted items, including possible
deductions not taken or tax savings not elected. This is primarily a matter of client service rather than audit responsibility.
However, many auditors use some form of tax checklist to remind them of the items that are most likely to occur for their
clients.
1601.13 Naturally, if the client prepares the return, the auditor and, if applicable, the tax department, would review the return
rather than prepare it, but the audit objectives would be unchanged.
Reconciliation of Taxable and Accounting Income
1601.14 A necessary substantive procedure for income taxes is reconciliation of accounting income to taxable income. For
those auditors who prepare a draft tax return as a basic step in the audit process, Schedule M-1or M-3 of the tax return (Form
1120) provides this information. Alternatively, the reconciliation can be completed on a separate audit workpaper. Naturally, if
there are no differences, the provision is equal to current taxes as determined on the return. Several suggestions are made in
Chapter 13 on property and in Chapter 14 on other assets to avoid those differences or to reduce them to as few as possible.
1601.15 Identifying Permanent and Temporary Differences. When preparing the reconciliation of accounting income to
taxable income, differences need to be divided into two groups: those without future tax consequences (permanent
differences) and those with future tax consequences (temporary differences). These terms were defined in paragraph 1600.8.
Deferred taxes are not provided for permanent differences.
Calculating the Deferred Tax Provision
1601.16 The steps used to calculate the deferred tax provision are as follows:
a. Identify the taxable and deductible temporary differences and loss carryforwards available for tax reporting at the
end of the year.
b. Calculate the deferred tax liability by multiplying total taxable differences by the applicable tax rate.
c. Calculate the deferred tax asset by multiplying total deductible differences and loss carryforwards by the applicable
tax rate.
d. Identify tax credit carryforwards available for tax reporting at the end of the year and record a deferred tax asset for
the total of the carryforwards.
e. Provide a valuation allowance for the portion of the deferred tax asset for which there is more than a 50% chance
that the benefit of the deductible differences and carryforwards of losses and tax credits will not be realized.
f. Subtract the net deferred tax asset or liability
5(97)
at the end of the year from the net amount at the beginning of the
year to determine the deferred tax benefit or expense for the year.
Paragraph 1601.17 begins a brief discussion of the preceding calculation. More detailed discussions of the calculation are
provided in PPCs Guide to Preparing Financial Statements, section 406, PPCs Guide to GAAP, and PPCs Guide to
Accounting for Income Taxes.
1601.17 Categorizing Temporary Differences. As noted in paragraph 1601.16, temporary differences need to be separated
into two categories: taxable differences and deductible differences. A deferred tax liability is recognized for the tax effect of
taxable temporary differences and a deferred tax asset is recognized for the tax effect of deductible differences. The tax asset
is reduced by a valuation allowance if it is more likely than not that all or a portion of the asset will not be realized. The
differences between taxable and deductible differences are briefly discussed in paragraph 1600.8.
1601.18 Applicable Tax Rates. Once temporary differences are categorized and loss carryforwards are identified, the tax
rates that are expected to be in effect when temporary differences reverse are used to calculate deferred taxes. Companies
need to consider sources of future taxable income other than reversals of temporary differences when calculating deferred
taxes. Thus, the rate used to measure deferred taxes is the rate that is expected to apply to estimated taxable income (which
includes reversing temporary differences) in the period that the temporary differences are expected to reverse. Under current
federal tax law, corporations with taxable income between $335,000 and $10,000,000 are taxed at a flat rate of 34%. Personal
service corporations and corporations with taxable income over $18,333,333 are taxed at a flat rate of 35%. Other
corporations are subject to a graduated rate structure that imposes rates ranging from 15% to 39% on various levels of
taxable income. Companies should measure deferred federal taxes using the flat tax rate (currently 34% or 35%) unless: (a)
the effect of the graduated rate structure is significant or (b) special rates apply to the temporary difference. Since the 34% tax
rate applies to taxable income between $335,000 and $10,000,000, the highest flat tax rate that many corporations will be
subject to is 34%. In that instance, the authors recommend that corporations base deferred tax calculations on the 34% flat
rate (unless a significantly lower average graduated rate applies or special rates apply to the temporary differences). For
companies with expected future taxable income of $10 million or less, the authors believe that the effect of the current federal
graduated rate structure could potentially be significant if future taxable income is expected to be under $150,000 (depending
on the magnitude of temporary differences and carryforwards). This topic is discussed in more detail in section 406 of PPCs
Guide to Preparing Financial Statements.
1601.19 It is not necessary to consider temporary differences under the alternative minimum tax system or to calculate the
effects of the alternative minimum tax system on the annual reversals. However, separate deferred tax calculations using
applicable rates may be needed for each taxing jurisdiction to which the entity is subject (that is, states with different tax laws).
Considering the Need for a Valuation Allowance
1601.20 Deferred tax assets are always recognized for deductible temporary differences, operating loss carryforwards, and
tax credits. However, if it is more likely than not (that is, more than a 50% likelihood) that all or a portion of the deferred tax
asset will not be realized, a valuation allowance must be provided.
1601.21 Positive and Negative Evidence. Determining whether there is more than a 50% chance that a deferred tax asset
will not be realized requires considerable judgment. When making that determination, auditors should comply with the
requirements of AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related
Disclosures [formerly SAS No. 57 (AU 342)], which are discussed in section 1809. In terms of assessing the need for a
deferred tax asset valuation allowance, compliance with AU-C 540 involves looking at all available evidence, both negative
and positive. FASB ASC 740-10-30-21 and 30-22 provides some examples of negative and positive evidence that should be
considered. The list, which is not all-inclusive, is reproduced in Exhibit 16-2. If negative evidence exists, it may be difficult to
conclude that a valuation allowance is not needed for at least a portion of the deferred tax asset. However, the existence of
negative evidence does not always require that a valuation allowance be recorded. In some cases, positive evidence may
exist that outweighs the negative evidence, and a conclusion may be reached that a valuation allowance is not necessary.
Exhibit 16-2
Deferred Tax Asset Realization
Positive and Negative Evidence
FASB ASC 740-10-30-21 and 30-22 provides examples of positive and negative evidence related to whether deferred
tax assets will be realized. The list is not all-inclusive.
Positive Evidence
Existing contracts or firm sales backlog that will produce more than enough taxable income to realize the deferred tax
asset based on existing sales prices and cost structures.
Excess of appreciated asset value over the tax basis of the entitys net assets in an amount sufficient to realize the
deferred tax asset.
Strong earnings history exclusive of the loss that created the future deductible amount (tax loss carryforward or
deductible temporary difference) coupled with evidence indicating that the loss (for example, an unusual,
infrequent, or extraordinary item) is an aberration rather than a continuing condition.
Negative Evidence
Cumulative losses in recent years.
History of operating loss or tax credit carryforwards expiring unused.
Losses expected in early future years by a presently profitable entity.
Unsettled circumstances that, if unfavorably resolved, would adversely affect future operations and profit levels on a
continuing basis in future years.
A carryback, carryforward period so brief that it would limit realization of tax benefits if (1) a significant deductible
temporary difference is expected to reverse in a single year or (2) the enterprise operates in a traditionally cyclical
business.
* * *
1601.22 Other Negative Evidence. There are certain situations in which it is almost impossible to prove that a valuation
allowance is not needed. Two of those are start-up companies and entities whose ability to continue as a going concern is in
question. In essence, those situations serve as other negative evidence (in addition to the examples in Exhibit 16-2) as to the
realizability of deferred tax assets. Section 1807 discusses conditions and events that indicate a potential going-concern
problem.
1601.23 Character of the Income. In order for the future tax benefits of a carryforward or temporary difference to be
realized, (a) the entity needs to have sufficient taxable income available during the carryback, carryforward period available
under the tax law and (b) that income needs to be of the appropriate character. For example, in order to realize the tax benefit
from a capital loss carryforward, there needs to be adequate capital gain income during the carryforward period.
1601.24 Positive Evidence Only. In many cases, such as when there is a history of earnings and taxes paid in prior years,
there may be only positive evidence that the deferred tax asset will be realized. In those cases, auditors ordinarily need to
make inquires of management as to the likelihood that there will be continued earnings and taxes paid. If continued earnings
are expected, the auditor can document that a valuation allowance is not needed based on past experience and expected
future income. If not, negative evidence exists and additional procedures are necessary.
1601.25 Sources of Taxable Income. In cases where there is both positive and negative evidence regarding the realizability
of a deferred tax asset, the auditor needs to perform additional procedures. When determining whether there will be sufficient
taxable income to realize the deferred tax asset, the client looks to the following four sources of taxable income:
a. Future reversals of existing taxable temporary differences.
b. Taxable income in prior carryback years.
c. Taxable income from tax planning strategies.
d. Expected future taxable income exclusive of reversing temporary differences and carryforwards.
1601.26 Evaluating the Evidence. For each taxing jurisdiction, the auditor needs to evaluate the evidence of whether at least
one of those sources will be adequate to realize tax benefits. The sources need to be evaluated in the order that is most
efficient under the circumstances. Some auditors believe that it is most efficient to look to future taxable income first. Others
believe review of reversals of taxable temporary differences will be the most efficient. While it appears that each of the sources
may be the most efficient for a specific set of circumstances, auditors may prefer to look to sources a. and b. first. That is
because they provide the most objective evidence that the tax benefit will be realized. Once it is determined that there is
adequate taxable income to realize the tax benefit, the auditor can stop the evaluation process and need not look at the
remaining sources. If after all four sources are considered there is not sufficient taxable income, a valuation allowance should
be provided.
1601.27 An Efficient Approach. In many cases, the most efficient approach may be to simply assess whether there will be
future taxable income. That approach combines sources a. and d. in paragraph 1601.25.
a. If the client has no temporary differences due to operating losses or tax credit carryforwards, the assessment of
whether taxable income will exist in the years that the deductible differences are expected to reverse would be
limited to determining that deductible differences will be offset by other sources of taxable income.
b. If the client has temporary differences due to operating loss or tax credit carryforwards, the taxable income does not
just need to existit needs to be sufficient to absorb the loss carryforward, or the taxes on future taxable income
needs to be sufficient to offset the tax credit carryforward.
1601.28 Auditors need to be aware that the approach described in the preceding paragraph mixes a source that is
objectively determinable (item a. in paragraph 1601.25) with a source that is more subjective (item d. in paragraph 1601.25). It
is managements responsibility to estimate future taxable income and the auditors responsibility to assess whether the
estimate is reasonable. Auditors need to ensure that it is clear that the estimate is the clients, not the auditors. The authors
recommend that fact be made clear in the management representation letter, as discussed in paragraph 1601.35.
1601.29 When estimating future taxable income, a forecast or budget (as those terms are defined in professional standards)
is not required. However, if the client prepares prospective financial information to support an estimate of future taxable
income, auditors should consider the adequacy of evidence relating to significant assumptions underlying the information,
particularly assumptions that are material to the prospective information, especially sensitive or susceptible to change, or
inconsistent with historical trends. That consideration generally includes reading the prospective information and the
underlying assumptions and comparing prospective information of prior or current periods with actual results or results to
date.
1601.30 Other Approaches. Because the most efficient approach varies depending on the client and its circumstances,
there will be instances in which use of each of the four sources of taxable income will be most efficient, as described in the
following paragraphs.
a. Future Reversals of Existing Taxable Temporary Differences. In some cases, considering taxable reversals may be
the easiest and least subjective method of determining whether a valuation allowance is necessary.
6(98)
Companies may conclude that a valuation allowance is not needed if future reversals of existing deductible
differences can be offset by future reversals of existing taxable differences. Although some scheduling (see
paragraph 1601.36) may be necessary to reach that conclusion, detailed scheduling of the reversals of taxable and
deductible differences for each year may not be necessary. FASB ASC 740-10-55-17 states, . . . if existing taxable
temporary differences that will reverse over a long number of future years greatly exceed deductible differences that
are expected to reverse over a short number of future years, it may be appropriate to conclude, in view of a long (for
example 15 years) carryforward period for net operating losses, that realization of future tax benefits for the
deductible differences is thereby more likely than not without the need for scheduling. If deductible reversals
exceed taxable reversals, the likelihood of taxable income from other sources needs to be assessed.
b. Taxable Income in Prior Carryback Years. In other cases, considering taxable income in prior carryback years may
be the most efficient method of determining whether a valuation allowance is necessary. If the carryback period
includes the current year and one or more years prior to the current year, the taxable income in carryback years will
be based, at least in part, on actual taxable income. Therefore, considering taxable income in carryback years is
less subjective than estimating taxable income from other sources. (Note that the carryback period is measured
from the year that the deductible difference reverses, not originates.)
c. Taxable Income from Tax Planning Strategies. In still other cases, considering tax planning strategies may be the
most efficient method of concluding that no valuation allowance is needed. For example, a company may have
investment securities or other assets that have significantly appreciated in value. A tax planning strategy to sell the
assets could result in additional future taxable income that would allow deferred tax assets to be realized. Tax
planning strategies are discussed in greater detail beginning in paragraph 1601.31.
d. Expected Future Taxable Income Exclusive of Reversing Temporary Differences and Carryforwards. This involves
estimating future GAAP income and adjusting it for permanent differences and originating temporary differences.
The authors believe this approach will rarely be used by small to medium-sized companies. Instead, the combined
approach discussed in paragraph 1601.27 will be used.
1601.31 Tax Planning Strategies. Tax planning strategies are designed to enable realization of deferred tax benefits. They
are methods of increasing future taxable income by (a) changing the reversal pattern of temporary differences (for example, a
change from accelerated depreciation methods to straight-line for tax purposes) or (b) initiating future transactions that will
generate future taxable income of the appropriate character (for example, selling investments in securities to generate capital
gains so that capital loss carryforwards may be used). Tax planning strategies need to meet the following three criteria to be
considered qualifying strategies:
a. The strategy needs to be prudent and feasible.
b. The strategy is one that management ordinarily might not take, but would take to prevent an operating loss or tax
credit carryforward from expiring unused.
c. The strategy would result in the realization of deferred tax assets.
1601.32 Several tax planning strategies may be available to a company to reduce or eliminate the need for a valuation
allowance. According to FASB ASC 740-10-55-41, companies should make a reasonable effort to identify all significant tax
planning strategies. The company should recognize the effect of all strategies and reduce the valuation allowance account
appropriately. (However, consideration of tax planning strategies is unnecessary if it can be concluded that taxable income
from other sources will be adequate to eliminate the need for a valuation allowance.)
1601.33 The valuation allowance should reflect the cost of implementing tax planning strategies such as legal costs and
commissions. However, only those costs that would not otherwise be incurred should be considered. In addition, any related
tax benefits associated with the additional costs also should be considered.
1601.34 While management has primary responsibility for determining that tax planning strategies are prudent and feasible, it
is the auditors responsibility to determine whether the strategies are reasonable. As discussed in paragraph 1601.35, the
authors recommend that managements responsibilities for tax planning strategies be indicated in the management
representation letter.
1601.35 Audit Representations. Whenever a client has material deferred tax assets, the authors believe that auditors need
to obtain a representation from management relating to its responsibility for determining the appropriate valuation allowance.
In addition, representations regarding the following might also be obtained if they are significant factors in assessing the
adequacy of a valuation allowance:
a. Managements responsibility for determining prudent and feasible tax planning strategies.
b. Managements intent to use identified tax planning strategies if necessary to prevent an operating loss or tax credit
carryforward from expiring unused.
c. Managements responsibility for determining future taxable income.
The Management Representation Letter, ASB-CL-3.1, is a representation letter drafting form.
1601.36 The Need for Scheduling. In order to evaluate whether there will be adequate future income to offset reversals of
temporary differences, it may be necessary for the company to schedule temporary differences. Scheduling is the process of
identifying the future years in which each temporary difference is expected to reverse (that is, when they are expected to result
in taxable or deductible amounts) and aggregating the annual amounts to arrive at the anticipated taxable and deductible
reversals for each future year. Although extensive scheduling usually is not necessary, the authors believe that companies
need to have a general knowledge of the reversal patterns of temporary differences. That knowledge is needed to determine:
a. The years for which taxable income needs to be estimated.
b. Whether deferred tax assets and liabilities that are not related to specific assets and liabilities need to be classified
as current or noncurrent.
c. Amounts of deferred tax assets and liabilities when currently enacted tax law requires changes in future tax rates.
However, taxable income can be estimated without a detailed knowledge of when temporary differences will reverse.
Generally, only enough knowledge is needed to determine whether taxable income will vary from customary patterns.
Presentation and Disclosure
1601.37 The assessment of financial statement presentation and disclosure is primarily a matter of ensuring that the
information gathered and determined in prior steps is properly described and disclosed. Some of the more common required
disclosures are:
a. Significant components of the income tax expense attributable to continuing operations (i.e., current tax expense or
benefit, deferred tax expense or benefit, investment tax credits, etc.).
b. Amount of income tax expense or benefit allocated to continuing operations and to other items (i.e., discontinued
operations, extraordinary items, items charged or credited directly to shareholders equity, and components of other
comprehensive income).
c. An explanation of significant variations, if any, between the reported income tax expense attributable to continuing
operations and the amount of income tax expense that would result from applying federal statutory tax rates to
pretax income. Federal statutory tax rates mean the regular tax system under TRA as opposed to the alternative
minimum tax (AMT) system.
d. Method of accounting for ITC if ITC benefits are being amortized under the deferral method.
e. Amounts and expiration dates of unused operating loss and tax credit carryforwards.
f. Components of the net deferred tax liability or asset recognized in the balance sheet.
g. The net change during the year in the valuation allowance.
h. The types of temporary differences and carryforwards that result in significant portions of deferred tax assets or
liabilities.
Disclosure requirements for uncertain tax positions are discussed in section 1602.
1601.38 Other presentation requirements include:
a. Separation of deferred tax liabilities and assets into a current and noncurrent amount based on (1) the classification
of the related asset or liability giving rise to the deferred tax liability or asset or (2) when not associated with an asset
or liability, the reversal dates of the temporary differences or carryforwards.
b. For each tax jurisdiction:
(1) Offsetting of current deferred tax liabilities and assets and presentation as a single amount.
(2) Offsetting of noncurrent deferred tax liabilities and assets and presentation as a single amount.
1601.39 The disclosure checklist at ASB-CX-13 contains a section on income taxes that should be used as a reminder of
necessary disclosures in this complex area.
Tax Department Review
1601.40 As mentioned in paragraphs 1601.10 and 1601.13, if the CPA firm has a separate tax department, it is usually
involved in preparing or reviewing the clients tax return during the audit. Such firms often also have a policy of tax department
review of the tax provision and liability and related financial statement presentation and disclosure. In that case, the tax
department provides an additional level of expertise, review, and approval, but it does not relieve the auditor of his
responsibility for the opinion on the financial statements. The Detailed Review section of the Supervision, Review, and
Approval Form, ASB-CX-14, includes a step relating to tax department review.
IRC Section 7525 Confidentiality Privilege
1601.41 IRC Section 7525 extends a privilege of confidentiality to certain written or oral tax advice provided by CPAs to their
clients related to a federal tax matter (such as tax planning). However, the privilege can be waived in a number of ways, some
inadvertent. Clients can waive the right to privileged communications by disclosing communications to the IRS, by telling a
third party, or by disclosing the communications in their financial statements. The tax practitioner can also waive the privilege
through disclosure to third parties. Information communicated between the tax practitioner and the client may need to be
used by the client when preparing the financial statements and by the auditor when auditing the financial statements. In
addition, professional standards require the auditor to discuss matters likely to have audit implications with firm personnel
performing nonaudit services, such as tax practitioners. Auditors might want to make the client aware of the potential use of
privileged communications in the audit and the possibility the IRS might contend that use or communication of otherwise
privileged information by or to the audit team results in a waiver of the privilege. The Audit Engagement Letter at ASB-CL-1.1
provides a clause that can be used to inform the client of those matters. To help preserve the confidentiality privilege,
separate engagement letters, billing statements, and files should be used for tax advice communications and documents.
1602 ACCOUNTING FOR UNCERTAIN TAX POSITIONS
1602.1 Accounting for uncertain tax positions requires a two-step approach to recognizing tax benefits. The first step of the
approach looks at whether a tax benefit should be recognized, and the second step looks at how to measure a tax benefit that
is recognized. Whether a tax benefit should be recognized depends on whether the benefit is, or will be, derived from a tax
position that meets the more-likely-than-not criterion. A tax benefit should only be recognized if the tax position meets the
criterion. The entity needs to assess the likelihood that a tax position would be sustained by assuming that the taxing authority
will examine the position and the return in which the position is, or will be, taken. Accounting standards prohibit considering
the possibility that a return may not be examined and that, even if a return is examined, the position may not be examined.
1602.2 Following the guidance in FASB ASC 740-10-30-7, the recognized tax benefit should be measured as the largest
amount of tax benefit for which there is greater than a 50% chance of realization upon ultimate settlement with a taxing
authority that has full knowledge of all relevant information. The largest amount of tax benefit should be determined using
facts and circumstances available and considering likely outcomes.
1602.3 To illustrate, assume that an entity develops a tax position under which it will claim a deduction for an expense. If the
entity believes there is no more than a 50% chance the taxing authority would accept the position, the entity should recognize
no tax benefit from the deduction in its financial statements. However, if the entity believes there is greater than a 50% chance
the taxing authority would accept the position, the entity should recognize the tax benefit.
1602.4 If the entity believes there is greater than a 50% chance the full deduction would be allowed, the tax benefit of the full
deduction should be recognized. However, if the entity believes it would likely settle with the taxing authority by agreeing to a
deduction for less than the full amount originally deducted or that the taxing authority would disallow part of the deduction,
the entity should recognize a tax benefit for only the portion of the deduction expected to be ultimately accepted. That amount
can be determined qualitatively or quantitatively.
a. A qualitative assessment could be made in a variety of ways. For example, it could be made based on the
accountants experience with comparable situations or based on the accountants understanding of the recent trend
of rulings by the taxing authority.
b. A quantitative assessment could be made based on different probability scenarios under which the amount
recognized is the largest amount above a cumulative probability greater than 50%. As a practical matter, qualitative
assessments are likely to be sufficient for most small to midsize nonpublic entities.
The Effect on Current Tax Provisions
1602.5 If the tax return for the year has a tax position that does not meet the more-likely-than-not criterion
a. The current tax provision recognized in the financial statements should be the amount that would have been
reported in the return if that position had not been used.
b. The difference between the current tax provision and the tax reported in the return should be recognized as a
liability.
The liability can be viewed as the entitys obligation to return the realized tax benefit to the taxing authority in the event that it
disallows the tax position. Accordingly, the liability would be the estimated additional tax that would be assessed if the tax
position is disallowed. The liability can also be viewed as a deferral of the tax benefit that was realized by claiming the
deduction in the current year return. Recognition of the realized tax benefit is being deferred until the uncertainty is either
reduced to more-likely-than-not or eliminated. However, the deferral is not a deferred tax liability, but rather deferral of a
current tax benefit. Accounting standards for uncertain tax positions prohibit combining the liability for unrecognized tax
benefits with deferred tax liabilities or offsetting it against deferred tax assets.
1602.6 To illustrate, assume that an entity has taxable income of $100,000 that includes a tax position for deducting an
expense incurred during the year of $5,000, but the entity believes the tax position does not meet the more-likely-than-not
criterion. Assuming a 40% tax rate, the entity would recognize income tax expense of $42,000 (taxable income of $105,000
that would have been reported in the tax return if the tax position had not been used at the 40% tax rate), current income
taxes payable of $40,000 (the tax due as reported in the return calculated as 40% x $100,000), and a $2,000 liability for the
unrecognized tax benefits.
The Effect on Deferred Tax Provisions
1602.7 As explained in paragraph 1600.8, a temporary difference is a difference between the tax basis of an asset or liability
and its carrying amount in the financial statements. However, the tax basis of an asset or liability is not determined solely
based on positions taken, or expected to be taken, in tax returns. Instead, only tax positions that meet the more-likely-than-not
criterion are considered in determining the tax basis of an asset or liability.
1602.8 To illustrate, assume that an entity recognizes a liability for an expense it incurred during the year. While the entity is
certain the expense is not deductible in the year it is incurred, it develops a tax position for deducting the expense when it is
paid. Absent any requirement to consider the uncertainty of its tax positions, the entity would conclude that
a. The tax basis of the liability is zero, and
b. The difference between the carrying amount of the liability for financial statement reporting and its zero tax basis is a
deductible difference because payment of the liability will result in a deduction.
1602.9 However, accounting requirements for uncertain tax positions require a different approach. The decision of whether
recognizing the liability for financial statement reporting creates a deductible difference depends on whether the tax position
for deducting payment of the liability meets the more-likely-than-not criterion. Under accounting standards for uncertain tax
positions, the tax basis of the liability for financial reporting is its carrying amount less the future deduction from payment of
the liability that meets the more-likely-than-not criterion.
a. If the tax position meets the more-likely-than-not criterion and there is greater than a 50% chance that the full
amount of the deduction would be allowed, the tax basis of the liability is zero.
b. If the tax position does not meet the more-likely-than-not criterion, the tax basis of the liability is the same as its
carrying amount for financial statement reporting. That is because the tax benefit of the future deduction cannot be
considered under the Interpretation because the deduction is based on a tax position that does not meet the
more-likely-than-not criterion. Since there is no difference in basis, there is no temporary difference, and a deferred
tax benefit cannot be recognized for the expense.
c. If the tax position meets the more-likely-than-not criterion but there is greater than a 50% chance that less than the
full amount of the deduction would be allowed upon examination, the tax basis of the liability is its carrying amount
for financial statement reporting less the amount of the future deduction that is more than 50% likely to be allowed.
Therefore, there is a deductible difference equal to the future deduction from payment of the liability for which a tax
benefit can be recognized.
1602.10 Accounting standards for uncertain tax positions take the same approach for losses and tax credits that are available
for carryforward to future years. Under the standards, a deferred tax asset can only be recognized for a carryforward if the
future use of the carryforward is based on a tax position that meets the more-likely-than-not criterion.
Uncertain Tax Positions Related to State Nexus
1602.11 It is sometimes difficult to determine if or when an entity has nexus in a foreign state. Due to this uncertainty,
management may erroneously decide that it is not necessary to file a state tax return. According to the definition of a tax
position in professional standards, the decision not to file a tax return is an example of a tax position. Thus, the decision not to
file a state tax return is a tax position subject to the recognition and measurement guidance for uncertain tax positions.
Generally, uncertain tax positions taken in a particular tax return are no longer considered uncertain for that tax year when the
statute of limitations expires for the taxing authority to examine the tax return. However, if a tax return is never filed, the statute
of limitations never begins, so in essence, it never ends.
1602.12 If the tax position not to file a state tax return fails the more-likely-than-not recognition criterion but the total amount
in question is not material to the financial statements, it is generally not necessary to derecognize the tax benefits of not filing
the state tax return. However, due to the lack of a statute of limitations, if a tax position not to file a return has been taken for
several years or affects many states, the cumulative amount of that tax position over time may be material to the financial
statements. The administrative practices and precedents of the taxing jurisdiction(s) may provide enough support to limit the
number of years that need to be considered and satisfy the recognition criterion. That documented evidence may limit the
exposure for state nexus issues that do not have a statute of limitations. The entity can consider that evidence when
evaluating the amount of liability for unrecognized benefits that should be accrued.
Guidance for Pass-through Entities
1602.13 FASB ASC 740-10 clarifies that if income taxes paid by the entity are attributable to the
a. entity, they should be accounted for following the provisions of FASB ASC 740.
b. owners, they should be accounted for as a transaction with owners.
1602.14 For example, a state that recognizes the Subchapter S election may nevertheless require the entity to pay an
amount computed by applying the state income tax rate to the entitys taxable income allocated to an out-of-state owner. The
individual would include the allocated income in his return and recognize a tax credit for the payment by the entity. The
payment should be considered attributable to the owner and shown as a dividend in the entitys financial statements.
1602.15 FASB ASC 740-10 also clarifies that
a. the determination of attribution should be made for each jurisdiction where the entity is subject to income taxes and
determined on the basis of laws and regulations of the jurisdiction, and
b. managements determination of the taxable status of the entity, including its status as a pass-through entity or
tax-exempt not-for-profit entity, is a tax position that is subject to consideration of uncertainty.
1602.16 To illustrate the accounting considerations, assume that a corporation that has elected Subchapter S status takes
the position that it does not have nexus with a state that does not recognize that election. The corporation should evaluate
whether the position would more likely than not be sustained by the state in an examination. That evaluation should consider
the positions taken by the state in applying nexus requirements, such as how many years are considered open if tax would be
assessed retrospectively and whether the state has adopted thresholds of taxable income attributable to the state below
which it will not assert nexus.
1602.17 As a practical matter, the authors believe the entity should also consider the materiality of the effects of the position
being denied. For example, reallocation of taxable income to the state may enable the entity to reduce taxable income
originally allocated to other states, resulting in recovery of state income taxes paid.
1602.18 Finally, FASB ASC 740-10 clarifies that the reporting entity needs to consider the tax positions of all entities within
the group of entities whose financial results are presented in consolidated or combined financial statements. To illustrate the
accounting considerations, assume that a limited liability company has a controlling financial interest in a corporation that has
not elected Subchapter S status. Since the limited liability company has a controlling financial interest in the corporation, it
needs to include the consolidated financial results of the corporation in its financial statements. The tax positions taken by the
corporation are subject to the requirements of FASB ASC 740-10 in determining whether income taxes for the corporation
should be recognized in the consolidated financial statements.
Interest and Penalties
1602.19 Accounting for uncertain tax positions requires providing for the effect of penalties and interest on the liability for
unrecognized tax benefits. Some entities include penalties and interest related to income taxes in the tax provision and other
entities include them in expenses. The accounting standards permit either approach but require disclosure of the approach
used by the entity. Disclosure is also required of the amounts of penalties and interest related to income taxes that are
recognized in the income statement and the amounts recognized in the statement of financial position.
Financial Statement Disclosures
1602.20 Prior to the accounting standards for uncertain tax positions, guidance on disclosures for uncertainty in income
taxes was provided primarily by the accounting standards for contingencies, which can be found in FASB ASC 450.
Accounting standards for contingencies no longer apply to uncertain tax positions, however. In addition, separate
consideration of the disclosure requirements for risks and uncertainties, found in FASB ASC 275, also is not required. The
disclosures required by FASB ASC 740-10-50-15 for unrecognized tax benefits provide financial statement users with
sufficient information about uncertainty in income taxes. ASB-CX-13 provides a disclosure checklist that reflects required
disclosures for nonpublic companies.
7(99)
IRS Access to Workpapers
1602.21 The primary concern for taxpayers in complying with GAAP for uncertainties in income taxes is that the required
disclosures would provide a roadmap for the IRS and other taxing authorities. In addition, in an audit, many accountants
believe that IRS auditors will likely now request the entitys workpapers supporting their accounting for uncertain tax positions.
In the past, IRS access to workpapers has not been a pronounced problem for many nonpublic companies. In addition, in
June 2007, IRS Memo AM 2007-0012 partially alleviated this concern by stating that documentation resulting from the
issuance of FIN 48 is considered tax accrual workpapers, so the IRS would have to satisfy the unusual circumstances
standard to acquire such workpapers. However, the IRS further indicated it is evaluating its tax accrual workpaper policy to
ensure that it is still appropriate in todays environment. Thus, it appears the IRS may attempt to change the definition of tax
accrual workpapers to distinguish them from workpapers supporting accounting for uncertain tax positions.
8(100)
Audit Considerations
1602.22 The AICPA has issued Practice Guide on Accounting for Uncertain Tax Positions Under FIN 48 that provides
nonauthoritative guidance on accounting for uncertain tax positions for financial statement preparers, auditors, and tax
advisors. Exhibit 16-3 provides suggested procedures for the auditor when reviewing and testing the related estimates. Exhibit
16-3 is based on guidance in the AICPA Practice Guide.
Exhibit 16-3
Suggested Procedures for the Estimates and Amounts for Uncertain Tax Positions
1.Obtain an understanding of the clients process for developing and reviewing the estimate.
2. Inquire of management and others involved in preparing and reviewing the estimate about matters such as
aExpertise needed to develop and evaluate the estimate.
bProcess for determining the best estimate including the assignment of probability values to various assumptions
and outcomes.
c.How variation in underlying assumptions is factored into the estimate.
d.Who has final authority for reviewing and approving the estimate.
3. Obtain an understanding of relevant controls that relate to the preparation of the estimate.
4.Perform procedures to test the financial statement assertions that relate to the estimate, including:
a.Identify the relevant factors, assumptions, and data used in the estimate development and evaluate whether they
are
Relevant and sufficient.
Reasonable by examining supporting evidence such as citations from applicable tax law and past
administrative practices and precedents of the taxing authority.
b.Evaluate the consistency of interrelated assumptions.
c.Evaluate the reasonableness of the range of possible assumptions that were considered.
d.Consider the objectivity of assumptions used.
e.Review available documentation for the data, factors, and assumptions used in estimate development and
reperform related calculations to determine the estimate.
f.Examine supporting evidence relating to the timing of the recognition of the tax benefit.
g.Determine whether the required disclosures that relate to the estimate are complete, supported by sufficient,
appropriate evidence, and in conformity with GAAP.
* * *
1602.23 The AICPA has issued FAQ on the Independence Impact of Providing FIN 48 Services to an Attest Client that is
added to the non-authoritative listing of Bookkeeping FAQs. The Professional Ethics Executive Committee determined that the
auditor could assist a client with applying accounting standards for uncertain tax positions provided the auditor is satisfied
that the client understands the reasons why a specific tax positions does or does not meet the more-likely-than-not threshold
and the basis for the determination of related unrecognized tax benefits. The general requirements of Interpretation 101-3,
Performance of Nonattest Services, of the AICPAs Code of Professional Conduct (ET 101.5) would need to be met (see
section 202).
1603.1 Efficiencies in workpaper documentation for income taxes can be achieved by coordinating the preparation of tax
return forms and schedules with audit workpapers in other areas. See Exhibit 16-1 for a listing of common relationships
between audit areas and tax return schedules and forms.
1603.2 The workpapers listed below may be necessary in the income tax area. The workpaper content and the extent of the
auditors documentation will generally not be influenced by whether the workpapers are prepared in paper or electronic
format. However, if the auditor uses electronic workpapers, any client-prepared schedules and detail need to be obtained in
electronic format, if possible, to reduce the extent of paper documents that will be retained in the audit file or require scanning
(electronic workpapers are discussed in section 807).
a. Schedule of audit adjustments made to arrive at adjusted before-tax net income.
b. An analysis of the taxes payable account.
c. A reconciliation of taxable income and pretax accounting income.
d. Computation schedules for current and deferred income taxes and the intraperiod tax allocation.
e. Memoranda or other analyses supporting the assessment of deferred tax assets and related valuation allowances.
f. An analysis of tax positions, including a roll-forward of unrecognized tax benefits.
g. Support for income tax related disclosures (for example, the effective tax rate reconciliation and a schedule of
amounts and expiration dates of unused carryforwards).
h. Opinions of outside tax advisors on material matters, if applicable, or other documentation of the facts and
Use of Tax Return Forms and Schedules
1603.3 Naturally, copies of tax return schedules and forms can be used as audit workpapers to avoid duplicate preparation
of essentially the same information. For example, Schedule M-1 (or M-3) of Form 1120 may be the basic schedule for the
reconciliation of taxable income and pretax accounting income. Tickmarks may be used to identify permanent differences and
temporary differences. If there are only a few categories of temporary differences, tickmarks may be used to distinguish
temporary differences by transaction or item group.
Listing of Temporary Differences
1603.4 A listing of temporary differences that comprise deferred tax assets and liabilities might be maintained to aid in
preparation of the provision in future years. (Note that, as discussed in paragraph 1601.36, scheduling the reversal of
temporary differences may also be necessary to determine whether a deferred tax asset valuation account is needed.)
1603.5 An auditing interpretation at AU-C 9500.01.22 provides guidance on the auditors documentation related to income
tax accruals. The interpretation indicates that appropriate audit documentation includes sufficient evidence about tax
contingency matters to support the auditors conclusions on accounting and disclosure. Audit documentation reflects the
procedures performed and conclusions reached and includes the clients documentary support (or auditor-prepared
summaries) for significant financial statement amounts and disclosures related to tax contingencies. Specifically, the
documentation includes significant elements of the clients tax contingencies or reserves, including a roll-forward of material
changes in reserves. The auditing interpretation does not specifically address estimates related to uncertain tax positions.
However, the authors believe that tax contingency matters include unrecognized tax benefits.
1603.6 Audit documentation also provides the clients position and support for income tax related disclosures, such as the
effective tax rate reconciliation, and support for the intraperiod allocation of tax expense or benefit to continuing operations
and other items (e.g., discontinued operations, extraordinary items, and other comprehensive income). Where applicable,
documentation also includes the basis for assessing deferred tax assets and valuation allowances and support for applying
the indefinite reversal criteria (see paragraph 1600.15). In addition, if support for the tax accrual or contingency matters is
based on the opinion of an outside adviser on a potentially material matter, the auditor should obtain access to that opinion.
Documentation includes either the actual advice or opinion rendered by the adviser, or other documentation of the facts
addressed and conclusions reached by the client and adviser.
1604.1 The more common areas of overauditing of income taxes for many nonpublic company engagements are:
a. Extensive preparation of audit schedules supporting the tax computation when preparation of a draft of the tax return
could be more efficient.
b. Accounting for deferred income taxes when temporary differences are not material.
1604.2 The more common areas of underauditing of income taxes for many nonpublic company engagements are:
a. Lack of recognition of items giving rise to deferred income taxes, when material.
b. Failure to consider AMT in computing the tax provision.
c. Failure to obtain sufficient evidence regarding the need for a deferred tax valuation allowance.
d. Failure to consider the proper classification of current deferred taxes.
e. Deficiencies in disclosure, for example, failure to disclose the reasons for significant differences between statutory
tax rates and the clients effective rate.
1605 CASE STUDY
Deferred Tax Calculation
1605.1 The following illustrates a deferred tax calculation using a flat tax rate of 34% when there are both deductible and
taxable temporary differences. Assume the following facts:
a. At the end of 20X0 and 20X1, a company has deductible and taxable temporary differences as follows:
20X0 20X1
Deductible $ 40,000 $ 60,000
Taxable 55,000 70,000
b. At the end of 20X0, deferred tax liabilities amount to $18,700 (taxable temporary differences of $55,000 34%) and
deferred tax assets total $13,600 (deductible temporary differences of $40,000 34%). A valuation allowance was
not considered necessary for the deferred tax assets. The company recorded a net deferred tax liability of $5,100
(deferred tax liabilities of $18,700 deferred tax assets of $13,600). Current and noncurrent classifications are
ignored in this example.
c. Based on pretax income in previous years and the amount expected in future years, the effect of the graduated tax
rates is not considered significant. There are no enacted changes to the 34% tax rate.
1605.2 Deferred tax liabilities and assets at the end of 20X1 would be calculated as follows (assuming that a valuation
allowance is not considered necessary for the deferred tax assets):
Deferred tax liability ($70,000 34%)
$ 23,800
Deferred tax asset ($60,000 34%)
(20,400
)
Net deferred tax liability $ 3,400
1605.3 The deferred tax benefit for 20X1 would be as follows:
Ending deferred tax liability $ 3,400
Beginning deferred tax liability (5,100)
Deferred tax benefit $ (1,700)
Valuation Allowance Calculation
1605.4 The following illustrates a valuation allowance calculation when it is necessary to consider more than one source of
future taxable income. Assume the following:
a. A company has a net operating loss carryforward of $200,000 that expires in three years.
b. The loss carryforward arose primarily due to significant losses during the first few years after the company was
formed. Since that time, taxable income has ranged from $25,000 to $50,000.
c. The company expects future taxable income from the following sources:
(1) Future Taxable Income (i.e., reversals of existing taxable differences and taxable income exclusive of reversals
of existing taxable differences). Based on past trends, the company believes that $100,000 of taxable income
will be generated during the next three years.
(2) Taxable Income in Prior Carryback Years. The existence of operating loss carryforwards indicate that there is no
available taxable income in prior carryback years. Either (a) the taxable income in prior carryback years has
already been used to offset the operating loss carryforwards or (b) an election was made to forego carryback
and carry the losses forward.
(3) Tax Planning Strategies. The company has a note receivable from the sale of real estate in a prior year. The sale
is accounted for under the installment method, and gross profit of $60,000 has been deferred. The company
believes that the debtor would pay off the note for a discount of $10,000.
9(101)
Legal and other fees are
estimated to be $1,000.
1605.5 Considering those sources of future taxable income, the loss carryforward would be realized as follows:
Loss carryforward $ 200,000
Sources of future taxable income:
Taxable income during the next three years $ 100,000
Tax-planning strategies:
Gross profit recognized upon sale of note receivable 60,000
Discount allowed (10,000) (150,000)
Unused loss carryforward 50,000
Assumed average tax rate 15%
$ 7,500
Net-of-tax cost of implementing the strategy
[$1,000 (15% $1,000)]
850
Valuation allowance needed $ 8,350
1606 AUDIT PROGRAM
1606.1 The core audit program at ASB-AP-12 presents basic, extended, and other substantive audit procedures for income
taxes. Using the core audit program, the auditor chooses the procedures that will be adequate to obtain sufficient audit
evidence for the relevant assertions. The use of PPCs audit programs is discussed in section 405.
CHAPTER 17: INCOME AND EXPENSES
1700 INTRODUCTION
General
1700.1 It is probably easier to overaudit income statement accounts than any other audit area. Thus, auditors need to be
especially careful in selecting appropriate substantive procedures to obtain audit evidence related to relevant assertions. This
chapter explains how the assertions and procedures are linked in this audit approach.
1700.2 The accounting standards that apply to the income statement can be divided into two broad categories:
a. Those relating to when revenues and expenses should be recognized.
b. Those relating to how income statement line items should be arranged and displayed.
1700.3 Revenue and Expense Recognition. Generally, the standards for recognition of revenues and expenses may be
stated as follows:
a. Revenue is realized when a product is sold, (i.e., when it is delivered, or a service performed, unless, in each case,
collection is not reasonably assured).
b. Expense is recognized when the related revenue is realized if the cost is clearly associated with the revenue, or in
the period incurred if the cost provides no discernible future benefit.
These statements provide a reasonable general description. However, in authoritative accounting standards and in accepted
industry practice, there are many variations and refinements. For example, all of the following are generally accepted ways of
recognizing revenue in defined circumstances: sale of product, substantial performance of service, percentage of completion,
cost recovery, and installment basis. As explained in Chapter 3, the auditor should obtain an understanding of the entity and
its environment, including its internal control, and an important part of that understanding is knowledge of the relevant
accounting practices.
1700.4 Reporting Results of Operations. Under current accounting literature, financial statements are required to report
comprehensive income. Comprehensive income refers to net income plus other comprehensive income. Most revenues,
expenses, gains, and losses are included in the determination of net income; however, certain revenues, expenses, gains,
and losses are reported as other comprehensive incomethat is, as separate components of stockholders equity.
1(102)
Adjustments to equity that are not considered to be elements of other comprehensive income are rare and severely
restricted.
2(103)
Presentation issues generally concern whether an item is properly classified as a component of income from
operations, reported below that amount as a separate determinant of net income, or reported as a component of other
comprehensive income. The accounting standards for presentation of items in the income statement generally may be stated
as follows:
a. The results of discontinued operations, including impairment losses, and any related gain or loss on disposal are
reported net of taxes immediately after the results of continuing operations and before extraordinary items.
b. Extraordinary items are reported net of taxes separately on the face of the income statement. (An item is
extraordinary if it is unusual and unrelated to ordinary activities, and infrequent.)
c. Items that are unusual or infrequent, but not both, are reported as a separate component of income from continuing
operations. They are not presented net of taxes or in any other way that could imply that they are extraordinary
items.
d. Items of other comprehensive income are reported separately following net income in the income statement, in a
separate statement of comprehensive income that begins with net income, or in a statement of changes in equity
that includes comprehensive income. Components of other comprehensive income may be presented net of related
tax effects or before related tax effects with one amount displayed for the aggregate income tax effect.
3(104)
These items tend to occur much less often for small businesses. More common issues in the presentation of the income
statement of a small business concern the extent of detail to be presented for ordinary revenues and expenses. However,
authoritative accounting standards provide little or no guidance on those issues.
1700.5 Relationship of Presentation to Assertions. The nature, timing, and extent of procedures necessary to obtain
sufficient audit evidence for relevant assertions are naturally related not only to the nature of the transactions and events that
occur, but also to the extent of detail presented in the income statement. By avoiding unnecessary detail in the income
statement, the auditor can achieve greater efficiency in the audit. For example, many entities may use an income statement
with the following format:
Sales
Cost of Sales
Gross Profit
Selling Expenses
General and Administrative Expenses
Other Income/Expense
Income before Taxes
Provision for Taxes
Net Income
If more detailed information were important, that information could be presented in attached schedules, not cross-referenced
in the income statement, and reported on as supplementary information in relation to the financial statements as a whole.
(See AU-C 725; section 908; and PPCs Guide to Auditors Reports, Chapter 11 for guidance on reporting on supplementary
information.) The discussion in this chapter assumes an income statement presentation that is reasonably simplified and that
avoids unnecessary detail.
1701.1 AU-C 500.06 states:
following:
Tests of controls
1701.3 Relevant assertions for a particular audit area are assertions that have a meaningful bearing on whether the account
balances, transaction classes, or disclosures are fairly presented. The auditor uses relevant assertions in assessing the risks
of material misstatements by considering the different types of potential misstatements that may occur (that is, what could go
wrong in the financial statements), and then designing audit procedures that are responsive to the assessed risks. For each
relevant assertion within an account balance, class of transactions, or disclosure, the auditor assesses the risks of material
misstatement and, based on that assessment, determines the nature, timing, and extent of the substantive procedures
necessary to obtain sufficient appropriate audit evidence.
nature, timing, and extent of substantive audit procedures for income and expenses.
Relevant Assertions for Revenue and Expense Transactions
1701.5 The relevant assertions for revenue and expense transactions generally are as follows:
Existence or occurrence (E/O)Revenue and expense transactions reported in the income statement are for valid
transactions that actually occurred during the period.
Completeness (C)All revenue and expense transactions that should be included in the income statement are
included. The financial statements include all disclosures required by GAAP.
Cutoff (CO)Revenue and expense transactions are recorded in the proper accounting period.
Accuracy or classification (A/CL)Revenue and expense transactions are measured properly and are recorded in
the appropriate accounts. Uncollectible amounts, returns, and allowances are adequately provided for.
Extraordinary, unusual, or infrequent items are properly classified and described.
The valuation and rights/obligations assertions ordinarily are not relevant to income and expense transactions because those
assertions pertain to balances at the end of a period rather than transactions during a period.
Substantive Audit Procedures for Income and Expense Transactions
1701.6 The authors recommend the following approach for deciding the nature, timing, and extent of the substantive
procedures necessary to obtain sufficient appropriate audit evidence for relevant assertions related to income and expense
transactions:
a. Decide whether substantive audit procedures need to be applied to income statement accounts to obtain sufficient
appropriate audit evidence for relevant assertions related to balance sheet accounts.
b. Decide whether substantive audit procedures need to be applied to income statement accounts because of tax
return preparation responsibility.
c. Decide whether substantive audit procedures applied to balance sheet accounts, combined with any procedures
identified in items a. and b. provide sufficient appropriate audit evidence for relevant assertions related to income
statement accounts.
d. Select procedures to apply to income statement accounts that are determined to be necessary after consideration of
the preceding points.
1701.7 Balance Sheet Related Objectives. In some cases, applying audit procedures to income statement accounts may
be the most direct way of obtaining sufficient appropriate audit evidence for relevant assertions related to both the balance
sheet and the income statement. For example, in the construction industry, audit evidence for assertions related to contract
accounting (percentage-of-completion or completed contract) can usually be obtained only by applying audit procedures to
expense transactions. Also, some manufacturing companies have complex inventory costing procedures that require
application of procedures to expense transactions to price test inventory.
1701.8 Tax Return Preparation. If the auditor or firm has tax return preparation responsibility, some procedures may be
applied to income statement accounts such as payroll, travel and entertainment, and some other expenses. In that case,
transactions in those accounts may be vouched. However, it is important to coordinate this work with the tax staff.
1701.9 Relationship of Balance Sheet and Income Statement Accounts. The natural relationship between income
statement accounts and balance sheet accounts may allow auditors to conclude that they have obtained, completely or in
part, sufficient appropriate audit evidence for relevant assertions related to income statement accounts by application of
procedures directed to relevant assertions related to balance sheet accounts.
1701.10 Some income statement accounts that are traditionally tested in conjunction with substantive procedures applied to
obtain evidence for assertions related to balance sheet accounts are as follows:
a. Accounts ReceivableBad Debt Expense.
b. PropertyDepreciation or Depletion Expense.
c. Intangible AssetsAmortization Expense.
d. InvestmentsInvestment Income.
e. LiabilitiesInterest Expense.
f. Taxes Payable and Deferred TaxesProvision for Income Taxes.
1701.11 For many small businesses, the account relationships that require the most careful consideration, however, are the
following:
a. Accounts ReceivableSales, which is discussed further in Chapter 11.
b. Inventory and Accounts PayableCost of Sales, which is discussed further in Chapter 12.
The sales account, for example, naturally is the result of accumulating sales transactions during the period. However,
because of the relationship between balance sheet and income statement accounts, sales are equal to (a) ending accounts
receivable, (b) minus beginning accounts receivable, and (c) plus cash receipts on account. Thus, audit procedures applied
to assertions relevant to cash and receivables contribute substantially to obtaining audit evidence for assertions related to the
sales account.
1701.12 The essence of the substantive approach to auditing is, as the term designates, substantiating a financial statement
amount. Taking sales as a hypothetical case, if an auditor satisfactorily confirmed all receivables and tested all cash receipts
on account, sales would be substantiated 100% without ever examining a single sales transaction. Of course, 100%
examination is not necessary for substantiation, but the principle of substantiating the amount, and not necessarily its details,
holds true for net income and its components. After an auditor has obtained sufficient appropriate audit evidence to
substantiate beginning and ending balances in balance sheet accounts, net income has been substantiated.
1701.13 The key judgment to be made by the auditor is whether substantive audit procedures applied to the balance sheet
accounts for cash, receivables, inventory, and payables, combined with analytical tests of sales, cost of sales, and major
expense components, provide sufficient appropriate evidence related to those income statement components. That decision
depends on the audit evidence obtained through substantive procedures performed on balance sheet accounts and the
persuasiveness of the evidence provided by analytical tests. Assuming the auditors substantive audit procedures provide
sufficient appropriate audit evidence for relevant assertions related to balance sheet accounts, analytical procedures such as
the following will generally provide sufficient appropriate audit evidence for relevant assertions related to the income
statement accounts:
4(105)
Compare balances in expense and other income accounts with those of prior years and with budgeted amounts or
other expectations. Investigate any unusual or unexpected variations.
Based on the nature and significance of expense accounts and the risk assessment, consider performing the
following analytical procedures and investigate any unusual or unexpected variations:
a. Compare balances in expense accounts by month and with corresponding monthly balances in prior years.
b. Compute the ratios of balances in relevant individual expense accounts to totals such as manufacturing
expenses, selling expenses, and general and administrative expenses (as appropriate in light of the clients
circumstances and operations) and compare with prior year ratios.
c. Compute the percentage of selling, general, and administrative expenses to sales and compare with prior year
ratios.
d. Compute the ratio of payroll tax expense to total payroll and compare with prior year ratios.
Scan the accounting records, including nonstandard journal entries, and obtain an understanding of the business
rationale for any large and unusual transactions.
1701.14 For many expense accounts, analytical procedures may be limited to comparing amounts to prior periods, budgets,
etc. Other expense accounts, particularly payroll, are subject to effective predictive tests. When performing variance analysis,
auditors need to consider whether amounts from prior periods, budgets, etc., provide a reasonable expectation of current
year amounts. Documentation of analytical procedures is discussed beginning in paragraph 1702.4.
1701.15 Transaction Tests. Although many expense accounts can be adequately tested by analytical procedures, as
described beginning in paragraph 1701.13, some accounts will be subjected to transaction testing when obtaining audit
evidence for relevant assertions about balance sheet accounts or because of the auditors tax return preparation
responsibilities. The details of some expense accounts also may be tested because they are subject to unusual risks or are
considered sensitive for other reasons. For example, legal fees may be tested to identify legal counsel engaged by the
company so lawyers letters may be obtained. (See Chapter 18.) Some expenses, such as travel and entertainment, may be
tested if the auditor or CPA firm has responsibility for tax return preparation. Repairs and maintenance expenses may be
vouched if there is a risk of the client expensing items that should be capitalized. In addition, the auditor may perform tests of
details of selected expense accounts as a way of incorporating an element of unpredictability in the selection of audit
procedures. Accounts selected can be rotated from year to year.
1701.16 Consideration of Other Audit Evidence. As part of obtaining audit evidence for relevant assertions related to
income statement accounts, the auditor also cross-references work done in balance sheet areas to the related revenue and
expense accounts and, where relevant, ensures that the workpapers include the information needed for disclosures and that
such information has been subjected to appropriate audit procedures (e.g., disclosures related to property and equipment,
liabilities, leases, miscellaneous income and expense, and income taxes).
Unusual Items
1701.17 The auditor scans the accounting records for large and unusual items and considers the evidence obtained in the
other audit areas to make an overall evaluation of the presentation of the income statement. Usually, large, extraordinary,
unusual, or infrequent items are easily identified, and the primary difficulties concern the proper accounting treatment and
disclosure of those items. Auditors should consider the business purpose of significant unusual transactions. In reviewing for
large and unusual transactions, particular attention is given to nonstandard journal entries, especially those made at or near
the end of the reporting period, and post-closing adjustments. If contracts or agreements are examined to evaluate the
accounting for significant transactions, AU-C 230, Audit Documentation, requires auditors to include in the workpapers
abstracts or copies of those documents. Section 802 provides a more detailed discussion on audit documentation
requirements.
Investigating Significant Unexpected Differences
1701.18 The approach to auditing the income statement described in this chapter is generally both effective and efficient.
However, it relies heavily on analytical procedures, so a great deal of importance is attached to adequate investigation of any
significant unexpected differences that exist. There ought to be sound business reasons for significant differences, and
explanations ought to be reasonable in light of the auditors knowledge and understanding of the business and industry and
the audit evidence obtained by substantive tests of details. The auditor needs to use professional skepticism and ensure that
client explanations are not automatically accepted at face value. It is generally preferable to obtain corroborating evidence to
support the clients explanations where possible. Paragraph 505.58 discusses investigating significant unexplained
differences in more detail.
Individually Significant Items
1701.19 Because most major revenue and expense accounts are related to specific assets or liabilities, they can usually be
tested through analytical procedures. For example, occurrence assertions about most major revenue accounts are tested
indirectly through accounts receivable. It is usually not necessary to vouch individually significant transactions in income
statement accounts unless the auditor has decided to perform tests of details. However, the auditor may need to test large
miscellaneous income and expense items, such as gains on asset sales.
1701.20 Substantive Tests of Transactions Using Sampling. The authors recognize that specific circumstances may affect
the need to perform transaction testing. For example, contract accounting in the construction industry, and manufacturers
with complex inventory-costing procedures, have been cited as circumstances where it may be necessary to test expense or
payroll transactions. Also, if the client prefers to present expenses in detail in the income statement, the auditor may test the
classification of cash disbursements among expense accounts. Sometimes the auditor may test individually significant
transactions; other times a representative sample may be tested. Chapter 7 discusses a sampling approach that may be used
in substantive tests of transactions. When the auditor uses sampling for substantive tests of transactions, AU-C 230 requires
auditors to identify in the workpapers the items tested. Identifying the items tested is discussed further in paragraph 802.10.
Other Audit Considerations for Income and Expense
1701.21 The Extended Procedures (Procedures for Additional Assurance) section in the core audit program for income and
expense accounts presents additional procedures. Those extended procedures may be necessary due to (a) the auditors
assessment of risks related to specified income and expense accounts, (b) other information obtained or misstatements
detected by performing other audit procedures, or (c) the evaluation of whether procedures performed have provided
sufficient assurance.
1701.22 The Extended Procedures (Procedures for Additional Assurance) at ASB-AP-14 include the following procedures:
Vouching of cash disbursements and other income and expense accounts (see related discussions at paragraphs
1701.19 and 1701.20).
Tests of payroll expense and transactions.
Tests of repairs and maintenance transactions.
Additional procedures in response to risks of misappropriation of assets related to accounts payable and cash
disbursements (see related discussion in section 1706).
Additional procedures in response to risks of misappropriation of assets related to payroll (see related discussion in
section 1706).
1701.23 The Other Audit Procedures for Income and Expenses at ASB-AP-14 provide specific audit procedures relating to
less common circumstances. The program provides procedures for significant commission expenses.
1702.1 The following workpapers are frequently used to document audit procedures applied to the income statement:
a. A grouping schedule with a trial balance of income statement accounts and labeled subtotals for major components
of the statement.
b. Separate schedules for revenues and expenses tested by performing analytical procedures, documenting the
development of expectations, the data used, and the results of comparing expectations with actual results.
c. Account analyses showing the activity during the period in expense accounts subjected to vouching.
The workpaper content and the extent of the auditors documentation will generally not be influenced by whether the
workpapers are prepared in paper or electronic format. However, if the auditor uses electronic workpapers, any
client-prepared schedules and detail need to be obtained in electronic format, if possible, to reduce the extent of paper
documents that will be retained in the audit file or require scanning (electronic workpapers are discussed in section 807).
Expense Account Analyses
1702.2 It would be feasible to merely describe and summarize the vouching of expense transactions, as long as the auditors
documentation is sufficient to meet the requirements of AU-C 230. Those requirements are discussed further beginning in
Chapter 8. However, the reason for vouching particular expenses may also necessitate a detailed listing of the activity in the
account. For example, enumeration of individual travel and entertainment disbursements may be necessary for tax return
preparation.
Comparison Schedule
1702.3 Usually, it is desirable to have a carryforward schedule or a schedule for the permanent file of the year-to-year and
month-to-month amounts for certain revenue or expense accounts, when expectations for assertions about those accounts
are routinely developed based on relationships with prior periods.
Documentation of Analytical Procedures
1702.4 When a substantive analytical procedure is performed, AU-C 520, Analytical Procedures, requires the auditor to
document (a) the expectation and the factors considered in its development (unless readily determinable from the work
performed), (b) the results of the comparison between the expectation and recorded amounts, and (c) any additional
procedures performed in response to significant unexpected differences and the results of those procedures.
1702.5 Documentation of the expectation and the factors considered in its development is required if not apparent from the
work performed. When prior-year balances or budgeted amounts are used for comparative purposes, those amounts
implicitly represent the auditors expectation. In that case, if the workpapers include a comparative schedule showing the prior
year or budgeted amounts and indicating the source of those amounts (for example, prior year workpapers or 20X2 budget),
the authors believe the expectation is apparent and no additional documentation of the expectation is necessary. However,
auditors may want to include a brief comment about why they believe prior-year amounts provide a reasonable expectation
for identifying material misstatements. For an expectation developed based on the key factors affecting an account, such as
an expectation of compensation expense developed using information about number of employees and pay rates, auditors
need to document the factors used in developing the expectation and the source of information about those factors. The
results of comparing the expectation with recorded amounts may be documented by including a variance column on the
auditors comparative schedule or by documenting the comparison of the expected amount and the recorded amount on the
face of the auditors calculation.
1702.6 If any of the analytical procedures disclose significant differences, the differences may be explained on the relevant
schedule. However, if several differences are caused by the same factors, a summary memorandum may be prepared to
cover those differences. Also, it may be impractical to explain differences on the comparison schedule of expense accounts,
and a separate memorandum would be necessary. When explaining significant differences, the auditor should also document
any procedures performed in response to those differences (for example, procedures performed to corroborate
managements explanations) and the results of those procedures.
1703 COMMON OVERAUDITING AND UNDERAUDITING TENDENCIES
a. Unnecessary Analytical Procedures. Some auditors calculate profitability ratios, e.g., return on assets or equity, as
part of the audit of the income statement. In general, financial analysis ratios of this sort are useful for general
planning to obtain an understanding of the client, but are of limited use as substantive procedures.
b. Premature Explanation of Significant Differences. Some auditors attempt to explain significant differences in income
statement accounts before adjustments are recorded for the audit. This may be appropriate if very few adjustments
are typically prepared. However, some small companies require many adjustments before the audit is completed,
and significant differences ought to be explained only after known adjustments have been reflected in the
workpapers.
c. Excessive Substantive Tests of Expenses. Some auditors design extensive tests of disbursements and also use
extensive analytical procedures. The authors believe the auditor ought to concentrate on analytical procedures in
small business engagements and perform tests of transactions only in situations with higher assessed risks of
material misstatement or where the results of analytical procedures do not provide sufficient assurance. In any case,
heavy emphasis on both types of procedures generally results in duplication.
d. Excessive Payroll Testing Procedures. Some auditors design extensive tests of details of payroll transactions and
also use extensive analytical procedures. The authors believe auditors usually can design effective analytical tests of
payroll and, thus, minimize or eliminate detailed tests of payroll transactions. If a test of payroll transactions is
determined to be necessary based on the assessment of risks, the auditor ought to avoid examining all individual
items associated with the payroll transactions such as FICA calculations, etc. The key elements of the payroll
transaction need to be identified and recomputed for accuracy and propriety. Accuracy of the payroll amount and
appropriate classification are the two major elements that need to be supported by such a test.
e. Elaborate Documentation of Tests of Transactions. Some auditors provide elaborate tie-ins of tests of transactions in
various areas of revenue and expense. This documentation reflects all individual amounts necessary to tie the
selected items to the general ledger summary amounts. Such detailed documentation is not necessary and can be
adequately presented by memorandum or notation indicating the work performed and the disposition of exceptions,
if any.
1703.2 The following are typical underauditing or ineffective tendencies for income statement accounts:
a. Failure to Relate Amounts to Balance Sheet Areas. Some auditors fail to tie individual revenue or expense account
balances to related balance sheet work performed.
b. Accepting Inadequate Reasons for Significant Differences. Some auditors tend to accept the explanations of
management regarding significant unexpected differences. Such explanations cannot ordinarily be accepted without
supporting information from other reliable sources. Such sources may include evidence obtained in other audit
areas or information outside the business.
c. Failure to Develop Appropriate Expectations for Analytical Procedures. Some auditors tend to perform rote flux
analysis and fail to consider whether the basis for their analysis provides a reasonable expectation for identifying
material misstatements. For example, when comparing current year expenses with prior year amounts, the auditor
needs to have a basis for believing the prior year amount provides a reasonable expectation and that comparison
with that amount is likely to identify material misstatements that may exist.
1704 CASE STUDIES
Investment Income
1704.1 The investments held by the Squeeze Company are certificates of deposit that were rolled over many times during the
year. The total investment portfolio produced interest income of $41,500 for the period. How can the auditor efficiently test the
reasonableness of the interest income?
1704.2 Solution: A practical method to test interest income is to develop an expectation of the recorded interest income.
This could be done by determining the investment balances at each month end and using the average of these balances to
calculate the average monthly investment. The auditor would then develop the expectation by multiplying the average
investment by the estimated interest rate on the certificates of deposit determined by scanning certificates during the year or
knowledge of the investment interest rates used by the bank. For example:
Average of monthly investment balances $ 755,550
Approximate average interest rate of scanned certificates
5.6%
Expected interest income $ 42,310
Recorded interest income 41,500
Difference $ 810
The auditor would then need to evaluate whether the difference was a significant unexpected difference. In this example, the
auditor concludes, after considering materiality levels, that the results provide sufficient audit evidence regarding the relevant
assertions of occurrence, completeness, and accuracy which pertain to the recorded investment income.
Predictive Payroll Test
1704.3 The Digit Down Company owns five drilling rigs used to drill water wells. The company uses three-man crews on each
rig and uses a standard hourly pay rate for each of the three jobs on a rig. Payroll expense is 50% of total operating expenses
and will be tested to determine the reasonableness of the expense incurred. How would the auditor design a payroll test?
1704.4 Solution: The auditor could analytically test payroll by taking the following steps:
a. Determine the standard pay rate for each job on a particular rig from the payroll records.
b. Review payroll records or operating statistics to determine a reasonable estimate of the total hours the selected rig
operated during the year.
c. Calculate an estimate of the total payroll cost for that rig for the year. Multiply the result by five and compare the
result to the total rig labor expense.
d. Explain any significant difference from the predicted labor expense.
1705 AUDIT PROGRAM
1705.1 The core audit program at ASB-AP-14 presents basic, extended, and other substantive audit procedures for income
and expenses. Using the core audit program, the auditor chooses the procedures that will be adequate to obtain sufficient
audit evidence for the relevant assertions. The specified risk audit program at ASB-AP-14-S presents the substantive audit
procedures for income and expenses that are normally adequate to respond to a set of underlying risk assessments
(provided at the front of the audit program) considered typical of many smaller businesses. The use of PPCs audit programs
assertion level.
detection matters. Examples of common fraud schemes related to cash disbursements, payroll, and revenue recognition, and
procedures that may be performed in response to those schemes, are provided for both misappropriation of assets (Exhibit
17-1) and fraudulent financial reporting (Exhibit 17-2). For misappropriation of assets, Exhibit 17-1 also lists the symptoms
(also called red flags or indicators) auditors may observe that indicate the presence of a particular fraud scheme. For
fraudulent financial reporting schemes presented in Exhibit 17-2, symptoms generally relate to fraud risk factors, such as the
desire to minimize reported earnings for tax-motivated reasons. Those risk factors may provide an incentive or pressure to
manipulate the financial statements. (See the discussion of fraud risk factors beginning at paragraph 302.47.) (Section 1106
provides example procedures related to accounts receivable and section 1006 provides example procedures related to cash
receipts.)
Exhibit 17-1
Common Cash Disbursement and Payroll Fraud Schemes, Symptoms,
and Related Audit ResponsesMisappropriation of Assets
Audit Responses
a
Cash Disbursements:
Kickbacks. Higher than usual costs.
Lower quality goods or services.
Excess goods or services.
Vendor complaints.
Employee tips.
Improper or unauthorized
payment for goods or services.
unexplained fluctuation in
payables, expenses, or
disbursements.
Increase in purchases from
Vouch and trace documents.
Review contracts and bids.
Review personnel files.
Conduct interviews.
Analyze disbursement
records.
Prepare a list that groups
vendors by size and
calculate the dollar and
percentage change in
purchases for the period.
Audit Responses
a
favored vendors.
Unusual changes in behavior or
lifestyle of potential suspects.
False or inflated vendor invoices. Higher than usual costs.
Copies of supporting documents
instead of originals.
Unusual or unauthorized vendors
added to vendor list.
payments.
Unusual vendor names or
addresses.
Unusual endorsements on checks.
Vendors with alternate addresses.
disbursements.
Review vendor lists.
Vouch and trace documents.
Conduct interviews.
Excess purchasing schemes. Higher than usual costs.
disbursements.
Employee tips.
Unusual or unexpected increase in
days sales in inventory ratio.
Vouch and trace.
Review vendor lists.
Conduct interviews.
Duplicate payment schemes. Copies of supporting documents
instead of originals.
payments.
Improper cancellation of paid
vendor invoices.
Altered or modified vendor
invoices.
Duplicate payments.
Unusual or unexpected increase in
days sales in inventory ratio.
Vouch and trace.
Conduct interviews.
Use database software to
identify payments in the
same amount to the same
employee or vendor.
Theft of disbursement checks. Missing checks or checks out of
sequence.
Unusual payees.
Prepare an inventory of
unused checks.
Vouch and trace (include
review of canceled checks
Audit Responses
a
Altered checks.
Poor safeguards over unused
checks, or lack of segregation of
duties.
Unlimited access to checks or
check printing machines.
Stale checks on bank
reconciliations.
for proper signature).
Conduct interviews.
The general ledger software
may be able to print a report
listing all out of sequence or
missing check numbers.
Employees writing checks to
themselves.
Unusual payees (such as checks
written to cash, employees, or
unapproved vendors).
Complaints from vendors.
Missing canceled checks.
Altered canceled checks.
Disbursements with missing or
unusual supporting
documentation.
Discrepancies between payee on
checks and check registers.
review of canceled checks
and compare canceled
checks to disbursement
records).
Conduct interviews.
Contract and bidding fraud. Higher than usual costs.
Unusual bid specifications.
Unusual or unexpected bidding
patterns or activities.
Unusual or unexpected contract
award patterns.
Unusual or unexpected change
orders or contract changes.
Improper, unusual, unexpected, or
unauthorized goods or services
used by contractor.
Customer complaints about
receiving inferior products or
services.
Complaints from unsuccessful
bidders.
Not receiving goods or services
ordered.
Use software to list the total
amounts paid to vendors in
descending order.
Vouch and trace.
Conduct interviews with
employees or vendors (or
unsuccessful bidders).
Expense report fraud. Unusual or unexpected
fluctuations, patterns, or amounts
of travel and entertainment, or
employee expense accounts.
Vouch and trace.
Unauthorized use of company
credit card.
Unusual or unexpected charges
on credit card statement.
Review credit card
statements.
Audit Responses
a
Charges on credit card statement
without related receipt.
Payroll:
Ghost employees. Unusual or unexpected
fluctuations in payroll expense or
hours.
Checks to employees with minimal
or no personnel records.
Unexplained variances from
standard costs.
Review of personnel files.
Perform a social security
number review.
Verify employees existence.
Review payroll register.
Auditor distributes payroll
checks or observes their
distribution.
Overpayment schemes. Unusual or unexpected
fluctuations in payroll expense or
hours.
standard costs.
Vouch and trace.
Diverting wages or payroll taxes. Employee complaints about
improper pay or withholding
calculations.
Irregularities in gross pay or
withholding calculations.
Review payroll withholding
tax returns filed.
Theft of paychecks. Missing payroll checks.
Unusual endorsements on
canceled paychecks.
Review bank reconciliation.
Review payroll checks.
Vouch and trace.
distribution.
Employees writing extra payroll
checks to themselves.
Duplicate paychecks or entries on
payroll records.
Missing payroll checks.
Unusual behavior of potential
suspects (for example, changes in
lifestyle or not taking annual
vacations).
fluctuations in payroll expense.
Review bank reconciliation.
comparing authorized pay
rates to pay rates on payroll
register).
distribution.
Perform a physical inventory
of unused checks.
Diverting withholding. IRS notices about failure to make
timely deposits.
Late tax deposits.
Unusual endorsements on tax
deposits.
Vouch and trace.
Keeping former employees on the Unusual or unexpected Review personnel files
Audit Responses
a
payroll. fluctuations in payroll expense or
hours.
standard costs.
Unusual endorsements on
canceled paychecks.
Employee complaints about
excess compensation on W-2.
Vouch and trace.
distribution.
Note:
a
* * *
Exhibit 17-2
Common Revenue Recognition Fraud Schemes and Related
Audit ResponsesFraudulent Financial Reporting
Fraud Scheme
Audit Responses
a
Manipulation of shipping or billing to record false sales
or to improperly accelerate actual sales.
Obtain an understanding of revenue-related
procedures.
b
Recording sales in which the buyers obligation to pay
depends on an uncertain future event.
procedures.
transactions (including the existence of side
agreements) with third parties.
b
Recognizing sales in which there is a substantial
continuing involvement by the seller.
procedures.
b
Fraud Scheme
Audit Responses
a
Recording sales in which there is a lack of economic
substance (sham transactions).
b
Identify and gain an understanding of large,
unusual, or complex transactions (particularly
those that are individually material or that occur
late in the period).
Consider the business purpose of the transaction
from the sellers and buyers perspectives.
Consider whether parties to the transaction may
have an undisclosed relationship to the company
or its management.
procedures.
Review the nature and extent of business
transacted with major customers, suppliers,
borrowers, lender, or guarantors to consider
whether any of them are related parties.
Identify and investigate all material cash outflows
as possible sources of funds for the buyers
payment of all or a portion of the sales price.
Manipulation of percentage-of-completion or
proportion of service.
procedures.
b
Examine contracts and related documents.
Test percentage-of-completion.
Notes:
a
b
* * *
CHAPTER 18: CONCLUDING THE AUDIT
1800.1 In addition to the audit procedures for specific financial statement components, e.g., cash, accounts receivable, etc.,
some other procedures are necessary that are more general in nature. The general procedures discussed in this chapter are
as follows:
a. Procedures to search for commitments and contingencies, including obtaining lawyers letters.
b. Obtaining written representations from management in a management representation letter.
c. Procedures to search for subsequent events that occur after the balance sheet date, but that should be adjusted for
or disclosed in the financial statements.
d. Procedures to identify and evaluate the disclosure of related party transactions. (As explained in section 1806, some
of these procedures are applied earlier in the engagement.)
e. Evaluation of whether there is a substantial doubt about the entitys ability to continue as a going concern.
f. Procedures to identify and evaluate the measurement and disclosure of risks and uncertainties, estimates, and fair
value.
1800.2 After applying audit procedures to specific financial statement components and completing the general procedures
described above, an auditor should summarize and evaluate the overall results of audit procedures, reach a conclusion on
the form of opinion on financial statements, and communicate that opinion and other significant matters in written and oral
reports. The auditor is also subject to certain requirements for workpaper finalization and retention. In addition, if the auditor
discovers certain matters subsequent to the date of the report, professional standards outline certain procedures that should
be performed. These audit requirements are also discussed in this chapter, particularly as they relate to an audit of a
nonpublic company.
1800.3 The authoritative pronouncements that establish requirements, or that provide suggestions that most directly affect
the general procedures, include the following:
a. AU-C 501, Audit EvidenceSpecific Considerations for Selected Items identifies the procedures to search for
contingencies and establishes requirements for obtaining information from a clients lawyers. [Formerly SAS No. 12
(AU 337)]
b. AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,
provides guidance and establishes standards on auditing accounting estimates, including fair value accounting
estimates and disclosures contained in financial statements. [Formerly SAS No. 57 (AU 342) and SAS No. 101 (AU
328)]
c. AU-C 550, Related Parties, addresses the auditors responsibilities relating to related party relationships and
transactions. [Formerly SAS No. 45 (AU 334)]
d. AU-C 560, Subsequent Events and Subsequently Discovered Facts, describes the audit procedures that should be
used to identify subsequent events that have a material effect on the financial statements. The accounting guidance
for the financial statements of nongovernmental entities is contained in FASB ASC 855, Subsequent Events.
e. AU-C 570, The Auditors Consideration of an Entitys Ability to Continue as a Going Concern,
1(106)
gives guidance
on the auditors responsibility to evaluate whether there is substantial doubt about the entitys ability to continue as a
going concern for a reasonable period of time. [Formerly SAS No. 59 (AU 341)]
f. AU-C 580, Written Representations, requires that the auditor obtain certain representations from management.
1800.4 The authoritative pronouncements that establish requirements or that provide suggestions that most directly affect the
aspects of concluding the audit described in paragraph 1800.2 are as follows:
a. Review, summarization, and evaluation:
(1) AU-C 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing
Standards, provides requirements and application and other explanatory material to the auditor and
engagement partner as they relate to each element of quality control during the performance of an audit of
financial statements. [Formerly SAS No. 25 (AU 161)]
(2) AU-C 230, Audit Documentation, requires the auditor to document significant findings or issues, the actions
taken to address them (and the evidence obtained), and the basis for the auditors conclusions. In addition,
AU-C 230 establishes requirements for documenting the auditors review and finalizing and retaining audit
workpapers. [Formerly SAS No. 103 (AU 339)]
(3) AU-C 240, Consideration of Fraud in a Financial Statement Audit, requires the auditor to identify and assess
risks of material misstatement due to fraud. In addition, AU-C 240 includes requirements for the evaluation of
audit findings for indication of possible fraud and for communications with client management. [Formerly SAS
No. 99 (AU 316)]
(4) AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements, addresses the auditors
responsibility to consider laws and regulations in an audit of financial statements. [Formerly SAS No. 54 (AU
317)]
(5) AU-C 300, Planning an Audit, establishes broad requirements for review of the work of assistants. [Formerly
SAS No. 108 (AU 311)]
(6) AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence
Obtained, requires the auditor to evaluate the sufficiency and appropriateness of audit evidence obtained.
(7) AU-C 450, Evaluation of Misstatements Identified During the Audit, establishes requirements for the evaluation
and communication of audit findings, including the analysis and aggregation of misstatements and
documentation of the auditors conclusion. [Formerly SAS No. 107 (AU 312)]
(8) AU-C 520, Analytical Procedures, requires the use of analytical procedures in the review stage of all audits.
[Formerly No. 56 (AU 329)]
b. Required communications:
(1) AU-C 260, The Auditors Communication with Those Charged with Governance, requires communication of
certain matters to those charged with governance in an audit of financial statements. [Formerly SAS No. 114
(AU 380)]
(2) AU-C 265, Communicating Internal Control Related Matters Identified in an Audit, requires written
communication of significant deficiencies and material weaknesses to management and those charged with
governance. [Formerly SAS No. 115 (AU 325)]
c. Audit reports:
(1) AU-C 700, Forming an Opinion and Reporting on Financial Statements, specifies the auditors responsibility to
form an opinion on the financial statements and the content of the auditors reports. [Formerly SAS No. 58 (AU
508)]
d. Workpaper finalization and retention:
(1) AU-C 230, Audit Documentation, sets forth requirements on the time frame for the final assembly and
completion of the audit file, as well as guidance on the retention of workpapers. [Formerly SAS No. 103 (AU
339)]
e. Subsequent discovery of matters after the date of the auditors report:
(1) AU-C 560, Subsequent Events and Subsequently Discovered Facts, provides guidance when auditors
subsequently become aware of facts that existed at the date of the report that might have caused them to
believe information supplied by the entity was incorrect. [Formerly SAS No. 1 (AU 561)]
(2) AU-C 585, Consideration of Omitted Procedures After the Report Release Date, Consideration of Omitted
Procedures After the Report Date, addresses situations when auditors determine subsequent to the date of the
report that certain necessary audit procedures were omitted from the audit. [Formerly SAS No. 46 (AU 390)]
1800.5 Authoritative pronouncements that affect general procedures are explained in sections 18011809. Authoritative
pronouncements that address the aspects of concluding the audit are explained in sections 18101819.
Clarified Auditing Standards
1800.6 In general, the authoritative literature listed in this section and discussed in this chapter is the clarified auditing
standards. As discussed in section 101, the clarified auditing standards are discussed in this Guide unless they contradict the
pre-clarified auditing standards. In that case, the authors have included a discussion of both the pre-clarified and clarified
auditing standards. For example, in this chapter, section 1813 includes a discussion of both AU 508 and AU-C 700 since the
clarified authoritative standards on auditors reports include significant changes.
Limited Guidance on Reporting
1800.7 Audit reporting guidance is complex and extensive, and detailed coverage of the subject is beyond the scope of this
Guide. However, a companion publication to this GuidePPCs Guide to Auditors Reportscovers reporting in detail. It
gathers the audit reporting guidance found in many locations, presents it in a concise format of how to advice, and illustrates
over 275 audit reports. The authors recommend use of this companion guide for audit reporting matters.
1801 COMMITMENTS AND CONTINGENCIES
1801.1 Commitments and contingencies are uncompleted transactions or uncertainties that should be disclosed (and
sometimes their amounts accrued) because of their effect on current financial position or future operating results.
Commitments are contractual obligations for a future expenditure. Contingencies are existing conditions that create a current
obligation that needs to be accrued or that might create an obligation in the future that needs to be disclosed in the financial
statements. Contingencies arise from past transactions or events. Contingencies include both contingent assets and
contingent liabilities, but the primary accounting and auditing focus is on contingent liabilities because contingent assets are
not recognized until realized. From an auditors perspective, the primary objectives are determining whether all significant
commitments and contingencies have been identified (completeness), assessing their financial effect (valuation), and
evaluating presentation and disclosure (completeness, understandability, and valuation).
1801.2 Commitments are usually long-term contractual obligations with suppliers or customers for future purchases or sales
at specified prices and sometimes at specified levels. The terms of commitments should be disclosed and provision should
be made for any material losses expected to be sustained. FASB ASC 440, Commitments requires disclosure of commitments
under unconditional purchase obligations that are associated with suppliers financing, whether recognized in the balance
sheet or not. [FASB ASC 440 also requires disclosure of maturities of long-term debt. See section 1500.]
1801.3 Under FASB ASC 450, Contingencies, the proper accounting treatment of contingencies depends on the likelihood
[probable, reasonably possible, or remote (see paragraph 1808.16)] that the future event will confirm that a gain or loss has
occurred, and on the ability to make a reasonable estimate of the outcome.
a. Accrual of loss contingencies is required if both of the following conditions are met:
(1) Information available prior to financial statement issuance indicates that it is probable that an asset had been
impaired or a liability incurred at the date of the financial statements.
(2) The amount of the loss is reasonably estimable.
b. If no accrual is made for a loss contingency because one or both of the above conditions are not met and yet there
is a reasonable possibility that a loss may have been incurred, certain disclosures are necessary:
(1) Nature of the contingency.
(2) An estimate of the loss or range of the loss or a statement that an estimate cannot be made. In certain
circumstances, information may become available prior to the issuance of financial statements, indicating that
an asset was impaired or a liability incurred after the date of the financial statements or indicating that there is a
reasonable possibility of that situation. In such cases, accrual is not appropriate; however, disclosure may be
necessary. Disclosure may include pro forma supplemental financial data.
(3) Disclosure of unasserted claims is not necessary unless an underlying event has occurred indicating a potential
loss or liability and:
(a) It is probable that a claim will be asserted, and
(b) It is reasonably possible that the outcome would be unfavorable if the claim were asserted.
c. Accounting treatment for gain contingencies:
(1) Contingencies that might result in gains usually are not reflected in the accounts, because to do so might
recognize revenue prior to its realization.
(2) Adequate disclosure should be made of contingencies that might result in gains, but care should be exercised
to avoid misleading implications as to the likelihood of realization.
1801.4 FASB ASC 460, Guarantees clarifies the application of FASB ASC 450 to guarantees, and provides measurement and
disclosure guidance for guarantees. (FASB ASC 460 includes characteristic-based guidance for determining which guarantee
contracts are subject to its provisions.) According to the guidance, a guarantor is required to recognize a liability for the fair
value of a guarantee at inception because the guarantors obligation to stand ready to perform under a guarantee is
noncontingent.
Audit Procedures
1801.5 Initially, an auditors objective is to determine whether all significant contingencies and commitments have been
identified. Naturally, there is greater difficulty in discovering transactions or events that may be unrecorded than in
substantiating recorded information. Once an auditor has identified commitments and contingencies, evaluation of valuation
and disclosure can usually be accomplished. The auditor may be aware of possible commitments or contingencies from
knowledge of the entitys business and operating characteristics and the industry in which it operates. Some contingencies or
commitments may be discovered as a result of audit procedures applied for specific financial statement components. For
example, an income tax dispute may be identified in the audit of income tax expense; commitments to purchase raw materials
may be identified in applying audit procedures to inventory; environmental hazards may be identified during impairment
testing for property.
1801.6 Other audit procedures that are often used to search for contingencies and commitments include:
a. Inquiring of management about the possibility of unrecorded contingencies or commitments. (These inquiries and
responses are documented in the management representation letter explained in section 1804. See also paragraph
1805.12 for inquiries related to commitments and contingencies performed during the subsequent events review.)
b. Reading minutes of directors or stockholders meetings.
c. Reading contracts, loan agreements, leases, and similar documents.
d. Reviewing legal expenses and invoices and correspondence from lawyers.
e. Reviewing communications from relevant local, state, and federal agencies such as the Environmental Protection
Agency. (Special auditing issues relating to environmental liabilities are discussed in section 1802.)
1801.7 Some contingencies and commitments stem from financing transactions or arrangements with financial institutions,
e.g., oral and written guarantees, letters of indemnity, endorsements, and open letters of credit. After identifying such matters
and gaining an understanding of them, the auditor can consider confirming the details with the appropriate party at the
financial institution responsible for the clients account. ASB-CL-10.7 presents a sample letter for confirming contingent
liabilities with a financial institution.
1801.8 Litigation, claims, and assessments are often the cause of significant contingencies. An auditors search for those
contingencies is accomplished by a related set of inquiries and communications involving the clients management and
lawyers. According to AU-C 501.18, auditors should seek direct communication with the entitys external legal counsel
through a letter of inquiry prepared by management and sent by the auditor, which requests the entitys legal counsel to
communicate directly with the auditor. Such communication is also required from in-house legal counsel when the entitys
in-house legal counsel has responsibility for the entitys litigation, claims, and assessments. This subject is discussed in
section 1803.
1801.9 As discussed in paragraph 1801.4, a guarantor is required to recognize a liability for the fair value of a guarantee at
inception. Auditors consider the existence of guarantees and whether the guarantors obligation to stand ready under the
guarantee has been given appropriate recognition in the financial statements. Because the obligation to stand ready is
recorded at fair value, the guidance in AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates,
and Related Disclosures, applies. Fair value measurements and disclosures are discussed beginning at paragraph 1809.39.
1802 ENVIRONMENTAL REMEDIATION LIABILITIES
1802.1 Environmental remediation liabilities are a specific type of contingent liability that presents an auditing challenge for
many firms. This area is challenging because of the number of applicable state and federal laws, the number of industries
affected, and the possibility that many years may elapse between the contamination event and identification of the liability.
Guidance on accounting for environmental remediation liabilities is provided by FASB ASC 410, Asset Retirement and
Environmental Obligations. PPCs Guide to Preparing Financial Statements, in section 310, provides an in-depth discussion of
environmental laws and accounting for environmental remediation liabilities.
1802.2 As discussed in more detail in paragraph 1801.3, FASB ASC 450, Contingencies requires that a loss contingency be
recorded if it is probable that a liability has been incurred at the date of the financial statements and the amount of the loss is
estimable. Due to the number of steps involved in an environmental remediation and the time period covered, it may be
difficult for an entity to estimate its liability. When attempting to reasonably estimate the loss, FASB ASC 450-20 should be
applied. The guidance makes it clear that if no single loss amount can be estimated, a range of loss should be used. If a
number within the range is considered a best estimate, that amount should be accrued. Otherwise, the minimum amount in
the range should be accrued.
1802.3 Some auditors believe that the strict liability provisions of federal Superfund Laws make it probable that an entity has
incurred a liability if it is associated with a site for which a claim or assessment has been asserted (or is probable of assertion).
The authors believe that an auditor will evaluate each case based on the sites individual facts and circumstances. However, if
a client has been notified that it is a potentially responsible party (PRP) for a site, any conclusion that the entitys risk of loss is
other than probable ought to be carefully considered and documented.
Audit Procedures
1802.4 To identify instances of noncompliance with laws and regulations (such as environmental regulations) that may have
a material effect on the financial statements, in accordance with AU-C 250.14, auditors should (a) inquire of management and,
when appropriate, those charged with governance about whether the entity is in compliance with such laws and regulations,
and (b) inspect correspondence, if any, with the appropriate licensing or regulatory authorities. The extent of other
procedures performed for environmental liabilities depends on the companys potential to incur such liabilities. Questions
auditors may ask to evaluate a companys potential for environmental remediation liabilities are included in Exhibit 18-1. If
there is an increased risk that the company has environmental remediation liabilities, auditing procedures generally are the
same procedures applied for other contingent liabilities (that is, reading the minutes of directors or stockholders meetings,
making inquiries of the clients attorney, and making inquiries of the client). However, due to the nature of the liability, some
auditors expand their inquiries to include managers in production areas. Some of the inquiries auditors may make of
management when an increased risk is identified include whether they have:
Considered environmental matters that may materially affect the financial statements.
Established effective policies and procedures to assess and record information on environmental matters.
Been notified that the entity has been designated as a PRP or otherwise has an increased risk of exposure to
environmental liabilities.
Exhibit 18-1
Questions for Identifying an Increased Risk of Environmental Liabilities
Is the entity in an industry at a higher risk for environmental liabilities (for example, real estate, mining, health
care, dry cleaners, gas stations, farming, etc.)?
Is there any indication the entity has violated environmental laws? (Complying with the law in force at the
time a toxic substance is disposed of normally does not free the entity from its liabilities for cleaning up the
site, but any penalties may be reduced.)
Does the entity use or generate regulated substances in its business?
Is the entity required to have a permit to transport, store, treat, or dispose of hazardous wastes?
Has the entity ever used landfills, underground storage tanks or barrels that contain hazardous substances?
Are there any pending civil or criminal investigations related to environmental issues?
Have regulatory authorities or environmental consultants issued any reports on property the entity is
associated with, such as site assessments or impact studies?
Are there any requirements for site clean-up of any property abandoned, purchased, or closed during the
period? Any intentions for future removal and site restoration?
Has the entity retained any environmental remediation liabilities for any sites it has sold?
* * *
1802.5 Auditors frequently obtain information about potential environmental liabilities through the attorneys letter. If the entity
has been notified that a potential liability exists for a site with which it is or has been associated, the auditor would normally
probe through additional inquiry and analysis an assertion by the entitys attorney that the risk of loss is other than probable.
1802.6 Auditing the Estimated Liability. If a client has been designated a PRP or has an increased risk of exposure,
auditors obtain an understanding of the method used to estimate the liability. Section 1809 provides guidance on auditing
accounting estimates. If the client uses an attorney, engineer, or other specialist to make the estimate, the guidance on use of
a specialist should be followed, as discussed in section 906.
1802.7 In addition to the general information discussed beginning at paragraph 1809.6, auditors may also consider
information such as the following when assessing the adequacy of the clients estimate for environmental remediation
liabilities:
The clients previous cleanup experience, if any.
The cleanup experiences of other companies in similar circumstances.
Data released by the EPA or other organizations.
1802.8 Auditing Potential Recoveries. The client may be able to file a claim for recovery of its remediation costs from
insurers, nonparticipating PRPs, prior property owners, and governmental or third-party funds. Potential recoveries are be
evaluated separately from the related liability. To assess whether recovery of a potential claim is probable, auditors generally
need to confirm recoverable amounts directly with the insurer, nonparticipating PRPs, or any specialized legal counsel that is
involved. In addition, auditors will generally need to obtain evidence about the collectibility of receivables from these parties.
Auditors generally will also need to make inquiries of the clients legal counsel. Unless there is a legal right of offset, potential
recoveries are not netted against potential liabilities.
1803 LITIGATION, CLAIMS, AND ASSESSMENT
Introduction and Authoritative Literature
1803.1 AU-C 501, Audit EvidenceSpecific Considerations for Selected Items, among other topics, addresses the
procedures that auditors should follow for identifying an entitys litigation, claims, and assessments that may result in a risk of
material misstatement. The authoritative guidance related to litigation, claims, and assessments is found in paragraphs AU-C
501.03; AU-C 501.16.24; and AU-C 501.A39.A65. Additionally, AU-C 501.A69 provides an illustrative audit inquiry letter to
legal counsel.
1803.2 In 1975, the AICPA and the American Bar Association reached an accommodation in regards to the information
auditors would expect legal counsel to provide. Before that, there was a growing reluctance on the part of lawyers to disclose
privileged information, e.g., unasserted claims, and to predict the success of their own efforts in handling litigation. The
accommodation reached hinges primarily on differing treatments for pending or threatened litigation versus unasserted
claims.
1803.3 The following paragraphs summarize the objectives and requirements for litigation, claims, and assessments under
the clarified standard AU-C 501, Audit EvidenceSpecific Considerations for Selected Items.
1803.4 The clarified standard requires the auditor to seek direct communication with the entitys legal counsel unless the
procedures performed to identify litigation, claims, and assessments do not indicate any actual or potential litigation, claims,
or assessments that may give rise to a risk of material misstatement. In a small business engagement, the entity generally
engages outside legal counsel for all litigation, claims, and assessments. However, communication is also required from
in-house legal counsel (if any) when the entitys in-house legal counsel has responsibility for the entitys litigation, claims, and
assessments. In such circumstances, in-house legal counsel may be in the best position to know and describe the status of
litigation, claims, and assessments or to corroborate the information provided by management. In the situation where the
auditor does not seek direct communication with the entitys legal counsel, the auditor should document the basis for that
decision.
1803.5 The objective of the auditor is to obtain sufficient appropriate audit evidence about the completeness of litigation,
claims, and assessments involving the entity. The requirements that should be followed to achieve that objective are
summarized in Exhibit 18-2. Additionally, see the discussion beginning at paragraph 1801.5, which explains how the
procedures discussed in this section are part of the requirements related to commitments and contingencies.
Exhibit 18-2
Requirements for Litigation, Claims, and Assessments
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Design and perform audit procedures to identify litigation, claims,
and assessments involving the entity that may give rise to risks of
material misstatement, including the following:
Inquiring of management and, when applicable, others within
the entity, including in-house legal counsel.
Obtaining from management a description and evaluation of
litigation, claims, and assessments that existed at the date of
the financial statements and during the period from the date of
the financial statements to the date the information is furnished,
including an identification of matters referred to legal counsel.
Reviewing minutes of meetings of those charged with
governance; documents obtained from management
concerning litigation, claims, and assessments; and
correspondence between the entity and its external legal
counsel.
Reviewing legal expense accounts and invoices from external
legal counsel.
ASB-AP-2
For actual or potential litigation, claims, and assessments identified
based on the immediately preceding audit procedures, obtain audit
evidence relevant to the following:
The period in which the reason for the legal action occurred.
The probability of an unfavorable outcome.
The amount or range of potential loss.
AU-C 501.17 ASB-CL-2.1
ASB-CL-2.2
Unless the preceding audit procedures indicate that no actual or
potential litigation, claims, or assessments that may give rise to risks
of material misstatement exist, seek direct communication with the
entitys external legal counsel through a letter of inquiry prepared by
management and sent by the auditor requesting the external legal
counsel to communicate directly with the auditor.
a
AU-C 501.18 ASB-CL-2.1
ASB-CL-2.2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
In addition to direct communications with the entitys external legal
counsel, in cases when the entitys in-house legal counsel has
responsibility for the entitys litigation, claims, and assessments,
seek direct communication with the entitys in-house legal counsel
through a letter of inquiry similar to the letter sent to external legal
counsel.
AU-C 501.19 ASB-CL-2.1
ASB-CL-2.2
Document the basis for any determination not to seek direct
communication with the entitys legal counsel.
a
Request management to authorize the entitys legal counsel to
discuss matters with the auditor.
AU-C 501.21 ASB-CL-2.1
ASB-CL-2.2
Request in the letters of inquiry that the entitys legal counsel inform
the auditor of any litigation, claims, assessments, and unasserted
claims of which the counsel is aware, together with an assessment
of the outcome of the litigation, claims, and assessments, and an
estimate of the financial implications, including costs involved.
Include the following in each letter:
AU-C 501.22 ASB-CL-2.1
ASB-CL-2.2
Identification of the entity, including subsidiaries, and the audit
date.
A list prepared by management (or a request by management
that the legal counsel prepare a list) that describes and
evaluates pending or threatened litigation, claims, and
assessments about which the legal counsel has been engaged
and to which they have devoted substantive attention in the
form of legal consultation or representation.
A list prepared by management that describes and evaluates
unasserted claims and assessments that management
considers probable of assertion and that, if asserted, would
have at least a reasonable possibility of an unfavorable
outcome about which the legal counsel has been engaged and
to which they have devoted substantive attention in the form of
legal consultation or representation.
For items of pending or threatened litigation, claims, and
assessments, a request that the legal counsel either provide
the following information or comment on matters where the
legal counsels views differ from those stated by management:
A description of the nature of the matter, the progress of the
case to date, and the action that the entity intends to take (for
example, to contest the matter vigorously or to seek an
out-of-court settlement).
An evaluation of the likelihood of an unfavorable outcome and
an estimate, if practicable, of the amount or range of potential
loss.
An identification of the omission of any pending or threatened
litigation, claims, and assessments or a statement that the list
of such matters is complete.
For unasserted claims and assessments, a request that the
legal counsel comment on matters where the legal counsels
views concerning the description or evaluation of the matter
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
differs from those stated by management.
A statement that management understands that, whenever in
the course of performing legal services for the entity with
respect to a matter recognized to involve an unasserted
possible claim or assessment that may call for financial
statement disclosure, the legal counsel has formed a
professional conclusion that the entity should disclose or
consider disclosure of such possible claim or assessment, the
legal counsel, as a matter of professional responsibility to the
entity, will so advise the entity and will consult with the entity
concerning such disclosure and the requirements of GAAP.
A request that the legal counsel confirm whether the
understanding described in the immediately preceding item is
correct.
A request that the legal counsel specifically identify the nature
of, and reasons for, any limitation on the response.
A request that the legal counsel specify the effective date of the
response.
When the auditor is aware that an entity has changed legal counsel
or that the previously engaged legal counsel has resigned, consider
making inquiries of management or others about the reasons the
legal counsel is no longer associated with the entity.
Modify the auditors opinion in accordance with AU-C 705 if
the entitys legal counsel refuses to respond appropriately to
the letter of inquiry and the auditor is unable to obtain sufficient
appropriate audit evidence by performing alternative
procedures, or
management refuses to give the auditor permission to
communicate or meet with the entitys external legal counsel.
Note:
a
For periods ending before December 15, 2012, auditors should send a lawyers letter to corroborate information
obtained from management about litigation, claims, and assessments under AU 337 unless the client has not consulted
a lawyer about such matters. However, for periods ending after December 15, 2012, AU-C 501 amends that requirement
in AU 337 to make it a risk-based decision.
* * *
Litigation
1803.6 The information that should be obtained on pending or threatened litigation is as follows:
a. The nature of the litigation.
b. The progress of the case to date.
c. How management is responding or intends to respond to the litigation. (For example, to contest the case or to seek
an out-of-court settlement.)
d. An evaluation of the likelihood of an unfavorable outcome and an estimate, if one can be made, of the amount or
range of potential loss.
e. A statement that the list of matters is complete or an identification of the omission of any pending or threatened
litigation, claims, and assessments.
This information needs to be obtained for each individual case for which legal counsel has devoted substantive legal
consultation or representation on behalf of the entity. A collective evaluation is not sufficient except for litigation that the lawyer
handling the litigation has evaluated in the aggregate in accordance with materiality limits specified by the auditor as
discussed in paragraph 1803.7.
1803.7 There are two approaches to obtaining this information:
a. List Prepared by Clients Lawyer (Short-form). This approach asks the lawyer to prepare the information rather than
comment on managements list. Actually, the ABA has expressed a preference for this approach and, as a practical
matter, a client-prepared list is prepared with the lawyers advice. A drafting example of an audit inquiry letter using
this approach is presented at ASB-CL-2.1. This approach is usually best suited to a small business engagement.
b. List Prepared By Client Management (Long Form). This approach asks the lawyer to comment on the completeness
of information prepared by the client on the details of each case listed as pending or threatened litigation. This
approach is reproduced at ASB-CL-2.2.
Both letters include a specified materiality limit. Generally, this is preferable. If a lawyer responds using a materiality level that
is too large for the auditors purposes, a follow-up inquiry would be necessary. The materiality amount used is generally some
fraction of performance materiality. The specific amount used is a matter of auditor judgment based on knowledge of the
client and other factors.
Unasserted Claims and Assessments
1803.8 The approach to unasserted claims is indirect. Lawyers will not furnish an auditor with information on unasserted
claims and assessments because of concern about preserving the attorney-client privilege, nor will they confirm the
completeness of information furnished by management. Assurance is obtained indirectly by the following process:
a. The lawyer is asked to confirm that whenever the lawyer is aware of an unasserted claim requiring disclosure
according to FASB ASC 450, the lawyer will advise the client.
b. Management is asked to represent to the auditor that management has informed the auditor of any claims the
lawyer has advised are required to be disclosed. (Usually this representation is obtained in a management
representation letter. See section 1804.)
c. The auditor informs the lawyer of managements representation on unasserted claims. (Usually, this is covered in
the inquiry letter to the lawyer, and normally, especially in a small business engagement, the representation is that
there are no unasserted claims.)
Presumably, the lawyer would recognize a professional duty to resign if management fails to disclose to the auditor a matter
that the lawyer believes will give rise to material claims or assessments if asserted. ASB-CL-2.1, under the heading
unasserted claims and assessments, includes the typical information on managements representation and a request that
the lawyer confirm professional responsibility to the client to advise on required disclosure.
Client Has Not Consulted a Lawyer
1803.9 In some small business engagements, the client has had no need to consult a lawyer about pending or threatened
litigation or claims. (However, the client may have consulted a lawyer for other reasons, such as matters related to collection
of receivables, drafting of contracts, etc.) As long as the entity has no material litigation, claims, or assessments, it is generally
not necessary to request a legal representation letter from the clients attorney. An auditor can rely on other audit procedures,
as described beginning in paragraph 1801.5, to disclose the existence of contingencies, including litigation, claims, and
assessments. If an auditors other procedures do not identify the existence of material claims or assessments, nor indicate
that a lawyer was consulted regarding such matters, no additional procedures are necessary. However, the authors
recommend that the written representation obtained from management as it relates to litigation, claims, and assessments be
modified as follows:
We are not aware of any pending or threatened litigation, claims, or assessments or unasserted claims or
assessments that are required to be accrued or disclosed in the financial statements in accordance with
GAAP, and we have not consulted a lawyer concerning litigation, claims, or assessments.
This representation would take the place of those representations ordinarily obtained about litigation, claims, and
assessments. (See section 1804.)
1803.10 In some situations, if the auditor believes that actual or potential material litigation, claims, or assessments possibly
exist, but the entity has not engaged external legal counsel relating to such matters, the auditor may discuss with the client
the need to consult legal counsel to appropriately determine the effect to the entitys financial statements. If the auditor
believes the matter may be significant, refusal by management to consult legal counsel may result in a scope limitation
sufficient enough to preclude an unmodified (unqualified) opinion.
Evaluation of Lawyers Responses
1803.11 When the short-form inquiry presented in ASB-CL-2.1 is used, the auditor should make sure that the attorneys
response is complete, i.e., that for each case or asserted claim or assessment the attorney identifies, all five items of
information in paragraph 1803.6 are addressed. The response should be addressed to the auditor and cover matters existing
at year end and through the date of the auditors report. In addition, when material litigation or claims are identified, an auditor
needs to consider the lawyers assessment of the probability of an unfavorable outcome. The need to accrue or disclose a
loss contingency is affected by the likelihood of an unfavorable outcome.
1803.12 According to the ABA Statement of Policy on lawyers letters (reprinted as EXHIBIT A to AU-C 501), a lawyer may
indicate whether an outcome is probable or remote, if that determination can be made. However, the lawyer is not required to
use those terms, and an auditor needs to carefully evaluate the wording used.
1803.13 Exhibit 18-3 presents examples of the wording of responses and indicates those that are the equivalent of an
assessment that the likelihood of an unfavorable outcome is remote and those that are unclear. The exhibit is adapted from
AU-C 501.A65.
Exhibit 18-3
Examples of Lawyers Responses
1.Responses That Clearly Indicate an Unfavorable Outcome Is Remote:
a.We are of the opinion that this action will not result in any liability to the company.
b.We believe that the plaintiffs case against the company is without merit.
c.We believe the company will be able to defend this action successfully.
d.Based on the facts known to us, after a full investigation, it is our opinion that no liability will be established
against the company in these suits.
e.It is our opinion that the possible liability to the company in this proceeding is nominal in amount.
2.Responses That Are Unclear on Likelihood of Outcome:
a.This action involves unique characteristics wherein authoritative legal precedents do not seem to exist. We
believe that the plaintiff will have serious problems establishing the companys liability under the act;
nevertheless, if the plaintiff is successful, the award may be substantial.
b.We believe the action can be settled for less than the damages claimed.
c.We are unable to express an opinion as to the merits of the litigation at this time. The company believes there is
absolutely no merit to the litigation.
d.In our opinion, the company has a substantial chance of prevailing in this action.
e.It is our opinion that the company will be able to assert meritorious defenses to this action.
* * *
1803.14 The examples that are unclear talk around the point without taking a solid position. For example, terms like
substantial chance and reasonable opportunity indicate more uncertainty than an opinion that the company will prevail. The
term meritorious defenses means only that the defenses will not be summarily dismissed by the court. The practical
considerations to the drafting forms at ASB-CL-2.1 and ASB-CL-2.2 include alternative wording that may be used if the auditor
has trouble obtaining clear responses from attorneys. The alternative wording provides additional guidance to the attorney as
to exactly what type of information is needed.
1803.15 In some instances, the attorney may limit his or her response in ways other than that specified by the original
request. For example, instead of limiting the response based on a specified materiality limit (as discussed in paragraph
1803.7), the attorney may limit the response to cases in which six or more hours have been billed. In that situation, the auditor
needs to assess the potential effect of the limitation on the attorneys response. A limitation based upon billable hours is
generally not appropriate because it does not necessarily correlate to the amount of the contingent liability. Consequently, if
an attorneys response has a billable hours limitation, the auditor will generally need to ask the client to have the attorney
respond based on the materiality limits specified in the original request.
1803.16 Some lawyers add statements in their responses to emphasize retention of the attorney-client and attorney work
product privileges. An example of such statements follows:
[Name of Company] has advised us that the request made in its letter to us is not intended to be a waiver
of the attorney-client privilege relating to any information the Company had furnished to us. Furthermore, be
advised that our response to you should not be interpreted as a waiver of the protection of the attorney work
product privilege relating to any of our files involving [Name of Company] .
According to AU-C 501.A61, such comments in lawyers letters are not limitations on the scope of their responses. Thus,
those comments do not affect the auditors evaluations.
1803.17 With respect to unasserted possible claims or assessments, some attorneys also include language such as the
following in their responses to emphasize the preservation of attorney-client privilege:
Please be advised that pursuant to clauses (b) and (c) of Paragraph 5 of the ABA Statement of Policy and
related Commentary referred to in the last paragraph of this letter, it would be inappropriate for this firm to
respond to a general inquiry relating to the existence of unasserted possible claims or assessments
involving the company. We can only furnish information concerning those unasserted possible claims or
assessments upon which the company has specifically requested in writing that we comment. We also
cannot comment upon the adequacy of the companys listing, if any, of unasserted possible claims or
assessments or its assertions concerning the advice, if any, about the need to disclose same.
According to AU-C 501.A62, such language is not a limitation on the scope of the audit as long as the lawyers response
includes a confirmation of the understanding that the lawyer, under certain circumstances, will advise and consult with the
client concerning the clients obligation to make financial statement disclosure with respect to unasserted claims or
assessments.
1803.18 If the auditor obtains an oral response concerning matters covered by the audit inquiry letter, the auditor should
document conclusions reached concerning the need to account for or disclose litigation, claims, and assessments.
1803.19 Dating of Lawyers Response. The letter from the clients lawyer needs to be coordinated with the date of the
auditors report. Accordingly, it is preferable for the letter to be dated to cover a period that closely corresponds to the
auditors report date, usually within two weeks of the report date. (In some circumstances, e.g., when there are volatile
litigation proceedings, the auditor might want to confirm the continued appropriateness of the lawyers response as of a date
nearer to the report date.) If the attorneys response does not specify an effective date, the auditor can assume that the date
of the response is the effective date. If the lawyers response is dated too long before the date of the auditors report, the
auditor needs to consider getting an updated response. If the update is obtained orally, it should be documented in the
workpapers. If significant matters (such as new litigation or significant developments relating to old litigation) are discovered
in the oral update, the authors recommend obtaining a written update from the attorney. ASB-CL-2.3, Updating Request for
Legal Representation, can be used to request a written update.
1804 WRITTEN REPRESENTATIONS
1804.1 AU-C 580, Written Representations [Formerly SAS No. 85 (AU 333)], clearly states that an auditor should obtain
written representations from management personnel who have appropriate responsibilities for the financial statements, as well
as knowledge of the related matters. AU-C 580.10 states, The auditor should request management to provide a written
representation that it has fulfilled its responsibility, as set out in the terms of the audit engagement, . . . The importance of this
requirement is emphasized by the fact that inability to obtain appropriate written representations prevents an auditor from
expressing an unmodified (unqualified) opinion and may cause an auditor to disclaim an opinion or even withdraw from the
engagement. Disclaiming an opinion or withdrawing is required by AU-C 580.25 when the written representations required by
AU-C 580.10.11 are either (a) not provided by management, or (b) the auditor cannot rely on the representations due to the
auditor concluding that sufficient doubt exists about managements integrity.
1804.2 AU-C 580.26 further states that when management does not provide one or more of the written representations
requested, the auditor should, discuss the matter with management; re-evaluate the integrity of management and evaluate
the effect that this may have on the reliability of representations (oral or written) and audit evidence in general; and take
appropriate actions. Appropriate actions include determining the possible impact to the auditors report pursuant to the
guidance provided by AU-C 705, Modifications to the Opinion in the Independent Auditors Report. AU-C 580 provides the
mandatory representations required from management for audit engagements. Those required representations are discussed
in paragraph 1804.4. In addition, the auditor may request other written representations that he or she considers appropriate in
certain situations.
1804.3 The following paragraphs summarize the objectives and requirements for management representations under the
clarified standard AU-C 580, Written Representations.
1804.4 The objectives of the auditor when obtaining written representations are:
a. To obtain representations from management and, if applicable, those charged with governance, that they have
fulfilled their responsibility for the preparation and fair presentation of the financial statements and for the
completeness of information provided to the auditor.
b. To obtain support for other audit evidence when considered necessary by the auditor or when required by other
standards.
c. To respond appropriately to written representations that are provided (or are not provided when the auditor has
requested them).
1804.5 The requirements that should be followed to achieve those objectives are summarized in Exhibit 18-4. Additionally,
Exhibit 18-4 provides requirements for certain other written representations that originate from other than AU-C 580
authoritative auditing literature. Those other written representations may or may not be incorporated in the management
representation letters at ASB-CL-3.1 and ASB-CL-3.2 because they are required only in certain circumstances. In some cases,
it may be appropriate to tailor the letters at ASB-CL-3.1 and ASB-CL-3.2 to obtain the additional representations. For other
cases, the authors have provided an alternative practice aid that can be used to obtain the representation. In addition, the
authors recommend auditors consider certain other representations that are not provided in authoritative literature, but may
be advisable in a small business engagement. Those matters are discussed in paragraph 1804.14.
Exhibit 18-4
Requirements for Written Representations
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Written Representations
Request written representations from management with appropriate
responsibility for the financial statements and knowledge of the matters
involved. (Management includes, when appropriate, those charged with
governance.) The written representations are obtained in the form of a
representation letter addressed to the auditor.
AU-C 580.09
AU-C 580.08
AU-C 580.21
ASB-AP-2
ASB-CL-3.1
a
ASB-CL-3.2
Request management to provide written representations that it:
Has fulfilled its responsibility for the preparation and fair presentation
of the financial statements in accordance with U.S. GAAP, as set out
in the terms of the audit engagement.
AU-C 580.10 ASB-CL-3.1
ASB-CL-3.2
Has fulfilled its responsibility for the design, implementation, and
maintenance of internal control relevant to the preparation and fair
presentation of financial statements that are free from material
misstatement.
AU-C 580.10 ASB-CL-3.1
ASB-CL-3.2
Has provided the auditor with all relevant information and access and
that all transactions have been recorded and are reflected in the
AU-C 580.11 ASB-CL-3.1
ASB-CL-3.2
Acknowledges its responsibility for the design, implementation, and
maintenance of internal controls to prevent and detect fraud.
AU-C 580.12 ASB-CL-3.1
ASB-CL-3.2
Has disclosed to the auditor the results of its assessment of the risk
that the financial statements may be materially misstated due to fraud.
AU-C 580.12 ASB-CL-3.1
ASB-CL-3.2
Has disclosed to the auditor its knowledge of fraud or suspected
fraud affecting the entity involving management, employees who have
AU-C 580.12 ASB-CL-3.1
ASB-CL-3.2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
significant roles in internal control, or others when the fraud could
have a material effect on the financial statements.
Has disclosed to the auditor its knowledge of any allegations of fraud
or suspected fraud affecting the financial statements communicated
by employees, former employees, regulators, or others.
AU-C 580.12 ASB-CL-3.1
ASB-CL-3.2
Has disclosed to the auditor all instances of identified or suspected
noncompliance with laws and regulations whose effects should be
considered by management when preparing financial statements.
AU-C 580.13 ASB-CL-3.1
ASB-CL-3.2
Believes the effects of uncorrected misstatements are immaterial,
individually and in the aggregate, to the financial statements as a
whole. (A summary of uncorrected misstatements should be included
in, or attached to, the written representation.)
AU-C 580.14 ASB-CL-3.1
ASB-CL-3.2
ASB-CL-3.3
Has disclosed to the auditor all known actual or possible litigation
and claims whose effects should be considered when preparing the
financial statements, and has properly accounted for and disclosed
such items.
AU-C 580.15 ASB-CL-3.1
ASB-CL-3.2
Believes the significant assumptions used in making accounting
estimates are reasonable.
AU-C 580.16 ASB-CL-3.1
ASB-CL-3.2
Has disclosed to the auditor all related parties and related party
transactions of which it is aware and has properly accounted for and
disclosed related party relationships and transactions in the financial
statements.
b
AU-C 580.17 ASB-CL-3.1
ASB-CL-3.2
ASB-CL-12.4
Has properly disclosed or adjusted the financial statement for all
events occurring subsequent to the date of the financial statements
that require disclosure or adjustment.
AU-C 580.18 ASB-CL-3.1
ASB-CL-3.2
Date the written representations as of the date of the auditors report on
the financial statements.
AU-C 580.20 ASB-CL-3.1
ASB-CL-3.2
Obtain written representation for all financial statements and periods
referred to in the auditors report.
AU-C 580.20 ASB-CL-3.1
ASB-CL-3.2
Determine the effect on the reliability of the representations (oral or
written), and audit evidence in general, when there are concerns about the
competence, integrity, ethical values, or diligence of management.
Perform audit procedures to attempt to resolve inconsistencies between
written representations and other audit evidence. Reconsider the
assessment of the competence, integrity, ethical values, or diligence of
management and the effect that it may have on the reliability of
representations (oral or written) and audit evidence in general if
inconsistencies remain unresolved.
Take appropriate action when there is a conclusion that written
representations are not reliable, including determining the possible effect
on the auditors opinion in accordance with AU-C 705.
Disclaim an opinion on the financial statements or withdraw from the
engagement if sufficient doubt exists about the integrity of management
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
such that its written representations are not reliable or if management does
not provide required representations.
If management does not provide one or more of the requested written
representations:
Discuss the matter with management.
Reevaluate the integrity of management and evaluate the effect that
this may have on the reliability of representations (oral or written) and
audit evidence in general.
Take appropriate action, including determining the possible effect on
the auditors opinion.
AU-C 580.26 ASB-AP-2,
Requested
Written
Representations
Not Provided
Request other written representations when it is considered necessary to
support other audit evidence relevant to the financial statements or when
required by other auditing standards.
AU-C 580.19 ASB-CL-3.1
ASB-CL-3.2
Other Requirements Related to Obtaining Written Representations
If a predecessor auditor is asked to reissue a report on prior-period
financial statements, obtain written representations from management of
the former client regarding whether:
Any information has come to managements attention that would
cause it to believe that any of the previous representations should be
modified, and
Any events occurred after the date of the financial statements the
predecessor reported on that would require modification to the
statements.
AU-C 560.19 ASB-CL-3.4
If a restatement is made to correct a material misstatement in a prior
period that affects comparative financial statements, obtain a specific
representation regarding the restatement.
AU-C 700.52 ASB-CL-3.1
ASB-CL-3.2
If the auditor is engaged to report on whether supplementary information
presented outside of the basic financial statement is fairly stated in relation
to the financial statements as a whole, obtain the following representations
from management:
That it acknowledges its responsibility for presentation of the
supplementary information in accordance with U.S. GAAP.
That it believes the supplementary information is fairly presented in
accordance with U.S. GAAP.
That the methods of measurement or presentation have not changed
from the prior period (or the reasons for a change).
About any significant assumptions or interpretations underlying
measurement or presentation of the supplementary information.
That audited financial statements will be made readily available to
intended users of the supplementary information when the
information is not presented with the audited statements, no later than
the date the supplementary information and auditors report are
issued.
AU-C 725.07 ASB-CL-3.1
ASB-CL-3.2
If the auditor is engaged to report on required supplementary information
that accompanies the basic financial statements, obtain the following
representations from management:
this Guide
c
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
That it acknowledges its responsibility for presentation of the required
supplementary information.
About whether the required supplementary information is fairly
presented in accordance with prescribed guidelines.
About whether the methods of measurement or presentation have
changed from the prior period, and if so, the reasons for such
changes).
About any significant assumptions or interpretations underlying
measurement or presentation of the required supplementary
information.
If the auditor is engaged to report on summary financial statements, obtain
the following representations from management:
Acknowledgment of its responsibility for preparation of the summary
financial statements in accordance with the applied criteria.
That audited financial statements will be made readily available to
intended users of the summary financial statements when the
summary financial statements are not presented with the audited
If the auditors report on the summary financial statements is issued
after the auditors report on the audited financial statements, whether
anything came to managements attention to cause it to believe the
previous representations on the audited financial statements need
modification, or whether events subsequent to the issuance of the
audited financial statements necessitate modification in the audited
this Guide
If the auditor is engaged to report on interim financial information, the
auditor should request management to provide the written representations
required by AU-C 930.
AU-C 930.21 ASB-IR-6
If the auditor is engaged to perform a compliance audit, the auditor should
request management to provide the written representations required by
AU-C 935.
this Guide
d
Notes:
a
ASB-CL-3.1 and ASB-CL-3.2 reflect the implementation of the clarified auditing standards, which are effective for audits
of periods ending on or after December 15, 2012. Although AU-C 580, Written Representations, revises the wording of
several required representations and reorganizes certain items in the illustrative representation letter, the substance of
the letter and the required representations have not changed from the pre-clarified standards at AU 333. Therefore, these
letters may be used both before and after the effective date of the clarified standards. However, for audits of periods
ending before December 15, 2012, if you prefer to use the management representation letter without consideration of the
clarified standards, see ASB-CL-3.5.
b
AU-C 580.A15 suggests that it may be appropriate to obtain written representations about related parties from those
charged with governance in addition to management. ASB-CL-3.1 and ASB-CL-3.2 include a general statement that
related party transactions have been properly recorded and disclosed in the financial statements. In addition,
ASB-CL-12.4 may be used to confirm the existence of related party transactions with owners, officers, directors, or
others.
c
Information about reporting on required supplementary information pursuant to AU-C 730 is included in PPCs Guide to
Audits of Local Governments.
d
Information about performing a compliance audit pursuant to AU-C 935 is included in PPCs Guide to Audits of Local
Governments, PPCs Guide to Audits of Nonprofit Organizations, PPCs Guide to HUD Audits, and PPCs Guide to Single
Audits.
* * *
Written Representations to Be Obtained
1804.6 While a management representation letter is usually prepared by an auditor, it is a communication from the client to
the auditor and is signed by client management. The representation letter acknowledges managements primary responsibility
for the financial statements, even if the auditor drafts the financial statements and related notes. Additionally, as discussed in
paragraph 1804.25, the representations obtained from management provide other audit evidence and support the validity of
results of audit procedures performed. ASB-CL-3.1 presents a drafting example of the written representations that should be
obtained when reporting on audited financial statements. ASB-CL-3.2 presents a drafting example that may be used when the
current year financial statements have been audited and the prior year financial statements have been reviewed. The letter at
ASB-CL-3.1 includes management representations that are typical for many audit engagements, while the letter at ASB-CL-3.2
contains representations that are typical when the current year financial statements have been audited and the prior year
statements have been reviewed. However, both letters need to be tailored to meet the clients individual circumstances.
1804.7 Auditors might consider maintaining a list of significant management representations relied on during the audit to
ensure that none are missed when preparing the representation letter. (The list would not need to include every statement or
answer to a question made by management.) The auditor may wish to document on the list the reason why any
representations included on the list were not included in the representation letter, but such a to do list needs to be handled in
accordance with firm policy at the end of the audit.
Audit Adjustments
1804.8 AU-C 580.14 requires an acknowledgment in the representation letter that management has considered whether the
effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the financial statements taken
as a whole. A summary of the uncorrected misstatements should be included in or attached to the representation letter.
Authoritative literature does not provide specific guidance for the auditor when there are no uncorrected misstatements. In
that situation (that is, when either no misstatements are noted in the audit or all noted misstatements are corrected), the
authors believe no representation about uncorrected misstatements is necessary in the management representation letter.
1804.9 Uncorrected misstatements communicated in the representation letter include both misstatements identified by the
auditor and misstatements brought to the auditors attention by management. For example, it is not uncommon for the client
to inform the auditor about adjustments of which the client is aware. If those adjustments are not recorded, they should be
included in the summary attached to the management representation letter. The summary of uncorrected misstatements also
may include the current year effect of unadjusted audit differences from prior years (that is, the turnaround effect). The
guidance beginning in paragraph 1812.32 provides information about summarizing the current year effect of unadjusted audit
differences from prior years. In addition, as discussed in paragraph 1812.16, some auditors set an amount below which
detected misstatements need not be accumulated on the summary of audit differences. Those misstatements (often referred
to as trivial misstatements or differences passed at the workpaper level) need not be included in the summary of uncorrected
misstatements communicated in the management representation letter.
1804.10 The adjustments included in the summary may be aggregated. If the auditor chooses to aggregate the
misstatements, they normally would be aggregated by financial statement caption. However, other methods of aggregation
are acceptable, such as by business segment or subsidiary. If the adjustments are aggregated, they need to be presented in
sufficient detail to provide management with an understanding of the nature, amount, and effect of the uncorrected
misstatements.
1804.11 Exhibit 18-5 illustrates an example summary of audit differences that can be included in or attached to the
management representation letter. ASB-CL-3.3, Summary of Audit Differences, provides a drafting form for that summary.
Auditors also might consider attaching a copy of ASB-CX-12.2, Audit Difference Evaluation Form, to the representation letter
to comply with the requirement of AU-C 580.14. Completion of ASB-CX-12.2 is illustrated in section 1812. The summary of
audit differences illustrated in Exhibit 18-5 is based on the ASB-CX-12.2 illustration in section 1812. Other approaches for
complying with the requirement to communicate uncorrected misstatements also are acceptable, such as summarizing the
uncorrected misstatements within the body of managements representation about uncorrected misstatements. This may
entail a greater degree of summarization than would be presented in a separate schedule. For example, the representation
about uncorrected misstatements from Plas-Cup, Inc., the illustrative company used in Exhibit 18-5, might read as follows:
We believe the effects of uncorrected financial statement misstatements are immaterial, both individually and
in the aggregate, to the financial statements taken as a whole. Those misstatements result from:
a. Recognizing vacation pay when paid rather than when incurred and therefore not recognizing the current
liability of $10,000 and $10,500 at December 31, 20X1 and 20X2, respectively, or the related
compensation expense;
b. Recognizing audit fees when paid rather than when incurred and therefore not recognizing the current
liability of $5,000 and $5,200 at December 31, 20X1 and 20X2, respectively, or the related professional
services expense;
c. Overestimating the $50,000 provision for warranty costs on the companys new product line by $5,000;
and
d. Recognizing the $7,500 cost of equipment purchased in December 20X1 as an expense of that year and
therefore not recognizing the equipments net book value of $7,500 and $6,750 at December 31, 20X1 and
20X2, respectively, or the additional depreciation expense of $750 for 20X2.
This example omits some of the information that is included in the separate schedule illustrated in Exhibit 18-5 under the
assumption that the auditor believes the information in items a.d. is sufficient to communicate the uncorrected
misstatements.
Exhibit 18-5
Illustrative Summary of Audit Differences for Inclusion in or
Attachment to the Management Representation Letter
a
PLAS-CUP, INC.
SUMMARY OF AUDIT DIFFERENCES
Year Ended December 31, 20X2
Current Year over
(under) Statement
Income statement misstatements:
b

Failure to accrue 20X2 paid vacation $ 10,500
Unaccrued 20X2 audit fees, incurred by year end 5,200
Excess provision for warranty costs (5,000)
Depreciation expense on $7,500 of capital equipment expensed in 20X1 750
Pretax effect 11,450
Tax effect (34% effective tax rate) (3,893)
Cumulative effect (before effect of prior year differences) $ 7,557
PLAS-CUP, INC.
Year Ended December 31, 20X2
Current Year over
(under) Statement
Effect of unadjusted audit differencesprior year (net of tax):
Unaccrued 20X1 paid vacation $ (6,600)
Unaccrued 20X1 audit fees, incurred by year end (3,300)
Cumulative effect (after effect of prior year differences) $ (2,343)
Reclassification adjustments:
Current deferred income tax asset $ (5,100)
Noncurrent deferred income tax liability (5,100)
Balance sheet misstatements (including reclassifications):
c

Current assets (5,100)
Total assets (11,850)
Current liabilities (10,700)
Total liabilities (15,800)
Stockholders equity:
Beginning 4,950
Ending 2,607
Notes:
a
This summary is derived from the illustrative audit difference evaluation presented at Exhibit 18-17. As discussed in
paragraph 1804.11, other approaches for complying with the requirement to communicate uncorrected misstatements
also are acceptable. Other acceptable approaches might include (1) attaching a copy of ASB-CX-12.2, Audit Difference
Evaluation Form, to the management representation letter, (2) summarizing the uncorrected misstatements within the
body of managements representation about uncorrected misstatements, or (3) other approaches that the auditor
believes are sufficient to communicate the uncorrected misstatements.
b
Income statement adjustments might be presented net of their related tax effects, rather than presenting the aggregate
tax effects as a separate line item. Alternatively, only pretax amounts may be presented. Auditors also might consider
presenting the percentage effect on net income of cumulative income statement adjustments.
c
The authors have presented the effect of uncorrected misstatements on assets and liabilities on a pretax basis and the
effect of uncorrected misstatements on equity on an after-tax basis. Alternatively, only pretax amounts may be presented.
Auditors also might consider presenting the percentage effect on assets, liabilities, and equity.
* * *
1804.12 The auditor should request management to correct misstatements accumulated during the audit, except for those
that are clearly trivial. Even so, management may have reasons for refusing to correct some (or all) misstatements. In some
circumstances, management may not believe that certain uncorrected misstatements are misstatements. In that situation,
management may want to add wording to the representation letter such as, We do not agree that items . . . and . . .
constitute misstatements because [description of reasons]. Obtaining such a representation does not relieve the auditor from
forming a conclusion about the effect of uncorrected misstatements pursuant to AU-C 450, Evaluation of Misstatements
Identified During the Audit, discussed in section 1812. Nevertheless, compliance with AU-C 580 certainly is simplified if
management records all audit adjustments. In many cases, especially for small businesses that rely on the auditor for
accounting knowledge, management will agree to record all audit adjustments.
1804.13 The communication of audit adjustments in the representation letter does not constitute a communication to
management (or those charged with governance) under AU-C 240, Consideration of Fraud in a Financial Statement Audit, or
AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements. That guidance addresses different
communication responsibilities as discussed beginning in paragraph 1816.1. However, while the auditor may consider the
clients decision to not record audit adjustments when identifying and assessing fraud risks, the decision to not record all
proposed adjustments does not necessarily mean the client is intentionally misstating the financial statements. Section 404
discusses the auditors consideration of fraud risks in more detail.
Modifications for a Small Business Engagement
1804.14 In a small business engagement, it may be advisable to modify some of the standard wording to define technical
terms that may not be familiar to a small business owner/manager and, in general, to make the owner/manager more
comfortable with the reasonableness of the representations being requested. For example, technical terms such as fraud and
related party transactions are discussed in authoritative literature but may be unfamiliar to an owner/manager of a small
business. Also, in a small business engagement, certain additional representations may be desirable.
1804.15 Additional Representations. For a small business, certain additional representations may be advisable in the
representation letter. For example:
a. Adjusting Entries. In addition to the representations related to uncorrected misstatements discussed beginning in
paragraph 1804.8, some auditors believe it is desirable to obtain managements acknowledgment of responsibility
for audit adjustments booked by the client. If there are no uncorrected audit adjustments (that is, if all misstatements
noted in the audit are booked), the owner/manager of a small business might state: I am in agreement with the
adjusting journal entries you have recommended, and they have been posted to the companys accounts. As
discussed in paragraph 1804.8, in that case, no representation about uncorrected misstatements is necessary.
If there are both corrected and uncorrected audit adjustments, the owner/manager might state: I believe the effects
of the uncorrected financial statement misstatements summarized in the attached schedule are immaterial, both
individually and in the aggregate, to the financial statements taken as a whole. In addition, you have recommended
adjusting journal entries that have been posted to the companys accounts. I am in agreement with those
adjustments.
b. Oral Communications. If required communications are orally reported (as permitted in certain circumstances under
AU-C 260, The Auditors Communication with Those Charged with Governance), it is desirable for the
owner/manager to acknowledge in the representation letter that the matters have been reported.
c. Segregation of Business and Personal Transactions. Small businesses often have informal recordkeeping systems,
and it is easy to commingle personal and business transactions. Thus, it is beneficial to have the owner/manager
acknowledge that the accounts do not contain personal transactions.
d. Provision for Unpaid Federal Income Taxes. It may be desirable to include a representation such as: The Internal
Revenue Service has examined the Companys Federal income tax returns through [Year] . However, the
Companys Federal income tax returns for [List open years.] are subject to examination by the IRS, generally for
three years after they were filed. The Company recognizes tax benefits only to the extent that the Company believes
it is more likely than not that its tax positions will be sustained upon IRS examination. Accordingly, the provision for
unpaid federal income taxes (liability for unrecognized tax benefits) in the balance sheet reflects all tax positions that
the Company believes do not have greater than a 50% chance of realization after examination.
e. Pledged Assets. Many small businesses have pledged property as collateral on debt obligations. If this is the case,
the representation at ASB-CL-3.1 and ASB-CL-3.2 need to be revised by adding the phrase, except as made known
to you (optionaland disclosed in the notes to the financial statements).
1804.16 Alternative Wording. Exhibit 18-6 presents alternative wording that can be used in a management representation
letter for a small business engagement. The alternative wording defines technical terms and, in general, modifies the wording
to make it more suitable for the circumstances of a small business engagement.
Exhibit 18-6
Alternative Wording of Representations
for Small Business Engagements
Illustrative Letter
Alternative Wording
a
I acknowledge our responsibility for the design,
implementation, and maintenance of internal control
to prevent and detect fraud.
I acknowledge our responsibility for the design,
implementation, and maintenance of internal control
(measures) to prevent and detect fraud (intentional
acts that result in material misstatement of the
financial statements).
I have no knowledge of any fraud or suspected fraud
that affects the entity and involves management,
employees who have significant roles in internal
control, or others where the fraud could have a
material effect on the financial statements.
I have no knowledge of any fraud or suspected fraud
that affects the entity and involves management,
employees who have significant roles in processing
transactions or safeguarding assets, or others where
the fraud could have a material effect on the financial
statements.
The effects of all known actual or possible litigation,
claims, and assessments have been accounted for
and disclosed in accordance with U.S. GAAP.
The effects of all known actual or possible litigation,
claims, and assessments that are regarded as
significant enough have been accounted for and
disclosed in accordance with U.S. GAAP.
All material transactions have been recorded in the
accounting records and are reflected in the financial
statements.
All material transactions have been recorded in the
accounting records and are reflected in the financial
statements, and there are no undisclosed assets or
liabilities.
b
Notes:
a
Modifications are italicized for emphasis.
b
See the discussion of the completeness assertion in Chapter 4.
* * *
1804.17 Other Actions. Other actions an auditor could take to maximize a small business owner/managers understanding
of the representation letter include discussing the letter line by line so the owner/manager agrees on the meaning and
significance of the representations.
1804.18 Generally, in a small business engagement the authors recommend that one comprehensive representation letter be
obtained that is signed by the owner/manager. If the company has a controller or chief financial officer, the auditor might
consider having that person sign the letter also. It is permissible to obtain separate written representations on particular areas,
e.g., inventories, signed by individuals responsible for the area. However, that is almost never necessary for a small business.
Materiality
1804.19 AU-C 580.A22 permits, but does not require, limiting representations to matters that are either individually or
collectively material to the financial statements. That limitation is acceptable, however, only for representations that directly
relate to amounts included in the financial statements and only if the auditor and management reach an agreement about
what is material for this purpose. It would not be acceptable, for example, to limit representations about the completeness of
available financial records, managements responsibility for fair presentation, or managements acknowledgment of its
responsibility for the design, implementation, and maintenance of internal control to prevent and detect fraud.
1804.20 AU-C 580.A22 notes that materiality may be different for different representations, and it permits but does not require
including an explicit discussion of materiality in the representation letter, in either qualitative or quantitative terms. A
discussion that includes both qualitative and quantitative terms is also acceptable. However, the authors discourage using a
purely quantitative discussion of materiality because it is inappropriate to rely solely on quantitative considerations when
determining materiality. The sample letters at ASB-CL-3.1 and ASB-CL-3.2 illustrate a discussion of materiality in qualitative
terms.
Periods Covered by the Letter
1804.21 AU-580 requires written representations from management who has responsibility for the financial statements and
knowledge of the matters concerned for all financial statements and periods covered by the auditors report. The authoritative
guidance further explains that even when current management was not present during all periods referred to in the auditors
report, current managements responsibilities for the financial statements as a whole are not diminished and the requirement
for the auditor to request from them written representations that cover the whole of the relevant periods still applies. For
example, if the auditor is reporting on comparative financial statements, the representation letter for the most recent audit
should address all periods being reported on. If senior management changed during or after the period under audit, current
management may be hesitant to provide this assurance. Auditors may point out that the letter limits the confirmants response
to his or her best knowledge and belief. In some cases, senior management may sign the representation letter, but a
controller who was not present during the period under audit may decline because he or she is new to the situation. The
authors believe this is acceptable and would not result in a scope limitation. However, the auditor needs to make inquiries to
determine that the reason for the controller not signing the letter is because the controller was not responsible for the financial
statements and not due to other reasons (such as a disagreement about accounting matters or knowledge of an actual or
suspected material misstatement). The authors also recommend that the controller be asked to sign a separate
representation stating that he or she has no knowledge of a material matter that was not properly treated in the financial
statements.
Dating of the Letter and Updating Letters
1804.22 The auditor is concerned with matters occurring through the date of his or her report, not merely through the
balance sheet date. As a result, the management representation letter should be dated as of the date of the auditors report.
See discussion on dating of the auditors report beginning at paragraph 1813.11 and the date of managements subsequent
event review beginning at paragraph 1805.4.
1804.23 Updating Letters. There are circumstances that require predecessor auditors to obtain updating representation
letters from management. AU-C 560, Subsequent Events and Subsequently Discovered Facts, requires a predecessor auditor
to obtain a representation letter from management, in addition to the previous requirement for a representation letter from the
successor auditor, before reissuing a report on financial statements of a prior period. This requirement applies when the prior
period financial statements are presented on a comparative basis with audited financial statements of a subsequent period.
The updating management representation letter should address (a) whether management is aware of any new information
that would cause them to believe that any of the previous representations should be modified, and (b) whether any events
occurring subsequent to the latest balance sheet date of the financial statements reported on by the predecessor require
disclosure in or adjustment to such financial statements. ASB-CL-3.4 presents a drafting form of this letter.
Receipt of the Letter
1804.24 AU-C 580.A27 indicates that the auditor does not need to physically possess managements representation letter on
the date of the auditors report. The requirement can be met if on or before the date of the auditors report management has
received the final representation letter and confirmed to the auditor that they will sign the letter without exception. The auditor
will need to physically possess the signed letter before releasing the audit report. Managements refusal to furnish written
representations constitutes a limitation on the scope of the audit often sufficient to preclude an unmodified (unqualified)
opinion and may cause an auditor to disclaim or withdraw.
Reliance on Managements Representations
1804.25 As noted in paragraph 1804.1, the auditor is required to obtain written representations from management. However,
the auditor can not simply accept managements representations as the only necessary audit evidence for the matters
included in the representation letter. If the auditor cannot verify a representation using another form of evidence (for example,
managements intent to hold investment securities to maturity), the auditor needs to evaluate whether the representation is
feasible considering factors such as:
Whether the client has carried out its stated intentions in the past.
The entitys ability to pursue a specific course of action.
Whether any conflicting information has been learned during the course of the audit that seems inconsistent with
managements judgment or intent.
1804.26 Additionally, if the auditor becomes concerned about managements competence, integrity, ethical values, or
diligence, the auditor should determine the effect that those concerns may have on the reliability of managements
representations (oral or written) and audit evidence in general. Significant concerns in this area may cause the auditor to
conclude that the risk of management misrepresentation is such that an audit cannot be conducted. According to AU-C
580.A30, even when those charged with governance implement appropriate corrective measures, such measures may not be
enough to enable the auditor to issue an unmodified (unqualified) audit opinion.
1804.27 In particular, if other audit evidence contradicts a representation made by management, the auditor should attempt
to resolve the matter by performing audit procedures. In the case of such identified contradictions, the auditor may consider
whether the risk assessment remains appropriate, and if not, may revise the risk assessment and perform appropriate
procedures to respond to the assessed risks. Depending on the circumstances, the auditor may need to consider whether
reliance on managements representations relating to other aspects of the financial statements is appropriate.
1804.28 In the situation where the auditor concludes that the written representations are unreliable, the auditor should take
appropriate action, including determining any effect on the auditors report. AU-C 580.25 indicates that auditors should
disclaim an opinion on the financial statements or withdraw from the engagement if the auditor determines that sufficient
doubt exists about managements integrity and the reliability of the written representations required by AU-C 580.10.11 (see
Exhibit 18-4). The possible effects on the financial statements of an inability to rely on the written representations required by
AU-C 580.10.11 are not limited to specific elements, accounts, or items of the financial statements and, thus, are pervasive.
1805 SUBSEQUENT EVENTS REVIEW
1805.1 AU-C 560, Subsequent Events and Subsequently Discovered Facts [Formerly SAS No. 1 (AU 560)], defines the types
of subsequent events the auditor should evaluate and specifies the procedures that should be performed to determine the
occurrence of such events. (Section 1818 discusses the objectives and requirements relating to the auditors responsibilities
for subsequent discovery of matters after the date of the auditors report under the clarified standards.) FASB ASC 855-10,
Subsequent Events includes accounting and disclosure standards on subsequent events.
1805.2 The objective of the auditor regarding subsequent events is to obtain sufficient appropriate evidence about whether
events occurring after the financial statement date through the date of the auditors report that require adjustment of or
disclosure in, the financial statements are properly reflected in accordance with GAAP (AU-C 560.05).
Exhibit 18-7
Requirements for Subsequent Events
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Perform audit procedures to obtain sufficient appropriate audit evidence
that all subsequent events that require adjustment of, or disclosure in, the
financial statements have been identified.
Perform subsequent events audit procedures covering the period from the
date of the financial statements to the date of the auditors report or as
close to that date as practicable.
Take into account the risk assessment when determining the nature and
extent of subsequent events audit procedures.
Perform the following audit procedures:
Obtain an understanding of managements procedures to identify
subsequent events.
Inquire of management and, when appropriate, those charged with
governance about whether any subsequent events have occurred
that might affect the financial statements.
Read minutes of the meetings of owners, management, and those
charged with governance held after the date of the financial
statements and inquire about matters discussed at meetings for
which minutes are not yet available.
Read the latest subsequent interim financial statements, if any.
If subsequent events requiring adjustment of, or disclosure in, the financial
statements are identified, determine that they are appropriately reflected in
* * *
Dating the Auditors Report and Subsequent Events Footnote
1805.4 FASB ASC 855-10-50-1 requires reporting entities to disclose the date through which subsequent events have been
evaluated and whether that date is the date the financial statements were issued or were available to be issued. That
disclosure is required regardless of whether the reporting entity recognizes or discloses a subsequent event in its financial
statements. Generally, nonpublic entities will evaluate subsequent events through the date that the financial statements are
available to be issued, i.e., when they are complete in a form and format that complies with GAAP and all approvals
necessary for issuance have been obtained. Often, this will be the date of the auditors final conference with the client when
proposed adjustments to the financial statements are agreed upon. Therefore, the remainder of this discussion addresses
subsequent events in the context of the date the financial statements are available to be issued.
1805.5 FASB ASC 855-10-20 notes that subsequent events are events or transactions that occur subsequent to the balance
sheet date but before financial statements are available to be issued. The period within this time is called the subsequent
events period.
1805.6 The auditors report is dated no earlier than the date on which the auditor has obtained sufficient appropriate
evidence to support the opinion. This includes evidence about subsequent events, so the auditors report date cannot be
earlier than the date of managements subsequent events evaluation note. AU-C 560.A10 notes that, in most cases, the date
of managements subsequent events evaluation note will be the same date as the auditors report. Furthermore, AU-C 580
requires management to make specific representations relating to information concerning subsequent events, and the date of
the management representation letter should be the same as the date of the auditors report. Therefore, the subsequent
evaluation note date, the management representation letter date, and the auditors report date generally will be the same. See
discussion on coordinating these dates at paragraph 1813.12.
1805.7 In addition, it is ordinarily expected that the date of the auditors report will be close to the report release date. Many
firms adopt a policy about when to date their auditors report if there is a delay in releasing the report (that is, how long of a
delay makes it necessary to redate the report). A decision to redate the report should result in extending the subsequent
events review to the later date. Auditors may consider covering that matter in their firms quality control policies and
procedures. Dating of the auditors report is discussed beginning at paragraph 1813.11.
Types of Subsequent Events
1805.8 FASB ASC 855, Subsequent Events, prescribes the accounting for subsequent events that are not addressed in other
specific accounting standards. For example, FASB ASC 740-10-25-15 prescribes the accounting treatment for changes in
judgment after the balance sheet date that results in subsequent recognition, derecognition, or change in measurement of a
tax position taken in a prior annual period. When another accounting standard does not prescribe a different treatment, FASB
ASC 855-10-20 delineates the two following types of subsequent events:
a. Recognized Subsequent EventsThe first type consists of events or transactions that provide additional evidence
about conditions that existed at the date of the balance sheet, including the estimates inherent in the process of
preparing financial statements.
b. Nonrecognized Subsequent EventsThe second type consists of events that provide evidence about conditions
that did not exist at the date of the balance sheet but arose subsequent to that date but before the financial
statements are available to be issued.
1805.9 Examples of recognized subsequent events are as follows:
a. Litigation caused by an event that occurred before the balance sheet date, but that was settled for an amount
different than the recorded liability before the financial statements were available to be issued. The settlement
amount should be considered in estimating the amount of the liability recognized at the balance sheet date.
b. A loss on an uncollectible trade account receivable as a result of a customers deteriorating financial condition
leading to bankruptcy after the balance sheet date but before the financial statements are available to be issued. The
effects of the customers bankruptcy filing should be considered in estimating the amount of uncollectible trade
accounts receivable recognized at the balance sheet date.
As a general matter, subsequent events affecting the realization of assets (such as receivables and inventories) or the
settlement of estimated liabilities, should be recognized in the financial statements at the balance sheet date when those
events represent the culmination of conditions that existed over a relatively long period of time.
1805.10 Examples of nonrecognized subsequent events
2(107)
are as follows:
a. Sale of a bond or capital stock.
b. Settlement of litigation when the event giving rise to the claim took place after the balance sheet date.
c. Loss of plant or inventories as a result of fire or a natural disaster.
d. Losses on receivables resulting from conditions (such as a customers major casualty) arising after the balance
sheet date.
e. Changes in the fair value of assets or liabilities (financial or nonfinancial) or foreign exchange rates.
f. Entering into significant commitments or contingent liabilities.
g. A business combination.
Subsequent Events Review Procedures
1805.11 Some subsequent events may be discovered as a result of audit procedures applied for specific financial statement
components. These procedures usually involve cutoff tests and assessment of valuation. For example, the inspection of
subsequent collections of accounts receivable may disclose a material subsequent event. However, there is a group of
procedures performed specifically to search for material subsequent events, the so-called subsequent events review.
1805.12 According to AU-C 560.10, the auditor should perform subsequent events review procedures that cover the period
from the date of the financial statements to the date of the auditors report or as close to that date as practicable. The
subsequent events review procedures generally are:
a. Understand Managements Procedures. For audits of financial statements for periods ending on or after December
15, 2012, auditors should obtain an understanding of procedures management has established to ensure that
subsequent events are identified.
b. Inquire of Management and, When Appropriate, Those Charged with Governance. The auditor may inquire about the
current status of items that were accounted for based on preliminary or inconclusive data and may make specific
inquiries related to matters such as the following:
(1) Developments regarding commitments or contingencies.
(2) Significant changes in assets or capital structure.
(3) Existence of unusual adjustments after the balance sheet date.
c. Obtain Lawyers Letter. The letter obtained from the clients lawyer, as explained in section 1803, needs to cover
matters at the balance sheet date through a period specified in the audit inquiry letter that is as close as possible to
the audit report date. (AU-C 501.A53)
d. Obtain a Management Representation Letter. The written representations obtained from management, as explained
in section 1804, should be as of the audit report date.
e. Read Minutes of Stockholders and Directors Meetings. The reading of minutes should include those available for
meetings after the balance sheet date. If minutes (or drafts) are not available for meetings that occur in the
subsequent period, inquiries should be made about significant matters dealt with at those meetings.
f. Read Internal Financial Reports. The reading of internal reports generally includes available interim financial
statements or budgets. The purpose of this procedure is to identify any significant changes in operations. In a small
business, internal financial reports are not extensive, and an auditor needs to discuss with the owner/manager what
information is used to monitor operations.
g. Scan Journals and Ledgers. The accounting records for the subsequent period may be scanned for unusual items
or significant items related to the current period.
h. Consider Impairment of Assets. Determine if the carrying amount of assets has become impaired subsequent to year
end (as discussed in paragraphs 1301.12 and 1401.52).
Naturally, additional procedures may be necessary to follow up on material subsequent events discovered in performing the
above procedures. If material subsequent events are discovered, auditors should ensure that the workpapers include the
information needed to support adjustments to the financial statements or disclosures about subsequent events (AU-C
560.11).
1806 RELATED PARTIES
1806.1 Most business transactions result from bargained dealing. When the parties to a transaction are related, the
objectivity expected in unrelated bargaining may be lost. Because of the loss of objectivity, knowledge of the nature and
volume of transactions with related parties may be necessary for financial statement users to properly evaluate the companys
financial condition and results of operations. Consequently, material related party transactions should be disclosed.
1806.2 Accounting Standards. The disclosure requirements for related parties are explained in detail in FASB ASC 850,
Related Party Disclosures. The primary requirements are:
a. Financial statements shall include disclosures of material related party transactions, other than compensation
arrangements, expense allowances, and other similar items in the ordinary course of business.
b. The disclosures shall include the following:
(1) The nature of the relationship(s).
(2) A description of the transactions for each of the periods for which income statements are presented and such
other information deemed necessary to understanding the effects of the transactions on the financial
statements (including transactions to which no amounts or nominal amounts were ascribed).
(3) The dollar amounts of transactions for each of the periods for which income statements are presented and the
effects of any change in the method of establishing the terms from that used in the preceding period.
(4) Amounts due from or to related parties as of the date of each balance sheet presented and, if not otherwise
apparent, the terms and manner of settlement.
c. If the reporting entity and one or more other entities are under common control and the existence of that control
could result in operating results or financial position significantly different from those that would have been obtained
if the entities were autonomous, the nature of the control relationship should be disclosed even if there have been no
transactions between the entities.
d. In addition to the disclosures required by FASB ASC 850, guarantees by the entity of debt of related parties may
require additional disclosures as a result of FASB ASC 460, such as disclosure of the maximum potential amount
payable by the entity.
Related parties include affiliates; equity investees; pension, profit-sharing, and similar trusts managed by or under the
trusteeship of management; principal owners, management, and members of their immediate families; other parties if one
party controls or can significantly influence the management or operating policies of the other to an extent that one of the
parties might be prevented from pursuing its own separate interest; or another party that can significantly influence the
management or operating policies of the transacting parties or that has an ownership interest in one of the transacting parties
and can significantly influence the other to an extent that one or more of the transacting parties might be prevented from
pursuing its own separate interests.
1806.3 Auditing Standards. Authoritative literature outlining the auditors responsibilities relating to related parties and
related party transactions is contained in AU-C 550, Related Parties [Formerly SAS No. 45 (AU 334)].
1806.4 The objectives of the auditor regarding related parties are:
a. To obtain an understanding of related party relationships and transactions sufficient to recognize fraud risk factors
arising from them and conclude whether financial statements affected by them are fairly stated.
b. To obtain sufficient appropriate audit evidence about whether related party relationships and transactions have been
appropriately identified, accounted for, and disclosed in the financial statements.
Exhibit 18-8
Requirements for Related Parties
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Perform risk assessment procedures to obtain information relevant to
identifying the risks of material misstatement associated with related party
ASB-CX-3.1
Include specific consideration of the susceptibility of the financial
statements to material misstatement due to fraud or error that could result
from related party relationships and transactions in the engagement team
discussion.
AU-C 550.13 ASB-CX-3.2
Inquire of management about the following:
Identity of related parties including changes from the prior period.
Nature of the relationships with related parties.
Transactions with related parties during the period and their type and
purpose.
ASB-CX-3.1
Inquire of management and others within the entity and perform other risk
assessment procedures to obtain an understanding of the controls to:
Identify, account for, and disclose related party relationships and
transactions.
Authorize and approve significant transactions and arrangements with
related parties.
Authorize and approve significant transactions and arrangements
outside the normal course of business.
ASB-CX-4.1
ASB-CX-4.2.1
ASB-CX-5
Remain alert when inspecting documents or records for arrangements or
other information that may indicate the existence of previously unidentified
related party relationships or transactions.
ASB-AP-2
Inspect the following for the existence of related party relationships or
transactions that management has not identified or disclosed to the
auditor:
Bank and legal confirmations.
Minutes of meetings of shareholders and those charged with
governance.
Other records or documents considered necessary in circumstance
ASB-AP-2
When significant transactions outside the entitys normal course of
business are identified, inquire of management about the nature of the
ASB-CX-3.1
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
transactions and whether related parties could be involved.
Share with other engagement team members the identity of the related
parties and other relevant information obtained.
AU-C 550.18 ASB-CX-3.2
Identify and assess the risks of material misstatement associated with
related party relationships and transactions and determine whether any of
those risks are significant risks. Treat significant related party transactions
outside the normal course of business as significant risks.
ASB-CX-3.1
ASB-CX-7.1
When identifying and assessing the risks of material misstatement due to
fraud, consider identified fraud risk factors pertaining to related parties.
AU-C 550.20 ASB-CX-6.2
ASB-CX-7.1
Design and perform further audit procedures to obtain sufficient
appropriate audit evidence about the assessed risks of material
misstatement associated with related party relationships and transactions.
If arrangements or other information are identified that suggest the
existence of related party relationships or transactions not previously
identified or disclosed by management, determine whether the underlying
circumstances confirm the existence of those relationships or transactions.
If related parties or significant related party transactions are identified that
management has not previously identified or disclosed:
Communicate the information to other engagement team members.
Request management to identify all transactions with the newly
identified related parties.
Inquire why controls over related party relationships and transactions
failed to identify or disclose such relationships or transactions.
Perform appropriate substantive audit procedures.
Reconsider the risk that other related parties or significant related
party transactions may exist that have not been identified or disclosed
and perform additional audit procedures as necessary.
Evaluate the implications for the audit if the nondisclosure by
management appears intentional.
For significant related party transactions outside the normal course of
business:
Inspect the underlying contracts or agreements and evaluate whether
(1) the business rationale (or lack thereof) for the transactions
indicates the possibility of fraudulent financial reporting or
misappropriation of assets, (2) the terms are consistent with
managements explanations, and (3) the transactions have been
appropriately accounted for and disclosed.
Obtain audit evidence that the transactions have been appropriately
authorized and approved.
AU-C 550.24 ASB-AP-2,
Significant
Related Party
Transactions
Outside the
Normal Course
of Business
Obtain sufficient appropriate audit evidence about any assertion in the
financial statements that a related party transaction was conducted on
terms equivalent to arms length.
In forming an opinion on the financial statements, evaluate whether
identified related party relationships and transactions have been
appropriately accounted for and disclosed and whether their effects
prevent the financial statements from being fairly presented.
ASB-CX-14
Communicate significant matters concerning related parties with those
charged with governance (unless all of those charged with governance are
involved in managing the entity).
AU-C 550.27 ASB-CL-5.2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Document the names of any identified related parties and the nature of the
related party relationships.
AU-C 550.28 ASB-CX-3.1
* * *
1806.6 Strengthened Requirements under the Clarified Standards. AU-C 550 strengthens the pre-clarified standards at
AU 334 by clarifying that the auditor should perform risk assessment procedures to identify and assess the risks of material
misstatement arising from related party relationships and transactions and to design and perform further audit procedures in
response to those risks. Additionally, under AU-C 550, as part of performing risk assessment procedures, the auditor should
obtain an understanding of the controls surrounding related parties and related party transactions and treat significant related
party transactions outside the normal course of business as significant risks. Furthermore, if the auditor identifies related party
transactions that have previously not been identified or disclosed by management, the auditor should perform additional
procedures regarding (a) the risk that additional related party transactions may exist, and (b) the consideration of fraud. The
authors believe that those changes are consistent, and do not conflict with the preclarified risk assessment requirements and
do not conflict at AU 334. Therefore, this section and the related practice aids have been updated for AU-C 550. Exhibit 18-8
indicates the practice aids in this Guide that fulfill the requirements of AU-C 550.
Audit Procedures
1806.7 The audit procedures for related parties are applied at different times throughout the audit. The timing is generally as
follows:
a. At the start of the audit perform risk assessment procedures and identify obvious or known related parties so the
auditors can develop appropriate audit procedures and can recognize transactions with those parties when applying
other audit procedures.
b. In connection with other audit procedures applied to financial statement components.
c. Near the end of the audit, as a final review, to identify possible undisclosed transactions and to consider the
adequacy of disclosure of identified transactions.
1806.8 At Start of Audit. The identities of some related parties are known or obvious. For example, principal shareholders,
equity investees, parent-subsidiary relationships, and affiliates are usually known and should be communicated to those
working on the audit at the start of the engagement. Some of the procedures used at the start of an audit are as follows:
Inquiry of predecessor auditor to obtain knowledge of known related parties.
Review of prior years workpapers to use existing knowledge.
Discuss with the engagement team the susceptibility of the financial statements to material misstatement due to
error or fraud that could result from related party relationships and transactions.
Inquiry of management to obtain the names of related parties and identify material transactions with them during the
period, including any changes from the prior period.
Inquire of management and others within the entity to obtain an understanding of the controls over related party
Review of stockholder listings, pension and similar trusts, and investments for relationships that create related
parties.
Reading minutes of stockholders and directors meetings to obtain information on material transactions authorized
or discussed.
Review of other documents, such as income tax returns and regulatory filings, to identify related parties and related
party transactions.
Design and perform further audit procedures to obtain sufficient appropriate audit evidence about the assessed risks
of material misstatement associated with related party relationships and transactions.
Known related parties can be documented in ASB-CX-3.1. Auditors should update the list of related parties throughout the
engagement and communicate changes to all engagement team members. If other auditors are involved in the engagement,
for periods ending before December 15, 2012, auditors can use ASB-CL-14.2, Letter from Principal Auditor to Other Auditors
Regarding Related PartiesPeriods Ending before December 15, 2012 to help facilitate timely communication with other
auditors regarding known related parties and related party transactions. For periods ending on or after December 15, 2012,
the communication with component auditors about related parties is required, and auditors can use ASB-CL-14.8, Letter of
Instructions from Group Auditor to Component Auditors When Reference Will be Made or ASB-CL-14.9, Letter of
Instructions from Group Auditor to Component Auditors When Responsibility Will be Assumed.
1806.9 Assessment of the Risk of Material Misstatement Associated with Related Parties. AU-C 550 states that the
auditor should
Identify and assess the risks of material misstatement associated with related party relationships and transactions.
Determine whether any of those risks are significant risks.
Treat significant related party transactions outside the normal course of business as significant risks.
Obtain an understanding of the controls surrounding related party relationships and transactions.
As previously discussed, the identification of related parties and the potential risks that could result in material misstatements
can be documented at ASB-CX-3.1. The understanding of controls over related party relationships and transactions can be
documented at ASB-CX-4.1 and ASB-CX-4.2.1. Using the PPC audit approach, any identified risks of material misstatement,
including significant risks, are carried forward to the Risk Assessment Summary Form at ASB-CX-7.1. The authors believe
that the risk of material misstatement associated with related party relationships and transactions can either be assessed at
the financial statement level or the class of transactions, account balance, or disclosure level.
1806.10 Risks of material misstatement at the financial statement level often relate to risks that are not necessarily identifiable
with specific relevant assertions at the class of transactions, account balance, or disclosure level. Responses to risks at the
financial statement level are discussed beginning at paragraph 306.48. If the risk is pervasive or not necessarily identifiable
with specific relevant assertions at the class of transactions, account balance, or disclosure level, the auditor could document
it and his or her planned response in Part I of ASB-CX-7.1.
1806.11 If related party risks are identifiable with specific relevant assertions at the class of transactions, account balance, or
disclosure level, the auditor could document it and his or her planned response with the other risks for that audit area in Part II
of ASB-CX-7.1.
1806.12 In Connection with Other Procedures. As audit procedures are applied to specific financial statement
components, transactions with known related parties are substantiated and accumulated for disclosure consideration, and
other related party transactions may be identified. Most procedures relate to receivables and payables, but some procedures
in other areas may produce relevant information. Exhibit 18-9 lists the more common procedures. Occasionally, auditors may
discover that the client is settling related party receivables or payables before year end and renewing them after year-end.
When auditors encounter such practices, they need to consider whether the settlements of the receivables/payables are
accounted for based on their economic substance and whether such transactions are adequately disclosed in the financial
statements.
1806.13 The auditor should remain alert when inspecting documents or records for arrangements or other information that
may indicate the existence of previously unidentified related party relationships or transactions. Specifically, the auditor
should inspect the following for the existence of related party relationships or transactions that management has not identified
or disclosed to the auditor:
Bank and legal confirmations.
Minutes of meetings of shareholders and those charged with governance.
Other records or documents considered necessary.
1806.14 AU-C 550.23 requires the auditor to perform certain procedures when related parties or significant related party
transactions are identified that management has not previously identified or disclosed. Those procedures are outlined at
ASB-AP-2.
1806.15 Final Review. As discussed in paragraph 1806.7, generally the purpose of final review procedures is to evaluate
whether there are undisclosed related parties transactions and to evaluate the adequacy of disclosure of identified
transactions. Some audit procedures, of an overall review or analytical nature that are performed near the end of the audit,
may disclose related party transactions. Generally, those procedures include:
a. Scanning accounting records for large, unusual, or nonrecurring transactions or balances, particularly those around
the end of the period.
b. Considering the nature and extent of business with major customers, suppliers, borrowers, or lenders for
undisclosed relationships.
c. Considering whether transactions are occurring, but not being given accounting recognition, e.g., a principal owner
absorbing business expenses.
Exhibit 18-9
Additional Related Party Procedures in Conjunction
with Other Audit Procedures
Financial Statement
Component
Audit
Procedure
Information on Related
Party Transactions
Cash Confirmation Compensating balance or guarantee arrangements
for or by related parties.
Cash disbursements Vouching Identify and accumulate payments to related
parties.
Receivables Confirmation/Vouching Separate schedules may be prepared for related
party receivables and loans to officers, and trade
receivables. Identify guarantors of receivables and
determine whether they are related parties.
Payables Confirmation/Vouching Payables to related parties may be segregated from
trade payables. Terms of related party payables
may be confirmed.
Commitments and
contingencies
Vouching Inspection of invoice detail from law firms may
indicate related parties.
* * *
1806.16 Substantiating Material Related Party Transactions. Generally, the audit procedures applied to substantiate
material transactions with related parties are the normal procedures applied to other significant transactions, e.g., vouching,
confirmation, and recomputation. The auditor could also consider arranging for audits of intercompany account balances at
concurrent dates, even if the fiscal years differ, and examination of specified, important, and representative related party
transactions by the auditors for each of the parties, with exchange of relevant information. However, an auditor needs to
understand the business purpose of material related party transactions and that proper authorization of such transactions,
such as by management, the board of directors, or those charged with governance, is more important than for similar
transactions with unrelated parties.
1806.17 If an auditor has identified a risk of material misstatement related to the nature, purpose, or recording of such
transactions, additional procedures for these circumstances are suggested in AU-C 550.A35, including the following:
a. Confirmation of information, e.g., terms and guarantees, with the other party.
b. Inspection of evidence in possession of the other party.
c. Confirmation or discussion of significant information with intermediaries, such as banks or agents.
d. Reference to financial publications, credit agencies, etc., if there is reason to believe unfamiliar parties, (e.g.,
customers or suppliers) may lack substance.
e. With respect to material uncollected balances, guarantees, and other obligations, obtaining information about the
financial capability of the other party from audited or unaudited financial statements, tax returns, reports issued by
regulatory, taxing, or credit agencies, etc.
Other procedures that may be necessary to understand the transaction or obtain evidence about it, include consultation with
persons knowledgeable about a particular specialized type of transaction, application of audit procedures at the related party,
or even audit of the related partys financial statements. Additionally, the auditor may consider obtaining representations from
senior management and those charged with governance about whether they or any other related parties engaged in any
transactions with the company during the period. The Related Party Confirmation at ASB-CL-12.4 can be used to obtain
information from owners, officers, directors, or others about the existence of related party transactions.
1806.18 When significant transactions outside the entitys normal course of business are identified, the auditor should inquire
of management about the nature of the transactions and whether related parties could be involved (AU-C 550.17).
1806.19 FASB ASC 850 and AU-C 550.25 indicate that representations about related party transactions should not imply that
the transactions were consummated on the equivalent of an arms length basis unless those representations can be
substantiated. AU-C 550.A45 notes that generally it is difficult to substantiate management representations that a related party
transaction was consummated on an arms length basis. AU-C 550.A46.48 provides some example procedures that might
be performed to substantiate such representations. If the representations can not substantiated, the auditor considers the
implications for his or her opinion on the financial statements.
1806.20 Related Party Transactions and Fraud. As discussed in section 302, AU-C 240, requires the auditor to consider
the existence of fraud risk factors when identifying and assessing risks of material misstatement due to fraud. A common
thread in many frauds is the use of related parties unknown to the auditor to facilitate management intentionally misstating the
financial statements (for example, selling real estate or other assets to a related party for artificial gain). Appendix A to AU-C
240 lists the following risk factors that may involve transactions with related parties:
Significant related party transactions not in the ordinary course of business (including transactions with related
entities that are unaudited or audited by another firm).
Significant, unusual, or highly complex transactions (particularly those close to year-end) that are difficult to assess
for substance over form.
Overly complex organizational structure involving unusual legal entities, or lines of managerial authority.
Difficulty in determining the organization or individual(s) that control the company.
Significant bank accounts (or subsidiary or branch operations) in tax-haven jurisdictions for which there does not
appear to be a clear business justification. [Any time a principal party to a transaction (such as a seller, buyer,
lender, or guarantor) is in a tax-haven jurisdiction, the auditor needs to consider the risk of undisclosed related-party
transactions.]
1806.21 When the auditor becomes aware that a transaction involves a guarantee or similar action by another party to
protect the principal from risk of loss, the auditor needs to seek information about the identity of the guarantor and the nature
and extent of the guarantee.
1806.22 Other procedures that can be performed to identify undisclosed related parties or to investigate potential
related-party transactions if the auditor decides to modify his or her procedures based on the consideration of identified fraud
risks include the following:
Review material cash disbursements, advances, and investments to consider whether the client provided funds to or
for the benefit of a related entity.
Discuss with tax and consulting personnel who have provided services to the client their knowledge of the clients
relationships and knowledge of related parties.
Discuss with intermediaries (such as lawyers, predecessor auditors, and others providing professional services to
the client) their knowledge of the identity of principal parties to material transactions.
Use sources of information about principal parties to material transactions (such as newspapers, phone books,
industry or trade publications, the Internet, etc.) to search for information about key members of management and
the company. (For example, the Internet can be used to search for corporation and limited partnership records in
which a particular persons name appears.)
The additional procedures discussed in paragraph 1806.17 may also be performed if the auditor decides to modify his or her
procedures based on the consideration of identified fraud risks.
1807 GOING CONCERN CONSIDERATIONS
1807.1 Ordinarily, the financial statements of an entity are prepared based on the assumption that the entity will continue as a
going concern. AU-C 570.01 provides examples of information that contradicts the going concern assumption, including:
a. An entitys inability to continue to meet its obligations without significant asset dispositions.
b. Debt restructuring.
c. Loan covenant violations.
d. Externally forced revision of its operations.
e. Similar actions.
Proposed Clarified Standard
1807.2 SAS No. 59, The Auditors Consideration of an Entitys Ability to Continue as a Going Concern, is currently effective
and codified as AU 341. However, SAS No. 122, Statements on Auditing Standards: Clarification and Recodification,
redesignated the guidance in AU 341 as AU-C 570. The guidance has been conformed to reflect updated section and
paragraph cross references, but has not otherwise been subjected to a comprehensive review or revision. All references in
this section are to AU-C 570.
1807.3 On November 11, 2011, the ASB issued an exposure draft of a proposed SAS, The Auditors Consideration of An
Entitys Ability To Continue As A Going Concern (Redrafted) that would supersede AU 341 and AU-C 570. The proposed
guidance redrafts AU-C 570 for the ASBs clarity drafting conventions; however, efforts at convergence with the international
auditing standards have been delayed pending anticipated guidance from the FASB addressing going concern (discussed
beginning at paragraph 1807.16).
1807.4 In addition to revisions in accordance with the ASBs clarity drafting conventions, the exposure draft includes the
following changes from existing standards:
A requirement to obtain written representations from management if there is substantial doubt about the entitys
ability to continue as a going concern.
Interpretation No. 1, Eliminating a Going-Concern Explanatory Paragraph From a Reissued Report, has been
incorporated into the standard.
1807.5 The proposed guidance is expected to be effective concurrent with the clarity standards contained in SAS Nos.
122-125 (periods ending on or after December 15, 2012). The comment period for this exposure draft ends January 31, 2012.
Auditors should be alert for the issuance of a final standard. Future editions of this Guide will update the status of this
proposed guidance.
Evaluating the Entitys Ability to Continue as a Going Concern
3(108)
1807.6 Under AU-C 570, the auditor has two responsibilities related to an entitys ability to continue as a going concern.
a. To evaluate whether conditions or events identified during the audit, when considered in the aggregate, indicate
there could be substantial doubt about the entitys ability to continue as a going concern for a reasonable period of
time, i.e., a period not to exceed one year beyond the balance sheet date.
b. If the auditor concludes there is substantial doubt about the entitys ability to continue as a going concern, the
auditor should gather evidence and consider the effect on the financial statements, the adequacy of disclosures,
and the audit report.
The evaluation discussed in item a. is required for all audits, and item b. is necessary only when the auditor has concluded
there is substantial doubt.
1807.7 Assessing Results of Audit Procedures. AU-C 570 does not mandate any specific procedures designed solely to
search for conditions or events that might affect the entitys ability to continue as a going concern, but it does require specific
assessment of whether audit procedures that were applied identified such conditions and events. The following customary
auditing procedures listed at AU-C 570 are examples of procedures that might provide evidence about such conditions and
events:
a. Applying analytical procedures.
b. Reviewing subsequent events.
c. Reviewing compliance with the terms of debt and loan agreements, with particular attention to debt maturing in the
near term.
d. Reading the minutes of meetings of stockholders, board of directors, and other important committees.
e. Inquiring of an entitys legal counsel about litigation, claims, and assessments.
f. Confirming with related and third parties the details of arrangements to provide or maintain financial support.
g. Reviewing significant events and transactions, such as termination of major proposed transactions, disposal of
significant facilities, or discontinuance of operations of a segment.
h. Reviewing, if available, forecasts of cash flow or profit.
i. Reviewing correspondence with banks concerning credit lines and similar commitments.
j. Considering whether there has been loss of a major customer, license, supplier, franchise, or market.
Some of these procedures would be applied during audit planning as well as during the audit or when concluding the audit,
e.g., applying analytical procedures and reading minutes. Preliminary analytical procedures, particularly, may identify
unfavorable trends or other matters that raise questions about going concern status. Thus, while the auditor may document
the evaluation of going concern status as part of concluding the audit, the auditor needs to modify planned audit procedures
as soon as going concern problems are identified.
1807.8 Conditions and Events. Examples of conditions or events that indicate there could be substantial doubt about the
entitys ability to continue as a going concern for a reasonable period include the following:
a. Negative trends.
(1) Recurring operating losses.
(2) Working capital deficiencies.
(3) Negative cash flows from operating activities.
(4) Adverse key financial ratios.
b. Other indications of possible financial difficulties.
(1) Default on loan or similar agreements.
(2) Arrearages in dividends.
(3) Denial of usual trade credit from suppliers.
(4) Restructuring of debt.
(5) Need to seek new sources or methods of financing.
(6) Need to dispose of substantial assets.
c. Internal matters.
(1) Work stoppages or other labor difficulties.
(2) Substantial dependence on the success of a particular project.
(3) Uneconomic long-term commitments.
(4) Need to significantly revise operations.
d. External matters that have occurred.
(1) Legal proceedings, legislation, or similar matters that might jeopardize an entitys ability to operate.
(2) Losing a key franchise, license, or patent.
(3) Losing a principal customer or supplier.
(4) Uninsured or underinsured catastrophe such as drought, earthquake, or flood.
If necessary, the auditor needs to obtain additional information about any conditions and events identified.
1807.9 Consideration of Management Plans. After considering the identified conditions and events, an auditor who
believes there is substantial doubt about the entitys ability to continue as a going concern should obtain information about
managements plans to mitigate the effect of those conditions or events. The auditor should assess the likelihood that
managements plans can be effectively implemented. Considerations relating to these plans may include:
a. Plans to dispose of assets.
(1) Restrictions on disposal of assets, such as encumbrances on assets and covenants in loan or similar
agreements that limit asset dispositions.
(2) Apparent marketability of assets that management plans to sell.
(3) Possible direct or indirect effects of disposal of assets.
b. Plans to borrow money or restructure debt.
(1) Availability of debt financing, both existing agreements and commitments such as lines of credit, arrangements
for factoring receivables, or sale-leaseback agreements.
(2) Existing or committed arrangements to restructure or subordinate debt or to guarantee loans to the entity.
(3) Possible effects on managements borrowing plans of existing restrictions on additional borrowing or the
sufficiency of available collateral.
c. Plans to reduce or delay expenditures.
(1) Feasibility of plans to reduce overhead or administrative costs, to postpone maintenance or research and
development projects, or to lease rather than purchase assets.
(2) Possible direct or indirect effects of reduced or delayed expenditures.
d. Plans to increase ownership equity.
(1) Apparent feasibility of plans to increase ownership equity, including existing agreements or commitments to
raise capital.
(2) Existing or committed arrangements to reduce current dividend requirements or to accelerate cash
distributions from affiliates or other investors.
If necessary, the auditor should apply audit procedures to obtain evidential matter about management plans (including any
available prospective financial statements). When evaluating managements plans to continue as a going concern, an
appropriate level of professional skepticism is important.
1807.10 Procedures When There Is Substantial Doubt. After considering managements plans, the auditor should decide
whether substantial doubt remains. If the auditor concludes that there is still substantial doubt about the entitys ability to
continue as a going concern, the auditor should:
a. Consider the Possible Effects on the Financial Statements and the Adequacy of Disclosures. Consideration of
disclosures is required even if the auditors initial substantial doubt is eased based on consideration of
managements plans. In that case, the auditor should consider the need for disclosure of the conditions and events
that initially caused substantial doubt. The disclosure checklist at ASB-CX-13 includes the required disclosures.
b. Modify the Audit Report. The appropriate modification of the audit report when the auditor concludes there is
substantial doubt is to add an emphasis-of-matter paragraph following an unmodified (unqualified) opinion
paragraph. According to AU-C 570.12, the emphasis-of-matter paragraph should contain the phrase substantial
doubt about its (the companys) ability to continue as a going concern or similar wording that includes the terms
substantial doubt and going concern.
4(109)
AU-C 570.13 (footnote 8) prohibits the auditor from using conditional
language in the emphasis-of-matter paragraph about the entitys ability to continue as a going concern. Language
such as if the company is unable to renew its debt agreements, there may be substantial doubt about the entitys
ability to continue as a going concern is not permitted. Note that the ability to continue as a going concern is a
separate consideration from the ability to recover recorded assets or the proper classification of assets and
liabilities. That is, the auditors report should be modified if the auditor concludes there is substantial doubt about the
entitys ability to continue as a going concern, even if it does not affect recoverability and classification of assets and
liabilities. For example, a securities broker whose assets and liabilities are recorded at market value would still
receive an auditors report with an emphasis-of-matter paragraph if there was substantial going concern uncertainty.
PPCs Guide to Auditors Reports, Chapter 6, provides report examples.
c. Communicate with Those Charged with Governance. The auditor should communicate the following to those
charged with governance:
The nature of the events or conditions identified.
The possible effect on the financial statements and the adequacy of related disclosures in the financial
statements.
The effects on the auditors report.
1807.11 Documentation Requirements. When conditions or events cause the auditor to believe there is substantial doubt
about the entitys ability to continue as a going concern for a reasonable period of time, AU-C 570.18 requires documentation
of the following:
Conditions or events causing the auditor to believe there is substantial doubt about the entitys ability to continue as
a going concern.
The elements of managements plans most significant to overcoming the adverse effects of the conditions or events.
The auditing procedures performed and evidence obtained to evaluate those significant elements.
The auditors conclusion about whether substantial doubt remains or is alleviated and the possible effects on the
financial statements and related disclosures.
The possible effects on the auditors report, including the auditors conclusion about whether an emphasis-of-matter
paragraph is necessary and whether to modify the auditors report for inadequate disclosures.
1807.12 The authors recommend that auditors use a generalized audit program step or checklist to document going concern
considerations. That will ensure that the assessment will be made on every audit. The general auditing and completion
procedures program at ASB-AP-2 includes such a step. If the audit procedures have identified any of the conditions and
events, the auditor completes the Going Concern Checklist at ASB-CX-16.1. That checklist summarizes the consideration of
managements plans and other procedures necessary when conditions and events are identified and enables auditors to
meet the documentation requirements of AU-C 570.
Audit Procedures When Reissuing a Report to Eliminate a Going Concern Uncertainty Paragraph
1807.13 Sometimes the conditions and events that caused an auditor to include an emphasis-of-matter paragraph for a
going concern uncertainty in his or her report are resolved after the report is issued. For example, the client may obtain critical
financing after the report date. This might prompt the client to ask the auditor to reissue his or her report without the going
concern uncertainty paragraph. Although professional standards do not require that the auditor comply with such a request,
the auditor is not precluded from doing so.
1807.14 The authors believe the auditor should exercise caution before agreeing to such requests because matters in
addition to those resolved may exist that raise similar questions about the entitys ability to continue as a going concern.
When determining whether to reissue the report to eliminate the going concern uncertainty, an interpretation at AU 9341
indicates that the auditor should:
Perform audit procedures on the event or transaction that resulted in the entitys request to reissue the report without
a going concern uncertainty paragraph.
Perform additional procedures that will enable the auditor to assess whether there is substantial doubt about the
entitys ability to continue as a going concern at the date of the reissuance. The auditor should reconsider the
conditions and events discussed in paragraph 1807.8 at the date of the reissuance.
Update his or her subsequent events review (see section 1805) through the reissuance date.
1807.15 When reconsidering the entitys going-concern status, the auditor is only required to assess the entitys ability to
continue as a going concern for a one-year period from the date of the financial statements. In some circumstances, however,
the auditor might consider whether a going concern uncertainty paragraph will be necessary in the clients next annual audit.
This may be done to avoid a situation in which the auditor reissues a report to eliminate a going concern uncertainty
paragraph only to turn around and have a going concern uncertainty in the auditors report for the next annual audit a few
months later. Such a consideration is not required, because that would extend the auditors responsibility beyond the
one-year period required by AU-C 570, but, the auditor is not precluded from considering it, and some firms do so as a matter
of policy.
Proposed Accounting Standard on Going Concern
1807.16 The FASB issued proposed guidance to move to the accounting standards the going concern guidance that
currently resides only in the auditing standards. Although the proposed guidance includes much of the same guidance
currently in AU-C 570, it would:
Change the time horizon for managements evaluation. As discussed at paragraph 1807.6, AU-C 570 requires that
the auditor, and by implication management, evaluate the entitys ability to continue as a going concern for a
reasonable period of time, not to exceed one year.
In addition to the disclosures described at paragraph 1807.10(a), the proposed guidance would add disclosure
requirements applicable when financial statements are not prepared on a going concern basis. In that case, the
entity would disclose that fact, together with the basis on which the financial statements were prepared and the
reason why the entity is not considered a going concern.
1807.17 The FASB has continued to deliberate on the project and reached the following decisions as of the date of this
Guide:
a. To broaden the scope of the project to:
(1) Address the risks and uncertainties about an entitys ability to continue as a going concern and to meet its
obligations.
(2) Provide guidance on the liquidation basis of accounting.
(The FASB now refers to the project as Disclosures about Risks and Uncertainties and the Liquidation Basis of
Accounting.)
b. To clarify that the time period for going concern assessment is generally, but not limited to, 12 months from the end
of the reporting period. However, the time frame is neither open-ended nor an indefinite period.
c. To provide principles-based guidance on the liquidation basis of accounting, which applies when liquidation is
imminent.
The FASB has indicated that the input of the SEC and PCAOB should be considered in any proposed Accounting Standards
Update. As of the date of this Guide, the FASB has indicated that a revised exposure draft will be issued in the first half of
2012. For additional information, see the FASBs project page at www.fasb.org.
1808 RISKS AND UNCERTAINTIES
1808.1 In general terms, uncertainty stems from the inability to predict the future, and risks exist because uncertainty exists.
FASB ASC 275, Risks and Uncertainties, requires
Disclosure of risks and uncertainties that could significantly affect the amounts reported in the financial statements
or the near-term functioning of the company.
Communication to financial statement users of the inherent limitations in financial statements.
1808.2 GAAP attempts to accomplish this purpose not by requiring disclosure of all risks and uncertainties, which would be
an impossible task, but by requiring disclosure of certain risks and uncertainties that meet specified criteria. Disclosure is
required in the following four areas:
Nature of operations.
Use of estimates in the preparation of financial statements.
Certain significant estimates.
Current vulnerability due to certain concentrations.
1808.3 The first two disclosures, nature of operations and use of estimates, are required for all financial statements. The
second two are required only for estimates and concentrations that meet specified criteria.
Scope and Applicability
1808.4 FASB ASC 275 applies regardless of the entitys size, and it applies to both public and nonpublic companies. It does
not apply to condensed or summarized interim financial statements. FASB ASC 275 states that it applies to financial
statements prepared in conformity with GAAP applicable to nongovernmental entities. However, the issue relating to
applicability of FASB ASC 275 to OCBOA financial statements is not quite that clear cut, as discussed in the following
paragraphs.
1808.5 OCBOA Financial Statements. GAAP does not address the applicability of the risks and uncertainties disclosure
requirements to OCBOA financial statements Absent any such guidance in GAAP, the only authoritative literature on the
subject is AU-C 800, Special ConsiderationsAudits of Financial Statements Prepared in Accordance With Special Purpose
Frameworks. AU-C 800.17 requires the auditor to evaluate whether the financial statements include informative disclosures
similar to those required by GAAP where the special purpose financial statements contain items that are the same as, or
similar to, those in GAAP financial statements. The standard further requires the auditor to evaluate whether additional
disclosures related to matters not specifically identified on the face of the financial statements or other disclosures are
necessary for fair presentation of the financial statements. AU-C 800.A22 notes that such disclosures may include significant
uncertainties. If necessary for fair presentation, the standard notes that the special purpose financial statements would include
the same disclosure required by GAAP or a disclosure that communicates the substance of those requirements.
1808.6 As a practical matter, the nature of a companys business may already be disclosed in many OCBOA financial
statements, as may economic dependence (which in many cases will satisfy the requirements for disclosure of
concentrations). That leaves only the disclosures related to estimatesuse of estimates and certain significant estimates.
Often, preparation of OCBOA financial statements may not require significant estimates. Consequently, FASB ASC 275 may
have little or no effect on many OCBOA financial statements. However, the applicability of the guidance and the need for its
disclosures is determined on a case-by-case basis, based on the facts and circumstances in each individual engagement.
1808.7 Excluded Items. Certain risks and uncertainties are explicitly excluded from the disclosure requirements of FASB
ASC 275. These include risks and uncertainties that might be associated with the following:
Management or key personnel (for example, loss of the owner/manager of a small business).
Proposed changes in government regulations.
Proposed changes in accounting principles.
Deficiencies in a companys internal control.
Acts of God.
War.
Sudden catastrophes.
Disclosures about Risks and Uncertainties
1808.8 Nature of Operations. All financial statements should include a description of the major products or services the
reporting entity sells or provides and the entitys principal markets, including the locations of those markets. Finally, if the
entity operates in more than one business, disclosures must indicate the relative importance of each business and the basis
for determining relative importance. If all or most of a companys sales are credit sales, disclosures about concentrations of
credit risk required by FASB ASC 825 may accomplish the disclosure of the companys principal markets.
1808.9 Use of Estimates. FASB ASC 275 requires financial statement disclosures to include an explanation that preparation
of financial statements requires the use of managements estimates and acknowledges that the disclosure will usually be
standardized (that is, boilerplate). The disclosure normally should be included in the summary of significant accounting
policies.
1808.10 Certain Significant Estimates. FASB ASC 275 requires additional disclosures for certain significant estimates. The
additional disclosures are required when the estimate meets both of the following criteria:
It is at least reasonably possible that the estimate of the effect on the financial statements of a condition, situation, or
set of circumstances that existed at the date of the financial statements will change in the near term due to one or
more future confirming events, and
the effect of the change would be material to the financial statements.
Near term means within a period of time not to exceed one year from the date of the financial statements as explained in
paragraph 1808.16.
1808.11 This does not mean that the auditor is expected to predict future events. Essentially, disclosure is required when (a)
the condition requiring the estimate existed at the date of the financial statements, and (b) it is known to be at least reasonably
possible that the estimate may change by a material amount due to future events.
1808.12 Current Vulnerability Due to Concentrations. FASB ASC 275 also requires disclosure of concentrations that meet
certain criteria. The types of concentrations that should be considered for disclosure are as follows:
Concentrations in the volume of business transacted with a particular customer, supplier, or lender.
Concentrations in revenue from particular products or services.
Concentrations in the available sources of supply of materials, labor, or services; or of licenses or other rights used
in the entitys operations.
Concentrations in the market or geographic area in which an entity conducts its operations.
1808.13 The guidance does not specifically define concentration. It merely states that vulnerability from concentrations
occurs when an entity is exposed to a greater risk of loss than would have existed if the entity had mitigated its risk through
diversification. A concentration is of concern when it involves something that cannot be easily replaced, such as the sole
domestic supplier of a raw material critical to the companys production process. Concentrations may involve another entity
or individual, or they may involve a group of counterparties or items that have similar economic characteristics, such as a
group of customers that collectively expose the reporting entity to a particular kind of risk.
1808.14 Disclosure of concentrations is required only if certain criteria are met. Those criteria are as follows, and they should
all be met for disclosure to be required:
The concentration exists at the date of the financial statements (the balance sheet date).
The concentration makes the enterprise vulnerable to the risk of a near-term severe impact.
It is at least reasonably possible that the events that could cause the severe impact will occur in the near term.
1808.15 Individual owner/managers play a critical role in the success and viability of many small businesses. The loss of
such an owner/manager would in many cases have a severe impact on the business. However, disclosure of the risks and
uncertainties associated with management or key personnel is not required, as noted in paragraph 1808.7.
1808.16 Summary of Disclosure Requirements. Exhibit 18-10 summarizes the disclosure requirements of FASB ASC 275.
Definitions of certain terms discussed previously and italicized in the exhibit follow:
Reasonably Possible. FASB ASC 275 states that the term reasonably possible is used consistently with its use in
FASB ASC 450. GAAP provides the following definitions:
Probable. The future event or events are likely to occur.
Reasonably Possible. The chance of the future event or events occurring is more than remote but less than
likely.
Remote. The chance of the future event or events occurring is slight.
Consequently, reasonably possible means anything more than remote but less than probable. FASB ASC 275 uses
the phrase at least reasonably possible, which means anything more than remote, or slight.
Near Term. This term is defined in FASB ASC 275 as a period of time not to exceed one year from the date of the
Material. FASB ASC 275 indicates that materiality for disclosure does not depend on the amount reported in the
financial statements, but rather on the materiality of the effect that using a different estimate would have on the
financial statements. Therefore, disclosure may be required even if an estimate resulted in the recognition of a small
financial statement amount, or no amount. When evaluating the potential materiality of a change in an estimate,
auditors would use the same materiality thresholds used to evaluate uncorrected misstatements at the conclusion of
the audit, as discussed in section 1812. Use of planning materiality, which is calculated in the planning stage of the
audit to establish the extent of audit tests, is not necessarily appropriate.
Severe Impact. Severe impact refers to a significant financially disruptive effect on the normal functioning of the
company. It is more than just material, but less than catastrophic. For example, a matter considered important
enough to influence a users decisions is material, but the matter may not be so significant as to disrupt the normal
functioning of the entity. An example of a catastrophic event is one that would result in bankruptcy, such as the
inability to obtain financing.
Exhibit 18-10
Disclosing Significant Risks and
Uncertainties under FASB ASC 275
Nature of
Operations
Use of
Estimates
Certain Significant
Estimates Concentrations
When to
Disclose?
Always. Always. It is at least
reasonably possible
that the estimate of
the effect on the
financial statements
of an existing
condition will
change in the near
term due to future
confirming events.
AND
The change in
estimate would
have a material
effect on the
financial
statements.
A concentration exists
at the financial
statement date.
AND
The concentration
increases the
companys
vulnerability to the
risk of a near-term
severe impact.
AND
It is reasonably
possible that the
events able to cause
the severe impact
could occur in the
near term.
Threshold for
Disclosing?
N/A N/A Potential material effect
on financial statements.
Potential severe impact to
the company.
Nature of
Operations
Use of
Estimates
Certain Significant
What to
Disclose?
Description of
products or
services.
Relative
importance of
each business.
Basis used to
determine
relative
Explanation
that
management
estimates are
used in
preparing
financial
statements.
Nature of
uncertainty.
An indication that it
is at least
reasonably possible
that a change in the
estimate will occur
in the near term.
Description of the
concentration.
Information about the
general nature of the
risk associated with
the concentration.
Additional disclosures
for concentrations of
labor subject to
Nature of
Operations
Use of
Estimates
Certain Significant
relative
importance of
each
business.
Principal
markets and
locations of
the markets.
in the near term.
labor subject to
collective bargaining
agreements or
foreign operations.
* * *
Audit Procedures
1808.17 The first two areas of disclosure, nature of operations and use of estimates, do not require significant audit work.
However, for the other two areas of disclosure, certain significant estimates and current vulnerability due to concentrations,
specific audit procedures are necessary. From an auditors perspective, the primary objectives are determining whether all
required risks and uncertainties disclosures have been identified (completeness) and evaluating the adequacy of presentation
and disclosure.
1808.18 Significant Estimates. Initially, an auditors objective is to determine whether all significant estimates have been
identified. The auditor may be aware of significant estimates from knowledge of the entitys business and operating
characteristics and the industry in which it operates. Some estimates may be identified as a result of risk assessment
procedures of further audit procedures applied to specific financial statement elements, such as accounts receivable and
inventory.
1808.19 Also, AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,
provides guidance that is useful. As discussed in section 1809, the auditing standard requires that the auditor obtain an
understanding, through the performance of risk assessment procedures, of how management identifies those transactions,
events, and conditions that may require accounting estimates. When doing so, the auditor is required to make inquires of
management about changes in circumstances that may result in new or changed estimates. The exhibit to AU-C 540 provides
numerous examples of accounting estimates that are included in financial statements. These and others are included in the
Significant Estimates Identification Checklist, ASB-CX-16.2, which serves as a memory jogger to assist in determining
whether all estimates have been identified by the client.
1808.20 The general auditing and completion procedures audit program (ASB-AP-2) includes a program step to document
that the auditor considered whether all material estimates were identified. In addition, the representation letter drafting form at
ASB-CL-3.1 includes language for representations the auditor may obtain related to significant estimates. See section 1809
for further discussion about auditing accounting estimates.
1808.21 AU-C 540 indicates that auditors are required to obtained sufficient appropriate evidence about whether the
disclosures in the financial statements related to accounting estimates are in accordance with GAAP. If there are significant
risks associated with an accounting estimate, auditors are also required to evaluate the adequacy of disclosure of estimation
uncertainty in the financial statements. AU-C 540.A130 notes that the importance of the auditors evaluation of the adequacy
of disclosure of estimation uncertainty increases as the range of possible outcomes of the estimate also increases in relation
to materiality.
1808.22 Whenever auditors conclude there is only a remote chance of an estimate changing, the authors believe it is good
practice to document such conclusions, particularly if the decisions are difficult or contentious. Such documentation can be
unstructured and can be done, for example, on the relevant workpaper or in a separate memo. If more structured
documentation is desired, the Significant Estimates Identification Checklist, ASB-CX-16.2, can be used. However, AU-C
540.22 notes that the auditor is required to document the basis for conclusions pertaining to the reasonableness of
accounting estimates and their disclosure where there are significant risks.
1808.23 Risk-reduction Techniques. If the criteria for disclosure in paragraph 1808.10 are not met because the potential loss
or uncertainty is mitigated by use of some risk-reduction technique, disclosure is not required. However, FASB ASC 275
states that disclosure, including a description of the risk-reduction technique, is still encouraged. If that disclosure is included,
unless the auditor has obtained the necessary level of assurance that the risk-reduction technique will actually work, it is
important that the description of the technique not imply that it will be effective. Wording such as management expects
would be used instead.
1808.24 If disclosure is not made because the risk is considered to be mitigated, the auditor obtains reasonable assurance
that the risk-reduction technique will be effective. Essentially, the burden of proof would be on the client, and the disclosure
would be made unless the client can provide the necessary assurance. The auditor should obtain sufficient appropriate audit
evidence, including as necessary, independent corroboration, regarding a clients assertion that disclosure is unnecessary. In
complex situations, obtaining such assurance may require the use of specialized expertise, and the auditor may need to
consider the requirements for use of a specialist as discussed in section 906.
1808.25 Lawyers Letters. FASB ASC 275 supplements FASB ASC 450 relating to material pending and threatened litigation,
claims, and assessments. Auditors may need to make additional inquiries of clients attorneys to supplement the standard
inquiry letters as discussed in section 1803 to obtain sufficient information. For example, the auditor may make inquiries about
the likelihood of matters affecting a loss contingency in the near term. Or, follow-up may be necessary to assist the
practitioner in determining whether it is at least reasonably possible that an estimate could change by a material amount.
However, evaluation of whether a possible change in estimate is material is based on the auditors judgment, and not on any
materiality levels included in the attorneys letter response.
1808.26 Current Vulnerability Due to Concentrations. The audit approach for concentrations is similar in many respects to
the audit approach for significant estimates. That is, initially, the auditors objective is to determine whether all concentrations
have been identified. Once an auditor has identified concentrations, evaluation of disclosure can be documented on the
relevant workpaper, by memo, or by using the Concentrations Identification Checklist, ASB-CX-16.3. The auditor may be
aware of concentrations from knowledge of the entitys business and operating characteristics and the industry in which it
operates. Some concentrations may be identified as a result of audit procedures applied for specific financial statement
elements.
1808.27 One significant difference between auditing disclosures of concentrations and auditing disclosures of significant
estimates is that the threshold for disclosure is different. For concentrations, the threshold is severe impact, whereas for
significant estimates, the threshold is material.
1808.28 The practice aids in this Guide allow the auditor to document audit procedures related to concentrations. In addition,
the representation letter drafting form at ASB-CL-3.1 includes language for obtaining management representations related to
concentrations.
1808.29 Wording the Disclosures. Applying FASB ASC 275 requires significant judgment on the part of both the auditor
and the client. However, the accounting standards contains only disclosure requirements. They do not require amounts to be
recorded in the financial statements. For that reason, an approach of when in doubt, disclose is generally recommended. In
a sense, by making the disclosure, the client, as well as the auditor, transfers some of the risk due to uncertainties in the
financial statements to the financial statement users themselves. By not making the disclosures, however, the client and the
auditor forego an opportunity to reduce the risk that a user may successfully assert in litigation that the disclosures should
have been made.
1808.30 When faced with including disclosures about estimates or concentrations, clients may have concerns that the
required disclosures will include information considered by management to be confidential. This is particularly true for
disclosure of certain concentrations. Other concerns may include that the disclosures are too negative and could place a
company at a competitive disadvantage (for example, by providing competitors with information about a companys strategy
for reducing excess inventory). The guidance provides flexibility in wording the disclosures, so they can generally be worded
in a manner that does not place the client at a competitive disadvantage. For example, when disclosing a concentration,
phrases such as a significant portion or a substantial percentage are appropriate. The guidance does not require that the
disclosure name names and give percentages.
1809 ACCOUNTING ESTIMATES AND FAIR VALUE
5(110)
1809.1 Some financial statement items cannot be measured precisely but can only be estimated. Those items are referred to
as accounting estimates. Fair value measurements are a type of accounting estimate. Accounting estimates may be
recognized in the financial statements (for example, the allowance for doubtful accounts or an impairment adjustment) or only
disclosed (for example, disclosure of the fair value of financial instruments).
1809.2 AU-C 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
[formerly SAS No. 57 (AU 342) and SAS No. 101 (AU 328)], provide the authoritative guidance for auditing accounting
estimates, including fair values.
1809.3 Objectives. The objectives of the auditor with respect to accounting estimates are to obtain sufficient appropriate
audit evidence about whether (a) accounting estimates, including fair values, recognized or disclosed in the financial
statements are reasonable and (b) related financial statement disclosures are adequate.
1809.4 Requirements. The requirements that should be followed to achieve those objectives are summarized in Exhibit
18-11.
Exhibit 18-11
Requirements for Auditing Accounting Estimates, Including Fair Values
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice Aids
Risk Assessment Procedures and Related
Activities
When obtaining an understanding of the entity and its
environment, including internal control, obtain an
understanding of the following to provide a basis for
identifying and assessing risks of material
misstatement for accounting estimates:
GAAP requirements relevant to accounting
estimates, including related disclosures.
How management identifies transactions, events,
and conditions that may require accounting
estimates. In obtaining this understanding, inquire
of management about changes in circumstances
that may give rise to new, or the need to revise
existing, accounting estimates.
How management makes the accounting
estimates and the data on which they are based,
including
the method, which may include a model,
used in making the estimates;
relevant controls;
whether management used a specialist;
the assumptions underlying the estimates;
ASB-CX-4.1
ASB-CX-4.2
ASB-CX-5
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice Aids
whether there has been or ought to have
been a change from the prior period in the
methods or assumptions used in making the
estimates and, if so, why; and
whether and how management assessed the
effect of estimation uncertainty.
Review the outcome of accounting estimates included
in the prior period financial statements or, if applicable,
their subsequent reestimation in the current period.
Identifying and Assessing the Risks of Material
Misstatement
In identifying and assessing risks of material
misstatement, evaluate the degree of estimation
uncertainty associated with an accounting estimate.
AU-C 540.10 ASB-CX-3.1
ASB-CX-7.1
Determine whether any accounting estimates with high
estimation uncertainty give rise to significant risks.
AU-C 540.11 ASB-CX-3.1
ASB-CX-7.1
Responding to the Assessed Risks of Material
Misstatement
Based on the assessed risks of material misstatement,
determine:
Whether management appropriately applied
GAAP relevant to the accounting estimate.
Whether the methods for making accounting
estimates are appropriate and consistently
applied and whether any changes from the prior
period in accounting estimates or the methods for
making them are appropriate in the
circumstances.
ASB-AP-3 through
ASB-AP-14
Perform one or more of the following, depending on
the nature of the accounting estimate:
Determine whether events occurring up to the
date of the auditors report provide audit evidence
about the accounting estimate.
Test how management made the accounting
estimate and the data on which it is based. In
doing so, evaluate whether
the measurement method is appropriate in
the circumstances,
the assumptions used by management are
reasonable in light of the measurement
objectives of GAAP, and
the data on which the estimate is based are
sufficiently reliable.
Test the operating effectiveness of the controls
over how management made the accounting
estimate and perform appropriate substantive
procedures.
Develop a point estimate or range to evaluate
managements estimate. For this purpose
If the assumptions or methods used to make
the estimate differ from managements,
ASB-AP-3 through
ASB-AP-14
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice Aids
obtain an understanding of managements
assumptions or methods sufficient to
establish that the auditors point estimate or
range takes into account relevant variables
and to evaluate any significant differences
from managements estimate.
If it is appropriate to use a range, narrow the
range, based on audit evidence available,
until all outcomes within the range are
considered reasonable.
In determining whether GAAP and managements
estimation methods have been properly applied and in
responding to the assessed risks of material
misstatement, consider whether specialized skills or
knowledge are required to obtain sufficient appropriate
audit evidence.
Further Substantive Procedures to Respond to
Significant Risks
For accounting estimates that give rise to significant
risks, evaluate the following:
How management considered alternative
assumptions or outcomes and why it rejected
them or how management otherwise addressed
estimation uncertainty in making the accounting
estimate.
Whether the significant assumptions used by
management are reasonable.
When relevant to the reasonableness of the
significant assumptions used by management or
the appropriate application of GAAP,
managements intent and ability to carry out
specific courses of action.
AU-C 540.15 ASB-AP-2,
Additional
Procedures to
Respond to
Significant Risks in
Accounting
Estimates
If management has not adequately addressed the
effects of estimation uncertainty on the accounting
estimates that give rise to significant risks, develop a
range to use in evaluating the reasonableness of the
accounting estimate if considered necessary.
AU-C 540.16 ASB-AP-2,
Additional
Procedures to
Respond to
Accounting
Estimates
risks, obtain sufficient appropriate audit evidence
about whether the following are in accordance with
GAAP:
Managements decision to recognize or not
recognize the accounting estimates in the
The selected measurement basis for the
AU-C 540.17 ASB-AP-2,
Additional
Procedures to
Respond to
Accounting
Estimates
Evaluating the Reasonableness of Estimates and
Determining Misstatements
Evaluate, based on the audit evidence, whether the AU-C 540.18 ASB-AP-2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice Aids
accounting estimates in the financial statements are
reasonable in the context of GAAP or are misstated.
ASB-CX-12.2
Disclosures
Obtain sufficient appropriate audit evidence about
whether the disclosures in the financial statements
related to accounting estimates are in accordance with
GAAP.
ASB-CX-13
risks, evaluate the adequacy of the disclosure of
estimation uncertainty in the financial statements in
AU-C 540.20 ASB-AP-2,
Additional
Procedures to
Respond to
Accounting
Estimates
Indicators of Bias
Review managements judgments and decisions made
in making accounting estimates to identify whether
there are indicators of possible management bias.
Documentation
For accounting estimates that give rise to
significant risks, the basis for conclusions about
the reasonableness of the accounting estimates
and their disclosure.
Any indicators of possible management bias.
* * *
1809.5 Strengthened Requirements under the Clarified Standards. AU-C 540 strengthens the pre-clarified requirements
in AU 342 by clarifying that the auditor should perform risk assessment procedures to identify and assess the risks of material
misstatement arising from estimates and perform further audit procedures in response to those risks. As part of performing
risk assessment procedures, auditors are required to obtain an understanding of internal controls over estimates to
understand how management identifies transactions, events, and conditions that may require accounting estimates and how
management makes the accounting estimates. Additionally, auditors should determine whether and how management
assessed the effect of estimation uncertainty, evaluate the degree of estimation uncertainty associated with an accounting
estimate, and determine whether accounting estimates with high estimation uncertainty give rise to significant risks. When the
auditor has determined that there is a significant risk associated with an accounting estimate, AU-C 540 outlines certain
procedures that should be performed. In addition to other substantive procedures, to respond to the risks of material
misstatement. The authors believe that those expanded requirements are consistent with existing risk assessment
requirements and do not conflict with AU 342. Therefore, this section and the related practice aids have been updated for
AU-C 540. Exhibit 18-11 indicates the practice aids in this Guide that fulfill the requirements of AU-C 540.
Accounting Estimates
1809.6 Preparation of financial statements normally requires making accounting estimates. AU-C 540.07 defines an
accounting estimate as an approximation of a monetary amount in the absence of a precise means of measurement. The
nature and reliability of information available to management when making estimates will vary. As a result, the degree of
estimation uncertainty associated with estimates will vary. The degree of estimation uncertainty affects the risk of material
misstatement of estimates. AU-C 540 defines estimation uncertainty as the susceptibility of an accounting estimate and
related disclosures to an inherent lack of precision in its measurement. Among other estimates, accounting estimates include
fair value accounting estimates and related disclosures.
1809.7 AU-C 540.A6 provides the following examples of circumstances when accounting estimates, other than fair value
accounting estimates, may be required:
a. Allowance for doubtful accounts.
b. Reserves for inventory obsolescence.
c. Depreciation methods or asset lives.
d. Impairment of an investment.
e. Warranty obligations.
f. Outcome of long-term contracts.
g. Litigation settlements and judgments.
1809.8 Examples of circumstances when fair value accounting estimates may be required include:
a. Complex financial instruments not traded in an active and open market.
b. Share-based payments.
c. Property or equipment held for disposal.
d. Certain assets or liabilities acquired in a business combination.
e. Certain nonmonetary exchanges.
1809.9 The exhibit to AU-C 540 provides additional examples of accounting estimates. In addition, ASB-CX-16.2, Significant
Estimates Identification Checklist, provides a listing of accounting estimates that may be present in the financial statements.
Auditing Accounting Estimates
1809.10 When auditing accounting estimates, AU-C 540 emphasizes that the auditor should follow a risk-based approach as
discussed in Chapters 3 and 4. Also, the auditor should understand the requirements of GAAP relating to relevant estimates,
including the pertinent disclosure requirements. The understanding of GAAP requirements will provide a basis for the
auditors evaluation of managements recognition and measurement of accounting estimates along with related disclosures
that may be necessary.
1809.11 Risk Assessment Procedures and Related Activities. AU-C 540.08 indicates that the auditor should obtain an
understanding of how management identifies and makes accounting estimates through the performance of risk assessment
procedures as part of obtaining an understanding of the entity and its environment, including internal control as discussed in
Chapter 3. This understanding helps the auditor in developing an expectation of the nature and type of accounting estimates
the client may have. Ultimately, the purpose of the auditors understanding is to identify and assess the risks of material
misstatement associated with accounting estimates. Specifically, the auditors understanding should include the following:
How management identifies transactions, events, and conditions that require accounting estimates.
How management makes estimates along with the underlying data used, including the methods, assumptions,
relevant controls, specialists required, changes from prior periods in method or assumptions, and whether and how
estimation uncertainty has been assessed.
1809.12 The auditor is also required to perform a review of the outcome of accounting estimates that were included in the
prior period. Generally, the outcome of an accounting estimate will differ from the amount that was recognized in the prior
period. By identifying and understanding the reasons for such differences, the auditor may obtain information about the
effectiveness of managements prior period estimation process, audit evidence that is pertinent to reestimation of prior
period estimates in the current period, or evidence of matters requiring disclosure in the financial statements such as
estimation uncertainty. In addition, AU-C 240, Consideration of Fraud in a Financial Statement Audit, requires a retrospective
review of managements judgments or assumptions related to significant accounting estimates included in prior period
financial statements to determine if there is an indication of management bias and a risk of material misstatement due to
fraud. As a practical matter, both reviews can be coordinated when reviewing prior period estimates.
1809.13 Through the performance of risk assessment procedures and related activities directed towards accounting
estimates, the auditor should identify and assess risks associated with the development of accounting estimates. In doing so,
the auditor is also required to evaluate the degree of estimation uncertainty associated with accounting estimates. The auditor
is also required to determine if those estimates with high estimation uncertainty represent significant risks. As noted in
Chapter 4, for identified significant risks, the auditor is required to understand the entitys controls, including control activities.
Accounting estimates with a higher degree of estimation uncertainty also might be susceptible to management bias.
1809.14 The following factors may influence the degree of estimation uncertainty associated with an accounting estimate:
Extent to which the estimate relies on judgment.
Sensitivity of the estimate to changes in assumptions.
Existence of measurement techniques that may mitigate the estimation uncertainty.
Length of the forecast period and the relevance of data taken from past events to forecast future events.
Availability of reliable data from external sources.
Extent to which observable or unobservable inputs are used.
1809.15 AU-C 540.A47 provides examples of accounting estimates that can have high estimation uncertainty. Such estimates
might have the following characteristics:
Highly dependent upon judgment.
Not calculated using recognized measurement techniques.
Similar estimates in the prior period had substantial differences from the actual outcome.
For fair value accounting estimates, a highly specialized, entity-developed model is used or for which there are no
observable inputs.
1809.16 The practice aids in this Guide allow the auditor to meet the requirements associated with risk assessment
procedures and related activities for auditing accounting estimates. The auditor can use ASB-CX-3.1 to document the
identification of accounting estimates and ASB-CX-4.1 to indicate how management identifies transactions, events, and
conditions that require accounting estimates. ASB-CX-4.2.1 can be used to document how management makes estimates
along with the underlying data used, including the methods, assumptions, relevant controls, specialists required, changes
from prior periods in the method or assumptions, and whether and how estimation uncertainty has been assessed. ASB-AP-1
includes a step that requires a review of the outcome of accounting estimates that were included in the prior period, which
also satisfies the requirements of AU-C 240. Lastly, the identification and assessment of risks associated with accounting
estimates, which includes the evaluation of the degree of estimation uncertainty, can be documented on ASB-CX-7.1.
1809.17 In addition, the Significant Estimates Identification Checklist at ASB-CX-16.2 also can be used by the auditor to
identify significant estimates in the financial statements. The representation letter drafting forms at ASB-CL-3.1 and
ASB-CL-3.2 include the required representation from management about whether they believe significant assumptions used
in making accounting estimates are reasonable.
1809.18 Responding to the Assessed Risks of Material Misstatement. As discussed in Chapter 4, the auditors further
audit procedures for identified accounting estimates should be responsive to the assessment risks of material misstatement
that relate to those estimates. As with all items recognized and measured in the financial statements, including those matters
required for disclosure, the auditor has a general requirement relating to estimates to determine whether GAAP, such as the
requirements of FASB ASC 825, has been properly applied by management. In addition, the auditor is responsible for
determining whether the methods used by management are appropriate and have been applied consistently. If there has
been a change from the prior period, in estimates or the methods, the auditor should determine if such changes are
appropriate in circumstances.
1809.19 In responding to assessed risks for accounting estimates, AU-C 540 requires the auditor to do one or more the
following:
Test the operating effectiveness of the controls over the how management made the estimate, along with
appropriate substantive procedures.
Determine if subsequent events up the date of the auditors report provide audit evidence about the estimate.
Test how management made the estimate and the underlying data, including the evaluation of the appropriateness
of the method, reasonableness of the assumptions, and the reliability of the underlying data.
Develop a point estimate or range to evaluate managements point estimate.
The approach selected by the auditor will normally depend on the nature of the estimate, the effectiveness of the procedure in
providing sufficient appropriate audit evidence, and the assessed risk of material misstatement, including if the risk is
considered to be a significant risk.
1809.20 Testing how management made the estimate and underlying data is often an appropriate response when the
accounting estimate is a fair value accounting estimate. Auditing fair value estimates is further discussed at paragraph
1809.39.
1809.21 AU-C 540.A93 notes that the auditors development of a point estimate or range to evaluate managements point
estimate might be an appropriate response when, for example:
The estimate is not derived from the routine processing of data by the accounting system.
Prior audit results for similar estimates indicate managements current estimation process is unlikely to be effective.
Controls relating to the development of the estimate are not well-designed or properly implemented.
Subsequent events contradict managements point estimate.
Alternative sources of relevant data are available to the auditor that can be used in developing a point estimate or
range.
1809.22 When developing a point estimate or a range, the auditor is required to understand managements assumptions and
methods if they vary from those the auditor uses. The understanding should be sufficient to ensure that the auditors point
estimate or range considers relevant variables, as well as to evaluate any differences in the auditors results from those of
management. Also, when the auditor finds it appropriate to use a range, the auditor should narrow the range until all
outcomes are considered reasonable. In other words, the auditor seeks to limit the range to reasonable outcomes versus all
possible outcomes. In doing so, the auditor eliminates outcomes that are unlikely to occur and continues narrowing the range
until all outcomes are considered to be reasonable. Typically, a range that has been narrowed to be equal or less than
performance materiality, as discussed in Chapter 3, is adequate for evaluating the reasonableness of managements point
estimate.
1809.23 Significant Risks. When the auditor has determined that there is a significant risk associated with an accounting
estimate, AU-C 540 outlines certain procedures that should be performed in addition to other substantive procedures
performed to respond to the risks of material misstatement. The focus is on how management has assessed the effect of
estimation uncertainty on the accounting estimate and how that uncertainty affects the appropriateness of the amount in the
financial statements, as well as the adequacy of disclosures. The auditor is required to evaluate:
How management considered alternative assumptions and why they were rejected or how estimation uncertainty
was addressed in making the accounting estimate (e.g. the use of a sensitivity analysis).
Whether the significant assumptions used by management are reasonable.
When relevant to the reasonableness of the significant assumptions used by management or the application of
GAAP, managements intent and ability to carry out specific course of action.
1809.24 If the auditor deems that that management has not adequately addressed the effects of estimation uncertainty, the
auditor should, when necessary, develop a range to evaluate the reasonableness of the estimate.
1809.25 Furthermore, for accounting estimates with significant risks, the auditor is required to obtain sufficient appropriate
evidence about whether managements decision to recognize, or not recognize, the estimate, as well as the measurement
basis, are in accordance with GAAP. For example, in certain cases, GAAP may prescribe that amounts should not be
recognized if they cannot be reasonably estimated or it is not practicable to estimate amounts. Even if amounts are not
recognized under GAAP, there may be a need for disclosure of the circumstances in the notes to the financial statements. In
some cases, there may be a need for the auditor to add an additional paragraph to the auditors report to emphasize the
matter.
1809.26 Evaluating the Reasonableness of Estimates and Determining Misstatements. When evaluating the
reasonableness of managements estimates, if the audit evidence supports a point estimate, a misstatement represents the
difference between the auditors point estimate and the amount recorded by management. If the auditor has developed a
range and managements estimate falls outside that range, the misstatement is at least the difference between managements
point estimate and the nearest point of the auditors range. For example, if the auditors range is $1,200 to $1,500 for the
allowance for uncollectible accounts, but the client has chosen to estimate $1,000 for the allowance, then there is at least a
$200 misstatement that should be included with other audit differences.
1809.27 Disclosures. AU-C 540 emphasizes that the auditor should obtain sufficient appropriate audit evidence about
whether the disclosures in the financial statements relating to accounting estimates are in accordance with GAAP. In fulfilling
this requirement, the auditor can refer to ASB-CX-13, Disclosure Requirements for Financial Statements of Nonpublic
Companies, to determine whether disclosures relating to accounting estimates are complete and appropriately presented.
The auditor would still need to determine whether enough audit evidence has been collected to support the matters presented
in the disclosures.
1809.28 When an accounting estimate has significant risks, the auditor is required to evaluate the disclosures pertaining to
estimation uncertainty in the financial statements. In some cases, even though the clients disclosures might comply with the
requirements of GAAP, the auditor may deem that they are inadequate in light of the circumstances and facts that are
involved. The auditors emphasis on the evaluation of the adequacy of disclosures would increase as the range of possible
outcomes for managements accounting estimate increases in relationship to materiality. Section 1809 discusses disclosures
required by GAAP that relate to significant estimates with a reasonable possibility of change in the near term.
1809.29 Indicators of Possible Management Bias. AU-C 540.21 requires the auditor to the review judgments and
decisions made by management when making accounting estimates to determine if there are any indicators of possible
management bias. Indications of management bias may affect the auditors conclusions regarding risk assessment and
whether there are implications for the rest of the audit. AU-C 540.A134 provides the following examples of indicators of
possible management bias regarding accounting estimates:
Changes in an estimate, or the underlying method, when management has made a subjective assessment that there
has been a change in circumstances.
The entity uses its own assumptions for fair value accounting estimates that are inconsistent with observable market
assumptions.
Selection or construction of significant assumptions that result in a favorable point estimate for managements
purposes.
Selection of a point estimate that indicates a pattern of optimism or pessimism.
1809.30 AU-C 240.32 also requires the auditor to review estimates for bias and evaluate whether underlying circumstances
represents a risk of material misstatement due to fraud. Similar to AU-C 540, AU-C 240 requires the auditor to evaluate
whether the judgments and decisions made by management when making the estimate indicate possible bias, even if they
are individually reasonable. If so, the auditor is required to reevaluate accounting estimates as a whole. The auditor might also
consider whether differences between estimates best supported by the audit evidence, and the estimates included in the
financial statements that are individually reasonable, indicate (in the aggregate) a possible bias on the part of management. If
management, for example, always chooses estimated amounts for the valuation of assets that are at the low end of the range
the auditor considers reasonable, the combined effect could result in a material misstatement of income. In that case, the
auditor would consider whether other recorded estimates reflect a similar bias and perform additional procedures to address
those estimates. The auditor might also consider whether managements estimates were at one end of the auditors
reasonable range in the prior year and at the other end in the current year. That could indicate the possibility that
management is using accounting estimates to manage earnings. If the auditor believes that is the case, he or she should
consider communicating the matter to those charged with governance as discussed in section 1815.
1809.31 AU-C 240.32 further requires auditors to perform a retrospective review of significant prior-year accounting estimates
to determine whether the underlying judgments and assumptions indicate possible bias. The items selected for review should
be those estimates based on highly sensitive assumptions or are significantly affected by judgments made by management.
The review may provide additional information about whether the current years estimates could be biased.
1809.32 Documentation. AU-C 540.22 requires the following matters related to accounting estimates to be included in audit
documentation:
For accounting estimates with significant risks, the basis of conclusions about the reasonableness of the estimate
and related disclosures.
Indicators of management bias.
Fair Value Measurements and Disclosures
1809.33 The requirements of AU-C 540 discussed in the paragraphs beginning with 1809.6 apply to the auditor when
auditing fair value accounting estimates. The following paragraphs discuss some the relevant accounting guidance and
auditing considerations that are unique to fair value measurements and disclosures.
1809.34 Accounting Standards. Generally accepted accounting principles provide a number of requirements for fair value
measurements and disclosures, as well as requirements for measurements that do not use the term fair value but are similar
to fair value measurements. The following is an overview of the fair value accounting requirements.
1809.35 FASB ASC 825 primarily requires certain entities to disclose (a) the fair values of financial instruments for which it is
practical to estimate fair values and (b) concentrations of credit risk. Disclosure about market risk of financial instruments are
encouraged, but not required. However, as described in the following paragraph, most small businesses are exempt from
FASB ASC 825s required disclosures about concentrations of credit risk and the fair value of financial instruments.
1809.36 FASB ASC 825-10-50-3 made disclosures about the concentrations of credit risk and fair value of financial
instruments optional for companies that meet the following criteria:
The company is a nonpublic company.
The companys total assets are less than $100 million on the date of the financial statements.
The company has no instrument (other than a commitment related to the origination of a mortgage loan to be held
for sale) that, in whole or in part, is accounted for as a derivative during the reporting period.
1809.37 FASB ASC 820 applies whenever other standards require (or permit) fair value measurements or disclosures about
fair value measurements.
6(111)
FASB ASC 820 defines fair value, provides a framework for measuring fair value within GAAP,
and provides disclosures about fair value measurements. Fair value refers to the price that would be received to sell an asset
or paid to transfer a liability in an orderly transaction between principal market for the asset or liability (or most advantageous
market, if there is no principal market). The guidance requires that fair value be based on the assumptions market participants
would use when pricing the asset or liability, and it establishes a fair value hierarchy of information used to develop those
assumptions. Under the hierarchy, quoted prices in active markets have the highest priority and unobservable data, for
example, the reporting entitys own data, has the lowest priority. The guidance requires fair value measurements to be
separately disclosed by level within the fair value hierarchy.
1809.38 FASB ASC 825 provides an option to report selected financial assets and financial liabilities at fair value. The scope
of the guidance also includes other items such as written loan commitments and certain items that are not financial
instruments. The election can be made on an instrument-by-instrument basis and is irrevocable, once made. The guidance
provides presentation and disclosure requirements that facilitate comparisons between entities that choose different
measurement attributes. However, it does not eliminate disclosure requirements about fair value measurements included in
other standards.
1809.39 Auditing Fair Value Measurements and Disclosures. The requirements of AU-C 540 discussed in the paragraphs
beginning with 1809.6 apply to auditing fair value accounting estimates. Therefore, when the auditor is auditing estimated fair
value measurements recognized or disclosed in the financial statements, the guidance of AU-C 540 relating to risk
assessment procedures, identifying and assessing risks, responding to assessed risks including significant risks, as well as
other required matters, should govern the auditors procedures.
1809.40 As noted in paragraph 1809.19, when responding to the assessed risks of material misstatement for accounting
estimates, the auditor will perform one of more approaches, one of which is testing how management made the estimate and
the underlying data, including the evaluation of the appropriateness of the method, reasonableness of the assumptions, and
the reliability of the underlying data. As noted in paragraph 1809.20, this approach is frequently used when the accounting
estimate is a fair value accounting estimate developed on a model that uses observable and unobservable inputs.
1809.41 Some fair values are readily determinable because there are relevant quoted market prices. For such items,
published price quotations in an active market are the best evidence of fair value. When there is no observable market price
or items have characteristics requiring an estimate to be made, use of a valuation method, such as discounted cash flows,
may provide the best estimate of fair value.
1809.42 When a valuation method is used, the auditor considers the appropriateness of the method, including
managements rationale for selecting the method. Auditors may consider whether management has evaluated the range of
values resulting from different methods and investigated the reasons for the differences. Changes in circumstances may
require changes in the method used to determine fair value. As indicated in paragraph 1809.18, if there has been a change
from the prior period in estimates or the methods, the auditor should determine if such changes are appropriate in
circumstances.
1809.43 The following approaches may be used to obtain evidence supporting a fair value estimate determined using a
valuation model:
Test the clients valuation, including managements assumptions (or those of a specialist), the valuation model, and
the underlying data.
Develop an independent estimate and compare it to the clients valuation.
Review subsequent events and transactions to corroborate the clients valuation. (However, the auditor should
consider only those events or transactions that reflect circumstances existing at the balance sheet date.)
1809.44 When testing the clients valuation or developing an independent estimate based on managements assumptions,
the auditor should evaluate whether managements assumptions are reasonable and not inconsistent with market information.
If management retained a specialist to develop the valuation, the auditors responsibility to test the assumptions does not
change. The auditor considers the source and reliability of evidence supporting the assumptions, pays special attention to
assumptions that are highly sensitive or uncertain and those susceptible to misapplication or bias, and considers the
sensitivity of the valuation to changes in assumptions and market conditions. To be reasonable, the assumptions, individually
and taken as a whole, need to be realistic and consistent with the following:
The general economic environment, the economic environment of the specific industry, and the entitys economic
circumstances.
Existing market information.
The plans of the entity, including what management expects will be the outcome of specific objectives and
strategies.
Assumptions made in prior periods, if appropriate.
Past experience of, or previous conditions experienced by, the entity to the extent it is considered representative of
future conditions.
Other matters relating to the financial statements, for example, assumptions used by management in accounting
estimates for financial statement accounts other than those relating to fair value measurements and disclosures.
1809.45 AU-C 540.A83 also provides additional matters auditor might consider when evaluating the reasonableness of
assumptions pertaining to fair value accounting estimates, including:
When relevant, whether and how market-specific inputs have been included in the development of assumptions.
Whether assumptions are consistent with observable market conditions and the characteristics of the asset or
liability measured at fair value.
Whether the sources of market-participant assumptions are relevant and reliable.
When a number of different market participant assumptions exist, how management selected the assumptions to
use.
Whether and how management considered assumptions used in comparable transactions, assets, or liabilities.
1809.46 When there are unobservable inputs, the auditors evaluation of the assumptions will likely be combined with other
responses to assessed risks as discussed in paragraph 1809.19. Also, fair value accounting estimates with unobservable
inputs as a result of illiquid markets may provide challenges to management. Therefore, the auditor would consider the risks
that may exist for such estimates when assessing the risks of material misstatement and developing appropriate responses.
1809.47 The accuracy, completeness, and relevancy of the underlying data should also be tested, and the auditor should
ensure that the resulting valuation properly reflects both the assumptions and the data. Tests may include verifying the source
of the data, recomputation, and review of information for internal consistency.
1809.48 The auditor who independently develops assumptions for use in evaluating the clients estimate still understand
managements assumptions so he or she can assess whether any significant matters have been omitted and can evaluate
any significant differences between managements and the auditors estimates as discussed in paragraph 1809.22.
1809.49 For certain valuations, the authors believe that the development of an independent estimate or the use of
subsequent events to corroborate the clients valuation will not be practical or may be of limited usefulness. For example,
when auditing fair values for stock options, if the client uses a valuation model such as Black-Sholes-Merton or another
established model, it would be of limited usefulness for the auditor to develop an independent estimate. Also, for stock
options or long-term liabilities such as asset retirement obligations, the use of subsequent events would generally not apply.
1809.50 When auditing fair value disclosures, the following guidance applies:
Evaluation of whether fair value disclosures are in conformity with GAAP ordinarily involves the same audit
procedures used to audit fair value measurements recognized in the financial statements.
If fair value disclosure is omitted because it is not practical to determine fair value with sufficient reliability,
information that would be pertinent to such an estimate should be disclosed along with the reasons why it is not
practical to estimate fair value. In that case, the adequacy of disclosures required in such circumstances is
evaluated.
1809.51 During summarization and evaluation procedures, the auditor should evaluate the sufficiency of the evidence
obtained and its consistency with other evidence obtained during the audit. Regardless of the audit approach used, the
auditor would ordinarily obtain management representations about the reasonableness of significant assumptions and
consider certain communications with those charged with governance. Management representations are discussed in section
1804 and communications with those charged with governance are discussed in section 1815.
1810 CONSIDERING THE ACCUMULATED RESULTS OF AUDIT PROCEDURES
1810.1 This section discusses certain requirements related to considering the accumulated results of audit procedures under
AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, and
AU-C 240, Consideration of Fraud in a Financial Statement Audit. Exhibit 18-13 summarizes those requirements.
Exhibit 18-12
Requirements Related to Considering the Accumulated Results of Audit Procedures
a
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Perform audit procedures to evaluate whether the overall presentation of
the financial statements, including related disclosures, is in accordance
with GAAP.
Based on the audit procedures performed and evidence obtained,
evaluate before the conclusion of the audit whether the risk assessments
at the relevant assertion level are still appropriate.
Conclude whether sufficient appropriate evidence has been obtained,
considering all relevant audit evidence regardless of whether it
corroborates or conflicts with assertions in the financial statements.
through
ASB-AP-14
If sufficient appropriate audit evidence about an assertion has not been
obtained, attempt to obtain further audit evidence. If unable to do so,
express a qualified opinion or disclaim an opinion on the financial
statements.
Evaluate, at or near the end of the audit, whether the accumulated results AU-C 240.34 ASB-AP-2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
of auditing procedures, affect the assessment of the risks of material
misstatement due to fraud made earlier in the audit or indicate a previously
unrecognized risk of material misstatement due to fraud. The analytical
procedures relating to revenue should be performed through the end of
the reporting period.
Evaluate the business rationale (or the lack thereof) for significant
transactions that are outside the normal course of business for the entity
or that otherwise appear to be unusual given the understanding of the
entity and its environment and other information obtained during the audit,
to address whether of the transactions suggests that they may have been
entered into to engage in fraudulent financial reporting or to conceal
AU-C 240.32,
item c
b
ASB-AP-2
Notes:
a
The requirements for evaluating misstatements, including those in AU-C 240 related to evaluating whether misstatements
are indicative of fraud and the related implications for the audit, are discussed in section 1812.
b
This procedure is required to address the risk of management override of controls. Additional procedures to address
the risk of management override are discussed in Chapter 5.
* * *
Reevaluating Risk Assessments and Evaluating Audit Evidence
1810.2 The auditors assessment of the risks of material misstatement at the relevant assertion level made during planning is
based on available audit evidence (see Chapter 4) and naturally may change as additional evidence is obtained. For example,
in performing substantive procedures, the auditor may identify misstatements that are larger or more frequent than had been
anticipated. In this situation, AU-C 330.27 requires the auditor to reevaluate, before the conclusion of the audit, whether the
assessment of risks of material misstatement at the relevant assertion level remains appropriate. The audit evidence may
either confirm the auditors risk assessments or result in the auditor performing additional audit procedures. Exhibit 18-13 (as
adapted from paragraph 7.04 of the AICPA Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement
Audit) illustrates this concept.
Exhibit 18-13
Reevaluating the Initial Assessment of the Risk of Material Misstatement
at the Relevant Assertion Level
When planning the audit of ABC Company, the auditor initially assessed a low level of risk that the company would not
record year-end sales in the proper period. The auditor then determined the nature, timing, and extent of substantive
procedures related to the cut-off assertion based on her assessment of a relatively low risk of material misstatement.
However, the companys warehouse and accounting personnel were confused about how to record orders that were
prepared for shipping on December 31, but not picked up by the shipping service until January 2.
In her examination of accounts receivable, the auditor sent confirmations to a sample of customers. Confirmation
results indicated a likely misstatement. The auditor informed management and the resulting investigation led to
identifying cut-off issues as the cause of the misstatement. As a result, the auditor (1) asked management to examine
the accounts receivable and revenue account balances to identify and correct any other misstatements (see paragraph
1812.11), and (2) reevaluated her initial risk assessment relating to cut-off and increased the extent of tests of details
over shipping cut-off in order to obtain a higher level of assurance that all material misstatements relating to cut-off
errors had been identified.
* * *
1810.3 As indicated in Exhibit 18-13, an auditor can not assume that an identified error or instance of fraud is an isolated
occurrence. Instead, the auditor needs to consider how the misstatement affects the assessed risks of material misstatement.
In doing so, the auditor should consider all relevant audit evidence, even if it appears to contradict relevant assertions in the
1810.4 It is natural for a business entity to have some deviations in the way controls are applied. Deviations may be caused
by such factors as changes in key personnel, seasonal fluctuations in business activity, and human error. As a result, controls
may not operate as effectively as the auditor had expected. If the auditor detects deviations when performing tests of controls,
he or she makes inquiries to understand such matters and their potential consequences and should determine whether the
tests provide an appropriate basis for reliance on the controls, whether additional tests of controls are needed, or whether the
potential risks of misstatement need to be addressed by substantive procedures (see Chapter 6). The auditor should also
evaluate whether misstatements identified when performing substantive procedures indicate that the related controls are not
operating effectively. However, the absence of identified misstatements when performing substantive procedures does not
provide audit evidence that the controls related to the relevant assertion being tested are effective (see Chapter 6).
1810.5 At the end of the audit, the auditor should conclude whether sufficient appropriate audit evidence was obtained to
reduce to an appropriately low level the risk of material misstatement in the financial statements and to support the opinion on
the financial statements. This requires the auditor to evaluate whether the audit was performed at a level that provides the
auditor with a high level of assurance that the financial statements, taken as a whole, are free of material misstatement.
1810.6 The sufficiency and appropriateness of audit evidence is a matter of the auditors professional judgment. AU-C
330.A75 explains that the auditors judgment is influenced by factors such as:
Significance of the potential misstatement in the relevant assertion and the likelihood of it having a material effect on
the financial statementsboth individually and when aggregated with other misstatements.
Effectiveness of managements responses and controls to address the risks.
Experience gained during previous audits with respect to similar potential misstatements.
Results of audit procedures, including whether specific instances of fraud or error were identified.
Reliability and source of available information.
Persuasiveness of the audit evidence.
Understanding of the entity and its environment, including its internal control.
1810.7 AU-C 330.29 states that if the auditor has not obtained sufficient appropriate audit evidence with respect to a material
financial statement assertion, the auditor should try to obtain additional evidence. If the auditor cannot obtain sufficient
appropriate audit evidence, the auditor should either express a qualified opinion or disclaim an opinion.
Evaluating the Existence of Fraud
1810.8 Fraud Risk Assessment Is an Ongoing Process. Assessing the risks of material misstatement due to fraud is an
ongoing process that should occur throughout the audit. Fraud risks may be identified during the engagement
acceptance/continuance process, during engagement planning, while obtaining an understanding of internal control, when
assessing the risks of material misstatement of the financial statements due to error or fraud, when performing further audit
procedures to respond to assessed risks, or when communicating with management or others (see also the discussion in
section 404). Examples of conditions the auditor may note that may change or support the assessment of fraud risks made
during planning are included in Exhibit 18-14.
Exhibit 18-14
Conditions That May Change or Support the Auditors Assessment of Fraud Risks
Unrecorded transactions or transactions recorded improperly as to account, amount, period, or company policy.
Balances or transactions that are unsupported or unauthorized.
Adjustments made by the entity at the last minute that substantially affect financial results.
Evidence of employees unauthorized or unnecessary access to systems or records.
Missing documents.
Indications of altered documents.
a
Only photocopies or electronic versions of documents being provided to auditors when originals are expected to exist.
Significant unexplained reconciling items.
Vague, implausible, or inconsistent responses by the client to the auditors inquiries.
Significant amounts of inventory or other physical assets are missing.
Denial by client personnel of auditors access to records, facilities, certain employees, customers, vendors, or others.
b
Unusual discrepancies between confirmation replies and the entitys records.
Failure to retain documents or electronic files consistent with the companys record retention policies or practices.
Unusual delays by client personnel in providing requested information.
Unreasonable time pressures to resolve complex or contentious accounting issues.
Attempts by management to intimidate audit team members or control the conduct of the audit.
Complaints or tips received by the auditor about fraud or potential fraud.
Unwillingness to make financial statement disclosures more clear or complete.
Managements proposal of adjustments, not previously identified or communicated to the auditor, that offset
misstatements found by the auditor.
Notes:
a
If the auditor suspects that documents have been altered, it may be necessary to engage a specialist to determine their
authenticity.
b
Denial of access to information may constitute a limitation on the scope of the audit sufficient to preclude an unmodified
(unqualified) opinion on the financial statements.
* * *
1810.9 Required Procedures. AU-C 240.34 requires auditors to evaluate, at or near the completion of fieldwork, whether the
accumulated results of auditing procedures (including analytical procedures performed as substantive tests or in the overall
review stage of the audit), affect the assessment made earlier in the audit regarding the risks of material misstatement due to
fraud or indicate a previously unidentified risk of material misstatement due to fraud. In addition, the SAS requires
performance of analytical procedures relating to revenue is required through the end of the reporting period. If the full years
revenue information is available during audit planning, the procedures can be performed during preliminary analytical
procedures. Otherwise, the procedures performed during planning should be updated during the final analytical review stage
of the audit.
1810.10 Based on the evaluation, the auditor determines whether additional or different audit procedures are necessary. In
addition, the auditor should perform a qualitative evaluation of misstatements identified in the financial statements and
determine whether the misstatements may indicate possible fraud. Paragraph 1812.24 discusses performing a qualitative
evaluation of misstatements in further detail. In addition, communication with the engagement team about information or
conditions that indicate potential risks of material misstatement due to fraud should continue throughout the audit.
Evaluating Significant Unusual Transactions
1810.11 Additional substantive procedures that may be needed in particular circumstances depend on the auditors
judgment about the sufficiency and appropriateness of audit evidence in the circumstances. Because of the judgmental
nature of the auditors risk assessments and the inherent limitations of internal control, particularly the risk of management
override, some substantive procedures have to be performed in every audit. One of those procedures involves evaluating
significant unusual transactions.
1810.12 AU-C 240.32 requires the auditor to evaluate the business rationale for significant unusual transactions to address
the risk of management override of controls. By considering whether the business rationale (or lack thereof) suggests that
transactions may have been entered into to perpetrate in fraudulent financial reporting or conceal misappropriation of assets.
In evaluating the business rationale for significant unusual transactions, the auditor may consider whether:
The transaction is overly complex in relation to its stated purpose.
Management is overly concerned that the transaction receives a particular accounting treatment.
Previously unidentified related parties are involved in the transaction.
The parties to the transaction lack substance.
The transaction and the manner of accounting have been reviewed and approved at an appropriate level, such as
by those charged with governance.
Considering the Application of Significant Accounting Principles for Bias
1810.13 According to AU-C 240.29 the auditor should evaluate whether the application of significant accounting principles
indicates a bias on the part of management. In particular, the auditor should consider accounting related to subjective
measurements and complex transactions. Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation, or disclosure is one way in which fraudulent financial reporting can be accomplished.
1810.14 AU-C 230.08 requires auditors to document significant audit findings or issues, the conclusions reached about such
findings or issues, and significant professional judgments made in reaching those conclusions. Judging the significance of a
finding or issue generally requires an objective analysis of the facts and circumstances. Paragraphs beginning at 802.15
include examples of significant audit findings or issues and Chapter 8 provides a detailed discussion of audit documentation
requirements.
1811 ANALYTICAL REVIEW AND REVIEW OF WORKPAPERS
Analytical Review
1811.1 Introduction and Authoritative Literature. AU-C 520.06 [Formerly SAS No. 56 (AU 329)] requires the use of
analytical procedures in the final review stage of the audit. The purpose of analytical procedures at this stage is to assist the
auditor in assessing the validity of the conclusions reached, including the opinion on the financial statements. In other words,
the auditor uses analytical procedures at this stage to assess whether the financial statements make sense based on the
knowledge and understanding obtained during the audit. Are the relationships depicted in the financial statements
reasonable, based on the auditors knowledge of the client and its operations and industry and other information obtained in
performing the audit?
1811.2 Objective and Requirements. The objective of the auditor when performing final analytical review procedures is to
design and perform analytical procedures near the end of the audit that assist with forming an overall conclusion about
whether the financial statements are consistent with the auditors understanding of the entity.
Exhibit 18-15
Requirements for Analytical Procedures
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Design and perform analytical procedures near the end of the audit that
assist with forming an overall conclusion about whether the financial
statements are consistent with the auditors understanding of the entity.
* * *
1811.4 Overall Review. AU-C 520.A25 states that this overall review would generally include consideration of:
a. the adequacy of evidence gathered in response to unusual or unexpected balances identified in planning the audit
or during the audit, and
b. unusual or unexpected balances or relationships that were not previously identified.
In other words, the auditor needs to consider whether the information gathered during the audit provides a sufficient
understanding of unusual or unexpected financial statement relationships. This assessment includes consideration of those
matters identified during preliminary analytical procedures (see paragraphs beginning at 301.31), as well as matters that
become apparent for the first time during the final review stage. When the auditor does not have a sufficient understanding of
the cause of an unusual or unexpected relationship, the auditor may need to revise the risk of material misstatement and
apply additional audit procedures.
1811.5 Preliminary analytical procedures are risk assessment procedures performed to obtain an understanding of the entity
and its environment for the purpose of assessing the risks of material misstatement and determining what further audit
procedures should be performed in response to the risk assessment. Final review analytical procedures are used to consider
the adequacy of the procedures performed. Although the objective of applying the procedures may differ, the analytical
procedures actually applied may be very similar or identical. At the planning stage, analytical procedures will be applied to
unaudited amounts. In the final review stage, the procedures will be applied to amounts after audit adjustment. Thus, in the
final review, a simple comparison to prior period amounts at the financial statement level is normally effective.
1811.6 One common form of documentation is referred to as a flux analysis. A flux analysis is a narrative explanation by
financial statement caption (line item) of the change in the amount from the prior period and of any unusual or unexpected
relationships to other financial statement line items in the current period. The authors do not believe a flux analysis is required
by AU-C 520, but recommend it as a convenient means of documenting the thought process that is required by the standard.
1811.7 As discussed in section 301, AU-C 240 requires the auditor to perform preliminary analytical procedures related to
revenue to identify unusual or unexpected relationships that may indicate fraudulent financial reporting. Those procedures
should be performed through the end of the reporting period. If the full years revenue information is available during audit
planning, the required procedures can be performed during preliminary analytical procedures. Otherwise, the analytical
procedures related to revenue performed during planning may be updated during the final analytical review stage of the audit.
Review of Workpapers
1811.8 The review of workpapers near the conclusion of the engagement has two stages: (a) detailed review of the audit
work of staff assistants, and (b) a higher-level supervisory review. Although an audit senior usually reviews the work of staff
assistants and a manager or partner usually makes a supervisory review, there is considerable variation in practice. For
example, in some small business engagements, the audit senior may be the only staff on the engagement.
1811.9 Generally, there are only two distinct levels of reviewdetailed and supervisorybut specific practice may vary with
client size and circumstances, the size of the audit team, and firm policies and practices on engagement administration. When
clients are larger or more complex or when there are large audit teams, there may be further subdivision of the detailed and
supervisory reviews.
1811.10 Authoritative pronouncements establish only broad requirements for supervision and review. AU-C
220.18.19
7(112)
requires the engagement partner to take responsibility for review of the work performed in accordance with
the firms review policies and procedures. Based on the review of audit documentation and discussion with the engagement
team, on or before the date of the auditors report, the engagement partner should be satisfied that sufficient appropriate audit
evidence has been gathered to support the conclusions reached and the auditors report to be issued.
1811.11 SQCS No. 8, A Firms System of Quality Control, indicates at QC 10.35.36 that a firm should establish policies
and procedures that address supervision and review responsibilities. The review responsibility policies and procedures
should be determined on the basis that qualified engagement team members review the work performed by other team
members on a timely basis. The engagement partner may delegate parts of the review responsibility to other members of the
engagement team, in accordance with firm quality control policies. The review may include consideration of factors such as
the following (AU-C 220.A16):
The work is performed in accordance with professional standards and regulatory and legal requirements.
Significant findings and issues are raised for further consideration.
Appropriate consultations take place and resulting conclusions are documented and implemented.
The nature, timing, and extent of work performed is appropriate and without need for revision.
The procedures performed support the conclusions reached and are properly documented.
Evidence obtained is sufficient and appropriate to support the report.
The objectives of the procedures performed are achieved.
The extent of supervision appropriate in a given instance depends on many factors, including the complexity of the
subject matter and the qualifications of persons performing the work, including knowledge of the clients business
and industry. (AU-C 300.A16)
1811.12 The engagement partner needs to direct other team members to bring to his or her attention accounting and
auditing issues raised during the audit that the team member believes are significant to the financial statements or auditors
report so that he or she may assess their significance. Engagement team members also need to be instructed to bring to the
attention of appropriate individuals in the firm difficulties encountered when performing the audit, such as missing documents
or client resistance in responding to inquiries or providing access to information. The work performed by each team member
and the documentation of the work needs to be reviewed to determine whether the work was adequately performed and
documented and to evaluate whether the results are consistent with the conclusions to be presented in the auditors report.
1811.13 Audit documentation assists the auditor in the direction, supervision, and review of the audit. Auditors are required to
document who performed the work and when the work was completed. Likewise, the workpapers should indicate who
reviewed the work and the date of the review. (AU-C 230.09) These requirements do not mandate any specific arrangements
for engagement administration.
1811.14 Audit firms need to have some mechanism to assure that significant accounting or auditing problems identified in the
audit work or detailed review are brought to the attention of the supervisory reviewer. Also, there needs to be some
mechanism for dealing with and resolving differences of opinion. QC 10.46.48 states that firms should establish policies and
procedures for dealing with and resolving differences of opinion. Those policies and procedures should require that (a)
conclusions reached be documented and implemented, and (b) the report not be released until the difference of opinion is
resolved. Additionally, such policies and procedures should enable engagement team members to document his or her
disagreement with the conclusions reached after appropriate consultation has taken place. ASB-CX-16.4, Accounting and
Engagement Issues, provides a form that can be used to document significant audit findings or differences of opinion.
1811.15 Detailed Review of Audit Work. The objectives of the detailed review of audit work are to assure that there is:
a. adherence to professional standards and firm policies and practices;
b. integration of results and conclusions from work on individual financial statement components; and
c. proper summarization of the results of audit tests, including significant audit findings or issues, for the attention of
the supervisory reviewer and for potential reporting to the client.
In general, the reviewer should determine whether the audit documentation would permit an experienced auditor who has no
previous connection with the engagement to understand (a) the nature, timing, and extent of the auditing procedures
performed, (b) the results of the audit procedures and the evidence obtained, (c) the conclusions reached on significant
matters, and (d) that the audited financial statements agree or reconcile to the accounting records. Chapter 8 provides a
detailed discussion of audit documentation requirements.
1811.16 The detailed review of the current workpaper file usually includes the following steps:
a. For each financial statement component, reviewing the supporting schedules to assure that:
(1) each schedule is complete and properly headed, dated, initialed, indexed, and cross-referenced to the working
trial balance;
(2) amounts agree with the amounts in the working trial balance and have been traced to the general ledger;
(3) the audit program has been completed, as indicated by initials,
8(113)
dated, indexed, the conclusion signed
off, and the related workpaper schedules indicate that the procedures have been performed; and
(4) any misstatements discovered have been properly identified, analyzed, and treated.
b. For the general section of the file and the workpapers as a whole, assuring that:
(1) any information on a workpaper for a financial statement component that is relevant to another component has
been properly considered and cross-referenced;
(2) any relevant information in the permanent file or other general files has been incorporated or cross-referenced;
(3) any significant audit findings or issues (including related discussions with management and others) have been
adequately addressed and documented; and
(4) any unusual matters have been included in the management representation letter.
c. Preparing summary and evaluation schedules and drafting the financial statements and audit report. (These matters
are discussed in more detail in section 1812, Summarization and Evaluation, and section 1813, Drafting Financial
Statements and the Auditors Report.)
1811.17 AU-C 230.09 requires that the workpapers indicate who reviewed specific audit documentation and the date and
extent of the review. Auditors are not required to indicate their review on each specific workpaper. However, the
documentation should clearly indicate who reviewed specified elements of the audit work and when. A practical and efficient
way of indicating who reviewed specified elements of the audit work and when is for the detailed reviewer to initial and date
the specific workpapers reviewed.
9(114)
1811.18 Supervisory Review. In practice, the greatest variations in review of workpapers occur in the extent and levels of
supervisory review. As explained earlier, these variations are a result of differences in client size and complexity, audit team
size and qualifications, and individual firm policies and preferences for engagement administration. Generally, the supervisory
review focuses more on the summary and evaluation schedules and documentation of significant audit findings or issues, and
less time and attention is given to supporting workpaper schedules. It is often conducted after financial statements and the
audit report have been drafted, and it is the final check on whether the audit work supports the overall conclusions on the
1811.19 Any review notes or comments from the earlier stages of review need to be satisfactorily resolved by the completion
of the supervisory review. The particular practices adopted for documenting and clearing review notes are a matter of
individual firm preferences in engagement administration. However, it is important that the resolution be clear and that no
apparently unanswered or open matters remain in the final workpapers. Once the audit has been completed, all review points
and notes need to be removed from the workpapers, as they do not constitute audit evidence.
1811.20 Supervisory reviewers should document their review of specific audit documentation and when it occurred, as
indicated in paragraph 1811.17. A practical and efficient way of indicating who reviewed specified elements of the audit work
and when is for the supervisory reviewer to initial and date the specific workpapers reviewed; however, there are no
requirements to do so. Some reviewers may prefer to document their review in a memo format that indicates the specific
workpaper sections reviewed and associated dates. Checklists may also be used.
1811.21 Review Checklists. Most firms use some form of checklist to serve as a reminder of important engagement
completion matters and to document completion of the review of the workpapers. An example of a review checklist titled the
Supervision, Review, and Approval Form is presented at ASB-CX-14.
1811.22 Sole Practitioners. Obviously, much of this discussion on the review of workpapers is not applicable to a sole
practitioner with no staff. A sole practitioner of necessity has to review his or her own workpapers. Professional standards do
not require that audit work necessarily be reviewed by someone other than the person who did the work. QC 10.A1 notes that
the review responsibilities are not relevant when there are no staff.
1811.23 That does not mean, however, that review of completed audit work is unimportant. It is still necessary to make a
critical review of completed work and evaluate whether the work performed adequately supports the conclusions reached.
ASB-CX-14 can also be adapted for use by a sole practitioner.
1811.24 Tax Department Review. As discussed in section 1601, CPA firms with separate tax departments typically have the
tax department review the tax areas of the audit workpapers and financial statements. The auditor needs to discuss with tax
department personnel any knowledge they may have of matters that may affect the financial statements. The Supervision,
Review, and Approval Form, ASB-CX-14, includes an optional step relating to tax department review.
1811.25 Engagement Quality Control Review. Many firms require a review of the audited financial statements, auditors
report, and other communications and reports by someone who has no other responsibility on the audit. Depending on firm
policy, engagement quality control reviews may also include additional procedures, such as:
a. Looking at the checklists or memoranda that document the review by the audit senior, audit partner, and tax
department.
b. Reviewing attorneys letters and the management representation letter.
c. Reading documentation related to the significant judgments made by the engagement team and the conclusions
they reached.
d. Discussing significant findings and issues with the engagement partner.
1811.26 SQCS No. 8 states that a firm should establish criteria against which all audit engagements should be evaluated to
determine whether an engagement quality control review (EQCR) should be performed (QC 10.38). Firms may consider the
nature of the engagement, unusual circumstances or risks of the engagement, and whether other laws or regulations impact
EQCR requirements. SQCS No. 8 indicates that a firm should establish policies and procedures that set forth the nature,
timing, and extent of a quality control review. (QC 10.40) The following list represents the types of situations that may be
considered in establishing EQCR criteria:
Third-party use of the report, such as to the clients lender for financing purposes.
High profile clients, for example, well-known individuals or entities in the local community.
Entities subject to governmental regulations.
New types of service for the firm; for example, the firm begins to offer prospective financial information services.
New or complex specialized industries.
Client entities without competent or experienced accounting personnel.
Client entities with substantial fraud risk factors.
Client entities with significant related party transactions.
Clients that have experienced material misstatements during the current or previous engagements.
First-time clients.
New firm partners.
1811.27 In general, any circumstance that creates an unusual or higher level of engagement risk needs to be considered in
establishing EQCR criteria. Whenever an engagement is subject to a heightened level of risk, the firm may consider it prudent
to have a second pair of eyes review the engagement. Regardless of whether a particular engagement meets the firms
stipulated EQCR criteria, it may be selected for EQCR based upon current year risk during engagement performance.
However, the reverse situation does not hold true. That is, a firm may not choose to opt-out of performing an EQCR when an
engagement meets the established EQCR criteria.
1811.28 If performed, the engagement quality control review should be completed before the audit report is released (QC
10.49). The authors recommend that an engagement quality control review be performed on each audit. The Supervision,
Review, and Approval Form at ASB-CX-14 provides a section to document that review. The firm may wish to modify or add to
that checklist based on specific firm policies.
1811.29 EQCR for Smaller Firms and Sole Practitioners. When sole practitioners or small firms identify engagements
requiring EQCRs, a qualified individual may not be available within the firm to perform the EQCRs. In such cases, qualified
external individuals or firms may be contracted to perform the function. When the firm contracts qualified external individuals
or other firms, the firm should ensure that they have the appropriate technical qualifications, are objective, and adhere to the
requirements of quality control standards regarding engagement quality control review procedures.
1811.30 Is Workpaper Review Required before Dating the Auditors Report? AU-C 700.41 requires that the date of the
auditors report should be no earlier than the date that sufficient appropriate audit evidence has been obtained to support the
opinion on the financial statements. Among other items, sufficient appropriate audit evidence includes evidence that:
a. The audit documentation has been reviewed.
b. The financial statements, including disclosures, have been prepared.
c. Management has taken responsibility for the financial statements.
All reviews should be performed and documented prior to the date of the auditors report (AU-C 700.41). This includes any
engagement quality control review (AU-C 220.21).
1812 SUMMARIZATION AND EVALUATION
1812.1 As discussed in section 1810, near the end of the audit, auditors are required to evaluate whether the accumulated
results of the auditing procedures performed provide a high level of assurance that the financial statements, as a whole, are
free of material misstatement. That evaluation includes consideration of misstatements discovered during fieldwork, including
whether identified misstatements are indicative of possible fraud, which is further discussed beginning in paragraph 1812.26.
Additionally, AU-C 450.11 requires that the individual and combined effects of all uncorrected misstatements be considered to
determine whether they are material to the financial statements taken as a whole. To evaluate the combined effect of various
uncorrected misstatements, it is necessary to summarize them in one place in the workpapers. Related matters that may also
be considered at this stage of the audit are overall analysis of audit time (beginning at paragraph 1812.42) and consultation
with others on complex technical issues (beginning at paragraph 1812.44).
1812.2 The following paragraphs discuss some of the differences between the pre-clarified auditing standards in AU 312 and
the clarified standards in AU-C 450 in regards to evaluating misstatements; and summarize the objectives and requirements
for the evaluation of misstatements under the clarified standard AU-C 450, Evaluation of Misstatements Identified During the
Audit. In addition, certain requirements relating to evaluating whether misstatements are indicative of fraud in AU-C-240,
Consideration of Fraud in a Financial Statement Audit, are also discussed in this section. Further discussion of the objectives
and requirements in AU-C 240 is found in Chapter 3, Chapter 5, and in section 1810.
1812.3 AU-C 450 made certain changes to the guidance in AU 312, including moving some of the requirements in AU 312 to
application guidance and changing certain terminology. The effect of such changes may appear on the surface to alter certain
requirements. However, based on analysis of the requirements and the related application guidance and discussions with the
AICPA, the authors do not believe that the changes, as described below, are intended to result in a change in practice for
evaluating, documenting, or communicating misstatements accumulated during the audit:
Under AU 312, auditors are required to document the type of misstatement (whether known or likely), but no such
requirement exists in the clarified standard AU-C 450. While there is no explicit requirement to document the type of
misstatement, AU-C 450 still contains requirements to document all misstatements accumulated during the audit
and whether they have been corrected and the auditors conclusion about whether uncorrected misstatements are
material, individually or in the aggregate, and the basis for the conclusion. In addition, the application guidance in
AU-C 450 continues to encourage the practice of distinguishing between the types of misstatements to assist the
auditor in evaluating misstatements accumulated during the audit and in communicating them to management and
The terms known and likely used to describe misstatements have been replaced with the terms factual, judgmental,
and projected. This change does not affect the definition of the types of misstatements, as further discussed
Under both AU 312 and AU-C 450, auditors are required to communicate all misstatements accumulated during the
audit other than those that are clearly trivial. AU-C 450.07 further states that the auditor should request that
management correct those misstatements. AU 312 requires the auditor to request management to correct all known
misstatements. Furthermore, under AU 312 when the auditor evaluates the amount of a likely misstatement as
material, the auditor is required to request that management perform additional investigation or analysis with respect
to such likely misstatements to identify and correct misstatements. After management performs the investigation, the
auditor reevaluates the amount of likely misstatement and whether additional procedures are necessary. Under the
clarified standards, the request for management to perform additional investigation is contained in the application
guidance of the standards. Although the wording is different in the two standards regarding the auditors
responsibility to request management to correct misstatements, the authors believe from reviewing the related
application guidance and from discussions with the AICPA, that the process for requesting correction under the
existing and clarified auditing standards is not intended to change.
Under AU 312, auditors should request management to review the assumptions and methods used in developing
managements estimates when the auditor identifies likely misstatements involving differences in estimates. While
this specific request is no longer included in the requirements section of the clarified standard, the application
guidance in AU-C 450 continues to support that practice.
The remainder of this section is based on AU-C 450.The practice aids for documenting, evaluating, and communicating
misstatements at ASB-CX-12.1 and ASB-CX-12.2 can be used to comply with the requirements of both the pre-clarified (AU
312) and clarified auditing standards (AU-C 450).
1812.4 The objectives of the auditor when evaluating misstatements identified during the audit are to evaluate the effect of
identified misstatements on the audit and of any uncorrected misstatements on the financial statements. The requirements
that should be followed to achieve those objectives are summarized in Exhibit 18-16.
Exhibit 18-16
Requirements for Evaluation of Misstatements Identified During the Audit
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Accumulate misstatements identified during the audit, except for those that
are clearly trivial.
ASB-CX-12.2
Determine if the overall audit strategy and audit plan need to be revised if: AU-C 450.06a ASB-AP-2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
The nature and reasons for identified misstatements indicate that
other misstatements may exist that, when aggregated with
misstatements already identified, could be material.
The aggregate of the misstatements identified during the audit is at or
near materiality.
Communicate in a timely manner all misstatements accumulated during
the audit with the appropriate level of management and request
management to correct those misstatements.
ASB-CX-12.1
If, at the auditors request, management examines a class of transactions,
account balance, or disclosure and corrects detected misstatements,
perform additional audit procedures to determine if other misstatements
remain.
If management refuses to correct one or more misstatements, understand
their reasons for not making the corrections and consider that when
evaluating whether the financial statements as a whole are free from
material misstatement.
AU-C 450.09 ASB-CX-12.1
ASB-CX-12.2
Before evaluating the effect of uncorrected misstatements, reassess
whether materiality is still appropriate based on the entitys actual financial
results.
ASB-CX-12.2
Determine whether uncorrected misstatements are material, individually or
in the aggregate, in relation to both particular classes of transactions,
account balances, or disclosures and to the financial statements as a
whole, by considering
The effect of misstatements not corrected in prior periods.
The amount, nature, and reasons for current year misstatements.
AU-C 450.11 ASB-CX-12.2
Document the amount considered clearly trivial when accumulating
misstatements; all misstatements accumulated during the audit and
whether they were corrected; the conclusion about whether uncorrected
misstatements are material, individually or in the aggregate; and the basis
for that conclusion.
AU-C 450.12 ASB-CX-12.2
If a misstatement is identified, evaluate whether such a misstatement is
indicative of fraud. If such an indication exists, evaluate the implications of
the misstatement in relation to other aspects of the audit, particularly the
evaluation of materiality, management and employee integrity, and the
reliability of management representations, recognizing that an instance of
fraud is unlikely to be an isolated occurrence.
If a misstatement is identified that is believed to be, or may be, the result of
fraud and that management (in particular, senior management) is involved,
reevaluate the assessment of the risks of material misstatement due to
fraud and its resulting effect on the nature, timing, and extent of audit
procedures to respond to the assessed risks. Also consider whether
circumstances or conditions indicate possible collusion involving
employees, management, or third parties when reconsidering the reliability
of evidence previously obtained.
If a conclusion is made, or is unable to be made, about whether the AU-C 240.37 ASB-AP-2
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
financial statements are materially misstated as a result of fraud, evaluate
the implications for the audit.
If, as a result of identified fraud or suspected fraud, there is question about
the ability to continue performing the audit
Determine the professional and legal responsibilities applicable in the
circumstances, including whether a requirement exists to report to the
person or persons who engaged the auditor or to regulatory
authorities.
Consider whether it is appropriate to withdraw from the engagement.
If a decision is made to withdraw, discuss with the appropriate parties
the withdrawal and the reasons for the withdrawal.
AU-C 240.38 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
If a lower materiality amount than that initially determined is appropriate,
assess if it is necessary to revise performance materiality and whether the
nature, timing, and extent of the further audit procedures remain
appropriate.
* * *
Nature of Misstatements
1812.5 AU-C 450.A1 explains that a misstatement can result from errors or fraud and occurs in the following circumstances:
An inaccuracy occurs in gathering or processing data for inclusion in the financial statements.
A financial statement element, account, or item is omitted.
Financial statement disclosures are not in accordance with GAAP.
Financial statement disclosures required by GAAP are omitted.
An incorrect accounting estimate arises, such as from an oversight or misinterpretation of facts.
Management makes unreasonable or inappropriate judgments concerning an accounting estimate or the selection
or application of accounting policies.
1812.6 The difference between errors and fraud is intent. Errors are unintentional misstatements of amounts or disclosures in
the financial statements. AU-C 240, Consideration of Fraud in a Financial Statement Audit, defines fraud as an intentional act
by an individual (or individuals) through the use of deception, which results in misstatement to the financial statements. Two
types of financial statement misstatement may result from fraud: misstatements resulting from fraudulent financial reporting
and misstatements resulting from misappropriation of assets. See paragraphs beginning at 1812.26 for a discussion
regarding the auditors evaluation of the existence of fraud.
Categories for Evaluation
1812.7 The categories of misstatements and the format used to summarize them are matters of individual firm preference.
The authors use the following classifications in this Guide:
a. Normal Closing Entries.
10(115)
These are routine entries, such as adjustments of accruals or depreciation, that are
made to help the client close out the books for the year. If normal closing entries are booked, they are not
misstatements and should not be included in the summary of audit differences. The authors also believe that normal
closing entries ordinarily are not significant findings or issues that would be subject to the documentation
requirements of AU-C 230, Audit Documentation. ASB-CX-12.1 provides a Closing Entry and Audit Adjustment
Form that can be used to accumulate normal closing entries during the audit. However, it is often useful to group all
those entries in one place. Grouping closing entries in one place is more convenient for supervisory review and
discussion with the client. It is necessary for the client to agree with booking these entries and accept responsibility
for them because the financial statements are the clients responsibility.
b. Audit Differences.
11(116)
These are any differences noted between the accounting records and the evidence
obtained during the audit. An audit difference could be any of the following:
(1) Passed adjustment for a specifically identified misstatement.
(2) Projected misstatement from a substantive audit sampling application, such as from ASB-CX-8.2.
(3) Significant unexplained difference from an analytical procedure that is treated like a misstatement, as discussed
(4) Difference between the clients accounting estimate and the relevant end of the auditors acceptable range for
that estimate, as discussed beginning in paragraph 1812.18.
Audit Differences
1812.8 In discussing summarization and evaluation, the authors use the term audit differences to refer to misstatements of
amounts and classification. This term was adopted because, as a practical matter, the auditor can only summarize
quantitative misstatements. Other misstatements, primarily those relating to presentation and disclosure assertions, are
usually judged qualitatively on an individual basis.
1812.9 Types of Misstatements. In analyzing audit differences, AU 312.08 discusses two common types of misstatements:
known and likely. However, AU-C 450.A3 provides the following revised terminology, to distinguish between the types of
misstatements, which auditors may find beneficial in evaluating the effect of misstatements accumulated during the audit and
communicating misstatements to management and those charged with governance:
a. Factual misstatement (known misstatement under AU 312). This is a misstatement about which there is no doubt.
b. Judgmental misstatement (a type of likely misstatement under AU 312). A judgmental misstatement is one that arises
from judgments made by management related to accounting estimates that the auditor believes to be unreasonable.
This type of misstatement may also arise due to the selection or application of accounting principles by
management that the auditor considers to be inappropriate.
c. Projected misstatement (a type of likely misstatement under AU 312). This type of misstatement is the result of the
auditors best estimate of misstatement extrapolated to entire populations arising from the use of sampling
procedures. (Chapter 7 discusses sampling in an audit engagement, including projecting misstatements from
sampling results.)
While AU 312.08 and AU-C 450.A3 use different names for the types of misstatements, there is very little difference between
how those two standards describe the different types of misstatements. That is, the types of misstatements that auditors
encounter have not changed; they just have a different name under the clarified standards. The authors have adopted the use
of the new terminology throughout this Guide and may provide both terms where appropriate to minimize confusion during
the period of transition to the clarified standards.
1812.10 Factual misstatements are observed directly by the auditor when performing audit procedures. For example, a sales
transaction recorded in the wrong accounting period is a factual misstatement. Judgmental and projected misstatements,
while not actually observed by the auditor, arise from procedures performed during the audit. For example, the auditor may
determine through performance of procedures to evaluate the adequacy of the allowance for bad debts that the entitys bad
debt expense is unreasonable given historical trends, resulting in the identification of a judgmental misstatement. Additionally,
the auditor may determine the amount of a projected misstatement based upon the results of a sampling application.
1812.11 Communication and Correction of Misstatements. AU-C 450.07 requires the auditor to communicate to
management on a timely basis all misstatements accumulated during the audit, other than clearly trivial ones (clearly trivial is
defined in paragraph 1812.16). As mentioned in paragraph 1812.9, AU-C 450.A3 suggests that distinguishing the type of
misstatements identified is beneficial to the communication with management and those charged with governance. AU-C
450.07.09 also requires the following related to the communication and correction of misstatements:
Ask the appropriate level of management to correct accumulated misstatements. (Accumulated misstatements do
not include those that are clearly trivial. See the discussion at paragraph 1812.17.)
After the detection of a misstatement, the auditor may request management to examine account balances,
transactions classes, or disclosures and make appropriate corrections. For example, if the auditor identified a
misstatement while testing the cost prices of raw materials inventory and extrapolated the misstatement as an
amount material to the raw materials account balance, the auditor may ask management to examine the entire raw
materials account balance to identify and correct any misstatements. Additionally, when the auditor detects a
judgmental (likely) misstatement involving an estimate, the auditor may request management to review the
assumptions and methods it used in developing the estimate. In situations and following the correction of detected
misstatements, the auditor should perform additional procedures to determine whether misstatements still remain.
If management decides not to correct some or all of the misstatements, the auditor should obtain an understanding
of managements reasons for not correcting the misstatements and take that into account when making the
qualitative considerations discussed in paragraph 1812.24. The auditor should also consider the implications for the
audit report. In addition, as discussed in paragraph 1815.15, uncorrected misstatements are significant audit
findings under AU-C 260.13 and should be communicated to those charged with governance.
Evaluating Audit Differences
1812.12 Uncorrected Misstatements. As discussed in section 306, the auditor determines materiality levels in conjunction
with planning the audit. Section 306 also explains that materiality levels should be revised if the auditor becomes aware of
information during the audit that would have caused the auditor to determine different amounts initially. Prior to evaluating the
effect of uncorrected misstatements, the auditor should reevaluate whether materiality remains appropriate in light of the
entitys actual financial results (AU-C 450.10). That reevaluation of materiality should be made before performing the
procedures discussed in paragraph 1812.15.
1812.13 AU-C 700.14 states that the auditor should conclude whether the financial statements taken as a whole are free of
material misstatement. AU-C 450.11 requires that the individual and aggregate effects of all uncorrected misstatements be
considered to evaluate whether the financial statements are fairly stated. In making that evaluation, the auditor should
consider both quantitative and qualitative factors, as well as the effect on prior periods. The summarization and evaluation of
audit differences can be complex and the authors recommend that the auditor include consideration of the following factors:
Nature. For example, goods shipped but not billed, accounts payable not recorded, and assets expensed instead of
capitalized.
Cause. For example, arithmetic or mechanical mistake, inappropriate application of an accounting principle because
of misunderstanding, intentional use of an accounting principle that is not generally accepted, and whether
misstatements are isolated or related to a common cause.
Amount. The dollar amount of the difference and whether the difference is an overstatement or understatement.
Effect. The financial statement components affected by the difference (for example, income before taxes and
working capital). (Also, consider the effect on compliance with loan covenants, such as maintaining certain
operating ratios, or similar issues.)
1812.14 In considering the quantitative effects of misstatements, misstatements also need to be combined in a way that
enables the auditor to consider whether, in relation to individual amounts, subtotals, or totals in the financial statements, the
misstatements materially misstate the financial statements taken as a whole. That simply means the auditor needs to consider
not only the materiality of individual misstatements, but also their combined effect on important financial statement totals or
subtotals (for example, current assets, current liabilities, or gross profit).
1812.15 The application and other explanatory material related to evaluating the effect of uncorrected misstatements
included in AU-C 450 explains that before considering the combined effect of uncorrected misstatements, the auditor
considers each misstatement separately to evaluate the following matters:
Its effect in relation to the relevant individual classes of transactions, account balances, or disclosures, including
whether materiality levels for that particular class of transactions, account balance, or disclosure, if any, has been
exceeded. (Section 306 discusses the requirement relating to determination of materiality for particular items of
lesser amounts.)
The effect on the group audit opinion, if the audit is conducted under AU-C 600, Special ConsiderationsAudits of
Group Financial Statements (Including the Work of Component Auditors), of any uncorrected misstatement identified
by the group engagement team or communicated by the component auditors.
Whether, in considering the effect of the individual misstatement on the financial statements taken as a whole, it is
appropriate to offset misstatements. For example, it may be appropriate to offset misstatements of items within the
same account balance or class of transactions; however, the risk that further undetected misstatements may exist is
considered before concluding that offsetting even immaterial misstatements is appropriate. If the misstatement of an
individual financial statement amount causes the financial statements as a whole to be materially misstated, auditors
need to exercise caution before aggregating that misstatement with misstatements in other financial statement
components. It is unlikely that the effect of an individually material misstatement can be offset against other
misstatements that diminish its effect on important financial statement totals or subtotals in order to justify that, as a
whole, the financial statements are not materially misstated. For example, it is not appropriate for a material
misstatement of revenue to be netted against an offsetting misstatement of expenses, even though the effect on net
income is not material.
The effect of misstatements related to prior periods. In prior periods, misstatements may not have been corrected by
the entity because they did not cause the financial statements for those periods to be materially misstated. Those
misstatements might also affect the current periods financial statements. AU-C 450.11 states that in determining
whether uncorrected misstatements are material (individually or in the aggregate), the auditor should consider the
effect on the current periods financial statements of those prior period misstatements. Paragraphs beginning at
1812.32 discuss the two main approaches used for considering the effect of prior period misstatements (that is, the
rollover and iron curtain methods).
1812.16 Clearly Trivial Misstatements. Some auditors set an amount below which detected misstatements need not be
accumulated on the summary of audit differences (often referred to as adjustments passed at the workpaper level). AU-C
450.05 states that the auditor should accumulate misstatements identified during the audit, other than those that are clearly
trivial. (Emphasis added.) AU-C 450.A2 goes on to explain that clearly trivial does not mean the same thing as not material.
Misstatements that are clearly trivial are inconsequential in amount, whether considered individually or in the aggregate and
whether judged by any criteria of size, nature, or circumstance. Clearly trivial matters are a wholly different order of magnitude
(smaller) than materiality determined in accordance with AU-C 320. If there is any uncertainty regarding an item meeting the
classification of clearly trivial, the matter is not considered to be clearly trivial. Section 306 includes a discussion about
establishing a clearly trivial amount as part of the audit planning process.
1812.17 When determining whether the amount of a misstatement meets the clearly trivial criteria, be careful not to net
proposed adjustments at the workpaper level. For example, assume the auditor has determined that only misstatements
greater than $500 need to be accumulated on the summary of audit differences. If the auditor has a misstatement that
overstates income by $10,000 and a likely misstatement that understates income by $10,500, both misstatements need to be
included on the summary of audit differences.
1812.18 Evaluating Estimates.
12(117)
The result of auditing an accounting estimate is often an acceptable range in the
auditors mind for the estimate. AU-C 540 states that an accounting estimate may be evaluated by reviewing subsequent
events; testing managements methods, assumptions and data; or developing a point estimate or a range. If the clients
estimate is unreasonable based on the auditors evaluation, then the difference between the clients estimate and the auditors
estimate would be considered a judgmental misstatement. (When the auditors estimate is a range, the amount of the
misstatement is the difference between the clients estimate and the closest end of the auditors range.)
1812.19 AU-C 540.21 requires the auditor to review judgments and decisions made by management when making
accounting estimates to determine if there are any indicators of possible management bias. If management, for example,
always chooses estimated amounts for the valuation of assets that are at the low end of the auditors range of acceptable
amounts, the combined effect could result in a material misstatement of income. In that case, the auditor would consider
whether other recorded estimates reflect a similar bias and perform additional procedures to address those estimates taken
as a whole. The auditor might consider whether managements estimates were clustered at one end of the auditors range of
acceptable amounts in the prior year and at the other end in the current year. That could indicate the possibility that
management is using accounting estimates to manage earnings. If the auditor believes that is the case, he or she should
consider communicating the matter to those charged with governance.
1812.20 AU-C 240.32 requires the auditor to review accounting estimates for biases that could result in material misstatement
due to fraud. If the auditor identifies possible bias, the auditor should reevaluate the accounting estimates taken as a whole.
1812.21 Different Materiality Levels for Different Amounts, Subtotals, or Totals. The auditor makes more than one
determination related to materiality during an audit engagement. As discussed in detail beginning in paragraph 306.4, a
judgment is made about a single materiality amount for the financial statements taken as a whole known as planning
materiality. In addition to planning materiality, the auditor determines whether there are particular financial statement items for
which a lower planning materiality amount is appropriate based on user perceptions of the particular items. Also, to achieve
the objective of performing the audit to obtain reasonable assurance of detecting misstatements that the auditor believes
could be large enough, individually or in the aggregate, to be quantitatively material to the financial statements, the auditor
establishes a performance materiality amount at the individual account balance, class of transaction, or disclosure level.
Determining performance materiality is discussed in detail beginning in paragraph 306.25.
1812.22 The auditor also considers materiality when evaluating audit differences at the conclusion of the engagement.
During this evaluation, the auditor considers the effect of misstatements on specific amounts, subtotals, or totals in financial
statements. In this case, it is possible to use a larger amount in evaluating the effect on certain amounts, subtotals, or totals
than on others. For example, an auditor might conclude that the combined effect of misstatements on pretax income was
material at $10,000, but that the combined effect of misstatements might reach $20,000 before being material to equity. The
Audit Difference Evaluation Form discussed in paragraph 1812.30 is designed to accumulate audit differences by various
financial statement subtotals to accommodate the auditors consideration of the effect of misstatements noted.
1812.23 However, as discussed beginning in paragraph 1812.24, exclusive reliance on a quantitative amount or percentage
relationship for determining materiality is not appropriate. Qualitative factors also need to be considered. AU-C 320,
Materiality in Planning and Performing an Audit, includes a discussion about materiality in the context of an audit engagement.
AU-C 320.06 explains that while it is not practicable to design audit procedures to detect misstatements that are material
solely due to qualitative considerations, the auditor considers the size and the nature of uncorrected misstatements, as well
as the circumstances related to their occurrence, when evaluating the effect of misstatements on the financial statements.
According to AU-C 320.13, if, as the audit progresses, the auditor concludes that lower materiality levels than the amounts
determined during audit planning are appropriate, the auditor should reconsider the related levels of performance materiality
and the sufficiency of the further audit procedures that were performed. AU-C 450.06 indicates for the auditor to consider
whether misstatements identified as the audit progresses, require revision to the overall audit strategy and audit plan. In
making that determination, the auditor should consider whether (a) the nature of identified misstatements and the
circumstances related to their occurrence indicate that other misstatements may exist, that when aggregated with
misstatements already accumulated, could be material, or (b) the misstatements accumulated during the audit approaches
materiality levels determined in accordance with AU-C 320 (that is, planning and/or performance materiality).
1812.24 Qualitative Considerations. Establishing a quantitative threshold for materiality is only the starting point for an
overall evaluation of whether identified misstatements are material. Quantitative thresholds, such as dollar amounts or
percentages of financial statement components, are useful for making a preliminary determination that misstatements below
that amount probably are not material to the financial statements taken as a whole. However, an auditors overall judgment
about whether a misstatement is material may be influenced by qualitative considerations as well as quantitative
considerations. The consideration of qualitative factors may cause the auditor to conclude that a quantitatively small
misstatement is material to the financial statements. AU-C 450.A23 states, the circumstances related to some misstatements
may cause the auditor to evaluate them as material, individually or when considered together with other misstatements
accumulated during the audit, even if they are lower than materiality for the financial statements as a whole. The following are
examples of qualitative factors that might be considered:
a. Effect on Other Financial Statement Components. Some misstatements may not be significant by themselves but
could result in events or conditions that materially affect the financial statements. For example, in addition, some
misstatements, although not individually significant, may be pervasive to the financial statements (that is, affecting
numerous financial statement amounts, subtotals, or totals).
b. Effect on Trends, Especially Trends in Profitability. A misstatement might be immaterial to net income for the current
period but material to the overall trend of earnings, such as a misstatement that reverses a downward trend of
earnings or changes a loss into income. Also, a misstatement might mask a change in earnings or other trends,
especially in the context of general economic and industry conditions.
c. Significance of the Financial Statement Element or Portion of the Entitys Business Affected by the Misstatement. For
example, a misstatement affecting recurring earnings might be considered material whereas a misstatement of the
same amount involving a nonrecurring charge or credit, such as an extraordinary item, might not be considered
material. Similarly, a misstatement affecting a portion of the clients business that has been represented as
significant to the entitys future operations or profitability might be more material than a misstatement of the same
amount affecting another portion of the business.
d. Effect on Compliance. A misstatement might affect the entitys compliance with loan covenants, other contractual
agreements, or regulatory provisions. For example, a small misstatement affecting working capital might be material
if correcting it would reveal a default under a debt covenant.
e. The Existence of Statutory or Regulatory Requirements Affecting Materiality Thresholds. Deficiencies in disclosures of
related-party transactions or those required by statute or regulatory authority might be considered material even
though similar amounts for more routine items might be considered immaterial.
f. Effect on Managements Compensation. A misstatement might affect managements compensation (for example,
meeting an earnings target might trigger a bonus).
g. Sensitivity of the Circumstances. For example, implications of misstatements involving fraud, possible instances of
noncompliance with laws or regulations, violations of contractual provisions, or conflicts of interest could be
significant.
h. The Effects of Misclassifications. The effects of misclassifications could be significant to the financial statement
users, for example, a misclassification between operating or recurring income and nonoperating or nonrecurring
income.
i. Significance of the Misstatement or Disclosures in Relation to Reasonable User Needs. For example, a misstatement
that affects equity amounts could be material to creditors of a private company, or a misstatement could have a
significant effect on the calculation of purchase price if the entity is being acquired.
j. Character of the Misstatement. Audit differences are often determined with varying degrees of precision and
objectivity. Some differences, such as factual (known) misstatements, can be precisely quantified. Others involve a
degree of subjectivity through estimation, allocation, or uncertainty. The auditor needs to be cautious about
offsetting very precise differences (sometimes referred to as hard differences) with much less precise differences
(sometimes referred to as soft differences). For example, a large sales cutoff error might be individually material
even if it could be offset by an estimated overage in the allowance for inventory obsolescence. In that situation, the
auditor may recommend that the client book an adjustment for the cutoff error and not book an adjustment for the
other audit difference.
k. Motivation of Management. As discussed in paragraph 1812.19, misstatements may indicate a possible pattern of
bias by management in the development of accounting estimates. Misstatements may also be caused by
managements continued unwillingness to correct weaknesses in the entitys internal control system or intentional
decision not to follow GAAP or an OCBOA.
l. Offsetting Misstatements. As discussed in paragraph 1812.15, an individually significant misstatement may be offset
by a different misstatement that is also individually significant. Auditors needs to use caution when aggregating
individually significant misstatements with misstatements in other financial statement components.
m. Potential Effect on Future Periods. A misstatement that is currently immaterial may have a material effect in future
periods because, for example, of a cumulative effect or a favorable (or unfavorable) turnaround effect.
n. Cost of Making the Correction. On one hand, it may not be cost-beneficial for management to develop a system to
calculate and correct small misstatements. On the other hand, if there is little cost to calculate and record immaterial
corrections, failure to do so may be an indication of management motivation to manage earnings, as discussed in
item k.
o. Risk That Possible Additional Undetected Misstatement Would Affect the Evaluation. See the discussion of further
misstatement in paragraph 1812.25.
If the auditor believes a misstatement is, or may be, the result of fraud, the auditor should consider the implications of the
misstatement in relation to other aspects of the audit, even if the effect of the misstatement is not material to the financial
statements. (See the discussion beginning in paragraph 1812.26.)
1812.25 Risk of Possible Undetected Misstatements and Overall Evaluation. AU-C 450.A5 states If the aggregate of
misstatements accumulated during the audit approaches materiality, a greater than acceptably low level of risk may exist that
possible undetected misstatements, when taken with the aggregate of uncorrected misstatements accumulated during the
audit, could exceed materiality. In other words, even if the auditor concludes that the effects of uncorrected misstatements,
individually or in the aggregate, do not cause the financial statements to be materially misstated, the auditor recognizes that
there is a risk that the financial statements may be materially misstated due to further misstatement remaining undetected. If
combined uncorrected misstatement is very close to the amount an auditor considers material to the financial statements
taken as a whole, the risk of further misstatement may be considered unacceptable. For example, if an auditor considers
$20,000 material and uncorrected misstatement is $5,000, the risk of further misstatement of $15,000 may be considered
acceptably low. If combined uncorrected misstatement is very close to $20,000, the risk may be considered unacceptably
high. In that case, the auditor needs to perform additional procedures or determine that the entity appropriately adjusts the
Evaluating the Existence of Fraud
1812.26 According to AU-C 240.35, if the auditor identifies a misstatement, the auditor should evaluate whether it is indicative
of fraud. If the auditor believes that such an indication exists, he or she should evaluate its implications for the audit, including
the auditors evaluation of materiality, management and employee integrity, and the reliability of management representations,
recognizing that an identified instance of fraud is unlikely to be an isolated occurrence. If the auditor believes or suspects that
a misstatement, whether material or not, is a result of fraud and management (in particular, senior management) is involved,
AU-C 240.36 indicates that the auditor should reevaluate the assessment of the risks of material misstatement due to fraud
and its resulting effect on the nature, timing, and extent of audit procedures to respond to the assessed risks. Additionally, the
auditor should consider whether it indicates possible collusion involving employees, management, or third parties when
reconsidering the evidence previously obtained. If management is involved, questions about managements integrity may
raise doubts about the auditors ability to rely on representations made during the audit, as well as accounting records and
documentation. If the auditor concludes that, or is unable to conclude whether, the financial statements are materially
misstated as a result of fraud, the auditor should evaluate the implications for the audit. Section 307 provides further guidance
regarding fraud considerations, and section 1816 discusses the auditors responsibilities when evidence suggests fraud has
occurred.
1812.27 In some cases, the risk of material misstatement of the financial statements due to fraud is so significant that auditors
question their ability to continue performing the audit. In that case, AU-C 240.38 states the auditor should determine his or her
professional and legal responsibilities, such as whether a requirement exists to report the circumstances to those who
engaged the auditor or, if applicable, to regulatory authorities. Additionally, the auditor should consider whether it is
appropriate to withdraw from the engagement (when withdrawal is possible under applicable law or regulation). If the auditor
withdraws from the engagement, he or she should (1) discuss the withdrawal and the reasons for it with the appropriate level
of management and those charged with governance, and (2) determine whether they have a professional or legal requirement
to report the withdrawal and the reasons for it, to those who engaged them, or to regulatory authorities. The decision to
withdraw may depend on whether the identified risks call into question the integrity of management and whether management
or others with oversight are diligent and cooperative in investigating the situation and taking appropriate action. The authors
believe that auditors considering withdrawal should consult with legal counsel.
1812.28 As indicated in paragraph 1812.1, in order to evaluate the combined effect of various uncorrected misstatements, it
is necessary to summarize them in one place in the workpapers. AU-C 450.12 states that the auditor should prepare
documentation of the following:
The amount below which misstatements would be regarded as clearly trivial. Paragraphs 306.41 and 1812.16
discuss clearly trivial.
All misstatements accumulated by the auditor during the audit and whether they have been corrected by
management.
The auditors conclusion as to whether uncorrected misstatements, individually or in the aggregate, do or do not
cause the financial statements to be materially misstated, and the basis for that conclusion.
The practice aids at ASB-CX-12.1 and ASB-CX-12.2 meet all of the above documentation requirements, as well as provide
other useful information that assists the auditor in evaluating and communicating audit differences. See the discussion at
paragraph 1812.30.
1812.29 The documentation of uncorrected misstatements allows the auditor to do the following:
Separately consider the effects of factual, judgmental, and projected (previously known and likely) misstatements,
including uncorrected misstatements identified in prior periods.
Consider the aggregate effect of uncorrected misstatements on the financial statements.
Consider the qualitative factors that are relevant to the auditors consideration of whether misstatements are
material.
1812.30 A variety of workpaper formats could be used to summarize audit differences for consideration of their combined
effect on the financial statements. The important point is that the summary include the documentation requirements listed
beginning in paragraph 1812.28. To satisfy the requirements of AU-C 450.11 discussed beginning in paragraph 1812.13, the
auditor could use a summary that allows for the materiality of misstatements to be evaluated both individually and in the
aggregate and combines individually immaterial misstatements to evaluate the materiality of the effect on the financial
statements taken as a whole. A suggested format for accumulating and evaluating misstatements is presented in the Audit
Difference Evaluation Form (ASB-CX-12.2).
Summary of Audit Differences
1812.31 As discussed beginning in paragraph 1812.14, an auditor needs to combine, or aggregate, the effect on the financial
statements of all uncorrected misstatements to evaluate whether the financial statements taken as a whole are materially
misstated. According to AU-C 450, misstatements need to be combined in a way that enables the auditor to consider whether
the misstatements in individual amounts, subtotals, or totals in the financial statements materially misstate the financial
statements taken as a whole. That simply means the auditor needs to consider not only the materiality of individual
misstatements, but also their combined effect on important financial statement totals or subtotals, e.g., current assets, current
liabilities, gross profit, etc.
1812.32 Treatment of Prior-year Waived Adjustments. Two methodologies have been used in practice to aggregate audit
differencesthe rollover method and the iron curtain method. Some firms use the rollover method. Others use the iron curtain
method. The main difference between the two methods is how the effects of prior-period misstatements are considered. The
rollover method, which is also called the income statement method, considers the effect of all misstatements (current-period
misstatements as well as prior-period waived adjustments) on current-period income. The iron curtain method, which is also
called the balance sheet method, focuses on the impact of misstatements on the audited balance sheet and considers the
effect on current-period income of amounts needed to correct the balance sheet.
1812.33 To illustrate, assume that at the end of the prior period, inventory was overstated by $10,000 and the client waived
an adjustment to correct the misstatement. As a result, cost of sales was understated and net income was overstated by
$10,000 at the end of the prior period. Assume also that at the end of the current period, inventory is overstated by $15,000.
Under the rollover method, the current period balance sheet will be misstated by $15,000 while the income statement will be
misstated by only $5,000 (the net effect of the $15,000 current period inventory overstatement and reversal of the $10,000
prior year overstatement). Under the iron curtain method, the impact of the prior-year waived adjustment on current-period
income would not be considered. Inventory would be overstated by $15,000 and the cost of sales in the current period would
be understated by $15,000. In other words, the $15,000 effect of correcting the balance sheet misstatement at the end of the
current period would be used in evaluating the income effect of the waived adjustment.
1812.34 The auditing standards do not provide much, if any, guidance to auditors on the appropriate approach to aggregate
audit differences. AU-C 450.A25 mentions only that different acceptable approaches exist and recommends using the same
evaluation approach from period to period to provide consistency.
1812.35 When used as alternatives, both the rollover method and the iron curtain method have significant weaknesses. One
of the weaknesses of the rollover method is that balance sheet misstatements could accumulate over multiple periods to an
amount that would have a material effect on income if it were concluded in the future that recording a correction was
desirable. The iron curtain method, on the other hand, can completely ignore the current-year effect on income (for example,
the impact of a reversal) of misstatements detected in prior periods. Practice for nonpublic company engagements currently
accepts either the rollover or iron curtain method. The Audit Difference Evaluation Form at ASB-CX-12.2 accommodates
both methods. The example beginning in paragraph 1812.40 illustrates ASB-CX-12.2 using both the rollover and iron curtain
methods.
1812.36 Applying the Rollover and Iron Curtain Methods. The rollover method considers the relationship between equity
and net income. The effect of a misstatement in opening equity usually has the opposite effect on net income, and a
misstatement in ending equity usually has the same effect on net income. For example, assume the client did not record an
adjustment to accrue for paid vacation leave earned by employees in the prior period. As a result, income (and equity) was
overstated at the end of the prior period. The paid vacation leave was included in current-year expense when the employees
took the time off and were paid for it. As a result, the prior-year misstatement had the effect of understating current-year
income. However, if the client did not accrue for the paid vacation leave earned in the current year, the effect on income in the
current year might be immaterial when taking into account the rollover or turnaround effect of the prior-year misstatement that
was not adjusted for in the prior year.
1812.37 To illustrate using the rollover method, assume the auditor prepares the following analysis of the effect of
misstatements detected in the audits for 20X1 and 20X2 (excluding tax effects):
current year might be immaterial when taking into account the rollover or turnaround effect of the prior-year misstatement that
was not adjusted for in the prior year.
1812.37 To illustrate using the rollover method, assume the auditor prepares the following analysis of the effect of
misstatements detected in the audits for 20X1 and 20X2 (excluding tax effects):
Effect of Misstatement (Pretax)Dr. (Cr.):
Liabilities
Beginning
Equity
Income before
Taxes
20X1:
Failure to accrue paid vacation leave earned by
employees in 20X1 $ (10,000) $ 10,000
20X2:
20X1 paid vacation leave expensed in 20X2 $ 10,000 $ (10,000)
Failure to accrue paid vacation leave earned by
employees in 20X2 $ (10,500) 10,500
Cumulative financial statement adjustment at
12-31-X2pretax $ (10,500) $ 10,000 $ 500
In the illustration, the auditor is likely to consider the effort on income in 20X2 as immaterial after considering the effect of the
prior year misstatement. (In the example, ending equity at 12-31-X2 is overstated by $10,500, representing the $10,000
overstatement of beginning equity and the $500 overstatement of 20X2 income.)
1812.38 Using this same example, the iron curtain method would ignore the effects of uncorrected prior year errors in
determining the likely misstatement of financial statements. The reasoning is that an entry to beginning equity would be a
prior-period adjustment. Because the auditor passed the adjustment for 20X1 as immaterial, it would be inconsistent to record
the $10,000 as a prior-period adjustment to beginning equity. Instead, the auditor would focus on the $10,500 understatement
of the ending vacation accrual in the 12-31-X2 balance sheet. Accordingly, in determining likely misstatement of the 20X2
financial statements, the auditor would, therefore, conclude that income for 20X2 is overstated by $10,500 rather than by
$500.
1812.39 Dual Approach Recommended. The authors believe it is not appropriate to use the effect of prior year
misstatements to avoid adjusting for what otherwise would be a material misstatement in the current year. For example, using
the vacation liability example from paragraph 1812.36, assume the client never accrues for the vacation liability. If the clients
work force does not grow significantly and salaries do not increase significantly in any given year, the effect on income in any
given year might not be material when taking into account the effect of the prior year misstatement. However, over time, the
actual liability could grow to be a significant amount, which could result in liabilities and equity being materially misstated. In
order to correct the misstatements, the financial statements for previous years may have to be restated, which would be an
embarrassing situation for the auditor. For this reason, the authors recommend that in quantifying the effect of misstatements,
both the rollover and iron curtain methods be used by the auditor. As indicated in paragraph 1812.12, the auditor should
propose an adjustment to the financial statements if either method indicates a material misstatement of the current year
1812.40 Illustration. When using ASB-CX-12.2, Audit Difference Evaluation Form, the effects of unadjusted audit
differences from prior years (that is, the turnaround effect of prior year misstatements) can only be posted to current year
income. The effects, if any, of prior year unadjusted audit differences that impact current year assets, liabilities, or ending
equity are reflected as current year audit differences on the form. That approach allows the auditor to track misstatements
with ongoing balance sheet implications from period to period. Exhibit 18-17 illustrates a completed Audit Difference
Evaluation Form using the rollover method, assuming the following misstatements detected in the audits for 20X1 and 20X2
(using a 34% effective tax rate):
20X1:
1. Failure to accrue paid vacation leave earned by employees in 20X1 $ 10,000
2. Capital equipment acquired 12-28-X1 charged to maintenance and repairs
(10-year estimated useful life) 7,500
3. Unaccrued 20X1 audit fees, incurred by year end 5,000
20X2:
1. Failure to accrue paid vacation leave earned by employees in 20X2 $ 10,500
2. Unaccrued 20X2 audit fees, incurred by year end 5,200
3. Excess provision for warranty costs on new product line 5,000
4. Current deferred income tax receivable netted against noncurrent deferred
income tax payable 5,100
The Notes to Exhibit 18-17 explain how the form would be completed using the iron curtain method for the same set of
misstatements.
Exhibit 18-17
ASB-CX-12.2: Audit Difference Evaluation Form
Company: Plas-Cup, Inc. Balance Sheet Date: 12-31-X2
Completed by: Mary Senior Date: 2-27-X3
Instructions: This form may be used to accumulate audit differences (AD) greater than the amount considered clearly trivial (documented at Step 5
of ASB-CX-2). This form should not include normal closing entries. At the end of the audit, the auditor should evaluate all uncorrected audit
differences, individually and in the aggregate, in relation to individual amounts, subtotals, or totals in the financial statements and conclude on
whether they materially misstate the financial statements taken as a whole. Before evaluating the effect of uncorrected misstatements, the auditor
should reassess whether materiality is still appropriate based on the entitys actual financial results. The notes following the table provide footnote
explanations and a listing of qualitative considerations in evaluating materiality. The form allows for quantifying the effect of misstatements using
both the rollover and iron curtain methods, as appropriate. The auditor should review the guidance in section 1812 before completing this
Financial Statements Effect
Amount of Over (Under) Statement of:
Description (Nature)
of Audit Difference
(AD)
Factual (F),
Judgmental
(J), or
Projected
(P)
a
Cause
Work
paper
Ref.
Total
Assets
Total
Liabilities
b
Working
Capital Equity
b
Income
Before
Taxes
Income
Taxes
Failure to accrue
20X2 paid vacation
F Cash
basis
accountin
g
AA-4 (10,500) 10,500 6,930 10,500
Unaccrued 20X2 audit
fees
F Cash
basis
accountin
g
10-3 (5,200) 5,200 3,432 5,200
Excess provision for
warranty costs
J Estimate AA-5 5,000 (5,000) (3,300) (5,000) (1,700)
Failure to reclassify
current deferred
income tax receivable
F Classificat
ion error
FF-2 (5,100) (5,100) (5,100)
Capital equipment
expensed in 20X1
d
F Improper
accountin
g
(7,500) (4,950) (7,500) (2,550)
Depr. exp related to
capital equipment
expensed in 20X1
d
F Improper
accountin
g
750 495 750
Total (11,850) (15,800) 5,600 2,607 3,950
Less Audit Adjustments Subsequently Booked
Net Unadjusted ADCurrent Year (Iron Curtain Method) (11,850) (15,800) 5,600 2,607 3,950
Effect of Unadjusted ADPrior Years
e
(7,500)
f (2,550)
Combined Current and Prior Year AD (Rollover
Method)
g
(11,850) (15,800) 5,600 2,607 (3,550) (1,207)
Financial Statement Caption Totals 1,210,948 429,350 439,155 781,598 261,391
Current Year AD as % of FS Captions (Iron Curtain
Method)
.98% 3.68% 1.28% .33% 1.51%
Current and Prior Year AD as % of FS Captions (Rollover
Method)
.98% 3.68% 1.28% .33% 1.36%
Describe qualitative factors that entered into your evaluation of whether uncorrected accumulated misstatements are material,
individually or in the aggregate, in relation to specific accounts and disclosures and to the financial statements as a whole,
and the reasons why.

Conclusion: Based on the results of the evaluation performed above, as well as the consideration of qualitative factors,
uncorrected audit differences, individually and in the aggregate, do/ [n] do not cause the financial statements taken as a
whole to be materially misstated.
Notes:
a
Under the clarified standard AU-C 450, Evaluation of Misstatements Identified During the Audit, the terms factual,
judgmental, and projected have replaced the terms known and likely. AU-C 450 is effective for audits of financial
statements for periods ending on or after December 15, 2012. For audits of financial statements prior to the effective date
of AU-C 450, auditors may continue to use the terms of known and likely and put a K or L in this column. See the
discussions beginning at paragraphs 1812.3 and 1812.9 for further information regarding this change.
b
The impact of taxes payable is not included in this illustration for simplicity purposes.
c
Income taxes and net income effect may be calculated in total for all audit differences combined rather than for each
individual audit difference.
d
Failure to capitalize equipment in 20X1 results in a similar understatement of assets in 20X2 because the client did not
record the adjustment. To determine the net effect on the financial statements in 20X2, the amount that was not
capitalized in 20X1 is offset by depreciation expense that would have been taken in 20X2 if the asset had been
capitalized. (No depreciation expense was necessary in 20X1 because the asset was acquired 12-28-X1.) The audit
difference at 12-31-X2 using the rollover method is determined as follows and posted to ASB-CX-12.2:
Assets Equity Income
20X1 understatement of property $ (7,500) $ (7,500)
20X2 depreciation expense not taken (10-year useful life) 750 750 $ 750
20X2 audit differencepretax (6,750) (6,750) 750
Tax effect (34%) 2,295 (255)
20X2 audit differenceafter tax $ (6,750) $ (4,455) $ 495
The audit difference at 12-31-X2 using the iron curtain method would be determined as follows:
20X1 understatement of property $ (7,500) $ (7,500) $ (7,500)
20X2 depreciation expense not taken (10-year useful life) 750 750 750
20X2 audit differencepretax (6,750) (6,750) (6,750)
Tax effect (34%) 2,295 2,295
20X2 audit differenceafter tax $ (6,750) $ (4,455) $ (4,455)
e
The effects, if any, of prior year unadjusted audit differences on current year assets, liabilities, and ending equity are to
be reflected as current year audit differences and separately identified above. This line is used only for prior year
unadjusted audit differences that reverse in the current year under the rollover method that have no effect on current year
assets, liabilities, or ending equity. Effects of prior year unadjusted differences that affect current year assets, liabilities, or
equity are to be reflected in the Description column above. See the discussion beginning at paragraph 1812.31.
f
The effect of unadjusted audit differences from the prior year includes reversal of prior year unaccrued vacation leave
($10,000) and reversal of prior year unaccrued audit fees ($5,000), both of which were expensed when paid during 20X2.
It also includes the reversal of capital equipment additions in the amount of $7,500 not made in 20X1.
g
The Net Audit Differences line under the iron curtain method as compared to the rollover method would be as follows.
Iron Curtain Rollover Difference
Total Assets: (11,850) (11,850)
Total Liabilities: (15,800) (15,800)
Working Capital: 5,600 5,600
Equity: 2,607 2,607
Income Before Taxes: 3,950 ( 3,550) 7,500
Income Taxes: 1,343 ( 1,207) 2,550
Net Income: 2,607 ( 2,343) 4,950
* * *
Evaluation of Overall Materiality
1812.41 The combined effect of uncorrected misstatements on various financial statement components (amounts, subtotals,
or totals) should be compared to the amount that the auditor considers material to the financial statements taken as a whole.
The auditors judgments about materiality in audit planning (see section 306) may be different than materiality used in
evaluating audit findings because it is not possible to anticipate everything that could ultimately influence judgments about
materiality when evaluating audit findings at completion of the audit. For example, while performing the audit, the auditor may
become aware of quantitative or qualitative factors that were not initially considered but could be important to users of the
financial statements. Those factors should be considered in making materiality judgments about audit findings. If the auditor
concludes that a lower materiality level than initially determined is appropriate, the auditor should reconsider performance
materiality and appropriateness of the nature, timing, and extent of further audit procedures. If the nature of identified
misstatements and the circumstances of their occurrence indicate that other misstatements may exist that could be material
when aggregated with identified misstatements, the auditor should also consider whether the overall audit strategy and audit
plan need to be revised.
Analysis of Audit Time
1812.42 Another aspect of the summarization and evaluation stage of an engagement is analysis of audit time. Normally, the
audit time spent is recorded day by day, and when it becomes apparent that audit time for a particular financial statement
component may exceed budget, prompt corrective action is necessary. Near the end of the engagement, total audit time
needs to be summarized and evaluated. Chapter 3 discusses the importance of using a simple method to account for time.
ASB-CX-17.2 and ASB-CX-17.3 present forms that can be used to monitor staff time and the progress of the major
engagement activities.
1812.43 It is beneficial for a variety of reasons to summarize and explain significant variations for the original audit time
budget. Such an analysis is useful for planning for the next year and in fee discussions with the client. Also, explaining
significant budget underages may be important for legal liability purposes.
Consultation on Technical Issues
1812.44 The review of workpapers, particularly the summarization and evaluation of audit differences, may indicate the need
to consult with someone not involved in the engagement on complex technical issues. The fact that consultation has taken
place and the resolution of the issue should be documented in the workpapers, but when consultation is necessary and with
whom vary considerably.
1812.45 Some firms designate specialists in particular industries. Some firms designate a particular person to become expert
in unusually complex areas, such as leases or pension plans. Most firms have specialists in income taxes. The extent of
specialization varies with firm size and individual firm preference. Naturally, the smaller a firm is, the less likely the firm has
specialists available for consultation. On particularly complex matters, outside consultation may be advisable. The AICPA, for
example, has a technical information service that answers inquiries on complex accounting and auditing issues. The toll-free
number for this service is (888) 777-7077.
1812.46 PPCs Guide to Quality Control discusses consultation in more detail. SQCS No. 8, A FIrms System of Quality
Control, at QC 10.37, indicates that a firm should establish policies and procedures designed to provide it with reasonable
assurance that consultation takes place when appropriate (for example, when dealing with difficult or contentious issues) and
that various other aspects of consultation, including documentation, are sufficient and appropriate. That Guide can be
ordered by calling (800) 431-9025 or by visiting the website at ppc.thomsonreuters.com.
1812.47 AU-C 220.20 places responsibility on the audit engagement partner to ensure that appropriate consultation is
undertaken on difficult or contentious matters. Further, the engagement partner should be satisfied that
Members of the engagement team have followed consultation policies during the course of the engagement.
The nature and scope of the consultation is agreed upon with the party consulted.
The conclusions resulting from such consultations are understood by the party consulted.
The conclusions resulting from such consultations have been implemented.
The audit documentation includes the nature and scope of, and conclusions resulting from, consultations
undertaken during the engagement.
1812.48 AU-C 220.A20 notes that members of the audit engagement team also a responsibility regarding consultation. Their
responsibility is to bring to the attention of appropriate personnel matters encountered during the performance of the
engagement that they believe are difficult or contentious and may require consultation. AU-C 220.A22 suggests that the
engagement team may take advantage of advisory services offered by other firms, professional and regulatory bodies, or
commercial organizations that provide relevant quality control services.
1813 DRAFTING FINANCIAL STATEMENTS AND THE AUDITORS REPORT
Drafting Financial Statements
1813.1 In many engagements, the auditor drafts or assists with drafting the financial statements. Client management should
understand that the auditors involvement in drafting the financial statements does not change the fact that management is
responsible for the financial statements. Management is expected to acknowledge its responsibility in the management
representation letter. Furthermore, for the auditor to remain independent, management must agree to accept this
responsibility, and the auditor should be satisfied that the manager has the ability to do so. The auditors understanding with
the client regarding drafting the financial statements should be documented as discussed in Chapter 2. As explained in
section 1804, an auditor needs to discuss the representation letter with management so management understands the
meaning and significance of acknowledging responsibility for the financial statements.
1813.2 Management needs to also understand that the auditors involvement in drafting the financial statements may
represent a significant deficiency or material weakness in internal control that should be communicated, in writing, to
management and those charged with governance. Communicating internal control related matters, including issues related to
the auditors involvement in financial statement preparation, are discussed in detail in section 1814.
1813.3 Many auditors use software packages that maintain the auditors trial balances. Auditors or their clients load the
clients account data into the computer. The software posts audit adjustments and automatically updates the trial balance.
Many trial balance software packages also provide additional features for analytical review, consolidation, and financial
statement preparation. Some packages interface with various general ledger and spreadsheet software. Those interfaces
allow the auditor to transfer the clients data from the general ledger or spreadsheet files directly into the trial balance. Other
trial balance software can export data to tax return preparation packages. PPCs Guide to Managing an Accounting Practice
discusses factors to consider when evaluating trial balance software.
1813.4 Statement of Cash Flows. All the information for the statement of cash flows is derived from the other basic financial
statements. Once audit procedures have been applied to the other basic statements, the statement of cash flows can be
prepared. Usually, a comparative workpaper schedule is prepared to determine the amounts for the statement and to identify
the sources of these amounts by cross-reference to other workpapers. Generally, no additional audit tests are necessary
because the amounts have already been substantiated on the source schedules. For example, property additions and
issuance of long-term debt come directly from the workpapers for those balance sheet accounts, and audit procedures will
have been applied to those amounts. If an amount does not come directly from another workpaper, its calculation should be
detailed on the schedule used to prepare the statement of cash flows.
1813.5 Notes to Financial Statements. The notes to the financial statements are an integral part of the statements.
Normally, the information in the notes is tested when the related financial statement components are tested, and the
workpapers for those components are the source of the information for notes. If note information is extensive, there is some
advantage in preparing a separate schedule to summarize the facts and amounts for note disclosure and to cross-reference
that information to the workpapers for related financial statement components.
1813.6 Summary of Accounting Policies. Accounting standards require disclosure of significant accounting policies. The
information may be summarized in the first note to the financial statements or be included in notes on particular financial
statement components. For example, depreciation methods may be disclosed in a note on property or included in one note
that contains all significant accounting policies. Some auditors find it convenient to summarize a clients significant
accounting policies in a carryforward schedule in the workpapers and update that schedule each year. Significant accounting
policies can also be documented in ASB-CX-3.1.
1813.7 Disclosure Checklists. The summary of significant accounting policies is only one of many disclosures required by
current accounting standards. Even the most experienced auditors find it necessary to use some aid to remind them of the
multitude of required disclosures. The authors recommend that an audit firm adopt a disclosure checklist and use it in all audit
engagements as an overall review for financial statement disclosures. A disclosure checklist tailored to the usual
circumstances of nonpublic companies is presented at ASB-CX-13.
Drafting the Auditors Report
1813.8 Authoritative Literature. Due to the significant changes in the clarified standards related to auditors reports, the
clarified reporting standards should not be adopted early. Therefore, this section includes discussions on reporting under
both the pre-clarified (AU 508) and clarified (AU-C 700) authoritative standards. SAS No. 58 (AU 508), Reports on Audited
Financial Statements, is effective for audits of financial statements for periods ending before December 15, 2012, and AU-C
700, Forming an Opinion and Reporting on Financial Statements, is effective for audits of financial statements for periods
ending on or after December 15, 2012. AU 508 is discussed beginning at paragraph 1813.14 and AU-C 700 is discussed
beginning at paragraph 1813.15. As discussed in paragraph 1800.7, this Guide provides limited guidance on reporting.
However, a companion publication to this GuidePPCs Guide to Auditors Reportsincludes detailed authoritative
guidance, practical solutions to reporting problems, and illustrations of nearly 300 different types of auditors reports.
1813.9 Preparing the Draft Auditors Report. It maybe convenient to prepare the draft auditors report by revising last
years report. It is particularly important to incorporate changes that might be caused by the following factors:
a. Changes in titles of financial statements; client name, e.g., merger or new form of doing business; or dates, e.g.,
fiscal year changed for tax purposes.
b. New accounting or auditing pronouncements.
13(118)
c. Different circumstances requiring modification of the opinion, e.g., adoption of an accounting principle not in
conformity with GAAP or new litigation causing a material uncertainty.
1813.10 Referencing all names, titles, amounts, and representations in the report to supporting documentation in the audit
workpapers helps assure an accurate auditors report. For example, the companys name can be traced to the corporate
charter or letterhead, amounts appearing in an explanatory paragraph can be traced to the trial balance or audited financial
statements, and the type of opinion can be traced to a checklist or memo in the workpapers.
1813.11 Dating the Auditors Report. GAAS requires that the date of the auditors report should be no earlier than the date
sufficient appropriate audit evidence has been obtained to support the opinion on the financial statements. Among other
items, sufficient appropriate audit evidence includes evidence that:
The audit work has been reviewed.
The financial statements, including disclosures, have been prepared.
Management has taken responsibility for the financial statements.
1813.12 The auditor needs to coordinate the following dates:
Audit report date.
Management representation letter date. (See discussion beginning at paragraph 1804.22.)
Subsequent events evaluation footnote disclosure date. (See discussion in section 1805.)
1813.13 In order to coordinate the auditors report date, management representation letter date, and the subsequent events
evaluation footnote disclosure date, the auditor may want to take the following steps:
Discuss the dating requirements with management in advance of starting the audit.
Include in the engagement letter a provision that management will not date the subsequent event note earlier than
the date of their management representation letter and the date of the auditors report.
This process will generally result in the date management discloses as the date through which they have evaluated
subsequent events being the same date as the auditors report.
1813.14 Drafting the Auditors Report under SAS No. 58 (AU 508)Effective for Audits of Periods Ending before
December 15, 2012. SAS No. 58 (AU 508) specifies the meaning, form, and content of the different types of audit reports and
the circumstances when each should be issued. An illustration of a standard unqualified report for single period financial
statements of a corporation for audits of periods ending before December 15, 2012 is included at Exhibit 18-18. This report is
provided as an example only. The 2011 edition of PPCs Guide to Auditors Reports provides extensive guidance and
numerous examples of auditors reports for single period financial statement, comparative financial statements, and
nonstandard reporting situations and also includes an Audit Reporting Checklist.
Exhibit 18-18
Auditors Standard Report
GAAP Basis Financial Statements of a Corporation for a Single YearEffective for Periods Ending before December
15, 2012
a, b
INDEPENDENT AUDITORS REPORT
To the Board of Directors and Stockholders of
ABC Company
We have audited the accompanying balance sheet of ABC Company as of December 31, 20X1, and the related statements of
income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the
Companys management. Our responsibility is to express an opinion on these financial statements based on our audit.
We conducted our audit in accordance with auditing standards generally accepted in the United States of America. Those
standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements
are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and
disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant
estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit
provides a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of [ABC
Company] as of [December 31] , 20 [X1] , and the results of its operations and its cash flows for the year then ended in
conformity with accounting principles generally accepted in the United States of America.

Firms signature

Location of firm (city, state)
, 20
Report date
Notes:
a
AuthoritySAS No. 58 at AU 508.08. This report should be used for audits of periods ending before December 15, 2012.
b
This illustration is provided as an example of a standard report for a corporation with single period financial statements.
The 2011 edition of PPCs Guide to Auditors Reports, Chapter 8, provides numerous examples of auditors reports for
comparative financial statements and nonstandard reporting situations.
* * *
1813.15 Drafting the Auditors Report under AU-C 700Effective for Audits of Financial Statements for Periods
Ending on or after December 15, 2012. AU-C 700 addresses the auditors responsibility to form an opinion and the form
and content of the auditors report and is effective for audits of financial statements for periods ending on or after December
15, 2012. As discussed in section 101, early adoption of the clarified standards generally is not permitted. Due to the
significant changes in the clarified reporting standards, auditors should not early adopt the AU-C 700 requirements. The 2012
edition of PPCs Guide to Auditors Reports will provide extensive guidance and reporting examples under the clarified audit
reporting standards.
1813.16 In all significant respects, AU-C 700 maintains the auditors responsibilities for reporting on financial statements as
required by AU 508. However, the form of auditors report in AU-C 700 differs significantly from the auditors report in AU 508
in that it
requires the use of headings to highlight (a) managements responsibility for the financial statements, (b) the
auditors responsibility, and (c) the auditors opinion.
describes managements and the auditors responsibilities in greater detail; and
requires the city and state where the auditor practices to be stated.
Exhibit 18-19 presents an example of a standard, unmodified auditors report in AU-C 700.
Exhibit 18-19
AUDITORS STANDARD REPORTGAAP Basis Financial Statements of a Corporation for a Single YearEffective for
Periods Ending on or after December 15, 2012
a, b
INDEPENDENT AUDITORS REPORT
[Appropriate Addressee]
Report on the Financial Statements
We have audited the accompanying financial statements of ABC Company which comprise the balance
sheet as of December 31, 20X1, and the related statements of income, retained earnings, and cash flows for
the year then ended, and the related notes to the financial statements.
Managements Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in
accordance with accounting principles generally accepted in the United States of America; this includes the
design, implementation, and maintenance of internal control relevant to the preparation and fair presentation
of financial statements that are free from material misstatement, whether due to fraud or error.
Auditors Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted
our audit in accordance with auditing standards generally accepted in the United States of America. Those
standards require that we plan and perform the audit to obtain reasonable assurance about whether the
financial statements are free of material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend on the auditors judgment, including the assessment
of the risks of material misstatement of the financial statements, whether due to fraud or error. In making
those risk assessments, the auditor considers internal control relevant to the entitys preparation and fair
presentation of the financial statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entitys internal
control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of
accounting policies used and the reasonableness of significant accounting estimates made by
management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our
audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial
position of ABC Company as of December 31, 20X1, and the results of its operations and its cash flows for
the year then ended in accordance with accounting principles generally accepted in the United States of
America.
[Auditors signature]
[Auditors city and state]
[Date of the Auditors Report]
Notes:
a
AuthorityAU-C 700. This report form should be used for audits of financial statements for periods ending on or after
December 15, 2012.
b
This illustration is provided as an example of a standard report for a corporation with single period financial statements.
The 2012 edition of PPCs Guide to Auditors Reports will provide guidance and numerous reporting examples under the
clarified audit reporting standards, including AU-C 700.
* * *
Discussion with Management
1813.17 After the workpapers, draft financial statements (normally stamped or annotated on each page, such as DraftFor
Discussion Purposes Only), and draft auditors report have been reviewed, a meeting is usually held with management to
discuss the statements and report. The primary focus in the discussion with management is review of the draft financial
statements and auditors report. Usually, in a small business engagement, the emphasis is on explanation of matters such as:
a. Complex accounting principles and the effect of their application on the financial statements. (The depth of the
discussion depends on the knowledge and experience of management.)
b. Relationship of the representations in the management representation letter to the financial statements.
In addition, a closing meeting with the client is an opportunity for effective two-way communication with the clients
management. The auditor can increase his or her understanding of the clients business and business risks by making
inquiries of management about the future outlook for the company and significant risks or concerns of management. Such
communication may be helpful in planning future audits and provide additional support for conclusions reached in the
current-year audit. It can also be used to communicate matters as required under AU-C 260, as discussed beginning at
paragraph 1815.1.
1813.18 Unresolved Issues. If there are any unresolved issues concerning financial statement presentation, they are
discussed at this time. The auditor needs to explain the effect on the audit report of departures from GAAP, particularly issues
concerning adequacy of disclosure.
1813.19 Internal Control Related Matters, Errors, and Fraud. The discussion with management needs to also include
problems identified in the audit, such as internal control related matters, material errors, and fraud. The auditor will usually
also want to make suggestions for improvements to avoid those problems in the future, if that is possible. Those matters are
explained further beginning in paragraphs 1814.1.
1813.20 Other Matters. A variety of other matters may also be covered in this discussion with management. Some auditors
find it useful to discuss one or more of the following in the meeting:
a. Fees. It can be effective to discuss the audit fee at this time so that the amount of the fee can be explained in relation
to the problems that arose in fieldwork.
b. Management Comments. Observations and suggestions about operational or administrative efficiencies, business
strategies, and other items of perceived benefit to the client that go beyond internal control related matters and, in
the auditors judgment, are not control deficiencies that should be otherwise communicated under professional
standards, can be communicated to the client in a management comment letter or verbally.
c. Other Services. The arrangements for the nature and extent of other services, e.g., tax preparation, tax advice, or
cash flow projection, can be confirmed.
d. Report Copies. Arrangements can be confirmed for the number of copies of the final financial statements and audit
report to be supplied.
1814 COMMUNICATING INTERNAL CONTROL RELATED MATTERS
1814.1 AU-C 265, Communicating Internal Control Related Matters Identified in an Audit, establishes requirements for
auditors to communicate certain control deficiencies that they have identified during the audit. Control deficiencies that are, in
the auditors judgment, significant deficiencies or material weaknesses should be communicated in writing to management
and those charged with governance.
14(119)
1814.2 Definitions. AU-C 265 contains the following definitions:
Deficiency in Internal Control. A deficiency in internal control exists when the design or operation of a control does
not allow management or employees, in the normal course of performing their assigned functions, to prevent, or
detect and correct, misstatements on a timely basis. A deficiency in design exists when (a) a control necessary to
meet the control objective is missing, or (b) an existing control is not properly designed so that, even if the control
operates as designed, the control objective would not be met. A deficiency in operation exists when a properly
designed control does not operate as designed or when the person performing the control does not possess the
necessary authority or competence to perform the control effectively.
Significant Deficiency. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that
is less severe than a material weakness yet important enough to merit attention by those charged with governance.
Material Weakness. A material weakness is a deficiency, or a combination of deficiencies, in internal control, such
that there is a reasonable possibility that a material misstatement of the entitys financial statements will not be
prevented, or detected and corrected, on a timely basis.
1814.3 The following paragraphs summarize the objectives and requirements for the communication of internal control
matters under AU-C 265, Communicating Internal Control Related Matters Identified in an Audit.
1814.4 The objective of the auditor when communicating internal control related matters is to appropriately communicate to
management and those charged with governance identified deficiencies in internal control that are, in the auditors
professional judgment, of sufficient importance to merit their respective attentions. The requirements that should be followed
to achieve that objective are summarized in Exhibit 18-20.
Exhibit 18-20
Requirements for Communicating Internal Control Related Matters Identified in an Audit
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Determination of Whether Deficiencies in Internal Control Have Been
Identified
The auditor should determine whether, on the basis of the audit work
performed, the auditor has identified one or more deficiencies in internal
control.
ASB-CX-15.1
ASB-CX-15.2
Evaluating Identified Deficiencies in Internal Control
If the auditor has identified one or more deficiencies in internal control, the
auditor should evaluate each deficiency to determine, on the basis of the
audit work performed, whether, individually or in combination, they
constitute significant deficiencies or material weaknesses.
AU-C 265.09 ASB-CX-15.1
If the auditor determines that a deficiency, or a combination of
deficiencies, in internal control is not a material weakness, the auditor
should consider whether prudent officials, having knowledge of the same
AU-C 265.10 ASB-CX-15.1
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
facts and circumstances, would likely reach the same conclusion.
Communication of Deficiencies in Internal Control
The auditor should communicate in writing to those charged with
governance on a timely basis significant deficiencies and material
weaknesses identified during the audit, including those that were
remediated during the audit.
ASB-CL-4.1
through
ASB-CL-4.3
The auditor also should communicate to management at an appropriate
level of responsibility, on a timely basis:
In writing, significant deficiencies and material weaknesses that the
auditor has communicated or intends to communicate to those
charged with governance, unless it would be inappropriate to
communicate directly to management in the circumstances.
In writing or orally, other deficiencies in internal control identified
during the audit that have not been communicated to management
by other parties and that, in the auditors professional judgment, are
of sufficient importance to merit managements attention. If other
deficiencies in internal control are communicated orally, the auditor
should document the communication.
ASB-CL-4.1
through
ASB-CL-4.3
The communications should be made no later than 60 days following the
report release date.
AU-C 265.13 ASB-CL-4.1
through
ASB-CL-4.3
The auditor should include in the written communication of significant
deficiencies and material weaknesses:
The definition of the term material weakness and, when relevant, the
definition of the term significant deficiency.
A description of the significant deficiencies and material weaknesses
and an explanation of their potential effects.
Sufficient information to enable those charged with governance and
management to understand the context of the communication. In
particular, the auditor should include in the communication the
following elements that explain that:
The purpose of the audit was for the auditor to express an
opinion on the financial statements.
The audit included consideration of internal control over financial
reporting in order to design audit procedures that are
appropriate in the circumstances but not for the purpose of
expressing an opinion on the effectiveness of internal control.
The auditor is not expressing an opinion on the effectiveness of
internal control.
The auditors consideration of internal control was not designed
to identify all deficiencies in internal control that might be
material weaknesses or significant deficiencies, and therefore,
material weaknesses or significant deficiencies may exist that
were not identified.
In accordance with AU-C 905, Alert That Restricts the Use of an
Auditors Report, a restriction regarding the use of the communication
to management, those charged with governance, others within the
organization, and any governmental authority to which the auditor is
required to report.
AU-C 265.14 ASB-CL-4.1
through
ASB-CL-4.3
When the auditor issues a written communication stating that no material AU-C 265.15 ASB-CL-4.3
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
weaknesses were identified during the audit, the communication should
include the matters in AU-C 265.14a and cd.
The auditor should not issue a written communication stating that no
significant deficiencies were identified during the audit.
AU-C 265.16 ASB-CL-4.1
through
ASB-CL-4.3
For audits of group financial statements, the group engagement team
should communicate to group management and those charged with
governance material weaknesses in internal control that are relevant to the
group (either identified by the group engagement team or brought to its
attention by a component auditor during the audit)
AU-C 600.45 ASB-CL-4.1
through
ASB-CL-4.3
* * *
Identifying Control Deficiencies
1814.5 AU-C 265.08 states that the auditor should determine whether, on the basis of the audit work performed, the auditor
has identified one or more deficiencies in internal control.
1814.6 An auditor may become aware of control deficiencies while performing a variety of audit procedures, including
obtaining an understanding of the entitys internal control, performing risk assessment procedures, or performing tests of the
operating effectiveness of controls (that is, tests of controls). For example, a test of controls may detect deviations from
prescribed procedures. Deviations might be caused by factors such as changes in personnel, human error, or significant
fluctuations in the volume of transactions. As discussed in paragraph 608.4, the auditor does not draw an immediate
conclusion about the operating effectiveness of a control (and, thus, the existence of an identified deficiency) when a
deviation is detected. Instead, the auditor determines whether the entity has another strong control, or a combination of
effectively operating controls, that achieve the same control objective as the weak or ineffectively operating control that gave
rise to the deviation. In that case, the auditor might conclude that there is no identified deficiency.
1814.7 Therefore, before concluding on the existence of an identified deficiency, the auditor needs to understand the cause
of the deviation and its potential effect on the financial statements by making specific inquiries of management. Ordinarily, the
auditor discusses the relevant facts and circumstances related to the potential deficiency with the appropriate level of
management. In most cases, that includes management personnel who are familiar with the internal control area affected and
who have the authority to take remedial actions. In certain circumstances, however, it might not be appropriate for the auditor
to discuss the findings directly with management. For example, certain findings might cause the auditor to believe that (a)
there is evidence of fraud or intentional noncompliance with laws and regulations by management or (b) management is
unable to oversee the preparation of adequate financial statements, which may raise doubts about managements
competence. In those circumstances, it generally would not be appropriate for the auditor to communicate such deficiencies
directly to management.
15(120)
1814.8 When discussing the facts and circumstances surrounding the auditors findings with management, the auditor may
obtain information that is relevant to his determination, including:
The actual or suspected cause of the deficiency.
Exceptions or deviations arising from the deficiency (for example, a misstatement that was not prevented by the
relevant IT controls).
A preliminary indication of managements response to the auditors findings.
1814.9 This information also may prove helpful to the auditor when evaluating the severity of identified deficiencies and
communicating relevant information about identified control deficiencies to management and those charged with governance.
Finally, such a discussion provides the auditor with an opportunity to alert management, on a timely basis, to the existence of
previously unknown deficiencies. (The Control Deficiency Comment and Management Point Development Worksheet at
ASB-CX-15.2 may be used to document relevant information relating to identified control deficiencies.)
1814.10 Examples of Deficiencies. A control deficiency may be either a deficiency in design or a deficiency in operation. A
deficiency in design exists when a control necessary to meet the control objectives is missing or an existing control is not
properly designed so that, even if the control operates as designed, the control objective would not be met. A deficiency in
operation exists when a properly designed control does not operate as designed or the person performing the control does
not possess the necessary authority or competence to perform the control effectively.
1814.11 Exhibit 18-21 lists examples from AU-C 265.A37 for both deficiencies in design and deficiencies in operation. While
AU-C 265 distinguishes between the two types of control deficiencies, there is no requirement to indicate in the
communication to management and those charged with governance which are deficiencies in design and which are
deficiencies in operation.
Exhibit 18-21
Examples of Circumstances That May Be Control Deficiencies, Significant Deficiencies,
or Material Weaknesses
Deficiencies in the Design of Controls
Inadequate design of internal controls over the preparation of financial statements.
Inadequate design of a control over a significant account or process.
Inadequate documentation of the internal control components.
Insufficient control consciousness within the organization, e.g., the tone at the top and the control environment.
Absent or inadequate segregation of duties within a significant account or process.
Absent or inadequate controls over the safeguarding of assets (if those controls would be necessary for effective
internal control over financial reporting).
Inadequate design of IT general and application controls that prevent the information system from providing complete
and accurate information consistent with financial reporting objectives and current needs.
Employees or management lack the qualifications and training to fulfill their assigned functions (for example, the
person responsible for the accounting and reporting function lacks the skills and knowledge to apply GAAP in
recording transactions or preparing the financial statements).
Inadequate design of monitoring controls used to assess the design and operating effectiveness of internal control
over time.
The absence of an internal process to report internal control deficiencies to management on a timely basis.
An indication that significant transactions in which management is financially interested are not being appropriately
scrutinized by those charged with governance or other evidence that certain aspects of the control environment
are ineffective.
Failure of management to identify a risk of material misstatement that the auditor would expect the entitys risk
assessment process to have identified or other evidence that the entitys risk assessment process is ineffective.
Absence of controls over a significant identified risk or other evidence of an ineffective response to significant risks that
have been identified.
Absence of a risk assessment process when such a process would ordinarily be expected to have been established.
Failures in the Operation of Controls
Failure in the operation of effectively designed controls over a significant account or process (for example, the failure
of a control requiring dual authorization for significant disbursements).
Failure of the information and communication component of internal control to provide complete and accurate output
because of deficiencies in timeliness, completeness, or accuracy (for example, the failure to obtain timely and
accurate consolidating information from remote locations).
Failure of controls designed to safeguard assets from loss, damage, or misappropriation. [This circumstance may
need careful consideration when it is evaluated as a significant deficiency or material weakness. For example,
assume that a company uses security devices to safeguard its inventory (preventive controls) and also performs
timely periodic physical inventory counts (detective control). Although a physical inventory count does not
safeguard inventory from theft or loss, it prevents a material misstatement of the financial statements if performed
effectively and timely. Therefore, because the definitions of material weakness and significant deficiency relate to
the likelihood of misstatement of the financial statements, the failure of a preventive control such as inventory tags
will not result in a significant deficiency or material weakness if the detective control (in this case, the physical
inventory) prevents a misstatement of the financial statements. A material weakness relating to controls over the
safeguarding of assets would exist only if the entity does not have effective controls (considering both
safeguarding and other controls) to prevent, or detect and correct, a material misstatement of the financial
statements.]
Failure to reconcile significant accounts (for example, accounts receivable subsidiary ledgers are not reconciled to the
general ledger account in a timely or accurate manner).
Undue bias or lack of objectivity by those responsible for accounting decisions, for example, expenses are
consistently understated at the direction of management.
Misrepresentation by the client to the auditor (an indicator of fraud).
Management override of controls.
Failure of an application control caused by a deficiency in the design or operation of an IT general control.
An observed deviation rate that exceeds the number of deviations expected by the auditor in a test of the operating
effectiveness of a control. For example, if the auditor designs a test in which he or she selects a sample and
expects no deviations, the finding of one deviation is a nonnegligible deviation rate because, based on the results
of the auditors test of the sample, the desired level of confidence was not obtained.
* * *
Evaluating Identified Deficiencies
1814.12 If the auditor has identified one or more deficiencies in internal control, AU-C 265.09 states that the auditor should
evaluate each deficiency to determine, on the basis of the audit work performed, whether, individually or in combination, they
constitute significant deficiencies or material weaknesses. Auditors should evaluate control deficiencies individually and in
combination with other deficiencies affecting the same significant account balance or disclosure, relevant assertion, or
component of internal control. This is because multiple control deficiencies that affect the same financial statement account
balance or disclosure, relevant assertion or component of internal control increase the likelihood of misstatement and may, in
combination, constitute a significant deficiency or material weakness even though they are individually insignificant.
1814.13 If the auditor determines that a deficiency, or a combination of deficiencies, in internal control is not a material
weakness, AU-C 265.10 states that the auditor should consider whether prudent officials, having knowledge of the same facts
and circumstances, would likely reach the same conclusion. Considering the views of a prudent official is discussed
1814.14 Indicators of Material Weaknesses. AU-C 265 states that the following are indicators of a material weakness:
Identification of fraud, whether or not material, on the part of senior management.
Restatement of previously issued financial statements to reflect the correction of a material misstatement due to
error or fraud.
Identification by the auditor of a material misstatement of the financial statements in circumstances indicating that
the misstatement would not have been detected by the entitys internal control.
Ineffective oversight of the entitys financial reporting and internal control by those charged with governance.
1814.15 While AU-C 265 identifies the factors described in the preceding paragraph only as indicators of material
weaknesses, the authors believe auditors generally would consider such deficiencies material weaknesses. For that reason,
many auditors begin the evaluation process by determining whether any of the deficiencies identified during the audit are
indicators of a material weakness.
1814.16 AU 325.08 provides guidance on evaluating the severity of an identified deficiency, stating that it depends on:
The magnitude of the potential misstatement resulting from the deficiency or deficiencies and
Whether there is a reasonable possibility that the entitys controls will fail to prevent, or detect and correct, a
misstatement of an account balance or disclosure. A reasonable possibility exists when the chance of the future
event or events occurring is more than remote.
1814.17 Factors Affecting the Magnitude of a Potential Misstatement. While AU-C 265 discusses evaluating the
magnitude of a potential misstatement, it is really dealing with whether an identified deficiency could result in a misstatement
that is material to the financial statements. Determining what is material to the financial statements is one of the most difficult
parts of applying AU-C 265.
1814.18 If a factual misstatement has occurred, it obviously is easier for the auditor to evaluate the severity of an identified
control deficiency since the amount of the misstatement is known. In that instance, however, it is still necessary to evaluate
whether the control deficiency could result in additional misstatements. In many cases, though, the auditor will be evaluating
only a potential misstatement. According to AU-C 265.A6, factors that affect the magnitude of a misstatement that might result
from a deficiency, or deficiencies, in internal control, include, but are not limited to, the following:
The financial statement amounts or transaction totals exposed to the deficiency.
The volume of activity (in the current period or expected in future periods) in the account or class of transactions
exposed to the deficiency.
1814.19 Generally, the most an account balance or transaction total could be overstated is the recorded amount. Potential
understatement, however, is not limited to the recorded amount. For instance, if there is a control deficiency related to
segregation of duties over accounts receivable, and the recorded amount is $250,000, that is the most accounts receivable
could be overstated. However, accounts receivable potentially could be understated by any amount because an unlimited
amount of receivables could have been misappropriated due to the segregation of duties deficiency.
1814.20 Other than the indicators of material misstatements discussed in paragraph 1814.19, AU-C 265 does not provide any
additional insight for determining the magnitude of a potential misstatement. However, as discussed beginning at paragraph
306.4, Statement of Financial Accounting Concepts (SFAC) No. 8, Conceptual Framework for Financial ReportingChapter 1,
The Objective of General Purpose Financial Reporting, and Chapter 3, Qualitative Characteristics of Useful Financial
Information, recognizes that qualitative, as well as quantitative factors, can influence an auditors materiality judgments.
1814.21 AU-C 320, Materiality in Planning and Performing an Audit, elaborates on that guidance in AU-C 320.A12, which
provides the following examples of circumstances that might cause a misstatement to be material, even when the amount falls
below the materiality threshold:
Whether laws or regulations affect users expectations about how certain information should be measure or
disclosed (for example, related party transactions and the remuneration of management and those charged with
governance)
The key disclosures with regard to the industry in which the entity operates (for example, research and development
costs for a pharmaceutical company)
Whether attention is focused on a particular aspect of the entitys business that is separately disclosed in the
financial statements (for example, a newly acquired business).
1814.22 In addition to those circumstances, the authors believe auditors also could consider circumstances such as the
following when evaluating the magnitude of a potential misstatement caused by an identified control deficiency, including
whether the deficiency:
While immaterial to the entitys net income for the current period, is material to the overall trend of earnings (for
example, a misstatement that reverses a downward trend of earnings or changes a loss into income).
Results in events or circumstances that could materially affect the financial statements. For example, an illegal
payment of an otherwise immaterial amount might be material if it could lead to a material contingent liability or a
material loss of revenue. In addition, some misstatements, although not individually significant, may be pervasive to
the financial statements (that is, misstatements that affect numerous financial statement amounts, subtotals, or
totals).
Masks a change in earnings or other trends, especially in the context of general economic conditions.
Has an affect on the entitys compliance with loan covenants, other contractual agreements, or regulatory provisions
(for example, a misstatement that would reveal a default under a debt covenant).
Affects an entitys investment in a joint venture, when the joint venture partners are users of the financial statements
under audit.
Is the result of fraud or suspected fraud. (In this case, the auditor should consider the implications of the
misstatement in relation to other aspects of the audit, as described in AU-C 240, Consideration of Fraud in a
Financial Statement Audit, even if the effect of the misstatement is not material to the financial statements.)
16(121)
Affects professional fees, if the auditor is concerned that there is an inadequate understanding of the clients
litigation exposure and the identity of all attorneys engaged during the period.
Affects material disclosures related to a small account balance. (For example, a joint venture investment might be
small at the balance-sheet date, but a subsequent events note might indicate a subsequent major investment in that
joint venture project that holds the key to the clients future success.)
1814.23 In summary, the auditor needs to draw on the knowledge and understanding of the client to identify all of the
qualitative factors that might influence the auditors judgment about the magnitude of a potential misstatement and, thus,
judgments about the severity of an identified control deficiency. Finally, it is important for the auditor to recognize that
qualitative considerations are used only to determine whether the auditors final judgment about the severity of an identified
control deficiency is greater than, but never lower than, the auditors preliminary judgment.
1814.24 Finally, the authors encourage auditors to remember that the magnitude of a potential misstatement discussed in
AU-C 265 affects only whether a deficiency is communicated to management and those charged with governance. Unlike
judgments about materiality, which can affect whether a clients financial statements are fairly presented (and, thus, the
auditors opinion on those statements), the auditors judgment about the magnitude of a potential misstatement affects only
whether the auditor is required to communicate the identified deficiency to the client. Therefore, when in doubt about the
severity of a control deficiency, the authors recommend the auditor communicate it to the client.
1814.25 Factors Affecting Whether There is a Reasonable Possibility of a Misstatement.
17(122)
As discussed at
paragraph 1814.16, a reasonable possibility exists when the chance of the future event or events occurring is more than
remote. AU-C 265.A8 lists a number of risk factors that may affect whether there is a reasonable possibility that a deficiency,
or a combination of deficiencies, in internal control will result in a misstatement of an account balance or disclosure. Those
factors include, but are not limited to, the following:
The nature of the accounts, classes of transactions, disclosures, and assertions involved (for example, suspense
accounts or transactions with related parties may present more risk).
Susceptibility of the related assets or liabilities to loss or fraud.
The complexity, subjectivity, or extent of judgment needed to determine the amount involved.
The relationship and interaction of the control with other controls.
Interaction of the control deficiency with other control deficiencies.
Possible future consequences resulting from the deficiency.
The importance of the controls to the financial reporting processfor example, whether the deficiency involves
general monitoring controls (such as oversight of management) or controls over:
The prevention and detection of fraud
The selection and application of significant accounting policies
Significant transactions with related parties
Significant transactions outside the entitys normal course of business
The period-end financial reporting process (such as controls over nonrecurring journal entries)
1814.26 PPCs Process for Evaluating the Severity of Deficiencies. In summary, when evaluating the severity of an
identified control deficiency under AU-C 265, the authors believe most auditors will begin by considering whether an identified
deficiency is considered a material weakness. If not, they will consider its severity to determine whether to communicate it to
management and others as a significant deficiency. Specifically, the authors believe the process will be as follows:
For an identified deficiency, determine whether it is a material weakness by considering whether (a) the magnitude
of the potential misstatement could result in a material misstatement to the financial statements and (b) it is at least
reasonably possible that the misstatement would not be prevented, or detected and corrected, on a timely basis by
the entitys internal controls.
For an identified deficiency not considered a material weakness, consider whether the deficiency is important
enough to merit attention by management and those charged with governance as a significant deficiency. When
making this evaluation, consider whether a prudent official with knowledge of the same facts and circumstances
would likely reach the same conclusion. (The views of a prudent official are discussed beginning at paragraph
1814.30.)
Combine individual deficiencies affecting the same account balance or disclosure, relevant assertion, or component
of internal control and evaluate whether they are considered either a significant deficiency or a material weakness.
(Combining individual deficiencies is discussed further beginning at paragraph 1814.27.)
Finally, for other deficiencies in internal control not communicated as either material weaknesses or significant deficiencies,
the auditor needs to consider whether to communicate them to management in accordance with the requirement in AU-C
265.12(b). Communicating other deficiencies in internal control is discussed beginning at paragraph 1814.65.
Combination of Identified Deficiencies
1814.27 As previously discussed, in addition to evaluating the severity of individual control deficiencies identified during the
audit, AU-C 265.09 states that the auditor should evaluate whether deficiencies are considered to be material weaknesses or
significant deficiencies when combined with other deficiencies affecting the same account balance or disclosure, relevant
assertion, or component of internal control.
1814.28 To illustrate, assume an auditor considers several control deficiencies in and of themselves insignificant and, thus,
only a control deficiencies. If those control deficiencies were related, however (for example, they all related to the same
account balance), the requirement in AU-C 265 to combine control deficiencies might cause the auditor to consider them a
significant deficiency or material weakness. Exhibit 18-22 provides examples of how an auditor might multiple deficiencies
identified during the audit to evaluate whether they rise to the level of a material weakness or a significant deficiency.
Exhibit 18-22
Examples of Combination of Multiple Deficiencies That Combine to a Material Weakness
The auditor has identified the following control deficiencies and concluded that, individually, each of the deficiencies is
a significant deficiency:
Several accounts receivable transactions were not properly recorded in the subsidiary ledger (the transactions were
not material, either individually or in the aggregate).
Account balances affected by the improperly recorded accounts receivable transactions were not reconciled on a
timely basis.
The company has inadequate segregation of duties over IT access controls related to the accounts receivable and
billing function.
Because each of the significant deficiencies affects the same account (accounts receivable), the deficiencies, when
considered together, represent a reasonable possibility that a material misstatement could occur and not be prevented
or detected or corrected. Thus, the auditor likely would conclude that, in combination, the significant deficiencies
represent a material weakness.
In another example, assume an auditor identified several control deficiencies that relate to a specific component of
internal control instead of to a specific account balance or disclosure. Three control deficiencies relate to the entitys
lack of adequate reviews and approvals. While each of these control deficiencies relate to different account balances,
they all relate to the monitoring component of internal control. Thus, even though the auditor determined that
individually each deficiency was only a control deficiency, the requirement in AU-C 265 to combine control deficiencies
by internal control component might cause the auditor to consider them a significant deficiency or even a material
weakness.
* * *
1814.29 As discussed further at paragraph 1814.33, the Control Deficiency Evaluation Worksheet at ASB-CX-15.1 has been
designed to assist the auditor with the summarization and evaluation of control deficiencies identified during the audit.
Prudent Official Test
1814.30 AU-C 265 requires auditors to consider whether a prudent official with knowledge of the same facts and
circumstances would likely reach the same conclusion. In other words, would a prudent official, with knowledge of the facts
and circumstances, other controls tested, and the likelihood and magnitude of potential misstatement, agree with the
auditors conclusion that the deficiency is not a material weakness? Stated more simply, would a prudent official with
knowledge of the same facts and circumstances agree with the auditors classification of the control deficiency?
1814.31 From a practical standpoint, the authors believe the auditors consideration of whether a prudent official would
agree with the auditors classification of a control deficiency depends, at least to some extent, on the nature of the clients
business and the needs of the users of the financial statements. In a regulated environment, evaluating the severity of the
deficiency through the eyes of a regulator might be the most practical approach. For instance, an auditor of a financial
institution should generally evaluates the severity of control deficiencies by considering the views of a more cautious
regulator. In some instances, that might lead the auditor to a more conservative classification of a control deficiency than the
auditor would make for a client that operates in a nonregulatory environment. However, an auditor of a small manufacturing
company, which is not concerned with regulatory issues, might consider instead whether an experienced business person or
another practitioner would agree with the auditors classification of the control deficiency, given the same facts and
circumstances. PPCs Guide to Internal Control Communications discusses this issue further.
1814.32 Finally, it is important to understand that the prudent official test is used only to gauge whether the auditors final
judgement about the severity of a control deficiency is greater than, but never lower than, the auditors preliminary judgment.
Control Deficiency Evaluation Worksheet
1814.33 The Control Deficiency Evaluation Worksheet at ASB-CX-15.1 has been designed to help auditors summarize and
evaluate whether control deficiencies, either individually or in combination, are significant deficiencies or material
weaknesses. The form requires the auditor to begin by listing all identified control deficiencies and the significant account or
disclosure, relevant assertion, or internal control component to which they relate. The form then walks the auditor through
PPCs process for evaluating the severity of identified control deficiencies under AU-C 265. Because AU-C 265 also requires
auditors to combine control deficiencies when evaluating whether they are significant deficiencies or material weaknesses, the
form enables the auditor to document that conclusion.
Control Deficiency Comment and Management Point Development Worksheet
1814.34 Auditors also may find the Control Deficiency Comment and Management Point Development Worksheet at
ASB-CX-15.2 helpful when developing information about a control deficiency for communication to management and those
charged with governance. The auditor may complete that form for each control deficiency identified, even if a deficiency is not
determined to be a significant deficiency or material weakness. In addition to documenting all of the important elements of the
control deficiency, the form also allows the auditor to document with whom the control deficiency was discussed and whether
it will be communicated to management and those charged with governance.
Practice Issue #1Can the Auditor Draft the Financial Statements?
1814.35 AICPA staff have indicated that some auditors may be misunderstanding important concepts underlying AU-C 265.
Among these misunderstandings is the belief that the auditors drafting of the financial statements automatically results in a
material weakness. Asking the auditor to draft the financial statements does not cause a control deficiency. However, it may
be the result of a control deficiency. The intent of AU-C 265 is not to prevent auditors from drafting the clients financial
statements. Instead, the issue to be considered when determining if a significant deficiency or material weakness exists is
whether the client is capable of preparing the financial statements and has the skills and competencies necessary to prevent,
or detect, and correct, a material misstatement.
1814.36 A system of internal control over financial reporting does not stop at the general ledger. It includes controls over
financial statement preparation, including note disclosures. A control deficiency exists when the client does not have controls
over preparation of the financial statements that would prevent, or detect and correct, a misstatement in the financial
statements. If the client is not capable of drafting the financial statements and lacks the skills and competencies to prevent, or
detect and correct, a misstatement, the client has a control deficiency that is probably a material weakness. The auditor can
still prepare the financial statements but the material weakness should be communicated to management and those charged
with governance. The fact that the auditor drafts the financial statements may mean they are correct, but it does not eliminate
the control deficiency.
1814.37 Stated another way, an auditor cannot be considered part of the clients internal control. Thus, controls over the
financial statement preparation function that exist in the auditors firm cannot be considered. Only controls that the client has
in place can be considered in determining whether there is a control deficiency and its severity. (However, a CPA firm other
than the auditors firm can be part of the clients internal control, and those controls could be considered.)
1814.38 It is important for the client to know that even if the auditor drafts the financial statements and the related notes, the
client remains responsible for them. The authors recommend that the auditor clearly communicate to management and those
charged with governance that the financial statements are the responsibility of management. Further, management and those
charged with governance need to be made aware of the possible consequences of not correcting control deficiencies.
1814.39 Another way of looking at this issue is to consider whether the client has sufficient knowledge to identify a material
misstatement in auditor-prepared financial statements. If the auditor gave financial statements to a client knowing that they
contained material errors, would the client have controls in place that would detect those misstatements? For example, would
the client recognize a misstatement in the tax accrual, identify an error in the classification of long-term debt on the balance
sheet, or notice that an important disclosure has been omitted from the notes to the financial statements? If the answer to
questions such as these is no, then the authors believe the client lacks the skills and competencies to prevent, or detect and
correct a misstatement and, therefore, has a control deficiency that is probably a material weakness.
1814.40 It is important to distinguish between the auditors responsibilities under the AICPA Ethics Rules and the auditing
standards. Ethics Rule 101 requires independence in the performance of an audit. According to Ethics Interpretation 101-3,
Performance of Nonattest Services, before auditors perform nonattest services, they should determine that the requirements
of 101-3 have been met. Paragraphs beginning at 202.34 discuss Interpretation 101-3 in further detail.
1814.41 The determination of auditor independence is totally separate from the evaluation of whether there is a control
deficiency. Even though the auditor can prepare financial statements and maintain independence under the ethics rules, there
could be a control deficiency. It is important to note that there are two different levels of understanding of accounting and
financial reporting required by AU-C 265 and Interpretation 101-3. Under AU-C 265, the issue to be considered is whether the
client is capable of performing accounting functions and preparing the financial statements and has the skills and
competencies necessary to prevent, or detect and correct, a misstatement. Under Interpretation 101-3, the auditor may assist
management in performing management functions or making management decisions if they meet certain criteria. Among
those criteria, Interpretation 101-3 allows clients to designate an individual who possesses suitable skill, knowledge, or
experience, preferably within senior management, to oversee nonattest services. Possessing suitable skill, knowledge, or
experience to oversee a service requires a lower level of technical knowledge than the competence criteria in AU-C 265.
1814.42 Under Ethics Interpretation 101-3, establishing and maintaining (or functioning as) the clients internal controls would
impair the auditors independence. However, proposing journal entries or preparing the clients financial statements would not
automatically impair independence. As a practical matter, small businesses typically view proposing journal entries and
preparing financial statements as part of the audit, and, based on implementation guidance published by the AICPA
Professional Ethics Executive Committee (PEEC) in 2004 and 2005, the authors believe it is clear that PEEC did not intend for
Interpretation 101-3 to require viewing those services as separate from the audit. Thus, proposing journal entries and
preparing financial statements in connection with an audit would not impair independence.
1814.43 Determining whether a control deficiency exists and whether it is a significant deficiency or a material weakness is
subjective and often may be a difficult judgment call. There are many gray areas requiring professional judgment. The authors
believe that auditors cannot draw a hard line on what constitutes a significant deficiency or a material weakness. Instead,
auditors should evaluate the facts and circumstances specific to each situation. Exhibit 18-23 illustrates three situations in
which an auditor assists with the financial statements. (These examples are adapted from the AICPA Audit Risk Alert,
Communicating Internal Control Related Matters in an AuditUnderstanding SAS No. 115.) Each illustration provides
guidance on the auditors consideration of whether the situation indicates a control deficiency, significant deficiency, or a
material weakness.
Exhibit 18-23
Evaluation of Whether Assistance with the Financial Statements is a Control Deficiency,
Significant Deficiency, or Material Weakness
In each of the following situations, the auditor posts client-approved adjusting entries to the trial balance and assists in
drafting the financial statements from the trial balance. The auditor is not responsible for preparing or approving
adjusting entries except as discussed.
Example 1Auditor Proposes Material Adjustment
The clients accounting manager is technically competent and is able to prepare the financial statements. However, the
auditor maintains the companys depreciation schedules using prepackaged software and each year provides the
accounting manager with a detailed schedule of depreciation, gain/loss calculations, and year-end fixed assets. The
accounting manager supervises and takes responsibility for the auditors depreciation work. In most years, the
accounting manager, using the depreciation schedules, provides the auditor with the year-end adjustment unless the
adjustment had already been made to the general ledger. However, this year the accounting manager is busier than
usual and asks the auditor to calculate the year-end depreciation adjustment. The adjustment is material to the
Because the auditor proposes the adjustment, he or she should consider whether there is a control deficiency. The
auditor will first consider the probability that a misstatement would occur and not be detected. Because an auditor
cannot be part of a clients internal controls, the auditor cannot take into account the controls over the calculation that
exist in his firm. Thus, only the controls the client has in place can be considered. Based only on these facts, the
auditor might conclude that the client has the competency to perform the accounting function but has chosen to
outsource the depreciation function this year. Therefore, since the client is reviewing and taking responsibility for the
depreciation calculations, and has the skills and competencies to prevent, or detect and correct, a misstatement, the
auditor concludes that there is not a control deficiency. (If, however, the client were not able to prevent, or detect and
correct, a misstatement, the auditor might conclude that there is a control deficiency.)
Example 2Auditor Assists in Drafting the Financial Statements
The clients controller asks the auditor to assist in drafting the financial statements, including the footnotes. Before
signing the management representation letter, the controller reviewed and approved the financial statement grouping
schedules and calculations of note disclosure amounts. The controller also reviewed the disclosures and determined
they were complete and proper. Also, both the controller and the owner have read, revised, and approved the financial
statements.
Based only on these facts, there does not appear to be a control deficiency. However, the auditor needs to consider
the controllers competency and expertise and whether the clients controls are designed appropriately and operating
effectively. If, in the auditors judgment, the controller and owner have the necessary accounting expertise to prevent,
or detect and correct a potential misstatement in the financial statements or notes, this is not a control deficiency.
However, if the auditor concludes that the controller and owner lack the expertise to detect a misstatement, then the
lack of expertise would be considered a control deficiency that would need to be evaluated to determine if it is a
significant deficiency or material weakness.
Example 3Bookkeeper Lacks Sufficient Financial Expertise
The clients bookkeeper records cash receipts and disbursements and prepares adjusting entries needed to record
accounts receivable and payable at year end. The bookkeeper prepares draft financial statements, including note
disclosures, using a format originally provided by the auditor. During the year, the bookkeeper recorded monthly
payments on a new equipment lease but did not evaluate whether the lease should be capitalized. During the audit, the
auditor determined that the lease should be capitalized and that it is material. The auditor also learned that the
equipment was damaged in a fire shortly before year end and that insurance proceeds covered only a portion of the
damages. The financial statements do not reflect the fixed asset or related liability, or the expense and liability for
damages in excess of the companys insurance.
Based only on these facts, the auditor would determine that there is a control deficiency because the Companys
controls did not prevent, or detect and correct, the misstatements in the financial statements. The company does not
have staff with sufficient expertise to properly analyze the lease and record the fixed asset acquisition. Further, the
bookkeeper did not have sufficient accounting knowledge to realize that she needed help to record the transactions.
Because the auditor identified the misstatement, the likelihood that the financial statements are misstated is reasonably
possible. Because the auditor identified a material misstatement, the deficiency that caused it would be considered a
material weakness. (If the bookkeeper had called the auditor for guidance on how to account for the transactions
before recording them, the auditors conclusion may have been different. A discussion with a client about a technical
issue does not necessarily indicate a control deficiency. The clients ability to detect a potential misstatement and gain
necessary competence are factors the auditor would consider in the evaluation.)
* * *
Practice Issue #2Auditor Identifies a Material Misstatement
1814.44 During the course of an audit, an auditor might identify (and propose adjustments to correct) any number of errors,
some of which may be material to the entitys financial statements. As discussed in paragraph 1814.14, AU-C 265 states that
the auditors identification of a material misstatement of the financial statements in circumstances that indicate that it would
not have been identified by the entitys internal control is a strong indicator of a material weakness. Therefore, whenever the
auditor identifies a material misstatement in the financial statements, he or she should evaluate whether the control deficiency
that allowed the misstatement to occur represents a material weakness or a significant deficiency. Exhibit 18-24 illustrates a
situation in which the auditor identifies material misstatements in the financial statements.
Exhibit 18-24
Auditor Identifies Material Misstatements
The client experienced significant turnover of personnel during the year and at year end (and for much of the year),
there was no one on staff with sufficient knowledge to correctly prepare GAAP-based financial statements. As a result,
the financial statements contained numerous errors and the auditor proposed several adjustments to the accounting
records subsequent to the start of the audit. Material adjustments included the recording of prior year audit
adjustments and writing off uncollectible receivables. Several other adjustments were made to correct immaterial
errors.
The auditor determined that the clients internal control is focused primarily on achieving effective and efficient
operations (i.e., performance and mission goals and safeguarding of resources). However, the controls over reliable
financial reporting contain certain deficiencies. Specifically, a key element of financial reporting is the ability of
management to select and apply appropriate accounting principles to prepare financial statements in accordance with
GAAP. However, the client had no one on staff with sufficient knowledge to prepare GAAP-based financial statements.
Therefore, the auditor believes it is probable that this control deficiency will not prevent and detect misstatements,
some of which may be material, from occurring (in fact, numerous material adjustments were needed because of
material misstatements the auditor identified in the financial statements). Thus, the auditor concluded this deficiency
would be considered a material weakness.
* * *
1814.45 If an auditor identifies a misstatement that is less than material, the authors believe the auditor also should evaluate
whether the control deficiency that allowed the misstatement to occur represents a control deficiency, a significant deficiency,
or a material weakness. If the auditor determines the control deficiency is, individually, or when combined with other
deficiencies, a significant deficiency or a material weakness, AU-C 265 states that the auditor should communicate such
deficiencies to the appropriate parties.
Communication of Identified Deficiencies
1814.46 Required Communications. AU-C 265.11 states that the auditor should communicate significant deficiencies and
material weaknesses identified during the audit in writing to those charged with governance.
1814.47 In addition, AU-C 265.12 states that the auditor also should communicate the following to management:
In writing, significant deficiencies and material weaknesses that the auditor has communicated or intends to
communicate to those charged with governance, unless it would be inappropriate to communicate directly to
management in the circumstances.
In writing or orally, other deficiencies in internal control identified during the audit that have not been communicated
to management by other parties and that, in the auditors professional judgment, are of sufficient importance to merit
managements attention. If other deficiencies in internal control are communicated orally, the auditor should
document the communication.
1814.48 Making such communications in writing reflects the importance of these matters and assists those charged with
governance in fulfilling their oversight responsibilities. AU-C 260, The Auditors Communication With Those Charged With
Governance, (AU-C 260.09) establishes relevant considerations regarding communication with those charged with
governance when all of them are involved in managing the entity.
1814.49 Significant Deficiencies and Material Weaknesses Remediated during the Audit. AU-C 265 clarifies that the
auditor should communicate in writing significant deficiencies and material weaknesses identified and remediated during the
audit. Assume, for instance, that an auditor identified certain significant control deficiencies while performing audit procedures
at an interim date. Because of the nature of the items identified, the auditor orally communicated them to management at the
end of the interim procedures, and management remediated the deficiencies before year end. Would the auditor have to
include such deficiencies in his or her written communication at year end? Yes, AU-C 265 clarifies that the auditor is still
required to include such significant deficiencies in the written communication at year end. That is because of the need to
inform users about the possibility that a misstatement may have occurred while the significant deficiency existed, even though
it has been corrected by year end. Of course, if management is preparing a written response to the auditors communication,
they may wish to include in the auditors communication a statement that the significant deficiency has been remediated by
year end. Dealing with managements written response in the auditors communication is discussed further beginning at
paragraph 1814.63.
1814.50 Significant Deficiencies and Material Weaknesses Previously Communicated (But Not Remediated). Although
management and those charged with governance already may be aware of significant deficiencies and material weaknesses
that the auditor has identified, they may have chosen not to remedy them because of cost or other considerations. The
responsibility for evaluating the costs and benefits of implementing remedial action rests with management and those
charged with governance. Accordingly, the requirements to communicate significant deficiencies and material weaknesses in
AU-C 265 apply, regardless of cost or other considerations that management and those charged with governance may
consider relevant in determining whether to remedy such deficiencies. Furthermore, the fact that the auditor communicated a
significant deficiency or material weakness to those charged with governance and management in a previous audit does not
eliminate the need for the auditor to repeat the communication in the current year if remedial action has not been taken yet.
AU-C 265.A20 states that the auditor may ask management or, when appropriate, those charged with governance, why the
significant deficiency or material weakness has not yet been remedied. A failure to act, in the absence of a rational
explanation, may in itself represent a significant deficiency or material weakness.
1814.51 If a previously communicated significant deficiency or material weakness remains, one option is for the auditor to
repeat in the current years written communication the description from the previous communication. In this case, the authors
believe there should be an indication that the same comments were made in prior communications. For convenience, such
comments may be presented separately from new comments under a heading such as Significant Deficiencies
Communicated in Prior Years. Prior-year comments typically are presented after new comments. Another option is for the
current years written communication to merely refer to the previously-issued communication and its date.
Contents of the Communication
1814.52 AU-C 265.12 states the auditor should provide a written communication of the significant deficiencies and material
weaknesses identified during the audit, and the communication should include the following items:
a. The definition of a material weakness and, when relevant, of a significant deficiency.
b. A description of the each significant deficiency and material weakness identified along with an explanation of their
potential effects.
c. Sufficient information to allow those charged with governance and management to understand the context of the
communication. In particular, the auditors communication should include elements to explain that:
(1) The purpose of the audit was for the auditor to express an opinion on the financial statements.
(2) The audit included consideration of internal control over financial reporting in order to design audit procedures
that are appropriate in the circumstances but not for the purpose of expressing an opinion on the effectiveness
of internal control.
(3) The auditor is not expressing an opinion on the effectiveness of internal control.
(4) The auditors consideration of internal control was not designed to identify all deficiencies in internal control
that might be material weaknesses or significant deficiencies, and therefore, material weaknesses or significant
deficiencies may exist that were not identified.
d. A paragraph restricting the use of the communication to management, those charged with governance, others within
the organization, and any governmental authority to which the auditor is required to report, in accordance with AU-C
905, Restricting the Use of an Auditors Report.
1814.53 When explaining the potential effects of the significant deficiencies and material weaknesses, it is not necessary for
the auditor to quantify those effects. In fact, the potential effects may be described in terms of (a) the control objectives that
might not be achieved; (b) the types of errors the control was designed to prevent, or detect and correct; or (c) the risk(s) of
misstatement that the control was designed to address. In some cases, the potential effects may be evident from the
description of the significant deficiencies or material weaknesses, and therefore no further explanation would be necessary.
1814.54 When preparing the written communication, the auditor may decide to group significant deficiencies or material
weaknesses together. The auditor also may include in the written communication suggestions for remedial action on the
deficiencies, managements actual or proposed responses, and a statement about whether the auditor has undertaken any
steps to verify whether managements responses have been implemented. The auditor also may decide to include in the
communication the following information as additional context:
The general inherent limitations of internal control, including the possibility of management override of controls.
The specific nature and extent of the auditors consideration of internal control during the audit.
1814.55 Level of Detail Included in Written Communication. The auditor should use professional judgment when
determining the level of detail at which to communicate significant deficiencies and material weaknesses. When making that
determination, AU-C 265.A18 states that the auditor may consider the following factors:
a. The Nature of the Entity. For example, the level of detail in a communication for a governmental entity may differ from
that required for a communication to a nongovernmental entity.
b. The Size and Complexity of the Entity. For example, the level of detail in a communication required for a complex
entity may differ from that required for an entity that operates a simple business.
c. The nature of significant deficiencies and material weaknesses the auditor has identified.
d. The Entitys Governance Composition. For example, more detail may be needed if those charged with governance
include members who do not have significant experience in the entitys industry or in the affected areas.
e. Legal or regulatory requirements regarding the communication of specific types of deficiencies in internal control.
Timing of the Communications
1814.56 AU-C 265.13 states that the auditor should make the required communications no later than 60 days following the
report release date. (The report release date is defined in AU-C 230, Audit Documentation, as the date the auditor grants the
entity permission to use the auditors report in connection with the financial statements. In many cases, the report release date
will be the date the auditor delivers the report to the client.) Despite the requirement to make these communications no later
than 60 days following the report release date, AU-C 265.A16 states that the communication is best made by the report
release date because early communication of identified deficiencies may be an important factor in enabling those charged
with governance to discharge their oversight responsibilities. Nevertheless, because the auditors written communication of
significant deficiencies and material weaknesses forms part of the final audit file, the written communication is subject to the
overriding requirement in AU-C 260.16 for the auditor to complete the assembly of the final audit file on a timely basis, no later
than 60 days following the report release date.
1814.57 AU-C 265.A17 clarifies that early communication of significant deficiencies and material weaknesses to those
charged with governance or management is important for some matters because of their relative significance and the urgency
for corrective follow-up action. Regardless of the timing of the written communication, the auditor may first communicate
these matters orally to management and, when appropriate, to those charged with governance to assist them in taking timely
remedial action to minimize the risks of material misstatement. However, communicating the matters orally does not relieve
the auditor of the responsibility to communicate the significant deficiencies and material weaknesses in writing as required by
AU-C 265.
Reporting When There Are No Significant Deficiencies
1814.58 AU- C 265.16 precludes auditors from issuing a written communication stating that no significant deficiencies were
identified during the audit because the potential for such a communication to be misunderstood or misused. (Paragraphs
beginning at 1814.60 discuss reporting when there are no material weaknesses.)
1814.59 If there are no significant deficiencies, less serious control deficiencies may still exist. As discussed beginning at
paragraph 1814.65, AU-C 265.12(b) states that the auditor should communicate, in writing or orally, other deficiencies in
internal control that (a) have not been communicated to management by other parties, and (b) are of sufficient importance to
merit managements attention in the auditors professional judgment.
Reporting When There Are No Material Weaknesses
1814.60 Those charged with governance or management may request the auditor to provide a written communication
indicating they identified no material weaknesses during the audit.
18(123)
Such a written communication does not provide
any assurance about the effectiveness of an entitys internal control over financial reporting; however, AU-C 265 does not
preclude the auditor from issuing such a communication.
19(124)
(As previously discussed, however, AU-C 265 does
preclude the auditor from issuing a written communication stating that no significant deficiencies were identified.)
1814.61 If the auditor agrees to issue a written communication indicating no material weaknesses were identified during the
audit, AU-C 265.15 states that the written communication should include the matters required by AU-C 265.14(a), (c) and (d).
The illustrative communication at ASB-CL-4.3 includes those required matters, among others.
Illustrative Communications
1814.62 The following may be used to communicate significant deficiencies and, when applicable, material weaknesses:
ASB-CL-4.1: Communication of Significant Deficiencies
ASB-CL-4.2: Communication of Significant Deficiencies and Material Weaknesses
ASB-CL-4.3: Communication of No Material Weaknesses in a Separate Report
Managements Response
1814.63 Management may prepare (or be required by a regulator to prepare) a written response to the auditors written
communication. Even if not required to do so, it may be to managements benefit to provide a written response in certain
circumstances depending upon the engagement and the users of the financial statements. Managements written response
might include, for example, a description of the corrective action taken, a discussion of plans to implement new controls, or
simply a statement indicating that management believes the cost of correcting a significant deficiency or material weakness
would exceed the benefits to be derived from doing so.
1814.64 If managements response is included in the same document as the auditors communication, the auditor may
disclaim an opinion on such information by adding a paragraph such as the following as the last paragraph of the auditors
communication:
ABC Companys written response to the significant deficiencies [and material weaknesses] identified in our
audit has not been subjected to the auditing procedures applied in the audit of the financial statements and,
accordingly, we express no opinion on it.
Other Internal Control Deficiencies
1814.65 During the audit, the auditor may identify other deficiencies in internal control that are not significant deficiencies or
material weaknesses but that may be of sufficient importance to merit managements attention. In fact, AU-C 265.12(b) states
that the auditor should communicate other deficiencies in internal control identified during the audit that (a) have not been
communicated to management by other parties and (b) in the auditors professional judgment, are of sufficient importance to
merit managements attention.
1814.66 The other internal control deficiencies discussed in this section include other, less severe control deficiencies that
the auditor wishes to communicate (in other words, those the auditor has concluded constitute only control deficiencies and
not material weaknesses nor significant deficiencies.) From a practical standpoint, many auditors already communicate such
other deficiencies in a separate section of their significant deficiency and material weakness letters of in a management
letter.
20(125)
An auditor also often includes in a management letter other matters, such as those that (1) management has
asked the auditor to communicate and (2) the auditor believes to be of potential benefit to the entity, such as
recommendations for operational or administrative efficiency or for improving internal control. When the auditor
communicates such deficiencies in internal control, AU-C 265.12 clarifies that a written communication is not required.
However, if the auditor decides to communicate the information orally, the standard states that the auditor should document
the communication in the workpapers. The Control Deficiency Comment and Management Point Development Worksheet at
ASB-CX-15.2 may be used to capture and document relevant information about such matters. If completed, it is also a good
way to document oral communications.
1814.67 If the auditor has communicated these matters to management in a prior period, but management has chosen not to
remedy them for cost or other reasons, the auditor is not required to repeat the communication in the current period. The
auditor also is not required to repeat information about such matters if the information has been previously communicated to
management by others such as internal auditors or regulators. However, the auditor may decide to recommunicate these
other deficiencies when there has been a change of management or when new information has come to the auditors
attention that alters the auditors and managements prior understanding regarding the deficiencies. Nevertheless, the auditor
should use professional judgment when determining whether managements failure to remedy other deficiencies in internal
control that were previously communicated is a significant deficiency requiring communication with those charged with
governance.
1814.68 In some circumstances, those charged with governance may request that the auditor also communicate information
about these other deficiencies in internal control to them as well as management. In this situation, the auditor may elect to
inform those charged with governance of the nature of the other deficiencies communicated, or may inform them when a
communication of other deficiencies has been made to management. In either case, the auditor may use professional
judgment to determine whether to communicate this information orally or in writing.
Additional Guidance on Communicating Internal Control Matters
1814.69 PPCs Guide to Internal Control Communications contains additional guidance on communicating internal control
related matters, including hundreds of illustrative comments about significant deficiencies and material weaknesses
categorized by significant account or disclosure and internal control component. The Guide can be ordered by calling
customer service at (800) 323-8724.
1815 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE
1815.1 Besides the communication of internal control matters (discussed in section 1814), the communication of fraud or
violations of laws and regulations (discussed in section 1816), and the communication about the entitys ability to continue as
a going concern (discussed in section 1807), the auditor should communicate certain other matters to those charged with
governance. AU-C 260, The Auditors Communication with Those Charged With Governance, establishes requirements and
provides guidance on the auditors communication with the individuals responsible for an entitys governance. The
communication requirements of AU-C 260 apply to all nonpublic entities, regardless of their governance structure or size.
However, specific considerations are provided for situations where all of those charged with governance are also involved in
managing the entity. AU-C 260 does not establish requirements for communication with management or owners unless they
are also charged with a governance role.
1815.2 The following paragraphs summarize the objectives and requirements for communication with those charged with
governance under the clarified standard AU-C 260, The Auditors Communication With Those Charged With Governance.
1815.3 The objectives of the auditor are to:
communicate clearly with those charged with governance are to,
clearly communicate the auditors responsibilities relative to the financial statement audit and an overview of the
planned scope and timing of the audit,
obtain information relevant to the audit from those charged with governance,
provide timely observations to those charged with governance resulting from the audit that are significant and
relevant to their responsibility to oversee the financial reporting process, and
promote effective two-way communication between the auditor and those charged with governance.
Exhibit 18-25
Requirements for the Auditors Communication with Those Charged with Governance
Requirements
a
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Determine the appropriate person(s) within the entitys governance
structure with whom to communicate.
AU-C 260.07 ASB-CL-5.1
ASB-CL-5.2
If communicating with a subgroup of those charged with governance,
such as the audit committee or an individual, determine whether
communication also needs to be made with the governing body.
AU-C 260.08 ASB-CL-5.1
ASB-CL-5.2
If required communications are made with one or more members of
management who also have governance responsibilities, the matters do
not need to be communicated again with the same person(s) in his or her
governance role, as long as the communication with the one or more
members of management adequately informs all of those who would
otherwise be communicated with in their governance capacity.
AU-C 260.09 ASB-CL-5.1
ASB-CL-5.2
Communicate with those charged with governance that (1) the auditor is
responsible for forming and expressing an opinion about whether the
financial statements prepared by management, under the oversight of
those charged with governance, are prepared, in all material respects, in
conformity with U.S. GAAP and (2) the audit of the financial statements
does not relieve management or those charged with governance of their
responsibilities.
ASB-CL-5.1
Communicate an overview of the planned scope and timing of the audit
with those charged with governance.
ASB-CL-5.1
Communicate with those charged with governance:
The auditors views about qualitative aspects of the entitys significant
accounting practices, including accounting policies, accounting
estimates, and financial statement disclosures and, when applicable:
Explain to those charged with governance why a significant
accounting practice that is acceptable under GAAP is not
considered the most appropriate in the particular circumstances
of the entity.
Determine that those charged with governance are informed
about the process used by management in formulating
particularly sensitive accounting estimates, including fair value
estimates, and about the basis for the auditors conclusions
regarding the reasonableness of those estimates.
Significant difficulties encountered during the audit.
Disagreements with management.
Other findings or issues arising from the audit that are significant and
AU-C 260.12 ASB-CL-5.2
Requirements
a
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
relevant to those charged with governance in carrying out their
responsibility to oversee the financial reporting process.
Communicate with those charged with governance (1) uncorrected
misstatements accumulated by the auditor and the effect they may have
on the auditors opinion and (2) the effect of prior period uncorrected
misstatements on the relevant transaction classes, account balances, or
disclosures, and on the financial statements as a whole. Separately
identify any material uncorrected misstatements and request that
uncorrected misstatements be corrected.
AU-C 260.13 ASB-CL-5.2
Unless all of those charged with governance are involved in management,
communicate (1) material, corrected misstatements brought to the
attention of management as a result of audit procedures, (2) significant
findings or issues arising from the audit that were discussed, or the subject
of correspondence, with management, (3) the auditors views about
significant accounting or auditing matters about which management
consulted with other accountants when the auditor is aware that such
consultation occurred, and (4) written representations requested of
management.
AU-C 260.14 ASB-CL-5.2
Communicate the form, timing, and expected general content of
communications with those charged with governance.
ASB-CL-5.1
Communicate in writing with those charged with governance significant
findings or issues from the audit when oral communication would not be
adequate. This communication does not need to include matters arising
during the audit that were communicated with those charged with
governance and satisfactorily resolved.
ASB-CL-5.2
When communicating in writing, indicate in the communication that it is
intended solely for the information and use of those charged with
governance and, if appropriate, management, and is not intended to be,
and should not be, used by anyone other than these specified parties.
AU-C 260.17 ASB-CL-5.1
ASB-CL-5.2
Make timely communication with those charged with governance. AU-C 260.18 ASB-CL-5.2
Evaluate whether there was adequate two-way communication between
the auditor and those charged with governance for the purpose of the
audit. If communication has not been adequate, evaluate the effect on the
auditors risk assessment and ability to obtain sufficient appropriate audit
evidence and take appropriate action.
AU-C 260.19 ASB-CX-14
When required communications are made orally, document them,
including when and with whom they were communicated. When matters
are communicated in writing, include a copy of the communication in the
audit documentation.
Note:
a
In addition to the requirements detailed in this exhibit that originate from AU-C 260, other AU-C sections contain
requirements for auditors to communicate with those charged with governance. See paragraph 1815.29 for further
information.
* * *
Identifying Those Charged with Governance
1815.5 AU-C 260 requires the auditor to communicate with those charged with governance in relation to a financial statement
audit. AU-C 260.06 defines those charged with governance as the persons or organizations with responsibility for overseeing
the strategic direction of the entity and the obligations related to the accountability of the entity. This includes overseeing the
financial reporting process. The authoritative guidance further states that those charged with governance may include
management personnel, such as executive members of a governance board or an owner-manager. The use of the phrase, or
organizations, is a revision to the definition under AU-C 260 and the authoritative guidance indicates that a corporate trustee
is one example of an organization that could serve as those charged with governance.
1815.6 In some nonpublic entities, the appropriate person(s) with whom to communicate may not be clearly identifiable. In
this situation, the auditor and the engaging party need to discuss and agree on who are the appropriate person(s) within the
governance structure. Also, if all those charged with governance are involved in managing the business, the auditor should
consider whether communication with the person(s) with financial reporting responsibilities adequately informs all of those
with whom the auditor would otherwise have to communicate because of their governance role.
1815.7 Many governing bodies have subgroups (e.g., audit committees or similar groups). The auditor should evaluate
whether communication with a subgroup of those charged with governance (or with an individual), adequately meets the
auditors responsibility to communicate with those charged with governance. When making this determination, the auditor
may want to consider matters such as:
The various responsibilities of the governing body and the subgroup.
The nature of matters to be communicated.
Relevant legal or regulatory requirements.
Whether the subgroup is authorized to act in relation to the information communicated.
Whether the subgroup can provide the auditor with further information and explanations.
Whether the auditor knows of any potential conflicts between the subgroup and other members of the governing
body.
Whether the auditor decides there is also a need to communicate the information, in full or summary form, to the
governing body. (Regardless of whether the auditor communicates with a subgroup, the auditor retains the right to
communicate with the governing body.)
Effective Two-way Communication
1815.8 One of the objectives stated in AU-C 260 (see paragraph 1815.3) is to promote effective two-way communication
between the auditor and those charged with governance. Furthermore, as discussed beginning at paragraph 1815.27, AU-C
260.19 requires the auditor to evaluate the adequacy of such two-way communication.
1815.9 Effective two-way communication assists both the auditor and those charged with governance to understand matters
related to the audit and develop a constructive working relationship. It also enables those charged with governance to fulfill
their responsibility to oversee the financial reporting process. Further, the auditor may be able to obtain important information
from those charged with governance that is relevant to understanding the client and its environment, identifying sources of
audit evidence, and obtaining information about specific events and transactions. See further discussion on the
communication process beginning at paragraph 1815.18.
Matters to Be Communicated
1815.10 Two of the objectives of AU-C 260 (see paragraph 1815.3) identify the types of matters to be communicated by the
auditor to those charged with governance. Those objectives indicate that the auditor is to (a) clearly communicate his or her
responsibilities regarding the audit, as well as an overview of the planned scope and timing of the engagement, and (b)
provide timely observations that are significant and relevant to the responsibility of overseeing the financial reporting process.
1815.11 AU-C 260.10.14 discusses the requirements that auditors should follow to achieve those objectives. The matters
that auditors are required to communicate to those charged with governance are listed below and further discussed in the
following paragraphs
a. Auditor Responsibility. The auditors responsibilities under generally accepted auditing standards.
b. Planned Scope and Timing of the Audit. An overview of the planned scope and timing of the audit.
c. Significant Findings from the Audit. The auditors views about findings or issues that the auditor considers to be
significant and relevant to those charged with governance regarding their oversight of the financial reporting
process.
d. Uncorrected Misstatements. Information regarding uncorrected misstatements should also be communicated.
1815.12 The Auditors Responsibilities under GAAS. AU-C 260.10 requires communication of the auditors responsibilities
under GAAS, including that (a) the auditor is responsible for forming and expressing an opinion about whether the financial
statements are presented fairly in accordance with GAAP and (b) the audit does not relieve management or those charged
with governance of their responsibilities. (These responsibilities may be communicated in the engagement letter if the
engagement letter is provided to those charged with governance.)
1815.13 The auditor is also permitted to communicate that:
The auditor is responsible for performing the audit in accordance with GAAS and that the audit is designed to obtain
reasonable, but not absolute, assurance about whether the financial statements are free of material misstatement.
The audit includes consideration of internal control as a basis for designing audit procedures but not for expressing
an opinion on internal control.
The auditor is responsible for communicating significant audit-related matters that the auditor judges to be relevant
to those charged with governance in overseeing the financial reporting process. The auditor is not required to
design procedures for the purpose of identifying other matters to communicate.
The auditor is responsible for communicating specific matters required by law or regulation, by agreement with the
entity, or by additional requirements applicable to the engagement.
1815.14 Planned Scope and Timing of the Audit. AU-C 260.11 requires the auditor to communicate the planned scope and
timing of the audit. However, this communication can not be so detailed as to compromise the effectiveness of the audit. For
example, communicating the nature and timing of detailed audit procedures may make those procedures predictable and
compromise their effectiveness. Planning matters to be communicated might include:
How the auditor plans to address the significant risks of material misstatement due to error or fraud.
The auditors approach to internal control, including whether the auditor will express an opinion on the effectiveness
of internal control over financial reporting.
A discussion of materiality as it relates to planning and performing the auditfocusing on factors considered, not on
specific amounts or thresholds.
The extent to which the auditor will use the work of internal auditors, if applicable, and how the internal and external
auditors can best work together.
1815.15 Significant Findings from the Audit. AU-C 260.12 requires the auditor to communicate significant findings or
issues from the audit, including:
The auditors views about qualitative aspects of the entitys significant accounting practices, including accounting
policies, estimates, and financial statement disclosures. When applicable, the auditor should also
Explain why a significant accounting practice that is acceptable under U. S. GAAP is not considered
appropriate in the particular circumstances of the entity.
Determine that those charged with governance are informed about the process used by management in
developing particularly sensitive accounting estimates, including fair value estimates, and about the basis for
the auditors conclusions regarding the reasonableness of those estimates. (Section 1809 discusses
accounting estimates and fair value.)
Significant difficulties encountered during the audit. (This might include significant delays in receiving required
information, unnecessarily brief time to complete the audit, extensive and unexpected effort required to obtain audit
evidence, unavailability of evidence, restrictions imposed on the auditors by management, and managements
unwillingness to provide information about how management plans to deal with a going concern matter. In some
circumstances, significant difficulties encountered during the audit may constitute a scope limitation requiring a
modified report.)
Disagreements with management about matters that could individually or in the aggregate be significant to the
financial statements or auditors report, regardless of whether the disagreements were satisfactorily resolved.
However, disagreements with management in this context do not include differences of opinion based on
incomplete facts or preliminary information that are subsequently resolved.
Other findings or issues that the auditor judges to be significant and relevant to those charged with governance
regarding their oversight of the financial reporting process.
1815.16 Uncorrected Misstatements. AU-C 260.13 requires the auditor to communicate uncorrected misstatements (other
than those considered to be trivial), including the effect they might have on the auditors opinion, to those charged with
governance. The auditor should discuss material uncorrected misstatements individually and request that they be corrected.
(If there are a large number of individually immortal uncorrected misstatements, the auditor may summarize them and
communicate the number and overall monetary effect on the financial statements.) The auditor should discuss the
implications of not correcting known and likely misstatements. The auditor needs to also communicate the effect of prior
period uncorrected misstatements on classes of transactions, account balances or disclosures, and on the financial
statements taken as a whole.
1815.17 When All Those Charged with Governance Are Not Involved in Management. Unless everyone charged with
governance is also involved in managing the entity, the auditor is also required to communicate:
Material corrected misstatements that were brought to the attention of management as a result of audit procedures.
Written representations the auditor is requesting from management.
The auditors views about significant accounting or auditing matters that were the subject of management
consultation with other accountants, when the auditor is aware that such consultation took place.
Significant issues arising from the audit that were discussed with management or were the subject of
correspondence with management.
1815.18 When the Auditor Is Restricted from Communicating with Those Charged with Governance. The auditor may
be legally restricted from communicating certain matters. For example, laws or regulations may specifically prohibit a
communication or other action that might prejudice an outside investigation of an illegal act. The auditor may want to consult
with the firms legal counsel in this situation.
The Communication Process
1815.19 To help establish the basis of the communication process, the auditor should communicate the form, timing, and
expected general content of communications with those charged with governance. Clearly communicating such information
helps lay the groundwork for effective two-way communication between the auditor and those charged with governance.
1815.20 It may also benefit effective two-way communication if the auditor:
Discusses the purpose of communications.
Identifies the person(s) on the audit team and among those charged with governance who will generally
communicate about matters.
Conveys his or her expectation that communications will be two-way with those charged with governance
communicating about matters they consider relevant to the audit.
Explains the process for taking action and reporting back on matters between the audit team and those charged
with governance.
1815.21 Timing of Communications. AU-C 260.18 indicates that the auditor should communicate with those charged with
governance on a timely basis. The appropriate timing of communications will vary with the circumstances of the engagement.
In deciding the timing, the auditor generally considers the significance and nature of the matter and the action expected to be
taken by those charged with governance. For example, the auditor may want to communicate:
Planning matters early in the engagement or, for an initial engagement, as part of the terms of the engagement.
Significant difficulties encountered during the audit as soon as practicable if they may lead to a modified opinion or if
those charged with governance are expected to help the auditor overcome the difficulties.
Matters related to auditor independence in connection with accepting the engagement when the auditor has given
significant consideration to circumstances or relationships that create a threat to independence.
1815.22 The timing of communications may also be affected by other factors, such as the entitys size, operating structure,
legal structure, or control environment; any legal obligation to communicate certain matters by a certain time; expectations of
those charged with governance, including arrangements for periodic meetings or communications with the auditor; the time
the auditor identifies significant matters such as material weaknesses that need remedial action; and whether the audit
involves both general purpose and special purpose financial statements.
Forms of Communication
1815.23 AU-C 260.16 requires written communication of significant findings or issues when, in the auditors professional
judgment, oral communication would not be adequate. Significant findings or issues that were communicated with those
charged with governance and subsequently resolved do not need to be included. Other communications may be oral or
written and may be formal or informal, including discussions. Practice aids that facilitate written communication are discussed
1815.24 The form of communication (i.e., oral or written, detailed or summarized, formal or informal) depends upon several
factors, including:
The significance of the matter.
Whether the matter has been satisfactorily resolved.
Whether management previously communicated the matter.
The entitys size, operating structure, control environment, and legal structure.
Whether legal or regulatory requirements require a written communication with those charged with governance.
The expectations of those charged with governance, including arrangements for periodic meetings or
communications with the auditor.
The amount of ongoing contact and dialogue the auditor has with those charged with governance.
Whether there have been significant changes in membership of the governing body.
In the case of a special purpose financial statement audit, whether the auditor also audits the general purpose
1815.25 When the communication is written, the auditor should indicate in the communication that it is intended solely for the
information and use of those charged with governance and, if appropriate, management and is not intended and should not
be used by anyone other than these specified parties.
1815.26 When a significant matter is discussed with an individual member of those charged with governance, the auditor
may want to consider summarizing it in later communications so that all persons charged with governance are fully informed.
Evaluation of the Adequacy of the Auditors Communication
1815.27 AU-C 260.19 requires the auditor to evaluate whether the two-way communication between the auditor and those
charged with governance has been adequate. The evaluation may be based on the auditors observations about whether
those charged with governance:
Took appropriate and timely actions in response to matters communicated by the auditor.
Openly communicated with the auditor.
Were willing and able to meet with the auditor without management present.
Have the ability to fully comprehend matters communicated by the auditor.
Experienced difficulty in establishing a mutual understanding with the auditor about the form, timing, and expected
general content of communications.
Are aware of how matters discussed with the auditor affect their governance responsibilities (applies only if the
individual is also a member of management).
1815.28 If, in the auditors judgment, the communication with those charged with governance was not adequate, it may
indicate that the auditor has not obtained sufficient appropriate evidence to form an opinion on the financial statements. The
auditor should evaluate the effect on the auditors risk assessment and ability to obtain sufficient appropriate audit evidence
and take appropriate action. If the situation cannot be resolved, the auditor may take other actions such as:
Modifying the opinion to reflect a scope limitation.
Obtaining legal advice about the consequences of different actions.
Communicating with third parties.
Withdrawing from the engagement.
Documentation of Communications
1815.29 AU-C 260.20 requires the auditor to document matters that have been communicated orally (including when and
with whom they were communicated). This documentation may include a copy of minutes prepared by the entity. When
matters have been communicated in writing, the auditor should retain a copy of the communication. The engagement letter
(ASB-CL-1.1) may be used to communicate planning matters, including the auditors responsibilities under GAAS and the
planned scope and timing of the audit, as long as the letter is provided to those charged with governance. Alternatively,
ASB-CL-5.1, Communication with Those Charged with Governance during Planning, provides a letter that can be used to
communicate those matters with those charged with governance during the planning phase of the audit. The letter at
ASB-CL-5.2, Communication with Those Charged with Governance at or Near the Conclusion of the Audit, may be used to
communicate significant findings near the conclusion of the audit.
Other Requirements to Communicate with Those Charged with Governance
1815.30 In addition to the requirements to communicate with those charged with governance found in AU-C 260 as
discussed in this section, requirements for the auditor to communicate with those charged with governance is also located in
certain other AU-C sections. These additional communications are generally required only under the specific circumstance,
and thus, are not included in every communication. These other possible required communications with those charged with
governance are found in the following AU-C sections
AU-C 210, Terms of Engagement.
AU-C 240, Consideration of Fraud in a Financial Statement Audit.
AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements.
AU-C 265, Communicating Internal Control Related Matters Identified in an Audit.
AU-C 550, Related Parties.
AU-C 560, Subsequent Events and Subsequently Discovered Facts.
AU-C 600, Special ConsiderationsAudits of Group Financial Statements (Including the Work of Component
Auditors).
AU-C 705, Modifications to the Opinion in the Independent Auditors Report.
AU-C 706, Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the Independent Auditors Report.
AU-C 720, Other Information in Documents Containing Audited Financial Statements.
AU-C 730, Required Supplementary Information.
AU-C 930, Interim Financial Information.
AU-C 935, Compliance Audits.
1816 COMMUNICATION OF FRAUD AND VIOLATIONS OF LAWS AND
REGULATIONS
1816.1 Paragraph 1812.26 discusses the auditors responsibility to evaluate the results of audit procedures and consider
whether they lead the auditor to believe that an error or fraud may have occurred. In addition, section 307 discusses the
auditors detection responsibilities under AU-C 240, Consideration of Fraud in a Financial Statement Audit, related to
misstatements caused by fraud. AU-C 250, Consideration of Laws and Regulations in an Audit of Financial Statements,
imposes detection and communication responsibilities for violations of laws and regulations (previously referred to as illegal
acts) that have a direct and material effect on the determination of financial statement amounts (examples are accruals and
expense affected by tax laws, or revenue accrued under government contracts). AU-C 250 imposes lesser responsibilities for
detection of violations of laws or regulations having material but indirect effects on the determination of financial statement
amounts (primarily inquiry and inspection of any relevant correspondence) and establishes communication responsibilities for
those violations. This section discusses the auditors responsibilities when evidence indicates that fraud or a violation of laws
or regulations may have occurred. Section 309 discusses the auditors responsibilities during the planning stage when
considering fraud or laws and regulations.
1816.2 The objectives of the auditor when considering laws and regulations in the audit are to (a) obtain audit evidence for
material amounts and disclosures in the financial statements that are directly determined by the provisions of laws and
regulations, (b) perform certain audit procedures that may identify instances of noncompliance with other laws and
regulations that may have a material effect on the financial statements, and (c) respond appropriately to noncompliance or
suspected noncompliance identified during the audit. The consideration of fraud in the audit is addressed in Chapter 4 and
one of the auditors objectives includes responding to fraud or suspected fraud found during the audit.
Exhibit 18-26
Requirements for Consideration of Laws and Regulations in an Audit
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Consideration of Laws and Regulations in an Audit
When obtaining an understanding of the entity and its environment, obtain
a general understanding of (1) the legal and regulatory framework and the
industry or sector in which the entity operates and (2) how the entity
complies with that framework.
AU-C 250.12
a ASB-AP-1
ASB-CX-3.1
Obtain sufficient appropriate audit evidence for material amounts and
disclosures in the financial statements that are directly determined by the
provisions of laws and regulations.
AU-C 250.13
a ASB-CX-3.1
To potentially identify instances of noncompliance with other laws and
regulations that may be material to the financial statements (1) inquire of
management and those charged with governance about whether the entity
is in compliance with such laws and regulations and (2) inspect any
correspondence with the relevant licensing or regulatory authorities.
AU-C 250.14
a ASB-AP-1
ASB-CX-3.1
Remain alert during the audit for the possibility that other audit procedures
may reveal instances of noncompliance or suspected noncompliance with
AU-C 250.15
a N/A
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
If information concerning an instance of noncompliance or suspected
noncompliance with laws and regulations is found, obtain (1) an
understanding of the nature of the act and the circumstances in which it
occurred and (2) additional information to evaluate the possible effect on
AU-C 250.17 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
If noncompliance is suspected, discuss the matter with management (at a
level above those involved with the suspected noncompliance, if possible)
and, when appropriate, those charged with governance. If management or
those charged with governance do not provide sufficient information
supporting that the entity is in compliance with laws and regulations and
the effect of the suspected noncompliance may be material to the financial
statements, consider obtaining legal advice.
AU-C 250.18 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
If sufficient information about suspected noncompliance cannot be
obtained, evaluate the effect on the auditors opinion.
AU-C 250.19 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Evaluate the effect of noncompliance on other aspects of the audit,
including the auditors risk assessment and the reliability of written
representations, and take appropriate action.
AU-C 250.20 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Communicate with those charged with governance, unless all are involved
with management and already aware of the matters, noncompliance with
laws and regulations that come to the auditors attention during the audit,
except for matters that are clearly inconsequential.
AU-C 250.21 ASB-CL-5.2
If identified noncompliance with laws and regulations is believed to be
intentional and material, communicate the matter to those charged with
governance as soon as practicable.
AU-C 250.22 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
If management or those charged with governance are suspected of
involvement in noncompliance, communicate the matter to the next higher
level of authority at the entity, if it exists. If no higher authority exists, or if
the communication may not be acted upon or there is uncertainty about
the person to whom to report, consider obtaining legal advice.
AU-C 250.23 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
If the noncompliance has a material effect on the financial statements, and
it has not been adequately reflected in the financial statements, express a
qualified or adverse opinion on the financial statements.
this Guide.
b
If management or those charged with governance keeps the auditor from
obtaining sufficient appropriate audit evidence to evaluate whether
noncompliance that may be material to the financial statements has, or is
likely to have, occurred, express a qualified opinion or disclaim an opinion
on the financial statements due to a scope limitation.
this Guide.
b
If noncompliance cannot be determined because of limitations imposed by
the circumstances rather than by management or those charged with
governance, evaluate the effect on the auditors opinion.
this Guide.
b
Determine whether there is a responsibility to report identified or AU-C 250.27 ASB-AP-2,
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
suspected noncompliance to parties outside the entity. Potential Fraud
or Violations of
Laws and
Regulations
Document a description of the identified or suspected noncompliance with
laws and regulations and the results of discussions with management and,
when applicable, those charged with governance, and other parties inside
or outside the entity.
AU-C 250.28 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Consideration of Fraud in a Financial Statement Audit
If fraud has been identified or if information has been obtained that
indicates that a fraud may exist, communicate these matters on a timely
basis to the appropriate level of management.
AU-C 240.39 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Unless all of those charged with governance are involved in managing the
entity, if fraud is identified or suspected and it involves management,
employees who have significant roles in internal control, or others, when
the fraud results in a material misstatement in the financial statements,
communicate those matters to those charged with governance on timely
basis. If the suspected fraud involves management, communicate these
suspicions to those charged with governance and discuss with them the
nature, timing, and extent of audit procedures necessary to complete the
audit.
AU-C 240.40 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Communicate with those charged with governance any other matters
related to fraud that are judged to be relevant to their responsibilities.
AU-C 240.41 ASB-CL-5.2
If fraud is identified or suspected, determine whether the auditor has a
responsibility to report the occurrence or suspicion to a party outside the
entity.
AU-C 240.42 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Document communications about fraud made to management, those
charged with governance, regulators, and others.
AU-C 240.45 ASB-AP-2,
Potential Fraud
or Violations of
Laws and
Regulations
Notes:
a
These requirements are discussed in Chapter 3.
b
Detailed guidance on reporting on the financial statements is covered in PPCs Guide to Auditors Reports.
* * *
When Fraud or a Violation of Laws and Regulations May Have Occurred
1816.4 When the auditor is confronted with information indicating potential noncompliance with laws and regulations (such
as noncompliance cited in regulatory examination reports or the payment of fines and penalties) or a circumstance that
indicates the possibility of fraud (such as a discrepancy between the accounting records and other evidential matter,
including transactions with no supporting documentation, no apparent authorization, or that have not been recorded), the
auditor should consider how and why that might have occurred and investigate further. If the investigation indicates there may
have been fraud or a violation of laws or regulations, the auditor should do the following:
a. Obtain an understanding of the matter and sufficient other information to evaluate the possible effects on the
financial statements and auditors report (including the need for adjustments and for disclosure of a violation of laws
or regulations and any related contingencies, or the need for a report modification if necessary financial statement
adjustments or disclosures are not made or because of a scope limitation).
b. Consider the implications for other aspects of the audit, e.g., risk assessment and reliance on managements
representations.
c. Discuss the matter and the need for any further investigation with an appropriate level of management at least one
level above those involved.
d. If appropriate, consult with the clients legal counsel (or suggest that the client consult with legal counsel) on any
questions of law and on the course of action the client should take.
e. Document a description of the identified or suspected fraud or violation of laws and regulations and the results of
any conversations with management, those charged with governance, and others, if applicable.
In the rare event that management is not willing to follow sound legal advice about fraud or violations of laws or regulations,
the auditor should consider seeking the recommendation of legal counsel about possible courses of action, including
possible withdrawal from the engagement. The auditor would, of course, carefully document all communications related to
the matter and its disposition.
1816.5 Under AU-C 250 and AU-C 240, the auditor ordinarily is not responsible for disclosing fraud or violations of laws and
regulations to parties other than senior management and those charged with governance. However, state laws may require
communication of certain fraud or violations of laws or regulations. Some states provide criminal penalties for those who fail
to report a felony to the proper authorities. Others require auditors to maintain confidentiality. The authors recommend that
auditors seek legal advice in those situations.
Communications about Possible Fraud or Violations of Laws and Regulations
1816.6 AU-C 250.21 requires that the auditor be sure the audit committee or others charged with governance (e.g.,
owner/manager or board of directors) are adequately informed about any violations of laws or regulations, unless clearly
inconsequential, that come to the auditors attention. As discussed in section 307, if the auditor determines there is evidence
fraud may exist (even if the matter is inconsequential) AU-C 240.39 requires the auditor to report it to the appropriate level of
management. If the fraud or potential fraud involves senior management or causes the financial statements to be materially
misstated, it should be reported directly to those charged with governance. Auditors also normally reach an understanding
with those charged with governance about the nature and extent of communication about misappropriations committed by
lower-level employees. In the absence of such an agreement, the authors believe the auditor needs to report all instances of
fraud to both the appropriate level of management and to those charged with governance. The authors recommend that
communications about possible fraud be made in writing; if made orally, the nature of the communication should be
documented in the workpapers.
1816.7 In some cases, the auditor may have a duty to disclose fraud or violations of laws and regulations to parties outside of
the company. Examples of those situations include:
To comply with legal or regulatory requirements.
To a successor auditor making inquiries in accordance with AU-C 210 (discussed in section 202).
When responding to a subpoena.
To a government funding agency or other specified agency when complying with requirements for audits of
recipients of governmental financial assistance.
Before disclosing instances of fraud to parties outside the company, the authors recommend the auditor consult with legal
counsel due to the nature of the auditors ethical and legal obligations.
1816.8 In addition, if any of the identified fraud risks have internal control implications, the auditor should determine whether
they represent deficiencies related to the entitys internal control that should be reported to management and others in
accordance with AU-C 265. The absence of or deficiencies in processes and controls designed to mitigate or otherwise
prevent, deter, and detect fraud may also be matters that require communication. Section 1814 provides a further discussion
of communicating significant deficiencies and material weaknesses to management and those charged with governance.
1816.9 Auditors also may wish to communicate identified fraud risks, that are not otherwise required to be communicated in
accordance with paragraphs 1816.6 or 1816.8, to those charged with governance.
1817 ENGAGEMENT SUMMARY MEMORANDUM (ESM)
1817.1 At the conclusion of an audit engagement, some firms require an Engagement Summary Memorandum (ESM) to be
prepared for inclusion in the audit workpapers. The purpose of the ESM is to summarize information that is already included
in the audit workpapers and to document the auditors conclusions based on the audit as a whole. Some firms do not prepare
ESMs for their audit engagements (especially smaller engagements) because the information included in the ESM can be
found elsewhere in the workpapers. Benefits of preparing an ESM include the following:
The ESM summarizes the results of the engagement for the supervisory reviewer. As a result, the supervisory
reviewer can focus on reviewing the workpapers for the areas with significant issues that have been identified in the
ESM.
The ESM provides a means for the auditor to document the reasoning behind significant judgments made during the
audit and to document changes made to the audit plan and audit strategy during the engagement (after the
planning documents are prepared).
As noted in paragraph 1811.25, if the firm has a policy for engagements to be subject to engagement quality control
review, the independent reviewer typically may only need to review the audited financial statements, auditors report,
ESM, attorneys letters, management representation letter, and other summary documentation (such as the
Supervision, Review, and Approval Form at ASB-CX-14).
The ESM for the previous audit is a useful tool when planning the current-year audit because it may identify risk
areas or other matters to address when planning the current-year engagement.
1817.2 Generally, the ESM is prepared by the engagement team member who has an overall understanding of the significant
issues encountered during the audit. Normally, this would be the audit senior or in-charge auditor.
Content of the ESM
1817.3 An engagement summary memorandum generally includes the following information:
A brief background of the company and a description of its operations.
A brief recap of the results of the auditors risk assessments and identification of any significant risks.
Summary of the companys operating results.
Discussion of significant accounting and auditing issues, including matters that involve significant professional
judgment.
An indication of the review performed by the engagement partner.
Summary of audit differences.
Summary of significant deficiencies and material weaknesses.
Overall opinion.
Documentation of the report release date and the documentation completion date.
Subsequent revisions to workpapers.
Other matters that are sometimes included in an ESM include identification of engagement team members, summary of the
closing meeting held with the client, issues for inclusion in a management letter, and client service opportunities.
1817.4 Background Information. The background information included in an ESM provides a brief description of the entitys
ownership, products, operating facilities, and significant operating strategies. The auditor may obtain the necessary
information for this section from the Understanding the Entity and Identifying Risks form (ASB-CX-3.1). In addition,
information about historical operating results may be provided. The background information section is usually very briefthe
information can be covered in a few short paragraphs. (Some firms do not include this section.)
1817.5 Recap of Risk Assessments. This section of the ESM provides an overview of the risk assessments made by the
auditor during the audit. Generally, the discussion summaries the nature of the risks identified and the nature of procedures
performed to respond to the risk. This section of the ESM also identifies risks that the auditor determined to be significant
risks (i.e., risks that, in the auditors judgment, warrant special audit consideration) and the nature of the auditors response to
the significant risks. This section may also discuss low risk areas and the reasons for the auditors conclusion that risk is low.
Information for this section may be obtained from the Understanding the Entity and Identifying Risks form (ASB-CX-3.1) and
the Risk Assessment Summary Form (ASB-CX-7.1). In addition, this section provides an opportunity for the auditor to
document changes made to the audit approach after the planning documents were prepared. Such changes may result from
the auditor identifying additional risks during the audit. The auditor documents the additional risks identified and the auditors
response in this section of the ESM.
1817.6 Summary of Operating Results. This section of the ESM normally provides an overview of the companys current
year (audited) operating results compared with the prior period. The operating results are normally presented at a high
levelthat is, sales, costs and expenses, income before tax, income tax expense, and net income. Explanations of significant
variances are included based on information obtained during the audit.
1817.7 Significant Accounting and Auditing Issues. AU-C 230.08 requires auditors to document significant audit findings
or issues, conclusions reached, and significant professional judgments made in reaching conclusions. Auditors also are
required to record any discussions of such matters with parties outside of the audit firm or the engagement team. This section
includes narrative discussions of the auditors reasoning process behind significant decisions made during the audit and
documents the auditors compliance AU-C 230. Matters generally covered in this section include the following:
Audit areas that involve significant judgment such as valuation allowances for receivables and inventory, loss
provisions for impairment of assets, significant accruals for other loss contingencies (such as warranty reserves and
environmental liabilities), and conclusions reached about other significant contingencies (such as litigation).
Significant transactions that are complex or unusual in nature (such as accounting changes or changes in estimates,
discontinued operations, acquisitions or mergers, and significant unusual transactions near year end). If the auditor
had to consult with a technical expert (whether inside or outside the firm) to determine the proper accounting
treatment of a significant transaction, a summary of the consultation could also be included.
Difficult judgments about materiality of misstatements or whether certain disclosures are warranted. For example,
the auditor documents the reasoning behind not making certain disclosures that the client determines are not
material.
Issues that result in the auditors report being modified.
Audit areas that included unusual or more extensive audit procedures than normal (for example, areas that
warranted additional procedures as a result of the auditors assessment of the risk of material misstatement due to
fraud, areas where the auditor noted control deficiencies, or areas that involved the use of a specialist).
Significant or unusual related-party transactions that triggered accounting or audit issues requiring consideration.
This list is not intended to be all-inclusive. The auditor uses his or her judgment in deciding what significant matters to include
in the ESM. The authors recommend including a summary of any relevant issues in the ESM that are subject to supervisory
review (see section 1811), particularly issues that could have a significant effect on the auditors opinion on the financial
statements.
1817.8 Review Performed by the Engagement Partner. AU-C 230.09 requires documentation of who reviewed specific
audit documentation and the date of the review. Some auditors, especially those performing the partner level review, may
prefer documenting the evidence of their review in the ESM indicating the workpaper sections reviewed and the date(s) of
their review instead of signing and dating individual workpapers. (Additionally, the practice aid, Supervision, Review, and
Approval Form at ASB-CX-14 serves as a checklist to assist reviewers in performing and documenting their reviews of the
audit work performed.)
1817.9 Summary of Audit Differences. Preparation of the summary of audit differences is discussed beginning in paragraph
1812.31. The summary of audit differences may be included as an attachment to the ESM. However, some auditors prefer to
summarize the passed adjustments for presentation in the ESM. Generally, only those audit differences that have an effect on
income are presented. However, if the auditor has proposed significant reclassification adjustments, those are also addressed
in the ESM. Exhibit 18-5 illustrates an example summary of audit differences that can be included in or attached to the ESM.
ASB-CL-3.3, Summary of Audit Differences, provides a drafting form for that summary. Auditors also might consider
attaching a copy of ASB-CX-12.2, Audit Difference Evaluation Form.
1817.10 Summary of Significant Deficiencies and Material Weaknesses. This section of the ESM provides an overview of
the significant deficiencies and material weaknesses identified during the audit. These items are generally presented at a
summary levelthat is, they are listed and identified as either significant deficiencies or material weaknesses. The auditor
may also document here the date of the written communication to management and those charged with governance.
1817.11 Opinion. The ESM generally includes the preparers opinion on the following matters:
The adequacy of the audit scope.
Fairness of presentation of the audited financial statements in conformity with GAAP or an OCBOA.
The appropriateness of modifications to the auditors report, if necessary.
An example of the opinion statement that could be included in the ESM is as follows:
It is my opinion that the scope of our audit was adequate and that the financial statements of ABC, Inc., for
the year ended September 30, 20X0, are presented fairly in conformity with generally accepted accounting
principles.
1817.12 Report Release Date and the Documentation Completion Date. AU-C 230.15 requires the auditor to document
the report release date in the workpapers. The report release date is the date that the auditor gives the client permission to
use the auditors report in connection with the financial statements. For most audits of small businesses, this will be the date
that the auditor delivers the report to the client. The general auditing and completion procedures program (ASB-AP-2)
provides a place for the auditor to document the report release date. The auditor may additionally document that date in the
ESM.
1817.13 AU-C 230.06 refers to the date that workpapers should be assembled for retention as the documentation completion
date. The final assembly and completion of the audit file should occur within 60 days of the report release date. After that
date, the auditor should not delete or discard any documentation prior to the required five-year retention period, as provided
in paragraph 808.4. While AU-C 230 does not specifically require the auditor to document the documentation completion
date, as a practical matter documentation of that date ensures compliance with the requirement to complete final assembly of
the workpapers within 60 days of the report release date and establishes a starting-point for the required retention period.
1817.14 Subsequent Revisions to Workpapers. The ESM can be used to document revisions to the workpapers made after
the document completion date and provide evidence that the change was reviewed. See further discussion of documenting
revisions after the date of the auditors report beginning at paragraph 802.20.
1817.15 Signing the ESM. Generally, the ESM is signed and dated by the preparer (which, as discussed in paragraph
1817.2, is usually the in-charge auditor). Additionally, the ESM is generally signed and dated by each reviewer (for example,
the audit manager, partner, and independent reviewer).
1818 SUBSEQUENT DISCOVERY OF MATTERS AFTER DATE OF REPORT
1818.1 Subsequent to the date of the auditors report, auditors may become aware of facts that existed on that date that
might have caused them to believe information supplied by the entity was incorrect, incomplete, or otherwise unsatisfactory
had they then been aware of them. In such circumstances, the auditor should consider the guidance in AU-C 560,
Subsequent Events and Subsequently Discovered Facts [Formerly SAS No. 1 (AU 561)], in determining an appropriate course
of action. Subsequent to the date of the auditors report, the auditor may also conclude that certain necessary auditing
procedures were omitted from the audit, but there is no indication that the financial statements are materially misstated. AU-C
585, Consideration of Omitted Procedures After the Report Release Date [Formerly SAS No. 46 (AU 390)], provides guidance
in that situation. (Section 1805 discusses the objectives and requirements relating to the auditors responsibilities for
subsequent events under the clarified standards.)
1818.2 The objectives of the auditor when facts are subsequently discovered or procedures have been omitted are:
To appropriately respond to facts that became known after the date of the auditors report that, had they been
known at the report date, may have caused the auditor to revise the report. (AU-C 560.05)
To determine the effect of omitted procedures on the auditors current ability to support the previously expressed
opinion on the financial statements and respond appropriately. (AU-C 585.04)
Exhibit 18-27
Requirements for Subsequent Discovery of Facts and Omitted ProceduresEffective for Audits of Periods Ending on
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
Facts Discovered before the Report Release Date
If a subsequently discovered fact becomes known after the auditors report
date but before the report release date
Discuss the matter with management and, when appropriate, those
Determine whether the financial statements need revision and, if so,
inquire how management intends to address the matter in the
AU-C 560.12 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If management revises the financial statements, perform audit procedures
necessary in the circumstances on the revision and either:
date the auditors report as of a later date, extend the subsequent
events audit procedures to the new date of the auditors report, and
request written representations from management as of the new date,
or
dual date the auditors report for the revision and request written
representations as of the additional date about whether (i) any
information has come to managements attention that would cause
them to believe that any of their previous representations should be
modified and (ii) any other subsequent events have occurred that
would require adjustment to, or disclosure in, the financial
statements.
AU-C 560.13 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
Express a qualified opinion or an adverse opinion if management does not
revise financial statements that need to be revised.
AU-C 560.14 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
Facts Discovered after the Report Release Date
If a subsequently discovered fact becomes known after the report release
date
Discuss the matter with management and, when appropriate, those
Determine whether the financial statements need revision and, if so,
inquire how management intends to address the matter in the
AU-C 560.15 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If management revises the financial statements perform audit procedures
necessary in the circumstances on the revision and either
date the auditors report as of a later date, extend the subsequent
events audit procedures to the new date of the auditors report, and
request written representations from management as of the new date,
or
dual date the auditors report for the revision and request written
representations as of the additional date about whether (i) any
information has come to managements attention that would cause
them to believe that any of their previous representations should be
modified and (ii) any other subsequent events have occurred that
would require adjustment to, or disclosure in, the financial
statements.
AU-C 560.16 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
Requirements
Clarified
AU-C
Reference
Guide
Reference
Practice
Aids
If the audited financial statements were made available to third parties
before the revision, assess whether the steps taken by management are
timely and appropriate to ensure that anyone in receipt of those financial
statements is informed of the situation, including that the audited financial
statements should not be relied upon.
AU-C 560.16 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If the auditors opinion on the revised financial statements differs from the
opinion previously expressed, determine that the appropriate disclosures
are made.
AU-C 560.16 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If management does not revise the financial statements in circumstances
when they need to be revised
If the audited financial statements were not made available to third
parties, notify management and those charged with governance not
to make the audited financial statements available to third parties
before the necessary revisions have been made and a new auditors
report on the revised financial statements has been provided.
If the audited financial statements were made available to third
parties, assess whether the steps taken by management are timely
and appropriate to ensure that anyone in receipt of those financial
statements is informed of the situation, including that the audited
financial statements should not be relied upon.
AU-C 560.17 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If management does not take the necessary steps to ensure that anyone in
receipt of the audited financial statements before revision is informed of
the situation, notify management and those charged with governance that
the auditor will seek to prevent future reliance on the auditors report. Seek
to prevent future reliance on the auditors report if management or those
charged with governance still do not take the necessary steps.
AU-C 560.18 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
Omitted Procedures
If the auditor becomes aware of an omitted procedure after the report
release date, assess the effect of the omitted procedure on the current
ability to support the previously expressed opinion on the financial
statements.
AU-C 585.06 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
If an omitted procedure impairs the auditors current ability to support a
previously expressed opinion on the financial statements and there are
users currently relying, or likely to rely, on the previously released report,
promptly perform the omitted procedure, or alternative procedures, to
determine whether there is a satisfactory basis for the previously
expressed opinion. Document the procedures performed.
AU-C 585.07 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
When subsequently performed omitted procedures or alternative
procedures cause the auditor to become aware of facts that existed at the
report release date that may have caused the auditor to amend the report
had they been known at that date, apply the procedures for subsequently
discovered facts.
AU-C 585.08 ASB-AP-2,
Omitted
Procedures and
Subsequent
Discovery of
Facts
* * *
Subsequent Discovery of Facts Existing at the Date of the Report
1818.4 The guidance in AU-C 560 (effective for periods ending on or after December 15, 2012) related to subsequent
discovery of facts differs from the guidance in AU 561 (effective for periods ending before December 15, 2012) in that AU-C
560 contains separate requirements for situations where facts are discovered before the report release date and those
situations where facts are discovered after the report release date. According to AU-C 560.A18, the guidance is applicable
even if the auditor has withdrawn or been discharged. Procedures to be performed for periods ending both before and after
December 15, 2012, are included in the Other General Auditing and Completion Procedures at ASB-AP-2.
1818.5 Section 702 of PPCs Guide to Auditors Reports provides reporting guidance when the decision is made to issue
revised financial statements and auditors report.
Consideration of Omitted Procedures
1818.6 According to AU-C 585.06, when the auditor determines that certain necessary auditing procedures were omitted, the
auditor should assess the importance of the omitted procedures on his or her ability to support the opinion expressed on the
financial statements. Review of the workpapers, discussions with others assigned to the engagement, and reevaluation of the
overall audit scope may be helpful in making the assessment. The results of subsequent audits also may be considered.
1818.7 If the auditor concludes that he or she is unable to support his or her opinion on the previously issued financial
statements, and there are persons currently relying on, or likely to rely on, his report, he or she should promptly apply the
omitted procedures or alternative procedures that would support his or her opinion. After applying the procedures, if the
auditor becomes aware of facts existing at the date of his report that would have affected the report had he or she then been
aware of them, he or she should follow the guidance discussed beginning in paragraph 1818.1. If the auditor is unable to
apply the omitted or alternative procedures, he or she may decide to consult with his attorney to determine an appropriate
course of action.
1818.8 Because of the potential legal implications of the situations discussed beginning in paragraph 1818.1, auditors may
decide to consult their attorneys any time the circumstances described in this section are encountered.
1818.9 AU-C 230.14 establishes documentation requirements for revisions that are made to the workpapers after the date of
the auditors report. When the auditor determines that the guidance in AU-C 560 or AU-C 585 applies, the general
documentation requirements of AU-C 230 should be followed when evidencing the auditors procedures. When documenting
the necessary revisions to the workpapers as a result of these procedures, including any new conclusions that were reached,
the following information should be recorded:
When the change was made and reviewed.
Who made and reviewed the change.
Reasons for the change.
The procedures performed, audit evidence obtained, and conclusions reached, and their effect on the auditors
report.
The auditor cannot, however, delete or discard any audit documentation after the documentation completion date and
through the retention date. The documentation completion date and retention date are discussed further in Section 1819.
Section 802 discusses general audit documentation requirements.
1819 WORKPAPER FINALIZATION AND RETENTION
1819.1 After the auditor issues his report to the client, professional standards require that the workpapers be completed on a
timely basis. Furthermore, workpapers should also be retained for a specified period of time. Sections 802 and 805 provide
additional discussion on these matters.
Documentation Completion Date
1819.2 AU-C 230.16 indicates that the final assembly and completion of the audit file should occur within 60 days of the
report release date. AU-C 230 refers to this date as the documentation completion date. After this date, the auditor should not
delete or discard any documentation prior to the specified retention period discussed in paragraph 1819.3. Auditors may
adopt documentation completion periods that are shorter than 60 days, either on an engagement-by-engagement basis, or as
part of the firms policy of quality control. In addition, the auditor needs to consider whether there are regulatory or state
requirements that require a shorter documentation completion period. The impact of these file completion requirements
needs to be carefully considered by the auditor when scheduling and planning engagement time and resources. In many
cases, auditors cannot wait until the end of busy season to finalize the audit files of engagements completed earlier in the
year. The authors recommend that auditors complete workpapers on a timely basis as the audit progresses to minimize the
impact of finalizing the audit files.
Workpaper Retention
1819.3 Auditors should establish policies and procedures regarding the retention of workpapers (QC 10.51). These policies
need to be for a time frame that meets the needs of the auditors practice and considers any regulatory or legal requirements
regarding document retention. AU-C 230.17 specifically indicates that this period should not be shorter than five years from
the report release date. Auditors also needs to be aware that various states have enacted or are considering legislation or
regulations that address the retention of audit workpapers and may require a longer retention period. Section FP of the
practice aids provides a location for firm quality control policies and procedures.
FIRM POLICIES (ASB-FP)
Instructions
This section allows you to customize this Guide to fit the particular needs of your firm. Suggested contents include:
1. Firms quality control policies and procedures.
1(126)
2. Firms recommended workpaper documentation system.
3. Firms standardized tickmarks.
ASB-FP-1 is an optional form that can be used if the firm wishes to list in the audit workpapers the members of the
engagement team.
The practice aids often use the term partner (for example, partner, engagement partner, or concurring partner). For firms
structured in legal forms other than partnerships (such as professional corporations and limited liability partnerships), this
term can be viewed as interchangeable with owner, shareholder, or member. Use of the term partner is not intended to imply
that the firm is operating as a partnership.
ASB-FP-1: Audit Team Members
Entity: Balance Sheet Date:
This is an optional form that can be used if the firm wishes to list in the audit documentation the members of the engagement
team. If the form is used, list all professionals who perform any part of the audit work.
Name
Position on
Engagement
a
Years with
Initials Firm Job
Note:
a
For example, engagement partner, manager-in-charge, or staff.
CHECKLISTS AND PRACTICE AIDS (ASB-CX)
Instructions
Using the checklists is discussed in Volumes 1 and 2 of this Guide. The authors also suggest that you add other checklists
common to your practice. The authors recommend that any checklists you add be clearly designated so they can be easily
identified for retention and carryforward.
These checklists are updated annually to keep your Guide current with the latest authoritative literature. Thus, if your firm
keeps an inventory or master copies of frequently used checklists, make sure they have not become outdated by subsequent
changes. To determine whether changes have been made to checklists in the latest edition of this Guide, refer to the List of
Substantive Changes and Additions, which is furnished with the annual update.
Caution: Copies of the checklists should be used only to assist you and should not be used in any published document
without the permission of the publisher.
For those checklists and practice aids that are updated and carried forward annually, ensure that you retain a copy in the
prior year audit file before making any changes in the current year.
PPCs Guide to Audits of Nonpublic Companies is available in print, on CD, and online on Checkpoint. Checkpoint Tools,
which are designed to enhance productivity when used in combination with your audit guide, include PPCs Workpapers,
PPCs Practice Aids, PPCs SMART Practice Aids, PPCs Interactive Disclosure Libraries, and PPCs Engagement Letter
Generator.
PPCs Workpapers provide practice aids not available in your PPC Guides and help you standardize the format of your
firms workpapers.
PPCs Practice Aids are Word & Excel versions of all editable practice aids contained in your PPC Guide.
PPCs SMART Practice Aids bring advanced functionality to your existing Practice Aid audit products.
PPCs Interactive Disclosure Libraries provide electronic versions of your disclosure checklists and real-world examples
PPCs Engagement Letter Generator is interactive software that automates the process of drafting engagement letters.
Your Checkpoint Tools can be integrated with Engagement CS from Creative Solutions or used on a stand-alone basis.
Engagement CS automates the engagement process, thereby assisting your firm in its paperless audit approach. The PPC
products can be ordered by calling your PPC representative at (800) 431-9025. Engagement CS can be ordered at (800)
968-8900 or from the Creative Solutions website at cs.thomsonreuters.com.
The authors encourage you to contact Thomson Reuters at ppc.thomsonreuters.com to offer any comments or suggestions
you may have to improve the usefulness of the checklists.
ASB-CX-0.1: Application of Practice Aids to Engagements
The PPC approach to the audit process can be divided into the following broad steps:
Step 1 Perform procedures regarding acceptance/continuance of the client relationship, evaluate compliance with
ethical requirements (including independence), and establish an understanding with the client in an
engagement letter.
Step 2 Develop a preliminary audit startegy, establish planning materiality and perform risk assessment procedures to
gather information about the entity and its environment that may be relevant in identifying risks of material
misstatement of the financial statements.
Step 3 Gather information to understand and evaluate the design and implementation of the entitys internal control
system.
Step 4 Synthesize the information gathered, identify risks (both overall and specific) that could result in material
misstatement of the financial statements, and finalize the overall audit strategy.
Step 5 Assess the risks of material misstatement of the entitys financial statements.
Step 6 Develop and perform appropriate responses (further audit procedures) to the assessed risks of material
misstatement of the financial statements considering the overall audit strategy and planning materiality.
Step 7 Evaluate audit findings and evidence.
Step 8 Prepare required reports and communications.
PPC practice aids are listed in the following table within a specific step in the audit process. The authors have indicated
whether each practice aid is (1) generally required in an audit of a nonpublic company, (2) primarily a supplemental practice
aid, or (3) only used if the client presents a specific situation, as follows:
RequiredCompletion of the PPC practice aid ensures compliance with GAAS and peer review requirements. However,
those requirements may be met by documenting the items covered in the PPC practice aid in a memo or using an
alternative documentation method.
SupplementalThe practice aid may be used by the auditor to increase efficiency. By themselves, these practice aids
generally do not fulfill a specific GAAS requirement. Any related GAAS requirement is fulfilled in another practice aid.
SituationalThe practice aid assists the auditor with situations that do not occur in every audit. If the client has this
situation, the practice aids fulfills the GAAS requirements.
The auditor may choose to document audit procedures in a memo or in another form rather than using a PPC practice aid. To
ensure that the alternative documentation meets the requirements of GAAS, the authors recommend that auditors read the
PPC practice aid for an indication of the matters to be considered and documented. As a general rule of thumb, the
alternative documentation should address the subtitles in the PPC practice aids, thereby indicating how all the major areas for
consideration in the practice aid are addressed.
Practice Aid Required Supplemental Situational
Perform Acceptance/Continuance Procedures
ASB-CX-1.1: Engagement Acceptance and Continuance Form X
ASB-CX-1.2: ET Interpretation 101-3 Documentation Form X
Perform Risk Assessment Procedures
ASB-CX-2.1: Financial Statement Materiality Worksheet for X
Planning Purposes
ASB-CX-2.2: Component Materiality Worksheet X
ASB-CX-3.1: Understanding the Entity and Identifying Risks X
ASB-CX-3.2: Engagement Team Discussion X
ASB-CX-3.3: Fraud Risk Inquiries Form X
ASB-CX-3.4: Audit Inquiries Summary Form X
Understand/Evaluate Internal Control
ASB-CX-4.1: Understanding the Design and Implementation of
Internal Control
X
ASB-CX-4.2.1: Financial Reporting System Documentation
FormFinancial Close and Reporting Significant Transaction
Classes
X
ASB-CX-4.2.2: Financial Reporting System Documentation
FormIT Environment and General Computer Controls
X
ASB-CX-4.3: Walkthrough Documentation Table X
ASB-CX-5: Activity and Entity-level Control Forms X
Identify Risks and Assess the Risk of Material
Misstatement
ASB-CX-6.1: Entity Risk Factors X
ASB-CX-6.2: Fraud Risk Factors X
ASB-CX-7.1: Risk Assessment Summary Form X
ASB-CX-7.2: Inherent Risk Assessment Form X
Perform Further Audit Procedures
ASB-CX-8.1: Planning Worksheet to Determine Extent of
Substantive Procedures
X
ASB-CX-8.2: Sampling Planning and Evaluation
FormSubstantive Procedures
X
ASB-CX-8.3: Sampling Worksheet for Testing Account Coding
and Classifications
X
ASB-CX-9.1: Substantive Analytical Procedures Worksheet X
ASB-CX-9.2: Ratio Analysis Worksheet X
ASB-CX-10.1: Test of Controls Form X
ASB-CX-10.2: Tests of Controls Sampling Planning and
Evaluation Form
X
ASB-CX-11.1: Inventory Counting Procedures X
ASB-CX-11.2: Confirmation Summary Form X
ASB-CX-11.3: Accounts Receivable Statistics Form X
ASB-CX-11.4: Checklist for Determining Whether a Contract is
a Derivative
X
ASB-CX-11.5: Data Extraction Software Analysis
Documentation Form
X
ASB-CX-11.6: Documentation and Analysis of Group X
Components
Evaluate Audit Findings and Prepare Reports and
Communications
ASB-CX-12.1: Closing Entry and Audit Adjustment Form X
ASB-CX-12.2: Audit Difference Evaluation Form X
ASB-CX-13: Disclosure Requirements for Financial Statements
of Nonpublic Companies
X
ASB-CX-14: Supervision, Review, and Approval Form X
ASB-CX-15.1: Control Deficiency Evaluation Worksheet X
ASB-CX-15.2: Control Deficiency Comment and Management
Point Development Worksheet
X
ASB-CX-16.1: Going-concern Checklist X
ASB-CX-16.2: Significant Estimates Identification Checklist X
ASB-CX-16.3: Concentrations Identification Checklist X
ASB-CX-16.4: Accounting and Engagement Issues X
ASB-CX-17.1: Client Billing Information X
ASB-CX-17.2: Engagement Status Report X
ASB-CX-17.3: Audit Time Summary X
ASB-CX-17.4: Confirmation and Correspondence Control X
ASB-CX-1: Planning and Preliminary Engagement Activities
ASB-CX-1.1: Engagement Acceptance and Continuance Form
Completed by: Date:
Instructions: This form is a guide for assessing potential audit clients and performing the annual reevaluation
of existing audit clients, but it is not necessarily a complete listing of all factors that might be considered.
Specific circumstances may require additional considerations. Complete this form before the engagement
begins. Part 1 applies to all new or recurring engagements and includes general acceptance and continuance
considerations. Part II includes additional considerations for initial audit engagements. You need to be familiar
with the matters discussed in section 202. Explain any Yes answers, excluding question 1. Information
gathered when completing or updating this form should be considered when identifying and assessing risks at
ASB-CX-3.1 and ASB-CX-7.1. The Comments column can be used to document any issues identified during
the acceptance or continuance process.
Part IGeneral Acceptance/Continuance Considerations
Yes No N/A Comments
1. What services does the entity desire from our firm?
a. Audit of financial statements?
b. Report on supplementary information in relation to the financial
statements as a whole? (Specify.)
c. Preparation of financial statements?
d. Preparation of tax returns? (Specify.)
e. Other? (Specify.)
2. Briefly describe the intended use of the financial statements.

Factors to Consider:
Whether audited financial statements are needed to meet
regulatory, credit, or contractual requirements.
Whether the financial statements will be distributed to absentee
owners.
Whether the financial statements are to be used in any sale of all
or part of the business.
Whether a deadline exists for delivery of the audited financial
statements and whether the deadline restricts the firms ability to
complete the audit on time without compromising audit quality.
3. Is the financial reporting framework used by management
considered unacceptable?
Yes No N/A Comments
For audits of financial statements for periods ending on or after
December 15, 2012, if management uses an unacceptable
financial reporting framework, the preconditions for an audit are
not met, and the auditor should not accept the proposed audit
engagement. (AU-C 210.08)
When determining the acceptability of the financial reporting
framework applied in the preparation of OCBOA financial
statements, obtain an understanding about (a) the purpose for
which the financial statements are prepared, (b) the intended
users, and (c) the steps taken by management to determine the
acceptability of the framework.
4. Has management refused, or are there indications that management
will refuse or be unable, to do the following:
a. Accept responsibility for the preparation of fair presentation of
the financial statements or for the design, implementation, and
maintenance of internal control over the financial statements?
b. Provide us with unrestricted access to all information relevant to
the preparation and fair presentation of the financial statements,
any additional information we may request for the audit, and
persons within the entity from whom we determine we need to
obtain audit evidence?
5. Do firm personnel lack (or will they be unable to obtain) the
necessary competence and capabilities to serve the client, including
the ability to comply with any specialized industry, legal, or
regulatory requirements?
6. Is the staffing commitment, including the use of specialists, needed
for the engagement beyond our capabilities?
7. Is the firm unable to comply with independence, conflicts of interest,
or other ethical requirements? (If the conclusion is that the firm lacks
independence, the client should be notified that the firm cannot be
engaged to perform the audit.)
Whether the firm meets the AICPA independence standards,
including (but not limited to):
Whether firm personnel have a direct or material indirect
financial interest in the client.
Whether any firm personnel are associated with the client in
the capacity of employee, manager, or member of the board
of directors (or similar capacity).
Whether there are any relationships with the client or conflicts
of interest that might impair independence, such as
advocacy relationships, fee disputes or unpaid (billed or
unbilled) fees for services provided more than one year prior
to the date of the report, litigation, conflicts of interest with
existing clients that may arise if this engagement is accepted,
Yes No N/A Comments
or partners or other senior personnel who have been offered
management level positions or have accepted offers of
employment.
Whether there are indications that the client will refuse to or
be unable to accept responsibility for the financial
statements, including any adjusting or correcting journal
entries proposed by us.
Whether the firm performs, or the terms of the new
engagement require the firm to perform, nonattest services
that impair independence. (See section 202.)
Whether the client lacks accounting control (including
ongoing monitoring) over data, if any, processed by us.
If staff members from another firm that is not independent of
the client are to participate in the audit, whether we are
unable to arrange for proper supervision of their work.
AU-C 220.13 requires the engagement partner to do the following
to form a conclusion on compliance with independence
requirements that apply to the audit engagement:
Obtain relevant information from the firm and, when
applicable, network firms to identify and evaluate
circumstances and relationships that create threats to
independence.
Evaluate information that a breach of the firms independence
policies and procedures has occurred and determine
whether the situation creates a threat to independence for the
audit.
Take appropriate action to eliminate any identified threats or
to reduce them to an acceptable level by applying
safeguards. Report any inability to resolve the matter
promptly to the firm so that it may take appropriate action.
Document your conclusions on compliance with independence
requirements and any relevant discussions with the firm that
support those conclusions.
This checklist does not address requirements that are specific to
the firms quality control policies and procedures for ensuring that
the firm and its personnel comply with independence and other
ethical requirements. See PPCs Guide to Quality Control for
detailed guidance.
In addition to the AICPA independence standards, auditors may
be required to comply with more stringent independence rules
imposed by regulatory bodies.
Does it appear that sufficient audit evidence on which to base the
audit opinion cannot be obtained?
Whether the entitys financial reporting system (including internal
control) is sufficient to provide evidence to support that
Yes No N/A Comments
control) is sufficient to provide evidence to support that
transactions have occurred and that all of the transactions that
should be recorded are, in fact, recorded.
In a group audit, whether sufficient audit evidence about the
consolidation process and any significant components can be
obtained, either by the engagement team or by using the work of
component auditors.
8. Are there any concerns about managements integrity, including the
identity and business reputation of the clients principal owners, key
management, related parties, and those charged with its
governance, or the risks associated with providing professional
services? (If you conclude that the client lacks integrity, the client
should be notified that the firm cannot be engaged to perform the
audit.)
The nature of the clients operations and its business practices.
Information obtained from third parties as well as previous
experience with the client.
Information concerning the attitude of the clients owners,
management, and those charged with governance toward
aggressive interpretation of accounting standards and internal
control over financial reporting.
Whether any unresolved disagreements exist concerning the
application of accounting principles.
Whether the client
Takes aggressive accounting or tax positions that have lead
to repeated financial statement adjustments.
Has placed pressure on the firm or its personnel regarding
the restriction of audit procedures.
9. Are you aware of any actual instances of fraud or violations of laws
or regulations, or any allegations of fraud?
10. Are there circumstances that would not permit an adequate audit
and the expression of an unmodified (unqualified) opinion? (If so,
discuss with the client the possibility of a qualified or disclaimer of
opinion.)
Factor to Consider:
For audits of financial statements for periods ending on or after
December 15, 2012, if the audit is not required by law or
regulation and management or those charged with governance
have imposed a limitation on the scope of the audit such that the
limitation would result in the auditor disclaiming an opinion on the
financial statements, the auditor should not accept or continue the
engagement. (AU-C 210.07 and AU-C 600.16)
Yes No N/A Comments
11. Has our review of information such as the latest annual and interim
financial statements, income tax returns, auditors reports, report to
regulatory agencies, other auditor communications, or our previous
experience with the client provided information that would cause us
to regard the engagement as requiring special attention, presenting
unusual risks, or causing us not to want to be associated with the
client?
The composition, qualifications, and autonomy of members of the
board of directors and the audit committee (if there is one),
including the number of outside directors.
Managements response to suggestions made for improvements
to internal controls.
Whether significant portions of the entity or closely related entities
are audited by others or unaudited.
Whether there is an increased risk of business failure as
evidenced by poor financial condition (or significant negative
changes in financial condition), lack of management competence,
unusually competitive industry/operating conditions, etc.
Whether the auditor is aware of any pressures, opportunities, or
indications of lack of management integrity that may result in an
increased risk of fraud.
Significant pending or threatened litigation or regulatory
investigations or changes in the clients litigation status.
12. Does the engagement fail to meet the firms standards from an
economic standpoint?
Whether the client has the ability to pay for services in accordance
with the firms normal billing rates and policies.
Whether the client frequently changes auditors.
Whether the client operates in an industry with a high failure rate.
Whether we have had difficulty collecting our fee or the client has
a history of being slow to pay professional fees.
Whether the fee justifies pursuing the engagement in light of
anticipated costs of obtaining and conducting the engagement.
13. Is there anything else about the client or the engagement that
causes us to be uncomfortable about being associated with this
client or the related engagement?
Whether there have been
Significant changes in client ownership or a high degree of
turnover in key management positions.
Yes No N/A Comments
turnover in key management positions.
Significant changes in the nature of the clients business.
Significant undisclosed related-party transactions.
Whether the client is in an industry that the firm has chosen to
abandon.
Whether there are changes in the practice area of the firm that
impact this client engagement.
Whether there is any question about the clients ability to operate
as a going concern.
Whether there is anything about the engagement that subjects the
firm to undue legal liability exposure.
Whether there is any other information that would have caused the
firm to decline the engagement had that information been
available earlier.
Acceptance or Continuance (Some firms require concurrence with the acceptance or continuance decision by the
managing partner, another designated partner, or a policy making committee.)
We are satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and specific
audit engagements have been followed and conclusions reached are appropriate. We should accept/continue or not
accept/continue the engagement.
If issues were identified and the firm decided to accept or continue the engagement, document how the issues were resolved,
including whether a conflict of interest that might be perceived as impairing your objectivity was disclosed and consented to
by the client or other appropriate parties as required by Interpretation 102-2 under Rule 102, Integrity and Objectivity.

Engagement Partner Concurring Partner (if required)

Date Date
Part IIAdditional Acceptance Considerations for Initial Audit Engagements
Yes No N/A Comments
1. Did management refuse to authorize the predecessor auditor to
respond fully to inquiries about matters that would assist in
determining whether to accept the engagement?
If so, describe the reasons:

Yes No N/A Comments
2. Document the results of communications with the predecessor
auditor.
a. Did the predecessor fail to respond or provide only a limited
response to inquiries about matters that would assist in
determining whether to accept the engagement?
b. Has the predecessor had disputes with the client about
accounting principles, proposed adjustments, or other
significant matters?
c. Has the predecessor been prevented from applying necessary
procedures?
d. Does the predecessor auditor have reason to doubt
managements integrity?
e. Have other auditors refused to serve this client?
f. Are there unpaid fees or fee disputes with the predecessor for
services rendered?
g. Has management or the owner/manager been domineering in
dealing with the predecessor auditor?
h. Has management or the owner/manager placed unreasonable
demands (such as unreasonable time constraints on the
completion of the audit) on the predecessor auditor?
i. Has the predecessor had any communications with the client
concerning fraud, violations of laws or regulations, or internal
control deficiencies?
j. Document the predecessors understanding as to the reasons
for a change in auditors and any additional comments based on
inquiries of the predecessor auditor:

3. Have contacts with bankers, attorneys, credit services, or others
having business relationships with the client raised any concerns
about managements integrity or other concerns about the client?
4. If the firms policy is to obtain a background investigation on
potential clients, have the results of the investigation raised any
concerns about managements integrity?
Consider using an outside investigative firm to screen new clients,
particularly clients in industries noted for having increased risk of
fraud or illegal acts.
ASB-CX-1.2: ET Interpretation 101-3 Documentation Form
Completed by: Date:
Instructions: Before performing nonattest services for an attest client, the practitioner should establish and
document in writing his or her understanding with the client regarding (1) the objectives of the engagement, (2)
the services to be performed, (3) the clients acceptance of its responsibilities, (4) the practitioners
responsibilities, and (5) any limitations of the engagement.
a
The engagement letter at ASB-CL-1.1 includes the language necessary to meet the practitioners
documentation requirements under Interpretation 101-3. When the practitioner does not use the attest
engagement letter to document the understanding with the client regarding the performance of nonattest
services, this form can be used instead. This form can also be used to meet documentation requirements
when nonattest services are added to an attest engagement after the engagement has begun.
Interpretation 101-3 is discussed beginning at paragraph 202.33 of this Guide.
1. Attest services performed for the entity (check all that apply):
Compilation.
b
Review.
Audit.
Agreed-upon procedures.
Examination.
2. List the nonattest services to be performed for the entity and the objectives of those engagements:
c
a.

b.

c.

3. Based on the understanding you have established with the client, the client agrees to perform the following functions in
connection with the engagement to perform the nonattest services: (Check all that apply. In order to remain
independent, all of the functions listed in a.d. must be checked.
b
)

a. The client agrees to make all management decisions and perform all management
functions.

b. The client has designated an individual who possesses suitable skill, knowledge, or
experience to oversee the services.
c. The client agrees to evaluate the adequacy and results of the services performed.
d. The client agrees to accept responsibility for the results of the services.
4. List any responsibilities of the firm and limitations of the nonattest services engagement(s).
d

a
However, if nonattest services are performed prior to the client becoming an attest client, the practitioner may prepare
the required nonattest documentation upon acceptance of the attest engagement, provided the practitioner is able to
demonstrate his or her compliance with the other general requirements during the period covered by the subject matter
of the engagement (i.e., the financial statements).
b
If independence is impaired, the practitioner may still issue a compilation report as long as the report is modified to
indicate the lack of independence.
c
Practitioners are not permitted to perform management functions or make management decisions for an attest client.
Certain activities performed as part of a nonattest service are considered to be management functions and, therefore,
impair independence regardless of whether the practitioner establishes an understanding with the entity and obtains the
entitys agreement to assume responsibility for the services as documented in Step 3(a)(d). Paragraph 202.39 lists
common nonattest services and notes whether they are or are not considered to impair independence. Make sure any
nonattest services listed on this form are permitted to be performed for an attest client under Ethics Interpretation 101-3
(ET 101.05).
d
Under Interpretation 101-3, the practitioner is required to document the practitioners/firms responsibilities and any
limitations of the engagement. For example, documentation of the responsibilities of the firm and the limitations of the
nonattest service in connection with tax services might include language such as the following:
We will perform the services in accordance with applicable professional standards, including the Statements
on Standards for Tax Services issued by the American Institute of Certified Public Accountants.
We, in our sole professional judgment, reserve the right to refuse to do any procedure or take any action that
could be construed as making management decisions or performing management functions. We will advise
management with regard to tax positions taken in the preparation of the tax return, but management must
make all decisions with regard to those matters.
ASB-CX-2: Materiality Worksheets
ASB-CX-2.1: Financial Statement Materiality Worksheet for Planning Purposes
Completed by: Date:
Instructions: The purpose of this form is to determine and document the materiality amount that will be
considered suitable for audit planning purposes. Review the guidance beginning at paragraph 306.4 before
completing this form. When determining planning materiality:
1. Use amounts from the financial statements to be audited or the trial balance from which those financial
statements will be prepared. If not available, use annualized amounts from the most recent interim
financial statements. For revenue, use an annualized amount even if the audit period is shorter than a
year.
2. When current amounts are unavailable, significant audit adjustments are expected, or significant changes
in the entitys circumstances indicate that current amounts are not representative of the entitys results of
operations or financial position, use historical averages based on the past two or three years. (Attach the
calculation on a separate page.)
3. Choose a benchmark that you think is most appropriate to the entity. Paragraph 306.8 provides a list of
factors to consider in selecting a benchmark. The following tables may be used as guidelines.
Table 1Benchmark is Total Assets or Total Revenue
If the Base Amount (total assets or total revenue) is: Planning Materiality is:
Over But Not Over Amount + (Percent Base)
$0 $100,000 0 + 4.0%
$100,000 $500,000 2,000 + 2.0%
$500,000 $1,000,000 7,000 + 1.0%
$1,000,000 $5,000,000 8,000 + 0.9%
$5,000,000 $10,000,000 13,000 + 0.8%
$10,000,000 $50,000,000 23,000 + 0.7%
$50,000,000 $100,000,000 73,000 + 0.6%
$100,000,000 $500,000,000 153,000 + 0.52%
$500,000,000 503,000 + 0.45%
If the Base Amount (total assets or total revenue) is: Planning Materiality is:
$500,000,000 503,000 + 0.45%
Example: If the base amount were $3.5 million, then the planning materiality amount using Table 1 would be as follows:
$8,000 + (.009 $3,500,000) = $39,500, rounded to $39,000
Table 2Other Benchmarks and Illustrative Percentages
Benchmark Illustrative Percentage
Total revenue/total assets
1/2%1%
Gross profit 1%2%
Pretax income 5%10%
Net income 3%5%
Equity 1%2%
Decisions and Calculations
1. Basis for Materiality Amounts. Considering the needs and expectations of financial statement users, describe the
rationale for the materiality levels in steps 24 (for example, describe the reason for your selection of a benchmark and
percentage).

2. Planning Materiality. (Complete a. and b.)
a. BENCHMARK and BASE AMOUNT
j Total Revenue (Annualize if interim amount is used.) $
j Total Assets $
j Other Benchmark (specify) $
b. PLANNING MATERIALITY CALCULATION
Amount
from Table 1
a
+ (
Percentage from
Table or Suitable
Percentage for
Chosen Benchmark

Base Amount ) =
Planning
Materiality
b
+ ( % ) =
3. Performance Materiality/Tolerable Misstatement. Tolerable misstatement is the application of performance materiality
to a particular audit sampling procedure and may be the same as performance materiality (see paragraph 700.13).
Tolerable misstatement is used in computing sample sizes (see ASB-CX-8.2) and in making other scope decisions (see
ASB-CX-8.1). Performance materiality can be computed as follows:
Planning Materiality
Amount from Line 2b.

Factor
c
=
Performance
Materiality
b
% =
4. Lower Level of Planning Materiality for Particular Items. Identify any financial statement accounts, transaction
classes, or disclosures for which a lower level of materiality should be used and apply professional judgment to
determine an appropriate planning materiality and performance materiality amount for those items. See section 306,
Financial Statement Item
Planning
Materiality

Factor
c
=
Performance
Materiality
b
% =
% =
5. Clearly Trivial Misstatements. Consider and document the amount of misstatements that will be passed at the
workpaper level. Clearly trivial misstatements are discussed in section 306, beginning at paragraph 306.41.

6. Changes in Planning Materiality Amounts. Document any changes in planning materiality or performance materiality
levels that occur during the audit and how they were determined.

Notes:
a
Applicable only if Table 1 is used to calculate materiality.
b
Round down to two significant digits. For example, $37,500 would be rounded to $37,000; $257,000 would be rounded
to $250,000, etc. Consider whether calculated amounts (planning materiality or performance materiality) appear
reasonable based on your experience with the client and any user expectations.
c
A common rule of thumb is to calculate performance materiality as a fraction between 50% and 75% of materiality at the
financial statement level (and materiality for items of lesser amounts, if applicable) with the percentage being increased
from 50% as the likelihood of uncorrected detected misstatements decreases. See section 306, beginning at paragraph
306.25.
ASB-CX-2.2: Component Materiality Worksheet
Completed by: Date:
Instructions: The purpose of this form is for the group auditor to determine and document component
materiality for use in group audits. The group auditor completes this form when performing work on a
component included in the group financial statements or when assuming responsibility for work performed by
a component auditor. Auditors who are issuing a separate report on the financial statements of a component
need to use the form at ASB-CX-2.1. Review the guidance beginning at paragraph 904.26 before completing
this form. When determining component materiality:
Component materiality (and component performance materiality) should be less than group materiality
(and group performance materiality).
Aggregate component materiality for all components combined can be higher than group materiality.
Different component materiality amounts may be used for different components.
Separate materiality is the amount that would be determined if a separate report was being issued on the
financial statements of the component using ASB-CX-2.1. Use this amount as a floor for purposes of
determining component materiality when a separate report will not be issued.
Adjusted group materiality is the ratio of the base amount (such as the amount of total assets or total
revenues) for all components that will be audited (regardless of whether reference will be made) to the
base amount for the group from ASB-CX-2.1. Use this amount as a guideline for determining component
materiality.
Component materiality for particular items is a judgmentally determined amount that may be used, for
example, when an audit of specific elements, accounts, or items of a financial statement will be
performed.
1. Adjusted Group Materiality and Separate Component Materiality.
a. GROUP MATERIALITY (from ASB-CX-2.1) $_________
b. ADJUSTED GROUP MATERIALITY
Base Amount for
All Components
Audited /
Base Amount for
Group (Total
Assets or Total
Revenues from
ASB-CX-2.1) X Group Materiality =
Adjusted Group
Materiality
( / ) X
c. SEPARATE MATERIALITY (Using Table 1 or Table 2 from ASB-CX-2.1 applied to the components financial
information)
Component
Separate
Materiality
2. Component Materiality and Component Performance Materiality. Apply professional judgment, considering the
amounts in Step 1, to determine an appropriate component materiality for components to be audited or reviewed.
(Component materiality may be higher than separate materiality, but should be lower than group materiality.) For
components to be audited by you (and other components as considered necessary), also determine component
performance materiality. A common rule of thumb is to calculate performance materiality as a fraction between 50% and
75% of materiality.
Component to be Audited or
Reviewed
Component
Materiality X Factor =
Component
Performance
Materiality
X % =
X % =
X % =
X % =
X % =
X % =
X % =
X % =
X % =
3. Component Materiality for Particular Items. Apply professional judgment to determine an appropriate component
materiality and component performance materiality for particular account balances, transaction classes, or disclosures.
Component
Financial
Statement Item
Component
Materiality X Factor =
Component
Performance
Materiality
X % =
X % =
X % =
X % =
X % =
X % =
X % =
X % =
X % =
4. Clearly Trivial Misstatements. Determine the amount of a misstatement that can be regarded as clearly trivial to the
group financial statements and need not be communicated to the group engagement team. This may be the same
amount documented at ASB-CX-2.1 for the group or a lower amount depending on the circumstances.

ASB-CX-3: Understanding the Entity and identifying Risks
ASB-CX-3.1: Understanding the Entity and Identifying Risks
Instructions: This form is designed to assist in (1) gathering information necessary to understand the entity
and its environment, (2) identifying potential risks to the financial statements, and (3) accumulating permanent
file information. Use Part I of this form to identify and document the key elements of your understanding and
the potential risks that could result in misstatements (1) at the financial statement level (that is, overall risks that
may affect many accounts or assertions) and (2) at the relevant assertion level for classes of transactions,
account balances, and disclosures (that is, specific risks that may affect one or a few accounts or assertions).
Document sufficient information about the entity and its environment to enable you to identify risks of material
misstatement of the financial statements, assess those risks, and design appropriate responses on
ASB-CX-7.1. It may not be necessary to document a response to each question. You should be familiar with
the matters discussed in sections 301, 302, 306, and 402.
Consider the information gathered during other engagements performed for the entity, your client acceptance
or continuance procedures (ASB-CX-1.1), preliminary analytical procedures, engagement team discussion
(ASB-CX-3.2), fraud risk inquiries (ASB-CX-3.3), and preliminary judgment about materiality (ASB-CX-2) when
completing this form. For group audits, also consider the components identified at ASB-CX-11.6.
Use Part II of this form to document the sources of information and procedures performed to obtain or update
your understanding of the entity and its environment. Procedures that should be performed include inquiries of
management and others, observation of entity activities and operations, and inspection of documents and
reports.
Consider potential financial statement risks both individually and in combination in Part III of this form. If you
determine there is a risk of material misstatement of the financial statements, add the risk to ASB-CX-7.1.
Part IUnderstanding the Entity and Its Environment
1. General Information
Company address:

Company website:
Primary client contact: Email address:
Telephone number: Fax number:
Structure, Ownership, Governance, and Related Parties
2. Describe the legal structure of the entity. (Obtain a copy or prepare excerpts of the corporate charter, articles of
incorporation, bylaws, partnership agreement, etc., for retention in the clients permanent file. Review new documents or
changes in documents for matters affecting the entitys accounting, the financial statements, or the audit.)
Entitys legal name:
Type of legal entity (corporation, S corporation, partnership, proprietorship, etc.):
Date of formation:
For corporations:
State of incorporation:
Number of common shares authorized: Par value:
Number of shares issued and outstanding:
Number of shares in Treasury:
Briefly describe other types of stock:
3. List the primary owners (major stockholders, partners, etc.) of the entity and their percentage ownership. Identify
changes that would affect the audit.
Name and (if applicable) Title % Ownership

4. List the principal members of management. Identify changes that would affect the audit.
Name and Title Name and Title

5. If the entity has an audit committee or formally designated group with oversight responsibility for the financial reporting
process, list the members and identify the chair.
Name Title

Name Title

6. Identify the group or individual(s) charged with governance, if different from management.

7. List any known related parties and all known transactions with related parties (such as subsidiaries, affiliates,
partnerships, joint ventures, relatives, etc.). If the entity engages in transactions with related entities, document whether
the related entity is unaudited or audited by another firm. Identify changes in related-party relationships or transactions.
Name Relationship Type and Purpose of
Transaction
Audit Firm (or Unaudited)

8. List other locations maintained by the entity (for example, plant, sales office, retail stores, warehouse, etc.), the nature of
the activity performed at each, and the approximate number of employees at each. Describe any effect on the audit.
Location Activity/No. of Employees Effect on the Audit

9. Describe potential financial statement risks related to the entitys structure, ownership, governance, and related-party
relationships and transactions. Consider risks that could result in misstatements of the financial statements.

ASB-CX-6.1 provides a list of entity risk factors to consider. However, the risk factors listed are only examples and may
serve as a memory jogger to spark your consideration of additional or different risk factors relevant to the client.
10. Identify and describe (a) the entitys industry (including markets and competition, supply availability, seasonality,
changing technology, etc.); (b) how the industry and the entity are affected by economic, political, or social conditions;
and (c) the laws and regulations affecting the entity and its industry and any history of noncompliance.

11. If not listed previously, describe potential financial statement risks related to the entitys industry and external
environment, including the regulatory, economic, political, and social environment. Consider risks that could result in
misstatements of the financial statements.

Business Operations
12. Describe the entitys key products or services and provide other information important to understanding how the entity
makes money, such as revenue sources, customer base, market share, sales terms, profit margins, and how products or
services are marketed, sold, delivered, used, and produced (or procured).

13. If a significant amount of sales are concentrated among a few customers, list the entitys major customers and
approximate total sales to each.
Customer Name Annual Sales

14. Provide information about the activities of key competitors that could affect the entitys accounting, the financial
statements, or the audit.
Competitor Name Annual Sales/Market Share Relevant Information

15. If a significant amount of purchases are concentrated among a few suppliers, list the entitys major vendors and the
approximate total purchases made from each.
Vendor Name Annual Purchases

16. Provide information about the entitys major assets, liabilities, and expenses and how they affect the entitys accounting,
the financial statements, or the audit. Consider whether significant assets, liabilities, and expenses are appropriate given
the industry and entity size. Identify significant amounts subject to estimation, changes in circumstances that could affect
estimates, significant concentrations, significant assets subject to impairment, or potential liabilities from litigation or
other significant contingent liabilities.

When identifying risks, consider whether estimates involve a high degree of estimation uncertainty.
Ensure that you are familiar with the accounting requirements for significant items identified.
17. Describe any significant transactions, or transactions outside the normal course of business, entered into during the
year.


Ensure that you are familiar with the accounting requirements for significant or unusual transactions identified.
18. Describe the entitys benefit plans, including vacation and sick pay policies and any employee pension,
postemployment, postretirement, stock compensation, or profit sharing plans. (Obtain a copy of the plans or prepare
excerpts for retention in the clients permanent file. Review new documents or changes in documents for matters
affecting the entitys accounting, the financial statements, or the audit.)

19. Describe the entitys compensation methods, pay frequency and timing, wage levels, etc., including unique aspects
(such as production labor, piecework, commissions, etc.) that are relevant to the audit. Also, briefly describe any
incentive compensation arrangements, including the qualified individuals, their titles, and method of computation. (If any
groups of personnel are covered by union agreements, obtain a copy of the union agreement for retention in the clients
permanent file. Consider the need to obtain a copy of the incentive compensation arrangement for retention in the
clients permanent file. Review new documents or changes in documents for matters affecting the entitys accounting,
the financial statements, or the audit.)

Investments
20. Describe key elements of the entitys investment activities, including debt and equity securities, capital investments, and
unconsolidated entities. Identify changes that affect the audit.

Financing
21. Describe the entitys major sources of financing (for example, working capital loans, long-term debt, leasing, equity, etc.)
and any significant terms, such as debt covenants, restrictions, or guarantees. Consider the need to obtain copies of all
loan and lease agreements (both operating leases and capital leases) for retention in the clients permanent file. Review
new documents or changes in documents for matters affecting the entitys accounting, the financial statements, or the
audit.

22. Describe the entitys use of derivatives, including (a) extent, (b) types, (c) purpose, (d) aspects of the entitys operations
that might present risks hedged using derivatives, (e) whether interest-bearing debt has been converted from fixed to
variable (or vice-versa) using derivatives, and (f) the potential for embedded derivatives.

Financial Reporting
23. What is the basis of reporting? GAAP OCBOA (specify)
24. What are the entitys significant accounting policies, including revenue recognition, the allowance for doubtful accounts,
inventory valuation or cost accumulation methods, methods of accounting for significant and unusual transactions, and
other areas where there may be accounting alternatives or a lack of authoritative guidance? Also describe any
specialized accounting standards, and any new moved standards, applicable to the entity or its industry. Determine if
there have been changes in the policies used, the reasons for such changes, or any other issues related to the
application of GAAP.

25. What AICPA guides, AICPA Industry Audit Risk Alerts, industry publications, etc., provide information on the entitys
industry that is relevant for the audit? Identify any new guidance and its effect on the audit.

26. Describe any special legal, regulatory, or reporting requirements.

27. If material misstatements have been noted in prior audits, briefly describe the nature and cause of the misstatements and
the accounts affected.

28. Describe any conditions that may cause doubt about the entitys ability to continue as a going concern that could affect
the risk of material misstatement of the financial statements.


Risks
29. If not listed previously, describe potential financial statement risks related to the nature of the entity. Consider risks that
could result in misstatements of the financial statements.

Objectives and Strategies and Related Business Risks
30. Describe the entitys significant objectives and its strategies for achieving them, focusing on matters affecting the entitys
accounting, the financial statements, or the audit. Consider objectives and strategies related to industry or regulatory
developments, products and services, marketing and sales, research and development, technology, business expansion
or restructuring, financing requirements, and human resources.

31. If not listed previously, describe potential business risks that may affect the entitys ability to achieve its objectives or
execute its strategies. Consider risks that could result in misstatements of the financial statements.

32. What performance measures, both financial and nonfinancial, are most important in managing and measuring the
entitys results (for example, key ratios or operating statistics, variance or trend analysis, competitor analysis or
benchmarking, key performance indicators such as market share, customer satisfaction, etc.), and what reports are used
to monitor performance?


33. If not listed previously, describe potential financial statement risks related to the entitys measurement and review of its
financial performance. Consider risks that could result in misstatements of the financial statements.

Other Considerations and Risks
34. Describe any other significant aspects of the entity or its environment, including other entity agreements or contracts,
that have audit significance. (Obtain copies or abstracts of agreements for retention in the clients permanent file. Review
new documents or changes in documents for matters affecting the entitys accounting, the financial statements, or the
audit.) Describe any other potential risks that could result in misstatements of the financial statements.

35. Consider whether information gathered about the entity and its environment, including the consideration of fraud risk
factors, indicates potential risks that could result in misstatements of the financial statements due to fraud, and describe
those potential risks. Describe which types of revenue, revenue transactions, or assertions give rise to the risk of
improper revenue recognition due to fraud.

ASB-CX-6.2 and AU-C 550.A31.A33 provide a list of fraud risk factors, including related party fraud risk factors, to
consider. However, the risk factors listed are only examples and may serve as a memory jogger to spark your
consideration of additional or different risk factors relevant to the client.
Part IIProcedures Performed
1. Describe the sources of information used and procedures performed to obtain or update your understanding of the entity
and its environment.


Indicate members of management or others who were interviewed and when.
Indicate documents and records that were inspected.
Indicate reports, such as interim financial statements or board minutes, that were read.
Indicate external information that was reviewed.
Indicate activities or operations of the entity that were observed and when.
Indicate premises or plant facilities that were visited and when.
Part IIIConclusion
1. We have considered potential risks both individually and in combination and have included matters that represent risks
of material misstatement of the financial statements on the Risk Assessment Summary Form at ASB-CX-7.1.
Considering risks both individually and in combination (synthesis) allows you to identify potential risks that might be
associated with seemingly unrelated information. If you identify one or more risks that are of a magnitude (either
quantitatively or qualitatively) that could result in material misstatement of the financial statements, add those risks to
ASB-CX-7.1. Consider your accumulated knowledge about the entity and it environment from all sources when
identifying potential risks of material misstatement. You should be familiar with the information on synthesis in section
402 of this Guide.
Some auditors complete this form anew each year. If the form is reviewed and updated instead of being completed
anew, carefully reconsider the factors listed and responses documented on the form in light of known changed client
conditions and document in Part II of this form, for each engagement year, the procedures performed to update your
understanding. If the form is updated, refer to the List of Substantive Changes and Additions included with each
annual supplement of this Guide to determine whether the form has been revised in the current edition. If the form has
been revised, complete the revised form instead of updating this form.
Completed or updated by:
20 20 20

ASB-CX-3.2: Engagement Team Discussion
Completed by: Date:
Instructions: The purpose of this form is to document the engagement teams discussion(s) about the
susceptibility of the entitys financial statements to material misstatements due to fraud or error and the
application of GAAP to the entitys facts and circumstances. (See the discussion beginning with paragraph
301.51.) The discussion should include the engagement partner as well as other key members of the
engagement team. A list of discussion topics is provided to assist in conducting the discussion, facilitate
thoughtful consideration of each topic, and ensure that all audit requirements are met. It is not necessary to
repeat this list when documenting the discussion; rather, document the primary areas of focus during the
discussion and the results of the discussion. If you determine there is a risk of material misstatement of the
financial statements, add the risk to ASB-CX-7.1.
1. Document when the discussion occurred and who participated in the discussion.
a. Discussion Date:
b. Discussion Participants:
Name Title

The engagement team discussion may include component auditors. If there are significant components, ensure that
the discussion of specific topics listed on this form includes consideration of how those factors apply to components.
2. Describe the Discussion: Indicate how it occurred (for example, the location, whether there were one or more
meetings, whether it occurred via face-to-face meeting, conference call, teleconference, etc.) and what was discussed.

Required Discussion Topics:
Critical issues and areas of significant audit risk.
Areas susceptible to management override of controls.
Unusual accounting practices used by the client.
Application of GAAP to the entitys facts and circumstances in light of its accounting policies.
Important control systems.
Materiality levels and how materiality will be used to determine the extent of testing.
The need to exercise professional skepticism throughout the engagement, be alert for information or other
conditions that indicate that a material misstatement due to fraud or error may have occurred, and to be rigorous in
following up on such indications.
How and where the entitys financial statements (for example, which accounts or transaction classes) might be
susceptible to material misstatement due to fraud.
Circumstances that might indicate earnings management or manipulation of other financial measures.
Practices that management might use to manage earnings or other financial measures that could lead to fraudulent
How the entitys assets could be stolen.
External and internal factors that might create incentives/pressures, provide opportunities, or enable rationalization
of fraud.
How the engagement team might respond to the susceptibility of the clients financial statements to material
Known related party relationships and transactions, the possibility of unidentified related parties and how those
might be identified, and the susceptibility of the financial statements to material misstatement due to fraud or error
that could result from related party relationships and transactions, including how related parties could be used to
perpetrate fraud.
A practical way to conduct the discussion might include reviewing drafts, or prior year versions, of the risk assessment
summary form and other planning documents, including the materiality worksheet and understanding of the entity and
its internal control. If the firm uses electronic practice aids, the practice aids can be shown using a projector and
edited throughout the meeting so that, at the end, the major decisions are documented. Documentation of the
discussion on this form can then consist of a brief summary of the process.
3. Significant Decisions/Planned Responses:

ASB-CX-3.3: Fraud Risk Inquiries Form
Completed by: Date:
Instructions: The purpose of this form is to document the auditors inquiries of management and others about
fraud risks and compliance with laws and regulations. Inquiries should be made of management, other
employees, internal auditors (if applicable) and those charged with governance (if different from management).
(See the discussion beginning with paragraph 301.11.) A list of required inquiries is provided for each step on
the form to ensure that all professional requirements are met. It is not necessary to repeat this list when
documenting the inquiries; rather, document the primary areas of focus during the interview, the responses to
the inquiries, and the related risks. If you determine there is a risk of material misstatement of the financial
statements, add the risk to ASB-CX-7.1.
1. Inquire of management personnel or the owner/manager about the risks of fraud and how the entity addresses them and
about compliance with laws and regulations. Specifically ask about the following:
Their knowledge of any actual fraud or suspicions of fraud affecting the entity.
Their awareness of any allegations of fraud or suspected fraud affecting the entity.
How, to what extent, and how often they assesses the risk that the entitys financial statements might be materially
misstated due to fraud and the controls in place to prevent and detect it.
Their processes (programs and controls) for identifying, responding to, and monitoring fraud risks, including any
specific fraud risks they have identified or that have been brought to their attention, or
classes of transactions, account balances, or disclosures for which a fraud risk is likely to exist.
How they communicate to employees the importance of ethical behavior and appropriate business practices.
The nature and extent of monitoring multiple locations or components and whether any of them have a higher level
of fraud risk.
If applicable, whether they have reported to those charged with governance about the entitys processes for
identifying and responding to fraud risks.
The entitys (1) compliance with laws and regulations, (2) policies relative to the prevention of noncompliance, and
(3) use of directives (for example, a code of ethics) and periodic representations obtained from management-level
employees about compliance with laws and regulations.
If the entity uses a service organization, their knowledge of any fraud, noncompliance with laws and regulations, or
uncorrected misstatements affecting the entitys financial statements reported by the service organization or
otherwise known to them.
a. Management Personnel Interviewed:
Name Title Date

Name Title Date

b. Document the responses, including any information that may be relevant to identifying fraud risks.

Consider interviewing, for example:
The president or chief executive officer.
The chief financial officer.
The controller.
The owner/manager in a small business.
Ask questions such as, If someone were going to overstate or understate net income, how would they do it? or If
someone were going to steal and cover it up, how would they do it? Exhibit 3-4 provides additional possible
questions for management.
Asking about the entitys compliance with laws and regulations during the interview also satisfies the requirement in
AU-C 250.14 (formerly AU 317.08), to make such inquiries of management.
2. Inquire of employees about whether they are aware of fraud that is occurring or is alleged, or have suspicions of
fraudulent activity. For employees involved in the financial reporting process, also inquire about unusual or improper
journal entry or other adjustment activity.
a. Employees Interviewed:
Name Title Date


Employees outside of management can be an important source of information about risks of fraudulent financial
reporting or management override that members of management might not communicate.
The authors recommend specifically inquiring whether the employee has ever been asked to make an unsupported
journal entry or knows of other employees having been asked to do so.
How many and which employees to interview is a matter of professional judgment. Consider interviewing employees
who might be able to provide information relevant to identifying fraud risks, including:
Employees at varying levels of authority within the entity.
Employees outside the accounting department.
Operating personnel.
Employees involved in recording or processing journal entries.
Employees involved in initiating, recording, or processing complex or unusual transactions.
Employees in areas identified as vulnerable to fraud during the engagement team discussion.
In-house legal counsel or others responsible for dealing with fraud allegations.
Exhibit 3-5 provides possible inquiries about fraud for employees.
Obtain additional audit evidence to resolve any inconsistencies among responses between management and
employees.
3. Inquire of appropriate internal audit personnel about the risks of fraud. (If the entity does not have an internal audit
function, indicate N/A in the space provided.) Specifically ask about the following:
Their views about the risk of fraud.
Whether they have performed any procedures to identify or detect fraud during the year.
Whether management has satisfactorily responded to any findings resulting from those procedures.
Whether they have knowledge of any actual, suspected, or alleged fraud.
a. Internal Audit Personnel Interviewed:
a. Internal Audit Personnel Interviewed:
Name Title Date


4. Inquire of those charged with governance (e.g., the audit committee, or at least its chair) about the risks of fraud.
Specifically ask about the following:
Their views about the risks of fraud.
Whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity.
Whether they take an active role in oversight of managements processes for identifying and responding to fraud
risks and of the controls established to mitigate those risks, and if so, how they exercise such oversight activities.
For audits of financial statements for periods ending on or after December 15, 2012, whether the entity is in
compliance with laws and regulations.
a. Those Charged with Governance Interviewed:
Name Title Date


The inquiries should be made unless all of those charged with governance are involved in managing the entity.
Those charged with governance may exercise their oversight responsibility, for example, through a whistle-blower
program.
Other methods of obtaining an understanding of the fraud risk oversight exercised by those charged with governance
may include attending their meetings or reading the minutes.
ASB-CX-3.4: Audit Inquiries Summary Form
Completed by: Date:
Instructions: This form lists common inquiries and discussions with client personnel relating to (1) planning
and (2) general audit procedures. The purpose of the form is to provide a convenient tool to facilitate efficient
inquiries with the client regarding matters of a planning or general nature, lessening the need for multiple
discussions. The space provided following each inquiry can be used (1) when planning the interview to note
any specific or additional questions to ask the client and (2) when conducting the interview to note client
responses. The form does not list all inquiries that may be made related to a specific audit area or account
balance, or those that may be necessary based on your judgment as the audit progresses. This form also does
not replace inquiry steps that appear on various audit programs. The form provides a reference to the related
audit program step that contains the inquiry. In some cases, the inquiries may provide information that is used
to complete or update another practice aid (for example, ASB-CX-3.1 or ASB-CX-7.1). When applicable, the
related practice aid is listed with the inquiry. When signing off the related audit program steps or completing
the related practice aids, you may provide the workpaper reference for this form if the matters discussed have
been documented here. If you choose to document the inquiry matters on the related practice aid or other
workpaper, this form need not be retained. Keep in mind that additional follow-up or corroborating evidence
may be needed to substantiate the responses from audit inquiries. It is recommended that you review the
related audit program steps and practice aids, and consider what specific questions will be asked, prior to
meeting with the client.
Planning Inquiries
Program
Step Inquiry
Inquired
of
Date of
Inquiry
Obtaining/Updating an Understanding of the Entity and Its
Environment
ASB-AP-1
#7a
and ASB-CX-3.1
1. Make relevant inquiries that will assist in obtaining or
updating your understanding of the entity and its
environment to identify risks that may affect the entitys
a. Inquire about the entitys structure, ownership,
governance, and related parties.

b. Inquire about industry, regulatory, and other external
factors.

Program
Step Inquiry
Inquired
of
Date of
Inquiry
c. Inquire about the nature of the entity.

d. Inquire about the entitys objectives and strategies,
and the related business risks.

e. Inquire about the measurement and review of the
entitys financial performance.

The authors recommend documenting the
understanding of the entity and its environment on
ASB-CX-3.1.
ASB-AP-1
#7e
2. Inquire about unusual or unexpected balances or
relationships from preliminary analytical procedures.

ASB-AP-1
#7d
and
ASB-CX-4.1,
ASB-CX-4.2.1,
and
ASB-CX-4.2.2
3. Make relevant inquiries that will assist in obtaining or
updating your understanding of the components of
internal control to evaluate the design and
implementation of controls relevant to the audit.
a. Inquire about the control environment.

b. Inquire about the entitys risk assessment process.

Program
Step Inquiry
Inquired
of
Date of
Inquiry

c. Inquire about the entitys internal control information
and communication process.

d. Inquire about the entitys internal control monitoring
process.

e. Inquire about the entitys significant computer
applications and identify software used (including
how any service organizations are used). Inquire
about general computer controls that support the
effective functioning of application controls and how
the entity has responded to risks arising from IT.

f. Inquire about the flow of information for significant
transaction classes; the procedures for initiating,
authorizing, recording, processing, transferring to
the general ledger, and reporting those transactions;
the accounting records, supporting information, and
accounts involved in performing those procedures;
and how incorrect processing is resolved.

g. Inquire about the entitys financial close and
reporting process including controls over journal
entries; how significant events and conditions other
than transactions are captured; how the financial
statements, including significant accounting
estimates and disclosures, are prepared; and how
misstatements may occur in that process.

Program
Step Inquiry
Inquired
of
Date of
Inquiry

h. Inquire about control activities relevant to the audit,
including the process of reconciling detailed records
to the general ledger for material accounts.

The authors recommend documenting the
understanding of internal control on ASB-CX-4.1 and
ASB-CX-4.2.
Corroborate your inquiries through observation or
inspection to determine that controls exist and are
being used.
Inquiries of Management and Others about the Risks of
Fraud and Compliance with Laws and Regulations
ASB-AP-1
#7c
and
ASB-CX-3.3
1. Inquire of management about the risks of fraud and how
the entity addresses them. Specifically ask about the
following:
a. Their knowledge of any actual fraud or suspicions of

b. Their awareness of any allegations of fraud or
suspected fraud affecting the entity.

c. How, to what extent, and how often they assesses
the risk that the entitys financial statements might be
materially misstated due to fraud and the controls in
place to prevent and detect it.

Program
Step Inquiry
Inquired
of
Date of
Inquiry

d. Their processes (programs and controls) for
identifying, responding to, and monitoring fraud
risks, including any (1) specific fraud risks they have
identified or that have been brought to their
attention, or (2) classes of transactions, account
balances, or disclosures for which a fraud risk is
likely to exist.

e. How they communicate to employees the
importance of ethical behavior and appropriate
business practices.

f. The nature and extent of monitoring multiple
locations or components and whether any of them
have a higher level of fraud risk.

g. If applicable, whether they have reported to those
charged with governance about the entitys
processes for identifying and responding to fraud
risks.

Specific questions auditors might consider asking
management or the owner/manager are included in
Exhibit 3-4 at section 301.
ASB-AP-1
#7c
and
ASB-CX-3.3
2. Inquire of management and those charged with
governance about the entitys (a) compliance with laws
and regulations, (b) policies relative to the prevention of
noncompliance, and (c) use of directives (for example, a
code of ethics) and periodic representations obtained
from management-level employees about compliance
with laws and regulations.
Program
Step Inquiry
Inquired
of
Date of
Inquiry

ASB-AP-1
#7c
and
ASB-CX-3.3
3. Inquire of management about whether a service
organization has reported to them, or whether they are
otherwise aware of, any fraud, noncompliance with laws
and regulations, or whether uncorrected misstatements at
the service organization that affect the financial
statements of the user entity.

ASB-AP-1
#7c
and
ASB-CX-3.3
4. Inquire of employees about whether they are aware of
fraud that is occurring or is alleged, or have suspicions of
fraudulent activity.

Specific questions auditors might consider asking
employees in different departments are included in
Exhibit 3-5 at section 301.
ASB-AP-1
#7c
and
ASB-CX-3.3
5. Inquire of employees involved in the financial reporting
process about unusual or improper journal entry or other
adjustment activity.

ASB-AP-1
#7c
and
ASB-CX-3.3
6. Inquire of appropriate internal audit personnel regarding
(a) their views about the risks of fraud, (b) whether they
have performed any procedures to identify or detect fraud
during the year, (c) whether management has
satisfactorily responded to any findings resulting from
these procedures, and (d) whether the internal auditors
have knowledge of any actual, alleged, or suspected
fraud.

Program
Step Inquiry
Inquired
of
Date of
Inquiry
ASB-AP-1
#7c
and
ASB-CX-3.3
7. Inquire of those charged with governance (or the audit
committee, or at least its chair) regarding their views
about the risks of fraud and whether they have knowledge
of any actual, alleged, or suspected fraud. Obtain an
understanding of how they exercise oversight of
managements processes for identifying and responding
to fraud risks and of the controls established to mitigate
those risks.

General Engagement Planning Matters
ASB-AP-1
#4b
1. Discuss the following matters with the client relating to the
administration of the engagement.
a. Anticipated engagement timing and report issuance
dates.
b. Staffing, accommodations, and working hours.
c. Client assistance with the preparation of schedules
and confirmations.
d. Access and availability of records and key client
personnel.
e. Other matters that may require client coordination,
such as visits to multiple locations, cash counts, or
observation of inventories or other assets held by
third parties.

ASB-AP-6
#1
2. Inquire about the dates of planned inventory counts.
Discuss planned locations to be observed by the audit
team unless the audit strategy calls for unannounced
observations.

ASB-AP-6
#2
and
ASB-CX-11.1
3. Inquire about the procedures that will be used to count
the inventory, including anticipated changes from prior
periods and the availability of detailed inventory count
instructions.

Program
Step Inquiry
Inquired
of
Date of
Inquiry

The authors recommend documenting inventory count
procedures on ASB-CX-11.1.
ASB-AP-6
#3
4. Inquire about inventory that, when priced and extended,
will result in individually significant items.

Other Planning Inquiries

Program
Step Inquiry
Discussed
with
Date of
Discussion
General Procedure Inquiries
Commitments and Contingencies
ASB-AP-2
#3b
1. Inquire of management about the possibility of unrecorded
contingencies or commitments. Consider items such as:
a. Pending or threatened litigation or unasserted claims.
b. Communications from regulatory agencies regarding
violations or possible violations.
c. Product warranties.
d. Purchase commitments.
e. Anticipated losses on long-term contracts.
f. Long-term leases with fixed payments for several years.
g. Financial transactions or arrangements with financial
institutions (e.g., oral or written guarantees,
Program
Step Inquiry
Discussed
with
Date of
Discussion
endorsements, or open letters of credit).
h. Environmental remediation liabilities.

Significant Estimates and Concentrations
ASB-AP-2
#5b and
ASB-CX-3.1
1. Inquire of management about circumstances that require new,
or the need to revise existing, accounting estimates and about
the existence of concentrations.

If circumstances are identified that require estimates, an
important follow-up is to ask about the clients method for
making the estimates.
Subsequent Events
ASB-AP-2
#6a
1. Inquire about procedures management has established to
ensure that subsequent events are identified.

ASB-AP-2
#6a
2. Inquire of management through the date of the auditors
report about the existence of material subsequent events such
as plans to sell or merge, losses or impairment to assets (for
example, investments or deferred tax assets), subsequent
loss of major customers, incurrence of or changes in
long-term debt, equity, or working capital, or unusual
adjustments subsequent to year-end. Inquire about the status
of items unresolved at the balance sheet date.

ASB-AP-2
#6c
3. Inquire about matters discussed at meetings for which
minutes are not yet available.

Program
Step Inquiry
Discussed
with
Date of
Discussion

Related Party Transactions
ASB-AP-2
#7b
and
ASB-CX-3.1
1. Inquire about the identity of related parties, changes in related
parties, the nature of related party relationships, and whether
the entity entered into any transactions with related parties
during the period and, if so, the type and purpose of the
transactions.

ASB-AP-2
#7b
and
ASB-CX-4.2.
1
2. Inquire about how related party transactions are authorized
and approved and what controls are in place to identify,
account for, and disclose related party relationships and
transactions.

Supplementary Information
ASB-AP-2
#8b
1. Inquire of management about the purpose of any
supplementary information, the criteria used by management
to prepare it, and any significant assumptions or
interpretations underlying the measurement or presentation of
the information.

Other Inquiries

ASB-CX-4: Understanding Internal Control
ASB-CX-4.1: Understanding the Design and Implementation of Internal Control
Instructions: This form may be used to document the understanding of internal control and the sources of
information used and procedures performed to obtain or update the understanding. Obtain the understanding
by making inquiries of management and others, observing entity procedures and controls, inspecting
documents and records, and tracing transactions through the system (that is, performing walkthroughs) to
evaluate the design of controls relevant to the audit and determine whether they have been implemented.
Corroborate inquiries through observation or inspection to determine that controls exist and are being used.
While obtaining an understanding of the design and implementation of internal control, focus on
The identified risks to the financial statements.
The assertions and control objectives related to the identified risks.
The controls the client has in place to mitigate identified risks.
Whether or not those controls are properly designed and implemented.
The possible effect on the audit of your understanding (for example, on the design of substantive
procedures or the decision about whether to test controls).
If the entity has multiple locations or components, in addition to obtaining an understanding of group-wide
controls, consider the need to obtain an understanding of controls for locations or components, to the extent
needed to assess the risk of material misstatement.
The Activity and Entity-level Control Forms at ASB-CX-5 are optional source lists of control activities and
entity-level controls by transaction class (for each audit area) or by objective (for entity-level controls) and may
be used to assist you in identifying and describing the entitys controls. If desired, they may be completed to
further document your understanding of controls and to indicate the controls, if any, that you plan to test.
Control Environment
1. Obtain an understanding and describe how the attitudes, awareness, and actions of management, as well as those
charged with governance, demonstrate its commitment to accurate accounting and financial reporting. Evaluate whether
management has created and maintained a culture of honesty and ethical behavior, the control environment provides an
appropriate foundation for the other components of internal control, and those other components are not undermined by
deficiencies in the control environment. (Concentrate on the implementation of controls because controls may be
established but not acted upon.) (See paragraph 304.2.)
Consider how the entitys control environment achieves the following objectives:
Those charged with governance are actively involved and have significant influence over the entitys internal control
environment and its financial reporting.
Management, through its attitudes and actions, demonstrates character, integrity, and ethical values. Sound
integrity and ethical values, particularly of top management, are developed and set the standard of conduct for the
organization and financial reporting, including the identification and disclosure of related party relationships and
transactions.
Managements philosophy and operating style are consistent with a sound control environment and have a
pervasive effect on the entity. Management analyzes the risks and benefits of new ventures, assesses turnover
among employees, investigates and resolves improper business practices, views accounting as a means to monitor
and control the various activities of the organization, and adopts accounting policies that reflect the economic
realities of the business.
The organizational structure of the entity is appropriately designed to promote a sound control environment.
Authority and responsibility, appropriate reporting lines, and free flow of information across the organization provide
unfettered influence to effectively run the entity and support effective financial reporting, including the identification
and disclosure of related party relations and transactions.
Human resource policies and procedures send messages to employees regarding expected levels of integrity,
ethical behavior, and competence.
The entity assigns authority and responsibility to provide a basis for accountability and control.
The entity is committed to competence in the requirements of particular jobs and in translating those requirements
into knowledge and skills.

A control objective states the purpose of a control (or controls) in relation to risks and what could go wrong in the
financial statements. Controls are properly designed and implemented if (1) they achieve the control objectives and
(2) the entity is using them.
ASB-CX-5.1 can be used as a reference for typical controls that may be in place to achieve the objectives of the
control environment.
2. Describe the sources of information used and procedures performed to obtain or update your understanding of the
control environment and to evaluate the design of controls and determine whether they have been implemented.

3. Considering the size and complexity of the entity, is the control environment properly designed and implemented to
achieve the objectives? (If no, describe the deficiency of design or implementation and the potential risks to the financial
statements. Determine if those risks should be included on ASB-CX-7.1. Accumulate and evaluate deficiencies using
ASB-CX-15.1.)
Yes No

Risk Assessment
4. Obtain an understanding and describe what management does to identify and respond to business or operations risks
that may affect accounting or financial reporting. Risk assessment involves management identifying potential risks of
misstatement in the financial statements, estimating their significance, assessing the likelihood of their occurrence, and
implementing control activities or taking other steps to address those risks. (This process may be informal with little or no
documentation.) Inquire about and document business risks that management has identified and how they have
addressed those risks, and consider whether those risks may result in material misstatement of the financial statements.
(See paragraph 304.21.)
Consider how the entitys risk assessment process achieves the following objectives:
Entity and financial reporting objectives are established, documented, and communicated.
Accounting principles are properly applied in the preparation of the financial statements.
Management has established practices for the identification of risks affecting the entity.
Management considers the entire organization as well as its extended relationships in its risk assessment process.
Management has implemented mechanisms to anticipate, identify, and react to changes.
Management evaluates and mitigates risk appropriately.
Management has developed an appropriate fraud risk assessment and monitoring process.

ASB-CX-5.2 can be used as a reference for typical controls that may be in place to achieve the objectives of the risk
assessment process.
When obtaining the understanding, determine how management identifies transactions, events, and conditions that
may require new or changed estimates.
entitys risk assessment process and to evaluate the design of controls and determine whether they have been
implemented.

6. Considering the size and complexity of the entity, is the risk assessment process properly designed and implemented to
achieve the objectives? (If no, describe the deficiency of design or implementation and the potential risks to the financial
ASB-CX-15.1.)
Yes No

Evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances or
represents and significant deficiency or material weakness.
If you identify risks during your risk assessment that management should have but failed to identify, determine why
managements process failed and whether the process is appropriate or contains a significant deficiency or material
weakness.
7. Obtain an understanding and describe the overall availability and timeliness of information necessary for internal controls
and the financial reporting system to function properly. This involves determining how the right information is made
available to the right people at the right time. Also, describe how management communicates financial reporting roles
and responsibilities and significant financial reporting matters to employees, those charged with governance, and
appropriate external parties (such as regulatory authorities) and how exceptions are brought to the attention of persons
at the appropriate level to take corrective action. (Communication may be written, electronic, oral, or through the direct
actions and involvement of management.) (See paragraph 304.32.)
Consider how the entitys information and communication process achieves the following objectives:
Information is identified, captured, used at all levels of the entity, and distributed in a form and timeframe that
supports the achievement of financial reporting objectives.
Information needed to facilitate the functioning of internal control is identified, captured, used, and distributed in a
form and timeframe that enables personnel to carry out their internal control responsibilities.
Communication exists between management and those charged with governance (if separate from management)
so that both have relevant information to fulfill their roles with respect to governance and to financial reporting
objectives.
All personnel, particularly those in roles affecting financial reporting, receive a clear message from top management
that both internal control over financial reporting and individual control responsibilities must be taken seriously.
Personnel have an effective and safe method to communicate significant information upstream in the entity.

information and communication process.
entitys information and communication process and to evaluate the design of controls and determine whether they have
been implemented.

9. Considering the size and complexity of the entity, is the information and communication process properly designed and
implemented to achieve the objectives? (If no, describe the deficiency of design or implementation and the potential risks
to the financial statements. Determine if those risks should be included on ASB-CX-7.1. Accumulate and evaluate
deficiencies using ASB-CX-15.1.)
Yes No

Monitoring
10. Obtain an understanding and describe how management monitors the operation of internal control to make sure (1)
controls are operating as intended and (2) changes to controls are made when necessary. Also describe what reports or
other information (such as budget variances, reconciliations, or monthly financial reports) management uses for that
purpose and consider whether the information is reliable. Consider controls relevant to the audit. (See paragraph
304.46.)
Consider how the entitys monitoring process achieves the following objective:
Management monitors controls over financial reporting through ongoing monitoring, independent evaluations, and
remediation of identified deficiencies.

monitoring process.
entitys monitoring process and to evaluate the design of controls and determine whether they have been implemented.

12. Considering the size and complexity of the entity, is the monitoring process properly designed and implemented to
achieve the objective? (If no, describe the deficiency of design or implementation and the potential risks to the financial
ASB-CX-15.1.)
Yes No

13. Document your understanding of the entitys IT environment and the design and implementation of the entitys general
computer controls by completing ASB-CX-4.2.2. If desired, provide a cross-reference to that workpaper. A separate
memorandum, flowchart, or questionnaire, if used, also may be referenced.
W/P Ref.
14. Document your understanding of the entitys financial close and reporting process and the design and implementation of
controls within that process to prevent, or detect and correct, material misstatements in the financial statements by
completing ASB-CX-4.2.1. If desired, provide a cross-reference to that workpaper. A separate memorandum, flowchart,
or questionnaire, if used, also may be referenced.
W/P Ref.
Activity-level Controls
15. Identify and list the significant transaction classes, if any, within each audit area. See the discussion beginning with
paragraph 305.9. (A list of transaction classes that might be significant is provided at ASB-CX-4.2.) Obtain an
understanding of the procedures and related control activities within both manual and IT systems for processing
significant transaction classes. Document your understanding by completing ASB-CX-4.2.1 and, if applicable,
ASB-CX-4.3 for each significant transaction class. If desired, provide a cross-reference to those workpapers. A separate
memorandum, flowchart, or questionnaire, if used, also may be referenced.
Significant
Transaction Classes
Documentation of
Significant
Transaction
Classes W/P Ref.
Cash:

Accounts Receivable/Sales:

Inventory/Cost of Sales:

Significant
Transaction Classes
Documentation of
Significant
Transaction
Classes W/P Ref.

Property:

Investments and Derivatives:

Other Assets:

Accounts Payable and Other Liabilities (including purchases):

Notes Payable and Long-term Debt:

Income Taxes:

Equity:

Income/Expense (including payroll):

Other (specify):

Significant
Transaction Classes
Documentation of
Significant
Transaction
Classes W/P Ref.

Completed or updated by: (Some auditors complete this form anew each year. If the form is reviewed and updated instead
of being completed anew, carefully reconsider the factors listed and responses documented on the form in light of known
changed client conditions and document, for each engagement year, the procedures performed to update your
understanding. If the form is updated, refer to the List of Substantive Changes and Additions included with each annual
supplement of this Guide to determine whether the form has been revised in the current edition. If the form has been revised,
complete the revised form instead of updating this form.)
20 20 20

ASB-CX-4.2: Financial Reporting System Documentation Forms
Instructions
The practice aids in the ASB-CX-4.2 series can be used to (1) document your understanding of the financial reporting system,
including the financial close and reporting process, the processing of transactions for significant transaction classes,
including control activities relevant to the audit, and the entitys IT environment and general computer controls and (2)
evaluate the design of controls and determine whether they have been implemented.
The Control Activities Forms (ASB-CX-5.5ASB-CX-5.17) present a list of controls that may be useful to you in identifying
and describing the entitys controls.
Procedures that should be performed to obtain your understanding include inquiries of management and others, observation
of entity procedures and controls, inspection of documents and records, and tracing transactions through the system (i.e.,
walkthroughs). If walkthroughs are performed, it might be helpful to include step numbers in your narrative when describing
the processing of transactions. Those step numbers can be linked to ASB-CX-4.3 when documenting the walkthrough.
ASB-CX-4.2.1 can be used to document your understanding of the financial close and reporting process. (A list of transaction
classes follows these instructions.)
When documenting the financial close and reporting process, consider the following (to the extent needed to assess the risk
of material misstatement):
How has the financial close and reporting process been documented and communicated to appropriate departments,
individuals, and components?
How are related party transactions authorized and approved, and what controls are in place to identify, account for, and
disclose related party relationships and transactions?
How are significant transactions outside the normal course of business authorized and approved?
How is information about events and conditions other than transactions captured for inclusion in the general ledger and
financial statements? Examples include impairment, depreciation, loss allowances, and fair values.
How is disclosure information not available from the entitys general ledger or related supporting documents and records
captured for inclusion in the financial statements? Examples include commitments and contingencies, concentrations,
subsequent events, compliance with debt covenants, and going concern uncertainties.
How are significant accounting estimates developed and evaluated?
What are the controls over journal entries, including how they are initiated, authorized, recorded, and processed?
What key analyses are performed during the period-end close process and who reviews them?
How are recurring and nonrecurring adjustments to the financial statements that are not reflected in formal journal entries
initiated, authorized, and recorded?
Are the reporting instructions issued to components clear, and do they (a) adequately describe the accounting policies
to be followed, (b) address disclosures needed to comply with GAAP, (c) provide a means of identifying intercompany
balances and transactions, and (d) require approval of financial information by component management?
What procedures are used to combine and consolidate general ledger data?
What procedures are used to prepare, review, and approve the financial statements and disclosures?
Significant Transaction Classes
ASB-CX-4.2.1 can also be used to document your understanding of the processing of transactions for each significant
transaction class identified on ASB-CX-4.1. (A list of transaction classes follows these instructions.) Ensure that your
understanding considers the effect of IT on the way control activities are designed and implemented. If you wish, you may
also gather information for transaction classes that are not significant if it would be useful for management letter suggestions,
etc.
Documentation should indicate the following (to the extent needed to assess the risk of material misstatement):
How and by whom are the transactions initiated and authorized?
What source documents (or electronic means) are used to capture information for entry in the accounting system?
How and by whom are transactions originally entered in the accounting system for processing?
What are the accounting processing steps, both automated and manual, from original entry to inclusion in the general
ledger and who performs them? (Processing includes functions such as edit and validation, calculation, measurement,
valuation, summarization, and reconciliation.)
What accounting records and supporting documents (manual and electronic) are used or created when processing
transactions?
What accounts are involved?
What subsidiary journals or ledgers are involved?
How is the incorrect processing of transactions resolved?
What procedures are used to enter transaction totals into the general ledger?
What is the entitys process for reconciling account detail to the general ledger for material accounts?
How does IT affect the entitys control activities?
What management reports or other information is generated from the system and how is it used by management or the
owner/manager in managing and controlling the entitys activities?
ASB-CX-4.2.2 can be used to document your understanding of the design and implementation of the entitys IT environment
and general computer controls, including your conclusion about whether it is necessary to obtain an understanding of
controls at a service organization.
Significant Risks and Risks for Which Substantive Procedures Alone Are Not Sufficient
Matters that give rise to significant risks often include (a) potential fraud; (b) significant transactions with related parties; (c)
estimates involving a high degree of measurement uncertainty; (d) transactions that are outside the normal course of
business or that otherwise appear unusual; (e) potential contingencies arising from litigation, claims, assessments, or
noncompliance with laws and regulations; and (f) significant economic, accounting, or other developments that may require
specific attention during the audit. Risks for which substantive procedures alone are not sufficient often arise in highly
automated processing environments with little or no manual intervention. If such risks exist, your related narrative should
describe what controls the entity has implemented to prevent, or detect and correct, material misstatements related to those
risks.
Multiple Locations
If the entity processes transactions at multiple locations or components, consider the need to complete separate forms
related to financial close and reporting, transaction processing systems, and general computer controls for those locations or
components, to the extent needed to assess the risk of material misstatement.
Examples of Transactions Classes for Specified Audit Areas
Defining the financial closing and reporting process
a
Performing the accounting period close
a
Capturing and processing nonroutine information requiring significant estimates and judgments
a
Preparing and reviewing financial statement disclosures
a
Reviewing and approving the financial statements
a
Adjusting for foreign currencies
Other (specify)
Cash
a
a
Other (specify)
Accounts Receivables/Sales
Processing sales orders
a
Shipping and invoicing sales orders
a
Processing sales adjustments and product returns
a
Estimating the allowance for doubtful accounts and bad debt expense
a
Estimating the allowance for sales returns and adjustments
Recording deferred revenue
Maintaining the customer master file
Other (specify)
Inventory/Cost of Sales
Recording purchases
a
Receiving and storing inventory
a
Requisitioning materials for production
Costing inventory
a
Managing inventory
Estimating excess and obsolete inventory reserves
Other (specify)
Property
Acquiring and safeguarding property, plant, and equipment
Depreciating property, plant, and equipment
Disposing of property, plant, and equipment (sales and retirements)
Maintaining the property, plant, and equipment subledger
Other (specify)
Managing investments
Managing derivatives
Other (specify)
Other Assets
Recording purchases of other assets
Amortizing assets
Other (specify)
Recording purchases
a
Processing accounts payable and accruals
a
a
Maintaining the supplier master file
Estimating the warranty reserve and warranty expense
Other (specify)
Managing borrowings
Other (specify)
Income Taxes
Calculating and reporting income taxes
Other (specify)
Equity
Recording equity transactions
Recording stock compensation
Other (specify)
Income/Expense
Processing payroll
a
Maintaining the employee database master file
Recording repairs and maintenance expense
Other (specify)
Note:
a
ASB-CX-4.2.1: Financial Reporting System Documentation FormFinancial Close and
Reporting/Significant Transaction Classes
Instructions: See separate instructions at ASB-CX-4.2. When completing this form, focus on the control
objectives and key controls related to the relevant assertions and risks you identified when performing other
risk assessment procedures. The documentation on this form is intended to assist you in assessing the
magnitude of those risks and deciding whether to respond to them with substantive procedures alone or a
combination of substantive procedures and tests of controls.
1. General Information:
Audit Area(s): Location or Component:
Transaction Class(es):
General Ledger Account(s):
2. For the financial close and reporting process, describe the manual and automated procedures used to close the books
and prepare the financial statements and related disclosures. For significant transaction classes, describe how
transactions are processed from initiation through inclusion in the general ledger. Focus on key controls in each process
that prevent, or detect and correct, errors in the financial statements, including how the relevant control objectives (see
Appendix 3A) are achieved and the controls, if any, the entity has implemented to prevent, or detect and correct, material
misstatements related to fraud risks, other significant risks, or risks for which substantive procedures alone do not
provide sufficient evidence.

The Control Activities Forms (ASB-CX-5.6ASB-CX-5.17) present a list of controls that may be used to assist you in
identifying and describing the entitys controls and in obtaining a further understanding of control activities, if needed.
If desired, the appropriate Control Activities Forms may be completed to further document your understanding of
controls and to indicate the controls, if any, that you plan to test for operating effectiveness.
It is recommended that you complete the appropriate section of the Control Activities Forms whenever you have
identified fraud risks, including improper revenue recognition, other significant risks, or risks for which substantive
procedures alone do not provide sufficient evidence.
It is not necessary to obtain an understanding of all control activities related to each class of transactions, account
balance, and disclosure or to every relevant assertion.
If the transaction class involves significant estimates, describe the method and assumptions used to develop the
estimate (including whether the client used a specialist), changes in the method or assumptions from prior periods
and the reasons (including changes that should have been made but were not), and relevant controls. If the estimate
involves a high degree of estimation uncertainty, describe how that is evaluated. For example, consider whether there
is a wide range of potentially acceptable values for the estimate depending on different assumptions that might be
made and how the client evaluates those possibilities.
If the transaction class involves the use of a service organization, describe how transactions are processed from
initiation through inclusion in the financial statements, including the involvement of the service organization. If the
entity has designed and implemented sufficient user controls, it may be necessary only to describe the user entitys
key controls over the process. If it is necessary to obtain an understanding of the design and implementation of
controls at the service organization, describe those key controls in the narrative or reference to a service auditors
report where the controls are described.
Pay particular attention to controls that address risks of material misstatement due to significant risks, fraud or
management override. Controls that address these risks might include:
Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries;
Controls over journal entries and adjustments made in the period-end financial reporting process;
Controls over related party transactions;
Controls related to significant management estimates; and
Controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial
results.
In a group audit, the financial close and reporting process includes the consolidation process and any instructions
and reporting packages issued to components to ensure that information needed for year-end reporting is
appropriately captured.
3. Describe the sources of information used and procedures performed to obtain or update your understanding and to
evaluate the design of controls and determine whether they have been implemented. (If walkthroughs are performed,
cross-reference to ASB-CX-4.3.)

Indicate members of management or others who were interviewed and when.
Indicate documents and records that were inspected.
Indicate reports, such as budget variance or monthly management reports, that were read.
Indicate external information that was reviewed.
Indicate specific controls or procedures that were observed and when.
4. Considering the size and complexity of the entity, are controls over this transaction class properly designed and
implemented to achieve the significant control objectives? (If no, describe the deficiency of design or implementation and
the potential risks to the financial statements. Determine if those risks should be included on ASB-CX-7.1. Accumulate
and evaluate deficiencies using ASB-CX-15.1.)
Yes No

of being completed anew, carefully reconsider the factors listed and responses documented on the form in light of known
changed client conditions and document, for each engagement year, the procedures performed to update your
understanding. If the form is updated, refer to the List of Substantive Changes and Additions included with each annual
supplement of this Guide to determine whether the form has been revised in the current edition. If the form has been revised,
complete the revised form instead of updating this form.)
20 20 20

ASB-CX-4.2.2: Financial Reporting System Documentation FormIT Environment and General
Computer Controls
Instructions: See separate instructions at ASB-CX-4.2 and the discussions beginning with paragraphs 303.18
and 304.68.
1. Location or Component:
2. Describe the extent to which IT is used in the financial reporting system by completing the following:
a. List the significant computer applications and the related transaction classes, identify the source of the software
used (i.e., service organization, internally developed, or externally developed), and indicate whether the client has
access to vendor source code. For vendor software packages, provide information such as the vendor or brand
name, version, and significant customized features or modifications.
Externally Developed
Application
Transaction
Classes
Service
Organization
Name (if
applicable)
Internally
Developed?
Vendor/Bran
d Name and
Version
Custom
Features
(if any)
Does
Client
Have
Access to
Source
Code?

b. If a service organization is used, describe how it is used and your conclusion about whether it is necessary to obtain
an understanding of controls at the service organization. If it is necessary, describe the sources of information used
and procedures performed to evaluate the design and implementation of relevant controls at the service
organization. If applicable, cross-reference to your narrative at ASB-CX-4.2.1 or to the related service auditors
report.

Your understanding of how the service organization is used should include the following:
The nature of the servicesfor example, whether the service organization initiates, authorizes, records, or
processes transactions; maintains accounting records; or manages the entitys assets.
Whether the transactions processed or accounts affected by the service organization are significant, either
because they are material or because of their nature.
The extent to which the user entity has implemented controls over processing performed by the service
organization or relies on controls at the service organization.
The respective roles and responsibilities of the user entity and the service organization, and whether
contractual terms require the service organization to provide a service auditors report and permit access to
records and direct communication by the user auditor if necessary.
Section 905 provides further guidance on obtaining an understanding of the controls at a service organization,
including the use of service auditors reports.
If a service organizations controls are significant to the entitys internal control, see also the procedures for Use
of Service Organizations in the Other General Planning Procedures section of the general audit planning
program.
c. Identify significant entity-developed spreadsheets that are used for accounting functions or transaction processing.

d. Describe any other information relevant to understanding the entitys IT environment (for example, the computer
hardware and configuration used for the accounting system such as networked personal computers with a
dedicated server, any significant master files that are used to store data relevant to the audit, or the entitys use of
e-commerce or other sophisticated processing applications).

3. Is the use of an IT specialist considered necessary?
Yes No
The complexity of the IT systems and controls and their pervasiveness to the entitys operations, including the use of
emerging technologies, and the extent of understanding needed to assess the risk of material misstatement.
Whether significant system changes have occurred.
The extent of the entitys e-commerce activities.
Whether significant audit evidence is available only in electronic form.
4. Obtain an understanding of how the entity has responded to risks arising from IT. Describe how the entity ensures that its
IT systems (including any significant entity-developed spreadsheets) are reliable and its data is secure. Consider the
controls over the development, modification, and testing of new or significant applications or spreadsheets as well as
physical security and backup procedures. (General computer controls that are poorly designed and implemented may
permit application controls to operate improperly, allowing misstatements to occur and not be detected.)
Consider how the entitys general computer controls achieve the following objectives:
The entity has an IT strategic planning and risk management process in place to support its financial reporting
requirements.
The entity maintains reliable systems that include appropriate data backup and recovery processes.
Physical security and access to programs and data are appropriately controlled to prevent unauthorized use,
disclosure, modification, damage, or loss of data.
Program changes and systems acquisition and development are appropriately managed to ensure that the
application software adequately supports financial reporting objectives.

ASB-CX-5.5 presents a list of controls that may be used to assist you in identifying and describing the entitys general
computer controls. If desired, it may be completed to further document your understanding of general computer
controls and to indicate the controls, if any, that you plan to test for operating effectiveness.
General computer controls relate to the entitys overall computer environment. Application controls, such as those
programmed in a software application to restrict user access, produce batch totals, etc., are considered during the
evaluation of controls over various transaction classes at ASB-CX-4.2.1.
General computer controls relate to all automated applications, including user-developed spreadsheet applications.
ASB-CX-6.1 provides a list of IT risk factors to consider.
Consider only those general controls that are relevant to applications and data that become part of the financial
statements. For example, if no new systems are implemented during the period of the financial statements,
weaknesses in the general controls over systems development may not be relevant to the financial statements being
audited.
entitys general computer controls and to evaluate the design of those controls and determine whether they have been
implemented.

6. Considering the size and complexity of the entity, are general computer controls properly designed and implemented to
achieve the significant control objectives? (If no, describe the deficiency of design or implementation and the potential
risks to the financial statements. Determine if those potential risks should be included on ASB-CX-7.1. Accumulate and
evaluate deficiencies using ASB-CX-15.1.)
Yes No

of being completed anew, carefully reconsider the responses documented on the form in light of known changed client
conditions and document, for each engagement year, the procedures performed to update your understanding. If the form is
updated, refer to the List of Substantive Changes and Additions included with each annual supplement of this Guide to
determine whether the form has been revised in the current edition. If the form has been revised, complete the revised form
instead of updating this form.)
20 20 20

ASB-CX-4.3: Walkthrough Documentation Table
Completed by: Date:
Instructions: This form can be used to document the performance of a walkthrough. Select the transaction from a population of source documents
originated during the period or from transactions recorded in the general ledger. Perform procedures such as inquiry of client personnel,
observation of procedures and controls, inspection of documents and records, and reperformance to trace the transaction through the manual and
automated processing steps used by the entity, focusing on key controls.
1. Audit Area(s):
Transaction Class:
General Ledger Account(s):
2. Describe the transaction for which the walkthrough is performed:

Date and location of walkthrough:
3. Complete the following:
Procedure or Control
(or
Step No. from
ASB-CX-4.2.1)
a
Documents
Examined
Walkthrough
Procedures
b
Who Performs the Procedure
or Control?
(Name and Position) Exceptions
c
Other Inquiries or Comments

Notes:
a
Copy and paste appropriate material from your narrative at ASB-CX-4.2.1 to describe the processing steps for the
applicable transaction from initiation through inclusion in the general ledger and financial statements, focusing on key
controls. If your narrative is written in the form of steps, you may provide the step number from the narrative at
ASB-CX-4.2.1.
b
Describe any manual or automated procedures that you observed or reperformed and responses to your inquiries. If an
error was found by the client during processing, indicate their response.
c
Exceptions may include, for example, procedures not performed on a timely basis, procedures not performed as
prescribed, or improper responses by the client to errors found during processing.
d
Responses to other inquiries, for example, whether the individual has ever been asked to override the procedures or
controls.
Additional procedures you performed to fully evaluate controls if exceptions were noted.
Information about the level of understanding or competence of employees.
Implications for the risk assessment at ASB-CX-7.1.
Control deficiencies identified, or a reference to ASB-CX-15.1.
Any other information relevant to understanding the design or implementation of controls.
ASB-CX-5: Activity and Entity-level Control Forms
Instructions
These forms are optional source lists of control activities and entity-level controls by transaction class (for each audit area) or
by objective (for entity-level controls). (Entity-level controls include the control environment, risk assessment, information and
communication, monitoring, and general computer controls.) The forms are not intended to be all-inclusive. Rather, they
provide a list of common key controls (i.e., primary controls for preventing or detecting material misstatements when
operating effectively) that are applicable for many nonpublic entities. (A control reference number is provided for each control
that can be used as a shorthand to identify the control or cross-reference it from other workpapers.) Your consideration of
controls ought to be in the context of achieving control objectives relevant to the preparation of financial statements that are
free of material misstatement. Common control objectives for the audit areas and transaction classes included in the
activity-level control forms at ASB-CX-5.6ASB-CX-5.17 are presented at Appendix 3A.
The forms can be used in a variety of ways depending on (1) the need to devote additional attention to obtaining an
understanding of controls, (2) the decision about whether to test controls, and (3) documentation preferences. It is not
necessary to complete each form in its entirety. For example, if you only need to obtain a further understanding of controls
related to a particular assertion or transaction class to assist you in assessing risks in that area, you may only complete that
section of the forms. Common ways to use the forms include:
As a reference or memory jogger not retained in the audit documentation, as follows:
When initially gaining an understanding of internal control or when it is necessary to devote additional attention to
obtaining an understanding of controls (both manual and automated). For example, you may refer to this form to
assist you in identifying and describing the entitys controls when completing ASB-CX-4.1, ASB-CX-4.2, or
ASB-CX-4.3.
To identify controls to test when using the ASB-CX-10.1.
As a supplement to the practice aids at ASB-CX-4.1 and ASB-CX-4.2 to further document your understanding of controls
and to indicate the controls, if any, that you plan to test.
Complete the forms as follows:
Column Instructions
Assertions The Assertions column for activity-level control forms contains letters that
stand for one or more assertions related to the controls as follows:
E/OExistence or occurrence
CCompleteness
R/ORights or obligations
VValuation or allocation
A/CLAccuracy or classification
COCutoff
For those controls you plan to test, you may circle or highlight the relevant
assertions for which you are seeking a reduced control risk assessment.
(Assertions are not relevant for entity-level controls.)
Addresses Fraud or
Significant Risk?
Place a check mark in the column to indicate if the control addresses a fraud risk
or other significant risk. To satisfy the requirement to document the controls
evaluated related to significant or fraud risks, the authors recommend
completing the relevant section(s) of these forms whenever fraud risks or other
significant risks are identified.
Control Has Been
Implemented?
Place a check mark in the column to indicate if the control is implemented. A
control is implemented if it exists and the entity is using it. (It might be helpful to
give these forms to the client and have them complete this column first to
Column Instructions
give these forms to the client and have them complete this column first to
indicate which controls they are using before evaluating design. However, if this
is done, you still need to perform some observation or inspection procedures to
confirm the implementation of controls that you determine are effectively
designed.)
Automated? Place a check mark in the column to indicate if the control is automated. This
information assists you in understanding the following:
How IT affects the entitys internal control, including the way control
activities are implemented.
Whether IT risks are present and the entity has responded adequately to
those risks.
If applicable, how to design appropriate tests of controls.
However, even if a control is manual, it may still be dependent upon IT due to
the inputs that are necessary to perform the control. (See paragraph 304.61.)
Effectively Designed? Place a check mark in the column to indicate if the control is effectively
designed. A control is effectively designed if, individually or in combination with
other controls, it is capable of preventing or detecting and correcting material
misstatements. Consider whether improperly designed controls are material
weaknesses that should be communicated to management and those charged
with governance. (See ASB-CX-15.1.)
Test Control? Place a check mark in the column to indicate if the control will be tested for
operating effectiveness. (Test only the controls that are both properly designed
and implemented.) If you decide to test one or more controls, consider the need
to also test indirect controls on which those controls depend. Document your
tests of controls with ASB-CX-10.1 or in a memo. (Because documentation may
need to be more extensive, the authors recommend using ASB-CX-10.1 rather
than a memo to document tests of controls involving document inspection or
detail tests of transactions.)
Comments Provide comments as considered necessary about the implementation of
controls by the client or about your procedures. Comments might include:
Information that clarifies how particular controls are implemented by the
client.
A description of indirect controls on which the key controls depend.
A description of the sources of information and procedures performed to
evaluate the design and implementation of a control.
A cross-reference to other workpapers, such as systems narratives,
walkthrough documentation, or tests of controls documentation.
An indication that either a control is missing or a control deficiency exists
that may need to be communicated to management and those charged
with governance.
The following Table of Contents identifies each section of the Activity and Entity-level Control Forms.
TABLE OF CONTENTS
Section Audit Area
ASB-CX-5.1
Control Environment
1(127)
Section Audit Area
ASB-CX-5.2
Risk Assessment
1(128)
ASB-CX-5.3
1(129)
ASB-CX-5.4
Monitoring
1(130)
ASB-CX-5.5
General Computer Controls
1(131)
ASB-CX-5.6 Financial Close and Reporting
ASB-CX-5.7 Cash
ASB-CX-5.8 Accounts Receivable and Sales
ASB-CX-5.9 Inventory and Cost of Sales
ASB-CX-5.10 Property
ASB-CX-5.11 Investments and Derivatives
ASB-CX-5.12 Other Assets
ASB-CX-5.13 Accounts Payable and Other Liabilities
ASB-CX-5.14 Notes Payable and Long-term Debt
ASB-CX-5.15 Income Taxes
ASB-CX-5.16 Equity
ASB-CX-5.17 Income and Expenses
ASB-CX-5.1: Entity-level Control Form for Control Environment
Completed by: Date:
Instructions: See separate instructions at ASB-CX-5.
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Implemented? Automated?
Effectively
Designed?
Test
Control?
Objective: Those charged with governance are actively
involved and have significant influence over the entitys
internal control environment and its financial reporting.
C0001The makeup and general construction of the board of
directors and its committees are appropriate and adequate given
the nature of the entity.
C0006Those charged with governance are sufficiently involved
with the entity to address important oversight responsibilities.
C0009Those charged with governance provide input and
oversight of the entitys financial statements, including the
application of GAAP (or an OCBOA) and use of accounting
judgments.
C0011A process exists by which those charged with governance
are made aware of key developments that may affect financial
reporting.
Objective: Management, through its attitudes and actions,
demonstrates character, integrity, and ethical values. Sound
integrity and ethical values, particularly of top management,
are developed and set the standard of conduct for the
organization and financial reporting.
C0012A code of conduct or ethics policy exists.
C0013Management, employees, and others are made familiar
with the entitys policies and practices with regard to ethics,
accepted business practices, and positive control environment.
C0015Management acts to remove or reduce incentives or
temptations that might prompt personnel to engage in dishonest,
illegal, or unethical acts.
C0016Rewards, such as bonuses and stock ownership, foster
an appropriate ethical tone.
C0017Management sets realistic financial targets and
expectations.
C0018Management follows ethical guidelines in dealing with
external audiences, including suppliers, creditors, insurers, etc.
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
C0020Relationships with professional third parties are
periodically reviewed to ensure the entity maintains association
with reputable parties.
Objective: Managements philosophy and operating style are
consistent with a sound control environment and have a
pervasive effect on the entity. Management analyzes the risks
and benefits of new ventures, assesses turnover among
employees, investigates and resolves improper business
practices, views accounting as a means to monitor and control
the various activities of the organization, and adopts
accounting policies that reflect the economic realities of the
business.
C0021Risk appetite, or amount of risk the entity is willing to
accept, associated with each new venture is discussed and
influenced by the entitys culture and operating practices.
C0024Management exemplifies attitudes and actions in line with
its mission, vision, and values to support an effective control
environment.
C0029Management gives appropriate attention to internal
controls and corrects any known weaknesses in internal controls
on a timely basis.
C0030Management regards the accounting function as a means
for monitoring and exercising control over the entitys various
activities.
C0033Management adopts accounting policies that are
appropriate for the entity and consistent with GAAP (or an
OCBOA).
C0034Management sets the tone that high-quality and
transparent financial reporting is expected.
Objective: The organizational structure of the entity is
appropriately designed to promote a sound control
environment. Authority and responsibility, appropriate
reporting lines, and free flow of information across the
organization provide unfettered influence to effectively run the
entity and support effective financial reporting.
C0035The organizational structure is commensurate with the
entitys activities.
C0036Management periodically evaluates the entitys
organizational structure and makes necessary changes based on
changes in the business and/or industry.
C0038The entity defines key areas of authority and
responsibility, including managements responsibility for business
activities, and how they affect the business as a whole.
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
C0040There is a structure for assigning ownership of data,
including who is authorized to make and/or modify transactions.
C0041There are policies for accepting new business, conflicts of
interest, and security practices that are adequately communicated
to all employees in the organization.
C0044A process exists to support the identification and
disclosure of related party relationships and transactions.
Objective: Human resource policies and procedures send
messages to employees regarding expected levels of integrity,
ethical behavior, and competence.
C0048Management establishes human resource policies and
procedures that demonstrate its commitment to integrity, ethical
behavior, and competence.
C0049Human resource policies and procedures are clearly
communicated to employees and issued, updated, and revised on
a timely basis.
C0050Employee recruitment and retention practices for key
financial positions are guided by principles of integrity and by the
necessary competencies associated with the positions.
C0051There are formal procedures for the hiring (recruiting) and
retention of employees.
C0055There are formal policies and procedures to evaluate
employee performance and compensation.
Objective: The entity assigns authority and responsibility to
provide a basis for accountability and control.
C0057Employees are empowered to correct problems or
implement improvements in their assigned processes.
C0058Job descriptions, reference manuals, or other forms of
communication inform personnel of their duties.
Objective: The entity is committed to competence in the
requirements of particular jobs and in translating those
requirements into knowledge and skills.
C0059The entity establishes competencies (knowledge, skills,
abilities, and credentials) prior to hiring of key positions.
C0060Employees tend to have the competence and training
necessary for their assigned level of responsibility or the nature
and complexity of the entitys activities.
C0062Job performance and competencies are periodically
evaluated and reviewed with each employee.
C0063All departments are appropriately staffed.
C0064Management demonstrates a commitment to provide
sufficient accounting and financial personnel to keep pace with the
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
sufficient accounting and financial personnel to keep pace with the
growth and/or complexity of the entitys activities.
ASB-CX-5.2: Entity-level Control Form for Risk Assessment
Completed by: Date:
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
Objective: Entity and financial reporting objectives are
established, documented, and communicated.
C0100Entity objectives are established, communicated, and
monitored. The key elements of the entitys strategic plan are
communicated throughout the entity.
C0103Financial reporting objectives align with the requirements
of GAAP (or an OCBOA).
Objective: Management has established practices for the
identification of risks affecting the entity.
C0104Mechanisms are in place to identify risks potentially
affecting achievement of the entitys objectives, including (1)
changes in operating, economic, and regulatory environments; (2)
entering new markets or lines of business; (3) offering new
products and services; (4) communication at various levels of
management; (5) business processes; and (6) information
technology infrastructure and processes.
C0106Periodic reviews are performed to, among other things,
anticipate and identify routine events or activities that may affect
the entitys ability to achieve its objectives.
C0108Risks potentially affecting the achievement of financial
reporting objectives are identified.
C0111Management identifies risks related to laws or regulations
that may affect financial reporting.
C0112Risks related to the ability of an employee to initiate and
process unauthorized transactions are appropriately identified.
Objective: Management has developed an appropriate fraud
risk assessment and monitoring process.
C0115Fraud risk assessments are an integral part of the risk
identification process.
C0116The entitys assessment of fraud risk considers incentives
and pressures, attitudes, and rationalizations as well as the
opportunity to commit fraud.
C0117The entitys assessment of fraud risk considers risk
factors relevant to its industry and to the geographic region in
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
factors relevant to its industry and to the geographic region in
which it operates.
C0118The entity assesses the potential for fraud in high-risk
areas, including revenue recognition, management override,
accounting estimates, and nonstandard journal entries.
C0119Those charged with governance (if separate from
management) understand and exercise oversight of the entitys
fraud risk assessment process.
Objective: Management considers the entire organization as
well as its extended relationships in its risk assessment
process.
C0121Management identifies all significant relationships
including service providers, suppliers, customers, creditors, etc.
Objective: Management has implemented mechanisms to
anticipate, identify, and react to changes.
C0127Budgets/forecasts are updated during the year to reflect
changes in the entitys activities.
Objective: Management evaluates and mitigates risk
appropriately.
C0131Periodic risk assessments are reviewed by management.
C0132Management develops plans to mitigate significant
identified risks, including designing and implementing appropriate
controls.
Objective: Accounting principles are properly applied in the
preparation of the financial statements.
C0136The accounting department has a process in place to
identify and address changes in GAAP (or an OCBOA).
C0138A process exists to identify changes within business
practices that may affect the method or process of recording
transactions and the application of GAAP (or an OCBOA).
ASB-CX-5.3: Entity-level Control Form for Information and Communication
Completed by: Date:
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
Objective: Information is identified, captured, used at all levels
of the entity, and distributed in a form and timeframe that
supports the achievement of financial reporting objectives.
C0200Operating information is used to develop accounting and
financial information and serves as a basis for reliable financial
reporting. Relevant operating information is used as the basis for
C0206Data underlying financial statements are captured
completely, accurately, and timely, in accordance with the entitys
policies and procedures and in compliance with laws and
regulations.
C0210Financial personnel meet with line management to
discuss operating results.
Objective: Information needed to facilitate the functioning of
internal control is identified, captured, used, and distributed in
a form and timeframe that enables personnel to carry out their
internal control responsibilities.
C0205Accounting procedures are sufficiently formal that
management can determine whether the control objective is met,
documentation supporting the procedures is in place, and
personnel routinely know the procedures that need to be
performed.
C0213Established and agreed-upon deadlines exist for
period-end reporting, which include review by management.
Objective: Communication exists between management and
those charged with governance (if separate from management)
so that both have relevant information to fulfill their roles with
respect to governance and to financial reporting objectives.
C0215The effectiveness of those charged with governance is
supported by timely communications with management.
Objective: All personnel, particularly those in roles affecting
financial reporting, receive a clear message from top
management that both internal control over financial reporting
and individual control responsibilities must be taken seriously.
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
C0220Employees receive adequate information to complete
their job responsibilities.
C0224Management has developed communication approaches
that specify individual responsibilities in dealing with inappropriate
behavior.
Objective: Personnel have an effective and safe method to
communicate significant information upstream in the entity.
C0225Upstream communication is encouraged by management
to improve performance and enhance internal control.
C0229All reported potential improprieties are reviewed,
investigated, and resolved in a timely manner.
C0231There is a process for tracking communications from
customers, vendors, regulators, and other external parties.
ASB-CX-5.4: Entity-level Control Form for Monitoring
Completed by: Date:
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Test
Control?
Objective: Management monitors controls over financial
reporting through ongoing monitoring, independent
evaluations, and remediation of identified deficiencies.
C0305Ongoing monitoring is built into operations throughout the
entity and includes explicit identification of what constitutes a
deviation from expected control design or performance, thereby
signaling a need to investigate both potential control problems and
changes in risk profiles.
C0306Managements ongoing monitoring provides feedback on
the effective design and operation of controls integrated into
processes, and on the processes themselves.
C0307Managements ongoing monitoring serves as a primary
indicator of both control design and operating effectiveness and of
risk conditions.
C0312Reports from external sources (e.g., external auditors,
regulators) are considered for their internal control implications,
and timely corrective actions are identified and taken.
C0313Findings of an internal control deficiency are reported to
(1) the appropriate person who is in the position to take corrective
actions and, if applicable, (2) at least one level of management
above that person.
C0314Deficiencies that affect internal control over financial
reporting are communicated regularly and as necessary to
management and those charged with governance (if separate from
management).
ASB-CX-5.5: Entity-level Control Form for General Computer Controls
Completed by: Date:
Control Has
Been
Implemented?
Effectively
Designed?
Test
Control?
Objective: The entity has an IT strategic planning and risk management process in
place to support its financial reporting requirements.
C9000A management steering committee is responsible for reviewing and approving IT
plans and priorities.
C9001IT is evaluated regularly for risks and any identified risks are appropriately
addressed.
C9002All outside service providers used by the entity are evaluated to determine those
who provide material financial services that may impact controls.
Objective: The entity maintains reliable systems that include appropriate data backup
and recovery processes.
C9003A backup and data retention policy/schedule exists, specifying how often backups
are to be performed, how long they are to be retained, and where the backup media is to be
stored.
C9004Application data and file server backups are performed to minimize the risk of lost
or corrupted data. Backup tapes or other media are secure (accessible only by authorized
personnel).
C9005Application data and file server recovery procedures are tested at least annually to
ensure data integrity and recovery.
C9008Batch processing is controlled and monitored to ensure proper completion.
C9010Interfaces between systems include appropriate controls to ensure the complete
and accurate transfer of data.
C9011Appropriate environmental controls (such as fire/smoke detection, temperature
controls, and alternate power supply) exist to ensure the security and reliability of
equipment.
C9012A process exists to ensure that systems incidents, problems, and errors are
reported, analyzed, and resolved in a timely manner.
Objective: Physical security and access to programs and data are appropriately
controlled to prevent unauthorized use, disclosure, modification, damage, or loss of
data.
C9013An information security policy exists that defines information security objectives.
This policy is supported by documents standards and procedures where necessary.
Control Has
Been
Implemented?
Effectively
Designed?
Test
Control?
C9014Procedures exist and are followed to ensure timely action relating to requesting,
establishing, issuing, suspending, modifying, and closing user accounts, including
appropriate authorization.
C9017User access rights are removed or suspended in a timely manner when employees
are terminated. Standards exist to define timeliness requirements for various situations (i.e.,
voluntary or involuntary termination).
C9018User access rights (network, application, and database) are granted on a
need-to-know, need-to-do basis that considers appropriate segregation of duties.
C9023Procedures exist and are followed to maintain the effectiveness of authentication
and access mechanisms (e.g., password length, password history, password expiration, and
lockout for failed attempts).
C9024Controls are in place to ensure that all users are identified uniquely:
No shared IDs are used except for limited, read-only access.
Access rights of any guest IDs are appropriately limited.
C9025Physical access to file/communication servers, off-line data storage, and other
sensitive areas is appropriately restricted to authorized personnel. Access is reviewed for
appropriateness on a periodic basis.
C9026Controls over perimeter and network security are in place. Such controls may
include firewalls, routers, terminal service devices, wireless security, intrusion detection, and
vulnerability assessments where appropriate.
C9038Software users are prohibited from having access to source code, the compiler,
and programming documentation, including protection of critical spreadsheet formulas.
C9040There is adequate segregation of duties among those who:
Administer IT security.
Make changes to programs or systems.
Perform transaction and accounting duties.
Objective: Program changes and systems acquisition and development are
appropriately managed to ensure that the application software adequately supports
financial reporting objectives.
C9027Formalized change management policies and procedures, including policies and
procedures related to emergency changes, exist and are updated as necessary.
C9028Application, database, and operating system changes are appropriately approved
and tracked in a centralized change tracking database or system.
C9032Controls are in place to ensure that only authorized individuals migrate application
programs to production.
C9033A formal change management policy documents the minimum requirements for
program changes and system acquisition and development on an entity-wide basis.
C9034Application controls are formally considered and documented during the
implementation of new information systems.
C9035Users are involved in deriving application system requirements.
C9036A test plan is developed and followed for all major implementation projects,
including data conversion testing as appropriate.
Control Has
Been
Implemented?
Effectively
Designed?
Test
Control?
C9037User acceptance testing is performed on all user-requested projects. Tests are
completed and documented prior to the move into production.
ASB-CX-5.6: Control Activities Form for Financial Close and Reporting
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Defining the Financial Closing and Reporting Process
C8016Management establishes a well-defined process for
financial reporting. The process and its key attributes (e.g., overall
timing, methodology, format, and frequency of analyses) are
formally documented, approved, and reviewed on a regular basis.
E/O, C,
V, R/O,
A/CL, CO
C8025Knowledgeable personnel monitor changes in
authoritative guidance and make the appropriate changes to the
entitys accounting policies and procedures on a timely basis.
E/O, C,
V, R/O,
A/CL, CO
C8035An independent review of significant judgments and
estimates included in the financial records is performed at the end
of every accounting period by knowledgeable personnel.
E/O, C,
V, R/O,
A/CL, CO
C8039A supporting analysis is prepared for each nonroutine
event or transaction that requires managements judgment and/or
estimate. The analysis documents compliance with relevant GAAP
or an OCBOA (including relevant regulatory rules) and the entitys
E/O, C,
V, R/O,
A/CL, CO
C8054Management receives appropriate reporting packages,
sign-offs, and representations from appropriate areas of the
organization to ensure (a) all relevant information has been
recorded or disclosed on a timely basis and (b) all intercompany
balances and transactions have been identified.
E/O, C,
V, R/O,
A/CL, CO
Performing the Accounting Period Close
C8005Profit and loss statements are reviewed by management.
Significant variances from budget and/or prior periods are
investigated.
E/O, C,
V, R/O,
A/CL, CO
C8016Management establishes a well-defined process for
financial reporting. The process and its key attributes (e.g., overall
timing, methodology, format, and frequency of analyses) are
formally documented, approved, and reviewed on a regular basis.
E/O, C,
V, R/O,
A/CL, CO
C8031Routine and nonroutine events and transactions occurring
near period end are analyzed and reviewed to ensure they are
accounted for in the correct accounting period.
CO
C8037All related-party events and transactions are identified,
and a schedule detailing them is prepared; the schedule is
reviewed by management and other appropriate parties.
E/O, C,
R/O, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
reviewed by management and other appropriate parties.
C8041Unusual items and exceptions in analyses and
reconciliations are documented, resolved, and reviewed by
management on a timely basis.
E/O, C,
V, A/CL,
CO
C8044All journal entries, including nonstandard/nonroutine
entries, have adequate supporting documentation and are
reviewed and approved independently prior to posting.
E/O, C,
V, R/O,
A/CL, CO
C8046Management has a process in place to ensure that the
trial balance(s) used in the financial statement preparation process
is final, contains all valid journal entries made, and is in balance.
C, A/CL
organization to (1) ensure all relevant information has been
recorded or disclosed on a timely basis and (2) all intercompany
E/O, C,
V, R/O,
A/CL
C8082There is appropriate segregation of duties among those
who:
Initiate journal entries.
Approve journal entries.
Post journal entries to the general ledger.
E/O, C,
CO
Capturing and Processing Nonroutine Information Requiring
Significant Estimates and Judgments
investigated.
E/O, C,
V, R/O,
A/CL, CO
C8025Knowledgeable personnel monitor changes in
authoritative guidance and make the appropriate changes to the
entitys accounting policies and procedures on a timely basis.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
C8039A supporting analysis is prepared for each nonroutine
event or transaction that requires managements judgment and/or
estimate. The analysis documents compliance with relevant GAAP
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
C8063Management and those charged with governance (if
separate from management) are briefed by financial reporting
personnel on a regular basis and at each period-end for which
financial statements are released to third parties. Such briefing
includes a discussion of significant non-routine events and
E/O, C,
V, R/O,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
transactions, selection and application of critical accounting
policies, areas with unusual fluctuations, and other relevant
significant issues.
Preparing and Reviewing Financial Statement Disclosures
C8053Up-to-date disclosure checklists are used to ensure that
all relevant financial information is disclosed in the appropriate
accounting period in accordance with GAAP (or an OCBOA) and
the entitys accounting and disclosure policies.
C, A/CL
organization to ensure (a) all relevant information has been
recorded or disclosed on a timely basis and (b) all intercompany
E/O, C,
V, R/O,
A/CL, CO
C8055For each financial statement disclosure, a supporting
analysis is prepared and documented in accordance with relevant
GAAP or an OCBOA (including relevant regulatory rules) and the
entitys accounting and disclosure policies.
E/O, C,
V, R/O,
A/CL
C8064An independent review of the financial statements and all
related disclosures is performed by management and/or other
suitably qualified personnel for completeness, consistency, and
compliance with GAAP or an OCBOA and the entitys accounting
and disclosure policies.
E/O, C,
V, R/O,
A/CL
Reviewing and Approving the Financial Statements
C8063Management and those charged with governance (if
separate from management) are briefed by financial reporting
personnel on a regular basis and at each period end for which
financial statements are released to to third parties. Such briefing
includes a discussion of significant nonroutine events and
transactions, selection and application of critical accounting
policies, areas with unusual fluctuations, and other relevant
significant issues.
E/O, C,
V, R/O,
A/CL, CO
C8064An independent review of the financial statements and all
related disclosures is performed by management and/or other
suitably qualified personnel for completeness, consistency, and
compliance with GAAP (or an OCBOA) and the entitys accounting
and disclosure policies.
E/O, C,
V, R/O,
A/CL
C8068All financial statements and related disclosures are
approved by management prior to the release of the reports to
third parties.
E/O, C,
V, R/O,
A/CL, CO
Adjusting for Foreign Currencies
investigated.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
V, R/O,
A/CL, CO
ASB-CX-5.7: Control Activities Form for Cash
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
C1000Management reviews the entitys financial statements on a
periodic basis and investigates significant variances from budgets
and expected results.
E/O, C,
R/O, V,
A/CL, CO
C2007Delinquent accounts receivable are reviewed. E/O, C,
V, R/O,
A/CL, CO
C2030Cash receipts are reconciled to general ledger postings
daily.
E/O, C,
V, R/O,
CO
C2034Lockbox receipts are compared to customer remittances. E/O, C,
R/O,
A/CL, CO
C2038The accounts receivable aging/subledger is reviewed and
reconciled to the general ledger.
E/O, C,
A/CL, CO
C2127There is adequate segregation of duties among those
who:
Collect accounts receivable.
Open the mail or copy checks received.
Prepare deposits.
Deposit cash receipts.
Post cash receipts to the accounts receivable subledger.
Review the accounts receivable aging trial balance.
Authorize write-offs of delinquent accounts.
Independently investigate accounts receivable
discrepancies.
Maintain or authorize accounts receivable adjustments.
Edit the accounts receivable master file.
Process customer service calls and complaints.
Investigate discrepancies or issues related to revenue.
Reconcile bank accounts.
E/O, C,
R/O,
A/CL, CO
C2143The entity uses a lockbox. E/O
C2144Cash receipts are deposited intact promptly or stored in a
secure location.
E/O, C,
CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
C2146Adjustments of cash accounts are approved and
documented by the appropriate level of management or another
appropriate person.
E/O, C,
A/CL
C5055Bank reconciliations are prepared and reviewed in a
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
who:
Authorize shipments.
Initiate shipping documents.
Prepare deposits.
Investigate discrepancies or issues related to cash.
Maintain the cash receipts journal.
E/O, C,
V, R/O,
A/CL, CO
C5076Bank statements are received and reviewed by a
responsible person other than the person who reconciles the bank
account before being submitted for reconciliation.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
R/O, V,
A/CL, CO
C1016System rejects duplicate entry of an invoice from a
vendor.
E/O, R/O,
A/CL
C1023Purchase order, receiving report, and invoice are matched
and canceled prior to payment.
E/O, C,
R/O,
A/CL, CO
C1033Accounts payable aging/subledger is reviewed and
E/O, C,
V, R/O,
A/CL, CO
who:
Review, authorize, or sign checks.
Initiate checks for expenditures.
Prepare checks.
Mail checks.
Edit the vendor master file.
Investigate discrepancies or issues involving
expenditures.
E/O, R/O
C1097Checks are prenumbered, the sequence is accounted for
regularly, and unissued checks are controlled and kept in a secure
E/O, C
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
location.
C1099The check signer reviews all supporting documentation
prior to signing check.
E/O, R/O,
A/CL
C1100Passwords are established and used for individuals
authorized to make wire transfers, and bank callback verifications
are in place for telephone transfers exceeding a predetermined
dollar amount.
E/O
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.8: Control Activities Form for Accounts Receivable and Sales
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Processing Sales Orders
E/O, C,
R/O, V,
A/CL, CO
V, R/O,
A/CL, CO
C2017Sales by product/service and/or customer are reviewed. E/O, C,
V, A/CL,
CO
C2048The sales order system prevents sales to customers on
credit holds or in excess of credit limits.
V, R/O
who:
Approve terms of sale.
Process sales orders.
Record sales orders.
Invoice customers.
Post cash receipts to accounts receivable subledger.
Review accounts receivable aging trial balance.
discrepancies.
E/O, C,
V, R/O,
A/CL, CO
C2147Sales orders, shipping documents, and invoices are
prenumbered and the sequence is accounted for.
E/O, C
C2148Summary totals (for example, batch totals) of billings are
prepared daily and compared to the posting to the control
accounts.
E/O, C,
A/CL, CO
C2150Invoices are agreed to approved sales orders, shipping E/O, C,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
C2150Invoices are agreed to approved sales orders, shipping
documents, and an approved price list before recording.
E/O, C,
A/CL
C3006Product margins by product line are reviewed regularly by
management.
C, V,
A/CL, CO
C3007Physical inventory counts are reconciled to the perpetual
record (subledger).
E/O, C,
V, R/O,
A/CL, CO
C3008Physical inventory counts to verify quantities on hand are
performed.
E/O, C,
V, R/O,
A/CL, CO
Shipping and Invoicing Sales Orders
E/O, C,
R/O, V,
A/CL, CO
V, R/O,
A/CL, CO
C2017Sales by product/service and/or customer are reviewed. E/O, C,
V, A/CL,
CO
E/O, C,
A/CL, CO
who:
Invoice customers.
Post cash receipts to accounts receivable subledger.
Review accounts receivable aging trial balance.
discrepancies.
E/O, C,
V, R/O,
A/CL, CO
C2147Sales orders, shipping documents, and invoices are
prenumbered and the sequence is accounted for.
E/O, R/O
C2150Invoices are agreed to approved sales orders, shipping
documents, and an approved price list before recording.
E/O, C,
A/CL
management.
C, V,
A/CL, CO
Processing Sales Adjustments and Product Returns
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
E/O, C,
R/O, V,
A/CL, CO
C2000All write-offs and credit memos greater than amounts
specified by entity policy are approved.
E/O, V,
R/O,
A/CL
V, R/O,
A/CL, CO
who:
Maintain access to cash.
E/O, V,
A/CL
E/O, C,
R/O, V,
A/CL, CO
V, R/O,
A/CL, CO
C2030Cash receipts are reconciled to general ledger postings
daily.
E/O, V,
R/O, CO
C2034Lockbox receipts are compared to customer remittances. E/O, C,
R/O,
A/CL, CO
E/O, C,
A/CL, CO
who:
Prepare deposits.
Post cash receipts to the accounts receivable subledger.
Review the accounts receivable aging trial balance.
discrepancies.
E/O, C,
R/O,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
C2143The entity uses a lockbox. E/O
C2144Cash receipts are deposited intact promptly or stored in a
secure location.
E/O, C,
CO
C2146Adjustments of cash accounts are approved and
documented by the appropriate level of management or another
appropriate person.
E/O, C,
A/CL
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
who:
Prepare deposits.
Investigate discrepancies or issues related to cash.
Maintain the cash receipts journal.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
Estimating the Allowance for Doubtful Accounts and
Bad Debt Expense
E/O, C,
R/O, V,
A/CL, CO
C2067Accounting policies and procedures specify the correct
treatment for estimating the allowance for doubtful accounts and
bad debt expense.
V, A/CL
C2069A supporting analysis is prepared for estimating the
allowance for doubtful accounts and bad debt expense. The
analysis documents compliance with relevant GAAP or an OCBOA
(including relevant regulatory rules) and the entitys accounting
policies.
V, A/CL
who:
E/O, V,
A/CL
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Maintain access to cash.
E/O, C,
V, R/O,
A/CL, CO
Recording Deferred Revenue
E/O, C,
R/O, V,
A/CL, CO
treatment for calculating deferred revenue.
A/CL
C2099A supporting analysis is prepared for calculating deferred
revenue. The analysis documents compliance with relevant GAAP
A/CL
E/O, C,
V, R/O,
A/CL, CO
Estimating the Allowance for Sales Returns and Adjustments
E/O, C,
R/O, V,
A/CL, CO
treatment for estimating the allowance for sales returns and
adjustments, including those requiring managements estimates
and judgments.
V, A/CL
C2113A supporting analysis is prepared for estimating the
allowance for sales returns and adjustments. The analysis
documents compliance with relevant GAAP or an OCBOA
(including relevant regulatory rules) and the entitys accounting
policies.
V, A/CL
E/O, C,
V, R/O,
A/CL, CO
Maintaining the Customer Master File
C2056Only authorized users can modify data in the customer
master records.
E/O, R/O
ASB-CX-5.9: Control Activities Form for Inventory and Cost of Sales
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Recording Purchases
E/O, C,
R/O, V,
A/CL, CO
C1001Management approval of purchase orders is required for
purchases that exceed established limits according to entity policy.
E/O, R/O
E/O, C,
R/O,
A/CL, CO
who:
Initiate purchase orders.
Maintain the purchase journal.
Initiate checks for expenditures
Prepare or issue debit memos.
Input purchase orders.
Verify or process receipt of inventory.
Receive goods from or transfer goods to inventory.
Investigate discrepancies or issues related to
expenditures, inventory, fixed assets, revenue, debt, or
cash.
Maintain access to or custody of inventory.
Edit the fixed asset master file.
Maintain the chart of accounts.
E/O, R/O
C1101Purchase orders, receiving reports, debit/credit memos,
and shipping orders for returned goods (including unused forms)
are prenumbered and the sequence is accounted for.
E/O, C
Receiving and Storing Inventory
E/O, R/O
E/O, C,
R/O,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
A/CL, CO
C1030After each period-end, management creates a log of all
invoices received above the limit dictated by entity policy and
checks to ensure that they were recorded in the proper period.
E/O, C,
R/O, CO
C3000The inventory subledger (detail listing or perpetual record)
is reviewed and reconciled to the general ledger.
E/O, C,
V, R/O,
A/CL, CO
record (subledger).
E/O, C,
R/O,
A/CL, CO
performed.
E/O, C,
R/O,
A/CL, CO
who:
Initiate inventory purchases.
Authorize inventory purchases.
Verify and process receipt of inventory.
Schedule inventory production.
Authorize production or transfer requests.
Receive goods from or transfer goods to manufacturing.
Manufacture inventory.
Initiate checks for inventory purchases.
Ship inventory.
Record inventory transactions.
Have responsibility for inventory counts.
Investigate inventory count discrepancies.
Investigate discrepancies or issues related to inventory.
Approve changes to inventory cost/quantity (including
disposal).
Maintain inventory records.
Edit the inventory master file.
Maintain access to and custody of inventory.
Investigate discrepancies or issues related to revenue,
investments, borrowings, derivatives, or cash.
E/O, C,
V, R/O,
A/CL, CO
Requisitioning Materials for Production
E/O, C,
R/O, V,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
management.
C, V,
A/CL, CO
record (subledger).
E/O, C,
R/O,
A/CL, CO
performed.
E/O, C,
R/O,
A/CL, CO
C3025Standard cost/price variances for materials, labor, burden,
and material overhead are periodically reviewed and revised.
E/O, C,
V, R/O,
A/CL
C3029Book-to-physical adjustments are reviewed at period end. E/O, C,
V, A/CL,
CO
C3075Management reviews and approves adjustments to
inventory control accounts and/or perpetual records.
E/O, C,
R/O,
A/CL, CO
Costing Inventory
E/O, C,
R/O, V,
A/CL, CO
C3001Only authorized individuals have access to and make
changes to the inventory master file.
E/O, V,
R/O,
A/CL
management.
C, V,
A/CL, CO
E/O, C,
V, R/O,
A/CL
C3076Inventory pricing procedures are in accordance with the
costing method used by the entity (FIFO, average cost, etc.).
V, A/CL
C3077Management reviews and approves the final priced
inventory listing.
V, A/CL
Managing Inventory
E/O, C,
R/O, V,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
C3001Only authorized individuals have access to and make
changes to the inventory master file.
E/O, V,
R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
changes to the inventory master file. R/O,
A/CL
record (subledger).
E/O, C,
R/O,
A/CL, CO
performed.
E/O, C,
R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL
C3029Book-to-physical adjustments are reviewed at period end. E/O, C,
V, A/CL,
CO
C3044Inventory is stored in properly secured, environmentally
conditioned warehouse locations. Access is restricted to
authorized personnel.
E/O, R/O
who:
Initiate inventory purchases.
Authorize inventory purchases.
Verify and process receipt of inventory.
Schedule inventory production.
Authorize production or transfer requests.
Receive goods from or transfer goods to manufacturing.
Manufacture inventory.
Initiate checks for inventory purchases.
Ship inventory.
Record inventory transactions.
Have responsibility for inventory counts.
Investigate inventory count discrepancies.
Investigate discrepancies or issues related to inventory.
Approve changes to inventory cost/quantity (including
disposal).
Maintain inventory records.
Edit the inventory master file.
Maintain access to and custody of inventory.
Investigate discrepancies or issues related to revenue,
investments, borrowings, derivatives, or cash.
E/O, C,
V, R/O,
A/CL, CO
inventory control accounts and/or perpetual records.
E/O, C,
R/O, V,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Estimating Excess and Obsolete Inventory Reserves
E/O, C,
R/O, V,
A/CL, CO
C3049Accounting policies and procedures specify correct
treatment for estimating excess and obsolete inventory reserves,
including those requiring managements estimates and judgments.
V, A/CL
C3051A supporting analysis is prepared for estimating excess
and obsolete inventory reserves. The analysis documents
compliance with relevant GAAP or an OCBOA (including relevant
regulatory rules) and the entitys accounting policies.
V, A/CL
C3078Management periodically assesses whether excess,
slow-moving, obsolete, and defective inventories are identified and
accounted for on a timely basis.
V
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.10: Control Activities Form for Property
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Acquiring and Safeguarding Property, Plant, and Equipment
E/O, C,
R/O, V,
A/CL, CO
E/O, R/O
C4000Management tracks asset acquisitions and remaining
costs and compares to capital budgets.
E/O, C,
V, R/O,
A/CL, CO
C4001Periodically, property, plant, and equipment listings are
routed to the appropriate managers to determine whether the
assets still physically exist.
E/O, C,
V, R/O,
A/CL, CO
C4003The entity has a capitalization and useful lives policy, and
the policy has been formally reviewed and approved by
management and communicated to departments that request
property, plant, and equipment purchases.
E/O, R/O
C4004Equipment is located in an appropriately secured area,
where access is restricted to authorized personnel.
E/O, R/O
C4007Prior to entry, accounting personnel compare asset
information to the capitalization policy to ensure appropriate
accounting treatment.
E/O, C,
V, R/O,
A/CL
C4009The property, plant, and equipment subledger is reviewed
and reconciled to the general ledger.
E/O, C,
V, R/O,
A/CL, CO
Depreciating Property, Plant, and Equipment
E/O, C,
R/O, V,
A/CL, CO
E/O, C,
V, R/O,
A/CL
E/O, C,
V, R/O,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
A/CL, CO
C4016Property, plant, and equipment depreciation charges are
calculated correctly by the automated system and are reviewed for
reasonableness by management.
E/O, C,
V, R/O,
A/CL, CO
C4017The automated system generates the depreciation journal
entry, which is manually entered into the general ledger by
accounting personnel and reviewed by management.
E/O, C,
V, A/CL,
CO
Disposing Property, Plant, and Equipment
(Sales and Retirements)
E/O, C,
R/O, V,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
C4014Disposals of property, plant, and equipment are reviewed
by management and entered into the property, plant, and
equipment subledger by accounting personnel in a timely fashion.
E/O, C,
V, R/O,
A/CL, CO
C4018Based on disposal information entered, the property,
plant, and equipment subledger automatically calculates any gain
or loss on the disposal.
V, A/CL,
CO
C4019Accounting personnel create a journal entry to record the
disposal and any gain or loss on the disposal, which is reviewed
and approved by management.
V, A/CL
Maintaining the Property, Plant, and Equipment Subledger
C4000Management tracks asset acquisitions and remaining
costs and compares to capital budgets.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL
E/O, C,
V, R/O,
A/CL, CO
C4014Disposals of property, plant, and equipment are reviewed
by management and entered into the property, plant, and
E/O, C,
V, R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
equipment subledger by accounting personnel in a timely fashion. A/CL, CO
C4016Property, plant, and equipment depreciation charges are
calculated correctly by the automated system and are reviewed for
reasonableness by management.
E/O, C,
V, R/O,
A/CL, CO
C4017The automated system generates the depreciation journal
entry, which is manually entered into the general ledger by
accounting personnel and reviewed by management.
E/O, C,
V, A/CL,
CO
C4070Management reviews and approves write-offs or other
adjustments to property accounts.
E/O, C,
R/O, V,
A/CL, CO
Assessing Assets for Impairment
E/O, C,
R/O, V,
A/CL, CO
treatment for calculating asset impairment, including those
requiring managements estimates and judgments.
V, A/CL
C4030Recorded assets are reviewed for impairment. V
C4032A supporting analysis is prepared for calculating asset
impairment. The analysis documents compliance with relevant
entitys accounting policies.
V, A/CL
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.11: Control Activities Form for Investments and Derivatives
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Managing Investments
E/O, C,
R/O, V,
A/CL, CO
C5002Interest and dividend income calculations and accruals
are reviewed.
C, V,
A/CL, CO
C5004Third-party statements are reconciled to subledger and
general ledger account(s).
E/O, C,
V, R/O,
A/CL, CO
C5021Investment and derivative activity is reviewed at regular
intervals by an appropriate level of management.
E/O, R/O
C5038Management approves investment and derivative
transactions to ensure that they are valid and in compliance with
the entitys policies and procedures.
E/O, R/O
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
C5070Investments are reviewed at acquisition and other
appropriate intervals for appropriate classification as trading,
available-for-sale, or held to maturity.
A/CL
treatment for valuing investments and derivatives, including those
V, A/CL
C5072A supporting analysis is prepared for valuing investments
and derivatives. The analysis documents compliance with relevant
V, A/CL
C5073Equity method investment carrying values and earnings
are reconciled to investee financial statements.
E/O, C,
R/O, V,
A/CL, CO
investment and derivatives control accounts.
E/O, C,
R/O, V,
A/CL, CO
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Managing Derivatives
E/O, C,
R/O, V,
A/CL, CO
C5004Third-party statements are reconciled to subledger and
general ledger account(s).
E/O, C,
V, R/O,
A/CL, CO
C5021Investment and derivative activity is reviewed at regular
intervals by an appropriate level of management.
E/O, R/O
C5038Management approves investment and derivative
transactions to ensure that they are valid and in compliance with
the entitys policies and procedures.
E/O, R/O
treatment for valuing investments and derivatives, including those
V, A/CL
C5072A supporting analysis is prepared for valuing investments
and derivatives. The analysis documents compliance with relevant
V, A/CL
investment and derivatives control accounts.
E/O, C,
R/O, V,
A/CL, CO
C5076Management monitors agreements to determine that all
derivatives are identified and properly accounted for.
C, A/CL
E/O, C,
R/O, V,
A/CL, CO
V, A/CL
V, A/CL
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.12: Control Activities Form for Other Assets
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Recording Purchases of Other Assets
E/O, C,
R/O, V,
A/CL, CO
E/O, R/O
E/O, C,
R/O,
A/CL, CO
C1096An other-assets detail is maintained and detail is reviewed
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
R/O, V,
A/CL, CO
V, A/CL
V, A/CL
E/O, C,
V, R/O,
A/CL, CO
Amortizing Assets
E/O, C,
R/O, V,
A/CL, CO
C4063Assumptions (amortization period) and methods used in
amortization calculations are reviewed regularly to ensure they are
reasonable and in line with GAAP or an OCBOA.
E/O, C,
V, A/CL
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
reasonable and in line with GAAP or an OCBOA.
C4065Amortization expense is calculated correctly by the
automated system and is reviewed for reasonableness by
management.
E/O, C,
V, A/CL,
CO
ASB-CX-5.13: Control Activities Form for Accounts Payable and Other Liabilities
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Recording Purchases
E/O, C,
R/O, V,
A/CL, CO
E/O, R/O
E/O, C,
R/O,
A/CL, CO
who:
Initiate purchase orders.
Approve purchase orders.
Maintain the purchase journal.
Prepare or issue debit memos.
Verify or process receipt of inventory.
Receive goods from or transfer goods to inventory.
Investigate discrepancies or issues related to
expenditures, inventory, fixed assets, revenue, debt, or
cash.
Maintain access to or custody of inventory.
Edit the fixed asset master file.
E/O, R/O
C1101Purchase orders, receiving reports, debit/credit memos,
and shipping orders for returned goods (including unused forms)
are prenumbered and the sequence is accounted for.
E/O, C
Processing Accounts Payable and Accruals
E/O, C,
R/O, V,
A/CL, CO
C1016System rejects duplicate entry of an invoice from a E/O, V,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
vendor.
E/O, V,
R/O,
A/CL
E/O, C,
V, R/O,
A/CL, CO
C1030After each period end, management creates a log of all
invoices received above the limit dictated by entity policy and
checks to ensure that they were recorded in the proper period.
E/O, C,
R/O, CO
C1031Accruals for goods/services received but not invoiced are
reviewed.
C, A/CL,
CO
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
R/O, V,
A/CL, CO
vendor.
E/O, V,
R/O,
A/CL
E/O, C,
R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
who:
Prepare checks.
Mail checks.
Investigate discrepancies or issues involving
expenditures.
E/O, R/O
C1097Checks are prenumbered, the sequence is accounted for
regularly, and unissued checks are controlled and kept in a secure
location.
E/O, C
C1099The check signer reviews all supporting documentation
prior to signing check.
E/O, R/O,
A/CL
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
C1100Passwords are established and used for individuals
authorized to make wire transfers, and bank callback verifications
are in place for telephone transfers exceeding a predetermined
dollar amount.
E/O
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
E/O, C,
V, R/O,
A/CL, CO
Maintaining the Supplier Master File
C1081Changes to the vendor master file are periodically
reviewed for reasonableness.
E/O, C,
V, R/O,
A/CL, CO
Estimating the Warranty Reserve and Warranty Expense
E/O, C,
R/O, V,
A/CL, CO
treatment for estimating warranty reserve and expense.
V, A/CL
C2085A supporting analysis is prepared for estimating warranty
reserve and expense. The analysis documents compliance with
relevant GAAP or an OCBOA (including relevant regulatory rules)
and the entitys accounting policies.
V, A/CL
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.14: Control Activities Form for Notes Payable and Long-term Debt
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Managing Borrowings
E/O, C,
R/O, V,
A/CL, CO
C5010Debt agreement is reviewed for appropriate classification
of outstanding debt.
A/CL
C5011Debt compliance calculations are prepared and reviewed
in a timely fashion.
V, A/CL
C5014Financial commitments require approval by management
and/or those charged with governance.
E/O, R/O
C5016Leases are reviewed for capitalization. C, V,
A/CL
C5018A reconciliation of outstanding debt instruments to the
general ledger is prepared and reviewed in a timely fashion.
E/O, C,
V, A/CL,
CO
C5027Statements received from lenders are reconciled to the
subsidiary ledger (loan register) and differences are investigated.
C, V,
A/CL, CO
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.15: Control Activities Form for Income Taxes
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Calculating and Reporting Income Taxes
E/O, C,
R/O, V,
A/CL, CO
C7000Reconciliations of tax-related general ledger accounts are
performed on a monthly basis to ensure balances per the tax
account analysis agree to the general ledger amounts.
E/O, C,
A/CL, CO
C7001Income tax provision calculations, disclosure items, tax
positions, and written analyses are reviewed and approved by the
external tax advisor.
E/O, C,
V, A/CL,
CO
C7002The prior year tax return calculations are reconciled to the
current year tax provision calculations, and the reasons for
material differences are documented and/or discussed with the
preparer.
E/O, C,
V, A/CL
C7005Management reviews the details of analyses and
reconciliations related to the preparation of the income tax
provision and adjustments to related income tax accounts and
approves the final documentation supporting the income tax
provision and related income tax accounts.
E/O, C,
V, A/CL
C7006The financial statement accounting treatment for new
income tax attributes, including those requiring the use of
significant estimates and judgment in the selection and application
of accounting principles, is researched, analyzed, documented,
updated, and communicated to responsible parties on a regular
basis.
V, A/CL
C7010Analytical reviews of the components of the income tax
provision and related income tax accounts are performed,
highlighting significant variances. Significant items are investigated
and resolved on a timely basis and in the appropriate accounting
period.
E/O, C,
V, A/CL,
CO
C7022Journal entries to record the income tax provision and
adjustments to related income tax accounts have adequate
supporting documentation and are reviewed and approved
independently prior to posting.
E/O, C,
V, R/O,
A/CL, CO
C7023A supporting analysis for the financial statement income
tax disclosure is prepared and documented by knowledgeable
E/O, C,
V, R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
tax disclosure is prepared and documented by knowledgeable
personnel in accordance with relevant GAAP or an OCBOA and
the entitys accounting and disclosure policies.
V, R/O,
A/CL
C7028Procedures are in place to ensure the proper assessment,
withholding, and payment of sales and use taxes.
E/O, C,
V, A/CL
ASB-CX-5.16: Control Activities Form for Equity
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Recording Equity Transactions
E/O, C,
R/O, V,
A/CL, CO
C5049Dividends paid are reconciled to dividends declared (and
accrued) to shareholders of record on the dividend date.
E/O, C,
V, A/CL,
CO
C5050Outstanding stock issued (per the transfer agent, if any, or
internal subledger) is reconciled to the general ledger and
reviewed promptly.
E/O, C,
V, A/CL,
CO
C5051New stock issues, dividends, and other equity
transactions require approval by the board of directors.
E/O, R/O
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
C6030An equity rollforward is performed. Unusual or reconciling
items are investigated and resolved in a timely manner.
E/O, C,
V, A/CL,
CO
Recording Stock Compensation
E/O, C,
R/O, V,
A/CL, CO
C6000Access to data and/or transaction files is appropriately
restricted.
E/O, C,
V, R/O,
A/CL
C6030An equity rollforward is performed. Unusual or reconciling
items are investigated and resolved in a timely manner.
E/O, C,
V, A/CL,
CO
C6031Stock option grants, the exercising of options, and
restricted stock awards are appropriately approved by
management and are accurately recorded.
E/O, C,
V, R/O,
A/CL, CO
treatment for calculating stock compensation expense, including
C, V,
R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
those requiring managements estimates and judgments. A/CL
C6042A supporting analysis is prepared for calculating stock
compensation expense. The analysis documents compliance with
relevant GAAP or an OCBOA (including relevant regulatory rules)
and the entitys accounting policies.
E/O, C,
V, R/O,
A/CL
E/O, C,
V, R/O,
A/CL, CO
ASB-CX-5.17: Control Activities Form for Income and Expenses
Completed by: Date:
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
Processing Payroll
E/O, C,
R/O, V,
A/CL, CO
timely fashion.
E/O, C,
V, R/O,
A/CL, CO
restricted.
E/O, C,
R/O,
A/CL
C6020Standard programmed algorithms perform significant
payroll calculations.
A/CL
C6023The payroll system master file change log, showing all
changes made to payroll information, is reviewed by management
to ensure it reflects accurate and complete information.
E/O, C,
V, R/O,
A/CL, CO
who:
Prepare payroll checks.
Sign payroll checks.
Review and authorize electronic payroll disbursements.
Resolve employee payroll inquiries.
Edit the payroll master file.
Open mail or copy checks received.
E/O,
A/CL
C6056Current payrolls are compared with previous payrolls and
variances are investigated and documented.
E/O, C,
A/CL
C6057Payroll registers are reviewed after processing, reconciled
to control totals, and approved by an appropriate level of
management.
E/O, C,
A/CL
Maintaining the Employee Database Master File
restricted.
E/O, C,
R/O,
A/CL
C6023The payroll system master file change log, showing all
changes made to payroll information, is reviewed by management
E/O, C,
R/O,
Assertions
Addresses
Fraud or
Significant
Risk?
Control Has
Been
Effectively
Designed?
to ensure it reflects accurate and complete information. A/CL, CO
Recording Repairs and Maintenance Expenses
E/O, C,
R/O, V,
A/CL, CO
vendor.
E/O, R/O,
A/CL
E/O, C,
R/O,
A/CL, CO
C4003The entity has a capitalization and useful lives policy, and
the policy has been formally reviewed and approved by
management and communicated to departments that request
property, plant, and equipment purchases.
E/O, R/O
E/O, C,
V, R/O,
A/CL
ASB-CX-6: Identifying Risk
ASB-CX-6.1: Entity Risk Factors
Instructions: This practice aid provides a list of factors to consider when identifying risks that could result in
misstatement of the financial statements. Not all factors are relevant to every engagement and the list of factors
is not necessarily complete; however, the risk factors listed may serve as a memory jogger to spark your
consideration of potential financial statement risks relevant to the client. This form provides a reference tool for
your identification of risks on ASB-CX-3.1; it is not necessary to include this form in your final engagement
documentation.
Structure, Ownership, Governance, and Related Parties
1. Risk factors related to the entitys structure, ownership, governance, and related parties:
Complexity of the organizational structure, including consolidated and nonconsolidated entities.
Number, location, and purpose of subsidiaries.
Operations in areas that are economically unstable.
Significance of related party relationships and transactions.
Significant related party transactions outside the normal course of business.
Critical alliances, joint ventures, or outsourcing activities.
Recent legal or functional reorganizations.
Expansion into new locations.
The effectiveness of board of directors or audit committee oversight.
Issues related to key client management (for example, experience, competency, age, health, ease of replacement,
etc.).
Recent changes in management.
2. Risk factors related to the entitys industry and external environment, including the regulatory, economic, political, and
social environment:
Industry
The market and competition, including price competition, demand, and capacity.
Trends in product technology and life cycle of the entitys products.
Whether the industry is cyclical or seasonal.
Stability of the customer base.
The availability and cost of supply.
Whether the industry is undergoing significant changes.
Regulatory Environment
Regulatory complexity.
The entitys compliance with regulatory requirements.
Corporate and other taxation factors, including:
Whether the entity is subject to unusually unfavorable tax rules.
Pending IRS or state tax authority examinations.
Whether the entity frequently fails to take advantage of tax-saving opportunities.
Major differences between book and tax income.
Unusual tax elections or carryforwards.
Unfavorable or declining relationships with regulators or the IRS.
Governmental policies (such as tariffs, trade restrictions, financial incentives, or other monetary or fiscal policies)
affecting the entitys business.
Significant government contracts.
Proposed legislation that might negatively impact the entity.
Environmental requirements or other environmental factors affecting the entity or industry, including:
Frequency of environmental issues within the industry.
Whether the entity has any specific environmental concerns.
Whether the entity has been cited for violation of environmental laws or regulations.
Whether the entity has been designated by the EPA as a potentially responsible party.
The susceptibility of the entity to catastrophic loss.
Other External Factors
Sensitivity of the business to general economic conditions.
Sensitivity of customers to general economic conditions.
Interest rates and the availability of financing.
Impact of inflation.
Impact of stock market declines on investments or liquidity.
Vulnerability to political or social conditions.
Whether the entity has a poor public image or receives negative publicity.
The importance of employee safety to the entity.
Whether the entity is a party to frequent consumer lawsuits.
3. Risk factors related to the nature of the entity:
Business OperationsRevenue Sources
Changes in the entitys lines of business or product offerings.
Sales and revenue trends, including:
The trend in sales orders.
Whether revenues are increasing or decreasing (provide reasons such as aggressive marketing, economic
conditions, loss of major customer, etc.).
Whether the entity has noted a significant slowdown in cash collections.
Significant changes in the entitys bad debt experience.
Factors related to major customers, contracts, and terms, including:
Whether revenues are dependent on primarily a few large customers.
Whether the entity does significant business with customers that are not financially sound.
The nature of the entitys sales contracts (for example, long-term, fixed fee, limited price escalation contracts,
etc.).
Unusual terms or conditions offered to certain customers or markets (for example, extended credit terms,
pricing guarantees, retrospective discounts, conditional sales, post-sales obligations, etc.).
Whether the entity is subject to significant noncancelable sales contracts that are unprofitable (or likely to
become unprofitable).
Marketing strategies and selling methods (or changes in those strategies or methods) used by the entity (for
example, commissioned sales force, direct customer sales, etc.).
Whether the entity engages in e-commerce to sell its products or services.
Business OperationsProducts or Services and Markets
Factors related to the entitys markets and competition, including:
Changes in the entitys market share.
Activities of key competitors.
Changes in pricing policies and/or profit margins.
Factors related to the entitys products or services, including:
Whether the entitys products are made to order or whether the entity maintains significant inventories of
products.
Whether the entity is subject to significant product warranty liabilities.
Issues involving the reputation of the entitys products and services.
Evidence of problems with product quality (such as high scrap levels, significant quantities of returned
merchandise, or high levels of warranty claims).
Factors related to the entitys production processes, including:
Whether there have been significant changes to the entitys production processes.
The level of capacity at which the entity is currently operating.
Whether the entity is able to meet demand for its products or has a production backlog.
Whether production costs are primarily fixed or variable.
Whether the entity has experienced significant labor or materials shortages.
The general condition of the entitys production facilities.
Whether the entitys production processes or nature of services provided are subject to rapid technological
changes and whether the entity is able to keep pace with such changes.
Factors related to the entitys key suppliers of goods and services, including:
The principal materials and services purchased for the entitys product.
Whether the entity is dependent on one or a few suppliers.
The methods of delivery, long-term contracts, and payment terms for the entitys key suppliers.
Whether the entity engages in e-business to purchase its materials and supplies.
The stability of supply.
Business OperationsOther
Major Assets and Liabilities
Locations, quantities, and characteristics of the entitys inventory (for example, whether inventories are a
commodity, protected by patents, subject to rapid obsolescence, etc.).
Significant asset or liability amounts subject to estimation processes, including fair value estimates.
Estimates that involve a high degree of measurement uncertainty.
Significant assets likely to be impaired.
Significant self-constructed assets.
Potential liabilities from litigation or other significant contingent liabilities.
Foreign currency assets, liabilities, and transactions.
Whether significant assets and liabilities are appropriate given the industry and entity size.
Significant or Unusual Transactions
Significant transactions outside the normal course of business (i.e., nonroutine or nonsystematic transactions).
Occurrence of unusual or infrequent events.
Extraordinary items.
Significant, unusual, or complex revenue transactions at or near year-end.
Significant nonrecurring transactions for which specific GAAP requirements may apply, such as a business
combination, debt modification or restructuring, nonmonetary transaction, equity transaction, or disposal of a
component of the entity.
Expenses and Workforce
Significant discretionary expenditures, such as advertising.
Research and development activities and expenditures.
Factors that influence spending levels (for example, competitive pressures, new product lines, meeting earnings
expectations, etc.).
Workforce considerations, including:
Whether the entity has recently lost one or more key employees.
Whether the entity has difficulty attracting and retaining skilled employees.
Accounting and disclosure for pensions and postemployment benefits, stock options, or bonus arrangements.
Whether there have been significant changes in the entitys workforce during the year and the impact on
operations (such as significant layoffs or hirings).
The nature of the entitys relationship with its labor force.
Whether there are indications of significant employee dissatisfaction (such as unusually high employee
turnover; numerous or significant lawsuits with current or former employees; history of strikes; or significant
adverse findings by OSHA, EEOC, or other government agencies).
Whether the entity has any union employees, and if so, the status of the current collective bargaining
agreement.
Investments
Investments and dispositions of securities and loans.
Capital investment activities, including plant and equipment and technology, and recent or planned additions or
dispositions.
Investments in nonconsolidated entities such as joint ventures, partnerships, or variable interest entities.
Use of derivatives.
Investments recorded based on managements intent.
Acquisitions, mergers, or disposals of business activities that have occurred or are planned.
The life-cycle stage of the entity (for example, start-up, growth, mature, or declining).
Impact of economic conditions on investment valuation, liquidity, retention, and similar matters.
Financing
Whether available financing is adequate to meet cash needs.
Whether the entity can obtain financing at competitive rates without unreasonable conditions.
The level of confidence of creditors and investors in the entitys financial stability or growth potential.
The strength of the balance sheet and/or performance record.
The quality of the relationship with creditors and investors.
Whether the entity is highly leveraged.
Significant leasing activity.
The existence of lending agreements with restrictive covenants.
Any potential violations of provisions of debt agreements.
The existence of guarantees, off-balance-sheet arrangements, or complex financing.
Whether the entity is exposed to changes in interest rates, foreign exchange rates, commodity prices, stock prices,
etc., that might be hedged using derivatives.
Whether the entity is able to obtain favorable terms with vendors.
Financial Reporting
Application of industry specific accounting principles or practices.
Changes in significant accounting policies, including the reasons for the change.
Whether the entitys accounting policies are consistent with GAAP (or an OCBOA).
The entitys revenue recognition policies.
Consistency with accounting principles and practices unique to the industry.
Accounting policies where there is no clear authoritative guidance or when the entity has a choice among
acceptable alternatives.
New accounting pronouncements that may effect the current financial reporting.
Methods used to account for significant, unusual, or complex transactions.
Extent and nature of accounting estimates.
Lack of personnel with appropriate accounting and financial reporting skill.
Financial statement presentation and disclosure issues.
Whether the entitys accounting policies are appropriate for its business and underlying transactions and events.
Risk factors related to the clients inability to continue as a going concern:
Lack of profitability or negative cash flow.
Whether the entity is highly leveraged.
Loss of significant customers.
Whether the entity experiences volatile operations or is in a volatile industry.
Whether the entity is in the development stage or recently started operations.
Indications of default or other violations of significant debt agreements or other critical contracts.
Information Technology, Including General Controls
The number and types of computing environments used by the entity and risks associated with those platforms,
including integration risks.
Whether systems and software are appropriate given the complexity, size, and nature of the entity and its
operations.
Whether key software applications are developed and maintained internally or by external vendors.
Lack of personnel with appropriate information technology skills.
Whether there have been any significant changes to the entitys IT equipment, software, procedures, or personnel,
including installation of new systems.
Whether the entity has procedures in place to address known weaknesses in packaged application programs.
Failure to restrict access to critical systems, data, programs, and networks.
Whether significant system upgrades are tested before they are put into production.
Failure to back up critical data and programs.
Failure to restrict physical access to critical hardware, such as telephone lines, servers, and power supply
equipment.
Whether controls exist over the development, modification, and testing of spreadsheets.
Whether contingency plans have been developed for alternative processing in the event of loss or interruption of the
IT function.
Failure to make necessary changes or upgrades to systems or programs.
Conditions that might adversely affect the entitys ability to accurately process and maintain all of its data and
systems.
Conditions that might adversely affect the entitys ability to protect its data and systems from unauthorized access,
corruption, or loss.
Reliance on systems or programs that are processing inaccurate data, processing data incorrectly, or both.
Objectives and Strategies and Related Business Risks
4. Risk factors related to the entitys ability to achieve its objectives or execute its strategies:
The types of risks management considers to be most important to the business and what controls the client has in
place to address those risks.
Industry developments that may affect the entitys ability to achieve its objectives.
Competitor activities.
Adequacy of personnel or expertise.
Prospective financing requirements.
Increased legal exposure or regulatory requirements.
Changes in product liability.
Ability to accurately estimate future demand for the entitys products or services.
New accounting requirements.
Rapid changes in technology or product obsolescence.
Compatibility of systems and processes.
Inconsistency between the entitys IT strategy and its business strategies.
Explicitly stated strategic objectives that are only moderately achieved.
Business risks that may exist if inappropriate objectives or strategies have been selected.
5. Risk factors related to the entitys measurement and review of its financial performance:
External information (for example, analysts reports, credit rating agency reports, etc.) that indicate aspects of the
entitys performance important to external parties.
Aspects of the entitys performance that management considers important.
The quality and source of information on which financial performance measures are based, especially if the auditor
intends to use the measures for other audit purposes, such as analytical procedures.
Whether the entitys internal measures have highlighted unexpected results or trends.
Whether measures considered important by management and others create pressures that may motivate
management to take actions that increase the risk of material misstatement.
The possibility that the entitys performance measurement may lead to incorrect conclusions or inappropriate
actions because information used by the entity is incomplete or inaccurate.
Other Risk Considerations
6. Other risk factors:
The trend and quality of the entitys earnings.
The trend in cash flow from operations.
Significant differences between cash flow and net income.
Any recent changes in the nature of the entitys business.
Risk factors related to the intended use of the entitys financial statements:
Whether the entity intends to register shares for a public offering in the near future.
Whether the entity intends to obtain significant new debt financing.
Whether the entity intends to use the financial statements for raising capital from other sources (such as a
private placement).
Whether the use of the financial statements creates an incentive for fraudulent misstatement.
Whether the financial statements will be used in conjunction with a proposed sale of the entity.
ASB-CX-6.2: Fraud Risk Factors
Instructions: Fraud risk factors are events or conditions that indicate the presence of incentives or pressures
to commit fraud, opportunities to carry out the fraud, or attitudes/rationalizations to justify the fraud. You are
required to consider whether information you have gathered about the entity, its operations, and its industry
indicates the presence of one or more fraud risk factors.
The risk factors presented for consideration are classified into factors related to fraudulent financial reporting
and factors related to misappropriation of assets. However, factors related to fraudulent financial reporting,
such as management dominance without compensating controls, or ineffective oversight of financial reporting,
may also be present when misappropriation occurs. The risk factors are further classified into conditions
relating to incentives/pressures, opportunities, and attitudes/rationalizations.
Consider each of the risk factors listed; however, the risk factors listed are only examples and may serve as a
memory jogger to spark your consideration of additional or different risk factors relevant to the client.
If you determine that one or more risk factors are present and warrant further consideration, document the
relevant information on ASB-CX-3.1 or ASB-CX-7.1. This form provides a reference tool for your consideration
of fraud risk factors; it is not necessary to include this form in your final engagement documentation.
Fraudulent Financial Reporting
The following fraud risk factors relate to misstatements arising from fraudulent financial reporting:
Incentives/Pressures
1. Consider whether information you have gathered about the entity, its operations, and its industry indicates incentives or
pressures for management or the owner/manager to intentionally misstate the financial statements. In doing so, consider
risk factors such as the following:
a. Conditions that indicate the financial stability or profitability of the entity may be threatened by economic, industry,
or operating conditions, such as:
(1) The entity is experiencing a high degree of competition or market saturation and declining margins.
(2) The entitys industry is experiencing high vulnerability to rapid changes such as changes in technology,
product obsolescence, or interest rates.
(3) The entitys industry is declining with increased business failures and significant declines in customer demand.
(4) The entity is facing the threat of imminent bankruptcy or foreclosure.
(5) The entity is having difficulty in generating cash flows from operations even while reporting earnings and
earnings growth.
(6) The entity has experienced unusually rapid growth or profitability, especially when compared with other entities
in the same industry.
(7) The entity is subject to new accounting, statutory, or regulatory requirements that could impair the entitys
profitability or financial stability.
(8) The entity is experiencing conditions as a result of the general economy such as decreased sales and
operating margins, inability to obtain financing, and similar issues.
b. Conditions that indicate excessive pressure on management or the owner/manager to meet the requirements or
expectations of third parties, such as:
(1) Management or the owner/manager commits to creditors (or similar significant third parties) to achieve unduly
aggressive or unrealistic forecasts.
(2) The entity is under significant pressure to obtain additional capital in order to stay competitive, such as funds
for research and development or capital expenditures.
(3) The entity is unusually dependent on debt financing or has a marginal ability to meet debt repayment terms.
(4) The entitys financing agreements have debt covenants that are difficult to maintain.
(5) The entity could face perceived or real adverse consequences on a significant pending transaction (such as a
pending financing arrangement, business combination, or contract award) if poor financial results are reported.
c. Conditions that indicate managements, the board of directors, or the owner/managers personal net worth may be
threatened by the entitys financial performance, such as:
(1) Management or the owner/manager has a significant financial interest in the entity that could be threatened by
potentially adverse entity financial performance.
(2) If there is an absentee owner, a significant portion of managements compensation depends on bonuses, or
other incentives, the value of which is dependent on the entity meeting aggressive performance targets (for
example, budget, profit, cash flow, or other financial or operating goals).
(3) The entity is experiencing a poor or deteriorating financial condition and management or the owner/manager
has personally guaranteed significant debts of the entity.
d. Management or the owner/manager puts excessive pressure on operating personnel to meet financial targets, such
as sales or profitability incentive goals (for example, for sales personnel).
e. There is a significant interest by management or the owner/manager in minimizing reported earnings for
tax-motivated reasons.
f. There is a significant interest by management or the owner/manager in minimizing reported earnings or assets for
other reasons (for example, to minimize the apparent value of the entity in a dispute with a co-owner, divorcing
spouse, etc.).
Opportunities
2. Consider whether information you have gathered about the entity, its operations, and its industry indicates opportunities
for management or the owner/manager to intentionally misstate the financial statements. In doing so, consider risk
factors such as the following:
a. Conditions related to the nature of the entitys industry or operations that provide opportunities to engage in
fraudulent financial reporting, such as:
(1) The entity engages in significant related-party transactions not in the ordinary course of business (including
transactions with related entities that are unaudited or audited by another firm).
(2) The entity has a strong financial presence or ability to dominate an industry sector that allows it to dictate terms
or conditions to suppliers or customers that may result in inappropriate or non-arms-length transactions.
(3) The entity has assets, liabilities, revenues, or expenses based on significant estimates that involve subjective
judgments or uncertainties that are difficult to corroborate.
(4) The entity has significant, unusual, or highly complex transactions (particularly those close to year-end) that
are difficult to assess for substance over form.
(5) The entity has significant operations located or conducted in foreign jurisdictions where differing business
environments and cultures exist.
(6) The entity has significant bank accounts (or subsidiary or branch operations) in tax-haven jurisdictions for
which there does not appear to be a clear business justification.
b. There is ineffective monitoring of management as a result of circumstances such as the following:
(1) If the entity is not owner-managed, management is dominated by a single individual or small group without
compensating controls.
(2) If the entity is not owner-managed, there is ineffective oversight over financial reporting and internal control by
the owner, board of directors, or audit committee.
c. Conditions that indicate a complex or unstable organizational structure, such as:
(1) It is difficult to determine the organization or individual(s) that control the entity.
(2) The entity has an overly complex organizational structure involving unusual legal entities or lines of managerial
authority.
(3) There has been a high turnover in management-level employees, counsel, or board members.
d. There are deficiencies in internal control components as a result of circumstances such as the following:
(1) Management or the owner/manager fails to adequately monitor internal controls over the financial reporting
process.
(2) There have been high turnover rates or management or the owner/manager continues to employ ineffective
accounting or information technology (IT) personnel.
(3) Management or the owner/manager continues to utilize ineffective accounting systems, especially those with
significant known deficiencies in internal control.
Attitudes/Rationalization
3. Consider whether information you have gathered about the entity, its operations, and its industry indicates
attitudes/rationalizations on the part of management or the owner/manager to intentionally misstate the financial
statements. In doing so, consider risk factors such as the following:
a. Conditions that indicate attitudes/rationalizations on the part of board members, management or the
owner/manager, or employees to engage in or justify fraudulent financial reporting, such as:
(1) Management or the owner/manager fails to effectively define, communicate, implement, support, or enforce
the entitys values or ethics.
(2) Management or the owner/manager communicates or demonstrates inappropriate values or ethics.
(3) Nonfinancial management or personnel excessively participate in (or demonstrate an excessive preoccupation
with) the determination of significant estimates or selection of accounting principles.
(4) The entity has a known history of violations of laws and regulations.
(5) The entity has a known history of claims against the entity, management or the owner/manager, or board
members alleging fraud or violations of laws and regulations.
(6) There is an excessive interest by management or the owner/manager in maintaining or increasing the entitys
earnings trend.
(7) Management or the owner/manager routinely commits to third parties to achieve aggressive or unrealistic
forecasts.
(8) Management or the owner/manager fails to correct known significant deficiencies in internal control on a timely
basis.
(9) There is an interest by management or the owner/manager in employing inappropriate means to minimize
reported earnings for tax-motivated reasons.
(10) Management or the owner/manager continually attempts to justify marginal or inappropriate accounting on the
basis of materiality.
(11) There is a significant interest by management or the owner/manager in minimizing reported earnings or assets
for other reasons (for example, to minimize the apparent value of the entity in a dispute with a co-owner,
divorcing spouse, etc.).
(12) Management or the owner/manager undervalues the importance of the accounting function and financial
reporting.
b. Situations indicating a strained relationship between management or the owner/manager and the current or
predecessor auditor, such as:
(1) Frequent disputes on accounting, auditing, or reporting matters.
(2) Unreasonable demands, such as unreasonable time constraints on completion of the audit.
(3) Restrictions (formal or informal) that inappropriately limit access to people or information (or inappropriately
limit communication with the board of directors or audit committee, if the entity has one).
(4) Domineering behavior by management or the owner/manager, especially involving attempts to influence the
scope of the auditors work or the selection of personnel assigned to the audit team.
(5) Other situations indicating a strained relationship between management or the owner/manager and the current
or predecessor auditor.
Attitudes/rationalizations are difficult to observe. However, if you become aware of their existence, consider them
when identifying risks of material misstatement due to fraud.
The following fraud risk factors relate to misstatements arising from misappropriation of assets. The extent to which the
auditor considers the risk factors related to incentives/pressures, opportunities arising from control deficiencies, and
attitudes/rationalizations is influenced by the degree to which assets susceptible to misappropriation are present. In addition,
some of the risk factors related to fraudulent financial reporting may also be present with misappropriation.
Incentives/Pressures
4. Consider whether information you have gathered about the entity, its operations, and its industry indicates incentives or
pressures for management or employees to misappropriate assets. In doing so, consider risk factors such as the
following:
a. Personal financial obligations (such as obligations arising from addictions or abuse related to gambling, alcohol,
drugs, or other illicit activities) create pressure on management or employees, with access to assets susceptible to
misappropriation, to misappropriate those assets.
b. Conditions that indicate adverse relationships between the entity and its employees with access to assets
susceptible to misappropriation, such as:
(1) Known or anticipated future employee layoffs.
(2) Unfavorable recent or anticipated changes in employee compensation or benefit plans.
(3) Failure to receive promotions or other expected rewards.
(4) Hostile management style and similar working conditions.
Opportunities
5. Consider whether information you have gathered about the entity, its operations, and its industry indicates opportunities
for management or employees to misappropriate assets. In doing so, consider risk factors such as the following:
a. Conditions that indicate an increased susceptibility of assets to misappropriation (including unauthorized
disbursements or unauthorized trading in securities), such as:
(1) The entity maintains or processes large amounts of cash.
(2) The entitys inventory is easily susceptible to misappropriation (for example, due to small size, high value, or
high demand).
(3) The entity has assets that are easily convertible to cash (such as bearer bonds, diamonds, or computer chips).
(4) The entity has fixed assets that are easily susceptible to misappropriation (for example, due to small size,
portability, marketability, or lack of ownership identification).
b. Conditions that indicate possible deficiencies in the entitys internal controls over assets susceptible to
misappropriation, such as:
(1) There is a lack of appropriate segregation of duties that is not mitigated by other factors (such as effective
owner/manager oversight). An example might be a lack of segregation of duties relating to cash disbursements
that is not mitigated by effective management oversight of the bank reconciliation process, including having
someone in authority receive the bank statement directly from the bank, unopened.
(2) There is a lack of management or owner/manager oversight of assets susceptible to misappropriation (for
example, inadequate supervision of remote locations).
(3) The entity lacks job applicant screening procedures when hiring employees with access to assets susceptible
to misappropriation.
(4) The entity has inadequate recordkeeping over assets susceptible to misappropriation.
(5) The entity lacks an appropriate system for authorizing and approving transactions (for example, in purchasing
or payroll disbursements).
(6) The entity lacks an appropriate system for authorizing and approving the use of entity credit cards.
(7) There are poor physical safeguards over assets susceptible to misappropriation (for example, inventory not
stored in a secured area, cash or investments kept in unlocked drawers, or unprotected passwords).
(8) The entity fails to reconcile asset accounts on a timely basis.
(9) There is a lack of timely and appropriate documentation of transactions affecting assets susceptible to
misappropriation (for example, processing of credits for inventory returns).
(10) Vacations for employees in key control functions are not mandatory.
(11) Management or the owner/manager has an inadequate understanding of IT that enables IT employees to
perpetrate misappropriation.
(12) There is a lack of adequate access control over automated records, including controls over and review of
computer systems event logs (for example, the audit trail functionality of standardized accounting software
packages is not used or can be turned off by employees).
Attitudes/Rationalizations
6. Consider whether information you have gathered about the entity, its operations, and its industry indicates
attitudes/rationalizations on the part of management or employees to misappropriate assets. In doing so, consider risk
factors such as the following:
a. Conditions that indicate attitudes/rationalizations on the part of management or employees to engage in or justify
misappropriation of assets:
(1) Employees with access to assets susceptible to misappropriation disregard the need to adequately monitor
and safeguard assets.
(2) Management disregards the need to adequately monitor and safeguard assets.
(3) Employees with access to assets susceptible to misappropriation disregard internal controls designed to
prevent or detect misappropriation, for example, by overriding controls or failing to correct known deficiencies
in controls.
(4) Employees with access to assets susceptible to misappropriation are dissatisfied with the entity.
(5) The auditor has observed unusual changes in behavior or lifestyle that may indicate assets have been
misappropriated to support this behavior or lifestyle.
Attitudes/rationalizations are difficult to observe. However, if you become aware of their existence, consider them
when identifying risks of material misstatement due to fraud.
ASB-CX-7: Risk Assessment
ASB-CX-7.1: Risk Assessment Summary Form
Instructions
This form is designed for identifying significant audit areas, documenting the risks of material misstatement affecting each
area (including fraud risks or other significant risks), assessing those risks, selecting an audit approach that is appropriately
tailored to respond to the assessed level of risk, and documenting the linkage of the assessed risks to the audit procedures
that respond to those risks. Your risk assessments should take into account materiality, the results of preliminary analytical
procedures, information obtained about the entity and its environment, including its internal control, the consideration of
fraud, engagement team discussions, results of engagement acceptance or continuance procedures, other engagements
performed for the entity, and any other sources that provide information relevant to identifying and assessing risks. You need
to be familiar with the concepts in Chapter 4 before completing this form.
Document risks of material misstatement at the overall financial statement level and the planned responses in Part I. Indicate
whether the overall risks are fraud risks or other significant risks.
Complete the risk assessment summary table in Part II as follows (also considering any overall risks assessed in Part I):
Column Instructions
Significant Audit Area? An audit area includes the related account balances, transaction classes, and disclosures. An audit area generally is
significant if it contains a significant transaction class, material account balance, fraud risk or other significant risk, or
requires significant disclosures. Place a check mark in the box for each audit area that is considered significant. See
discussion beginning at paragraph 403.20.
Audit Area Space is provided at the end of the risk assessment summary table to add audit areas unique to the client or to
describe specific risks related to matters such as related party transactions, subsequent events, significant estimates,
or disclosures.
Identified Risks/Assertions
Affected
Based on your understanding of the entity obtained when performing risk assessment procedures and the
conclusions reached at ASB-CX-3.1, list in the space provided (1) any specifically identified risk that is of a magnitude
that could result in material misstatement of the financial statements and (2) the related assertions.
There is a presumption that you will identify improper revenue recognition due to fraud as a risk of material
misstatement.
Indicate If Significant Risk Indicate if the identified risk of material misstatement is a fraud risk or other significant risk by placing an F in this
column if the risk is a fraud risk or an S in this column if the risk is a significant risk other than a fraud risk. If the risk
is not a fraud risk or other significant risk, leave the column blank. When considering whether an identified risk is a
significant risk, determine if it relates to (a) significant economic, accounting, or other developments needing specific
attention; (b) complex transactions; (c) significant related party transactions; (d) measurements that are subjective or
uncertain, especially estimates with a high degree of uncertainty; or (e) significant transactions outside the normal
course of business or that otherwise appear unusual. Treat significant related party transactions outside the normal
course of business as significant risks. See discussion beginning at paragraph 403.28.
Risk Assessment
Documentation Approach
Assess the risk of material misstatement at the relevant assertion level. For audit areas that are not significant, or for
significant areas where you have not identified any specific risks, it may be appropriate and more efficient to
document the risk assessment for the audit area as a whole. If that is done, the risk assessment is assumed to be the
same for all assertions and ought to be the highest level of risk for any assertion in the area. (Auditors need to
exercise caution when documenting the assessment at the audit area level. Failure to consider the level of risk
related to each assertion could result in an inappropriate response.) However, for significant audit areas where you
have identified one or more specific risks, document the risk assessment at the assertion level. When documenting
the risk assessment at the assertion level, make an assessment for each relevant assertion regardless of whether you
have identified any specific risks related to that assertion. See discussions beginning at paragraph 403.11
paragraph 403.39. Consider the following assertions when making your risk assessments:
Existence or Occurrence (E/O)
Completeness (C)
Column Instructions
Rights or Obligations (R/O)
Accuracy or Classification (A/CL)
Valuation or Allocation (V)
Cutoff (CO)
I/R Document the assessed level of inherent risk as high, moderate, or low. See discussion beginning at
403.40.
C/R Document the assessed level of control risk as high, moderate, or low based on the understanding of internal control
and, if applicable, tests of controls documented at ASB-CX-10.1. See discussion beginning at paragraph 40
Assessed RMM Document the combined assessed risk of material misstatement (RMM) as high, moderate, or low. See discussion
Audit Approach Select the audit approach that is responsive to the assessed risk of material misstatement, and tailor the auditor
programs as necessary. Obtain more persuasive audit evidence the higher the risk assessment. Regardless of the
risk assessment, you should perform substantive procedures for all relevant assertions for each material class o
transactions, account balance, and disclosure. In addition, you should perform substantive procedures specifically
responsive to significant risks. When the response to significant risks consists only of substantive procedures,
perform some tests of details rather than relying on only analytical procedures. Determining the audit approach is
Comments Provide comments as considered necessary about the risk assessment, planned responses, or to clarify the linkage
between risks and responses.
Risk Assessment Summary Form
Completed by: Date: Approved by: Date:
Part IOverall Risks and Responses
Describe overall risks (that is, risks at the financial statement level that may affect many assertions) and your planned
responses. Examples of overall risks include weaknesses in the control environment, changes in management, lack of entity
expertise necessary to prepare the financial statements, going concern considerations, related party transactions, motivation
by management to fraudulently misstate the financial statements, etc. Responses may include consideration of staffing,
increasing the level of supervision, use of a specialist, changing the timing of procedures, etc.
Identified Risk
Indicate If Significant Risk
(S = Significant, F = Fraud) Responses
Identified Risk
Indicate If Significant Risk
(S = Significant, F = Fraud) Responses
Part IIRisk Assessment Summary
Document your specific risk assessments and your planned responses by completing the following table:
Risks of Material Misstatement Risk Assessment
Significant
Audit
Area?
(n nn n=Yes)
Audit
Area
Identified
Risks/Assertions
Affected
Indicate If
Significant
Risk
(S=Significant,
F=Fraud)
Risk
Assessment
Documen-
tation
Approach
I/R
(H,M,L)
a
C/R
(H,M,L)
a
Assessed
RMM
(H,M,L)
a, b
Audit
Approach
(L, B, E, S)
Cash
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
AR/
Sales
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Inventory/C
ost of Sales
(including
Inventory
Observatio
n)
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Property
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Investment
s and
By Audit Area:
or
Significant
Audit
Area?
(n nn n=Yes)
Audit
Area
Identified
Risks/Assertions
Affected
Indicate If
Significant
Risk
(S=Significant,
F=Fraud)
Risk
Assessment
Documen-
tation
Approach
I/R
(H,M,L)
a
C/R
(H,M,L)
a
Assessed
RMM
(H,M,L)
a, b
Audit
Approach
(L, B, E, S)
Derivatives
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other
Assets
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Accounts
Payable
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other
Liabilities
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Notes
Payable/Lo
ng-term
Debt
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Income
Taxes
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Equity
By Audit Area:
or
By Assertion:
Significant
Audit
Area?
(n nn n=Yes)
Audit
Area
Identified
Risks/Assertions
Affected
Indicate If
Significant
Risk
(S=Significant,
F=Fraud)
Risk
Assessment
Documen-
tation
Approach
I/R
(H,M,L)
a
C/R
(H,M,L)
a
Assessed
RMM
(H,M,L)
a, b
Audit
Approach
(L, B, E, S)
E/O
C
R/O
V
A/CL
CO
Inc./Exp.
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other:
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other:
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
If you did not identify improper revenue recognition as a fraud risk in the risk assessment summary table, document the
reasons supporting your conclusion.

Notes:
a
You may make an overall, or combined, assessment of the risk of material misstatement at the assertion level by
completing only the Assessed RMM column, or make separate assessments of inherent risk and control risk and then
combine them as discussed in note b.
b
Based on the assessed levels of inherent and control risk, the combined assessed RMM may be determined as follows:
Inherent Risk Control Risk = Risk of Material Misstatement
High High High
High Moderate High
High Low Moderate
Moderate High Moderate
Low High Low
Moderate or Low Moderate Low
Moderate or Low Low Low
Use your judgement in determining the combined risk of material misstatement. See Exhibit 4-8.
c
Possible audit approaches are as follows:
L (Limited Procedures) = Preliminary analytical procedures, other risk assessment procedures, and final analytical
procedures are considered sufficient. (This approach is not appropriate for significant audit areas.) No additional audit
program is needed.
Core Audit Programs
B (Basic Procedures) = The basic procedures in the core audit programs are sufficient. This approach includes primarily
substantive analytical procedures (includes some tests of details, many of which are required by professional standards).
If you plan to perform procedures in the basic program to respond to an identified risk, document that response in the
comments column. (This approach is generally not appropriate for fraud risks or other significant risks.)
E (Extended Procedures) = Basic substantive procedures plus selected extended procedures (procedures for additional
assurance) or other audit procedures are needed for this audit area or assertion. If this approach is selected, go to the
appropriate core audit program and select or develop extended procedures (procedures for additional assurance) or
other audit procedures to respond to the risks at the relevant assertion level.
Specified Risk Audit Programs
S (Specified Risk) = A set of substantive audit programs based on certain underlying risk assumptions at the assertion
level for each audit area. Based on your risk assessment, you may need to modify the existing procedures or
supplement procedures in the specified risk programs with procedures from the Basic, Extended or Other Procedures
sections of the core audit programs.
d
Information that clarifies how the audit programs/procedures have been tailored to respond to your risk assessment.
Descriptions of the procedures that will be performed to specifically respond to fraud risks or other significant risks.
Information about the nature, timing, or extent of further audit procedures in response to other identified risks.
Whether you plan to perform procedures in the Basic Procedures section of the audit programs to respond to an
identified risk.
A reference to where tests of controls are performed.
ASB-CX-7.2: Inherent Risk Assessment Form
Completed by: Date:
Instructions: This form may be used to assist with your assessment of inherent risk (discussed in section 403). While this form is optional, it can be
used as a tool to identify and document the factors that significantly influence inherent risk. For each audit area, indicate whether the inherent risk
factors represent a high (H), moderate (M), or low (L) level of risk for the relevant assertions or for the audit area as a whole, depending on your risk
assessment approach documented on ASB-CX-7.1 (Alternatively, you may place a checkmark for those factors that significantly influence inherent
risk for each assertion or audit area.) Based on the significance of the identified inherent risk factors, assess overall inherent risk as high, moderate,
or low and document your overall assessment at ASB-CX-7.1. Space is provided for comments, if desired, on the factors or assessments reflected in
the table.
Audit Area
a
Risk
Assessment
Approach
a
Inherent Risk Factors
Engagement
Risk
b
Accounting
Issues
c
Auditing
Issues
d
Prior Period
Misstatements
e
Susceptibility
to Fraud
f
Accounting
Personnel
g
Need for
Judgment
h
Nature of
Items
i
Complexity
j
Cash
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
AR/Sales
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Inventory/Co
st of Sales
(including
Inventory
Observation)
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Property
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Investments
and
By Audit Area:
or
Audit Area
a
Risk
Assessment
Approach
a
Engagement
Risk
b
Accounting
Issues
c
Auditing
Issues
d
Prior Period
Misstatements
e
Susceptibility
to Fraud
f
Accounting
Personnel
g
Need for
Judgment
h
Nature of
Items
i
Complexity
j
and
Derivatives
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other Assets
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Accounts
Payable
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other
Liabilities
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Notes
Payable/Lon
g-term Debt
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Income
Taxes
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Equity
By Audit Area:
or
By Assertion:
E/O
C
Audit Area
a
Risk
Assessment
Approach
a
Engagement
Risk
b
Accounting
Issues
c
Auditing
Issues
d
Prior Period
Misstatements
e
Susceptibility
to Fraud
f
Accounting
Personnel
g
Need for
Judgment
h
Nature of
Items
i
Complexity
j
R/O
V
A/CL
CO
Inc./Exp.
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Other
By Audit Area:
or
By Assertion:
E/O
C
R/O
V
A/CL
CO
Notes:
a
Use a risk assessment approach consistent with your documentation on ASB-CX-7.1.
b
The effect of risk factors that were identified on ASB-CX-3.1.
c
The complexity and contentiousness of accounting issues.
d
The frequency or significance of difficult-to-audit transactions or disclosures.
e
The nature, cause, and materiality of misstatements detected in prior audits.
f
The susceptibility to fraud, including both misappropriation of assets and fraudulent financial reporting.
g
The competence and experience of personnel assigned to process data or make decisions.
h
The extent of judgment or estimates involved.
i
The size and volume of items comprising the account balances or transaction classes.
j
The complexity of calculations.
ASB-CX-8: Planning Substantive Procedures
ASB-CX-8.1: Planning Worksheet to Determine Extent of Substantive Procedures
Completed by: Date:
Account Balance or Transaction Class:
Assertion(s):
Part 1Initial Calculation
a. Total account balance $
b. Individually significant dollar items [amount = $
calculated at ASB-CX-2)]

d. Remaining balance [a. (b. + c.)] $
e. Tolerable misstatement (ASB-CX-2) $
Part 2Consideration of Remaining Balance
items in Step 2.]
with respect to d.
same assertion(s), consider whether those other substantive procedures provide adequate audit assurance with
respect to d.
a. Account balance (see 3a.) $
Amount used: $
c. Unusual items (see 3c.)
d. Remaining balance [a.(b. + c.)] $
e. Tolerable misstatement (see 3e.) $
Part 3Summary of Testing to Be Performed
8. Briefly describe the audit procedures to be applied to individually significant items.

sampling will be used, complete ASB-CX-8.2.

Completed by: Date:
Assertion(s):
Part 1Planning

Units Amount
a. Items to be examined 100% (individually significant items). $
b. Population being sampled. $
c. Total of account balance or transaction class (a+b). $




6. Sample selection method to be used: Haphazard Random Systematic
7. Tolerable misstatement (from ASB-CX-2): $
8. One-third of tolerable misstatement (one-third of Step 7): $
deferrals made to close the books.): $
population.
(Step 1b.) $
(Step 7) $
Risk
factor
= Sample
size
misstatement of the relevant assertions for the account or transaction class (or portion thereof) from which the sample
auditor.]
RISK FACTORS
Other Substantive Procedures Risk
Risk of Material Misstatement High Moderate Low
High 3.0 2.3 1.9
Low 1.9 1.2 0.9
1.20 (or other judgmentally determined multiplier up to 2.0).
Part 2Evaluation
12. Dollar amount of misstatements noted in the sample: $ $
13. Dollar amount of the sample: $ $
1(132)
$ $
14. Projected misstatement [(Step 12 Step 13) Step 13a.]
$ $ $
15. Dollar amount of misstatements noted in items tested 100%
(dollar amount of misstatements found when testing Step
1a.): $
16. Total factual and projected misstatement (Step 14 + Step
15):
2(133)
$

Yes No
tested? Yes No
20. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size, asking the client
to investigate and correct misstatements, or modifying the nature, timing, or extent of planned substantive procedures,
because of test results and (b) the effect of misstatements on other aspects of the audit:

ASB-CX-8.3: Sampling Worksheet for Testing Account Coding and Classifications
Completed by: Date:
Instructions: This form may be used when the purpose of the audit procedure is to test information
processing (for example, transaction processing such as account coding and classification). If the purpose of
the test is to substantiate the total of a transaction class, use the sampling form at ASB-CX-8.2. If the purpose
of the sampling procedure is solely to test the operating effectiveness of controls, use the sampling form at
ASB-CX-10.2. You need to understand the concepts explained in section 706.
1. Transaction class being tested:
2. Transaction test is being made to assess the following aspects of processing:

3. A deviation for the purpose of this test is defined as:

4. If applicable, pertinent control policies and procedures being tested are:
Control Policy or Procedure Documentary Evidence Deviation Definition

5. Completeness of the transaction class has been considered by:

6. Select the appropriate sample size for the test based on the following criteria:
Sample of 25The audit procedure being applied using sampling is not the only procedure that
contributes to the objective of the test, no deviations are expected, and control policies and
procedures pertinent to the aspect of transaction processing being tested appear effective and are
being tested simultaneously.
Sample of 60The audit procedure being applied using sampling is not the only procedure that
contributes to the objective of the test, no more than one deviation is expected, and control risk is
assessed as high.
Sample method: Haphazard Random Systematic
Does the sample seem representative of the population? Yes No
Note: If the sample does not seem representative, then reselect the sample. Document the selected sample items, as
discussed at paragraph 802.10.
8. Document the results of this test below.
Number of deviations detected:
Deviation Cause

tested? Yes No
10. Describe (a) any additional procedures or changes in the audit plan, such as asking the client to investigate and correct
misstatements or modifying the nature, timing, or extent of planned substantive procedures, because of test results and
(b) the effect of deviations on other aspects of the audit:

ASB-CX-9: Analytical Procedures
ASB-CX-9.1: Substantive Analytical Procedures Worksheet
Completed by: Date:
Account or Transaction Class: Amount:
Instructions: This form may be used to document the performance of a substantive analytical procedure,
including development of an expected amount, consideration of the effectiveness of the procedure, and
evaluation of any difference. ASB-CX-9.2 can be used to document calculations of ratios. You need to be
familiar with section 505 of the Guide before using this worksheet. Also, Chapter 9 gives guidance on using
software to perform analytical procedures.
1. Describe the analytical procedure to be performed. (Describe the expectation and important matters considered in
developing it.)

2. Describe data to be used in the test and evaluate its reliability. (Indicate whether the source is external; internal
financial data; or internal nonfinancial or operating data and whether it is independent of those responsible for the
amount being tested. For internal financial or nonfinancial data, indicate how you considered its accuracy and
completeness.)

3. Indicate the degree of assurance desired from the test. (The higher the risk related to the account or transaction
class being tested by the analytical procedure, the more assurance needed from the procedure, and the more effective
the procedure needs to be. Conversely, the lower the risk, the less assurance needed from the analytical procedure, and
the less effective it can be.)
High assurance Moderate assurance Low assurance
4. Characterize the effectiveness of the test. (For instance, highly effective, moderately effective, or of limited
effectiveness. Consider the factors listed in Exhibit 5-5 in Chapter 5.)

5. Document the calculation of the expected amount. (Or cross reference to other workpapers that document the
calculation.)

Calculated expected amount $
Recorded amount
Difference $ A
Difference as a percent of tolerable misstatement
1(134)

%B
Percent difference considered acceptable without further investigation. (The
percent may range from 10% to 331/3% of tolerable misstatement. If criteria other
than this rule of thumb are used to determine significance, describe the
criteria.)
1(135)

%C
The difference (A): (check one)
Is not considered significant and is accepted without further investigation (B is
less than C if optional rule of thumb is used)
Is significant and requires investigation (B exceeds C if optional rule of thumb is
used; describe below the work done to investigate the difference)
If the difference is significant, describe the work done to investigate the difference. [Inquire of management and obtain
corroborating evidence (including the results of other audit procedures or the increased understanding of the client
obtained during the audit that corroborate the explanation). Indicate the source of the explanation and corroboration,
including whether the source is internal and/or external.]

Amount of difference satisfactorily explained $
Amount of unexplained difference $
The unexplained difference is (check one):
Acceptable
Treated as a misstatement [Cross reference to ASB-CX-12.1, ASB-CX-12.2, or
other documentation]
ASB-CX-9.2: Ratio Analysis Worksheet
Audit area:
Completed by: Date:
Instructions: This worksheet may be used to compute ratios as part of analytical procedures performed in the planning and final review stages of
the audit or analytical procedures performed as substantive procedures during the audit. It includes a source list that can be used to choose ratios
commonly used in analytical procedures for the various audit areas. You can also develop your own ratios unique to the client. The form can be
used as presented for manual computations or as a format and source list in a computer spreadsheet application. Insert the description and formula
for the ratio in the left column and use the other columns to compute the ratio. Explanations of variations from expectations or industry averages can
be documented below the ratios. This worksheet can be carried forward from year to year to develop a historical summary for comparison purposes.
ASB-CX-9.1 can be used to document the performance of analytical procedures that involve developing an expectation of a recorded amount. You
need to be familiar with Chapter 5 before using this worksheet.
Ratio Period / / Period / / Period / / Period / /
Ratio Period / / Period / / Period / / Period / /
COMMON RATIOS USED IN ANALYTICAL PROCEDURES
Ratio Computation
Accounts Receivable and Sales
Accounts receivable to current assets, total
assets, and/or net worth
Accounts receivable turnover
Accounts receivable to net credit sales
Average accounts receivable to net credit sales
Receivables by aging category to total
receivables
Allowance for doubtful accounts to accounts
receivable
Allowance for doubtful accounts to net credit
sales
Bad debt expense to net credit sales
Bad debt write-offs to average accounts
receivable
Open customer balances as a percentage of
total year-to-date sales by customer
Days sales in accounts receivables
Age of receivables
Sales returns and allowances to total sales (by
product line, geographic location, and in total)
Allowances for unissued noncash credits to
total noncash credits
Inventory and Cost of Sales
Inventory classifications (raw materials,
work-in-progress, finished goods) to total
inventory
Inventory turnover (in total and by major
product lines or divisions)
Days inventory on hand
Units sold to units in ending finished goods
inventory
Direct labor to net sales
Indirect labor to net sales
Ratio Computation
Gross profit margin (by product line or division
and in total)
Overhead costs to direct labor costs
Overhead costs to materials put into
production
Direct labor costs to materials put into
production
Materials put into production to units sold
Materials cost to cost of sales
Direct labor cost to cost of sales
Overhead cost to cost of sales
Materials cost in ending inventory
Direct labor cost in ending inventory
Overhead cost in ending inventory
Current standard costs to inflation-adjusted
prior-year standard costs
Units purchased to units sold
Average units produced per employee
Property
Allowance for depreciation to asset balance (by
asset category)
Depreciation expense to asset balance (by
asset category)
Repairs and maintenance expense to asset
balance
Investments
Investment income to average investments
Accounts Payable
Accounts payable turnover
Accounts payable days outstanding
Ratio Computation
Long-term debt to shareholders equity
Interest expense to average balance of notes
payable and long-term debt
Income Taxes
Income tax expense to pretax income
Current taxes payable to total income tax
expense
State tax expense to total income tax expense
Income and Expense
Relevant individual expense accounts to
manufacturing expense
Relevant individual expense accounts to selling
expense
Relevant individual expense accounts to
general and administrative expense
Selling, general, and administrative expense to
sales
Average compensation per employee
Benefit costs per employee
Payroll tax expense to total payroll
ASB-CX-10: Tests of Controls
ASB-CX-10.1: Test of Controls Form
Audit Area: Assertion(s):
Transaction Class(es): Location(s):
Instructions: Complete this form for each audit area and assertion for which controls will be tested for
operating effectiveness. You need to be familiar with the concepts in Chapter 6 before completing this form.
Test controls for the particular time, or throughout the period, for which reliance is planned. If different controls
were used at different times during the audit period, consider and test them separately. Only test controls that
you have determined are suitably designed and have been implemented. If sampling is used, also complete
1. Control(s) to Be Tested. Describe the control(s) to be tested, or cross-reference to other workpaper(s) that document
the understanding of the control(s). (Use the control reference from the applicable Activity and Entity-level Control
Form at ASB-CX-5.1 through ASB-CX-5.17, if completed, or, if desired, assign a sequential control reference number.)
Test controls directly related to preventing or detecting and correcting material misstatements in specific assertions.
Determine whether the controls to be tested depend upon indirect controls, and if so, consider the need to also test the
indirect controls. Because a control may be relevant to more than one transaction class, be sure to coordinate test of
control procedures for audit efficiency.
Control
Reference
Description of Control and Control Objective

2. Control(s) Tested in a Previous Audit. If a control was tested in a previous audit and found to be operating effectively,
indicate what inquiry, observation, and inspection procedures were performed this year to determine whether conditions
affecting performance of the control have significantly changed to require retesting this year, and your conclusions. If the
control has changed since last tested or mitigates a fraud risk or other significant risk, the control should be retested.
Inquiry alone is not sufficient to conclude that controls or circumstances have not changed.

When deciding whether it is appropriate to rely on audit evidence from tests of controls performed in a previous audit
and, if so, the length of time that may elapse before retesting the control, consider the effectiveness of the other
components of internal control, whether the control is manual or automated, the effectiveness of IT general controls,
the nature and extent of deviations detected in the prior period, personnel changes, whether the control should have
changed in response to changed circumstances but did not, and the risk of material misstatement and extent of
reliance on the control.
Controls that have not changed should be retested at least every third year. In addition, if a number of controls are
being rotationally tested, some controls should be tested each year. Controls that address significant or fraud risks
should be tested each year.
3. Control(s) Tested at an Interim Date. If a control was tested at an interim date, describe the additional evidence, if any,
that was obtained for the remaining period of reliance (or cross-reference to the related workpaper), including whether
there were any significant changes in internal control subsequent to the interim period.

When determining the additional evidence needed for the remaining period of reliance, consider the significance of
the assessed risks of material misstatement, the specific controls tested, changes in those controls since the interim
date (including related systems and personnel), the degree of evidence obtained in the interim period, the length of
the remaining period, the extent to which substantive procedures will be reduced, and the control environment.
4. Testing Procedures Performed. Describe the procedure(s) performed to obtain audit evidence that the control(s) is
(are) operating effectively, or cross-reference to a related workpaper that documents the testing procedures. If sampling
is performed, document the selected sample items. If deviations are detected, perform and document inquiries to
understand the cause of the deviations and their potential consequences. For controls that are not operating effectively,
consider whether an internal control deficiency exists that should be accumulated and evaluated using ASB-CX-15.1.
Control
Performed by
and Date
Control
Operating
Effectively?
Workpaper
Reference/
Comments
Control
Performed by
and Date
Control
Operating
Effectively?
Workpaper
Reference/
Comments
You should obtain audit evidence about (a) how controls were applied at relevant times during the period, (b) the
consistency of their application, (c) by whom and by what means they were applied, and (d) whether the person
performing the controls has adequate authority and competence.
The more you plan to reduce the control risk assessment or the more you plan to rely on tests of controls versus
substantive procedures, the more reliable or extensive the audit evidence that should be sought.
Observation procedures are pertinent only at a point in time and, therefore, should be supplemented by other
procedures, such as inquiry or inspection of documents, to obtain sufficient evidence. Inquiry alone does not provide
sufficient evidence about the effectiveness of a control.
If information produced by the entitys information system is used when testing controls, ensure that your
documentation describes how you considered the accuracy and completeness of that information. For example, if a
computer edit and validation report is used, how did you ensure its accuracy and completeness? If a sample is
selected from a population of sales invoices, how did you consider the completeness of the population?
Conclusion
5. The test(s) of controls documented on this form supports the following control risk assessment:
High, Moderate,
or Low
Existence or Occurrence
Completeness
Rights or Obligations
Valuation or Allocation
Accuracy or Classification
Cutoff
If the supported control risk assessment differs from the planned control risk assessment documented on the Risk
Assessment Summary Form (ASB-CX-7.1), revise the Risk Assessment Summary Form for your new control risk
assessment and consider the effect on combined risk assessment and your audit approach.
Completed or updated by: (Some auditors test controls each year. If you plan to rely on tests performed in a prior period,
carefully reconsider the factors listed and responses documented on this form in light of known changed client conditions and
document, for each engagement year, the inquiry, observation, and inspection procedures performed to determine that
conditions that would affect the performance of the control(s) had not significantly changed to require retesting. If controls are
retested, complete a new form. If the form is updated, refer to the List of Substantive Changes and Additions included with
each annual supplement of this Guide to determine whether the form has been revised in the current edition. If the form has
been revised, complete the revised form instead of updating this form.)
20____ 20____ 20____

ASB-CX-10.2: Tests of Controls Sampling Planning and Evaluation Form
Completed by: Date:
Assertion(s):
Instructions: This form is used only if the auditor chooses to use sampling in testing controls. You need to
familiar with the concepts in section 705 before completing this form. Also, complete the relevant sections of
1. Describe the controls to be tested (or refer to ASB-CX-10.1 where appropriate):
Control Objective and
Description
(or Reference to
ASB-CX-10.1) Documentary Evidence Deviation Definition

2. Describe the population and how completeness of the population was considered:

3. Sample size: Select the sample size from the following tables based on either (a) the size of the population,
expected number of deviations, and planned control risk assessment (Table 1) or (b) the frequency of operation of the
control (Table 2).
Table 1
No. of
Deviations
Low
Moderate
<100 100200 >200 <100 100200 >200
0 30 35 40 20 22 25
1 45 50 60 30 35 40
No. of
Deviations
Low
Moderate
<100 100200 >200 <100 100200 >200
2 65
a
75
a
90 45
a
50
a 60
Note:
a
total population.
Example: If the population size is 2,000 and the auditor expects to find one deviation, the auditor would plan to sample
60 items to reduce the control risk assessment to low. When evaluating the sample, if the auditor actually found two
deviations, the sample results would support a control risk assessment of moderate. If the auditor found three deviations,
the results would not support a control risk assessment below high.
Table 2
Sampling Table for Infrequently Operating Controls
Quarterly (4) 2
Monthly (12) 24
Semimonthly (24) 38
Weekly (52) 59
Selection method: Haphazard Random Systematic
Does the sample seem representative of the population? Yes No
[Note: If the sample does not seem representative, then reselect the sample. Document the selected sample items, as
discussed in Chapter 8.]
5. Document the results of your tests of controls:
Number of deviations detected:
Deviation Cause

Deviation Cause

tested? Yes No
7. Describe (a) any additional procedures or changes in the audit plan, such as extending the sample size, testing a
different control, or modifying the nature, timing, or extent of planned substantive procedures, because of test results
and (b) the effect of deviations on other aspects of the audit:

Compare the number of deviations detected (Step 5) for each control tested to Table 1 in Step 3 to identify the supported
assessed level of control risk. Also make a qualitative assessment of the nature and cause of deviations detected,
including their effect on the objective of the test and on other aspects of the audit, before reaching a conclusion about
the effectiveness of the controls. Document your supported control risk assessment at ASB-CX-10.1. [Tests of
infrequently operating controls (Table 2 in Step 3) are evaluated qualitatively.]
ASB-CX-11: Other Checklists for Performing Further Audit Procedures
ASB-CX-11.1: Inventory Counting Procedures
Entity Address: Phone Number:
Completed by: Date:
Instructions: This questionnaire is designed to document the entitys inventory counting procedures. If the
entity has written counting procedures, this questionnaire may be a useful addendum. If a question does not
apply, write N/A in the space after the question. (For entities that lack written instructions, the topics on this
form may also be used to assist the entitys management or owner/manager in planning counts and
communicating such instructions prior to the count date.)
1. Where is inventory located in the plant or store, especially individually significant items? (Draw a sketch of the plant or
store layout and identify areas of individually significant items and a brief description of the inventory. Attach additional
pages to this questionnaire if necessary.)

2. What type of document will be used to record the count (for example, a tag, a count sheet, an adding machine tape,
etc.)?

3. What information needs to be recorded on the count document to properly summarize, price, and extend the count, (for
example, product code, product description, quantity in the appropriate unit for pricing, location, special information
about obsolete or damaged items, who recorded the count, etc.)?

4. Once an inventory item has been counted, how will it be identified to prevent a duplicate count (for example, by hanging
a copy of the tag on the bin or pallet, by spray painting a mark on the item, etc.)?

5. How will the following inventory items that require special identification be counted or excluded from the count?
a. Damaged, obsolete, or slow-moving inventory?

b. Inventory on hand that belongs to another company?


c. Other (explain)?

6. How will identical items located in numerous areas be accumulated into a grand total? (This is especially critical to
determine how a test count of the item can be traced to the summarized listing.)

7. What special counting procedures or volume conversions are necessary for items stored in bulk (for example, in silos,
massive piles, etc.)?

8. How will work-in-process inventory be identified and segregated from raw material and finished goods?

9. How will the following components of work-in-process cost be counted?
a. Raw materials?

b. Direct labor cost charged to items identified as work-in-process? (Be sure that direct labor charged on a job order
for products already transferred and counted as finished goods is not used to price the remaining work-in-process.)

c. Overhead?

d. Other description of counting (if necessary)?

10. Will the plant or store be closed during the count? If not, how will the entity handle inventory moving between the stages
of production or being sold?

11. How will inventory at remote locations be counted?

12. What steps will be taken to ensure that inventory purchased and delivered to the entity immediately (usually five to ten
days) before the count is (a) recorded in the appropriate general ledger accounts before any count adjustments are
made and (b) counted during the physical inventory?

13. What steps will be taken to ensure that inventory delivered to the entity after the physical inventory is excluded from the
general ledger account balances used for comparison to and adjustment by the physical count?

14. What steps will be taken to ensure that all sales before the inventory count are (a) physically delivered and (b) properly
recorded in the appropriate general ledger accounts before any count adjustments are made?

15. What steps will be taken to ensure that all sales delivered after the inventory count are excluded from sales for the period
ending on the date of the count?

16. What procedures are used to gather count tags or sheets from the various areas of the plant or store to ensure that (a) all
major areas are properly counted or excluded from the count, (b) invalid tags or sheets are not included in the count, (c)
all tags or sheets are legible and contain adequate information for pricing, and (d) if second counts are performed that
identify discrepancies, such differences are adequately resolved?

17. Who are the entitys personnel (especially the in-charge person) involved in the count?

18. How will personnel involved in the count be instructed on count procedures and the resolution of any issues and
discrepancies that arise during the count?

19. Attach a memo, if necessary, to explain other important facets of the counting procedures.
Completed or Updated by:
20 20 20

ASB-CX-11.2: Confirmation Summary Form
Completed by: Date:
General Ledger Account (or Grouping):
Instructions: This form can be used to summarize the results of confirmation work. See section 1102. When
sampling procedures are being used, subtotals needed on ASB-CX-8.2 can be accumulated on this
confirmation summary. Note that the form allows for summarization of positive or negative confirmation results;
however, only the results of positive confirmations are carried forward to ASB-CX-8.2. The use of negative
confirmations is not a sampling application and the results should not be projected to the population.
Number
Total $ amount
of confirms
Known
misstatement
identifiedover
(under)
stated
1(136)
Positive Confirmation of Individually Significant Items
Clean replies and reconciled exceptions N/A
Unreconciled exceptions
Nonreplies
Alternative procedures identified no misstatements N/A
Alternative procedures identified misstatements
Alternative procedures waived and entire balance
considered misstated
Total positive confirmation of individually significant items
ASB-CX-8.2,
step 1a
ASB-CX-8.2,
step 15
Confirmation of Sampled Items
Upper Stratum
(If you were able to stratify, complete the summary for
both the upper and lower strata. Otherwise, complete only
the upper stratum summary.)
Clean replies and reconciled exceptions (positive confirms
only) N/A
Unreconciled exceptions on positive confirmations
Nonreplies (positive confirmations only)
Total confirmation of upper sample stratum
ASB-CX-8.2,
step 13
ASB-CX-8.2,
step 12
Number
Total $ amount
of confirms
Known
misstatement
identifiedover
(under)
stated
1(136)
Lower Stratum
Clean replies and reconciled exceptions (positive confirms
only) N/A
Unreconciled exceptions on positive confirmations
Nonreplies (positive confirmations only)
Total confirmation of lower sample stratum
ASB-CX-8.2,
step 13
ASB-CX-8.2,
step 12
Negative Confirmation
Negative confirmations not returned, or returned but
exceptions reconciled N/A
Unreconciled exceptions on negative confirmations
Total negative confirmation
Portion of account balance not confirmed
Total balance in the account
ASB-CX-11.3: Accounts Receivable Statistics Form
Instructions: This form can be used to collect information that may be useful for performing analytical
procedures on the allowance for doubtful accounts. Auditors may round amounts to the nearest $1,000. See
sections 1102 and 1103.This form may also be used as a carryforward schedule for the permanent file or audit
workpapers.
Allowance for
Doubtful Accounts: 20 20 20 20 20
Beginning of year $ $ $ $ $
AddProvision
LessWrite-offs
Adjustments
End of year $ $ $ $ $
Aging of Accounts
Receivable:
20 20 20 20 20
Amount % Amount % Amount % Amount % Amount %
Current $ $ $ $ $
31 to 60 days
61 to 90 days
91 to 120 days
Over 120 days
Total $ 100 $ 100 $ 100 $ 100 $ 100
Completed by:
20 20 20

ASB-CX-11.4: Checklist for Determining Whether a Contract Is a Derivative
Completed by: Date:
Description of Contract:
Instructions: This worksheet can be used to determine whether a contract is a derivative that is subject to the
accounting requirements for derivatives in FASB ASC 815, Derivatives and Hedging.
Part 1 addresses freestanding derivatives, that is, derivatives that are not embedded in other contracts. Part 2
addresses embedded derivatives.
Part 1Freestanding Derivatives
1. Does the contract have (a) an underlying and (b) a notional amount or a payment provision?
YES. Go to part 1, question 2.
NO. STOP. Accounting requirements for derivatives do not apply to this contract.
An underlying is a specified interest rate, security price, commodity price, foreign exchange rate, price or rate index,
or other variable. A notional amount is a specified number of currency units, shares, bushels, pounds, or other units. A
payment provision specifies a fixed or determinable settlement to be made if the underlying performs in a specified
manner. An underlying, along with either a notional amount or a payment provision, determines the settlement of a
derivative. Therefore, a derivative instrument must have at least one underlying and at least one notional amount or
payment provision (or both).
2. Does the contract require (a) no initial net investment or (b) an initial investment smaller than other types of contracts
with a similar response to changes in market factors?
3. Is the contract a commitment to originate a mortgage loan that will be held for sale?
YES. STOP. Accounting requirements for derivatives apply to this derivative contract.
NO. Go to Part 1, Question 4.
Loan commitments related to the origination of mortgage loans that will be held for sale should be accounted for as a
derivative by the issuer of the loan commitment (that is, the potential lender). The holder of such a commitment (that is,
the potential borrower) is not subject to the accounting requirements for derivatives. Loan commitments for the
origination of mortgage loans that will be held for investment or loan commitments for the origination of a loan other
than a mortgage loan are also not subject to the provisions of FASB ASC 815.
4. Does the contract meet one of the following exclusions from the scope of FASB ASC 815? (Highlight any that apply.)
a. The contract is between an acquirer and a seller to enter into a business combination at a future date.
b. The contract is a qualifying insurance contract.
Insurance policies that reimburse the holder only for losses incurred as a result of identifiable insured events
(such as traditional life insurance and property and casualty insurance policies) are not subject to FASB ASC 815.
However, some insurance policies may include investment features that are embedded derivatives.
c. The contract is a qualifying financial guarantee.
To qualify for the financial guarantee contract exclusion, the contract must meet the following requirements:
Payments to be made are solely to reimburse the guaranteed party for failure of the debtor to meet its
required payment obligations under a nonderivative contract, either at prespecified or accelerated payment
dates as a result of the occurrence of an event of default (as defined in the financial obligation covered by
the guarantee contract) or notice of acceleration being made to the debtor by the creditor.
Payment is made under the guarantee contract only if the debtors obligation to make payments as a result
of conditions as described in the first bullet above is past due.
As a precondition in the contract (or in the back-to-back arrangement, if applicable) for receiving payment of
any claim under the guarantee, the guaranteed party is exposed to the risk of nonpayment both at inception
and throughout the term of the contract either through direct legal ownership of the guaranteed obligation or
through a back-to-back arrangement with another party that is required by the back-to-back arrangement to
maintain direct ownership of the guaranteed obligation.
However, financial guarantees that do not meet the above criteria [for example, they provide for payment in
response to a change in the underlying (such as a decrease in the debtors credit rating)] are subject to FASB
ASC 815.
d. The contract prevents (1) one party from recognizing another related contract as a sale or (2) the counterparty from
recognizing a purchase.
e. The contract is (1) issued or held by the reporting entity, (2) indexed to the entitys own stock, and (3) classified in
stockholders equity in the entitys balance sheet.
f. The contract is issued by the reporting entity in connection with share-based payment arrangements subject to
FASB ASC 718, CompensationStock Compensation.
g. The contract is a forward contract that requires settlement by the reporting entitys delivery of cash in exchange for
the acquisition of a fixed number of its equity shares (forward purchase contracts for the reporting entitys shares
that require physical settlement) that are accounted for under FASB ASC 480-10-30-3 through 30-5; 480-10-35-3.
h. The contract is a normal purchase or sale.
Normal purchases and normal sales are contracts providing for the purchase or sale of assets other than financial
instruments or derivatives that will be delivered in quantities expected to be used or sold by the reporting entity
over a reasonable period in the normal course of business. To qualify as normal purchases/sales, the contract
terms must be consistent with those of an entitys normal purchases/sales (i.e., the quantity purchased or sold
must be reasonable in relation to the entitys business needs). Determining whether or not those terms are
consistent requires judgment and consideration of all relevant factors, including (1) the quantities provided under
the contract and the entitys need for the related assets, (2) the locations to which delivery of the items will be
made, (3) the period between entering into the contract and scheduled delivery, and (4) the entitys prior
practices regarding those contracts. Evidence such as past trends, expected future demand, other contracts for
delivery of similar items, common entity and industry practice for acquiring and storing the related commodities,
and an entitys operating locations can be useful in determining whether contracts qualify as normal
purchases/sales. However, contracts that have a price based on an underlying that is not clearly and closely
related to the asset being sold or purchased (such as, a contract price for the sale of a grain commodity based
partially on changes in the S&P index) or that are denominated in a foreign currency that fails to meet either of the
criteria in FASB ASC 815-15-15-10 do not qualify as normal purchases/sales.
Forward contracts can qualify for the normal purchases and sales exception. However, forward contracts that
contain net settlement provisions do not qualify as normal purchases/sales unless it is probable at inception and
throughout the contract terms that the contracts will not settle net and will result in physical delivery. Net
settlement of contracts in a group of contracts similarly designated as normal purchases/sales will call into
question the classification of all such contracts as normal purchases/sales. Contracts that require cash
settlements of gains or losses or are otherwise settled net periodically, including individual contracts that are part
of a series of contracts intended to accomplish ultimate purchase or sale of a commodity, do not qualify as
normal purchases/sales.
Freestanding options contracts that would require delivery of the related asset at an established price under the
contract only if exercised are not normal purchases and sales, unless it is a power purchase or sales agreement
that is a capacity contract under FASB ASC 815-10-15-45 through 15-51.
Forward contracts that contain optionality features that do not modify the quantity of the asset to be delivered
under the contract can qualify for the normal purchases and sales exception. Excluding power purchase or sales
agreements that meet the criteria in FASB ASC 815-10-15-45 through 15-51, option contracts that allow for
revision of the quantity of the assets to be delivered are not normal purchases and sales, unless the option
component allows the holder only to purchase or sell additional quantities at the market price at the date of
delivery.
i. The contract is a life insurance contract that is accounted for under FASB ASC 325-30, Investments in Insurance
Contracts.
This exception applies to the policyholder, not to the issuer of the life insurance contract.
j. The contract is a registration payment arrangement within the scope of FASB ASC 825-20, Registration Payment
Arrangements.
This exception applies to both (1) the issuer that accounts for the arrangement and (2) the counterparty.
k. The contract is a plan investment of a defined benefit pension plan accounted for under FASB ASC 960-325-35.
This exception applies only to the party that accounts for the contract under FASB ASC 960, Plan
AccountingDefined Benefit Pension Plans.
5. Did you highlight any of the items a.k. in part 1, question 4?
YES. STOP. Accounting requirements for derivatives do not apply to the contract.
NO. Go to part 1, question 6.
6. Does the contract require or allow net settlement, or is there a market mechanism to facilitate net settlement outside the
contract?
Net settlement means that neither party is required to deliver an asset associated with the underlying or that has a
principal amount, stated amount, number of shares, face value, or other denomination equal to the notional amount (or
equal to the notional amount plus or minus a premium or a discount). For example, the two parties in an interest rate
swap do not exchange principal.
An example of a market mechanism for net settlement is when a party to a forward contract to buy units of foreign
currency has a mechanism to immediately sell the units bought under the forward so that it only has a net receipt or
payment.
7. Is the settlement of the contract based on one of the following? (Highlight any that apply.)
a. A climatic, geological, or other physical variable?
b. The price or value of a nonfinancial asset of one of the parties that is not readily convertible to cash or a nonfinancial
liability of one of the parties that does not require delivery of an asset that is readily convertible to cash?
c. Specified volumes of sales or service revenues by one of the parties to the contract?
8. Did you highlight any of the items a.c. of part 1, question 7?
NO. STOP. Accounting requirements for derivatives apply to this derivative contract.
9. Is the contract exchange-traded?
YES. STOP. Accounting requirements for derivatives apply to this derivative contract.
10. Does the contract require delivery of a derivative instrument or an asset that is readily convertible to cash?
11. Is the contract a regular-way security trade?
YES. STOP. Accounting requirements for derivatives do not apply to this contract.
NO. STOP. Accounting requirements for derivatives apply to this derivative contract.
Trades providing for delivery of a security that is readily convertible to cash within customary timeframes established
by marketplace regulations are not subject to FASB ASC 815. For example, a contract to purchase a publicly traded
equity security on an exchange regulated by the Securities and Exchange Commission (SEC) is considered a
regular-way security trade if the contract requires settlement within three business days (the customary timeframe
established for SEC trades). A contract to purchase such a security is not a regular-way security trade if the contract
requires settlement in five days rather than three, unless the reporting entity is required to account for the contract on a
trade-date basis.
A contract for an existing security does not qualify for the regular-way security trades exception if it requires or permits
net settlement or if there is a market mechanism to facilitate net settlement of that contract (see step 6), except as
discussed in the following sentence. If an entity is required to account for a contract to purchase or sell an existing
security on a trade-date basis, and thus, recognizes the acquisition (or disposition) of the security at the inception of
the contract, then the entity shall apply the regular-way security trades exception to that contract. FASB ASC
815-10-15-17 discusses contracts for the purchase or sale of when-issued securities or other securities that do not yet
exist.
Part 2Embedded Derivatives
Certain contracts (such as bonds, insurance policies, and leases) that do not meet the definition of a derivative in FASB ASC
815 may contain embedded derivative instruments. Embedded derivatives affect the cash flow or value of other exchanges
required by the contract in a manner similar to a derivative instrument. Examples of derivatives embedded in a financial
instrument or other contract (the host contract) include a feature in:
A loan agreement that (1) permits the debtor to pay the loan prior to its maturity (a call option), (2) allows the creditor to
require the debtor to pay the loan prior to its maturity (a put option), or (3) enables either the creditor or the debtor to
require that the loan balance be converted to equity.
An equity instrument that permits the entity to buy back the equity interest (a call option) or the investor to sell it back to
the entity (a put option).
This section of the checklist can help determine whether an embedded derivative must be accounted for separately from the
host contract.
1. Is the hybrid contract (that is, the host contract and embedded derivative) already accounted for at fair value, with
changes in fair value reported in earnings?
YES. STOP. Accounting requirements for derivatives do not apply to the embedded
derivative. Account for the derivative as part of the host contract.
2. Would the embedded derivative be subject to FASB ASC 815 if it were a freestanding derivative? (See Part 1.)
NO. STOP. Accounting requirements for derivatives do not apply to the embedded
3. Are the economic characteristics and risks of the embedded derivative clearly and closely related to the host contract?
YES. STOP. Accounting requirements for derivatives do not apply to the embedded
NO. STOP. Accounting requirements for derivatives apply to this derivative contract. Account
for the embedded derivative separately from the host contract.
FASB ASC 815-15-25-16 through 25-18 provides guidance to help determine whether this criterion is met.
ASB-CX-11.5: Data Extraction Software Analysis Documentation Form
Completed by: Date:
Instructions: This form may be used to document the use of data extraction software (DES) to perform
automated audit procedures. DES is most effectively and efficiently used when its use is planned before the
engagement starts. The auditor identifies the specific objectives to be addressed and decides which DES
capabilities can efficiently satisfy those objectives. The decision to use DES is ordinarily based on the
cost/benefit of the procedures. Section 909 discusses using DES.
1. Document the following:
a. CLIENT CONTACT INFORMATION
Name: Title:
Phone Number: Email Address:
b. SYSTEM INFORMATION
Type of computer system:

Accounting software:

c. DES TIME REQUIREMENTS
Budget Actual
Planning
Data transfer
Corroboration of data
Processing of reports
Documentation of results
Total
Explanation of budget variances:

d. SUGGESTIONS FOR NEXT YEAR

AUDIT OBJECTIVES AND DATA PROVIDED BY CLIENT
Audit
Area
Audit
Objective
Reports
Produced
Data File
Name
Description of
Data File Content
Data File
Type
Method of
Data File
Transfer
Data
Corroboration
Procedures
ASB-CX-11.6: Documentation and Analysis of Group Components
Completed by: Date:
Instructions: This form can be used to document the analysis of group components, including the type of work performed on the financial
information of components, and to indicate the components for which reference to the work of a component auditor will be made in the auditors
report on the group financial statements. Identify the components and their relationship with the client (for example, subsidiary, equity method
investee, etc.) in the first column. If a component auditor is involved in the work on a component, use the next two columns to identify the
component auditor and indicate whether reference will be made to the work of the component auditor in the auditors report on the group financial
statements. For components for which reference will not be made (that is, when you will perform the work or assume responsibility for the work of a
component auditor), use the remaining columns to indicate, with a checkmark, whether a component is financially significant, significant based on
risks, or insignificant, and the type of work performed. Additional comments on the type of work, such as which specific elements were audited or a
brief description of specified audit procedures performed, can also be provided. You need to be familiar with section 904 of t
completing this form.
Component/Nature of
Relationship
Component Auditor Type of Work Performed on Components for Which Responsibility Will Be Assumed
Name
Reference
Made?
(Y or N)
Component
is Financially
Significant
Audit
Component is Significant Based on Risk
Audit
Audit of
Specific
Elements
Specified
Audit
Procedures
Approved by Group Engagement Partner: Date:
Note:
a
Other work that may be performed on insignificant components includes an audit of financial information; audit of
specific elements, accounts, or items of a financial statement; review; or specified audit procedures. Work other than
analytical procedures at the group level should be performed if sufficient evidence to support the opinion on the group
financial statements cannot be obtained from the work performed on significant components, work performed on
group-wide controls and the consolidation process, and analytical procedures at the group level. If procedures other
than analytical procedures at the group level are performed, vary the selection of components over time.
ASB-CX-12: Evaluating Audit Differences
ASB-CX-12.1: Closing Entry and Audit Adjustment Form
Completed by: Date:
Instructions: This form can be used to record normal closing entries and adjusting entries found as a result of
audit work. Use a separate sheet for each adjustment, indicate the type of adjustment, and document
discussions with the client on the bottom of the form. Post the normal closing entries to the working trial
balances and (if used) the appropriate lead schedules. Summarize the financial statement effect of each audit
adjustment at ASB-CX-12.2.
General
Ledger
Account No. Account Description
W/P
Reference Debit Credit

Explanation of Adjustment (Provide general purpose of adjustment at minimum.):

TYPE OF ADJUSTMENT
Closing Entry Audit Adjustment
(For audit adjustments, indicate whether it relates to a factual, judgmental, or projected
a
misstatement
.)
DISCUSSION WITH CLIENT
Position: Date:
Position: Date:
Client Response:

DISPOSITION OF ADJUSTMENT
Pass Book
Approved By: Date:
a
of AU-C 450, auditors may continue to use the terms of known and likely. See the discussions beginning at paragraphs
1812.3 and 1812.9 for further information regarding this change.
ASB-CX-12.2: Audit Difference Evaluation Form
Completed by: Date:
Instructions: This form may be used to accumulate audit differences (AD) greater than the amount considered clearly trivial (documented at
of ASB-CX-2). This form should not include normal closing entries. At the end of the audit, the auditor should evaluate all uncorrected audit
differences, individually and in the aggregate, in relation to individual amounts, subtotals, or totals in the financial statements and conclude on
whether they materially misstate the financial statements taken as a whole. Before evaluating the effect of uncorrected misstatements, the auditor
should reassess whether materiality is still appropriate based on the entitys actual financial results. The notes following the table provide
explanations and a listing of qualitative considerations in evaluating materiality. The form allows for quantifying the effect of misstatements using
both the rollover and iron curtain methods, as appropriate. The auditor needs to be familiar with the guidance in section 1812 before completing th
form.
Financial Statement Effect
Description
(Nature)
of Audit Difference
(AD)
Factual (F),
Judgmental
(J), or
Projected
(P)
a
Cause
Work-pa
per
Ref.
Total
Assets
Total
Liabilities
Working
Capital Equity
Income
Before
Taxes
Total
Less Audit Adjustments Subsequently Booked
Net Unadjusted ADCurrent Year (Iron Curtain Method)
Effect of Unadjusted ADPrior Years
c
Combined Current and Prior Year AD (Rollover Method)
Financial Statement Caption Totals
Current Year AD as % of FS Captions (Iron Curtain Method)
Current and Prior AD as % of FS Captions (Rollover Method)
Qualitative Factors: Describe qualitative factors that entered into your evaluation of whether uncorrected accumulated
misstatements are material, individually or in the aggregate, in relation to specific accounts and disclosures and to the
financial statements as a whole, and the reasons why.


Conclusion: Based on the results of the evaluation performed above, as well the consideration of qualitative factors,
uncorrected audit differences, individually and in the aggregate, do/ do not cause the financial statements taken as a
whole to be materially misstated.
Qualitative Considerations in Evaluating Materiality
The judgment about whether a misstatement is material is influenced by qualitative considerations as well as quantitative
considerations. The following are examples of qualitative considerations (see paragraph 1812.24):
1. Effect on other financial statement components (that is, the pervasiveness of the misstatement).
2. Effect of the misstatement on overall trends, especially trends in profitability, such as a misstatement that reverses a
downward trend of earnings or changes a loss into income.
3. Significance of the financial statement element or portion of the entitys business affected by the misstatement.
4. Effect of the misstatement on the entitys compliance with loan covenants, other contractual agreements, or regulatory
provisions.
5. The existence of statutory or regulatory requirements affecting materiality thresholds.
6. A misstatement that affects managements compensation (for example, meeting an earnings target might trigger a
bonus).
7. The sensitivity of the circumstances (such as implications of misstatements involving fraud, possible violations of laws
and regulations, violations of contractual provisions, or conflicts of interest).
8. The effects of misclassifications that could be significant to the financial statement users.
9. Significance of the misstatement or disclosures in relation to known user needs (for example, a misstatement that could
have a significant effect on the calculation of purchase price if the entity is being acquired).
10. The character of the misstatement (for example, the precision of the audit differences).
11. Motivation of management.
12. Offsetting effects of individually significant misstatements.
13. Potential effect on future periods.
14. Cost of making the correction.
15. Risk of possible additional undetected misstatements.
a
of AU-C 450, auditors may continue to use the terms of known and likely and put a K or L in this column. See the
discussions beginning at paragraphs 1812.3 and 1812.9 for further information regarding this change.
b
Income taxes and net income effect may be calculated in total for all audit differences combined rather than for each
individual audit difference.
c
The effects, if any, of prior year unadjusted audit differences on current year assets, liabilities, and ending equity need to
be reflected as current year audit differences and separately identified in the Description column. This line is used only
for prior year unadjusted audit differences that reverse in the current year under the rollover method that have no effect
on current year assets, liabilities, or ending equity. See the discussion beginning at paragraph 1812.33.
ASB-CX-13: Disclosure Requirements for Financial Statements of Nonpublic Companies
Prepared by: Date:
Explanatory Comments
The following is a list of the primary disclosure requirements for financial statements of a nonpublic company (organized for
profit) as required by generally accepted accounting principles. Obligors of conduit debt securities that are traded in a public
market should make the additional disclosures that are required for public companies by GAAP. Note, this is a disclosure
checklist, not a GAAP application checklist; accordingly, GAAP application, presentation, and measurement questions are
generally not included.
Most checklist questions include the relevant citation of the FASB Accounting Standards Codification (FASB ASC). The
Codification is the single source of authoritative nongovernmental U.S. accounting and reporting standards (other than SEC
guidance). The Codification superseded all other accounting standards. This checklist incorporates Accounting Standards
Updates of the FASB Accounting Standards Codification. In addition, as a convenience to checklist users, citations have been
provided to previous standards superseded by the Codification, including Statements of Financial Accounting Standards
(SFAS), Financial Accounting Standards Board Interpretations (FIN), Opinions of the Accounting Principles Board (APB),
Accounting Research Bulletins (ARB), FASB Technical Bulletins (FTB), AICPA Statements of Position of the Accounting
Standards Division (SOP), AICPA Industry Audit and Accounting Guides, consensus positions of the FASB Emerging Issues
Task Force (EITF), Practice Bulletins of the AICPA Accounting Standards Executive Committee (AcSEC PB), AICPA
Accounting Interpretations (AI), FASB Qs and As (QA), and FASB Staff Positions (FSP).
An occasional reference is made to Statements on Auditing Standards (AU sections) published by the AICPA. Disclosure
guidelines for certain financial statement items, e.g., going concern, are in auditing pronouncements. Inclusion of those
disclosures without regard to whether the financial statements are audited or unaudited is generally accepted practice.
Some checklist questions do not cite a specific authoritative reference but indicate that the disclosure is accepted practice.
Most companies disclose that information even though a specific requirement in authoritative literature cannot be identified.
This checklist is divided into two parts: Part IMost Frequent Disclosures, and Part IIOther Disclosures. See separate
instructions for Part I and Part II.
Additional disclosures may be required for companies in certain industries as discussed in the Specialized
Accounting and Reporting Principles section in Part I of this checklist. In addition, PPC publishes a supplemental
industry disclosure checklist for construction contractors and homebuilders. See PPCs Guide to Construction
Contractors. (The supplemental checklist presents only the disclosures unique to the particular industry. It should
only be used in conjunction with this checklist.)
This checklist is current through Accounting Standards Update No. 2011-12 (December 2011).
For a list of disclosures required by subsequent standards, visit ppc.thomsonreuters.com and access the 5 Minute Update
in the Accounting & Auditing section.
PART IMOST FREQUENT DISCLOSURES
Instructions
Part I should be completed in its entirety. A block j has been provided for each major disclosure caption. If the major caption
is not applicable to your client, simply place a (n) in the block. It will then not be necessary to check N/A for each question
under the major caption. Otherwise, respond to each question with a (n) in the appropriate column: (1) Yesdisclosure
made; (2) Noitem present but no disclosure made (any item checked No should be explained in the checklist or in a
separate memorandum); or (3) N/Aeither the item is not present or it is immaterial to the financial statements.
BALANCE SHEET
Current Assets
Cash
Notes and Accounts Receivable
Marketable Debt and Equity Securities
Available-for-sale, Held-to-maturity, and Trading Securities
Cost Method Investments
Impaired Securities or Cost Method Investments
Inventories
Property and Equipment
Current Liabilities (Except Income Taxes)
Notes Payable, Long-term Debt, and Other Obligations
Convertible Debt
Income Taxes
Income TaxesGeneral
Income Tax Expenses
Income Tax Assets and Liabilities
Unrecognized Tax Benefits
Tax Carryforwards and Investment Tax Credits
Consolidated Tax Return
Stockholders (Members) Equity
Stockholders EquityGeneral
Preferred Stock
Treasury Stock
Accumulated Other Comprehensive IncomePeriods Ending on or before December 15, 2012
Accumulated Other Comprehensive IncomePeriods Ending afterDecember 15, 2012
STATEMENT OF INCOME
Revenues and Expenses
Extraordinary Items
Comprehensive IncomePeriods Ending on or before December 15, 2012
Comprehensive IncomePeriods Ending after December 15, 2012
STATEMENT OF CASH FLOWS
GENERAL FINANCIAL STATEMENT DISCLOSURES
Date of Managements Review
Nature of Operations
Use of Estimates
Accounting Policies
Related-party Transactions and Common Control
Pension and Postretirement Benefit PlansDefined Contribution
Leases in Statements of Lessees
LesseesGeneral
Operating Leases
Capital Leases
Sale-leaseback Transactions
Fair Value Measurements
Fair Value MeasurementsPeriods Beginning on or before December 15, 2011
Fair Value MeasurementsPeriods Beginning after December 15, 2011
Financial Instruments
Concentrations of Credit Risk
Fair Value of Financial Instruments
Other Commitments
Contingencies, Risks, and Uncertainties
Contingencies
Significant Estimates Other Than Contingencies
Concentrations
Guarantees and Product Warranties
Going Concern
Illegal Acts
Changes in Presentation of Comparative Statements
Subsequent Events
OTHER POSSIBLE DISCLOSURES
Specialized Accounting and Reporting Principles
Part II Disclosures
Subsequent Pronouncements Issued
Disclosure Made?
Yes No N/A
BALANCE SHEET j jj j
CURRENT ASSETS j jj j
1. If a classified balance sheet is used, is a total of current assets presented?
(Accepted practice)
CASH j jj j
1. Are restrictions on cash properly disclosed (FASB ASC 440-10-50-1) (formerly
SFAS No. 5, paras. 18 and 19) and are restricted amounts appropriately
segregated from other cash items, showing restricted cash as a noncurrent asset if
appropriate? (FASB ASC 210-10-45-4) (formerly ARB No. 43, ch. 3A, para. 6)
2. Are material bank overdrafts presented as a separate caption among current
liabilities? Similarly, are material dollar amounts of held checks (checks on the
bank reconciliation but not released until after the balance sheet date) reclassified
as accounts payable? (Accepted practice)
3. Are significant concentrations of credit risk arising from cash deposits in excess of
federally insured limits disclosed? (See FINANCIAL
INSTRUMENTSConcentrations of Credit Risk.)
NOTES AND ACCOUNTS RECEIVABLE j jj j
1. Are all significant categories of receivables presented separately in the balance
sheet or disclosed; e.g., trade receivables, tax refunds, contract termination claims,
advance payments on purchases, etc.? (Amounts due from officers, employees,
directors, stockholders, or affiliates, and loans or trade receivables held for sale,
should be presented separately on the balance sheet.) (FASB ASC 310-10-45-2;
310-10-45-13; 310-10-50-3) (formerly ARB No. 43, ch. 1A, para. 5 and SOP 01-6,
para. 13)
2. Are amounts due from affiliates or subsidiaries classified as current only if they are
collectible in the ordinary course of business within a year? (FASB ASC
310-10-45-9; 210-10-45-1) (formerly ARB No. 43, ch. 3A, para. 4)
Disclosure Made?
Yes No N/A
3. Is the allowance for doubtful accounts (also referred to as the allowance for credit
losses) disclosed? (FASB ASC 310-10-50-1A; 310-10-50-4) (formerly SOP 01-6,
para. 13)
4. Is the carrying amount and classification of receivables that serve as collateral for
borrowings disclosed? (FASB ASC 310-10-50-5; 860-30-50-1A) (formerly SFAS No.
5, paras. 1819 and SOP 01-6, para. 13)
5. Are unearned income, unamortized discounts and premiums, net unamortized
deferred fees and costs, and imputed interest related to receivables appropriately
disclosed? (FASB ASC 310-10-50-4; 835-30-45-2) (formerly SOP 01-6, para. 13;
APB No. 21, para. 16)
6. For transfers of receivables with recourse reported as sales, do the transferors
financial statements disclose the proceeds to the transferor during each period for
which an income statement is presented? (Accepted practice)
7. Is the aggregate amount of gains or losses on sales of receivables (including
recorded unrealized gains and losses) presented separately in the financial
statements or disclosed in the notes to the financial statements? (FASB ASC
860-20-50-5) (formerly SOP 01-6, para. 13)
8. Are contingent liabilities associated with sold or discounted receivables disclosed
(guarantees to repurchase receivables or related property)? (FASB ASC
460-10-50-2) (formerly SFAS No. 5, para. 12)
9. For years ending on or after December 15, 2011, has an analysis been presented
(by class of financing receivable) of the age of the recorded investment in financing
receivables at the end of the reporting period that are past due, as determined by
the entitys policy? (This disclosure does not apply to trade accounts receivable,
other than credit card receivables, with a contractual maturity of one year or less
that arose from the sale of goods or services; receivables measured at fair value
with changes in fair value reported in earnings; receivables measured at lower of
cost or fair value; or loans acquired with deteriorated credit quality.) (FASB ASC
310-10-50-5A and 50-5B; 310-10-50-7A and 50-7B)
10. Is the following disclosed about nonaccrual and past due financing receivables as
of each balance sheet date presented: (For years ending on or after December 15,
2011, this disclosure should be presented by class of financing receivable, except
for trade accounts receivable, other than credit card receivables, with a contractual
maturity of one year or less that arose from the sale of goods or services;
receivables measured at fair value with changes in fair value reported in earnings;
and receivables measured at lower of cost or fair value. This disclosure does not
apply to loans acquired with deteriorated credit quality.) (FASB ASC 310-10-50-5A
and 50-5B; 310-10-50-7) (formerly SOP 01-6, para. 13; ASU 2010-20)
a. Recorded investment in financing receivables on nonaccrual status?
b. Recorded investment in financing receivables past due ninety days or more
and still accruing?
11. Are foreclosed and repossessed assets not subsequently to be used in operations
presented separately in the financial statements or disclosed in the notes to the
financial statements? (FASB ASC 310-10-45-3; 310-10-50-11) (formerly SOP 01-6,
para. 13)
12. Are significant concentrations of credit risk arising from receivables disclosed?
(See FINANCIAL INSTRUMENTSConcentrations of Credit Risk.)
Disclosure Made?
Yes No N/A
(See FINANCIAL INSTRUMENTSConcentrations of Credit Risk.)
13. If impairment of loans has been recognized, have the appropriate disclosures been
made? (See LENDING ACTIVITIES AND LOAN PURCHASESImpaired Loans.)
MARKETABLE DEBT AND EQUITY SECURITIES j jj j
Available-for-sale, Held-to-maturity, and Trading Securities j jj j
1. Are separate disclosures of the following made by major security type for securities
classified as available-for-sale as of each date for which a balance sheet is
presented: (FASB ASC 320-10-50-2) (formerly SFAS No. 115, para. 19)
a. Amortized cost basis?
b. Aggregate fair value?
c. Total other-than-temporary impairment recognized in accumulated other
comprehensive income?
d. Total gains for securities with net gains in accumulated other comprehensive
income?
e. Total losses for securities with net losses in accumulated other
Major security type should be determined based on the nature and risks of the
security, and considering the activity or business sector, vintage, geographic
concentration, credit quality, and economic characteristic for particular security
types. (FASB ASC 320-10-50-1B) (formerly SFAS No. 115, para. 19)
For example, financial institutions (such as banks, credit unions, and insurance
entities) should provide disclosures for the following major security types,
although additional types may also be necessary: (1) equity securities
(segregated by industry type, company size, or investment objective), (2) debt
securities issued by the U.S. Treasury and other U.S. government corporations
and agencies, (3) debt securities issued by U.S. states and political subdivisions
of the states, (4) debt securities issued by foreign governments, (5) corporate
debt securities, (6) residential mortgage-backed securities, (7) commercial
mortgage-backed securities, (8) collateralized debt obligations, and 9) other
debt obligations. (FASB ASC 942-320-50-2) (formerly SFAS No. 115, para. 19)
2. Are separate disclosures of the following made by major security type for securities
classified as held-to-maturity as of each date for which a balance sheet is
a. Amortized cost basis?
b. Aggregate fair value?
c. Gross unrecognized holding gains?
d. Gross unrecognized holding losses?
e. Net carrying amount?
f. Total other-than-temporary impairment recognized in accumulated other
Disclosure Made?
Yes No N/A
g. Gross gains and losses in accumulated other comprehensive income for any
derivatives that hedged the forecasted acquisition of the held-to-maturity
securities?
FASB ASC 320-10-50-1B and 942-320-50-2 (formerly SFAS No. 115, para. 19)
provide guidance on determining major security types.
3. If individual amounts for the three categories of investments are not presented on
the balance sheet, are they disclosed in the notes and reconciled to the reporting
classifications used in the balance sheet? (FASB ASC 320-10-45-13) (formerly
SFAS No. 115, para. 117)
4. Have investments in available-for-sale securities and trading securities been
reported separately on the face of the balance sheet from similar assets that are
not subsequently measured at fair value by either (a) presenting the aggregate of
those fair value and non-fair-value amounts in the same line item and
parenthetically disclosing the amount of fair value included in the aggregate
amount or (b) presenting two separate line items to display the fair value and
non-fair-value carrying amounts? (FASB ASC 320-10-45-1) (formerly SFAS No.
115, para. 17)
5. Are separate disclosures of the following made for all investments in debt
securities classified as available-for-sale or as held-to-maturity: (FASB ASC
320-10-50-2, 50-3, and 50-5) (formerly SFAS No. 115, para. 20)
a. Information about the contractual maturities as of the most recent balance
sheet presented (disclosure can be by appropriate groups)?
b. Method used to allocate securities into maturity groups, if necessary?
Financial institutions should disclose the fair value and net carrying amount (if
different from fair value) of the investments based on at least four maturity
groupingswithin one year, after one year through five years, after five years
through 10 years, and after 10 years. (FASB ASC 942-320-50-3) (formerly SFAS
No. 115, para. 20)
6. For each period for which an income statement is presented, have the following
been disclosed: (FASB ASC 320-10-50-9) (formerly SFAS No. 115, para. 21)
a. Proceeds from sales of securities available for sale?
b. Gross realized gains and losses that have been included in earnings as a
result of sales of securities available for sale?
c. Method used to determine the cost of a security sold or the amount
reclassified out of accumulated other comprehensive income into earnings
(average cost or other method)?
d. Gross gains and gross losses included in earnings from transfers of securities
from the available-for-sale category into the trading category?
e. Amount of the net unrealized holding gain or loss on securities available for
sale that has been included in accumulated other comprehensive income for
Disclosure Made?
Yes No N/A
the period?
f. Amount of gains and losses on available-for-sale securities reclassified out of
accumulated other comprehensive income into earnings for the period?
g. Portion of trading gains and losses for the period that relates to trading
securities still held at the balance sheet date?
7. For each period for which an income statement is presented, have the following for
sales of or transfers from securities classified as held-to-maturity been disclosed:
(FASB ASC 320-10-50-10) (formerly SFAS No. 115, para. 22)
a. Net carrying amount of the sold or transferred security?
b. Net gain or loss in accumulated other comprehensive income for any
derivative that hedged the forecasted acquisition of the held-to-maturity
security?
c. Related realized or unrealized gain or loss?
d. Circumstances leading to the decision to sell or transfer the security?
Cost Method Investments j jj j
8. Has the following information been disclosed for cost method investments as of
each date for which a balance sheet is presented: (FASB ASC 325-20-50-1)
(formerly FSP FAS 115-1 and FAS 124-1, para. 18)
a. The aggregate carrying amount of all cost method investments?
b. The aggregate carrying amount of cost method investments that the investor
did not evaluate for impairment?
c. If applicable, the fact that the fair value of a cost method investment is not
estimated if there are no identified events or changes in circumstances that
may have a significant adverse effect on the fair value and the investor does
not estimate the fair value of financial instruments either because (1) it is not
practicable to estimate fair value or (2) the investor is exempt from estimating
fair value?
Impaired Securities or Cost Method Investments j jj j
9. Has the following been disclosed if a loss has not been recognized in earnings for
impaired available-for-sale securities, held-to-maturity securities, or investments in
equity securities accounted for using the cost method: (FASB ASC 320-10-50-6
and 50-7) (formerly FSP FAS 115-1 and FAS 124-1, para. 17) (NOTE: The following
disclosure is also required when a portion of the other-than-temporary impairment
has been recognized in earnings and a portion recognized in other comprehensive
income.)
a. As of each date for which a balance sheet is presented, quantitative
information aggregated by major security type and cost method investments,
presented in tabular form and segregated by investments that have been in a
loss position for less than 12 months and those that have been in a loss
position for 12 months or longer, that includes:
(1) Aggregate amount of unrealized losses?
(2) Aggregate fair value of investments with unrealized losses?
Disclosure Made?
Yes No N/A
b. As of the date of the most recent balance sheet presented, narrative
information that was considered in reaching the conclusion that the
impairments are not other-than-temporary, including (1) the nature of the
investment, (2) the cause of the impairment, (3) the number of investment
positions in an unrealized loss position, (4) the severity and duration of the
impairment, and (5) other evidence considered relevant?
10. When an other-than-temporary impairment of a debt security is recognized and
only the amount related to a credit loss is recognized in earnings, has the following
been disclosed: (FASB ASC 320-10-50-8A and 50-8B) (formerly FSP FAS 115-1
and FAS 124-1, paras. 18A and 18B)
a. Methodology and significant inputs used to measure the credit loss by major
security type?
b. A tabular rollforward of the amount related to credit losses recognized in
earnings that includes, at a minimum:
(1) The beginning balance of the amount related to credit losses on debt
securities held at the beginning of the period for which a portion of an
other-than-temporary impairment was recognized in other
(2) Additions for the amount related to the credit loss for which an
other-than-temporary impairment was not previously recognized?
(3) Reductions for securities sold during the period (realized)?
(4) Reductions for securities where the amount previously recognized in
other comprehensive income was recognized in earnings because the
investor intends to sell the security or more likely than not will be
required to sell the security before recovery of its amortized cost basis?
(5) Additional increases to the amount related to the credit loss for which an
other-than-temporary impairment was previously recognized when the
investor does not intend to sell the security and it is not more likely than
not that the investor will be required to sell the security before recovery of
its amortized cost basis?
(6) Reductions for increases in cash flows expected to be collected that are
recognized over the remaining life of the security?
(7) The ending balance of the amount related to credit losses on debt
securities held at the end of the period for which a portion of an
other-than-temporary impairment was recognized in other
INVENTORIES j jj j
1. Is the basis for stating inventories disclosed, including the method of determining
cost? (FASB ASC 235-10-50-4; 330-10-50-1) (formerly ARB No. 43, ch. 4,
Statement 8 and APB No. 22, para. 13)
2. Have the nature and effect on income (if material) of any significant changes in the
basis for stating inventories been disclosed? (FASB ASC 330-10-50-1) (formerly
ARB No. 43, ch. 4, para. 15)
3. If goods are stated above cost, has that fact been disclosed? (FASB ASC
330-10-50-3) (formerly ARB No. 43, ch. 4, Statement 9)
Disclosure Made?
Yes No N/A
330-10-50-3) (formerly ARB No. 43, ch. 4, Statement 9)
4. Are unusual losses from lower of cost or market adjustments disclosed separately
from cost of goods sold in the income statement? (FASB ASC 330-10-50-2)
(formerly ARB No. 43, ch. 4, para. 17)
5. If practicable, are the major classes of inventories, such as finished goods,
work-in-process, materials, and supplies disclosed? (Accepted practice)
6. For conformity with IRS Regulations for entities using LIFO, are disclosures of
annual income, profit, or loss on any inventory basis other than LIFO excluded
from presentation on the face of the financial statements? (Such disclosures may
be made only in the notes to the financial statements or in a supplementary
schedule.) [CAUTION: Read IRS Reg. 1.472-2(e) to become familiar with LIFO
conformity disclosure and reporting subtleties.]
PROPERTY AND EQUIPMENT j jj j
1. Are the following disclosed relating to depreciable assets: (FASB ASC
360-10-50-1) (formerly APB No. 12, para. 5)
a. Balances of major classes of depreciable assets, by nature or function, at the
balance sheet date?
b. Accumulated depreciation, by class or in total, at the balance sheet date?
c. A general description of the method or methods used in computing
depreciation with respect to major classes of depreciable assets?
d. Depreciation expense for the period?
2. Is the carrying amount of property not a part of long-term operating assets, e.g.,
idle or held for investment, segregated? (Accepted practice)
3. If property and equipment is impaired or is being held for disposal, have the
appropriate disclosures been made? (See IMPAIRED LONG-LIVED ASSETS AND
LONG-LIVED ASSETS TO BE DISPOSED OF.)
CURRENT LIABILITIES (EXCEPT INCOME TAXES) j jj j
1. If a classified balance sheet is used, is a total of current liabilities presented?
2. Are significant categories segregated, e.g., accounts payable, accrued expenses,
customer deposits, dividends payable, interest payable, amounts due to officers or
employees? (Accepted practice)
3. If the entity has not accrued compensated absences because the amount cannot
be reasonably estimated, has that fact been disclosed? (FASB ASC 710-10-50-1)
(formerly SFAS No. 43, para. 6)
4. If real and personal property tax accruals are subject to a substantial measure of
uncertainty, has the liability been disclosed as an estimate? (FASB ASC
720-30-45-1) (formerly ARB No. 43, ch. 10A, para. 16)
NOTES PAYABLE, LONG-TERM DEBT, AND OTHER OBLIGATIONS j jj j
Notes Payable and Long-term Debt j jj j
Disclosure Made?
Yes No N/A
1. Are significant categories of debt identified in the balance sheet or related notes,
e.g., notes to banks, mortgage notes, or related party notes? (Accepted practice)
2. Are interest rates, maturity dates, subordinate features (Accepted practice),
pledged assets, and restrictive covenants (FASB ASC 440-10-50-1) (formerly SFAS
No. 5, paras. 1819) disclosed?
3. If assets have been pledged as collateral but not separately reported in the
balance sheet (for example, as securities pledged to creditors) have the carrying
amounts and classifications of those assets and the related liabilities (including
qualitative information about the relationship between the assets and liabilities)
been disclosed as of the latest balance sheet presented? (FASB ASC
860-30-50-1A) (formerly SFAS No. 140, para. 17)
4. If a note is noninterest bearing or has an unreasonable stated interest rate: (FASB
ASC 835-30-45-1A through 45-3) (formerly APB No. 21, para. 16)
a. Is the discount or premium presented as a deduction from or addition to the
face amount of the note?
b. Does the description of the note include the effective interest rate and is its
face amount disclosed?
c. Is amortization of the discount or premium reported as interest in the income
statement?
5. If a classified balance sheet is presented: (FASB ASC 210-10-45-8 and 45-9;
470-10-45-1; 470-10-50-2) (formerly ARB No. 43, ch. 3A, paras. 78; and EITF
86-30)
a. Are current portions of debt obligations presented as current liabilities?
b. Does the current liability classification include obligations that, by their terms,
are due on demand or will be due on demand within one year (or operating
cycle, if longer) from the balance sheet date, even though liquidation may not
be expected within that period?
c. Does the current liability classification include long-term obligations that are or
will be callable by the creditor either because the debtors violation of a
provision of a debt agreement at the balance sheet date makes the obligation
callable or because the violation, if not cured within a specified grace period,
will make the obligation callable unless (1) the creditor has waived or
subsequently lost the right to demand payment for more than one year from
the balance sheet date or (2) it is probable the debtor will cure the violation
within the grace period?
d. If obligations callable by the creditor because the debtor was in violation of
the debt agreement at the balance sheet date are classified as long-term
obligations because it is probable the debtor will cure the violation within the
specified grace period, are the circumstances disclosed?
6. Are the combined aggregate amounts of maturities and sinking fund requirements
for all long-term borrowings disclosed for each of the five years following the date
of the latest balance sheet presented? (FASB ASC 470-10-50-1) (formerly SFAS
No. 47, para. 10)
7. If a short-term obligation expected to be refinanced is excluded from current
liabilities, do disclosures include: (FASB ASC 470-10-50-4) (formerly SFAS No. 6,
Disclosure Made?
Yes No N/A
para. 15)
a. General description of the financing agreement?
b. Terms of any new obligation incurred or expected to be incurred, or equity
securities issued or expected to be issued as a result of the refinancing?
8. If the likelihood of acceleration of long-term debt with a subjective acceleration
clause is other than remote, and the debt has not been reclassified as current, has
existence of the clause been disclosed? (FASB ASC 470-10-45-2; 470-10-50-3)
(formerly FTB 79-3, para. 3)
9. For liabilities measured at fair value and issued with an inseparable third-party
credit enhancement (for example, a third-party debt guarantee), has the existence
of that credit enhancement been disclosed? (FASB ASC 820-10-50-4A) (formerly
EITF 08-5; ASU 2011-04)
Convertible Debt j jj j
10. Are conversion features for convertible debt appropriately accounted for and
disclosed? (Accepted practice)
11. For convertible debt instruments that may be settled in cash (or other assets) upon
conversion, unless the embedded conversion option is accounted for as a
derivative, have the following been disclosed in annual statements where the
instruments are outstanding: (FASB ASC 470-20-50-3 through 50-6) (formerly FSP
APB-14-1, paras. 3033)
a. For each balance sheet presented:
(1) The carrying amount of the equity component?
(2) The principal amount of the liability component, its unamortized
discount, and its net carrying amount?
b. For the most recent balance sheet presented:
(1) The remaining period that any discount on the liability component will be
amortized?
(2) The conversion price and the number of shares on which the aggregate
consideration to be delivered upon conversion is determined?
(3) Information about derivative transactions entered into in connection with
the issuance of the convertible debt instruments including (i) the terms of
those derivative transactions, (ii) how those derivative transactions relate
to the instruments, (iii) the number of shares underlying the derivative
transactions, and (iv) the reasons for entering into those derivative
transactions?
c. For each period for which an income statement is presented:
(1) The effective interest rate on the liability component for the period?
(2) The interest cost recognized relating to both the contractual interest
coupon and amortization of the discount on the liability component?
INCOME TAXES j jj j
Disclosure Made?
Yes No N/A
Income TaxesGeneral j jj j
1. If the entity is an S corporation, partnership, or proprietorship, do disclosures
explain why income tax expense is not recorded? (Accepted practice)
2. Has a description of tax years that remain subject to examination by major tax
jurisdictions been disclosed? (FASB ASC 740-10-50-15) (formerly FIN 48, para. 21)
3. Have the nature and effect of any significant matters affecting comparability of
information for all periods presented been disclosed if not otherwise apparent from
other disclosures in this section? (FASB ASC 740-10-50-14) (formerly SFAS No.
109, para. 47)
Income Tax Expenses j jj j
4. Has the amount of income tax expense or benefit allocated to the following items
been disclosed for each year for which they are presented: (FASB ASC
740-10-50-10; 250-10-50-9) (formerly SFAS No. 109, para. 46 and APB No. 9, para.
26)
a. Continuing operations?
b. Discontinued operations?
c. Extraordinary items?
d. Other comprehensive income?
e. Items charged or credited directly to stockholders equity?
5. Have the following significant components of income tax expense attributable to
continuing operations been disclosed for each year presented either in the
financial statements or notes: (FASB ASC 740-10-50-9) (formerly SFAS No. 109,
para. 45)
a. Current tax expense or benefit?
b. Deferred tax expense or benefit, exclusive of the effects of other components
listed in items (c)(h)?
c. Investment tax credits?
d. Government grants to the extent recognized as a reduction of income tax
expense?
e. Benefits of operating loss carryforwards?
f. Tax expense that results from allocating certain tax benefits directly to
contributed capital?
g. Adjustments of a deferred tax asset or liability for enacted changes in tax laws
or rates or a change in the entitys tax status?
h. Adjustments of the beginning-of-the-year balance of a valuation allowance
because of a change in circumstances that causes a change in judgment
about the realizability of the related deferred tax asset in future years?
6. Have significant reconciling items between income tax expense attributable to
continuing operations for the year and the amount of income tax expense that
would result from applying domestic federal statutory rates to pretax income from
Disclosure Made?
Yes No N/A
continuing operations been disclosed? (FASB ASC 740-10-50-11; 740-10-50-13)
7. Have the total amounts of interest and penalties recognized in the income
statement and balance sheet been disclosed for each period presented? (FASB
ASC 740-10-50-15) (formerly FIN 48, para. 21)
Income Tax Assets and Liabilities j jj j
8. Are the following amounts appropriately classified in the balance sheet:
a. Taxes currently payable or refundable? (FASB ASC 210-10-45-1; 210-10-45-8)
(formerly ARB No. 43, ch. 3A)
b. Current and noncurrent deferred tax assets and liabilities, including a
valuation allowance, if any, related to deferred tax assets? (FASB ASC
740-10-45-4 and 45-5) (formerly SFAS No. 109, para. 41)
9. Within each tax jurisdiction (e.g., federal, state, and local), have current deferred
tax assets and liabilities been offset and presented as a single amount and
noncurrent deferred tax assets and liabilities been offset and presented as a single
amount? (FASB ASC 740-10-45-6) (formerly SFAS No. 109, para. 42)
10. If the entity includes more than one taxpaying component, have the net current
deferred tax asset or liability and the net noncurrent deferred tax asset or liability
within each tax jurisdiction been shown separately for each taxpaying component?
11. Have the following components of the net deferred tax asset or liability recognized
in the balance sheet been disclosed: (FASB ASC 740-10-50-2) (formerly SFAS No.
109, para. 43)
a. Total deferred tax liability for all taxable temporary differences?
b. Total deferred tax asset for all deductible temporary differences, operating
loss carryforwards, and tax credit carryforwards?
c. Total valuation allowance recognized for deferred tax assets?
12. Has the net change during the year in the total valuation allowance been
disclosed? (FASB ASC 740-10-50-2) (formerly SFAS No. 109, para. 43)
13. Have the types of temporary differences and carryforwards that result in significant
portions of deferred tax assets (before allocation of a valuation allowance) or
liabilities been disclosed? (FASB ASC 740-10-50-8) (formerly SFAS No. 109, para.
43)
14. Has any portion of the valuation allowance for deferred tax assets for which
subsequently recognized tax benefits will be allocated directly to contributed
capital been disclosed? (FASB ASC 740-10-50-3) (formerly SFAS No. 109, para.
48)
Unrecognized Tax Benefits j jj j
15. Are liabilities (or reduction in amounts refundable) for unrecognized tax benefits
appropriately classified in the balance sheet? (FASB ASC 740-10-45-11 and 45-12)
(formerly FIN 48, paras. 17 and 18)
16. At the end of each annual reporting period, have the following been disclosed for
positions for which it is reasonably possible that the total amounts of unrecognized
Disclosure Made?
Yes No N/A
positions for which it is reasonably possible that the total amounts of unrecognized
tax benefits will significantly increase or decrease within 12 months of the reporting
date: (FASB ASC 740-10-50-15) (formerly FIN 48, para. 21)
a. The nature of the uncertainty?
b. The nature of the event that could occur in the next 12 months that would
cause the change?
c. An estimate of the range of the reasonably possible change or a statement
that an estimate of the range cannot be made?
Tax Carryforwards and Investment Tax Credits j jj j
17. Have the amounts and expiration dates of operating loss and tax credit
carryforwards for tax purposes been disclosed? (FASB ASC 740-10-50-3) (formerly
18. Do disclosures regarding investment tax credits include: (FASB ASC 740-10-50-3;
740-10-50-20) (formerly SFAS No. 109, para. 48; APB No. 4, para. 11; and AI-APB
4, No. 2)
a. The accounting method used and the amounts involved?
b. Amounts of any unused investment credits and expiration dates?
Consolidated Tax Return j jj j
19. If the entity is part of a group that files a consolidated tax return, have the following
amounts been disclosed in its separately issued financial statements: (FASB ASC
a. The aggregate amount of current and deferred tax expense for each income
statement presented?
b. The amount of any tax-related balances due to or from affiliates as of the date
of each balance sheet presented?
c. The principal provisions of the method by which the consolidated amount of
current and deferred tax expense is allocated to members of the group?
d. The nature and effect of any changes in the method of allocating current and
deferred tax expense to members of the group and in determining the related
balances due to or from affiliates during each year for which the disclosures in
(a) and (b) above are presented?
STOCKHOLDERS (MEMBERS) EQUITY j jj j
Stockholders EquityGeneral j jj j
1. Are classes of capital stock presented in order of priority in liquidation? (Accepted
practice)
2. Are the legal title of securities; par or stated values; and number of shares
authorized, issued, and outstanding disclosed? (Accepted practice)
3. Are changes in separate accounts comprising stockholders equity (including
retained earnings) and changes in the number of shares of equity securities during
at least the most recent annual fiscal period and any subsequent interim period
Disclosure Made?
Yes No N/A
presented disclosed? (FASB ASC 505-10-50-2) (formerly APB No. 12, para. 10)
4. Are changes in the equity accounts of S corporations, partnerships, and
proprietorships, including limited liability companies and limited liability
partnerships, disclosed? (FASB ASC 272-10-45-1) (formerly AcSEC PB No. 14,
para. 8; Accepted practice)
5. Have the pertinent rights and privileges of the various securities outstanding,
including contingently convertible securities, been disclosed (for example, a
description of dividend and liquidation preferences, participation rights, call prices
and dates, conversion or exercise prices or rates and pertinent dates, sinking fund
requirements, unusual voting rights, and significant terms of contracts to issue
additional shares)? (FASB ASC 505-10-50-2 and 50-3) (formerly SFAS No. 129,
para. 4; EITF 98-5; and FSP FAS 129-1)
6. Has the number of shares issued upon conversion, exercise, or satisfaction of
required conditions during the most recent annual period (and any subsequent
interim period presented) been disclosed? (FASB ASC 505-10-50-3) (formerly
7. Has the amount of redemption requirements been disclosed, separately by issue
or combined, for all issues of capital stock that are redeemable at fixed or
determinable prices on fixed or determinable dates in each of the five years
following the latest balance sheet presented? (FASB ASC 505-10-50-11) (formerly
Preferred Stock j jj j
8. Has the liquidation preference of preferred stock that has a preference in
involuntary liquidation considerably in excess of its par or stated value been
disclosed? [The disclosure should be in the aggregate (versus per share) and
made in the equity section of the balance sheet rather than the notes.] (FASB ASC
9. Have the aggregate or per-share amounts at which preferred stock may be called
or redeemed been disclosed? (FASB ASC 505-10-50-5) (formerly SFAS No. 129,
para. 7)
10. Have the aggregate and per-share amounts of arrearages in cumulative preferred
dividends been disclosed? (FASB ASC 505-10-50-5) (formerly SFAS No. 129, para.
7)
Treasury Stock j jj j
11. Have the number of treasury shares and the basis of carrying the stock been
disclosed? (Accepted practice)
12. Have restrictions of state laws related to purchasing treasury stock, if any, been
disclosed? (FASB ASC 505-30-50-2) (formerly ARB No. 43, Ch. 1B, para. 11A and
13. If treasury stock is purchased for purposes other than retirement or if the ultimate
disposition has not been decided:
a. Has the cost been shown separately as a deduction from stockholders
equity, or
b. Has the par value of the shares been charged to the specific stock issue and
the difference charged or credited to additional paid-in capital? (An excess of
Disclosure Made?
Yes No N/A
the difference charged or credited to additional paid-in capital? (An excess of
purchase price over the par value and any amount charged to additional
paid-in capital should be charged to retained earnings. Alternatively, the
excess may be charged entirely to retained earnings.) (FASB ASC
505-30-45-1) (formerly ARB No. 43, Ch. 1B, para. 7)
14. If the purchase of treasury stock also involves the receipt or payment of
consideration in exchange for stated or unstated rights or privileges, have the
allocation of amounts paid and the accounting treatment for such amounts been
disclosed? (FASB ASC 505-30-50-4) (formerly FTB 85-6, paras. 3 and 16)
Accumulated Other Comprehensive IncomePeriods Ending on or before
December 15, 2012 j jj j
NOTE: The following requirements are effective prior to the adoption of ASU 2011-05,
Comprehensive Income (Topic 220): Presentation of Comprehensive Income, which is
effective for fiscal years ending after December 15, 2012, and interim and annual
periods thereafter. However, early adoption is permitted.
15. Is each classification of accumulated other comprehensive income presented
either (a) on the face of the balance sheet as a separate component of equity, (b)
on the statement of changes in equity, or (c) in the notes to the financial
statements? (FASB ASC 220-10-45-14) (formerly SFAS No. 130, para. 26)
16. Are amounts in other comprehensive income relating to held-to-maturity and
available-for-sale debt securities for which a portion of an other-than-temporary
impairment has been recognized in earnings presented separately in the financial
statement where the components of accumulated other comprehensive income
are reported? (FASB ASC 320-10-45-9A) (formerly FSP FAS 115-1 and FAS 124-1,
para. 16C)
17. Have the following been separately disclosed as part of the disclosures of
accumulated other comprehensive income: (FASB ASC 815-30-50-2) (formerly
a. The beginning and ending accumulated derivative gain or loss?
b. The related net change associated with current period hedging transactions?
c. The net amount of any reclassification into earnings?
Accumulated Other Comprehensive IncomePeriods Ending after
December 15, 2012 j jj j
NOTE: The following requirements are effective for fiscal years ending after December
15, 2012, and interim and annual periods thereafter. The revised requirements should
be applied retrospectively and there are no transition disclosures. Early adoption is
permitted.
18. Is accumulated other comprehensive income presented within the equity section
separately from retained earnings and additional paid in capital? (FASB ASC
220-10-45-14) (formerly SFAS No. 130, para. 26, ASU 2011-05)
19. Are the changes in the accumulated balances for each component of other
comprehensive income either (a) presented on the face of the financial statements
or (b) disclosed in the notes to the financial statements? (Information about the
changes in the accumulated balances should agree with the components of other
comprehensive income shown in the statement in which other comprehensive
Disclosure Made?
Yes No N/A
income for the period is presented.) (FASB ASC 220-10-45-14A)
20. Are amounts in accumulated other comprehensive income relating to
held-to-maturity and available-for-sale debt securities for which a portion of an
other-than-temporary impairment has been recognized in earnings presented
separately in the financial statement where the components of accumulated other
comprehensive income are reported? (FASB ASC 320-10-45-9A) (formerly FSP
FAS 115-1 and FAS 124-1, para. 16C)
21. Have the following been separately disclosed as part of the disclosures of
STATEMENT OF INCOME j jj j
(Some income statement disclosures have already been addressed in the section on
balance sheet related disclosures.)
REVENUES AND EXPENSES j jj j
1. Are the major categories of revenue and expense items, such as sales, cost of
goods sold, and selling and administrative expenses, shown separately on the face
of the income statement? (Accepted practice)
2. Are sales or operating revenues shown net of discounts, allowances, etc.?
(Accepted practice)
3. Are sales revenues and cost of goods sold shown net of estimated returns? (FASB
ASC 605-15-45-1) (formerly SFAS No. 48, para. 7)
4. Are cost of goods sold and expenses shown net of purchase discounts?
(Accepted practice)
5. For each accounting period presented, have the following been disclosed: (FASB
ASC 835-20-50-1 and 470-40-25-4) (formerly SFAS No. 34, para. 21, and SFAS No.
49, para. 9)
a. The total amount of interest costs incurred, with separate identification of
interest costs associated with product financing arrangements?
b. The total amount of interest charged to expense?
c. The total amount of interest capitalized?
6. Are all accrued net losses on firm purchase commitments for inventory separately
disclosed in the income statement? (FASB ASC 330-10-50-5) (formerly ARB No.
43, ch. 4, para. 17)
7. Are total other-than-temporary impairment losses presented separately on the face
of the income statement with an offset for the amount recognized in other
comprehensive income? (FASB ASC 320-10-45-8A) (formerly FSP FAS 115-1 and
FAS 124-1, para. 16B)
8. When significant, have taxes assessed by governmental authorities on
revenue-producing transactions (e.g., sales, use, and similar taxes) that are
Disclosure Made?
Yes No N/A
revenue-producing transactions (e.g., sales, use, and similar taxes) that are
included in revenues and costs been disclosed? (FASB ASC 605-45-50-4)
(formerly EITF 06-3)
9. For incentives given by service providers to third-party manufacturers or resellers,
has a description of the nature of the incentive programs, including any significant
amounts recognized in the income statement and their classification, been
disclosed for each period presented? (FASB ASC 605-50-50-1) (formerly EITF
06-1)
10. Are material events or transactions that are either unusual in nature or of infrequent
occurrence, but not both (and thus not meeting the criteria for extraordinary items):
(FASB ASC 225-20-45-16; 225-20-50-3) (formerly APB No. 30, para. 26)
a. Reported as a separate component of income from continuing operations?
b. Accompanied by disclosure of the nature and financial effects of each event?
EXTRAORDINARY ITEMS j jj j
11. Have the nature of the event or transaction and the principal items entering into the
determination of an extraordinary gain or loss been disclosed? (FASB ASC
12. Are all extraordinary items (shown net of related income tax effect) segregated
from results of ordinary operations? (FASB ASC 225-20-45-9) (formerly APB No.
30, paras. 1012)
13. Are descriptive captions and amounts (including applicable income taxes)
presented for individual extraordinary events or transactions, preferably on the face
of the income statement if practicable? (FASB ASC 225-20-45-11) (formerly APB
No. 30, para. 11)
14. Is the adjustment in the current period of a previously presented extraordinary item
separately disclosed, including year of origin, nature, and amount? (FASB ASC
COMPREHENSIVE INCOMEPERIODS ENDING ON OR BEFORE DECEMBER 15,
2012 j jj j
NOTE: The following requirements are effective prior to the adoption of ASU 2011-05,
Comprehensive Income (Topic 220): Presentation of Comprehensive Income, which is
effective for fiscal years ending after December 15, 2012, and interim and annual
periods thereafter. However, early adoption is permitted.
15. Have the components of comprehensive income and total comprehensive income
for the period been presented either in a separate statement of comprehensive
income that begins with net income, on the income statement below the total for
net income, or in the statement of changes in equity? (FASB ASC 220-10-45-5;
220-10-45-8) (formerly SFAS No. 130, paras. 14 and 22)
16. Have reclassification adjustments been displayed on the face of the statement that
presents comprehensive income or disclosed in the notes to the financial
17. Has income tax expense or benefit allocated to each component of other
comprehensive income, including reclassification adjustments, been disclosed?
Disclosure Made?
Yes No N/A
18. Has the net gain or loss on derivative instruments designated as cash flow hedging
instruments that are reported in comprehensive income (including qualifying
foreign currency cash flow hedges) been reported as a separate classification
within other comprehensive income? (FASB ASC 815-30-45-1) (formerly SFAS No.
133, para. 46)
COMPREHENSIVE INCOMEPERIODS ENDING AFTER DECEMBER 15, 2012 j jj j
NOTE: The following requirements are effective for fiscal years ending after December
15, 2012, and interim and annual periods thereafter. The revised requirements should
be applied retrospectively and there are no transition disclosures. Early adoption is
permitted.
19. Is comprehensive income reported either (a) in a single continuous financial
statement or (b) in two separate but consecutive financial statements? (FASB ASC
220-10-45-1) (formerly SFAS No. 130, para. 5; ASU 2011-05)
20. If comprehensive income is reported in a single continuous financial statement,
does the statement include the following: (FASB ASC 220-10-45-1A)
a. The components of comprehensive income presented in two sections, net
income and other comprehensive income?
b. The components of net income?
c. A total amount for net income?
d. The components of other comprehensive income?
e. A total amount for other comprehensive income?
f. A total for comprehensive income?
21. If comprehensive income is reported in two separate but consecutive financial
statements, do the statements include the following: (FASB ASC 220-10-45-1B)
a. The components of and the total net income in the statement of net income?
b. The components of other comprehensive income, a total for other
comprehensive income, and a total for comprehensive income in the
statement of other comprehensive income? (NOTE: The statement of other
comprehensive income must immediately follow the statement of net income.
The second statement may begin with net income.)
22. Have reclassification adjustments out of accumulated other comprehensive
income been presented on the face of the statement that presents the components
of other comprehensive income or disclosed in the notes to the financial
statements? (FASB ASC 220-10-45-17) (formerly SFAS No. 130, para. 20; ASU
2011-12)
23. Are the components of other comprehensive income presented either (a) net of
related tax effects or (b) before tax effects with one amount representing the
aggregate income tax expense or benefit related to the total of other
comprehensive income items? (FASB ASC 220-10-45-11) (formerly SFAS No. 130,
para. 24; ASU 2011-05)
24. Has income tax expense or benefit allocated to each component of other
comprehensive income, including reclassification adjustments, been either (a)
presented in the statement where the components are presented or (b) disclosed
Disclosure Made?
Yes No N/A
in the notes to the financial statements? (FASB ASC 220-10-45-12) (formerly SFAS
No. 130, para. 25; ASU 2011-05)
25. Has the net gain or loss on derivative instruments designated as cash flow hedging
instruments that are reported in comprehensive income (including qualifying
foreign currency cash flow hedges) been reported as a separate classification
within other comprehensive income? (FASB ASC 815-30-45-1) (formerly SFAS No.
133, para. 46)
STATEMENT OF CASH FLOWS j jj j
1. Are noncash investing and financing transactions disclosed either in narrative form
or summarized in a schedule and do they clearly relate the cash and non-cash
aspects of such transactions? (FASB ASC 230-10-50-3) (formerly SFAS No. 95,
para. 32)
2. If the indirect method of reporting cash flows from operating activities is used, are
amounts of interest paid (net of amounts capitalized) and income taxes paid during
the period disclosed? (FASB ASC 230-10-50-2) (formerly SFAS No. 95, para. 29)
GENERAL FINANCIAL STATEMENT DISCLOSURES j jj j
(These are additional note disclosures that have not been addressed in previous
checklist questions.)
DATE OF MANAGEMENTS REVIEW j jj j
1. Have the following been disclosed: (FASB ASC 855-10-50-1) (formerly SFAS No.
165, para. 12)
a. The date through which subsequent events were evaluated?
b. Whether the date in item (a) is the financial statement issuance date or the
date the financial statements were available to be issued?
2. In revised financial statements, have the dates through which subsequent events
were evaluated for both the original and revised financial statements been
NATURE OF OPERATIONS j jj j
1. Have the following disclosures about the entitys products or services been made:
(FASB ASC 275-10-50-2) (formerly SOP 94-6, para. 10)
a. A description of the major products or services the entity sells or provides and
its principal markets, including the location of those markets?
b. If the entity operates in more than one business, the relative importance of its
operations in each business and the basis for that determination (e.g., based
on assets, revenues, or earnings)?
USE OF ESTIMATES j jj j
1. Has the fact that preparation of financial statements in conformity with GAAP
requires the use of managements estimates been disclosed? (FASB ASC
ACCOUNTING POLICIES j jj j
Disclosure Made?
Yes No N/A
1. Have the following accounting policies, if significant, been presented as an integral
part of the financial statements (disclosure is preferred in a separate summary of
significant accounting policies preceding the notes or in the first note): (FASB ASC
235-10-50-6) (formerly APB 22, para. 15)
a. Basis for stating inventories and the method of determining cost? (FASB ASC
210-10-50-1; 235-10-50-4; 330-10-50-1) (formerly ARB No. 43, ch. 3A, para. 9,
and ch. 4, Statement 8; and APB No. 22, para. 13)
b. General description of the methods used to compute depreciation for major
classes of depreciable assets? (FASB ASC 360-10-50-1) (formerly APB No.
12, para. 5)
c. Policy used to determine whether a short-term investment is treated as a cash
equivalent in the statement of cash flows? (FASB ASC 230-10-50-1) (formerly
d. If cash flows from derivative instruments that are accounted for as fair value
hedges or cash flow hedges are classified in the same category as cash flows
from the item being hedged, that accounting policy? (FASB ASC
e. Basis of accounting for loans and trade receivables? (FASB ASC 310-10-50-2)
(formerly SOP 01-6, para. 13; ASU 2010-20)
f. Method used to determine the lower of cost or fair value of nonmortgage
loans held for sale? (FASB ASC 310-10-50-2) (formerly SOP 01-6, para. 13)
g. Classification and method of accounting for interest-only strips, loans, other
receivables, or retained interests in securitizations that can be contractually
prepaid or otherwise settled in a way that the entity would not recover
substantially all of its recorded investment? (FASB ASC 310-10-50-2) (formerly
SOP 01-6, para. 13)
h. Method used to recognize interest income on loans and trade receivables,
including the entitys policy for treatment of related fees and costs (including
its method of amortizing net deferred fees or costs)? (FASB ASC 310-10-50-2;
i. Method used to estimate liabilities for off-balance-sheet credit exposures and
related charges, including a description of the factors influencing
managements judgment and, for years ending on or after December 15,
2011, a discussion of risk elements relevant to particular categories of
financial instruments? (FASB ASC 310-10-50-9) (formerly SOP 01-6, para. 13;
ASU 2010-20)
j. Policies for placing financing receivables on nonaccrual status, recording
payments on nonaccrual receivables, and resuming accrual of interest? (For
years ending on or after December 15, 2011, this disclosure should be
provided by class of financing receivable, except for trade accounts
receivable, other than credit card receivables, with a contractual maturity of
one year or less that arose from the sale of goods or services; receivables
measured at fair value with changes in fair value reported in earnings; and
receivables measured at lower of cost or fair value. This disclosure does not
apply to loans acquired with deteriorated credit quality.) (FASB ASC
310-10-50-5A and 50-5B; 310-10-50-6) (formerly SOP 01-6, para. 13; ASU
Disclosure Made?
Yes No N/A
2010-20)
k. Policy for charging off uncollectible receivables? (FASB ASC 310-10-50-4A;
310-10-50-6) (formerly SOP 01-6, para. 13; ASU 2010-20) (For years ending
on or after December 15, 2011, this disclosure only applies to trade accounts
receivable, other than credit card receivables, with a contractual maturity of
one year or less that arose from the sale of goods or services.)
l. For years ending before December 15, 2011, the method used to estimate the
allowance for doubtful accounts (or allowance for loan losses)? (FASB ASC
m. Policy for determining past due or delinquency status? (For years ending on
or after December 15, 2011, this disclosure should be provided by class of
financing receivable, except for trade accounts receivable, other than credit
card receivables, with a contractual maturity of one year or less that arose
from the sale of goods or services; receivables measured at fair value with
changes in fair value reported in earnings; and receivables measured at lower
of cost or fair value. This disclosure does not apply to loans acquired with
deteriorated credit quality.) (FASB ASC 310-10-50-5A and 50-5B; 310-10-50-6)
(formerly SOP 01-6, para. 13; ASU 2010-20)
n. Policy and method used to determine the entitys liability for product
warranties or other similar guarantees, including associated liabilities such as
deferred revenue? (FASB ASC 460-10-50-8) (formerly FIN 45, para. 14)
o. Policy for the treatment of costs incurred to renew or extend the term of a
recognized intangible asset? (FASB ASC 350-30-50-2) (formerly SFAS No.
142, para. 11)
p. Policy for presenting taxes assessed by governmental authorities on
revenue-producing transactions (e.g., sales, use, and similar taxes) in the
income statement on either a gross or net basis? (FASB ASC 605-45-50-3 and
50-4) (formerly EITF 06-3)
q. Policy for classifying shipping and handling costs? (If shipping and handling
costs are significant and are not included in cost of sales, the amount of such
costs and the line item on the income statement that includes such costs also
should be disclosed.) (FASB ASC 605-45-50-2) (formerly EITF No. 00-10)
r. Policy for classifying interest and penalties recognized in the financial
statements that are associated with the entitys tax positions? (FASB ASC
740-10-50-19) (formerly FIN 48, para. 20)
s. If the reporting entity manages a group of financial assets and liabilities based
on its net exposure to market risks or credit risk, the policy of measuring the
fair value of the group based on net risk exposure at the measurement date if
the reporting entity has made an accounting policy decision to use that
permitted exception to fair value measurement? (FASB ASC 820-10-50-2D)
(This disclosure requirement is effective for years beginning after December
15, 2011.)
t. Other significant accounting policies, including those for which there is a
selection from existing acceptable alternatives, principles, and methods
peculiar to the industry in which the entity operates, and unusual or innovative
applications of GAAP or methods of application? (FASB ASC 235-10-50-1
Disclosure Made?
Yes No N/A
through 50-6) (formerly APB No. 22, paras. 815)
2. Is there disclosure of any material changes in classifications made to previously
issued financial statements? (AU 420.17)
RELATED-PARTY TRANSACTIONS AND COMMON CONTROL j jj j
1. Do disclosures of material related-party transactions include: (FASB ASC
a. The nature of the relationship(s)? (If necessary to an understanding of the
effects of the transactions, the related party should be identified by name.)
b. A description of the transactions, including transactions to which no amounts
or nominal amounts were ascribed, for each of the periods for which an
income statement is presented and such other information deemed necessary
to an understanding of the effects of the transactions on the financial
statements?
c. The dollar amounts of transactions for each of the periods for which income
statements are presented and the effects of any change in the method of
establishing the terms from that used in the preceding period?
d. Amounts due from or to related parties as of the date of each balance sheet
presented and, if not otherwise apparent, the terms and manner of
settlement?
e. The disclosures required if the entity is part of a group that files a
consolidated tax return? (See INCOME TAXESConsolidated Tax Return)
2. If representations are made that the related-party transactions were consummated
on terms equivalent to those that prevail in arms length transactions, can such
representations be substantiated? (FASB ASC 850-10-50-5) (formerly SFAS No. 57,
para. 3)
3. If the entity and one or more other entities are under common control and the
existence of that control could result in operating results or financial position of the
entity significantly different from those that would have been obtained if the entities
were autonomous, has disclosure been made of the nature of the control
relationship, even though there have been no transactions between the entities?
4. Have the required disclosures about variable interest entities been made? (See
CONSOLIDATIONSInterests in Variable Interest Entities)
PENSION AND POSTRETIREMENT BENEFIT PLANSDEFINED CONTRIBUTION j jj j
(See Part II for defined benefit pension plan disclosures.)
1. Is the following information about the entitys defined contribution pension or other
postretirement benefit plans disclosed separately from the entitys defined benefit
plans: (FASB ASC 715-70-50-1) [formerly SFAS No. 132(R), para. 11]
a. The amount of cost recognized during the period?
b. A description of the nature and effect of any significant changes during the
period affecting comparability (such as a change in the rate of employer
contributions, a business combination, or a divestiture)?
Disclosure Made?
Yes No N/A
LEASES IN STATEMENTS OF LESSEES j jj j
LesseesGeneral j jj j
1. Have the nature and extent of leasing transactions with related parties been
2. Has a general description of the entitys leasing arrangements been disclosed,
including, but not limited to, the basis on which contingent rental payments are
determined; the existence and terms of renewal or purchase options and
escalation clauses; and restrictions imposed by lease agreements such as those
concerning dividends, additional debt, and further leasing? (FASB ASC
840-10-50-2) (formerly SFAS No. 13, para. 16d)
Operating Leases j jj j
3. Has disclosure of the following been made for operating leases having initial or
remaining noncancelable lease terms in excess of one year: (FASB ASC
840-20-50-2) (formerly SFAS No. 13, para. 16b)
a. Future minimum rental payments required as of the date of the latest balance
sheet presented, in the aggregate and for each of the five succeeding fiscal
years?
b. The total amount of minimum rentals to be received in the future under
noncancelable subleases as of the date of the latest balance sheet
presented?
4. Has disclosure been made of rental expense for each period for which an income
statement is presented, with separate amounts for minimum rentals, contingent
rentals, and sublease rental income? (NOTE: Rental payments under leases with
terms of one month or less that were not renewed need not be included.) (FASB
ASC 840-20-50-1) (formerly SFAS No. 13, para. 16c)
Capital Leases j jj j
5. Have the following been separately identified in each balance sheet presented or
disclosed in the notes: (FASB ASC 840-30-45-1 and 45-2; 840-30-50-1) (formerly
SFAS No. 13, paras. 13 and 16)
a. The gross amount of assets in the balance sheet recorded under capital
leases and the accumulated amortization by major classes according to
nature or function?
b. The lease obligations classified as current and long-term?
6. Has disclosure been made of future minimum lease payments as of the latest
balance sheet presented, in the aggregate and for each of the five succeeding
fiscal years, with appropriate separate deductions therefrom for executory costs
(including any related profit) and imputed interest to reduce net minimum lease
payments to present value? (FASB ASC 840-30-50-1) (formerly SFAS No. 13,
paras. 10 and 16a)
7. Has disclosure been made of minimum sublease rentals to be received in the
future under noncancelable subleases? (FASB ASC 840-30-50-1) (formerly SFAS
No. 13, para. 16a)
Disclosure Made?
Yes No N/A
8. Have the following been disclosed for each income statement presented: (FASB
ASC 840-30-50-1 and 50-2) (formerly SFAS No. 13, paras. 13 and 16a)
a. Amortization expense, unless it is included in depreciation expense and that
fact has been disclosed?
b. Total contingent rentals actually incurred?
Sale-leaseback Transactions j jj j
9. Has the seller-lessee disclosed the terms of the transaction, including any future
commitments, obligations, provisions, or circumstances that require or result in the
seller-lessees continuing involvement? (FASB ASC 840-40-50-1) (formerly SFAS
No. 98, para. 17)
10. For transactions accounted for under the deposit method or as a financing, has the
seller-lessee disclosed the following, in the aggregate and for each of the five
years succeeding the latest balance sheet date: (FASB ASC 840-40-50-2) (formerly
a. Obligation for future minimum lease payments as of the date of the latest
balance sheet presented?
b. Total minimum sublease rentals to be received in the future under
noncancelable subleases?
FAIR VALUE MEASUREMENTS j jj j
Fair Value MeasurementsPeriods Beginning on or before December 15, 2011 j jj j
NOTE: In the period of initial adoption, comparative disclosures for prior periods are not
required. In periods after initial adoption, comparative disclosures are required only for
periods ending after initial adoption. Early adoption is permitted. (See Part II, PENSION
AND POSTRETIREMENT BENEFIT PLANSDEFINED BENEFITPlan Assets, for
disclosures that apply for fair value measurements of plan assets of a defined benefit
pension or other postretirement plan.)
1. Have the following been disclosed for assets and liabilities measured at fair value
on a recurring basis, separately for each class of assets and liabilities, with
quantitative disclosures presented in tabular format: (FASB ASC 820-10-50-1
through 50-3; 820-10-50-8) (formerly SFAS No. 157, paras. 32 and 34; ASU
2010-06)
a. The fair value measurement at the reporting date? (Disclosures for derivative
assets and liabilities are required to be presented gross.)
b. The level within the fair value hierarchy in which the fair value measurement
falls, segregating fair value measurements using Level 1 inputs, Level 2
inputs, and Level 3 inputs? (Disclosures for derivative assets and liabilities are
required to be presented gross.)
c. The amounts of significant transfers between Level 1 and Level 2 and the
reasons for the transfers, separately disclosing transfers into and out of each
level, and policies for determining the timing of when transfers between levels
are recognized, such as (1) the actual date of the event or change in
circumstances that caused the transfer, (2) the beginning of the reporting
period, or (3) the end of the reporting period? (Disclosures for derivative
Disclosure Made?
Yes No N/A
assets and liabilities are required to be presented gross.)
d. For fair value measurements using Level 3 inputs, a reconciliation of the
beginning and ending balances, separately presenting changes attributable
to the following (disclosures for derivative assets and liabilities may be
presented either gross or net):
(1) Total gains or losses for the period (realized and unrealized), separately
presenting those gains or losses included in earnings and other
comprehensive income, and a description of where such gains or losses
are reported in the income statement or comprehensive income?
(2) Purchases, sales, issuances, and settlements (net)? For years beginning
after December 15, 2010, and interim periods within those years, each
type must be disclosed separately.
(3) Transfers in or out of Level 3 and the reasons for those transfers,
separately disclosing significant transfers into and out of Level 3, and
policies for determining the timing of when transfers between levels are
recognized, such as (i) the actual date of the event or change in
circumstances that caused the transfer, (ii) the beginning of the reporting
period, or (iii) the end of the reporting period?
e. Total gains or losses for the period in item (d)(1) included in earnings due to
the change in unrealized gains or losses that relate to assets and liabilities
held at the reporting date and a description of where such unrealized gains or
losses are reported in the income statement? (Disclosures for derivative
assets and liabilities may be presented either gross or net.)
f. For Level 2 and Level 3 fair value measurements, a description of
(1) The valuation technique(s) used, such as the market approach, income
approach, or the cost approach?
(2) The inputs used in determining the fair values of each class of assets or
liabilities?
(3) Any change in the valuation technique(s) (for example, changing from a
market approach to an income approach or the use of an additional
valuation technique), and the reason for the change?
g. Do the disclosures in items (a)(f) provide sufficient information to permit
reconciliation of the fair value measurement disclosures for the various
classes of assets and liabilities to the line items in the balance sheet?
h. If the disclosures in items (a)(g) are not sufficient for financial statement
users to assess the valuation techniques and inputs used to develop fair value
measurements and the effect of measurements using significant
unobservable inputs on earnings for the period, has additional disclosure
been made as necessary?
For debt and equity securities, these disclosures should be made by major
security type as defined in FASB ASC 320-10-50-1B and 942-320-50-2 (formerly
SFAS No. 115, para. 19). See also Part I, MARKETABLE DEBT AND EQUITY
SECURITIESAvailable-for-sale, Held-to-maturity, and Trading Securities, for
Disclosure Made?
Yes No N/A
guidance on determining major security types.
2. Have the following been disclosed for assets and liabilities measured at fair value
on a nonrecurring basis, separately for each class of assets and liabilities, with
quantitative disclosures presented in tabular format: (FASB ASC 820-10-50-5 and
50-8) (formerly SFAS No. 157, paras. 3334; ASU 2010-06)
a. The fair value measurement recorded during the period and the reasons for
such measurement?
b. The level within the fair value hierarchy in which the fair value measurement
falls, segregating fair value measurements using Level 1 inputs, Level 2
inputs, and Level 3 inputs?
c. For fair value measurements using Level 2 or Level 3 inputs, the disclosures in
item 1(f)?
d. If the disclosures in items (a)(c) are not sufficient for financial statement
users to assess the valuation techniques and inputs used to develop fair value
measurements, has additional disclosure been made as necessary? (FASB
ASC 820-10-50-5) (formerly SFAS No. 157, par. 33; and ASU 2010-06)
For debt and equity securities, these disclosures should be made by major
security type as defined in FASB ASC 320-10-50-1B and 942-320-50-2 (formerly
SFAS No. 115, para. 19). See also Part I, MARKETABLE DEBT AND EQUITY
SECURITIESAvailable-for-sale, Held-to-maturity, and Trading Securities, for
guidance on determining major security types.
3. In the period the guidance on measuring the fair value of liabilities (ASU 2009-05,
Measuring Liabilities at Fair Value) is adopted, has disclosure been made of any
change in valuation technique and related inputs, and the total effect of the
change, if practicable? (FASB ASC 820-10-65-5) (The guidance is effective for the
first reporting period beginning after August 26, 2009.)
Fair Value MeasurementsPeriods Beginning after December 15, 2011 j jj j
NOTE: Early application is permitted, but only for interim periods beginning after
December 15, 2011. (See Part II, PENSION AND POSTRETIREMENT BENEFIT
PLANSDEFINED BENEFITPlan Assets, for disclosures that apply for fair value
measurements of plan assets of a defined benefit pension or other postretirement plan.)
4. Have the following been disclosed for each class of assets and liabilities measured
at fair value (including measurements based on fair value) on a recurring basis in
the balance sheet after initial recognition, with quantitative disclosures presented in
tabular format: (FASB ASC 820-10-50-1 through 50-2C; 820-10-50-2F; 820-10-50-3;
820-10-50-8) (formerly SFAS No. 157, paras. 32 and 34; ASU 2010-06; ASU
2011-04)
a. The fair value measurement at the end of the reporting period? (Disclosures
for derivative assets and liabilities should be presented gross.)
b. The level of the fair value hierarchy within which the fair value measurements
are categorized in their entirety (Level 1, 2, or 3)? (Disclosures for derivative
assets and liabilities should be presented gross.)
c. For assets and liabilities held at the end of the reporting period that are
Disclosure Made?
Yes No N/A
c. For assets and liabilities held at the end of the reporting period that are
measured at fair value, the amounts of any transfers between Level 1 and
Level 2 of the fair value hierarchy, the reasons for such transfers, and the
policy for determining when transfers between levels have occurred?
(Transfers into each level should be disclosed and discussed separately from
transfers out of each level.) (Disclosures for derivative assets and liabilities
should be presented gross.) (Nonpublic companies are not required to make
this disclosure unless other GAAP requires it.)
d. For Level 2 and Level 3 fair value measurements
(1) The valuation technique(s) and inputs used in the measurement?
(2) Any change in valuation technique (for example, from a market approach
to an income approach or the use of an additional valuation technique)
and the reason(s) for making the change?
(3) For Level 3 fair value measurements, quantitative information about the
significant unobservable inputs used in the measurement? (Disclosure is
not required if quantitative unobservable inputs are not developed by the
reporting entity when measuring fair value, for example, when prices
from prior transactions or third-party pricing information without
adjustment is used. Quantitative unobservable inputs that are significant
to the fair value measurement and that are reasonably available to the
reporting entity cannot be ignored.)
e. For Level 3 fair value measurements
(1) A reconciliation from the opening balances to the closing balances with
separate disclosure of changes during the period attributable to (a) total
gains or losses for the period recognized in earnings and the line item(s)
in the income statement in which such gains or losses are recognized;
(b) total gains or losses for the period recognized in other
comprehensive income and the line item(s) in other comprehensive
income in which such gains or losses are recognized; (c) purchases,
sales, issues, and settlements, with each type disclosed separately; and
(d) the amounts of any transfers into or out of Level 3, the reasons for
such transfers, and the policy for determining when transfers between
levels have occurred? (Transfers into Level 3 should be disclosed and
discussed separately from transfers out of Level 3) (Disclosures for
derivative assets and liabilities may be presented either gross or net.)
(2) The amount of the total gains or losses for the period in item (e)(1)(a)
included in earnings due to the change in unrealized gains or losses that
relate to assets and liabilities held at the end of the reporting period, and
the line item(s) in the income statement in which such unrealized gains
or losses are recognized? (Disclosures for derivative assets and liabilities
may be presented either gross or net.)
(3) A description of the valuation processes used including, for example,
how the valuation policies and procedures are decided and how
changes in fair value measurements are analyzed from period to period?
(4) A narrative description of the sensitivity of the measurement to changes
in unobservable inputs if a change in the inputs to a different amount
might produce a significantly higher or lower fair value measurement,
Disclosure Made?
Yes No N/A
including a description of any interrelationships between those inputs
and other unobservable inputs used in the fair value measurement and
how those interrelationships might magnify or mitigate the effect of
changes in the unobservable inputs on the measurement? [At a
minimum, the narrative description of the sensitivity should include the
unobservable inputs disclosed in item d(3)]. (Nonpublic companies are
not required to make this disclosure unless other GAAP requires it.)
f. If the highest and best use of a nonfinancial asset differs from its current use,
the fact that the use is different and why the asset is being used differently
from its highest and best use?
g. Information sufficient to permit reconciliation of the fair value measurement
disclosures for the various classes of assets and liabilities in items (a)(f) to
the line items in the balance sheet?
h. If the disclosures in items (a)(g) are not sufficient to help financial statement
users assess the valuation techniques and inputs used to develop fair value
measurements and the effect of fair value measurements using significant
unobservable inputs on earnings or other comprehensive income for the
period, additional disclosures as necessary?
5. Have the following been disclosed for each class of assets and liabilities measured
at fair value (including measurements based on fair value) on a nonrecurring basis
in the balance sheet after initial recognition, with quantitative disclosures presented
in tabular format: (FASB ASC 820-10-50-1 through 50-2C; 820-10-50-3;
820-10-50-8; 350-20-50-3) (formerly SFAS No. 157, paras. 32 and 34; ASU
2010-06; ASU 2011-04; ASU 2011-08)
a. The fair value measurement at the end of the reporting period and the
reasons for the measurement? (Disclosures for derivative assets and liabilities
should be presented gross.)
b. The level of the fair value hierarchy within which the fair value measurements
are categorized in their entirety (Level 1, 2, or 3)? (Disclosures for derivative
assets and liabilities should be presented gross.)
c. For Level 2 and Level 3 fair value measurements
(3) For Level 3 fair value measurements, quantitative information about the
significant unobservable inputs used in the measurement? (Disclosure is
not required if quantitative unobservable inputs are not developed by the
reporting entity when measuring fair value, for example, when prices
from prior transactions or third-party pricing information without
adjustment is used. Quantitative unobservable inputs that are significant
to the fair value measurement and that are reasonably available to the
reporting entity cannot be ignored. This disclosure is not required for fair
value measurements related to accounting and reporting for goodwill
after initial recognition in a business combination.)
d. For Level 3 fair value measurements, a description of the valuation processes
used including, for example, how the valuation policies and procedures are
Disclosure Made?
Yes No N/A
used including, for example, how the valuation policies and procedures are
decided and how changes in fair value measurements are analyzed from
period to period?
e. If the highest and best use of a nonfinancial asset differs from its current use,
f. Information sufficient to permit reconciliation of the fair value measurement
disclosures for the various classes of assets and liabilities in items (a)(e) to
the line items in the balance sheet?
g. If the disclosures in items (a)(f) are not sufficient to help financial statement
users assess the valuation techniques and inputs used to develop fair value
measurements, has additional disclosure been made as necessary?
6. Have the following been disclosed for each class of assets and liabilities not
measured at fair value in the balance sheet but for which the fair value is disclosed:
(FASB ASC 820-10-50-2E and 50-2F) (Nonpublic companies are not required to
make this disclosure unless other GAAP requires it.)
a. The level of the fair value hierarchy within which the fair value measurements
are categorized in their entirety (Level 1, 2, or 3)?
b. For Level 2 and Level 3 fair value measurements, a description of
c. If the highest and best use of a nonfinancial asset differs from its current use,
7. In the period the guidance on fair value measurement in ASU 2011-04 is adopted
(that is, in the first year beginning after December 15, 2011), has disclosure been
made of any change in valuation technique and related inputs resulting from
adoption of the new requirements, and the total effect of the change, if practicable?
(FASB ASC 820-10-65-8)
FINANCIAL INSTRUMENTS j jj j
Concentrations of Credit Risk j jj j
NOTE: These disclosures are optional for nonpublic companies that (a) have total
assets on the financial statement date of less than $100 million and (b) have no
instrument that, in whole or in part, is accounted for as a derivative other than
commitments related to the origination of mortgage loans to be held for sale during the
reporting period. (FASB ASC 825-10-50-3) (formerly SFAS No. 126, para. 2) However,
the disclosures for FAIR VALUE MEASUREMENTS, would be required.
1. Have significant concentrations of credit risk from all financial instruments been
disclosed, including the following about each significant concentration (whether
from an individual counterparty or group of counterparties): (FASB ASC
825-10-50-21) (formerly SFAS No. 107, para. 15A)
Disclosure Made?
Yes No N/A
a. Information about the activity, region, or economic characteristic that identifies
the concentration?
b. The maximum amount of loss due to credit risk that, based on the gross fair
value of the financial instrument, the entity would incur if parties to the
financial instruments that make up the concentration failed completely to
perform according to the terms of the contracts and the collateral or other
security, if any, proved to be of no value?
c. The entitys policy of requiring collateral or other security to support financial
instruments subject to credit risk?
d. Information about the entitys access to collateral or other security?
e. A description of the collateral or other security?
f. The entitys policy of entering into master netting arrangements to mitigate the
credit risk of financial instruments?
g. Information about the master netting arrangements for which the entity is a
party?
h. A brief description of the terms of master netting arrangements, including the
extent to which they would reduce the entitys maximum amount of loss due
to credit risk?
Fair Value of Financial Instruments j jj j
NOTE: These disclosures are optional for nonpublic companies that (a) have total
assets on the financial statement date of less than $100 million and (b) have no
instrument that, in whole or in part, is accounted for as a derivative other than
commitments related to the origination of mortgage loans to be held for sale during the
reporting period. (FASB ASC 825-10-50-3) (formerly SFAS No. 126, para. 2) However,
the disclosures for FAIR VALUE MEASUREMENTS, would be required.
2. Have the following disclosures about the fair value of financial instruments been
made: (FASB ASC 825-10-50-10; 825-10-50-14; 825-10-50-16) (formerly SFAS No.
107, paras. 10 and 14; ASU 2011-04)
a. Fair value of financial instruments for which it is practicable to estimate fair
value? (NOTE: For trade receivables and payables, no disclosure is required
when the carrying amount approximates fair value.)
b. The methods and significant assumptions used to estimate the fair value of
financial instruments?
c. A description of any changes in methods or assumptions during the period?
d. For years beginning after December 15, 2011, the level of the fair value
hierarchy within which the fair value measurements are categorized in their
entirety (Level 1, 2, or 3)?
e. If it is not practicable to estimate the fair value of a financial instrument or a
class of financial instruments, the reasons it is not practicable and information
pertinent to estimating the fair value of the financial instrument or class of
financial instruments, such as the carrying amount, effective interest rate, and
maturity?
3. Do the disclosures in item 2(a): (FASB ASC 825-10-50-11 and 50-12) (formerly
Disclosure Made?
Yes No N/A
3. Do the disclosures in item 2(a): (FASB ASC 825-10-50-11 and 50-12) (formerly
a. Include the related carrying amounts in a format that makes it clear (1)
whether the fair value and carrying amount represent assets or liabilities and
(2) how the carrying amounts relate to what is reported in the balance sheet?
b. Appear in a single note or, if disclosed in more than a single note, does one
note include a summary table containing the fair value and related carrying
amounts of all financial instruments and refer to the other disclosures on fair
value of financial instruments?
4. Unless permitted to offset the carrying amounts in the balance sheet, does the
entity disclose the fair value of financial instruments without netting the fair value
with the fair value of other financial instruments? (FASB ASC 825-10-50-15)
(formerly SFAS No. 107, para. 13A)
OTHER COMMITMENTS j jj j
1. Are the following types of commitments disclosed: (FASB ASC 440-10-50-1)
a. Obligations to reduce debts, maintain working capital, or restrict dividends?
b. Unused letters of credit?
c. Commitments for plant acquisition?
CONTINGENCIES, RISKS, AND UNCERTAINTIES j jj j
Contingencies j jj j
1. Are the nature and amount of an accrued loss contingency disclosed in the
financial statements if exposure to loss in excess of the amount accrued exists, or
disclosure is necessary to keep the financial statements from being misleading?
(For years ending on or after December 15, 2011, this disclosure does not apply to
loss contingencies arising from an entitys recurring estimation of its allowance for
credit losses.) (FASB ASC 310-10-50-21; 450-20-50-2A; 450-20-50-1 and 50-3)
(formerly SFAS No. 5, paras. 910; ASU 2010-20)
2. For loss contingencies not accrued, but when at least a reasonable possibility
exists that a loss (or additional loss in excess of amounts accrued) may have
occurred, do disclosures indicate: (For years ending on or after December 15,
2011, this disclosure does not apply to loss contingencies arising from an entitys
recurring estimation of its allowance for credit losses.) (FASB ASC 450-20-50-2A;
a. Nature of contingency?
b. Estimate of possible loss or range of loss, or a statement that such estimate
cannot be made?
3. Have contingencies that might result in gains been adequately disclosed but not
reflected in the accounts so as not to recognize revenue prior to its realization?
4. If it is at least reasonably possible that the effect on the financial statements of
significant estimates involving contingencies will change within one year of the
Disclosure Made?
Yes No N/A
date of the financial statements due to one or more future confirming events and
the effect of that change would be material to the financial statements, do the
disclosures include an indication that it is at least reasonably possible that a
change in estimate will occur in the near term? (FASB ASC 275-10-50-9) (formerly
SOP 94-6, paras. 1315) (NOTE: If the entity uses risk reduction techniques to
mitigate losses or the uncertainty that may result from future events and, as a
result, the preceding criteria are not met, the disclosures are encouraged but not
required.)
5. Has disclosure been made if there is a change from occurrence-based insurance
to claims-made insurance, or insurance coverage has been eliminated or
significantly reduced, and it is at least reasonably possible that a loss has been
incurred? (FASB ASC 720-20-50-1) (formerly EITF 03-8)
Significant Estimates Other Than Contingencies j jj j
6. Have the following disclosures been made for significant estimates if, based on
information available before the financial statements are available to be issued, it is
at least reasonably possible that the estimates will change within one year of the
date of the financial statements due to one or more confirming events and the
effect of that change would be material: (FASB ASC 275-10-50-8 and 50-9)
(formerly SOP 94-6, paras. 1315) (NOTE: If the entity uses risk reduction
techniques to mitigate losses or the uncertainty that may result from future events
and, as a result, the preceding criteria are not met, the disclosures are encouraged
but not required.)
a. The nature of the uncertainty?
b. An indication that it is at least reasonably possible that a change in the
estimate will occur in the near term?
Concentrations j jj j
7. Have the following concentrations and the general nature of the risk associated
with each been disclosed if, based on information known to management before
the financial statements are available to be issued, (a) the concentration exists at
the financial statement date, (b) the concentration makes the entity vulnerable to
the risk of a near-term severe impact, and (c) it is at least reasonably possible that
the events that could cause the severe impact will occur in the near term: (FASB
ASC 275-10-50-16; 275-10-50-18; 275-10-50-20) (formerly SOP 94-6, paras. 21, 22,
and 24)
a. Concentrations in the volume of business transacted with a particular
customer, supplier, lender, grantor, or contributor? (NOTE: It is always
considered at least reasonably possible that any customer, grantor, or
contributor will be lost in the near term.)
b. Concentrations in revenue from particular products, services, or fund-raising
events?
c. Concentrations in the available sources of supply of materials, labor, or
services, or of licenses or other rights used in the entitys operations?
d. Concentrations in the market or geographic area?
e. Concentrations of labor subject to collective bargaining agreements, including
the percentage of the labor force covered by those agreements and the
Disclosure Made?
Yes No N/A
percentage covered by agreements that will expire within one year?
f. Concentrations of operations outside the entitys home country, including the
carrying amounts of net assets and the geographic areas in which they are
located? (NOTE: It is always considered at least reasonably possible that
operations located outside an entitys home country will be disrupted in the
near term.)
Guarantees and Product Warranties j jj j
8. Has the following been disclosed about each guarantee or group of similar
guarantees, even if the likelihood of having to make payments under the guarantee
is remote:
a. Nature of the guarantee, including the guarantees approximate term, how it
arose, and the events or circumstances that would require the entity to
perform under the guarantee? (FASB ASC 460-10-50-2 through 50-4)
(formerly SFAS No. 5, para. 12 and FIN 45, para. 13)
b. The current status, as of the balance sheet date, of the payment/performance
risk of the guarantee? (For an entity that uses internal groupings to manage
risk, the disclosure should indicate how those groupings are determined and
used for managing risk.) (FASB ASC 460-10-50-4) (formerly FIN 45, para. 13)
c. Maximum potential amount of future payments the entity could be required to
make (undiscounted and not reduced by possible recoveries under recourse
or collateralization provisions) or the reasons why an estimate of that amount
cannot be made? (If there is no limitation to the maximum, that fact should be
disclosed. Also, this disclosure is not applicable to product warranties or
similar guarantee contracts.) (FASB ASC 460-10-50-4 and 50-8) (formerly FIN
45, para. 13)
d. Carrying amount of the liability, if any, for the entitys obligations under the
guarantee, including any amount recognized as a loss contingency? (FASB
ASC 460-10-50-4) (formerly FIN 45, para. 13)
e. Recourse provisions that would enable the entity to recover amounts paid
under the guarantee or collateral that could be sold? (If estimable, the extent
to which proceeds from the sale of collateral would be expected to cover the
maximum potential amount of future payments under the guarantee should
be disclosed.) (FASB ASC 460-10-50-4) (formerly FIN 45, para. 13)
9. Has a tabular reconciliation of the changes in the entitys aggregate liability for
product warranties or other similar guarantee contracts been presented, including
the beginning liability balance, aggregate reductions for payments made,
aggregate changes for accruals related to guarantees issued during the period,
aggregate changes to preexisting accruals (for example, related to changes in
estimates), and the ending liability balance? (FASB ASC 460-10-50-8) (formerly FIN
45, para. 14)
Going Concern j jj j
10. If substantial doubt exists about the entitys ability to continue as a going concern
for a period not to exceed one year beyond the balance sheet date, do the
financial statements adequately disclose the following matters: (AU 341.10, AR
Exhibit B)
Disclosure Made?
Yes No N/A
a. Pertinent conditions and events giving rise to the assessment of substantial
doubt about the entitys ability to continue as a going concern for a period not
to exceed one year from the balance sheet date?
b. The possible effects of such conditions and events?
c. Managements evaluation of the significance of those conditions and events
and any mitigating factors?
d. Possible discontinuance of operations?
e. Managements plans (including relevant prospective financial information)?
f. Information about the recoverability or classification of recorded asset
amounts or the amounts or classification of liabilities?
11. If substantial doubt about the entitys ability to continue as a going concern for a
period not to exceed one year from the balance sheet date is alleviated, do the
financial statements adequately disclose the following matters when considered
necessary: (AU 341.11)
a. The conditions and events that initially caused the substantial doubt?
b. The possible effects of such conditions and events?
c. Any mitigating factors, including managements plans?
ILLEGAL ACTS j jj j
1. If material revenue or earnings are derived from transactions involving illegal acts,
or if illegal acts create significant unusual risks associated with material revenue or
earnings, such as loss of a significant business relationship, has that information
been disclosed? (AU 317.15)
CHANGES IN PRESENTATION OF COMPARATIVE STATEMENTS j jj j
1. If, because of reclassifications or other reasons, changes have occurred in the
manner of or the basis for presenting corresponding items in comparative
statements, are the changes explained? (FASB ASC 205-10-50-1) (formerly ARB
No. 43, ch. 2A, para. 3)
SUBSEQUENT EVENTS j jj j
1. For subsequent events that provide evidence about conditions that did not exist at
the date of the balance sheet, but arose after that date, are the following disclosed
to keep the financial statements from being misleading: (FASB ASC 450-20-50-9;
855-10-50-2) (formerly SFAS No. 5, para. 11 and SFAS No. 165, para. 13)
a. The nature of the event?
b. An estimate of its financial effect or range of loss, or a statement that such an
estimate cannot be made?
2. For significant nonrecognized subsequent events, has consideration been given to
whether the disclosure can best be made through supplemental pro forma
financial data either in the notes or in columnar form on the face of the financial
3. If a change in the entitys tax status becomes effective after year end but before the
financial statements are available to be issued, are proper disclosures made?
Disclosure Made?
Yes No N/A
financial statements are available to be issued, are proper disclosures made?
(FASB ASC 740-10-50-4) (formerly QA-SFAS No. 109, No. 11)
4. If a material business combination is completed after the balance sheet date but
before the financial statements are available to be issued, has the required
information been disclosed, if practicable? (See Part II, BUSINESS
COMBINATIONS)
5. Have the disclosures for DATE OF MANAGEMENTS REVIEW, been made?
OTHER POSSIBLE DISCLOSURES j jj j
SPECIALIZED ACCOUNTING AND REPORTING PRINCIPLES j jj j
Have appropriate disclosures been made for: (These specialized disclosures are not
included in Part II. If present, consult the appropriate standards. Preparers should also
refer to pronouncements of the Governmental Accounting Standards Board for
disclosure requirements of governmental entities.)
1. Agricultural producers and cooperatives? (FASB ASC 905) (formerly SOP 85-3 and
AICPA Industry Audit and Accounting Guide, Agricultural Producers and
Agricultural Cooperatives)
2. Airlines? (FASB ASC 908) (formerly AICPA Industry Audit and Accounting Guide,
Airlines)
3. Broadcasting industry? (FASB ASC 920) (formerly SFAS No. 63)
4. Brokers and dealers in securities? (FASB ASC 940) (formerly AICPA Industry Audit
and Accounting Guide, Brokers and Dealers)
5. Cable television companies? (FASB ASC 922) (formerly SFAS No. 51)
6. Casinos? (FASB ASC 924) (formerly AICPA Industry Audit and Accounting Guide,
Casinos)
7. Coal industry? (FASB ASC 930) (formerly EITF 92-13)
8. Common interest realty associations? (FASB ASC 972) (formerly AICPA Audit and
Accounting Guide, Common Interest Realty Associations)See the disclosure
checklist in PPCs Guide to Homeowners Associations.
9. Construction contractors? (FASB ASC 605-35 and 910) (formerly ARB No. 45; SOP
81-1; and AICPA Industry Audit and Accounting Guide, Construction
Contractors)See the supplemental disclosure checklist in PPCs Guide to
Construction Contractors.
10. Contracts indexed to, or settled in, an entitys own stock? (FASB ASC 815-40)
11. Contributions received from nonowners? (FASB ASC 958) (formerly SFAS No. 116)
12. Defined benefit pension plans? (FASB ASC 960) (formerly SFAS No. 35; SOP 99-2;
and AICPA Industry Audit and Accounting Guide, Employee Benefit Plans)See
the disclosure checklist in PPCs Guide to Audits of Employee Benefit Plans.
13. Defined contribution retirement plans? (FASB ASC 962) (formerly SOPs 94-4 and
99-3; FSP AAG INV-1 and SOP 94-4-1; and AICPA Audit and Accounting Guide,
Employee Benefit Plans; ASU 2010-25)See the disclosure checklist in PPCs
Disclosure Made?
Yes No N/A
Guide to Audits of Employee Benefit Plans.
14. Depository and lending institutions? (FASB ASC 942) (formerly SFAS Nos. 95, 109,
and 115; SOP 01-6; and the AICPA Industry Audit and Accounting Guide,
Depository and Lending Institutions)See the disclosure checklist in PPCs Guide
to Audits of Financial Institutions.
15. Entities in reorganization under the bankruptcy code? (FASB ASC 852-10 and
852-740) (formerly SOP 90-7)
16. Finance companies? (FASB ASC 942) (formerly SOPs 90-11 and 01-6)
17. Government contractors? (FASB ASC 912) (formerly ARB No. 43, Ch. 11; and
AICPA Industry Audit and Accounting Guide, Federal Government Contractors)
18. Health and welfare benefit plans? (FASB ASC 965) (formerly SOPs 92-6, 94-4,
99-2, 99-3, and 01-2; and AICPA Audit and Accounting Guide, Employee Benefit
Plans)See the disclosure checklist in PPCs Guide to Audits of Employee Benefit
Plans.
19. Health care providers? (FASB ASC 954) (formerly SOP 02-2 and AICPA Audit and
Accounting Guide, Health Care Entities; ASU 2010-23; ASU 2011-07)
20. Insurance industry? (FASB ASC 944) (formerly SFAS Nos. 60, 91, 97, 113, 120,
and 163; SOPs 92-5, 94-5, 95-1, 98-7, 00-3, 01-5, 03-1, and 05-1; AICPA Industry
Audit and Accounting Guide, Property and Liability Insurance Entities; AcSEC PB
Nos. 8 and 15; and ASU 2010-26)
21. Investment companies and partnerships and investments in such entities? (FASB
ASC 946) (formerly SOPs 93-4, 95-2, 95-3, and 07-1; FSP EITF 85-24-1 and FSP
AAG INV-1 and SOP 94-4-1; and AICPA Industry Audit and Accounting Guide,
Investment Companies)
22. Life settlement contract investments? (FASB ASC 325-30) (formerly FSP FTB
85-4-1)
23. Loans and debt securities acquired with deteriorated credit quality? (FASB ASC
310-30) (formerly SOP 03-3; SFAS No. 166; and ASU 2010-18)
24. Mortgage banking activities? (FASB ASC 948) (formerly SFAS No. 65 and SOP
01-6)See the disclosure checklist in PPCs Guide to Audits of Financial
Institutions.
25. Motion picture film industry? (FASB ASC 926) (formerly SFAS No. 89 and SOP
00-2)
26. Not-for-profit entities? (FASB ASC 958) [formerly SFAS Nos. 116, 117, 124, 132(R),
136, and 164; FSP FAS 117-1; SOPs 94-3 and 98-2; and AICPA Industry Audit and
Accounting Guide, Not-for-Profit Entities]See the disclosure checklist in PPCs
Guide to Nonprofit GAAP and PPCs Guide to Audits of Nonprofit Organizations.
27. Oil and gas operations? (FASB ASC 932) (formerly SFAS Nos. 19, 25, and 69; and
FSP FAS 19-1 and FSP FAS 142-2; ASU 2010-03)
28. Own-share lending arrangements? (FASB ASC 470-20) (formerly EITF 09-1)
29. Public utility industry? (FASB ASC 980) (formerly SFAS Nos. 71, 90, 92, and 101;
and EITF 92-12 and 97-4)
Disclosure Made?
Yes No N/A
30. Real estate investment trusts? (FASB ASC 974) (formerly SOP 75-2)
31. Real estate time-sharing transactions? (FASB ASC 978) (formerly SOP 04-2)
32. Record and music industry? (FASB ASC 928) (formerly SFAS No. 50)
33. Registration payment arrangements? (FASB ASC 825-20) (formerly FSP EITF
00-19-2)
34. Servicing assets and liabilities? (FASB ASC 860-50) (formerly SFAS Nos. 140, 156,
and 166)
35. State and local governmental units? (AICPA Industry Audit and Accounting Guide,
State and Local Governments)See the disclosure checklist in PPCs Guide to
Audits of Local Governments or PPCs Guide to Preparing Governmental Financial
Statements Under GASBS No. 34.
36. Title plant costs? (FASB ASC 950) (formerly SFAS No. 61)
PART II DISCLOSURES
Review the following list of disclosures for applicability to your client. Indicate either item present or item not present. If the
item is present, complete the appropriate checklist entries from Part II.
Item
Present
Item
Not
Present
1. Accounting changes and correction of an error?
2. Advertising costs?
3. Balance sheet offsetting
4. Business combinations?
5. Collaborative arrangements?
6. Computer software revenues and costs?
7. Consolidations?
8. Derivative financial instruments and hedging activities?
9. Development stage companies?
10. Discontinued operations?
11. Employee stock ownership plans (ESOPs)?
12. Environmental remediation obligations and contingencies?
13. Exit or disposal activities?
14. Extinguishment of debt?
15. Fair value option for financial assets and financial liabilities?
16. Foreign operations?
17. Franchise fee revenues?
Item
Present
Item
Not
Present
18. Impaired long-lived assets and long-lived assets to be disposed of?
19. Income taxesspecial areas?
20. Insurance contracts, proceeds, and assessments?
21. Intangibles?
22. Interim financial statements?
23. Investments accounted for by the equity method?
24. Investments in entities that calculate net asset value per share?
25. Investments in noncorporate real estate joint ventures?
26. Leases in financial statements of lessors?
27. Lending activities and loan purchases?
28. Limited liability companies or partnerships (LLCs or LLPs)?
29. Long-lived asset retirement obligations?
30. Long-term contracts?
31. Mandatorily redeemable stock and other financial instruments with
characteristics of liabilities and equity?
32. Nonmonetary transactions?
33. Pension and postretirement benefit plansdefined benefit?
34. Postemployment benefits?
35. Quasi-reorganization?
36. Real estate activities?
37. Research and development?
38. Retained earnings restrictions?
39. Revenue recognitionspecial areas?
40. Stock-based compensation (including compensation for nonemployee
services)?
41. Termination claims receivable?
42. Transfers of financial assets?
43. Troubled debt restructuringscreditors?
44. Troubled debt restructuringsdebtors?
45. Unconditional purchase obligations?
SUBSEQUENT PRONOUNCEMENTS ISSUED
Use the space provided below to list additional requirements as they are issued until this checklist is revised. (For a list of
disclosures required by standards issued subsequent to the date of this checklist, visit ppc.thomsonreuters.com and access
the 5 Minute Update in the Accounting & Auditing section.)
Have the Disclosure
Requirements
Been Considered?
Technical Pronouncement Description of Topic Yes No N/A

PART IIOTHER DISCLOSURES
Instructions
Part I contains a checklist of Part II disclosures common to nonpublic entities. If any of those circumstances are present,
complete the appropriate disclosure sections in Part II. Disclosure sections in Part II that are not applicable can be checked
N/A by topic or deleted from the disclosure checklist.
Disclosure Made?
Yes No N/A
ACCOUNTING CHANGES AND CORRECTION OF AN ERROR j jj j
Change in Accounting Principle j jj j
1. In the period in which the change is made[Except as indicated in item (a),
financial statements for subsequent periods are not required to repeat the
disclosures in items (a)(c).]
a. Has the nature of and reason for the change, including an explanation of why
it is preferable, been disclosed? (When a change has no material effect in the
change period, but is reasonably certain to have a material effect in later
periods, this disclosure is required whenever the financial statements of the
change period are presented.) (FASB ASC 250-10-50-1 and 50-2) (formerly
b. Has the method of applying the change been disclosed, including: (FASB
ASC 250-10-50-1 and 50-2) (formerly SFAS No. 154, para. 17)
(1) A description of any prior-period information that has been
retrospectively adjusted?
(2) The effect of the change on income from continuing operations, net
income, and any other affected financial statement line item for the
current period and prior periods retrospectively adjusted?
(3) The cumulative effect of the change on retained earnings (or other
components of equity) as of the beginning of the earliest period
presented?
(4) The reasons and a description of the alternative method used to report
the change when retrospective application to all prior periods is
impracticable?
c. Has the following been disclosed if the indirect effects of a change in
accounting principle are recognized: (FASB ASC 250-10-50-1 and 50-2)
(1) A description of the indirect effects of the change, including amounts that
have been recognized in the current period?
(2) The amount of the total recognized indirect effects of the accounting
change that are attributable to each prior period presented, unless
impracticable?
Change in Accounting Estimate j jj j
2. For a change in estimate that affects several future periods, has the effect on
income from continuing operations and net income of the current period been
3. Has disclosure been made of the effect, if material, on income from continuing
operations and net income for changes in estimates made each period in the
ordinary course of accounting for items such as uncollectible accounts or
inventory obsolescence? (FASB ASC 250-10-50-4) (formerly SFAS No. 154, para.
22)
Disclosure Made?
Yes No N/A
4. If a change in accounting estimate has been effected by changing an accounting
principle, have the disclosures in ACCOUNTING CHANGES AND CORRECTION
OF AN ERRORChange in Accounting Principle, been made? (FASB ASC
5. When a change in estimate has no material effect in the change period, but is
reasonably certain to have a material effect in later periods, has a description of the
change been disclosed whenever the financial statements of the change period
are presented? (FASB ASC 250-10-50-4) (formerly SFAS No. 154, para. 22)
Change in the Reporting Entity j jj j
6. In the period in which the change is made[Except as indicated in item (a),
financial statements for subsequent periods are not required to repeat the
disclosures in items (a) and (b).]
a. Do the financial statements for the period of the change describe the nature of
the change and the reason for it? (When a change has no material effect in
the change period, but is reasonably certain to have a material effect in later
periods, this disclosure is required whenever the financial statements of the
change period are presented.) (FASB ASC 250-10-50-6) (formerly SFAS No.
154, para. 24)
b. Has the effect of the change on income before extraordinary items, net
income, and other comprehensive income been disclosed for all periods
presented? (FASB ASC 250-10-50-6) (formerly SFAS No. 154, para. 24)
Corrections of Errors in Previously Issued Financial Statements That Have Been
Restated j jj j
7. In the period in which the change is made[Financial statements for subsequent
periods are not required to repeat the disclosures in items (a)(g).]
a. Has disclosure been made that the previously issued financial statements
have been restated, along with a description of the nature of the error? (FASB
ASC 250-10-50-10; 250-10-50-7) (formerly SFAS No. 154, para. 26)
b. Has disclosure been made of the effect of the correction on each financial
statement line item affected for each prior period presented? (FASB ASC
c. Has the cumulative effect of the change on retained earnings (or other
appropriate components of equity) as of the beginning of the earliest period
presented been disclosed? (FASB ASC 250-10-50-10; 250-10-50-7) (formerly
d. For single period financial statements, have the effects of a prior-period
adjustment (gross and net of tax) on beginning retained earnings and net
income of the preceding period been disclosed? (FASB ASC 250-10-50-9)
(formerly APB No. 9, para. 26)
e. For comparative financial statements, have the effects of a prior-period
adjustment (gross and net of tax) on net income for each period presented
been disclosed? (FASB ASC 250-10-50-9) (formerly APB No. 9, para. 26)
f. Has the amount of income tax applicable to each prior-period adjustment
been disclosed? (FASB ASC 250-10-50-9) (formerly APB No. 9, para. 26)
Disclosure Made?
Yes No N/A
g. If a restated historical financial summary (commonly 5 or 10 years) is
presented, has disclosure of the restatements been made in the first summary
published after the adjustment? (FASB ASC 250-10-45-28) (formerly APB No.
9, para. 27)
Adoption of New Accounting Standards j jj j
8. Has disclosure been made of the effects, where material and essential for an
understanding of the financial statements, of a required future adoption of an
accounting principle that will result in retroactive adjustment? (AU 9410.15.17)
9. In the period in which a new accounting standard is applied, have the following
disclosures been made: (FASB ASC 718-10-65-2; 360-20-65-2)
a. The disclosures in Part II, ACCOUNTING CHANGES AND CORRECTION OF
AN ERRORChange in Accounting Principle?
b. For interim periods subsequent to the date of adoption in the fiscal year of the
change in accounting principle, the effect of the change on income from
continuing operations and net income for the post-change interim periods?
The transition disclosures for adoption of a new accounting standard in FASB
ASC 718-10-65-2 are required by ASU 2010-13, CompensationStock
Compensation (Topic 718): Effect of Denominating the Exercise Price of a
Share-Based Payment Award in the Currency of the Market in Which the
Underlying Equity Security Trades, which is effective for fiscal years beginning
on or after December 15, 2010. Early application is permitted.
The transition disclosures for adoption of a new accounting standard in FASB
ASC 360-20-65-2 are required by ASU 2011-10, Property, Plant, and Equipment
(Topic 360): Derecognition of in Substance Real Estatea Scope Clarification,
which is effective for nonpublic companies for fiscal years ending after
December 15, 2013. Early application is permitted.
ADVERTISING COSTS j jj j
1. Have the following disclosures about direct-response advertising been made:
a. A description of the direct-response advertising that is capitalized?
b. The accounting policy for it?
c. The amortization period?
2. For nondirect-response advertising costs, has the policy about whether those
costs are expensed as incurred or expensed the first time the advertising takes
place been disclosed? (FASB ASC 720-35-50-1; 340-20-50-1) (formerly SOP 93-7,
para. 49)
3. Have the total advertising costs charged to expense for each income statement
presented been disclosed? (FASB ASC 340-20-50-1; 720-35-50-1) (formerly SOP
93-7, para. 49)
4. Have any write-downs of capitalized advertising to net realizable value been
disclosed? (FASB ASC 340-20-50-1) (formerly SOP 93-7, para. 49)
Disclosure Made?
Yes No N/A
5. Has the total amount of capitalized advertising included in each balance sheet
presented been disclosed? (FASB ASC 340-20-50-1) (formerly SOP 93-7, para. 49)
6. Has the amount of revenue and expense recognized from advertising barter
transactions been disclosed for each income statement period presented? (If the
fair value of such transactions is not determinable, has information regarding the
volume and type of advertising surrendered and received been disclosed for each
income statement presented?) (FASB ASC 605-20-50-1) (formerly EITF 99-17)
BALANCE SHEET OFFSETTING j jj j
NOTE: The following disclosures are effective for fiscal years beginning on or after
January 1, 2013, and interim periods within those years. The disclosures should be
made retrospectively for comparative prior periods presented that begin before the
effective date.
1. Have the following been disclosed for (a) recognized financial instruments and
derivative instruments that have been offset and (b) recognized financial
instruments and derivative instruments subject to an enforceable master netting
arrangement or similar agreement regardless of whether they are offset? (The
disclosures should be presented in a tabular format, separately for assets and
liabilities, unless another format is more appropriate.) (FASB ASC 210-20-50-3 and
50-4; 210-20-55-6)
a. The gross amounts of those recognized assets and liabilities?
b. The amounts that have been offset to determine the net amounts presented in
the balance sheet?
c. The net amounts presented in the balance sheet?
d. The amounts subject to an enforceable master netting arrangement or similar
agreement not included in item 1(b), including the following: [The total
amount disclosed for an instrument should not exceed the amount disclosed
in item 1(c) for the instrument.]
(1) The amounts related to recognized financial instruments and other
derivative instruments that management makes an accounting policy
election not to offset or that do not meet some or all of the requirements
to offset?
(2) The amounts related to financial collateral, including cash collateral?
e. The net amount after deducting the amounts in item 1(d) from the amounts in
item 1(c)?
FASB ASC 210-20-45 and 815-10-45 provide requirements for offsetting
financial instruments and derivative instruments in the balance sheet.
Financial instruments disclosed in accordance with these requirements
may be subject to different measurement attributes (e.g., cost vs. fair
value). In such situations, disclose the instruments at their recognized
amounts and describe any measurement differences in the related
disclosures.
2. Has a description been provided of the rights of setoff associated with recognized
assets and liabilities subject to an enforceable master netting arrangement or
Disclosure Made?
Yes No N/A
assets and liabilities subject to an enforceable master netting arrangement or
similar agreement disclosed in item 1(d), including the nature of those rights?
(FASB ASC 210-20-50-5)
3. If the disclosures for balance sheet offsetting are provided in more than a single
note to the financial statements, has a cross-reference between those notes been
provided? (FASB ASC 210-20-50-6)
4. If the disclosures about balance sheet offsetting are not sufficient to enable
financial statement users to evaluate the effect or potential effect of netting
arrangements, including rights of setoff related to recognized assets and liabilities,
on the entitys financial position, has additional disclosure been provided as
necessary? (FASB ASC 210-20-50-2)
BUSINESS COMBINATIONS j jj j
1. Have the following been disclosed for each business combination that occurs
during the reporting period or for which the acquisition date is after the reporting
date but before the financial statements are available to be issued [items (e)(p)
should be provided in the aggregate for immaterial business combinations that are
collectively material]: (FASB ASC 805-10-50-1 through 50-4; 805-20-50-1 through
50-3; 805-30-50-1 through 50-3) [formerly SFAS No. 141(R), paras. 6770; and
ASU 2010-02]
a. Name and a description of the acquiree?
b. Acquisition date?
c. Percentage of voting equity interests acquired?
d. Primary reasons for the combination and a description of how control was
obtained?
e. A qualitative description of the factors that make up the recognized goodwill,
such as expected synergies from combining operations, intangible assets that
do not qualify for separate recognition, or other factors?
f. The acquisition-date fair value of the total consideration transferred?
g. The acquisition-date fair value of each major class of consideration
transferred, such as:
(1) Cash?
(2) Other tangible or intangible assets, including a business or subsidiary of
the acquirer?
(3) Liabilities incurred, for example, a liability for contingent consideration?
(4) Equity interests of the acquirer, including the number of instruments or
interests issued or issuable and the method of determining their fair
value?
h. For contingent consideration arrangements and indemnification assets:
(1) The amount recognized as of the acquisition date?
(2) A description of the arrangement and basis for determining the amount
of the payment?
Disclosure Made?
Yes No N/A
(3) An estimate of the range of outcomes (undiscounted), or if the range
cannot be estimated, that fact and the reasons? (If the maximum amount
of the payment is unlimited, has that fact been disclosed?)
i. For acquired receivables except loans and debt securities acquired with
deteriorated credit quality (disclosures should be provided by major class of
receivable, such as loans, direct financing leases, and any other class of
receivables):
(1) The fair value of the receivables?
(2) The gross contractual amounts receivable?
(3) The best estimate at the acquisition date of the contractual cash flows
not expected to be collected?
j. The amounts recognized as of the acquisition date for each major class of
assets acquired and liabilities assumed?
k. For assets and liabilities arising from contingencies recognized at the
acquisition date (acquirers may aggregate disclosures for assets or liabilities
that are similar in nature; disclosures should be included in the business
combination footnote):
(1) The amounts recognized at the acquisition date and the measurement
basis applied?
(2) The nature of the contingencies?
l. For assets and liabilities arising from contingencies not recognized at the
acquisition date, the disclosures required by Part I, CONTINGENCIES, RISKS,
AND UNCERTAINTIESContingencies, if applicable? (NOTE: Disclosures
should be included in the business combination footnote.)
m. The total amount of goodwill expected to be deductible for tax purposes?
n. For transactions that are recognized separately from the acquisition of assets
and assumption of liabilities in the business combination:
(1) A description of each transaction?
(2) The accounting for each transaction?
(3) The amounts recognized for each transaction and the line item in the
financial statements in which each amount is recognized?
(4) If the transaction is the effective settlement of a preexisting relationship,
the method used to determine the settlement amount?
(5) The amount of acquisition-related costs for each transaction, the amount
recognized as an expense, and the line item(s) in the income statement
in which those expenses are recognized?
(6) The amount of any issuance costs not recognized as an expense, and
the manner of recognition?
o. In a bargain purchase:
(1) The gain recognized and the line item in the income statement where
recognized?
Disclosure Made?
Yes No N/A
(2) A description of the reasons why the transaction resulted in a gain?
p. For each business combination where less than 100 percent of the equity
interests in the acquiree is held at the acquisition date:
(1) The fair value of the noncontrolling interest at the acquisition date?
(2) The valuation technique(s) and significant inputs used to measure the
fair value of the noncontrolling interest?
q. In a business combination achieved in stages:
(1) The acquisition-date fair value of the equity interest in the acquiree held
immediately before the acquisition date?
(2) The gain or loss recognized as a result of remeasuring to fair value the
equity interest in the acquiree held immediately before the business
combination and the line item in the income statement in which the gain
or loss is recognized?
(3) The valuation technique(s) used to measure the acquisition-date fair
value of the equity interest in the acquiree held by the acquirer
immediately before the business combination?
(4) Information for assessing the inputs used to develop the fair value
measurement of the equity interest in the acquiree held by the acquirer
immediately before the business combination?
r. If the acquisition date is after the reporting date but before the financial
statements are available to be issued and the initial accounting for the
business combination is incomplete at the time the financial statements are
available to be issued, a description of the disclosures that could not be made
and the reasons?
s. If the disclosures in items (a)(r) are not sufficient for financial statement users
to evaluate the nature and financial effect of a business combination that
occurs during the reporting period or after the reporting date but before the
financial statements are available to be issued, additional disclosures as
necessary?
2. Has the following information been disclosed for each material business
combination (or in the aggregate for individually immaterial business combinations
that are collectively material): (FASB ASC 805-10-50-5 through 50-7; 805-20-50-4;
805-30-50-4) [formerly SFAS No. 141(R), paras. 7173]
a. If the initial accounting for a business combination is incomplete for particular
assets, liabilities, noncontrolling interests, or items of consideration and the
amounts recognized in the financial statements are provisional:
(1) The reasons why the initial accounting is incomplete?
(2) The assets, liabilities, equity interests, or items of consideration for which
the initial accounting is incomplete?
(3) The nature and amount of any measurement period adjustments
recognized during the reporting period?
b. For each reporting period after the acquisition date until the collection, sale,
or loss of the right to a contingent consideration asset, or until settlement,
Disclosure Made?
Yes No N/A
cancellation, or expiration of a contingent consideration liability:
(1) Any changes in the recognized amounts, including any differences
arising upon settlement?
(2) Any changes in the range of outcomes (undiscounted) and the reasons
for those changes?
(3) The disclosures for fair value measurements in Part I, FAIR VALUE
MEASUREMENTS?
c. If the disclosures in items (a)(b) are not sufficient for financial statement
users to evaluate the financial effects of adjustments recognized in the current
period that relate to business combinations that occurred in the current or
previous reporting periods, additional disclosures as necessary?
3. For transfers of net assets or exchanges of equity interests between entities under
common control that result in a change of reporting entity, has the following
information been disclosed by the receiving entity in the period of the transaction:
(FASB ASC 805-50-50-3) [formerly SFAS No.141(R), para. D14]
a. The name and brief description of the entity included as a result of the
transaction?
b. The method of accounting for the transfer or exchange?
COLLABORATIVE ARRANGEMENTS j jj j
1. Has the policy for collaborative arrangements been disclosed? (FASB ASC
808-10-50-1) (formerly EITF 07-1)
2. Where the entity is a participant to collaborative arrangements, has the following
been disclosed for the initial period and all annual periods thereafter: (FASB ASC
808-10-50-1) (formerly EITF 07-1) (Information related to individually significant
collaborative arrangements should be disclosed separately.)
a. Information about the nature and purpose of collaborative arrangements?
b. The entitys rights and obligations under the arrangement?
c. The income statement classification and amounts attributable to transactions
arising from the arrangement for each period an income statement is
presented?
COMPUTER SOFTWARE REVENUES AND COSTS j jj j
1. Have the policies for recognizing revenue from selling, leasing, or otherwise
marketing computer software been disclosed? (Accepted practice)
2. Have the following been disclosed for computer software costs to be sold, leased,
or otherwise marketed, whether internally developed, produced, or purchased
(except costs incurred for computer software created for others under a
contractual arrangement): (FASB ASC 985-20-50-1) (formerly SFAS No. 86, para.
11)
a. Unamortized computer software costs included in each balance sheet
presented?
b. The total amount charged to expense in each income statement presented for
amortization of capitalized computer software costs and for amounts written
Disclosure Made?
Yes No N/A
down to net realizable value?
3. For qualifying software arrangements with multiple deliverables, have the
disclosures in Part II, REVENUE RECOGNITIONSPECIAL
AREASMultiple-deliverable ArrangementsYears Beginning on or after June 15,
2010, been made? (FASB ASC 985-605-50-1; 985-605-65-1) (These disclosures
are effective for revenue arrangements that include both tangible products and
software entered into or materially modified in years beginning on or after June 15,
2010. Early application is permitted.)
CONSOLIDATIONS j jj j
Consolidated Financial Statements j jj j
1. Is the consolidation policy disclosed? (FASB ASC 810-10-50-1) (formerly ARB No.
51, para. 5)
2. Are interentity balances and transactions eliminated? (FASB ASC 810-10-45-1)
(formerly ARB No. 51, para. 6)
3. If the financial reporting periods of subsidiaries differ from that of the parent, is
recognition given by disclosure or otherwise to the effect of intervening events that
materially affect financial position or the results of operations? (FASB ASC
810-10-45-12) (formerly ARB No. 51, para. 4)
4. If there has been a change to (or elimination of) a difference between the parents
reporting period and that of a consolidated entity (or equity method investee), have
the applicable disclosures for a change in accounting principle in Part II,
ACCOUNTING CHANGES AND CORRECTION OF AN ERRORChange in
Accounting Principle, been made? (FASB ASC 810-10-50-2) (formerly EITF 06-9)
5. If investment company accounting is retained in consolidated financial statements,
or a change in the status of an investment company subsidiary occurs, have the
disclosures required by FASB ASC 946-810-50-1 through 50-4 (formerly SOP 07-1,
paras. 50 and 5253) been made? (The effective date of SOP 07-1 is indefinitely
deferred. Entities that early adopted the SOP before December 15, 2007, are
permitted to continue to apply its provisions. Subject to certain limitations, no other
entity may apply the provisions of the SOP.)
Interests in Variable Interest Entities j jj j
NOTE: Disclosures about variable interest entities may be reported in the aggregate for
similar entities when separate reporting would not provide more useful information.
(FASB ASC 810-10-50-9) [formerly FIN 46(R), para. 22C]
6. If applicable, has disclosure been made about how similar entities are aggregated,
distinguishing between VIEs that are consolidated and those that are not
consolidated because the reporting entity is not the primary beneficiary but holds a
variable interest in the VIE? (FASB ASC 810-10-50-9) [formerly FIN 46(R), para.
22C]
7. Have the (a) assets of a consolidated VIE that can be used only to settle liabilities
of the consolidated VIE and (b) liabilities of a consolidated VIE for which creditors
or beneficial interest holders do not have recourse to the general credit of the
primary beneficiary been presented separately on the face of the balance sheet?
(FASB ASC 810-10-45-25) [formerly FIN 46(R), para. 22A]
Disclosure Made?
Yes No N/A
8. For primary beneficiaries of a VIE, have the following been disclosed: (FASB ASC
810-10-50-3, 50-5A, and 50-5B) [formerly FIN 46(R), paras. 22E, 23, and 23A]
However, the disclosures are not required if the primary beneficiary holds a
majority voting interest, the VIE is a business, and the VIEs assets can be used for
purposes other than settling the VIEs obligations.
a. The methodology for determining that the reporting entity is the primary
beneficiary, including the significant judgments and assumptions used to
make the determination?
b. If the conclusion that the reporting entity is the primary beneficiary of a VIE
has changed in the most recent financial statements, the primary factors
resulting in the change and the effect of the change on the reporting entitys
financial statements?
c. Whether explicit or implicit financial or other support has been provided to the
VIE during the periods presented that was not previously contractually
required or whether such support is intended, including:
(1) The type and amount of support, including situations in which the
reporting entity aided the VIE in obtaining another kind of support?
(2) The primary reasons for providing the support?
d. Qualitative and quantitative information about the reporting entitys
involvement (considering both explicit arrangements and implicit variable
interests) with the VIE, including the VIEs nature, purpose, size, activities, and
financing?
e. The disclosures required in Part II, BUSINESS COMBINATIONS, if the VIE is a
business?
f. Amount of any gain or loss recognized on the initial consolidation of the VIE if
the VIE is not a business?
g. Classification and carrying amounts of the assets and liabilities of the VIE that
are consolidated in the balance sheet, including qualitative information about
the relationship between those assets and liabilities?
h. If creditors or beneficial interest holders of the VIE have no recourse to the
general credit of the primary beneficiary, the lack of recourse?
i. Terms of arrangements that could require the primary beneficiary to provide
financial support to the VIE including events or circumstances that could
expose the reporting entity to loss (giving consideration to both explicit
arrangements and implicit variable interests)?
9. For entities that hold a variable interest in a VIE (including implicit variable
interests) but are not the primary beneficiary, have the following been disclosed:
(FASB ASC 810-10-50-4 and 50-5A) [formerly FIN 46(R), paras. 22E and 24]
a. The methodology for determining that the reporting entity is not the primary
beneficiary, including the significant judgments and assumptions used to
make the determination?
b. If the conclusion that the reporting entity is the primary beneficiary of a VIE
has changed in the most recent financial statements, the primary factors
resulting in the change and the effect of the change on the reporting entitys
Disclosure Made?
Yes No N/A
financial statements?
c. Whether explicit or implicit financial or other support has been provided to the
VIE during the periods presented that was not previously contractually
required or whether such support is intended, including:
(1) The type and amount of support, including situations in which the
reporting entity aided the VIE in obtaining another kind of support?
(2) The primary reasons for providing the support?
d. Qualitative and quantitative information about the reporting entitys
involvement (considering both explicit arrangements and implicit variable
interests) with the VIE, including the VIEs nature, purpose, size, activities, and
financing?
e. Classification and carrying amounts of the assets and liabilities in the balance
sheet that relate to the variable interest in the VIE?
f. Maximum exposure to loss due to involvement with the VIE, how the
maximum exposure is determined, and the significant sources of the reporting
entitys exposure to the VIE, or a statement that the maximum exposure
cannot be quantified?
g. Tabular comparison of the amounts required to be disclosed under items (e)
and (f) including qualitative and quantitative information necessary to
understand the differences between those amounts? [This information should
include, at a minimum, the terms of arrangements that could require the
reporting entity to provide financial support to the VIE including events or
circumstances that could expose the reporting entity to loss (giving
consideration to both explicit arrangements and implicit variable interests).]
h. Description of any liquidity arrangements, guarantees, or other third party
commitments that may impact the fair value or risk of the variable interest in
the VIE? (NOTE: This disclosure is encouraged but not required.)
i. If a conclusion has been made that the power to direct the VIEs activities that
most significantly impact the VIEs economic performance is shared, the
significant factors considered and the judgments made in making that
assessment?
10. If the disclosures about interests in variable interest entities are provided in more
than one note to the financial statements, has a cross-reference to other notes
been provided? (FASB ASC 810-10-50-2AC) [formerly FIN 46(R), para. 25]
11. If the disclosures about interests in variable interest entities are not sufficient for
financial statement users to understand (a) the significant judgments and
assumptions made in assessing whether the reporting entity must consolidate a
VIE or disclose its involvement with the VIE, (b) if the reporting entity consolidates
a VIE, the nature of any restrictions on the VIEs assets and on the settlement of its
liabilities included in the consolidated balance sheet, including the carrying
amounts of those assets and liabilities, (c) the nature of the risks related to the
reporting entitys involvement with the VIE and changes in those risks, and (d) how
the reporting entitys involvement with the VIE impacts financial position, financial
performance, and cash flows, has additional disclosure been made as necessary?
(FASB ASC 810-10-50-2AA and 50-2AB) [formerly FIN 46(R), para. 22B]
12. If accounting standards for interests in VIEs are not applied to an interest in a
Disclosure Made?
Yes No N/A
12. If accounting standards for interests in VIEs are not applied to an interest in a
potential VIE created before December 31, 2003, because information cannot be
obtained to (a) determine whether the entity is a VIE, (b) determine the VIEs
primary beneficiary, or (c) perform the accounting necessary to consolidate the
entity, has the following been disclosed: (FASB ASC 810-10-50-6) [formerly FIN
46(R), para. 26]
a. Number of entities to which the standards are not being applied and the
reason the information needed to apply the standards is not available?
b. Nature of involvement with the entity and the nature, purpose, size, and
activities of the entity?
c. Maximum exposure to loss as a result of involvement with the entity?
d. Income, expense, purchases, sales, or other measure of activity with the entity
for all periods presented? (Information about prior periods is not required in
the first year this requirement applies if it is not practicable to present that
information.)
Noncontrolling Interests j jj j
13. For parents with one or more less-than-wholly-owned subsidiaries, has the
following been disclosed in each reporting period: (FASB ASC 810-10-50-1A)
(formerly ARB No. 51, para. 38)
a. Separately, on the face of the consolidated financial statements, the amounts
of consolidated net income and consolidated comprehensive income and
amounts of each attributable to the parent and the noncontrolling interest?
b. Either in the notes or on the face of the consolidated income statement,
amounts attributable to the parent for the following:
(1) Income from continuing operations?
(2) Discontinued operations?
(3) Extraordinary items?
c. Either in the consolidated statement of changes in equity or in the notes to
consolidated financial statements, a reconciliation at the beginning and the
end of the period of the carrying amount of total equity and the amounts
attributable to the parent and to the noncontrolling interest with separate
disclosure of:
(1) Net income?
(2) Transactions with owners, with separate amounts for contributions from
and distributions to owners?
(3) Each component of other comprehensive income?
d. In the notes to the consolidated financial statements, a separate schedule
reflecting the effects of any changes in a parents ownership interest in a
subsidiary on the equity attributable to the parent?
14. In the consolidated balance sheet, has the noncontrolling interest been clearly
identified, labeled, and reported separately from the parents equity within the
equity section? (FASB ASC 810-10-45-16) (formerly ARB No. 51, para. 26)
Disclosure Made?
Yes No N/A
Deconsolidation j jj j
15. For subsidiaries that are deconsolidated or a group of assets that is derecognized,
has the following been disclosed: (FASB ASC 810-10-50-1B) (formerly ARB No. 51,
para. 39; ASU 2010-02)
a. The amount of any gain or loss recognized in net income attributable to the
parent?
b. The portion of any gain or loss related to the remeasurement of any retained
investment in the former subsidiary or group of assets to its fair value?
c. The caption in the income statement where the gain or loss is recognized
unless separately presented on the face of the income statement?
d. A description of the valuation technique(s) used to measure the fair value of
any direct or indirect retained investment in the former subsidiary or group of
assets?
e. Information that enables users of the parents financial statements to assess
the inputs used to develop the fair value in item d?
f. The nature of continuing involvement with the subsidiary or entity acquiring
the group of assets after it has been deconsolidated or derecognized?
g. Whether the transaction that resulted in the deconsolidation or derecognition
was with a related party?
h. Whether the former subsidiary or entity acquiring a group of assets will be a
related party after deconsolidation?
DERIVATIVE FINANCIAL INSTRUMENTS AND HEDGING ACTIVITIES j jj j
Derivative Instruments and Embedded DerivativesGeneral j jj j
1. If the entity holds or issues derivative instruments (or nonderivative instruments
that are designated and qualify as hedging instruments), have the following been
disclosed for each period for which a balance sheet and income statement are
presented: (FASB ASC 815-10-50-1A; 815-10-50-1B; 815-10-50-2 and 50-3)
a. The entitys objectives for holding or issuing the instruments, the context
needed to understand the objectives, and the entitys strategies for achieving
those objectives? [Disclosure should be made in the context of each
instruments primary underlying risk exposure. Instruments should be
distinguished between those used for risk management purposes and those
used for other purposes.]
b. For derivative instruments designated as hedging instruments, does the
description in item (a) distinguish between derivative instruments designated
as:
(1) Fair value hedging instruments?
(2) Cash flow hedging instruments?
(3) Hedging instruments of the foreign currency exposure in a net
investment in a foreign operation?
Disclosure Made?
Yes No N/A
c. For derivative instruments not designated as hedging instruments, does the
description in item (a) indicate the purpose of the derivative activity?
d. Information about the volume of the entitys derivative activity?
e. If additional qualitative disclosures about the entitys overall exposures to
interest rate risk, foreign currency exchange rate risk, commodity price risk,
credit risk, and equity price risk are made, do the disclosures include a
discussion of those exposures even though the entity does not manage some
of those exposures by using derivative instruments?
disclosed for each period for which a balance sheet and income statement are
presented: [The quantitative disclosures required by items (a) and (b) should be
presented in tabular format except for the information required for hedged items in
item (b)(1), which can be presented in a tabular or nontabular format.] (FASB ASC
815-10-50-4A through 50-4F) (formerly SFAS No. 133, para. 44C)
a. The financial statement line item(s) and fair value amounts of derivative
instruments reported in the balance sheet showing:
(1) The fair value of derivative instruments presented on a gross basis, even
when the derivative instruments are subject to master netting
arrangements and qualify for net presentation in the balance sheet?
(2) Fair value amounts presented as separate asset and liability values
segregated between (i) derivatives that are designated and qualifying as
hedging instruments and (ii) those that are not, with further separate
presentation by type of derivative contract within those two categories?
b. The financial statement line item(s) and amount of gains and losses reported
in the income statement [or when applicable, the balance sheet, such as for
gains and losses initially recognized in other comprehensive income (OCI)]
with separate presentation of gains and losses for: [The information should be
presented separately by type of derivative contract, for example, interest rate
contracts, foreign exchange contracts, equity contracts, commodity contracts,
credit contracts, other contracts, etc.]
(1) Derivative instruments designated and qualifying as hedging instruments
in fair value hedges and related hedged items designated and qualifying
in fair value hedges?
(2) The effective portion of gains and losses on derivative instruments
designated and qualifying in cash flow hedges and net investment
hedges that was recognized in OCI during the current period?
(3) The effective portion of gains and losses on derivative instruments
designated and qualifying as hedging instruments in cash flow hedges
and net investment hedges recorded in accumulated other
comprehensive income during the term of the hedging relationship and
reclassified into earnings during the current period?
(4) The portion of gains and losses on derivative instruments designated
and qualifying as hedging instruments in cash flow hedges and net
investment hedges representing (i) the amount of the hedges
ineffectiveness and (ii) the amount, if any, excluded from the assessment
Disclosure Made?
Yes No N/A
of hedge effectiveness?
(5) Derivative instruments not designated or qualifying as hedging
instruments?
c. For derivative instruments that are not designated or qualifying as hedging
instruments, if the entitys policy is to include those derivative instruments in
its trading activities and the entity elects to not separately disclose gains and
losses as indicated in item (b)(5), have the following been disclosed:
(1) The gains and losses on its trading activities (including both derivative
and nonderivative instruments) recognized in the income statement,
separately by major types of items (such as fixed income/interest rates,
foreign exchange, equity, commodity, and credit)?
(2) The line items in the income statement in which trading activities gains
and losses are included?
(3) A description of the nature of its trading activities and related risks, and
how the entity manages those risks?
disclosed for each period for which a balance sheet is presented: (FASB ASC
815-10-50-4H) (formerly SFAS No. 133, para. 44D)
a. The existence and nature of credit-risk-related contingent features and the
circumstances in which the features could be triggered in derivative
instruments that are in a net liability position at the end of the reporting
period?
b. The aggregate fair value amounts of derivative instruments that contain
credit-risk-related contingent features that are in a net liability position at the
end of the reporting period?
c. The aggregate fair value of assets that are already posted as collateral at the
end of the reporting period and (1) the aggregate fair value of additional
assets that would be required to be posted as collateral and/or (2) the
aggregate fair value of assets needed to settle the instrument immediately, if
the credit-risk-related contingent features were triggered at the end of the
reporting period?
4. If information on derivative instruments (or nonderivative instruments that are
designated and qualify as hedging instruments) is disclosed in more than a single
footnote, has a cross-reference been made from the derivative footnote to other
footnotes in which derivative-related information is disclosed? (FASB ASC
815-10-50-4I) (formerly SFAS No. 133, para. 44E)
5. If the disclosures about derivative instruments (or non-derivative instruments that
are designated and qualifying as hedging instruments) are not sufficient for
financial statement users to understand (a) how and why derivative instruments are
used, (b) the accounting for derivative instruments and related hedged items, and
(c) how derivative instruments and related hedged items affect financial position,
income, and cash flows, has additional disclosure been made as necessary?
6. Has the following been disclosed regarding offsetting fair value amounts
recognized for derivative instruments under master netting arrangements at the
Disclosure Made?
Yes No N/A
end of each reporting period: (FASB ASC 815-10-45-5; 815-10-50-8) (formerly FIN
39, paras. 10 and 10B)
a. The policy to offset or not offset fair value amounts recognized for derivative
instruments and fair value amounts recognized for the right to reclaim or
return cash collateral arising from derivative instruments recognized at fair
value under master netting arrangements? (FASB ASC 815-10-50-7) (formerly
FIN 39, para. 10A)
b. If the entity has made an accounting policy decision to offset fair value
amounts, separate disclosure of amounts recognized for the right to reclaim
cash collateral or the obligation to return cash collateral that have (1) been
offset against net derivative positions under master netting arrangements that
are eligible for offsetting and (2) not been offset against net derivative
positions under master netting arrangements?
c. If the entity has made an accounting policy decision to not offset fair value
amounts, separate disclosure of amounts recognized for the right to reclaim
cash collateral or the obligation to return cash collateral under master netting
arrangements?
d. The disclosures in Part II, BALANCE SHEET OFFSETTING?
7. Have the following been disclosed for hybrid financial instruments that are
measured at fair value under the election and under the practicability exception:
(FASB ASC 815-15-45-1; FASB ASC 815-15-50-1 and 50-2) (formerly SFAS No.
133, paras. 44A and 44B)
a. On the face of each balance sheet presented, separate reporting of fair value
and non-fair-value amounts either through separate line items or parenthetical
disclosure of fair value amounts included in aggregated totals?
b. Information that allows users to understand the effect of changes in fair value
on earnings?
c. The applicable disclosures in Part II, FAIR VALUE OPTION FOR FINANCIAL
ASSETS AND FINANCIAL LIABILITIES?
8. Have the following disclosures been made for the period in which a previously
bifurcated embedded conversion option in a convertible debt instrument no longer
meets the separation criteria: (FASB ASC 815-15-50-3) (formerly EITF 06-7)
a. A description of the principal changes causing the embedded conversion
option to no longer meet the bifurcation criteria?
b. The amount of the liability for the conversion option reclassified to
stockholders equity?
9. Has the accounting policy for premiums paid to acquire an option classified as
held-to-maturity or available-for-sale been disclosed? (FASB ASC 815-10-50-9)
Credit Derivatives j jj j
10. For each balance sheet presented, has the seller of a credit derivative disclosed
the following information for each credit derivative, or each group of similar credit
derivatives (even if the likelihood of the seller having to make any payments under
the credit derivative is remote): For hybrid instruments with embedded credit
Disclosure Made?
Yes No N/A
derivatives, the seller should disclose the required information for the entire hybrid
instrument not just the embedded credit derivatives. The disclosures do not apply
to an embedded derivative feature related to the transfer of credit risk that is only in
the form of subordination of one financial instrument to another. (FASB ASC
815-10-50-4K and 50-4L) (formerly SFAS No. 133, para. 44DD; ASU 2010-11)
a. The nature of the credit derivative, including the approximate term, the
reason(s) for entering into the credit derivative, the events or circumstances
that would require the seller to perform under the credit derivative, and the
current status (as of the balance sheet date) of the payment/performance risk
of the credit derivative?
b. For internal groupings, how groupings are determined and used for
managing risk?
c. The maximum potential amount of future payments (undiscounted) the seller
could be required to make under the credit derivative? (The maximum
potential amount of future payments should not be reduced by any amounts
that may possibly be recovered under recourse or collateralization
provisions.)
d. If applicable, the fact that the terms of the credit derivative provide for no
limitation to the maximum potential future payments under the contract?
e. If the seller is unable to develop an estimate of the maximum potential amount
of future payments under the credit derivative, the reasons why an estimate
cannot be made?
f. The fair value of the credit derivative as of the balance sheet date?
g. The nature of:
(1) Any recourse provisions that would enable the seller to recover from third
parties amounts paid under the credit derivative?
(2) Any assets held either as collateral or by third parties that, upon the
occurrence of a specified triggering event or condition, the seller can
obtain and liquidate to recover all or a portion of the amounts paid under
the credit derivative? [If estimable, the seller should indicate the
approximate extent to which the proceeds from liquidation of those
assets would be expected to cover the maximum potential amount of
future payments under the credit derivative. In its estimate, the seller of
credit protection should consider the effect of any purchased credit
protection with identical underlying(s).]
h. If the disclosures about credit derivatives (and hybrid instruments with
embedded credit derivatives) in items (a)(g) are not sufficient for users of the
financial statements to assess their potential effect on financial position,
financial performance, and cash flows, has additional disclosure been made
as necessary? (FASB ASC 815-10-50-4K) (formerly SFAS No. 133, para.
44DD)
11. At the date of adoption of the guidance for embedded credit derivatives in ASU
2010-11, has separate disclosure been made of: (ASU 2010-11 is effective at the
beginning of the first quarter beginning after June 15, 2010. Early adoption is
permitted at the beginning of the first quarter beginning after March 5, 2010. Upon
adoption, an entity may elect the fair value option for any investment in a beneficial
Disclosure Made?
Yes No N/A
interest in a securitized financial asset. The election shall be determined on an
instrument-by-instrument basis.)
a. If the fair value option is elected, the amount of unrealized gains and losses
that were previously unrecognized (for investments reported at amortized
cost) and the amount of unrealized gains and losses reclassified from
accumulated other comprehensive income (for investments reported at fair
value)? (This disclosure is permitted but not required.) (FASB ASC
815-10-65-5B)
b. The gross gains and gross losses that make up the cumulative-effect
adjustment, determined on an instrument-by-instrument basis? (FASB ASC
815-10-65-5F)
c. The gross gains and gross losses that represent the adjustment related to the
election of the fair value option and the adjustment related to the pro forma
bifurcation for those hybrids for which the fair value option was not elected?
(This disclosure is permitted but not required.) (FASB ASC 815-10-65-5F)
Hedging Activities j jj j
12. Have the following been disclosed for each period for which a balance sheet and
income statement are presented: (FASB ASC 815-25-50-1; 815-30-50-1) (formerly
a. For derivative instruments designated and qualifying as fair value hedging
instruments (as well as nonderivative instruments that may give rise to foreign
currency transaction gains or losses) and for the related hedged items:
(1) The net gain or loss recognized in earnings during the reporting period
representing (i) the amount of the hedges ineffectiveness and (ii) the
component of the derivative instruments gain or loss, if any, excluded
from the assessment of hedge effectiveness?
(2) The amount of net gain or loss recognized in earnings when a hedged
firm commitment no longer qualifies as a fair value hedge?
b. For derivative instruments designated and qualifying as cash flow hedging
instruments and for the related hedged transactions:
(1) A description of the transactions or other events that will result in the
reclassification into earnings of gains and losses that are reported in
accumulated other comprehensive income?
(2) The estimated net amount of the existing gains or losses at the reporting
date that is expected to be reclassified into earnings within the next 12
months?
(3) The maximum length of time over which the entity is hedging its
exposure to the variability in future cash flows for forecasted transactions
excluding those forecasted transactions related to the payment of
variable interest on existing financial instruments?
(4) The amount of gains and losses reclassified into earnings as a result of
the discontinuance of cash flow hedges because it is probable that the
original forecasted transactions will not occur by the end of the originally
specified time period or within the additional period of time discussed in
FASB ASC 815-30-40-4 and 40-5 (formerly paragraph 33 of SFAS No.
Disclosure Made?
Yes No N/A
133)?
13. Has the net gain or loss on derivative instruments designated and qualifying as
cash flow hedging instruments that are reported in comprehensive income been
displayed as a separate classification within other comprehensive income? (FASB
14. Have the following disclosures been made separately as part of the disclosures of
DEVELOPMENT STAGE COMPANIES j jj j
1. Do the financial statements of development stage companies disclose: (FASB ASC
915) (formerly SFAS No. 7, paras. 1113)
a. Balance Sheetany cumulative net losses reported with a descriptive caption
such as deficit accumulated during the development stage in the
stockholders equity section? (FASB ASC 915-210-45-1)
b. Income Statementamounts of revenues and expenses for each individual
period presented as well as cumulative amounts from the entitys inception
(or the inception of the development stage)? (FASB ASC 915-225-45-1)
c. Statement of Cash Flowscash inflows and outflows for each period for
which an income statement is presented and, in addition, cumulative amounts
from the entitys inception? (FASB ASC 915-230-45-1)
d. Statement of Stockholders Equityshowing from the entitys inception:
(FASB ASC 915-215-45-1)
(1) For each issuance, the date and number of shares of stock, warrants,
rights, or other equity securities issued for cash and for other
consideration?
(2) For each issuance, the dollar amounts (per share or other equity unit and
in total) assigned to the consideration received for shares of stock,
warrants, rights, and other equity securities? (Dollar amounts should be
assigned to any noncash consideration received.)
(3) For each issuance involving noncash consideration, the nature of the
noncash consideration and the basis for assigning amounts?
e. That the financial statements are those of a development stage company and
a description of the nature of the development stage activities in which the
entity is engaged? (FASB ASC 915-205-45-4; 915-235-50-1)
f. In the financial statements for the first fiscal year in which the entity is no
longer considered to be in the development stage, that in prior years it had
been in the development stage? [If financial statements for prior years are
presented for comparative purposes, the cumulative amounts and other
additional disclosures required by items (a)(e) need not be shown.] (FASB
ASC 915-205-45-5; 915-235-50-2)
Disclosure Made?
Yes No N/A
DISCONTINUED OPERATIONS j jj j
1. Have the following disclosures been made for each period in which a component
of an entity has been disposed of or classified as held for sale:
a. For current and prior periods, results of operations for the component,
including any gain or loss on disposal and less applicable income taxes,
reported as a separate component of income before extraordinary items
(gains or losses on disposal can be disclosed on the face of the financial
statements or in the notes)? (FASB ASC 205-20-45-3) (formerly SFAS No.
144, para. 43)
b. Nature and amount of any adjustments to amounts previously reported in
discontinued operations that are directly related to the disposal of a
component of the entity in a prior period? (Such adjustments should be
classified separately in the current period in discontinued operations.) (FASB
ASC 205-20-45-4; 205-20-50-5) (formerly SFAS No. 144, para. 44)
c. Assets and liabilities held for sale presented separately in the asset and
liability sections of the balance sheet, with the major classes of such assets
and liabilities separately disclosed either on the face of the statement or in the
notes? (FASB ASC 205-20-50-2) (formerly SFAS No. 144, para. 46)
d. Description of the facts and circumstances leading to the expected disposal,
the expected manner and timing of the disposal, and, if not separately
presented on the face of the balance sheet, the carrying amounts of the major
classes of assets and liabilities included in the disposal group? (FASB ASC
e. Loss recognized for any initial or subsequent write-down to fair value less cost
to sell (or gain recognized for subsequent increases in fair value to the extent
of such losses) and, if not separately presented on the face of the income
statement, the caption in the income statement that includes the gain or loss?
f. Amounts of revenue and pretax profit or loss reported in discontinued
operations? (FASB ASC 205-20-50-1) (formerly SFAS No. 144, para. 47)
g. The segment in which the long-lived asset is reported, if applicable? (FASB
2. If a decision was made during the period not to sell a disposal group previously
classified as held for sale, do disclosures include a description of the
circumstances leading to the decision and the effect of the decision on results of
operations for all periods presented? (FASB ASC 205-20-50-3) (formerly SFAS No.
144, para. 48)
3. Have the following disclosures been made for each discontinued operation that
generates continuing cash flows: (FASB ASC 205-20-50-4) (formerly EITF 03-13)
a. Nature of the activities that give rise to continuing cash flows?
b. Period of time continuing cash flows are expected to be generated?
c. Principal factors used to conclude that the expected continuing cash flows are
not direct cash flows of the disposed component?
4. If the entity engages in a continuation of activities with the component after its
disposal, have intercompany amounts before the disposal that were eliminated in
Disclosure Made?
Yes No N/A
disposal, have intercompany amounts before the disposal that were eliminated in
consolidation been disclosed for all periods presented? (FASB ASC 205-20-50-6)
5. In the period in which operations are initially classified as discontinued, has the
entity disclosed the types of continuing involvement with the component, if any,
that it will have after disposal? (FASB ASC 205-20-50-6) (formerly EITF 03-13)
EMPLOYEE STOCK OWNERSHIP PLANS (ESOPs) j jj j
NOTE: The disclosure required by FASB ASC 718-40-50 (formerly SOP 93-6) apply to
shares acquired by an ESOP after December 31, 1992 (new shares). Shares acquired
on or before December 31, 1992 (old shares), may be accounted for following the
guidance in FASB ASC 718-40 (formerly SOP 93-6) or SOP 76-3. If SOP 76-3 is
followed, the applicable disclosures required by FASB ASC 718-40-50 (formerly SOP
93-6) should be made in addition to the disclosures required by SOP 76-3.
FASB ASC 718-40-50 (formerly SOP 93-6) j jj j
1. Do the financial statements disclose the following general information regarding
the plan: (FASB ASC 718-40-50-1) (formerly SOP 93-6, para. 53a)
a. A description of the plan?
b. The basis for determining contributions to the plan?
c. The employee groups covered by the plan?
d. The nature and effect of significant matters affecting comparability of
information for the periods presented?
e. The basis for releasing shares and how dividends on allocated and
unallocated shares are used (applies to leveraged ESOPs and pension
reversion ESOPs)?
2. Have the following accounting policy disclosures been made: (The disclosures are
required for both old shares and new shares if the employer does not adopt the
guidance in FASB ASC 718-40 for old shares.) (FASB ASC 718-40-50-1) (formerly
SOP 93-6, para. 53b)
a. The method of measuring compensation?
b. The classification of dividends on ESOP shares?
3. Do the financial statements disclose the amount of plan compensation cost
recognized during the period? (FASB ASC 718-40-50-1) (formerly SOP 93-6, para.
53c)
4. Do the financial statements disclose the number of allocated shares,
committed-to-be-released shares, and suspense shares held by the plan at the
balance sheet date? (Separate disclosure is required for both old shares and new
shares if the employer does not adopt the guidance in FASB ASC 718-40 for the
old shares.) (FASB ASC 718-40-50-1) (formerly SOP 93-6, para. 53d)
5. Is the fair value of unearned ESOP shares at the balance sheet date disclosed?
(This disclosure need not be made for old ESOP shares if the employer does not
adopt the guidance in FASB ASC 718-40 for the old shares.) (FASB ASC
718-40-50-1) (formerly SOP 93-6, para. 53e)
Disclosure Made?
Yes No N/A
6. Do the financial statements disclose the existence and nature of any repurchase
obligations, including the fair value of any shares subject to a repurchase
obligation and allocated as of the balance sheet date? (FASB ASC 718-40-50-1)
(formerly SOP 93-6, para. 53f)
SOP 76-3 j jj j
7. If an employer has, in substance, guaranteed the debt of an ESOP, do the
employers financial statements disclose: (Grandfathered) (formerly SOP 76-3,
para. 10)
a. The compensation element and the interest element of annual contributions
to the ESOP?
b. The interest rate and debt terms?
ENVIRONMENTAL REMEDIATION OBLIGATIONS AND CONTINGENCIES j jj j
1. Has the following information been disclosed about recorded accruals for
environmental remediation loss contingencies and related assets for third-party
recoveries:
a. Whether the accrual for environmental remediation liabilities is measured on a
discounted basis? (FASB ASC 410-30-50-4) (formerly SOP 96-1, para. 152)
b. The nature and amount of the accrual (if necessary for the financial
statements not to be misleading)? (FASB ASC 410-30-50-5; 450-20-50-1)
(formerly SOP 96-1, para. 155 and SFAS No. 5, para. 9)
c. If any portion of the accrued obligation is discounted, the undiscounted
amount of the obligation and the discount rate used? (FASB ASC
d. If it is at least reasonably possible that the accrued obligation or any
recognized asset for third-party recoveries will change in the near term and
the effect is material, an indication that it is at least reasonably possible that a
change in the estimate will occur in the near term? (FASB ASC 275-10-50-9;
410-30-50-6) (formerly SOP 94-6, para. 14 and SOP 96-1, para. 156)
2. Have the following disclosures been made about unaccrued environmental
remediation contingencies (including exposures in excess of amounts accrued):
a. A description of the reasonably possible loss contingency and an estimate of
the possible loss (or the fact that such an estimate cannot be made)? (FASB
ASC 410-30-50-5; 450-20-50-4) (formerly SFAS No. 5, para. 10 and SOP 96-1,
para. 155)
b. If it is at least reasonably possible that the estimated loss (or gain)
contingency will change in the near term and the effect is material, an
indication that it is at least reasonably possible that a change in the estimate
will occur in the near term? (FASB ASC 275-10-50-9; 410-30-50-6) (formerly
SOP 94-6, para. 14 and SOP 96-1, para. 156)
3. For probable but not reasonably estimable loss contingencies that may be
material, have the following disclosures been made: (FASB ASC 450-20-50-4)
a. A description of the remediation obligation?
Disclosure Made?
Yes No N/A
b. The fact that a reasonable estimate cannot currently be made?
4. If assertion of a claim is probable or if existing laws require the entity to report the
release of hazardous substances and begin a remediation study, has a loss
contingency been disclosed? (FASB ASC 410-30-50-13) (formerly SOP 96-1, para.
168)
EXIT OR DISPOSAL ACTIVITIES j jj j
1. Has the following been disclosed if an exit or disposal activity was initiated or in
process during the period (until the activity is completed): (FASB ASC 420-10-50-1)
a. A description of the exit or disposal activity, including the facts and
circumstances leading to the activity and the expected completion date?
b. For each major type of cost associated with the activity (one-time termination
benefits, contract termination costs, and other associated costs):
(1) The total amount expected to be incurred in connection with the activity,
the amount incurred during the period, and the cumulative amount
incurred to date?
(2) A reconciliation of the beginning and ending liability balances showing
separately the changes during the period attributable to costs incurred
and charged to expense, costs paid or otherwise settled, and any
adjustments to the liability? (The reasons for any adjustments should be
explained.)
c. The line items in the income statement in which the exit or disposal costs are
included?
d. If a liability for a cost associated with the activity is not recognized because
fair value cannot be reasonably estimated, that fact and the reasons therefor?
EXTINGUISHMENT OF DEBT j jj j
1. If debt is considered to be extinguished prior to December 31, 1996, under the
provisions of SFAS No. 76, para. 3(c) relating to cash or other assets placed in
trust, is a general description of the transaction and the amount of debt that is
considered extinguished at the end of each period that debt remains outstanding
FAIR VALUE OPTION FOR FINANCIAL ASSETS AND FINANCIAL LIABILITIES j jj j
1. Have assets and liabilities measured at fair value under the fair value option been
reported separately from the carrying amounts of similar assets and liabilities
measured using another measurement attribute by either (a) presenting the
aggregate of fair value and non-fair-value amounts in the same line item in the
balance sheet and parenthetically disclosing the amount measured at fair value
included in the aggregate amount or (b) presenting two separate line items to
display the fair value and non-fair-value carrying amounts? (FASB ASC
Entities are encouraged to present the disclosures in Question Nos. 25 in combination
with fair value disclosures required by other standards.
2. Have the following been disclosed for items measured at fair value under the fair
Disclosure Made?
Yes No N/A
2. Have the following been disclosed for items measured at fair value under the fair
value option as of each date for which a balance sheet is presented: (FASB ASC
825-10-50-28) (formerly SFAS No. 159, para.18)
a. Managements reasons for electing a fair value option for each eligible item or
group of similar eligible items?
b. When the fair value option is elected for some but not all eligible items within
a group of similar eligible items:
(1) A description of those similar items and the reasons for the partial
election?
(2) Information to allow users to understand how the group of similar items
relates to individual line items in the balance sheet?
c. For each line item in the balance sheet that includes an item(s) measured
under the fair value option:
(1) Information to enable users to understand how each line item in the
balance sheet relates to major categories of assets and liabilities
presented in accordance with Question No. 1 (or 4) in Part I, FAIR VALUE
MEASUREMENTS?
(2) The aggregate carrying amount of items included in each line item in the
balance sheet that are not eligible for the fair value option, if any?
d. For items for which the fair value option has been elected, the difference
between the aggregate fair value and the aggregate unpaid principal balance
of:
(1) Loans and long-term receivables (other than investments in debt
securities) that have contractual principal amounts?
(2) Long-term debt instruments that have contractual principal amounts?
e. For loans held as assets for which the fair value option has been elected:
(1) The aggregate fair value of loans that are 90 days or more past due?
(2) Where the entitys policy is to recognize interest income separately from
other changes in fair value, the aggregate fair value of loans in
nonaccrual status?
(3) The difference between the aggregate fair value and the aggregate
unpaid principal balance for loans that are 90 days or more past due, in
nonaccrual status, or both?
f. For investments that would have been accounted for under the equity method
if the entity had not chosen to apply the fair value option, the information
required by items 1(a), (b), and (e) in Part II, INVESTMENTS ACCOUNTED
FOR BY THE EQUITY METHOD?
3. Have the following been disclosed for each income statement period presented
about items for which the fair value option has been elected: (FASB ASC
a. For each balance sheet line item, the amounts of gains and losses from fair
value changes included in earnings during the period and the income
Disclosure Made?
Yes No N/A
statement line item where such gains and losses are reported?
b. A description of how interest and dividends are measured and where they are
reported in the income statement?
c. For loans and other receivables held as assets
(1) The estimated amount of gains or losses included in earnings during the
period attributable to changes in instrument-specific credit risk?
(2) How gains or losses attributable to changes in instrument-specific credit
risk were determined?
d. For liabilities with fair values that have been significantly affected during the
reporting period by changes in the instrument-specific credit risk
(1) The estimated amount of gains and losses from fair value changes
included in earnings that are attributable to changes in the
instrument-specific credit risk?
(2) Qualitative information about the reasons for those changes?
(3) How the gains and losses attributable to changes in instrument-specific
credit risk were determined?
4. For annual periods only, has the entity disclosed the methods and significant
assumptions used to estimate the fair value of items for which the fair value option
has been elected? (FASB ASC 825-10-50-31) (formerly SFAS No. 159, para. 21)
5. If the fair value option is elected at the time (a) the accounting treatment for an
investment in another entity changes or (b) an event occurs that requires fair value
measurement at that time but not subsequently, has the following been disclosed
in the period of the election: (FASB ASC 825-10-50-32) (formerly SFAS No. 159,
para. 22)
a. Qualitative information about the nature of the event?
b. Quantitative information by balance sheet line item indicating which income
statement line items include the effect on earnings of initially electing the fair
value option for an item?
FOREIGN OPERATIONS j jj j
1. Are significant foreign operations disclosed, including foreign earnings reported in
excess of amounts received in the U.S. (or available for unrestricted transmittal to
the U.S.)? (Accepted practice)
2. Has the following information about foreign currency translations been disclosed:
(FASB ASC 830-20-50-1 and 50-2; 830-30-50-1 and 50-2) (formerly SFAS No. 52,
paras. 3032 and 143)
a. Aggregate foreign currency transaction gain or loss included in net income?
b. Analysis of the changes during the period in accumulated other
comprehensive income for cumulative translation adjustments, including at a
minimum (FASB ASC 830-30-45-18 and 45-20)
(1) Beginning and ending amount of cumulative translation adjustments?
(2) Aggregate adjustment for the period resulting from translation
adjustments and gains and losses from hedges of a net investment in a
Disclosure Made?
Yes No N/A
adjustments and gains and losses from hedges of a net investment in a
foreign entity and long-term intercompany foreign currency transactions?
(3) Amount of taxes for the period allocated to translation adjustments?
(4) Amounts transferred from cumulative translation adjustments and
included in net income as a result of the sale or liquidation of an
investment in a foreign entity?
c. Information about investments designated as hedges of the foreign currency
exposure of a net investment in a foreign operation? (See DERIVATIVE
FINANCIAL INSTRUMENTS AND HEDGING ACTIVITIES.)
d. Exchange rate changes occurring after the balance sheet date (if their effects
are significant), including their effects on unsettled foreign currency
transactions? (If it is not practicable to determine the effect of the rate
changes, that fact should be stated.)
FRANCHISE FEE REVENUES j jj j
1. Has the nature of all significant commitments and obligations resulting from
franchise agreements, including a description of the services that have not yet
been substantially performed, been disclosed? (FASB ASC 952-440-50-1) (formerly
2. If the installment or cost recovery method is used to account for franchise fee
revenue, has the following been disclosed: (FASB ASC 952-605-50-1) (formerly
a. Method used to account for franchise fee revenue?
b. Sales price?
c. Revenue and related costs deferred on both a current and cumulative basis?
d. Periods in which the fees become payable by the franchisee?
e. Amounts originally deferred but later recognized because uncertainties about
the collectibility of franchise fees are resolved?
3. Has the amount of initial franchise fees, if significant, been disclosed separately
from other franchise fee revenue? (FASB ASC 952-605-50-2) (formerly SFAS No.
45, para. 22)
4. When practicable, have revenue and costs related to franchisor-owned outlets
been disclosed separately from revenue and costs related to franchised outlets?
5. If it is probable that initial franchise fee revenue will decline in the future because
sales will reach a saturation point, has that fact been disclosed? (FASB ASC
6. Has the relative contribution to net income of initial franchise fee revenue been
disclosed if not otherwise apparent? (FASB ASC 952-605-50-2) (formerly SFAS No.
45, para. 22)
7. Have the following been disclosed if significant changes in the ownership of
franchises occur during the period: (FASB ASC 952-605-50-3) (formerly SFAS No.
45, para. 23)
Disclosure Made?
Yes No N/A
a. Number of franchises sold during the period?
b. Number of franchises purchased during the period?
c. Number of franchised outlets in operation during the period?
d. Number of franchisor-owned outlets in operation during the period?
IMPAIRED LONG-LIVED ASSETS AND LONG-LIVED ASSETS TO BE DISPOSED OF j jj j
1. Have the following disclosures been made about impaired assets that will continue
to be used (FASB ASC 360-10-50-2) (formerly SFAS No. 144, para. 26):
a. A description of the impaired assets and the facts and circumstances leading
to the impairment?
b. The amount of the impairment loss and how fair value was determined?
c. The caption in the income statement in which the impairment loss is
aggregated if that loss has not been presented as a separate caption or
reported parenthetically on the face of the statement?
d. The business segment(s) affected, if applicable?
2. Have the following disclosures been made for all assets to be disposed of in each
period the assets are held (FASB ASC 205-20-50-1) (formerly SFAS No. 144, para.
47):
a. The facts and circumstances leading to the expected disposal, the expected
manner and timing of the disposal, and the carrying amounts of the major
classes of assets and liabilities included in the disposal group?
b. The business segment(s) in which assets to be disposed of are held, if
applicable?
c. The loss, if any, resulting from writing down the assets to fair value less cost
to sell?
d. The gain or loss, if any, resulting from subsequent changes in the carrying
amounts of assets to be disposed of?
e. The caption in the income statement in which the gains or losses [from items
(c) and (d)] are aggregated if those gains or losses have not been presented
as a separate caption or reported parenthetically on the face of the
statement?
3. If a decision was made during the period not to sell a long-lived asset previously
classified as held for sale, do disclosures include a description of the
circumstances leading to the decision and the effect of the decision on results of
operations for all periods presented? (FASB ASC 205-20-50-3) (formerly SFAS No.
144, para. 48)
INCOME TAXESSPECIAL AREAS j jj j
1. Have the following disclosures been made whenever a deferred tax liability is not
recognized because of the exceptions to comprehensive recognition of deferred
taxes related to subsidiaries and corporate joint ventures (undistributed earnings of
subsidiaries or corporate joint ventures, bad debt reserves of savings and loan
associations, or policy holders surplus of life insurance companies), for deposits
Disclosure Made?
Yes No N/A
in statutory reserve funds by U.S. steamship companies, or for inside basis
differences of foreign subsidiaries in the consolidated financial statements of the
parent and its foreign subsidiaries: (FASB ASC 740-30-50-2) (formerly SFAS No.
109, para. 44; and EITF 93-16)
a. A description of the types of temporary differences for which a deferred tax
liability has not been recognized and the types of events that would cause
those temporary differences to become taxable?
b. The cumulative amount of each type of temporary difference?
c. The amount of the unrecognized deferred tax liability for temporary
differences related to investments in foreign subsidiaries and foreign
corporate joint ventures that are essentially permanent in duration if
determination of that liability is practicable or a statement that determination is
not practicable?
d. The amount of the unrecognized deferred tax liability for temporary
differences related to undistributed domestic earnings, the bad debt reserve
for tax purposes of a U.S. savings and loan association or other qualified thrift
lender, the policy holders surplus of a life insurance company, and the
statutory reserve funds of a U.S. steamship company?
2. If the tax benefits of deductible temporary differences and carryforwards arising
prior to a quasi-reorganization are recognized in net income rather than
contributed capital, have the following been disclosed: (Grandfathered) (formerly
a. The date of the quasi-reorganization?
b. The manner of reporting the tax benefits and that it differs from present
accounting requirements for other entities?
c. The effect of the tax benefits on income from continuing operations, income
before extraordinary items, and on net income?
INSURANCE CONTRACTS, PROCEEDS, AND ASSESSMENTS j jj j
1. Have the following been disclosed for insurance and reinsurance contracts
accounted for as deposits: (FASB ASC 340-30-50-1) (formerly SOP 98-7, para. 18)
a. A description of the contracts accounted for as deposits?
b. Total deposit assets reported in the balance sheet?
c. Total deposit liabilities reported in the balance sheet?
2. If business interruption insurance proceeds were received during the period, have
the following been disclosed: (FASB ASC 225-30-50-1) (formerly EITF 01-13)
a. Nature of the event resulting in business interruption losses?
b. Aggregate amount of proceeds recognized during the period and the income
statement line item in which they are presented?
3. For purchases of life insurance, has the existence of contractual restrictions on the
ability to surrender a policy been disclosed? (FASB ASC 325-30-50-1) (formerly
EITF 06-5)
4. For insurance related assessments, has the following been disclosed: (FASB ASC
Disclosure Made?
Yes No N/A
a. If the amounts have been discounted:
(1) Undiscounted amounts of the liability?
(2) Any related asset for premium offsets or policy surcharges?
(3) Discount rate used?
b. If the amounts have not been discounted:
(1) Amounts of the liability?
(2) Any related assets for premium offsets or policy surcharges?
(3) Periods that the assessment is expected to be paid?
(4) Period the recorded tax offsets or policy surcharges are expected to be
realized?
INTANGIBLES j jj j
Intangible Assets Other Than Goodwill j jj j
1. Are individual intangible assets or classes of intangible assets presented as
separate line items in the balance sheet or, at a minimum, aggregated and
presented as a separate line item? (FASB ASC 350-30-45-1 through 45-3) (formerly
2. Has the following been disclosed in the period intangible assets are acquired
(where applicable, disclosure should be made separately for each material
business combination or in the aggregate for individually immaterial combinations
that are collectively material, if the aggregate fair values of intangible assets
acquired, other than goodwill, are significant): (FASB ASC 350-30-50-1) (formerly
SFAS No. 142, para. 44 and FSP FAS 142-3, para. A-1)
a. For intangible assets subject to amortization, the amount, residual value, and
weighted-average amortization period, in total and by major intangible asset
class?
b. Amount assigned to intangible assets not subject to amortization, in total and
by major intangible asset class?
c. Amount of research and development assets acquired (other than in business
combinations) and written off in the period and the income statement line item
in which the amounts written off are aggregated?
d. For intangible assets with renewal or extension terms, the weighted-average
period prior to the next renewal or extension (both explicit and implicit), by
major intangible asset class?
3. Has the following been disclosed for each period for which a balance sheet is
a. For intangible assets subject to amortization, the gross carrying amount and
accumulated amortization, in total and by major intangible asset class, the
aggregate amortization expense for the period, and the estimated aggregate
amortization expense for each of the five succeeding fiscal years?
Disclosure Made?
Yes No N/A
b. Carrying amount of intangible assets not subject to amortization, in total and
by major intangible asset class?
4. Has the following been disclosed for intangible assets that have been renewed or
extended in any period for which a balance sheet is presented: (FASB ASC
350-30-50-2) (formerly SFAS No. 142, para. 45 and FSP FAS 142-3, para. A-1)
a. When renewal or extension costs are capitalized, the total amount of costs
incurred in the period to renew or extend the term of a recognized intangible
asset, by major intangible asset class?
b. The weighted-average period prior to the next renewal or extension (both
explicit and implicit), by major intangible asset class?
5. For recognized intangible assets, has disclosure been made about the extent to
which expected future cash flows associated with the asset are affected by the
entitys ability or intent to renew or extend the arrangement? (FASB ASC
350-30-50-4) (formerly FSP FAS 142-3, para. 13)
6. Has the following been disclosed for each intangible asset impairment loss
recognized during the period: (FASB ASC 350-30-50-3) (formerly SFAS No. 142,
para. 46)
a. Description of the impaired intangible asset and the facts and circumstances
leading to the impairment?
b. Amount of impairment loss and method of determining fair value?
c. Income statement caption in which the impairment loss is aggregated?
Goodwill j jj j
7. Is the aggregate amount of goodwill presented as a separate line item in the
balance sheet? (FASB ASC 350-20-45-1 through 45-3) (formerly SFAS No. 142,
para. 43)
8. Is the aggregate amount of any goodwill impairment loss presented as a separate
line item in the income statement and included in income from continuing
operations (unless it relates to discontinued operations, in which case is it included
in discontinued operations, net of tax)? (FASB ASC 350-20-45-1 through 45-3)
9. Have changes in the carrying amount of goodwill during the period been disclosed
for each period for which a balance sheet is presented, showing separately: (FASB
a. The gross amount and accumulated impairment losses at the beginning of
the period?
b. Additional goodwill recognized, except goodwill included in a disposal group
that, on acquisition, meets the criteria to be classified as held for sale?
c. Adjustments resulting from the subsequent recognition of deferred tax assets
during the period?
d. Goodwill included in a disposal group classified as held for sale, and goodwill
derecognized not previously reported in a disposal group classified as held
for sale?
Disclosure Made?
Yes No N/A
e. Impairment losses?
f. Net foreign exchange differences that arose during the period?
g. Any other changes in the carrying amounts?
h. The gross amount and accumulated impairment losses at the end of the
period?
10. Has the following been disclosed for each goodwill impairment loss recognized
during the period: (FASB ASC 350-20-50-2) (formerly SFAS No. 142, para. 47)
a. Description of the facts and circumstances leading to the impairment?
b. Amount of impairment loss and the method of determining the fair value of the
associated reporting unit?
c. If the impairment loss is an estimate, that fact and the reasons therefor?
11. If significant adjustments to a prior-period estimated goodwill impairment loss have
been made in the current period, have the nature and amount of the adjustments
been disclosed? (FASB ASC 350-20-50-2) (formerly SFAS No. 142, para. 47)
INTERIM FINANCIAL STATEMENTS j jj j
NOTE: In addition to the other disclosures specified in this checklist, the following
disclosures are required in interim financial statements of a nonpublic company.
1. Do the notes disclose (a) the method used to determine inventory and cost of
sales amounts if physical inventories as of the interim date have not been used to
determine those amounts and (b) any significant adjustments that result from
reconciliations to the annual physical inventory? (FASB ASC 270-10-45-6) (formerly
2. If seasonal variations affect revenues, has that fact been disclosed and
consideration been given to supplemental reporting of interim information for the
12-month period ended as of the interim date for the current and preceding years?
(FASB ASC 270-10-45-11) (formerly APB No. 28, para. 18)
3. If there are significant variations in the customary relationship between income tax
expenses and pretax accounting income, and the reasons the variations exist are
not apparent, has appropriate disclosure been made? (FASB ASC 740-270-50-1)
(formerly FIN 18, para. 25)
4. Do the notes disclose contingencies and other uncertainties that are necessary to
make the interim financial statements not misleading? (FASB ASC 270-10-50-6)
5. Are extraordinary items and unusual or infrequently occurring transactions and
events that are material to the operating results of the interim period (such as
unusual seasonal results and business combinations) separately disclosed in the
period they occurred? (FASB ASC 270-10-50-5) (formerly APB No. 28, para. 21)
6. Have the nature and amount of costs and expenses incurred in an interim period
that cannot be readily identified with the activities or benefits of other interim
periods been disclosed (unless items of a comparable nature are included in both
the current and corresponding prior interim period)? (FASB ASC 270-10-45-8)
Disclosure Made?
Yes No N/A
7. Has the total amount of employer pension and postretirement benefit contributions
paid (and expected to be paid during the current fiscal year if significantly different
from amounts previously disclosed) been disclosed? (FASB ASC 715-20-50-7)
[formerly SFAS No. 132(R), para. 10]
8. Accounting changes and error corrections:
a. Has disclosure been made of any change in accounting principles or
practices from those applied in the prior annual report, the preceding interim
period of the current year, or the comparable interim period of the prior year?
(FASB ASC 270-10-45-12) (formerly APB No. 28, para. 23)
b. Have appropriate disclosures been made for changes in accounting principle
made in the interim period? (See Part II, ACCOUNTING CHANGES AND
CORRECTION OF AN ERRORChange in Accounting Principle.) (FASB ASC
c. For interim periods subsequent to the date of adoption in the fiscal year of the
change in accounting principle, has the effect of the change on income from
continuing operations and net income been disclosed for the post-change
interim periods? (FASB ASC 250-10-50-3) (formerly SFAS No. 154, para. 18)
d. Has the effect of a change in accounting estimate been disclosed if it is
material to any interim period presented? (See Part II, ACCOUNTING
CHANGES AND CORRECTION OF AN ERRORChange in Accounting
Estimate.) (FASB ASC 270-10-45-14) (formerly APB No. 28, para. 26)
e. Have appropriate disclosures been made for corrections of an error resulting
in restated financial statements made in an interim period? (See Part II,
ACCOUNTING CHANGES AND CORRECTION OF AN ERRORCorrections
of Errors in Previously Issued Financial Statements That Have Been Restated.)
f. If the effect of an error correction was not reported as a prior period
adjustment because the amounts were not material to the annual financial
statements, have such amounts been disclosed if they are material to the
interim financial statements? (FASB ASC 270-10-45-16) (formerly APB No. 28,
para. 29)
g. Has disclosure of prior-period adjustments been made in subsequent interim
financial statements issued during the year the adjustments were made?
(FASB ASC 250-10-50-8) (formerly APB No. 9, para. 26, fn. 3)
h. Have the following disclosures been made for the interim period in which an
error correction related to prior interim periods of the current fiscal year
occurs: (FASB ASC 250-10-50-11) (formerly SFAS No. 16, para. 15)
(1) The effect on income from continuing operations and net income for
each prior interim period of the current fiscal year?
(2) The income from continuing operations and net income for each prior
interim period restated in accordance with FASB ASC 250-10-45-26
(formerly SFAS No. 16, para. 14)?
i. Have appropriate disclosures been made for changes in reporting entity
made in the interim period, and have previously issued interim statements
been presented on a retrospective basis? (See Part II, ACCOUNTING
Disclosure Made?
Yes No N/A
CHANGES AND CORRECTION OF AN ERRORChange in the Reporting
Entity.) (FASB ASC 250-10-50-6) (formerly SFAS No. 154, para. 24)
INVESTMENTS ACCOUNTED FOR BY THE EQUITY METHOD j jj j
1. Have the following been disclosed if the investor owns 20% or more of the
common stock and uses the equity method: (FASB ASC 323-10-50-2 and 50-3)
a. The name of each investee and percentage of ownership of common stock, if
significant?
b. Accounting policies of the investor relative to investments in common stock?
c. Difference, if any, between the amount at which the investment is carried and
the amount of underlying equity in net assets for the latest balance sheet
presented and the accounting treatment of the difference?
d. The aggregate market value of each identified investment for which a market
value is available? (Not required for investments in common stock of
subsidiaries.)
e. When investments in common stock, corporate joint ventures, or other
investments accounted for under the equity method are, in the aggregate,
material, has summarized information as to assets, liabilities, and results of
operations been presented either individually or in groups as appropriate?
f. Material effects of possible conversions, exercises, or contingent issuances of
the investee?
2. If the investor does not use the equity method, is disclosure made of the names of
any significant investee corporations in which the investor owns 20% or more of
the voting stock, together with the reasons the equity method is not considered
appropriate? (FASB ASC 323-10-50-3) (formerly APB No. 18, para. 20, fn. 13)
3. Is disclosure made of the names of any significant investee corporations in which
the investor owns less than 20% of the voting stock and the common stock is
accounted for on the equity method, together with the reasons the equity method
is considered appropriate? (FASB ASC 323-10-50-3) (formerly APB No. 18, para.
20, fn. 13)
4. Are investments in common stock shown in the balance sheet of an investor as a
single amount, and the investors share of earnings or losses of investees shown in
the income statement as a single amount, except for extraordinary items,
prior-period adjustments, etc.? (FASB ASC 323-10-45-1) (formerly APB No. 18,
para. 19)
5. If investment company accounting is retained for an equity method investee, or a
change in the status of an investment company investee occurs, have the
disclosures required by FASB ASC 946-323-50-1 (formerly SOP 07-1, paras.
5153) been made? (The FASB has indefinitely deferred the effective date of SOP
07-1. Entities that early adopted the SOP before December 15, 2007, are permitted
to continue to apply its provisions. Subject to certain limitations, no other entity
may apply the provisions of the SOP.)
INVESTMENTS IN ENTITIES THAT CALCULATE NET ASSET VALUE PER SHARE j jj j
1. Have the following been disclosed for each class of investment for those
investments that (a) do not have a readily determinable fair value and (b) are in
Disclosure Made?
Yes No N/A
investments that (a) do not have a readily determinable fair value and (b) are in
investment companies or similar entities that report their investment assets at fair
value: (FASB ASC 820-10-50-6A)
a. The fair value measurement of the investments in the class at the reporting
date and a description of the significant investment strategies of the
investee(s)?
b. For investments that can never be redeemed with the investee but provide
distributions from liquidations of the underlying assets, an estimate of the time
period over which the underlying assets are expected to be liquidated by the
investee?
c. Amount of unfunded commitments related to investments?
d. General description of the terms and conditions under which investments may
be redeemed?
e. Circumstances under which redeemable investments might not be
redeemable?
f. For redeemable investments that are restricted from redemption at the
measurement date, an estimate of when the restriction might lapse (or if not
known, that fact and how long the restriction has been in effect)?
g. Any other significant restrictions on the ability to sell the investment?
h. If it is probable that investments will be sold for an amount different than net
asset value per share, the total fair value of such investments and remaining
actions necessary to complete the sale?
i. If it is probable that a group of investments will be sold but still meet the
criteria permitting fair value measurement using net asset value per share, the
plans to sell the investments and remaining actions necessary to complete
the sale?
j. If the disclosures in items (a)(i) are not sufficient for financial statement users
to understand the nature and risks of the investments and whether they are
probable of being sold at amounts different than net asset value per share (or
the equivalent), additional disclosures as necessary?
INVESTMENTS IN NONCORPORATE REAL ESTATE JOINT VENTURES j jj j
NOTE: The following disclosures relate to investments in noncorporate real estate joint
ventures. For investments in corporate joint ventures, refer to the disclosure
requirements for INVESTMENTS ACCOUNTED FOR BY THE EQUITY METHOD.
1. For investments that are accounted for by the equity method, are the following
items disclosed: (FASB ASC 323-10-50-3) (formerly SOP 78-9, para. 12 and APB
No. 18, para. 20)
a. Investees name and percentage of ownership?
b. Legal form of venture?
c. For limited partnership interests of less than 20%, an explanation of why the
equity method is used?
d. Material differences at the balance sheet date between the book value of the
investment and the underlying equity in net assets, and the manner of
Disclosure Made?
Yes No N/A
investment and the underlying equity in net assets, and the manner of
accounting for those differences?
e. Summary financial information about the assets, liabilities, and results of
operations of material investments?
f. Effects of contingent issuances or provisions of the venture agreement that, if
exercised, would materially affect the investors share of venture profits and
losses?
g. Market value of the investment, if a quoted market price is available?
2. For limited partnership interests of 20% or more that are accounted for by the cost
method, are the following items disclosed: (Accepted practice)
b. Explanation of why the cost method is used?
3. For investments that are accounted for by proportionate consolidation, are the
following items disclosed: (Accepted practice)
b. Legal form of venture?
c. An explanation of why proportionate consolidation is used?
4. For investments that are consolidated:
a. Is the consolidation policy disclosed? (FASB ASC 810-10-50-1) (formerly ARB
No. 51, para. 5 and APB No. 22, para. 13)
b. Are intercompany balances and transactions eliminated? (FASB ASC
810-10-45-1) (formerly ARB No. 51, paras. 56)
c. If the financial reporting periods of subsidiaries differ from that of the parent, is
recognition given by disclosure or otherwise to the effect of intervening events
that materially affect financial position or the results of operations? (FASB
ASC 810-10-45-12) (formerly ARB No. 51, para. 4)
LEASES IN FINANCIAL STATEMENTS OF LESSORS j jj j
1. Have the following disclosures been made when leasing, other than leveraged
leasing, is a significant part of the lessors business activities in terms of revenue,
net income, or assets: (FASB ASC 840-10-50-4; FASB ASC 840-30-50-4A)
(formerly SFAS No. 13, para. 23; and ASU 2010-20)
a. General description of the lessors leasing arrangements?
b. Sales-type and direct financing leases: (See also the required disclosures for
troubled debt restructurings of financing receivables in Part II, TROUBLED
DEBT RESTRUCTURINGSCREDITORS)
(1) For each balance sheet presented, the components of the net
investments in sales-type and direct financing leases including:
(a) Aggregate minimum future lease payments to be received?
(b) Amount of aggregate minimum future lease payments representing:
Disclosure Made?
Yes No N/A
(i) Executory costs, including any profit thereon?
(ii) Accumulated allowance for uncollectible minimum lease
payments receivable?
(c) Unguaranteed residual values accruing to the lessors benefit?
(d) Unearned income?
(e) For direct financing leases only, initial direct costs?
(2) Future minimum lease payments to be received for each of the five
succeeding fiscal years as of the date of the latest balance sheet
presented?
c. Operating leases (for the latest balance sheet presented): (FASB ASC
(1) Cost and carrying amount, if different, of property of the lessor held for
leasing by major classes of property according to nature or function, and
the total amount of accumulated depreciation thereon?
(2) Future minimum rentals on noncancelable leases in the aggregate and
for each of the next five fiscal years?
d. Contingent rental income:
(1) Contingent rentals included in income for each income statement
presented? (FASB ASC 840-30-50-4) (formerly SFAS No. 13, para. 23)
(2) The accounting policy for contingent rental income? (FASB ASC
840-10-50-5) (formerly EITF 98-9)
(3) If the lessor accrues contingent rental income prior to the lessees
achievement of the specified target (provided achievement of the target
is probable), the impact on rental income as if the lessors accounting
policy was to defer contingent rental income until the specified target is
met? (FASB ASC 840-10-50-5) (formerly EITF 98-9)
e. Have appropriate disclosures been made for leveraged leases? (FASB ASC
840-30-25-8; 840-30-50-5; 840-30-50-5A) (formerly SFAS No. 13, para. 47; and
ASU 2010-20) (See also the required disclosures for troubled debt
restructurings of financing receivables in Part II, TROUBLED DEBT
RESTRUCTURINGSCREDITORS)
f. Have the nature and extent of leasing transactions with related parties been
LENDING ACTIVITIES AND LOAN PURCHASES j jj j
Lending ActivitiesGeneral j jj j
1. Have the accounting policy, net capitalized amount, and amortization period for
credit card fees and costs been disclosed? (FASB ASC 310-20-50-4) (formerly
SOP 01-6, para. 13 and EITF 92-5)
2. If the entity anticipates prepayments of loan principal, has that policy and the
significant assumptions underlying prepayment estimates been disclosed? (FASB
Disclosure Made?
Yes No N/A
3. In the period in which the guidance on modifications of loans accounted for in a
pool, as provided by ASU 2010-18, Effect of a Loan Modification When the Loan Is
Part of a Pool That Is Accounted for as a Single Asset, is prospectively adopted,
have the disclosures in items 1(a)(c) in Part II, ACCOUNTING CHANGES AND
CORRECTION OF AN ERROR and items 8(b) and (c) in Part II, INTERIM
FINANCIAL STATEMENTS, been made? (FASB ASC 310-10-65-1)
Allowance for Credit Losses j jj j
4. For years ending before December 15, 2011, for each period for which an income
statement is presented, has the following activity in the total allowance for credit
loss account been disclosed: (FASB ASC 310-10-50-12) (formerly SFAS No. 114,
para. 20A)
a. Balance at the beginning and end of the year?
b. Additions charged to income?
c. Write-downs charged against the allowance?
d. Recoveries of amounts previously charged off?
5. For years ending on or after December 15, 2011, for financing receivables (other
than receivables measured at fair value with changes in fair value reported in
earnings; receivables measured at lower of cost of fair value; trade accounts
receivable, except for credit card receivables, that have a contractual maturity of
one year or less and arose from the sale of goods or services; and lessors net
investments in leveraged leases), is there disclosure of the following, by portfolio
segment: (Comparative disclosures are required for periods ending after initial
adoption.) (FASB ASC 310-10-50-11A through 50-11C)
a. Accounting policies and methodology used to estimate the allowance for
credit losses, including:
(1) A description of the factors that influenced managements judgment,
including historical losses and existing economic conditions?
(2) A discussion of risk characteristics relevant to each portfolio segment?
(3) Identification of any changes to the entitys accounting policies or
methodology from the prior period and the entitys rationale for the
change?
(4) A description of the policy for charging off uncollectible financing
receivables?
b. The activity in the allowance for credit losses, including the following:
(1) Balance at the beginning and end of each period?
(2) Current period provision?
(3) Direct write-downs charged against the allowance?
(4) Recoveries of amounts previously charged off?
c. The quantitative effect on the current period provision of any changes in the
accounting policies or methodology from the prior period?
d. The amount of any significant purchases of financing receivables, sales of
financing receivables, or reclassifications of financing receivables to held for
Disclosure Made?
Yes No N/A
financing receivables, or reclassifications of financing receivables to held for
sale during each reporting period?
e. The balance in the allowance for credit losses at the end of each period
disaggregated on the basis of the entitys impairment method?
f. The recorded investment in financing receivables at the end of each period
related to each balance in the allowance for credit losses, disaggregated on
the basis of the entitys impairment methodology in the same manner as the
disclosure in item (e)?
g. To disaggregate the information in items (e) and (f), is there separate
disclosure of amounts collectively evaluated for impairment, amounts
individually evaluated for impairment, and amounts related to loans acquired
with deteriorated credit quality?
Credit Quality Information j jj j
6. For years ending on or after December 15, 2011, is there disclosure of the
following quantitative and qualitative information, by class of financing receivable:
(This disclosure does not apply to receivables measured at fair value with changes
in fair value reported in earnings; receivables measured at lower of cost or fair
value; or trade accounts receivable, except for credit card receivables, with a
contractual maturity of one year or less that arose from the sale of goods or
services.) Comparative disclosures are required for periods ending after initial
adoption. (FASB ASC 310-10-50-27 through 50-30)
a. A description of the credit quality indicator?
b. The recorded investment in financing receivables by credit quality indicator?
c. For each credit quality indicator, the date or range of dates when information
for that credit quality indicator was updated?
d. If internal risk ratings are disclosed, qualitative information about how those
internal risk ratings relate to the likelihood of loss?
e. If the disclosures in items (a)(d) are not sufficient to enable financial
statement users to (1) understand how and to what extent management
performs ongoing monitoring of the credit quality of its financing receivables
and (2) assess the quantitative and qualitative risks arising from the credit
quality of financing receivables, additional disclosures as necessary?
Impaired Loans j jj j
7. Has the following information about impaired loans been disclosed: (For years
ending on or after December 15, 2011, this disclosure should be made by class of
financing receivable.) [Restructured loans are not required to be included in
disclosure items (a) and (b) in years after the restructuring, if the restructured
loans interest rate was comparable to a rate that the creditor would have accepted
on other loans with similar risks and the restructured loan is not considered
impaired based on the new terms.] (FASB ASC 310-10-50-15; 310-40-50-2)
(formerly SFAS No. 114, para. 20; ASU 2010-20)
a. As of the date of each balance sheet presented:
(1) The recorded investment in impaired loans?
Disclosure Made?
Yes No N/A
(2) The recorded investment in impaired loans that have a related allowance
for credit losses?
(3) The recorded investment in impaired loans that do not have an
allowance for credit losses?
(4) The total allowance for credit losses on impaired loans?
(5) For years ending on or after December 15, 2011, the total unpaid
principal balance of the impaired loans?
b. For each period for which an income statement is presented:
(1) The average recorded investment in the impaired loans?
(2) The related amount of interest income recognized for the time that the
loans were impaired during the period?
(3) The amount of interest income recognized using a cash-basis method for
the time that the loans were impaired during the period, if practical?
(4) For years ending on or after December 15, 2011, the entitys policy for
determining which loans it assesses for impairment and the factors
considered in determining that the loan is impaired?
c. The entitys policy for recognizing interest income on impaired loans,
including how cash receipts are recorded?
8. If an entity recognizes the change in present value of impaired loans attributable to
the passage of time as interest income (versus including it in bad debt expense),
has the amount of interest income recognized been disclosed? (FASB ASC
9. For years ending on or after December 15, 2011, for each class of financing
receivable, is the following disclosed for impaired loans (individually evaluated for
impairment): (FASB ASC 310-10-50-14A)
a. The accounting for impaired loans?
b. The amount of impaired loans?
LIMITED LIABILITY COMPANIES OR PARTNERSHIPS (LLCs OR LLPS) j jj j
1. If members liability is limited, has that fact been disclosed? (FASB ASC
272-10-50-3) (formerly AcSEC PB 14, para. 15)
2. Have the different classes of members interests and the respective rights,
preferences, and privileges of each class been disclosed? (FASB ASC
272-10-50-3) (formerly AcSEC PB 14, para. 15)
3. Has the amount of each class of members equity been disclosed, either on the
face of the balance sheet or in the notes? (FASB ASC 272-10-50-3) (formerly
AcSEC PB 14, para. 15)
4. If the LLC or LLP has a finite life, has the date it will cease to exist been disclosed?
(FASB ASC 272-10-50-3) (formerly AcSEC PB 14, para. 15)
LONG-LIVED ASSET RETIREMENT OBLIGATIONS j jj j
1. Do disclosures include a general description of asset retirement obligations and
the related long-lived assets? (FASB ASC 410-20-50-1) (formerly SFAS No. 143,
Disclosure Made?
Yes No N/A
the related long-lived assets? (FASB ASC 410-20-50-1) (formerly SFAS No. 143,
para. 22)
2. Has the fair value of assets legally restricted for purposes of settling asset
retirement obligations been disclosed? (FASB ASC 410-20-50-1) (formerly SFAS
No. 143, para. 22)
3. If the fair value of the asset retirement obligation cannot be reasonably estimated,
has that fact and the reasons therefor been disclosed? (FASB ASC 410-20-50-2)
4. Do disclosures include a reconciliation of the beginning and ending aggregate
carrying amount of asset retirement obligations that shows separately significant
changes attributable to (a) liabilities incurred during the period, (b) liabilities settled
during the period, (c) accretion expense, and (d) revisions in estimated cash
flows? (FASB ASC 410-20-50-1) (formerly SFAS No. 143, para. 22)
LONG-TERM CONTRACTS j jj j
(This section need not be completed when preparing the financial statements of a
construction contractor or homebuilder. Instead, refer to the Supplemental Disclosure
Checklist for Construction Contractors and Homebuilders in PPCs Guide to
Construction Contractors.)
1. Have the unbilled costs and fees under cost-type contracts been shown separately
from billed accounts receivable? (FASB ASC 912-310-45-2) (formerly ARB No. 43,
ch. 11A, para. 21)
2. Have the advances offset against cost-type contract receivables been disclosed?
(FASB ASC 912-210-50-1) (formerly ARB No. 43, ch. 11A, para. 22)
3. Has the method used to account for long-term construction contracts been
disclosed? (FASB ASC 605-35-50-1) (formerly ARB No. 45, para. 15)
MANDATORILY REDEEMABLE STOCK AND OTHER FINANCIAL INSTRUMENTS
WITH CHARACTERISTICS OF LIABILITIES AND EQUITY j jj j
The following disclosures apply to mandatorily redeemable financial instruments,
obligations to repurchase the companys equity shares by transferring assets, and
certain obligations to issue a variable number of shares. The disclosures are effective
for nonpublic entities for (1) financial instruments that are not mandatorily redeemable
and (2) financial instruments that are mandatorily redeemable on a fixed date and for an
amount that is either fixed or determined by reference to an external index. For all other
nonpublic entity mandatorily redeemable financial instruments, the disclosures are
deferred indefinitely. (FASB ASC 480-10-65-1) (formerly FSP FAS 150-3)
1. Have the nature and terms of the financial instruments, including rights and
obligations and information about settlement alternatives and who controls them,
been disclosed? (FASB ASC 480-10-50-1) (formerly SFAS No. 150, para. 26)
2. Have the following been disclosed for each settlement alternative for the
outstanding financial instruments: (FASB ASC 480-10-50-2) (formerly SFAS No.
150, para. 27)
a. Amount that would be paid (or number of shares that would be issued and
their fair value) if settlement occurred at the financial statement date?
b. How changes in the equity shares fair value would affect settlement
amounts?
Disclosure Made?
Yes No N/A
amounts?
c. Maximum amount the company could be required to pay (or shares the
company could be required to issue) to redeem the instrument? (If the
contract does not limit the amount, that fact should be disclosed.)
d. For a forward contract or an option indexed to the companys equity shares,
the forward price or option strike price, the number of shares to which the
contract is indexed, and the settlement dates of the contract?
3. If the company has no equity instruments outstanding but has financial
instruments in the form of shares that are mandatorily redeemable financial
instruments classified as liabilities:
a. Are the instruments described in the balance sheet as Shares subject to
mandatory redemption? (FASB ASC 480-10-45-2) (formerly SFAS No. 150,
para. 19)
b. Are the components of the liability (e.g., par value, paid-in capital, retained
earnings, accumulated other comprehensive income, etc.) that would
otherwise be related to the shares disclosed? (FASB ASC 480-10-50-4)
NONMONETARY TRANSACTIONS j jj j
1. Are nonmonetary transactions disclosed adequately, including the nature of the
transactions, the basis of accounting, any related gains or losses, and gross
operating revenue recognized? (FASB ASC 845-10-50-1 and 50-2) (formerly APB
No. 29, para. 28 and EITF 00-8)
2. For nonmonetary exchanges of inventory within the same line of business
recognized at fair value, has disclosure been made of the associated revenue and
costs (or gains and losses)? (FASB ASC 845-10-50-3) (formerly EITF 04-13, para.
8)
PENSION AND POSTRETIREMENT BENEFIT PLANSDEFINED BENEFIT j jj j
(See Part I for defined contribution plans.)
Defined Benefit PlansGeneral j jj j
1. If a classified balance sheet is presented, has the excess of the actuarial present
value of benefits payable in the next 12 months (or longer operating cycle) over the
fair value of plan assets been classified as a current liability and has the asset for
an overfunded plan been classified as a noncurrent asset? (FASB ASC
715-20-45-3) (formerly SFAS No. 106, para. 44B)
The disclosures in Defined Benefit PlansGeneral, and in Plan Assets, may be
combined for all of the entitys defined benefit pension plans and for all of the entitys
defined benefit postretirement plans, or information about plans may be presented in
groups, whichever is more useful. Disclosures for plans outside the U.S. may be
combined with those for U.S. plans unless the benefit obligations of the plans outside
the U.S. are significant relative to the total benefit obligation and those plans use
significantly different assumptions. Disclosures about plans with assets in excess of the
accumulated benefit obligation generally may be combined with disclosures about
plans with accumulated benefit obligations in excess of assets. (FASB ASC
715-20-50-3) [formerly SFAS No. 132(R), paras. 6 and 7]
Disclosure Made?
Yes No N/A
2. Has the following information about the plan been disclosed for each income
statement or balance sheet presented, as applicable: (FASB ASC 715-20-50-5)
[formerly SFAS No. 132(R), para. 8]
a. The benefit obligation?
b. Fair value of plan assets?
c. Funded status of the plan?
d. Employer contributions?
e. Participant contributions?
f. Benefits paid?
g. The amounts recognized in the balance sheet, including separate disclosure
of postretirement benefit assets and current and noncurrent postretirement
benefit liabilities?
h. Accumulated benefit obligation for defined benefit pension plans?
i. Benefits expected to be paid in each of the next five fiscal years and in the
aggregate for the five fiscal years thereafter?
j. Contributions expected to be paid to the plan during the next fiscal year
beginning after the date of the latest balance sheet presented?
k. The net periodic benefit cost recognized?
l. Separately, the net gain or loss and net prior service cost or credit recognized
in other comprehensive income for the period?
m. Reclassification adjustments of other comprehensive income for the period
(including amortization of the net transition asset or obligation) recognized in
net periodic benefit cost?
n. Amounts in accumulated other comprehensive income that have not been
recognized in net periodic benefit cost, with separate disclosure of:
(1) Net gain or loss?
(2) Net prior service cost or credit?
(3) Net transition asset or obligation?
o. On a weighted-average basis, the following assumptions used in the
accounting for the plans, specifying in tabular format the assumptions used to
determine the benefit obligation and the assumptions used to determine net
benefit cost:
(1) Assumed discount rates?
(2) Rates of compensation increase (for pay-related plans)?
(3) Expected long-term rate of return on plan assets?
p. The assumed health care cost trend rate(s) for the next year used to measure
the expected cost of benefits covered by the plan (gross eligible charges) and
a general description of the direction and pattern of change in the assumed
trend rates thereafter, together with the ultimate trend rate(s) and when that
Disclosure Made?
Yes No N/A
rate is expected to be achieved?
q. If applicable, the amounts and types of securities of the employer and related
parties included in plan assets, the approximate amount of future annual
benefits of plan participants covered by insurance contracts issued by the
employer or related parties, and any significant transactions between the
employer or related parties and the plan during the period?
r. The nature and effect of significant nonroutine events, such as amendments,
combinations, divestitures, curtailments, and settlements?
s. Amounts in accumulated other comprehensive income expected to be
recognized in net periodic benefit cost over the fiscal year following the most
recent balance sheet presented, with separate disclosure of:
(1) Net gain or loss?
(2) Net prior service cost or credit?
(3) Net transition asset or obligation?
t. Amount and timing of any plan assets expected to be returned to the
employer during the 12-month period (or longer operating cycle) following the
most recent balance sheet presented?
u. If the beginning of year weighted-average expected long-term rate of return
on plan assets changes due to a subsequent interim measurement of both
plan assets and obligations, the beginning of year and most recent rate, or a
weighed combination of the two? (FASB ASC 715-20-50-8) (formerly
QA-SFAS No. 87, No. 79)
3. If disclosures about plans with assets in excess of the accumulated benefit
obligation have been combined with disclosures about plans with accumulated
benefit obligations in excess of assets, has the following been disclosed
separately: [FASB ASC 715-20-50-3] (formerly SFAS No. 132(R), para. 6)
a. The combined benefit obligation and combined fair value of plan assets for
plans with benefit obligations in excess of plan assets?
b. The combined accumulated benefit obligation and combined fair value of plan
assets for pension plans with accumulated benefit obligations in excess of
plan assets?
Plan Assets j jj j
4. Disclosures about postretirement benefit plan assets should describe (a) how
investment allocation decisions are made, including the factors important to
understanding investment policies and strategies, (b) classes of plan assets, (c)
inputs and valuation techniques used to measure the fair value, (d) effect of fair
value measurements using significant unobservable inputs (Level 3) on changes in
plan assets for the period, and (e) significant concentrations of risk within plan
assets. Disclosures should consider classes of plan assets based on the nature,
characteristics, and risks of the assets, and the level of the fair value hierarchy
within which the fair value measurement of the assets is categorized. Examples of
classes include cash and equivalents; equity securities (segregated by industry,
company size, or investment objective); debt securities (corporate and
government); asset-backed securities; structured debt; derivatives on a gross
basis (segregated by underlying risk); investment funds (separated by fund); and
Disclosure Made?
Yes No N/A
real estate. In meeting those objectives, has the following information about plan
assets been disclosed: (FASB ASC 715-20-50-5) [formerly SFAS No. 132(R), para.
8; ASU 2011-04]
a. A description of investment policies and strategies, including target allocation
percentages or ranges considering the classes of plan assets as of the latest
balance sheet presented (on a weighted-average basis for employers with
more than one plan) and other factors, such as investment goals, risk
management practices, permitted and prohibited investments, diversification,
and the relationship between plan assets and benefit obligations? (For
investment funds, significant investment strategies for those funds should be
disclosed.)
b. Fair value of each class of plan assets as of each date for which a balance
sheet is presented?
c. A description of how the overall expected long-term rate-of-return-on-assets
assumption was determined (for example, the general approach used, the
extent to which the assumption was based on historical returns, the extent to
which historical returns were adjusted to reflect expectations of future returns,
and how those adjustments were determined)?
d. For each annual period, the following information about the fair value
measurement of plan assets for each class of plan assets:
(1) The level of the fair value hierarchy within which the fair value
measurements are categorized in their entirety, segregating fair value
measurements using Level 1 inputs, Level 2 inputs, and Level 3 inputs?
(2) For measurements using significant Level 3 inputs, a reconciliation from
the opening to closing balances, separately disclosing changes
attributable to (i) actual return on plan assets (with separate identification
of amounts relating to assets still held and assets sold); (ii) purchases,
sales, and settlements (net); and (iii) transfers in or out of Level 3 (for
example, transfers due to changes in the observability of significant
inputs)?
(3) The valuation technique(s) and inputs used in measuring fair value and a
discussion of any changes in valuation techniques and inputs during the
period?
Multiemployer PlansYears Ending on or before December 15, 2012 j jj j
NOTE: The following disclosures are effective before the adoption of ASU 2011-09,
Disclosures about an Employers Participation in a Multiemployer Plan, which is effective
for fiscal years ending after December 15, 2012. However, early application is
permitted.
5. For multiemployer plans, have the following been disclosed: (FASB ASC
715-80-50-1 and 50-2) [formerly SFAS No. 132(R), paras. 12 and 13]
a. Amount of contributions to such plans during the period? (Total contributions
to multiemployer plans may be disclosed without separating the amounts
attributable to pensions and other postretirement benefits.)
b. A description of the nature and effect of any changes affecting comparability
(such as a change in the rate of employer contributions, a business
Disclosure Made?
Yes No N/A
combination, or a divestiture)?
c. If it is either probable or reasonably possible that (1) an employer would
withdraw from the plan giving rise to an obligation or (2) an employers
contribution would be increased during the remainder of the contract period
to make up a shortfall necessary to maintain the negotiated level of benefit
coverage, the contingency disclosures in Part I, CONTINGENCIES, RISKS,
AND UNCERTAINTIESContingencies?
Multiemployer Plans That Provide Pension BenefitsYears Ending after December
15, 2012 j jj j
NOTE: The following disclosures are effective for fiscal years ending after December 15,
2012. Early application is permitted. In the period of initial adoption, comparative
disclosures are required for any prior periods presented. Disclosures about the
employers contributions to the plan should include all items recognized as net pension
costs. In addition, disclosures based on the most recently available information should
be the most recently available through the date at which the employer has evaluated
subsequent events.
6. If it is either probable or reasonably possible that (a) an employer would withdraw
from the plan giving rise to an obligation or (b) an employers contribution would
be increased during the remainder of the contract period to make up a shortfall
necessary to maintain the negotiated level of benefit coverage, have the
contingency disclosures in Part I, CONTINGENCIES, RISKS, AND
UNCERTAINTIESContingencies, been made? (FASB ASC 715-80-50-2) [formerly
SFAS No. 132(R), para.13]
7. Has a narrative description that includes the following been disclosed: (FASB ASC
715-80-50-4)
a. The general nature of the multiemployer plans?
b. The general nature of the employers participation in the plans, indicating how
the risks of participating in them differ from single-employer plans?
8. For each individually significant multiemployer plan, have the following items been
disclosed, in a tabular format when feasible: (Information may be provided outside
the table if further description is necessary. When determining whether a plan is
significant, factors besides the amount of the employers contribution to the plan
may need to be considered, e.g., the severity of the underfunded status of the
plan.) (FASB ASC 715-80-50-5)
a. The legal name of the plan?
b. The plans Employer Identification Number?
c. The plan number, if available?
d. For each balance sheet presented, the most recent certified zone status
provided by the plan (as defined by the Pension Protection Act of 2006 or
subsequent amendments)? (The disclosure should indicate the plans
year-end to which the zone status relates and whether the plan has used any
extended amortization provisions affecting the zone status calculation.)
(1) If the certified zone status is unavailable, has disclosure been made of
total plan assets and accumulated benefit obligations and whether the
plan was (a) less than 65% funded, (b) 6580% funded, or (c) at least
Disclosure Made?
Yes No N/A
80% funded as of the most recent date available based on the financial
statements provided by the plan?
(2) If information about the funded status of the plan cannot be obtained to
comply with the previous requirement without undue cost and effort and
the employer elects to omit such disclosure, has a description of what
information has been omitted and why been provided? (Disclosure
should also include any qualitative information as of the most recent date
available that would help users understand the financial information that
otherwise is required to be disclosed about the plan.)
e. The expiration date(s) of any collective-bargaining agreement(s) that require
contributions to the plan? (If multiple agreements apply to the plan, a range of
expiration dates should be provided and supplemented with qualitative
information identifying the significant collective-bargaining agreements within
that range and other information to help investors understand the significance
of the agreements and their expiration date(s), for example, the portion of
employees each agreement covers or the portion of contributions each
agreement requires.)
f. For each period for which an income statement is presented
(1) The employers contribution to the plan?
(2) Whether the employers contributions are greater than 5% of total plan
contributions per the plans most recently available annual report (Form
5500) and the year-end date to which the annual report relates? (If this
information cannot be obtained without undue cost and effort, the
information may be omitted. However, the disclosures should describe
what information has been omitted and why. The disclosures should also
include any qualitative information as of the most recent date available
that would help users understand the financial information that otherwise
is required to be disclosed about the plan.)
g. As of the end of the most recent year presented
(1) Whether a funding improvement or rehabilitation plan (as defined by the
Employee Retirement Income Security Act of 1974) has been
implemented or was pending?
(2) Whether the employer paid a surcharge to the plan?
(3) A description of any minimum contribution(s) required in the future by
the collective-bargaining agreements, statutory requirements, or other
contractual requirements?
9. Do disclosures include a description of the nature and effect of significant
changes, if any, that affect comparability of total employer contributions from
period to period, such as (a) a business combination or divestiture, (b) a change in
the employers contractual contribution rate, or (c) a change in the number of
employees the plan covered each year? (FASB ASC 715-80-50-6)
10. If plan information is unavailable in the public domain (e.g., from Form 5500), has
the following additional information been disclosed for each significant plan: (The
disclosures should be provided in a separate section of the required tabular
disclosure about individually significant multiemployer plans.) (FASB ASC
715-80-50-7 and 50-8)
Disclosure Made?
Yes No N/A
a. A description of the nature of plan benefits?
b. A qualitative description of the extent to which the employer could be
responsible for the plans obligations, including benefits earned by employees
from employment with another employer?
c. Other quantitative information, if available and as of the most recent date
available, to help users understand the plans financial information (for
example, total plan assets, actuarial present value of accumulated plan
benefits, and total contributions received by the plan)? (If this information
cannot be obtained without undue cost and effort, the information may be
omitted. However, the disclosures should describe what information has been
omitted and why. The disclosures should also include any qualitative
information as of the most recent date available that would help users
understand the financial information that otherwise is required to be disclosed
about the plan.)
11. For each year for which an income statement is presented, are the following
disclosed in a tabular format: (FASB ASC 715-80-50-9)
a. The total contributions the employer made to all plans that are not individually
significant?
b. The total contributions the employer made to all plans?
Multiemployer Plans That Provide Postretirement Benefits Other Than
PensionsYears Ending after December 15, 2012 j jj j
NOTE: The following disclosures are effective for fiscal years ending after December 15,
2012. Early application is permitted. In the period of initial adoption, comparative
disclosures are required for any prior periods presented.
12. If it is either probable or reasonably possible that (a) an employer would withdraw
from the plan giving rise to an obligation or (b) an employers contribution would
be increased during the remainder of the contract period to make up a shortfall
necessary to maintain the negotiated level of benefit coverage, have the
contingency disclosures in Part I, CONTINGENCIES, RISKS, AND
UNCERTAINTIESContingencies, been made? (FASB ASC 715-80-50-2) [formerly
SFAS No. 132(R), para.13]
13. For multiemployer plans that provide postretirement benefits other than pensions,
have the following been disclosed: (FASB ASC 715-80-50-11)
a. The amount of contributions for each year for which an income statement is
presented?
b. A description of the nature and effect of any changes affecting comparability
of total employer contributions from period to period, such as (1) a business
combination or divestiture, (2) a change in the employers contractual
contribution rate, or (3) a change in the number of employees the plan
covered each year?
c. A description of the nature of the benefits and the types of employees
covered by the benefits (e.g., medical benefits provided to active employees
and retirees)?
Medicare Prescription Drug, Improvement, and Modernization Act j jj j
Disclosure Made?
Yes No N/A
14. If the entity sponsors a postretirement health care plan that provides prescription
drug benefits actuarially equivalent to Medicare Part D, has the gross amount of
benefit payments, including drug benefits, and gross subsidy receipts included in
items 2(f) and (i) been separately disclosed? (FASB ASC 715-60-50-4) (formerly
FSP FAS 106-2, para. 22)
15. For the first period in which the effects of the Medicare subsidy are included in
measuring the accumulated postretirement benefit obligation and net periodic
postretirement benefit cost, has disclosure been made of the following: (FASB ASC
715-60-50-3) (formerly FSP FAS 106-2, para. 21)
a. Reduction in the accumulated postretirement benefit obligation for the
subsidy related to benefits attributed to past service?
b. Effect of the subsidy on the measurement of net periodic postretirement
benefit cost for the current period?
c. An explanation of any significant change in the benefit obligation or plan
assets not otherwise apparent?
16. Until it is determined whether benefits provided by the plan are actuarially
equivalent to Medicare Part D, the following should be disclosed in all periods
presented: (FASB ASC 715-60-50-6) (FSP FAS 106-2, para. 20)
a. Existence of the Medicare Prescription Drug, Improvement, and
Modernization Act.
b. The fact that the accumulated postretirement benefit obligation or net periodic
postretirement benefit cost do not include amounts associated with the
subsidy because a conclusion has not been made whether the benefits
provided by the plan are actuarially equivalent to Medicare Part D.
POSTEMPLOYMENT BENEFITS j jj j
1. If the entity has not accrued postemployment benefits solely because the amount
cannot be reasonably estimated (such as salary continuation, supplemental
unemployment benefits, severance benefits, disability-related benefits, job training
and counseling, and continuation of health insurance coverage), has that been
QUASI-REORGANIZATION j jj j
1. Following a corporate readjustment (quasi-reorganization), has a retained earnings
account been established and dated to show that it runs from the time of the
readjustment? (This dating generally should not continue for more than 10 years
following the readjustment.) (FASB ASC 852-20-50-2) (formerly ARB No. 43, ch.
7A, para. 10, and ARB No. 46, para. 2)
REAL ESTATE ACTIVITIES j jj j
Real Estate ActivitiesGeneral j jj j
1. Have accounting policies for the following items relating to real estate development
and construction activities been disclosed: (FASB ASC 235-10-50-3) (formerly APB
No. 22, para. 12)
a. Capitalization of project costs (such as preacquisition, acquisition,
development, and construction costs)? (FASB ASC 970-340-25-3 through
Disclosure Made?
Yes No N/A
development, and construction costs)? (FASB ASC 970-340-25-3 through
25-12) (formerly SFAS No. 67, paras. 410)
b. Capitalization of interest costs? (FASB ASC 835-20-30-2 through 30-8;
835-20-25-3 through 25-7) (formerly SFAS No. 34, paras. 1220)
c. Capitalization of amenities costs? (FASB ASC 970-340-25-9 through 25-11)
(formerly SFAS No. 67, paras. 89)
d. Allocation of project costs? (FASB ASC 970-360-30-1) (formerly SFAS No. 67,
para. 11)
2. Have accounting policies relating to sales of real estate been disclosed? (FASB
ASC 235-10-50-3) (formerly APB No. 22, para. 12)
3. Have accounting policies relating to investments in real estate ventures been
disclosed? (FASB ASC 323-10-50-3) (formerly SOP 78-9, para. 12 and APB 18,
para. 20)
4. Has real estate held for production and real estate held for sale been disclosed
separately on the balance sheet or in the notes? (Accepted practice)
Real Estate Sales (Other than Retail Land Sales) j jj j
5. For sales accounted for by the installment method:
a. Is deferred gross profit on sale offset against the related receivable in the
balance sheet? (Accepted practice)
b. Is the following disclosed in the income statement or notes: (FASB ASC
(1) Sales value, cost of sales, and gross profit deferred for sales occurring
during the period?
(2) Revenue and cost of sales (or gross profit) recognized during the
period?
6. For sales accounted for by the cost recovery method: (FASB ASC 360-20-55-14)
a. Is deferred gross profit on sale offset against the related receivable in the
balance sheet?
b. Is the following disclosed in the income statement:
(1) Sales value, cost of sales, and gross profit deferred for sales occurring
during the period?
(2) Gross profit recognized during the period?
7. If the deposit method is used:
a. Have the related real estate and existing debt been identified as subject to a
sales contract? (FASB ASC 360-20-55-17) (formerly SFAS No. 66, para. 65)
b. Has nonrecourse debt assumed by the buyer been reported as a liability and
not offset against the related asset? (FASB ASC 360-20-55-20) (formerly SFAS
No. 66, para. 67)
Retail Land Sales j jj j
Disclosure Made?
Yes No N/A
8. Are the following items relating to receivables disclosed: (FASB ASC 976-310-50-1;
a. Maturities of receivables for each of the five years following the balance sheet
date?
b. Delinquent receivables and the method(s) for determining delinquency?
c. The weighted average and range of stated interest rates of receivables?
9. Has disclosure been made of estimated total costs and estimated dates of
expenditures for improvements for major areas from which sales are being made
for each of the five years after the balance sheet date? (FASB ASC 976-310-50-1;
10. Are recorded obligations for improvements disclosed? (FASB ASC 976-310-50-1;
Participating Mortgage Loan Borrowers j jj j
11. For participating mortgage loan borrowers, are the following items disclosed:
a. Description of the terms of the participation by the lender in the operations or
appreciation of the real estate project?
b. The following amounts at the balance sheet date:
(1) Total participating mortgage obligations?
(2) Total participation liabilities?
(3) Total debt discounts on the participating mortgages?
RESEARCH AND DEVELOPMENT j jj j
1. If the entity accounts for its obligations under a research and development
arrangement as a contract to perform research and development for others, have
the following been disclosed: (FASB ASC 730-20-50-1 through 50-3) (formerly
a. Terms of significant agreements under the research and development
arrangements as of each balance sheet date presented?
b. Amount of compensation earned and cost incurred for each period for which
an income statement is presented?
2. Is disclosure made of total research and development costs charged to expense in
each period presented including research and development costs incurred for
computer software costs to be sold, leased, or otherwise marketed? (FASB ASC
730-10-50-1; 985-20-50-2) (formerly SFAS No. 2, para. 13; SFAS No. 86, para. 12;
and FIN 4 and FIN 6)
RETAINED EARNINGS RESTRICTIONS j jj j
1. Are the following restrictions on retained earnings disclosed:
a. Restrictions as to dividend payments? (FASB ASC 440-10-50-1) (formerly
SFAS No. 5, paras. 1819)
Disclosure Made?
Yes No N/A
b. If state laws relating to acquisition of stock restrict the availability of retained
earnings for payment of dividends or have other effects of a significant nature,
have those facts been disclosed? (FASB ASC 505-30-50-2) (formerly ARB No.
43, ch. 18, para. 11A)
c. If a portion of retained earnings is appropriated for loss contingencies, is the
appropriation clearly shown as an appropriation of retained earnings within
the stockholders equity section of the balance sheet? (FASB ASC
REVENUE RECOGNITIONSPECIAL AREAS j jj j
Milestone Method Related to Research and Development j jj j
The disclosures in this section apply after the adoption of the guidance in FASB ASC
605-28, which was added by ASU 2010-17, Revenue RecognitionMilestone Method
(Topic 605): Milestone Method of Revenue Recognitiona consensus of the FASB
Emerging Issues Task Force. That guidance is effective on a prospective basis for
milestones achieved in fiscal years, and interim periods within those years, beginning
on or after June 15, 2010. However, an entity may elect to adopt the guidance on a
retrospective basis. Early application is permitted.
1. Has the accounting policy for the revenue recognition related to milestone
payments been disclosed? (FASB ASC 605-28-50-1)
2. Have the following disclosures been made for each arrangement that includes
milestone consideration recognized as revenue under the milestone method:
(FASB ASC 605-28-50-2)
a. A description of the overall arrangement?
b. A description of each milestone and related contingent consideration?
c. A determination of whether each milestone is considered substantive and the
factors considered in making that determination?
d. The amount of consideration recognized during the period for the
milestone(s)?
3. In the year of adoption, have the following disclosures been made for all previously
reported interim periods retrospectively adjusted: (FASB ASC 605-28-65-1)
a. Revenue?
b. Income before income taxes?
c. Net income?
d. The effect of the change for the captions presented?
4. In the year of adoption, if the milestone method is adopted prospectively, or if an
election has been made to adopt it retrospectively, have the disclosures in items
1(a)(c) in Part II, ACCOUNTING CHANGES AND CORRECTION OF AN ERROR
and items 8(b) and (c) in Part II, INTERIM FINANCIAL STATEMENTS, been made?
(FASB ASC 605-28-65-1)
Multiple-deliverable ArrangementsYears Beginning before June 15, 2010 j jj j
The disclosures in this section apply prior to adoption of ASU 2009-13,
Multiple-Deliverable Revenue Arrangements. That guidance is effective on a prospective
Disclosure Made?
Yes No N/A
Multiple-Deliverable Revenue Arrangements. That guidance is effective on a prospective
basis for revenue arrangements entered into or materially modified in years beginning
on or after June 15, 2010. However, an entity may elect to adopt the guidance on a
retroactive basis. Early adoption is permitted. (FASB ASC 605-25-65-1 provides special
application and disclosure guidance for early application in an interim reporting period
other than the first period of the year.)
5. Have the following been disclosed about the entitys revenue arrangements with
multiple deliverables: (FASB ASC 605-25-50-1) (formerly EITF 00-21)
a. Description and nature of such arrangements, including performance,
cancellation, termination, or refund provisions?
b. Accounting policy for recognizing revenue from multiple-deliverable
arrangements (e.g., whether deliverables are separable into units of
accounting)?
Multiple-deliverable ArrangementsYears Beginning on or after June 15, 2010 j jj j
The disclosures in this section apply after adoption of ASU 2009-13 in years beginning
on or after June 15, 2010. Early adoption is permitted. (FASB ASC 605-25-65-1 provides
special application and disclosure guidance for early application in an interim reporting
period other than the first period of the year.)
6. Have the following been disclosed by similar type of arrangement for revenue
arrangements with multiple deliverables (including applicable software
arrangements): (FASB ASC 605-25-50-2; 985-605-50-1)
a. Nature of multiple-deliverable arrangements?
b. Significant deliverables within the arrangements?
c. General timing of delivery or performance of service for the deliverables?
d. Performance, cancellation, termination, and refund-type provisions?
e. Discussion of significant factors, inputs, assumptions, and methods used to
determine selling price for significant deliverables (whether vendor-specific
objective evidence, third-party evidence, or estimated selling price)?
f. Whether significant deliverables qualify as separate units of accounting and, if
not, reasons why they do not qualify?
g. General timing of revenue recognition for significant units of accounting?
h. Separately, the effect of changes in either the selling price or the methods or
assumptions used to determine selling price for a specific unit of accounting if
the changes had a significant effect on the allocation of arrangement
consideration?
i. If the disclosures in items (a)(h) are not sufficient to provide qualitative and
quantitative information about a vendors revenue arrangements and the
significant judgments made when applying the accounting for multiple
deliverable arrangements, including changes in judgement or application
affecting the timing and amount of revenue recognition, has additional
disclosure been made, as necessary? (FASB ASC 605-25-50-1)
7. If ASU 2009-13 is applied prospectively, has disclosure been made in the year of
adoption that describes the effect of the change in accounting principle, including
Disclosure Made?
Yes No N/A
the following qualitative information by similar type of arrangement: (FASB ASC
605-25-65-1)
a. Description of any change in units of accounting?
b. Description of the change in how a vendor allocates the arrangement
consideration to various units of accounting?
c. Description of the changes in the pattern and timing of revenue recognition?
d. Whether a material effect is expected for future periods due to adoption of the
guidance?
e. If the effect is material, have the disclosures in items (a)(d) been
supplemented by sufficient quantitative information to enable financial
statement users to understand the effect of the change in accounting principle
(such as the amount of revenue that would have been recognized under prior
guidance)? (FASB ASC 605-25-65-1)
8. If retrospective application is elected, have the disclosures in items 1(a)(c) in Part
II, ACCOUNTING CHANGES AND CORRECTION OF AN ERROR and items 8(b)
and (c) in Part II, INTERIM FINANCIAL STATEMENTS been made? (FASB ASC
605-25-65-1)
STOCK-BASED COMPENSATION (INCLUDING COMPENSATION FOR
NONEMPLOYEE SERVICES) j jj j
Entities with one or more share-based payment or compensation arrangements should
disclose information that enables financial statement users to understand (1) the nature
and terms of arrangements that existed during the period and the potential effects of the
arrangements on shareholders, (2) the income statement effect of compensation cost
arising from the arrangements, (3) the method of estimating the fair value of goods and
services received or the fair value of the equity instruments granted or offered during
the period, and (4) the cash flow effects of the arrangements. (FASB ASC 718-10-50-1)
[formerly SFAS No. 123(R), para. 64] The following are minimum disclosure
requirements. The entity may need to disclose additional information to meet the
disclosure objectives.
1. Have the following been disclosed about the entitys share-based payment or
compensation arrangements (separately for each type of award to the extent
separate disclosure would be useful): (FASB ASC 718-10-50-2) [formerly SFAS No.
123(R), para. A240]
a. Description of the arrangement, including the general terms of the awards,
such as the required service period and other substantive conditions
(including those related to vesting), the maximum contractual term of share
options, and the number of shares authorized for awards?
b. Method used to measure compensation cost from share-based payment
arrangements with employees?
c. For the most recent year for which an income statement is presented:
(1) Number and weighted-average exercise prices for share options (or
share units) outstanding at the beginning of the year, outstanding at the
end of the year, exercisable or convertible at the end of the year, and
granted, exercised or converted, forfeited, or expired during the year?
Disclosure Made?
Yes No N/A
(2) Number and weighted-average grant-date fair value (or calculated or
intrinsic value for awards measured under those methods) of equity
instruments nonvested at the beginning of the year, nonvested at the end
of the year, and granted, vested, or forfeited during the year?
d. For each year for which an income statement is presented:
(1) Weighted-average grant-date fair value (or calculated or intrinsic value
for awards measured under those methods) of equity options or other
equity instruments granted during the year?
(2) Total intrinsic value of options exercised or converted, share-based
liabilities paid, and total fair value of shares vested during the year?
e. For fully vested share options and share options expected to vest at the date
of the latest balance sheet:
(1) Number, weighted-average exercise price, and weighted-average
remaining contractual term of options outstanding?
(2) Number, weighted-average exercise price, and weighted-average
remaining contractual term of options currently exercisable?
f. If the intrinsic value method is not used, for each year for which an income
statement is presented:
(1) Description of the method used during the year to estimate fair value (or
calculated value)?
(2) Description of the significant assumptions used during the year to
estimate fair value (or calculated value), including (i) the expected term
of share options, including the method used to incorporate the
contractual term and employees expected exercise and post-vesting
employment termination behavior into the fair value, (ii) expected
volatility of the entitys shares and the method used to estimate it (if the
calculated value method is used, disclose the reasons why it is not
practicable to estimate expected volatility, the appropriate industry sector
index and reasons for selecting it, and how historical volatility was
calculated using the index), (iii) expected dividends, (iv) risk-free rates,
and (v) discount for post-vesting restrictions and the method for
estimating it?
2. Have the following been disclosed about the entitys total share-based payment or
compensation arrangements: (FASB ASC 718-10-50-2) [formerly SFAS No. 123(R),
para. A240]
a. For each year for which an income statement is presented:
(1) Total compensation cost for share-based payment arrangements (i)
recognized in income as well as the total recognized related tax benefit
and (ii) capitalized as part of the cost of an asset?
(2) Description of significant modifications, including the terms of the
modifications, number of employees affected, and total incremental
compensation cost resulting from the modifications?
b. As of the latest balance sheet date presented, total compensation cost related
to nonvested awards not yet recognized and the weighted-average period
Disclosure Made?
Yes No N/A
over which it is expected to be recognized?
c. Amount of cash received from exercise of share options and similar
instruments granted under share-based payment arrangements and the tax
benefit realized from stock options exercised during the period?
d. Amount of cash used to settle equity instruments granted under share-based
payment arrangements?
e. Description of the entitys policy for issuing shares upon exercise or
conversion of options, including the source of the shares and, if the entity
expects to repurchase shares in the following annual period, an estimate of
the amount of shares to be repurchased during that period?
3. For entities that continue to account for stock-based awards under APB No. 25, if a
material income tax benefit realized from the exercise of employee stock options is
credited to equity but not presented as a separate line item in the statement of
cash flows or in the statement of changes in stockholders equity, has the amount
of that benefit been disclosed? (Grandfathered) (formerly EITF 00-15)
4. Has any change in the accounting policy for income tax benefits of dividends on
share-based payment awards been disclosed when adopting the requirement to
treat such benefits as an increase in additional paid-in capital? (FASB ASC
718-740-50-1) (formerly EITF 06-11)
TERMINATION CLAIMS RECEIVABLE j jj j
1. If the total of the undeterminable parts of a termination claim is believed to be
material, have the essential facts been disclosed? (FASB ASC 912-275-50-3)
(formerly ARB No. 43, ch. 11C, para. 19)
2. Have material termination claims been separately disclosed in the balance sheet?
(FASB ASC 912-310-45-6) (formerly ARB No. 43, ch. 11C, para. 21)
3. Has disclosure been made of the relationship between advances or other loans
received on terminated contracts and the potential termination claim receivable?
(FASB ASC 912-310-45-4 through 45-7) (formerly ARB No. 43, ch. 11C, para. 22)
4. If the amount of termination sales is material, has it been separately disclosed in
the income statement? (FASB ASC 912-225-45-4) (formerly ARB No. 43, ch. 11C,
para. 23)
TRANSFERS OF FINANCIAL ASSETS j jj j
Disclosures about transfers of financial assets may be reported in the aggregate for
similar transfers if separate reporting would not provide more useful information.
[NOTE: This section does not provide disclosures for servicing assets and liabilities.
See FASB ASC 860 (formerly SFAS No. 140, Accounting for Transfers of Financial
Assets and SFAS No. 166, Accounting for Transfers of Financial Assetsan amendment
of FASB Statement No. 140) for those disclosure requirements.]
1. If the entity enters into repurchase agreements or securities lending transactions,
has its policy for requiring collateral or other security been disclosed? (FASB ASC
860-30-50-1A) (formerly SFAS No. 140, para. 17)
2. If the entity has assets pledged as collateral, have the disclosures in Question Nos.
3 and 4 in Part I, NOTES PAYABLE, LONG-TERM DEBT, AND OTHER
Disclosure Made?
Yes No N/A
OBLIGATIONS, been made?
3. Has the following been disclosed about financial assets the entity has accepted as
collateral and is permitted to sell or repledge: (FASB ASC 860-30-50-1A) (formerly
a. The collaterals fair value as of the date of each balance sheet presented?
b. The fair value, as of the date of each balance sheet presented, of the portion
of the collateral that has been sold or repledged?
c. Information about the sources and uses of the collateral?
4. Do the financial statements of the transferor: (FASB ASC 860-10-50-4A) (formerly
SFAS No. 140, para. 16B)
a. Disclose how similar transfers are aggregated, if applicable?
b. Distinguish transfers that are accounted for as sales from those that are
accounted for as secured borrowings?
5. For transfers accounted for as sales when the transferor has continuing
involvement with the transferred financial assets, have the following been disclosed
for each income statement presented: (FASB ASC 860-20-50-2 and 50-3) (formerly
a. Characteristics of the transfer (including a description of the transferors
continuing involvement with the transferred financial assets, the nature and
initial fair value of the assets obtained as proceeds and liabilities incurred in
the transfer, and the gain or loss from the sale of transferred financial assets)?
b. For initial fair value measurements of assets obtained and liabilities incurred in
the transfer:
(1) The level within the fair value hierarchy in which the fair value
measurements fall, segregating fair value measurements using Level 1
inputs, Level 2 inputs, and Level 3 inputs?
(2) Key inputs and assumptions used in measuring the fair value of assets
obtained and liabilities incurred as a result of the sale that relate to the
transferors continuing involvement (including, where applicable,
quantitative information about discount rates, expected prepayments
including the expected weighted-average life of prepayable financial
assets, and anticipated credit losses, including expected static pool
losses)?
(3) Valuation technique(s) used to measure fair value?
c. Cash flows between a transferor and transferee (including proceeds from new
transfers, proceeds from collections reinvested in revolving-period transfers,
purchases of previously transferred financial assets, servicing fees, and cash
flows received from a transferors beneficial interests)?
6. For transfers accounted for as sales when the transferor has continuing
involvement with the transferred financial assets, have the following been disclosed
for each balance sheet presented, regardless of when the transfer occurred: (FASB
ASC 860-20-50-2 and 50-4) (formerly SFAS No. 140, para. 17)
a. Qualitative and quantitative information about the transferors continuing
involvement with transferred financial assets that provides sufficient
Disclosure Made?
Yes No N/A
involvement with transferred financial assets that provides sufficient
information about the reasons for the continuing involvement, the continuing
risks related to the transferred financial assets, and the extent to which the
transferors risk profile has changed as a result of the transfer (including credit
risk, interest rate risk, and other risks), including:
(1) Total principal amount outstanding, the amount that has been
derecognized, and the amount that continues to be recognized in the
balance sheet?
(2) Terms of arrangements that could require the transferor to provide
financial support to the transferee or its beneficial interest holders,
including events or circumstances that could expose the transferor to
loss and the amount of the maximum exposure to loss?
(3) Whether the transferor has provided financial or other support to the
transferee or its beneficial interest holders during the periods presented
that was not previously contractually required, or assisted the transferee
or its beneficial interest holders in obtaining support, including the type,
amount, and reasons for providing the support?
(4) Information about any liquidity arrangements, guarantees, or other
commitments provided by third parties related to the transferred financial
assets that may affect the transferors exposure to loss or risk of the
transferors interest? (NOTE: This disclosure is encouraged but not
required.)
b. Accounting policies for subsequently measuring assets or liabilities that relate
to the continuing involvement with the transferred financial assets?
c. Key inputs and assumptions used in measuring the fair value of assets or
liabilities related to the transferors continuing involvement (including, where
applicable, quantitative information about discount rates, expected
prepayments including the expected weighted-average life of prepayable
financial assets, and anticipated credit losses, including expected static pool
losses)?
d. For interests in the transferred financial assets, a sensitivity analysis or stress
test showing the hypothetical effect on the fair value of those interests of two
or more unfavorable variations from the expected levels for each key
assumption reported in item (c) independent from changes in other key
assumptions, and a description of the objectives, methodology, and
limitations of the sensitivity analysis or stress test?
e. Information about the asset quality of transferred financial assets and any
other assets managed together with them, separated between assets that
have been derecognized and assets that continue to be recognized in the
balance sheet (for example, information on receivables would include
delinquencies at the end of the period and credit losses, net of recoveries,
during the period)?
7. If disclosures about transfers of financial assets are not sufficient for financial
statement users to understand (a) a transferors continuing involvement, if any,
with transferred financial assets, (b) the nature of any restrictions on assets that
relate to a transferred financial asset and the carrying amounts of those assets,
and (c) for transfers accounted for as sales when the transferor has continuing
Disclosure Made?
Yes No N/A
involvement with the transferred financial assets and for transfers of financial
assets accounted for as secured borrowings, how the transfer affects financial
position, financial performance, and cash flows, has additional disclosure been
made as necessary? Disclosures should be presented in a manner that clearly
explains the transferors risk exposure related to transferred assets and any
restrictions on its assets. (FASB ASC 860-10-50-3, 50-4, and 50-6) (formerly SFAS
No. 140, para. 16A)
TROUBLED DEBT RESTRUCTURINGSCREDITORS j jj j
1. Has the amount of any commitments to lend additional funds to debtors owing
receivables whose terms have been modified in troubled debt restructurings been
disclosed? (FASB ASC 310-40-50-1) (formerly SFAS No. 15, para. 40b)
2. For periods ending after December 15, 2012, for each period for which an income
statement is presented, is the following disclosed about troubled debt
restructurings of financing receivables: (This disclosure applies only to a creditors
troubled debt restructurings of financing receivables. For purposes of this
disclosure, a creditors modification of a lease receivable that meets the definition
of a troubled debt restructuring is subject to this disclosure guidance. This
disclosure does not apply to receivables measured at fair value with changes in fair
value reported in earnings; receivables measured at lower of cost or fair value;
trade accounts receivable, except for credit card receivables, that have a
contractual maturity of one year or less and arose from the sale of goods or
services; or loans acquired with deteriorated credit quality that are accounted for
within a pool.) (FASB ASC 310-10-50-31 through 50-34)
a. For restructurings that occurred during the period
(1) By class of financing receivable, qualitative and quantitative information
about how the financing receivables were modified and the financial
effects of the modifications?
(2) By portfolio segment, qualitative information about how such
modifications are factored into the determination of the allowance for
credit losses?
b. For financing receivables modified as troubled debt restructurings within the
previous 12 months and for which there was a payment default during the
period
(1) By class of financing receivable, qualitative and quantitative information
about those defaulted financing receivables, including the types of
financing receivables that defaulted and the amount of financing
receivables that defaulted?
(2) By portfolio segment, qualitative information about how such defaults are
factored into the determination of the allowance for credit losses?
3. Have the appropriate disclosures for impaired loans been made? (See LENDING
ACTIVITIES AND LOAN PURCHASESImpaired Loans.)
TROUBLED DEBT RESTRUCTURINGSDEBTORS j jj j
1. When troubled debt restructurings have occurred during a period for which
financial statements are presented, have the following disclosures been made:
Disclosure Made?
Yes No N/A
a. A description of the principal changes in terms, the major features of
settlement, or both, for each restructuring? (Separate restructurings within a
fiscal period for the same categories of payable may be grouped.)
b. The aggregate gain on restructuring of payables?
c. The aggregate gain or loss on transfers of assets recognized during the
period?
2. Have the following been disclosed for periods after a troubled debt restructuring
has occurred: (FASB ASC 470-60-50-2) (formerly SFAS No. 15, para. 26)
a. The extent to which amounts contingently payable are included in the
carrying amount of restructured payables?
b. Total amounts that are contingently payable on restructured payables and the
conditions under which those amounts would become payable or would be
forgiven when there is at least a reasonable possibility that a liability for
contingent payments will be incurred?
UNCONDITIONAL PURCHASE OBLIGATIONS j jj j
1. For unconditional purchase obligations that are not recorded on the purchasers
balance sheet, is the following information disclosed: (FASB ASC 440-10-50-4)
a. Nature and term of the obligation(s)?
b. Amount of the fixed and determinable portion of the obligation(s) as of the
latest balance sheet presented and, if determinable, for each of the five
succeeding fiscal years?
c. Nature of any variable components of the obligation(s)?
d. Amounts purchased under the obligation(s) for each period for which an
income statement is presented?
2. For unconditional purchase obligations that are recorded on the purchasers
balance sheet, have the aggregate amount of payments for unconditional
purchase obligations been disclosed for each of the five years following the date of
the latest balance sheet presented? (FASB ASC 440-10-50-6) (formerly SFAS No.
47, para. 10)
ASB-CX-14: Supervision, Review, and Approval Form
Instructions: This form lists review procedures that are generally performed prior to the dating and issuance
of reports and other communications. It is intended to assist in performing and documenting the review. The
auditors report on the financial statements should not be dated earlier than the date on which sufficient audit
evidence has been obtained to support the auditors opinion. Sufficient audit evidence includes evidence that
the audit documentation has been reviewed. See section 1811 for a discussion. The first three sections of this
form, the Detailed Review, Engagement Partner Review, and the Engagement Quality Control Review, if
applicable, should be completed on or before the date of the auditors report. The remaining sections should
be completed prior to the issuance of the related report or communication. The workpapers should indicate
who reviewed specific audit documentation and the date of the review. That can be done by initialing and
dating each workpaper reviewed. Alternatively, this form can be used to indicate which elements of the
workpapers were reviewed and when. Where necessary, use the Comments/Date column or a memorandum
to further specify the workpapers reviewed. Any item answered No should be explained in the
Comments/Date column or in an attached memorandum. File this form in the General File.
Yes No N/A
Comments/D
ate
Detailed Review
(To be performed by the staff in charge of fieldwork)
1. I have reviewed all workpapers prepared by the personnel in my
charge on this engagement.
2. All workpapers indicate the individuals who performed the work,
when the work was completed, the person who reviewed the work,
and the date of the review. Based on my review, I am satisfied that
the workpapers provide a clear understanding of the work
performed, the audit evidence obtained and its source, and the
3. I have reviewed the permanent file and general file, and all relevant
information has been incorporated or cross-referenced.
4. I have compared the work performed as evidenced by our
workpapers with the procedures called for by the audit programs and
find that our audit complies with the requirements of the programs
and the objectives of the programs have been achieved.
5. I have compared the workpapers with the general ledger trial balance
and find that satisfactory audit recognition has been given to all
asset, liability, equity, income, and expense accounts. I have
compared the accounts in the general ledger trial balance with their
summarizations, classifications, descriptions, and disclosures in the
6. I have determined that all required checklists and audit programs
have been completed. All questions, exceptions, or notes, if any,
posed during the audit have been followed up and resolved, and
review notes and to do lists have been handled in accordance with
firm policy.
Yes No N/A
Comments/D
ate
7. Based on my review, I am satisfied that the workpapers meet
professional requirements for audit documentation and any
significant audit findings or issues are adequately addressed and
documented.
8. I have reviewed the completed audit programs and am satisfied that
the audit evidence obtained, as evidenced by the workpapers
reviewed by me, is sufficient and appropriate to support the auditors
report, and our audit was conducted in accordance with generally
accepted auditing standards, applicable regulatory and legal
requirements, and the firms quality control policies and procedures.
9. I have obtained a review of the tax accrual and provision by the tax
department and included their approval in the workpapers. (Optional
step.)
10. I have considered qualitative factors and reviewed the summary of
unadjusted audit differences and am satisfied that uncorrected audit
differences, individually and in the aggregate, do not cause the
financial statements taken as a whole to be materially misstated.
11. I have reviewed the financial statements and am satisfied that they
meet accepted standards of presentation and disclosure and are
clear and understandable. A financial statement disclosure checklist
has been completed.
12. I have reviewed the legal representation and management
representation letters for consideration of all important matters.
13. I have reviewed the auditors report and am satisfied it is appropriate
in the circumstances and properly expresses our opinion in
accordance with generally accepted auditing standards.
Completed by: Date:
Yes No N/A
Comments/D
ate
Engagement Partner Review
(To be performed by the engagement partner. Omit all except the last four
items if the detailed review was performed by a Partner.)
1. I have reviewed the planning documents and am satisfied with the
conclusions reached related to the risk assessment and
scope-setting process and that the audit programs have been
appropriately tailored to respond to the risk assessment.
2. I have reviewed workpapers that were not reviewed as a part of the
detailed review. I have also reviewed sufficient additional workpapers
to be satisfied with the adequacy of our audit and with the detailed
review. The audit documentation evidences which elements of the
audit work I reviewed and when my review occurred.
Yes No N/A
Comments/D
ate
3. I have reviewed the completed audit programs and am satisfied that
the audit evidence obtained, as evidenced by the workpapers
reviewed by me, is sufficient and appropriate to support the auditors
report, and our audit was conducted in accordance with generally
accepted auditing standards, applicable regulatory and legal
requirements, and the firms quality control policies and procedures.
4. I have considered qualitative factors and reviewed the summary of
unadjusted audit differences and am satisfied that uncorrected audit
differences, individually and in the aggregate, do not cause the
financial statements taken as a whole to be materially misstated.
5. I have reviewed the financial statements and am satisfied that they
meet accepted standards of presentation and disclosure and are
clear and understandable.
6. I have reviewed the legal representation and management
representation letters for consideration of all important matters.
7. I have reviewed the auditors report and am satisfied it is appropriate
in the circumstances and properly expresses our opinion in
accordance with generally accepted auditing standards.
8. I have reviewed documentation relating to any significant audit
findings or issues, significant consultations, unusual technical issues,
and resolution of significant disagreements on technical issues within
the audit engagement team, with those consulted, or between myself
and the engagement quality control reviewer, if any. I am satisfied
that consultation has occurred in all areas required by firm policy and
any other areas deemed necessary, the nature and scope of
consultations have been documented, and the resulting conclusions
have been documented and implemented. In addition, I am satisfied
that any differences of opinion were properly resolved and
documented, the documentation addresses the considerations
involved in the resolution, and the final resolution was implemented.
ASB-CX-16.4 can be used to document significant audit findings or
issues, disagreements, or consultations.
9. I have communicated to the engagement team the importance of
exercising professional skepticism. I have ascertained that there has
been appropriate communication among the engagement team
throughout the audit regarding information or conditions that indicate
10. I acknowledge my responsibility for the overall quality of the audit in
accordance with professional standards, applicable legal and
regulatory requirements, and the firms policies and procedures, and
I have fulfilled my responsibility.
11. I approve issuance of our report on the financial statements.
Engagement Partners Signature: Date:
Yes No N/A
Comments/D
ate
Engagement Quality Control Review (EQCR)
This section is required only at the engagement partners option or if the
firms quality control policies and procedures require it. (AICPA Quality
Control Standards require that criteria be established against which all
engagements are evaluated to determine whether an engagement quality
control review should be performed.)
1. The preceding review sections of this form have been completed to
my satisfaction.
2. I possess the technical qualifications and objectivity to perform the
EQCR, and I am independent with regard to the engagement under
review.
3. I have reviewed selected engagement documentation related to the
significant judgments the engagement team made and the
conclusions they reached and discussed significant findings and
issues with the engagement partner.
4. I have evaluated the significant judgments made by the engagement
team and the conclusions reached in formulating the report. I am not
aware of any unresolved matters (including differences of opinion
between myself and the engagement partner) that would cause me
to believe that the significant judgments the engagement team made
and the conclusions they reached were not appropriate.
5. I have read the financial statements and the auditors report thereon
and believe it is appropriate.
6. I have completed this review in accordance with firm policy and
before the report is released.
7. I approve issuance of the report on the financial statements.
Completed by: Date:
Yes No N/A
Comments/D
ate
Partner Signing Auditors Report(s)
1. The preceding review sections of this Supervision, Review, and
Approval Form have been completed.
2. I have signed the auditors report(s) on the financial statements.
Date of Auditors Report:
Report Distribution:
Report Distribution:
Report Title No. of Copies Sent to Date Sent

Completed by: Date:
Other Reports and Communications
1. I have reviewed all other reports or communications, if any, required in conjunction with this audit (for example,
communication of internal control related matters or other audit related matters to management and those charged with
governance) and am satisfied that they meet acceptable reporting standards.
Detailed
Reviewers Signature: Date:
Partners Signature: Date:
Independent
Reviewer Signature (if required by firm policy): Date:
2. The preceding step has been completed, and I have signed the following report(s):
Report Title No. of Copies Sent to Date Sent

Signature of Partner
Signing the Report: Date:
ASB-CX-15: Evaluating Internal Control Deficiencies
ASB-CX-15.1: Control Deficiency Evaluation Worksheet
Instructions
In addition to evaluating the severity of individual control deficiencies identified during the audit, AU-C 265.09 states that the
auditor should evaluate whether deficiencies are considered to be material weaknesses or significant deficiencies when
combined with other deficiencies affecting the same account balance or disclosure, relevant assertion, or component of
internal control. AU-C 265.09 states that the auditor should communicate material weaknesses and significant deficiencies to
management and those charged with governance.) Thus, this form is designed to help summarize and evaluate whether
control deficiencies, individually or in combination, constitute significant deficiencies or material weaknesses required to be
communicated. Complete this form by listing all control deficiencies identified during the audit, including unremediated
deficiencies from prior periods.
The purpose of the form is not to force a sequential process when evaluating the severity of a control deficiency. Rather, it is
to provide a process that might be helpful when performing the evaluation required by AU-C 265.09. You should be familiar
with the guidance in Section 1814 before completing this form.
To determine how to classify a control deficiency, complete the form as follows for each control deficiency:
COLUMN INSTRUCTIONS
Column 1Inventory of
Control Deficiencies
In the appropriate spaces, reference the workpaper on which the control
deficiency was originally identified (or indicate that the deficiency was identified in
a prior period), assign a number to the control deficiency, and record a brief
description of the control deficiency.
Column 2Significant
Account or Disclosure
List the significant account(s) or disclosure(s) to which the control deficiency
relates.
Column 3Internal Control
Component
List the internal control component(s) to which the control deficiency relates.
Column 4Relevant
Financial Statement
Assertion(s)
List the relevant financial statement assertion(s) to which the control deficiency
relates.
Column 5Is the
Magnitude of the
Misstatement or Potential
Misstatement Material?
Magnitude refers to the extent of the misstatement or potential misstatement.
Determining the magnitude of a potential misstatement, which involves the
consideration of both quantitative and qualitative factors, is discussed further
beginning at paragraph 1814.18. In addition, consider whether the deficiency is
an indicator of a material weakness as discussed in paragraph 1814.15. If, using
professional judgment, you conclude that the magnitude of a potential
misstatement that would not be prevented or detected and corrected, because of
the deficiency is material, place a checkmark in this column.
Column 6Is the
Probability of Occurrence
at Least Reasonably
Possible
A reasonable possibility exists when the chance of the future event or events
occurring is more than remote. Considering whether there is at least a
reasonable possibility that a misstatement could occur is discussed further
beginning at paragraph 1814.26. If, using professional judgment, you conclude
that it is at least reasonably possible that a misstatement could occur because of
a control deficiency, place a checkmark in this column.
Column 7Conclusion Use all of the information accumulated previously to evaluate whether the
deficiency is a material weakness, significant deficiency, or control deficiency.
Once individual deficiencies have been evaluated and classified, consider and
evaluate them in combination with other deficiencies affecting the same account
balance or disclosure, relevant assertion, or component of internal control to
determine whether they constitute significant deficiency or material weakness.
Consider whether deficiencies judged individually to be significant deficiencies
COLUMN INSTRUCTIONS
are material weaknesses when combined with other deficiencies, or whether
deficiencies judged individually to be control deficiencies are significant
deficiencies when combined with other deficiencies. Combining control
deficiencies is discussed beginning at paragraph 1814.28.
When evaluating the severity of identified control deficiencies, consider the
definitions of a material weakness, significant deficiency, and control deficiency
in paragraph 1814.3. As discussed in section 1814, the auditor should
communicate in writing to management and those charged with governance
significant deficiencies and material weaknesses identified during the audit. In
addition, as discussed beginning at paragraph 1814.65, the auditor should also
communicate to management, in writing or orally, other deficiencies in internal
control that, in the auditors professional judgment, are of sufficient importance to
merit managements attention and have not already been communicated to
management by other parties.
Column 8W/P Ref. Indicate the workpaper reference to the specific Control Deficiency Comment
and Management Point Development Worksheet (see ASB-CX-15.2) completed
for the deficiency.
Control Deficiency Evaluation Worksheet
Completed by: Date:
1. Complete the following table:
Column 1 Column 2 Column 3 Column 4 Column 5 Column 6 Column 7 Column 10
Inventory of Control Deficiencies
Significant
A/C or
Disclosure
Internal
Control
Component
Relevant
F/S
Assertion(s)
Is the
Magnitude of
the Potential
Misstatement
Material?
Is the
Probability of
Occurrence at
Least
Reasonably
Possible?
Conclusion:
1(137)
Material Weakness Significant Deficiency
Control
Deficie
ncy W/P Ref.
W/P
Ref. No. Description of Control Deficiency Alone?
In
Combination? Alone?
In
Combination?
Comments:

ASB-CX-15.2: Control Deficiency Comment and Management Point Development Worksheet
Point No.
Entity:
Balance Sheet Date: Workpaper Reference:
Completed by: Date:
Instructions: This worksheet may be used to capture relevant information relating to control deficiencies,
including those at ASB-CX-15.1. As discussed in paragraph 1814.1, AU-C 265.09 states that the auditor should
communicate to management and those charged with governance of significant deficiencies and material
weaknesses noted during the audit. (See paragraph 1814.3 for definitions of control deficiency, significant
deficiency, and material weakness.) In addition, as discussed beginning at paragraph 1814.65, AU-C
265.12(b) states that the auditor should communicate to management, in writing or orally, other deficiencies in
internal control identified during the audit (that is, those considered control deficiencies on this form) that, in
the auditoris professional judgment, are of sufficient importance to merit managementis attention and have not
already been communicated to management by other parties. This worksheet may also be used to capture
relevant information relating to (1) other, less severe control deficiencies that you wish to communicate, (2)
matters that you and the client have agreed will be communicated, and (3) matters you believe to be of
potential benefit to the entity, such as recommendations for operational or administrative efficiency or for
improving internal control (sometimes referred to as management points).
The worksheet includes spaces for you to indicate the specific condition noted, as well as the cause of the
condition, the potential effect of the condition, your recommendation to correct the condition, the clients
response, and other information (such as mitigating factors). Based on your decisions about the level of detail
to include about each control deficiency to be communicated, you may complete all or only some of these
sections for each control deficiency identified in ASB-CX-15.1. You also may complete some or all of the
sections for each management point to be communicated to the client.
1. Document the following:
a. CONDITION:

b. CAUSE OF CONDITION:

c. POTENTIAL EFFECT OF CONDITION:

d. RECOMMENDATION:


e. CLIENT RESPONSE (indicate name and title of person discussed with and date):

f. OTHER INFORMATION:

g. EVALUATION AS TO TYPE OF POINT:
a
Significant Deficiency Control Deficiency
Material Weakness Other Matter
Point approved for communication: Yes: No (indicate why not):

By: Date:
a
AU-C 265.09 requires the auditor to evaluate control deficiencies individually and in combination with other deficiencies
affecting the same account balance or disclosure or relevant assertion, or component of internal control to determine
whether the control deficiencies collectively result in a significant deficiency or material weakness.
ASB-CX-16: Other Checklists for Concluding the Audit
ASB-CX-16.1: Going-concern Checklist
Completed by: Date:
Instructions
Complete this checklist if you indicated at Step 10 of the general auditing and completion procedures program at ASB-AP-2
or ASB-AP-2-S that you have identified conditions and events that, when considered in the aggregate, indicate there could be
a substantial doubt about the entitys ability to continue as a going concern. (See section 1807.) Definitions relevant to this
checklist include the following:
Ability to Continue as a Going Concern. Generally, information that contradicts the going concern assumption relates to
the entitys inability to continue to meet its obligations as they become due without substantial disposition of assets
outside the ordinary course of business, restructuring of debt, externally forced revisions of its operations, or similar
actions.
Reasonable Period of Time. A period not to exceed one year beyond the date of the financial statements being audited
(normally, the balance sheet date). (See discussion about proposed changes to the accounting standards on going
concern at paragraph 1807.16.)
Conditions and Events. Conditions or events that, when considered in the aggregate, indicate there could be substantial
doubt about the entitys ability to continue as a going concern for a reasonable period of time. See examples at
paragraph 1807.8.
Note: Paragraphs beginning at 1807.2 discuss an exposure draft of a proposed SAS that would supersede the guidance on
going concern at AU 341 and AU-C 570. The exposure draft includes some changes from existing requirements, including a
requirement for a written representation. As proposed, the guidance would be effective concurrent with the clarity standards
(periods ending on or after December 15, 2012). Auditors should be alert for the issuance of a final standard. Future editions
of this Guide will update the status of this proposed guidance.
1. Describe the conditions and events (identified by customary audit procedures performed to achieve other audit
objectives) that, in the aggregate, cause you to believe there is substantial doubt about the ability of the entity to continue
as a going concern for a reasonable period of time.

Yes No Description
2. Identify managements plans for dealing with the adverse effects of the
conditions or events described in question 1 (describe plans identified):
e. Existing or committed arrangements to reduce current dividend
requirements or to accelerate cash distributions from affiliates or other
investors.
Yes No Description
f. Other (describe).
3. Consider whether information obtained about plans identified in question 2
indicates that it is likely the plans will mitigate the adverse effects of the
conditions and events for a reasonable period of time and can be effectively
implemented. Considerations include the following:
(1) Restrictions on disposal of assets, such as covenants in loan
agreements.
(2) Apparent marketability of assets.
(3) Possible direct or indirect effects of disposal of assets.
(4) Other considerations (describe).
(1) Availability of debt financing, including existing or committed credit
arrangements, such as lines of credit or arrangements for factoring
receivables or sale-leaseback of assets.
(2) Existing or committed arrangements to restructure or subordinate
debt or to guarantee loans to the entity.
(3) Possible effects on borrowing plans of existing restrictions on
additional borrowing or the sufficiency of available collateral.
(1) Apparent feasibility of plans to reduce overhead or administrative
expenditures, postpone maintenance or research and development
projects, or lease rather than purchase assets.
(2) Possible direct or indirect effects of reduced or delayed
expenditures.
(1) Apparent feasibility of plans to increase ownership equity, including
existing or committed arrangements to raise additional capital.
(2) Existing or committed arrangements to reduce current dividend
requirements or to accelerate cash distributions from affiliates or
other investors.
When considering managements plans, identify those elements that are
particularly significant to overcoming the adverse effects of the conditions
and events.
4. Describe the auditing procedures performed and information obtained to
evaluate managements plans as indicated in Question 3, or cross-reference
Yes No Description
to the workpaper where those procedures are described.

Auditing procedures are performed to obtain evidential matter about
managements plans, for example, to consider the adequacy of support for
plans to dispose of assets.
If prospective financial information is particularly significant to
managements plans, consider the adequacy of support for significant
assumptions underlying the information, particularly assumptions that are
material to the prospective information, especially sensitive or susceptible
to change, or inconsistent with historical trends. This consideration should
include reading the prospective information and the underlying
assumptions and comparing prospective information of prior or current
periods with actual results or results to date.
5. Do the considerations of managements plans, summarized in Questions 3
and 4, cause you to conclude that there is substantial doubt about the entitys
ability to continue as a going concern for a reasonable period of time?
6. Consider the effect on the financial statements, including related disclosures,
and the auditors report:
a. Do the financial statements appropriately reflect the effects of the
conditions and events?
b. Are disclosures about the entitys ability to continue as a going concern
adequate?
c. Should the auditors report include an emphasis-of-matter paragraph?
d. If disclosures are inadequate, indicate whether the auditors report will
express a qualified or adverse opinion for the resultant departure from
generally accepted accounting principles.
Qualified Adverse N/A
If substantial doubt is alleviated, auditors should consider the need for
disclosure of the principal conditions and events that initially caused the
belief that there was substantial doubt; the possible effects of such
conditions and events; and any mitigating factors, including managements
plans.
If substantial doubt remains, auditors should consider the possible effects
on the financial statements and the adequacy of disclosures. In addition,
the auditors report should be appropriately modified.
The disclosure checklist at ASB-CX-13 summarizes disclosures for both
situations, that is, when substantial doubt is alleviated by consideration of
managements plans or when substantial doubt remains. Inadequate
disclosure in either situation would constitute a GAAP departure.
PPCs Guide to Auditors Reports provides examples of modified opinions
for GAAP disclosure omissions, as well as modified reports and disclaimers
Yes No Description
for GAAP disclosure omissions, as well as modified reports and disclaimers
of opinion for going-concern uncertainties.
7. Did you provide written or oral communication with those charged with
governance about:
a. The nature of the events or conditions identified?
b. The possible effect on the financial statements and the adequacy of
related disclosures in the financial statements?
c. The effects on the auditors report?
ASB-CX-16.2: Significant Estimates Identification Checklist
Completed by: Date:
Instructions: Preparation of financial statements normally requires making accounting estimates. Auditors are
required to perform risk assessment procedures, assess risks, and perform procedures in response to
assessed risks for accounting estimates and related disclosures in the audit of financial statements. Auditors
should review judgments and decisions made in the development of accounting estimates for indications of
possible management bias and perform a retrospective review of significant prior year estimates to determine
whether the underlying judgments and assumptions indicate possible bias. In addition, FASB ASC 275
(formerly SOP 94-6 Disclosure of Certain Significant Risks and Uncertainties) requires disclosure of certain
significant estimates that meet specified criteria. This checklist serves as a memory jogger to assist in
determining whether all estimates have been identified. It includes those estimates that are common in the
financial statements of nonpublic companies as well as other estimates that are less common, but it is not
intended to be a comprehensive list.
If this checklist is used, other estimates noted during the audit should be added in the Other sections of the
checklist. The Yes box should be checked for those estimates that are applicable to the clients financial
statements. The Disposition column is provided to assist you in documenting your consideration of
accounting estimates. For example, support for decisions not to disclose significant estimates can be
documented, particularly if decisions about whether the estimates meet the criteria for disclosure are difficult or
contentious. The results of procedures to review accounting estimates for bias can also be documented. (See
Steps 6 and 7 at ASB-AP-2 or ASB-AP-2-S.) Disposition can be documented either in the Disposition column
or by referencing to the workpaper where disposition is documented. Section 1809 of this Guide provides a
discussion of the audit requirements relating to accounting estimates, including fair value estimates. Section
1808 discusses in greater detail the requirements of FASB ASC 275 (formerly SOP 94-6) as well as related
audit considerations.
Applicable to the
Financial Statements?
Disposition or
W/P Reference Yes No
Assets
1. Allowance for uncollectible accounts receivable
2. Allowance for credit losses
3. Inventory valuation allowances
4. Depreciable lives and estimated residual value of property
and equipment
5. Leases:
a. Estimated economic life
b. Estimated residual value
c. Initial direct costs
d. Executory costs
6. Amortization period of intangible assets and deferred costs
Applicable to the
Disposition or
7. Impairment of goodwill
8. Impairment of other tangible and intangible long-lived assets
9. Fair value of investments in debt securities
10. Fair value of derivative instruments
11. Carrying amount of investments accounted for by the:
a. Equity method (for example, losses in excess of
investment)
b. Cost method (for example, impairments that are other
than temporary)
12. Valuation allowance for deferred tax assets
13. Other estimates identified during the audit:
a.
b.
c.
d.
Liabilities
14. Loss contingencies:
a. Guarantees of debt
b. Litigation
c. Environmental remediation liabilities
d. Other
15. Product warranty liabilities
16. Estimated real and personal property taxes
17. Liability for unrecognized tax benefits
18. Defined benefit pension plans (actuarial assumptions)
19. Postemployment benefits such as salary continuation or
severance benefits
20. Postretirement benefits other than pensions
21. Accrued compensation arising from share-based awards
22. Discontinued operations (such as estimated loss to be
incurred and proceeds from sale of assets)
23. Asset retirement obligations
24. Restructuring charges and exit costs
Applicable to the
Disposition or
a.
b.
c.
d.
Revenues and Expenses
26. Losses on sales contracts
27. Sales with right of return
28. Sales of real estate
29. Losses on purchase commitments
30. Long-term contracts:
a. Revenue to be earned
b. Cost to complete
c. Percent of completion
31. Estimates in interim financial statements:
a. Inventory and COGS using the gross profit method
b. Other costs and expenses
c. Annual effective tax rate
d. Other
a.
b.
c.
d.
General
33. Related-party transactions (such as collectibility or valuation
of a related-party receivable)
34. Gain contingencies
35. Fair value of financial assets and liabilities under the fair value
option
a.
b.
c.
Applicable to the
Disposition or
d.
e.
f.
g.
h.
ASB-CX-16.3: Concentrations Identification Checklist
Completed by: Date:
Instructions: FASB ASC 275 (formerly SOP 94-6, Disclosure of Certain Significant Risks and Uncertainties)
requires disclosure of certain concentrations that meet specified criteria, and FASB ASC 825 (formerly SFAS
No. 107, Disclosures about Fair Value of Financial Instruments) specifies disclosure requirements for
concentrations of credit risk.
Support for decisions not to disclose concentrations need to be documented, particularly if decisions about
whether the concentrations meet the criteria for disclosure are difficult. Such documentation can be
unstructured and can be done, for example, on the relevant workpaper or in a separate memo. If more
structured documentation is desired, this checklist can be used. The checklist also serves as a memory jogger
to assist in determining whether all concentrations have been identified. It includes those concentrations that
are common for nonpublic companies as well as other possible concentrations that are less common, but it is
not intended to be a comprehensive list.
If this checklist is used, other concentrations noted during the audit should be added in the Other section at
the end of this checklist. The Yes box should be checked for those concentrations that are applicable to the
clients financial statements, and the Disposition column should then be used to document consideration of
the disclosure criteria of FASB ASC 275 and FASB ASC 825. Disposition can be documented either in the
Disposition column or by referencing to the workpaper where disposition is documented. Disposition will
often consist of discussions with management and follow-up and corroboration of managements responses
as considered necessary. Section 1808 of this Guide discusses in greater detail the requirements of FASB ASC
275 as well as related audit considerations.
Applicable to
the Client?
Disposition or
Concentration
1. Major customers or groups of customers
2. Major suppliers or groups of suppliers
3. Dependence on a single lender or group of lenders
4. Products that comprise a major portion of revenues
5. Services that comprise a major portion of revenues
6. Materials for which sources are limited or difficult to replace
7. Labor for which sources are limited or difficult to replace
8. Labor subject to collective bargaining agreements
9. Licenses or other rights used in the companys operations:
a. Patents
b. Franchise agreements
c. Other
Applicable to
the Client?
Disposition or
10. Dependence on operations in a particular market or geographic
area

11. Foreign operations
12. Other concentrations noted during the audit:
a.
b.
c.
ASB-CX-16.4: Accounting and Engagement Issues
Completed by: Date:
Instructions
Departure from Presumptively Mandatory RequirementThis form may be used to document the
justification for any departure from a presumptively mandatory requirement in the applicable authoritative
standards including how the alternative policies established, or procedures performed, were sufficient to
achieve the objectives of the requirement.
ConsultationsThis form may be used to document the nature and scope of consultations with other
professional resources involving difficult or contentious issues. Such documentation includes decisions made
as a result of the consultations and the basis for those decisions, and how the decisions were implemented.
Differences of OpinionThis form may be used to document differences of opinion among engagement
team members, with those consulted, or between the engagement partner and engagement quality control
reviewer concerning engagement issues. Documentation should include the conclusions reached regarding
the differences and how those conclusions were implemented. The report should not be released until the
matter is resolved. After appropriate consultation has occurred, this form may also be used to provide
documentation that an engagement team member(s) disagrees with the conclusions reached and believes it is
necessary to disassociate him or herself from the resolution of the matter.
Engagement WithdrawalFinally, this form may be used to document significant issues, consultations,
conclusions, and the basis for conclusions relating to decisions to withdraw from an engagement or from both
the engagement and the client relationship. The authors believe that firm management is normally involved in
approving any withdrawal decisions.
1. If there is a departure from a presumptively mandatory requirement, describe the justification for the departure and the
alternative policies established, or procedures performed, and how they were sufficient to achieve the objectives of the
requirement.

2. Briefly describe the consultation, difference of opinion, or engagement withdrawal issue and summarize the facts giving
rise to the issue.

3. Describe the actions taken and evidence obtained to address the issue, including relevant professional literature and
consultations. Procedures to resolve such differences may include consulting with another practitioner or firm or a
professional or regulatory body. If applicable, document discussions of the significant issue or finding with management
and others, including when and with whom the discussions occurred, and responses.

4. Describe the reasoning process used to formulate the conclusion. (Document consideration of conflicting evidence or
guidance supporting contrary points of view and how such divergent matters were addressed.)

5. Summarize the final resolution of the issue, the basis for the conclusion, and how it was implemented.

Final Resolution Approved By:

Partner Date
For Differences of Opinion:
The following individuals disagree with the resolution of the matter discussed above:
Name Date

ASB-CX-17: Engagement Administration
ASB-CX-17.1: Client Billing Information
Instructions: This form may be completed on prospective audit clients. See section 202. If the client is
accepted by the firm, a copy of this completed form may be routed to the administrative secretary for
completion of billing information, and the original filed in the clients permanent file.
Entity: Client Number:
Address: Telephone No:
Fax No:
Website Address: Email Address:
Primary Client Contact: Primary Owners:
Type of Organization:
Fiscal Year End:
How Long in Business:
Approx. Sales Volume: Approx. Net Worth:
Description of Clients Business:

Is the Business: Very Successful? Successful? Struggling?
Description of Services Desired:

Personnel
Level
Approx. Annual
Hours
Billing
Rate
Approx. Annual
Billing
Staff
Assigned
Amount of Fee Estimate Given to Client:
Send Bills to:
Partner Assigned: Other Firm Contact:
How Obtained:
Prior Accountant: Banker:
Attorney: Other References:

COMMENTS:

Completed By: Date:
ASB-CX-17.2: Engagement Status Report
Client Number: Completed By:
Instructions: This form may be used to report the progress of the major audit engagement activities. See
section 311. The planned dates are inserted during the engagement planning process and actual dates
recorded as the indicated activities are completed. Explain any unusual delays or schedule changes in the
Comments column and attach additional sheets if necessary. Requirements for completing the audit
documentation and dating the auditors report are discussed in section 802. Issuing internal control
communications is discussed in section 1814.
Distribution (indicate names): Budget Information:
Audit Partner: Hours:
Audit Manager or Supervisor: Fees : $
Other (indicate): Expenses: $
Activity Planned Date Actual Date Comments
ENGAGEMENT LETTER RECEIVED:
ENGAGEMENT PLANNING AND RISK
ASSESSMENT:
Completed
Reviewed
ENGAGEMENT FIELDWORK:
Fieldwork Started
Fieldwork Completed
ENGAGEMENT REVIEW:
Submitted for Manager/Partner Review
Manager/Partner Review Completed
Engagement Quality Control Review Completed,
if applicable
ENGAGEMENT REPORTING AND CLIENT
COMMUNICATIONS:
Audit Report Date
Report Submitted for Processing
Final Draft Reviewed and Approved
Report Release Date
Communication of Internal Control Matters
Communication with Those Charged with
Governance

Activity Planned Date Actual Date Comments
DOCUMENTATION COMPLETION DATE:
ENGAGEMENT TAX RETURNS:
Submitted for Preparation
Tax Returns Delivered
ADMINISTRATIVE:
Staff Evaluations Completed
Billing Summary Prepared
ENGAGEMENT COMPLETED
Partners Signature/Date
ASB-CX-17.3: Audit Time Summary
Instructions: This form may be used to prepare the budget and monitor actual time for all audit personnel on one form. See section 311
all staff post their names and the date on a line at the lower left portion of the form and record time spent on various audit areas in the appropriate
columns. Subtotal the columns whenever a status report is desired.
Audit Category
Total
Extended
Rate
Rate per
Hour
Total
Hours
Planning
and
Risk
Assess.
Review
and
Supv.
General
Proc. Cash
Accts.
Rec.
Inventor
y Obs.
Inventor
y Testing Property
Invest.
and
Deriv.
Other
Assets
Accts.
Pay. and
Accr.
Liab.
Notes
Pay. and
L/T Debt
Inc.
Taxes
Prior Year Actual
Current Year Budget:
Partner
Manager
Senior
Senior
Staff I
Staff II
Clerical
Total
Name and Date
Current Year Actual:
Audit Category
Total
Extended
Rate
Rate per
Hour
Total
Hours
Planning
and
Risk
Assess.
Review
and
Supv.
Other
General
Proc. Cash
Accts.
Rec.
Inventor
y Obs.
Inventor
y Testing Property
Prepaids
and
Other
Assets
Invest.
and
Deriv.
Accts.
Pay. and
Accr.
Liab.
Notes
Pay. and
L/T Debt
Inc.
Taxes
Name and
DateCurrent Year
DateCurrent Year
Actual:
Total to Date
VarianceBudget
vs. Actual
ASB-CX-17.4: Confirmation and Correspondence Control
Instructions: This form may be used to control and monitor the status of audit confirmations and other correspondence. Additional sheets can be
attached if there is not enough space on this form to list all confirmations (for example, for accounts receivable). For unreturned confirmations, the
workpaper reference column can be used to refer to the workpaper containing documentation of alternative procedures or other disposition.
Date Sent
Description Form No. Addressee
First
Request
Second
Request
Subsequent
Requests
Date
Received
Confirmations:
Financial institutions:
Account balances ASB-CL-6.1
Compensating balances ASB-CL-10.5
Credit lines ASB-CL-10.6
Contingent liabilities ASB-CL-10.7
Securities ASB-CL-8.2,
ASB-CL-8.3
Accounts receivable:
Positive/blind requests ASB-CL-7.1,
ASB-CL-7.2,
ASB-CL-7.3,
ASB-CL-7.5,
ASB-CL-7.6
Negative requests ASB-CL-7.4
Notes receivable ASB-CL-7.7
Inventories held by third
parties
ASB-CL-9.1,
ASB-CL-9.2
Insurance:
Life insurance ASB-CL-12.1
Other insurance coverage ASB-CL-12.2
Accounts payable ASB-CL-10.1
Date Sent
Description Form No. Addressee
First
Request
Second
Request
Subsequent
Requests
Date
Received
Notes payable ASB-CL-10.2,
ASB-CL-10.3,
ASB-CL-10.4
Lease agreements ASB-CL-12.3
Related party ASB-CL-12.4
Other Correspondence:
Engagement letter ASB-CL-1.1
Request for legal
representation
ASB-CL-2.1,
ASB-CL-2.2
Management representation
letter
ASB-CL-3.5,
ASB-CL-3.2
Request for defined benefit
plan information
ASB-CL-11.1,
ASB-CL-11.2
Other (specify):
CONFIRMATION AND CORRESPONDENCE LETTERS (ASB-CL)
Instructions
This section includes formats for correspondence commonly used on an audit of a nonpublic commercial entity. Included on
each letter are Practical Considerations to assist in the processing of the letters.
Generator.
firms workpapers.
PPCs Practice Aids are Word & Excel versions of all editable practice aids contained in your PPC Guide.
products can be ordered by calling your PPC representative at (800) 431-9025. Engagement CS can be ordered at (800)
968-8900 or from the Creative Solutions website at cs.thomsonreuters.com.
Caution: Copies of these letters should be used only to assist you and should not be used in any published document
These letters are updated annually to keep your Guide current with the latest authoritative literature. Thus, if your firm keeps
an inventory or master copies of frequently used letters, make sure they have not become outdated by subsequent changes.
To determine whether changes have been made to letters in the latest edition of this Guide, refer to the List of Substantive
Changes and Additions, which is provided with the annual update.
you may have to improve the usefulness of the letters.
ASB-CL-1: Engagement Letters
ASB-CL-1.1: Audit Engagement Letter
a
[CPA Firms Letterhead]
[Date]
[Clients Name and Address]
b
We are pleased to confirm our understanding of the services we are to provide for [Clients Legal Name] for the [period,
year, OR years] ended [Date(s)] .
We will audit the balance sheet(s) of [Client] as of [Period or Year End(s)] , and the related statements of income, retained
earnings, and cash flows for the [period, year, OR years] then ended.
c
Also, the following supplementary information
accompanying the financial statements will be subjected to the auditing procedures applied in our audit of the financial
statements and certain additional procedures, including comparing and reconciling such information directly to the underlying
accounting and other records used to prepare the financial statements or to the financial statements themselves, in
accordance with auditing standards generally accepted in the United States of America, and our auditors report will provide
an opinion on it in relation to the financial statements as a whole:
d
1.
2.
3.
We will also prepare the companys federal and state income tax returns for the [period OR year] ended [Date(s)] .
e
Audit Objective
The objective of our audit is the expression of an opinion about whether your financial statements are fairly presented, in all
material respects, in conformity with U.S. generally accepted accounting principles.
f
Our audit will be conducted in
accordance with auditing standards generally accepted in the United States of America and will include tests of your
accounting records and other procedures we consider necessary to enable us to express such an opinion.
g, h
If our opinion
is other than unmodified, we will discuss the reasons with you in advance. If, for any reason, we are unable to complete the
audit or are unable to form or have not formed an opinion, we may decline to express an opinion or to issue a report as a
result of this engagement.
i
Audit Procedures
Our procedures will include tests of documentary evidence supporting the transactions recorded in the accounts, tests of the
physical existence of inventories, and direct confirmation of certain assets and liabilities by correspondence with selected
customers, creditors, and financial institutions.
j
We will also request written representations from your attorneys as part of the
engagement.
k
At the conclusion of our audit, we will require certain written representations from you about the financial
statements and related matters.
An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements;
therefore, our audit will involve judgment about the number of transactions to be examined and the areas to be tested. An
audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant
accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We will
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material
misstatement, whether from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of assets, or (4) violations of
laws or governmental regulations that are attributable to the entity or to acts by management or employees acting on behalf of
the entity.
Because of the inherent limitations of an audit, combined with the inherent imitations of internal control, and because we will
not perform a detailed examination of all transactions, there is a risk that material misstatements may exist and not be
detected by us, even though the audit is properly planned and performed in accordance with U.S. generally accepted
auditing standards. In addition, an audit is not designed to detect immaterial misstatements or violations of laws or
governmental regulations that do not have a direct and material effect on the financial statements.
l
However, we will inform
the appropriate level of management of any material errors, fraudulent financial reporting, or misappropriation of assets that
comes to our attention.
m
We will also inform the appropriate level of management of any violations of laws or governmental
regulations that come to our attention, unless clearly inconsequential.
n, o
Our responsibility as auditors is limited to the
period covered by our audit and does not extend to any later periods for which we are not engaged as auditors.
p
Our audit will include obtaining an understanding of the entity and its environment, including internal control, sufficient to
assess the risks of material misstatement of the financial statements and to design the nature, timing, and extent of further
audit procedures. An audit is not designed to provide assurance on internal control or to identify deficiencies in internal
control. However, during the audit, we will communicate to you and those charged with governance internal control related
matters that are required to be communicated under professional standards.
q, r
We may from time to time, and depending on the circumstances, use third-party service providers in serving your account.
We may share confidential information about you with these service providers, but remain committed to maintaining the
confidentiality and security of your information. Accordingly, we maintain internal policies, procedures, and safeguards to
protect the confidentiality of your personal information. In addition, we will secure confidentiality agreements with all service
providers to maintain the confidentiality of your information and we will take reasonable precautions to determine that they
have appropriate procedures in place to prevent the unauthorized release of your confidential information to others. In the
event that we are unable to secure an appropriate confidentiality agreement, you will be asked to provide your consent prior
to the sharing of your confidential information with the third-party service provider. Furthermore, we will remain responsible for
the work provided by any such third-party service providers.
s
Management Responsibilities
You are responsible for making all management decisions and performing all management functions; for designating an
individual with suitable skill, knowledge, or experience to oversee the tax services and any other nonattest services we
provide; and for evaluating the adequacy and results of those services and accepting responsibility for them.
t, u
You are responsible for establishing and maintaining internal controls, including monitoring ongoing activities; for the
selection and application of accounting principles; and for the fair presentation in the financial statements of financial position,
results of operations, and cash flows in conformity with U.S. generally accepted accounting principles.
v
You are also
responsible for making all financial records and related information available to us and for the accuracy and completeness of
that information. You are also responsible for providing us with (a) access to all information of which you are aware that is
relevant to the preparation and fair presentation of the financial statements, (b) additional information that we may request for
the purpose of the audit, and (c) unrestricted access to persons within the company from whom we determine it necessary to
obtain audit evidence.
w
Your responsibilities include adjusting the financial statements to correct material misstatements and confirming to us in the
management representation letter that the effects of any uncorrected misstatements aggregated by us during the current
engagement and pertaining to the latest period presented are immaterial, both individually and in the aggregate, to the
financial statements taken as a whole.
You are responsible for the design and implementation of programs and controls to prevent and detect fraud, and for
informing us about all known or suspected fraud affecting the company involving (a) management, (b) employees who have
significant roles in internal control, and (c) others where the fraud could have a material effect on the financial statements.
Your responsibilities include informing us of your knowledge of any allegations of fraud or suspected fraud affecting the
company received in communications from employees, former employees, regulators, or others. In addition, you are
responsible for identifying and ensuring that the entity complies with applicable laws and regulations. You are responsible for
the preparation of the supplementary information in conformity with U.S. generally accepted accounting principles. You agree
to include our report on the supplementary information in any document that contains, and indicates that we have reported
on, the supplementary information. You also agree to include the audited financial statements with any presentation of the
supplementary information that includes our report thereon.
x, y, z, aa, ab
Engagement Administration, Fees, and Other
We understand that your employees will prepare all cash, accounts receivable, and other confirmations we request and will
locate any documents selected by us for testing.
ac
[Name of Engagement Partner] is the engagement partner and is responsible for supervising the engagement and signing
the report or authorizing another individual to sign it.
ad
We expect to begin our audit on approximately [Date] .
ae
We estimate that our fees for these services will range from $ to $ for the audit and $ to $ for the tax
return. You will also be billed for travel and other out-of-pocket costs such as report production, word processing, postage,
etc. Additional expenses are estimated to be $ . The fee estimate is based on anticipated cooperation from your
personnel and the assumption that unexpected circumstances will not be encountered during the engagement.
af
If significant
additional time is necessary, we will keep you informed of any problems we encounter and our fees will be adjusted
accordingly. Our invoices for these fees will be rendered each month as work progresses and are payable on
presentation.
ag, ah
We appreciate the opportunity to be of service to you and believe this letter accurately summarizes the significant terms of our
engagement. If you have any questions, please let us know. If you agree with the terms of our engagement as described in
this letter, please sign the enclosed copy and return it to us.
ai
Very truly yours,
[CPA Firms Name]
RESPONSE:
This letter correctly sets forth the understanding of [Clients Name] .
Officer signature:
Title:
Date:
a
This letter should be used at the outset of each annual engagement to communicate and document the understanding
with the client about the services to be performed. Auditors occasionally find that owner/managers of small businesses
do not understand some of the provisions of this agreement. As a result, small business clients may resist signing the
letter. The discussion at paragraph 203.8 discusses steps auditors can take in that situation. In addition, the authors
believe in most circumstances that it is a best practice to obtain an engagement letter each year, rather than issuing a
multiyear engagement letter. For audits of financial statements for periods ending on or after December 15, 2012, if a
multiyear engagement letter is used, the auditor should assess each year whether circumstances require the terms of the
engagement letter be revised. If the auditor does not issue a new engagement letter, he or she should remind
management of the terms of the engagement. That reminder, which may be either written or oral, should be documented
(AU-C 210.13).
b
Depending on the structure of the entity, the engagement letter may be addressed to management, those charged with
governance, or both. The auditor is required to obtain managements agreement that it acknowledges and understands
its responsibilities and also is required to establish an understanding of the services to be performed with those charged
with governance (which would normally include the board of directors and audit committee, if one exists). To achieve
those objectives, the authors recommend that the engagement letter be addressed to both management and those
charged with governance. If the engagement letter is addressed only to those charged with governance or the audit
committee, change you and your throughout the letter to management or the company, as appropriate. The letter
at ASB-CL-5.1 can be used instead of the engagement letter to communicate with those charged with governance during
planning. However, even if the engagement letter or ASB-CL-5.1 is used for that purpose, the authors recommend also
having a face-to-face discussion with those charged with governance during planning to encourage appropriate two-way
communication. If the auditor communicates with a subgroup of those charged with governance, such as an audit
committee, the engagement letter may explicitly state that the auditor retains the right to communicate with the full
governing body.
c
In a recurring audit engagement where comparative financial statements will be presented, the authors believe it is
appropriate for the engagement letter to refer only to the period being audited (that is, the current period). Reference to
prior periods may be necessary, however, when the auditor is engaged in the current period to audit both the current
and one or more prior periods.
d
List any supplementary information, on which you have been engaged to report, that will accompany the basic financial
statements (for example, consolidating balance sheets and income statements for each majority-owned subsidiary or
joint venture, schedule of sales, schedule of expenses, etc.). If there is no supplementary information, delete this
sentence and the following list. If the supplementary information will not accompany the basic financial statements,
delete the phrase accompanying the financial statements. If you have not been engaged to report on supplementary
information that will accompany the audited financial statements, replace this sentence with the following:
Also, the following information accompanying the financial statements will not be subjected to the auditing
procedures applied in our audit of the financial statements and our auditors report will not provide an opinion
or any assurance on that information:
e
The auditor should list other nonattest services to be provided. It is recommended that separate fee estimates be stated
for each additional service to be rendered. Alternatively, a separate engagement letter may be used for the nonattest
services. A separate detailed engagement letter for tax return preparation services is illustrated in PPCs 1120 Deskbook.
See also practical considerations t and z. (Omit this paragraph if the auditor is not providing any nonaudit services.)
f
If the financial statements are prepared in conformity with an OCBOA, modify this paragraph to refer to the OCBOA used
(for example, modified cash basis of accounting or income tax basis of accounting). If the financial statements are
prepared in conformity with International Financial Reporting Standards (IFRS) as issued by the International Accounting
Standards Board, modify this paragraph to refer to IFRS.
g
The auditor might be engaged to conduct an audit using both U.S. GAAS established by the AICPAs Auditing Standards
Board and the auditing standards established by the PCAOB. In that case, this sentence can be replaced by the
following sentences:
Our audit will be conducted in accordance with generally accepted auditing standards established by the
Auditing Standards Board (United States) and in accordance with the auditing standards of the Public
Company Accounting Oversight Board (United States) and will include tests of your accounting records and
other procedures we consider necessary to enable us to express such an opinion. We will not perform an
audit of internal control over financial reporting.
This Guide was developed to help firms that audit nonpublic companies under auditing standards established by the
AICPA. PPCs Guide to PCAOB Audits can be used as a tool in auditing nonpublic entities under the PCAOB standards.
However, auditors need to consider the guidance in the PCAOB Staff Question and Answer document entitled Audits of
Financial Statements of Non-issuers Performed Pursuant to the Standards of the Public Company Accounting Oversight
Board. This document can be found at www.pcaobus.org/Standards/QandA/06-30-2004.pdf.
h
In a group audit, the following sentences may be added as necessary, depending on the significance of the components
and the relationship between the client and the components (AU-C 600.A28):
If making reference to a component auditor in the auditors report:
We will make reference to [Name of Component Auditor] s audit of [Name of Component] in our report on
your financial statements.
If assuming responsibility for the work of component auditors:
Our audit will also include performing procedures on the financial information of [Name of Component(s)] (or
requesting other auditors to perform procedures on the financial information of [Name of Component(s)] ) to
enable us to express such an opinion.
i
This sentence is recommended by the authors to mitigate the firms exposure to a breach of contract claim, should it
withdraw from the engagement prior to completion, disclaim an opinion, or decline to issue a report. For example, if a
significant risk of material misstatement due to fraud exists and the auditor is not satisfied with the integrity of
management and the diligence and cooperation from management in investigating the circumstances and taking
appropriate action to mitigate or resolve such risks, the auditor may consider withdrawing from the engagement.
Auditors may want to replace this sentence with the following language to further clarify the auditors right to withdraw
from the engagement:
If circumstances occur related to the condition of your records, the availability of sufficient, appropriate audit
evidence, or the existence of a significant risk of material misstatement of the financial statements caused by
error, fraudulent financial reporting, or misappropriation of assets, which in our professional judgment prevent
us from completing the audit or forming an opinion on the financial statements, we retain the right to take any
course of action permitted by professional standards, including declining to express an opinion or issue a
report, or withdrawing from the engagement.
j
This sentence needs to be modified to exclude tests of the physical existence of inventories if no significant inventories
exist due to the nature of the clients business.
k
This sentence is optional. The phrase and they may bill you for responding to this inquiry may be added to the
sentence to avoid negative reactions from clients in case they are billed by an attorney for responding to a legal
representation letter.
l
Some CPA firms like to mention to their clients that extended procedures designed to detect fraud can be performed at
the clients option but would be beyond the scope of the audit. The following paragraph can be used in those situations:
We have advised you of the limitations of our audit regarding the detection of fraud and the possible effect on
the financial statements (including misappropriation of cash or other assets). We have offered to perform, as a
separate engagement, extended procedures specifically designed to detect fraud and you have declined to
engage us to do so at this time.
m
If there is evidence that fraud may exist, the auditor is required to bring it to the attention of the appropriate level of
management, even if the matter is considered inconsequential. If the fraud involves management (regardless of
materiality) or is material to the financial statements, the auditor is required to report it directly to the audit committee or
others charged with governance (such as the owner/manager or board of directors). According to AU 316.79, auditors
should reach an understanding with those charged with governance about the nature and extent of communications
about misappropriations committed by lower-level employees. After implementation of AU-C 240 (for audits of periods
ending on or after December 15, 2012), the language in the clarified auditing standards is not as strong. AU-C 240.A69
indicates that auditors may consider it appropriate to reach an understanding with those charged with governance about
the nature and extent of communication about misappropriations committed by lower-level employees. Absent such an
agreement, the authors recommend reporting all fraud matters both to the appropriate level of management and to the
audit committee or others charged with governance. Paragraph 1816.6 provides a discussion regarding communicating
evidence of fraud.
n
Professional standards do not require the auditor to address these communications in the engagement letter. Some
firms omit these sentences because they believe they may increase a firms legal liability. They believe the auditor may
be left in a position of proving why a fraudulent act or a violation of law or regulation did not come to his or her attention.
o
See the discussion at paragraph 1816.6 regarding the communications about violations of laws and regulations.
p
Section 204 of this Guide and Chapter 10 of PPCs Guide to Managing an Accounting Practice discuss some other
clauses auditors might use to limit their exposure to legal liability and other losses. The authors recommend that auditors
consult their legal counsel and insurance carrier when assessing such language in an engagement letter. Examples of
clauses relating to the following matters are included (see also practical considerationae):
Loss limitations and indemnifications.
Time limitations.
Undertaking to be truthful.
Statute of limitations.
Collection of fees relating to client litigation when the auditor is not a party.
Reliance on oral advice or the absence of advice.
Obtaining a retainer.
Compensation for employees hired by clients.
Notification of report reproduction.
Alternative dispute resolution.
q
AU-C 265 is discussed in section 1814. Illustrative letters that comply with AU-C 265 are at ASB-CL-4.1, ASB-CL-4.2, and
ASB-CL-4.3. If management is interested, the auditor might provide a sample of the letters before conducting the audit.
r
If the auditor is required by law, regulation, or audit contract to provide access to audit documentation to regulators, the
following language may be added:
The audit documentation for this engagement is the property of [CPA Firms Name] and constitutes
confidential information. However, we may be requested to make certain audit documentation available to
[Name of Regulator] pursuant to authority given to it by law or regulation. If requested, access to such audit
documentation will be provided under the supervision of [CPA Firms Name] personnel. Furthermore, upon
request, we may provide copies of selected audit documentation to [Name of Regulator] . The [Name of
Regulator] may intend, or decide, to distribute the copies or information contained therein to others, including
other government agencies.
s
Ethics Ruling No. 112 (ET 191.224.225) under Rule 102, Integrity and Objectivity, requires that clients be informed,
preferably in writing, if the audit firm will outsource professional services to third-party service providers (see paragraph
202.65). If a third-party service provider is not used to perform professional services, this paragraph can be omitted.
t
If the auditor performs nonattest services, such as consulting services, tax return preparation, or bookkeeping, the
auditor should comply with Ethics Interpretation 101-3, Performance of Nonattest Services. The Interpretation requires
practitioners providing nonattest services to their attest clients to establish and document in writing an understanding
with the client about the nonattest services. Part of that understanding is the clients acceptance of its responsibilities for
the nonattest services.
This paragraph satisfies the Interpretations documentation requirements. The last sentence could be modified as
necessary to list all of the nonattest services provided (see also practical consideration e). For example, if the auditor will
perform bookkeeping services in addition to tax services, the last sentence could begin, You are also responsible for
making all management decisions and performing all management functions; for designating an individual with suitable
skill, knowledge, or experience to oversee the bookkeeping, tax, and any other nonattest services we provide . . . . The
Interpretation is discussed beginning at paragraph 202.33. If the auditor is not providing nonattest services, the
Interpretation does not apply and this paragraph should be omitted.
Some auditors may prefer to have the client specifically designate in the engagement letter the individual responsible for
overseeing the nonattest services. In that case, the paragraph can be replaced by the following:
You are responsible for making all management decisions and performing all management functions; for
designating an individual, [Name of Designated Individual] , with suitable skill, knowledge, or experience to
oversee the tax services and any other nonattest services we provide; and for evaluating the adequacy and
results of those services and accepting responsibility for them.
u
Auditors may want to add the following language to further clarify the clients responsibility for the tax return:
We will advise you with regard to tax positions taken in the preparation of the tax returns, but the responsibility
for the tax returns remains with you.
v
If the financial statements are prepared in conformity with an OCBOA or IFRS, modify this paragraph to refer to the
OCBOA used or to IFRS. For audits of periods ending on or after December 31, 2012, AU-C 800.11 states that the
auditor should obtain managements agreement that it acknowledges and understands its responsibility to include all
appropriate informative disclosures in OCBOA financial statements. The following paragraph can be used in those
situations:
You are responsible for including all informative disclosures that are appropriate for the [[Name of OCBOA]] .
Those disclosures will include (a) a description of the [[Name of OCBOA]] , including a summary of significant
accounting policies, and how the [[Name of OCBOA]] differs from GAAP; (b) informative disclosures similar to
those required by GAAP; and (c) additional disclosures beyond those specifically required that may be
necessary for the financial statements to achieve fair presentation.
w
In a group audit, this sentence may be modified as necessary to also address access (or arrangements to facilitate
access) to component information, persons at components (including management and those charged with
governance), or component auditors.
x
Some auditors like to include a paragraph such as the following committing management to notify the auditor if
management intends to reproduce the report in a document containing other information and to provide the document in
advance for the auditor to read:
You are also responsible to notify us in advance of your intent to print our report, in whole or in part, and to
give us the opportunity to review such printed matter before its issuance.
y
Some entities may publish their financial statements and the related auditors report in an electronic site, such as the
entitys website. AU-C 720.A4 clarifies that, for GAAS purposes, information contained on an entitys website is not
considered to be other information and, accordingly, is not subject to the requirements of AU-C 720. Thus, auditors are
not responsible for reading information in electronic sites containing audited financial statements or for considering the
consistency of other information in those sites with the original document. Because of the potential security issues
surrounding audited financial statements published electronically, and to avoid any misconceptions clients may have
about the auditors responsibility for those statements, auditors may want to consider adding a clause such as the
following to their engagement letter when a client publishes financial statements electronically:
With regard to the electronic dissemination of audited financial statements, including financial statements
published electronically on your Internet website, you understand that electronic sites are a means of
distributing information and, therefore, we are not required to read the information contained in those sites or
to consider the consistency of other information in the electronic site with the original document.
z
Auditors may want to add an additional paragraph such as the following to address the confidentiality privilege related to
certain written or oral tax advice. See paragraph 1601.41. See also practical consideration e.
Certain communications involving tax advice are privileged and not subject to disclosure to the IRS. By
disclosing the contents of those communications to anyone, or by turning over information about those
communications to the government, you, your employees, or agents may be waiving this privilege. To protect
this right to privileged communication, please consult with us or your attorney prior to disclosing any
information about our tax advice. Should you decide that it is appropriate for us to disclose any potentially
privileged communication, you agree to provide us with written, advance authority to make that disclosure.
aa
In order to coordinate the auditors report date, management representation letter date, and the subsequent events
evaluation footnote disclosure date, the auditor may want to discuss the dating requirements with management in
advance of starting the audit. Additionally, the auditor may include in the engagement letter a provision that management
will not date the subsequent event note earlier than the date of their management representation letter (also the date of
the auditors report). (See sections 1804, 1805, and 1813.) The following type of clause might be included in the letter:
You are required to disclose the date through which subsequent events have been evaluated and whether
that date is the date the financial statements were issued or were available to be issued. You agree that you
will not date the subsequent event note earlier than the date of your management representation letter.
ab
This letter assumes supplementary information will accompany the basic financial statements and the auditor has been
engaged to report on that information in relation to the financial statements as a whole. If you have been engaged to
report on supplementary information, AU-C 725.06 requires you to obtain managements agreement that it
acknowledges and understands its responsibility for the supplementary information. If the supplementary information is
prepared in conformity with criteria other than U.S. GAAP, replace the reference to U.S. GAAP with the criteria used for
preparation of the information. If there is no supplementary information, or you have not been engaged to report on the
information, delete the preceding three sentences. If you have been engaged to report on supplementary information but
it will not accompany the audited financial statements, replace the last sentence with the following:
You agree to make the audited financial statements readily available to users of the supplementary
information no later than the date the supplementary information is issued with our report thereon.
ac
If the client has insufficient personnel to assist with these items, it is advisable to include a fee provision for preparation of
these items by the audit staff.
ad
QC 10.33 indicates that an audit firm should establish policies and procedures requiring that the identity and role of the
engagement partner be communicated to management and those charged with governance. This sentence provides
appropriate documentation that the communication has been made.
ae
An auditor can attempt to have the statute of limitations for professional malpractice claims begin running at the end of a
particular engagement by specifying the ending date or event in the engagement letter. For example, the following type
of clause might be included in the letter:
Our audit engagement ends on delivery of our audit report. Any follow-up services that might be required will
be a separate, new engagement. The terms and conditions of that new engagement will be governed by a
new, specific engagement letter for that service.
The engagement letter may also specifically state that the tax engagement will end upon the delivery of the tax returns.
Specifying the end of the engagement is discussed further beginning in paragraph 204.13.
af
Such unexpected circumstances might include, for example, a greater than expected risk of material misstatement due
to fraud. Section 402 of PPCs Guide to Managing an Accounting Practice illustrates clauses relating to unexpected
circumstances that might affect the fee estimate. See ASB-CL-1.2 for an engagement letter change order form when
circumstances necessitate additional procedures.
ag
Some auditors add language such as the following to address terms for payment of audit fees:
In accordance with our firm policies, work may be suspended if your account becomes [Number] days or
more overdue and will not be resumed until your account is paid in full. If we elect to terminate our services for
nonpayment, our engagement will be deemed to have been completed even if we have not issued our report.
You will be obligated to compensate us for all time expended and to reimburse us for all out-of-pocket
expenditures through the date of termination.
Some auditors believe that the first sentence of the preceding paragraph provides some protection against liability for
breach of contract should they not complete the engagement because of nonpayment.
ah
Additional services may be added to an engagement after the engagement has begun. When clients request additional
services, misunderstandings can be avoided by sending a letter to the client (1) detailing any agreed-upon changes in
fees and services and (2) indicating that, except as provided therein, the terms of the original engagement letter apply. If
the scope of agreed-upon services changes significantly, the auditor may consider issuing a separate engagement letter
to cover the additional services. If significant nonattest services are added to an engagement, the authors recommend
issuing a new engagement letter to cover the additional services. At a minimum, the engagement letter or the
workpapers should include documentation of the understanding with the client regarding performance of the nonattest
services in accordance with Ethics Interpretation 101-3, as discussed in practical consideration t. (ASB-CX-1.2 provides a
form auditors can use to meet the Interpretations documentation requirements when additional nonattest services are
added after the engagement has begun.) The following paragraph can be used in an engagement letter to address the
issue of requests for additional services:
You may request that we perform additional services not addressed in this engagement letter. If this occurs,
we will communicate with you concerning the scope of the additional services and the estimated fees. We
also may issue a separate engagement letter covering the additional services. In the absence of any other
written communication from us documenting such additional services, our services will continue to be
governed by the terms of this engagement letter.
ai
For audits of financial statements for periods ending on or after December 15, 2012, if the entity requests a change in the
level of service (for example, from an audit to a review) or another change in the terms of the engagement, and there is a
reasonable justification for the change, the auditor should agree on and document that agreement in an engagement
letter or other suitable form of written communication (AU-C 210.16). PPCs Guide to Compilations and Review
Engagements includes engagement letters that can be used if there is a change in the level of service (for example, from
an audit to a review). The Engagement Letter Change Order Form at ASB-CL-1.2 can be used to document other
changes in the terms of the engagement. Section 203 discusses changes in the terms of an audit engagement, including
reasons why a change may or may not be reasonably justified and what to do if you determine there is not a reasonable
justification for the change.
ASB-CL-1.2: Engagement Letter Change Order Form
a, b
Name of Client: Period Ended:
Proposed by: Date Prepared:
At this time we anticipate having to perform the following services in addition to those agreed to in our engagement letter
dated [Date of Engagement Letter] in order to complete the audit of the financial statements for [Name of Client] :
Reason for requiring the change order:

Nature of work to be performed:

Revision of timetable:

Estimated cost of change/ additional work:

You will be billed for the actual time expended on the services at our standard hourly rates. The terms and conditions of
payment will be the same as in our engagement letter.
Approved by Firm: Accepted:
Client:
[CPA Firms Name] Date:
Rejected:
I do not want [Firm Name] to perform the additional services required. I will be responsible for ensuring that our personnel
will provide the requested assistance. I realize that this will cause a delay in delivery of our financial statements.
Client:
Date:
a
Some auditors may request written permission from the client before performing additional procedures that are
necessary because the client failed to provide the agreed-upon level of assistance. This form may be used to document
the clients agreement to pay the additional fees necessary if the auditor performs such procedures. Section 203
discusses using a change order form and language that may be added to the engagement letter to facilitate using this
form.
b
For audits of financial statements for periods ending on or after December 15, 2012, if the entity requests a change in the
level of service (for example, from an audit to a review) or another change in the terms of the engagement, and there is a
reasonable justification for the change, the auditor should agree on and document that agreement in an engagement
letter or other suitable form of written communication (AU-C 210.16). PPCs Guide to Compilations and Review
Engagements includes engagement letters that can be used if there is a change in the level of service (for example, from
an audit to a review). This letter can be used to document other changes in the terms of the engagement. Section 203
discusses changes in the terms of an audit engagement, including reasons why a change may or may not be reasonably
justified and what to do if you determine there is not a reasonable justification for the change.
ASB-CL-1.3: Resignation LetterDrafting Form
a, b, c, d
[Firm Letterhead]
[Date]
[Name of Client]
e
[Address]
Effective [Date] , we will cease our services as your accountants. We have reached this decision reluctantly and after
substantial deliberation because [Insert short description, as appropriate, such as one or more of the following:]
f
[we do not feel that we can continue to provide your company with the level of services that you require.]
[of your continued failure to pay for our services on a timely basis.]
[of a growing conflict of interest in our services to your company and other clients we serve.]
We wish to remind you that you have unpaid invoices totaling $ [Amount] . This does not include our services rendered since
[Date] , which will be covered by an invoice to be sent to you shortly. We expect payment in full of all of these invoices
immediately. If you are not in a position to make immediate payment, please call us so that we may discuss an extended
payment arrangement.
g
We look forward to helping you make a smooth transition with your new accountants.
Very truly yours,
[Firm Name]
a
This letter needs to be sent as soon as the decision to resign from a client is reached and needs to be tailored for the
unique aspects of each resignation. The authors recommend that, in most cases, the firm contact legal counsel to
determine the most appropriate method of making this communication. See the discussion beginning with paragraph
911.5.
b
Some auditors include a paragraph such as the following if there are matters such as tax-filing deadlines that need
immediate attention:
You should take immediate steps to retain a new accounting firm as there are a number of accounting matters
that require immediate attention. Those matters include:
1.
2.
3.
4.
[Subject to your making satisfactory arrangements for the payment of your outstanding invoices, we will
cooperate with your new accountants in addressing these and other matters OR We will cooperate with your
new accountants in addressing these and other matters] .
To facilitate that process, please send us a letter authorizing us to make disclosures to your new accountants.
Without such a letter, we are ethically prohibited from communicating with others regarding your companys
affairs.
If the resignation is on a less than friendly basis, consider conditioning access to the firms workpapers to the successor
firms agreement not to advise the client regarding the firms compliance with professional standards.
Some auditors believe that volunteering a list of matters for follow-up might be relied on by the client as complete and
could increase exposure to litigation. Those auditors either omit the list of follow-up matters, or state in the letter that the
list addresses only those matters of which the firm is aware. The letter might also state that the firm has not attempted to
make a determination of all such follow-up matters.
c
ASB-CX-16.4 may be used to document significant issues, consultations, conclusions, and the basis for the conclusions
relating to decisions to withdraw from an engagement or client relationship as required by quality control standards.
d
For audits of financial statements for periods ending on or after December 15, 2012, if the auditor withdraws due to a
scope limitation, the auditor should communicate to those charged with governance any matters regarding
misstatements identified during the audit that would have given rise to a modification of the opinion (AU-C 705.14).
ASB-CL-5.2, Communication with Those Charged with Governance at or Near the Conclusion of the Audit, can be used
to make that communication.
e
If a partnership or corporation, address letter to appropriate officer such as the managing partner or president.
f
These are common reasons why a firm would resign from an engagement. In most cases, only one reason for the
resignation will be cited. In some cases, the auditor may not wish to cite a reason for the resignation. If a reason is cited,
be careful to avoid any reference that could be considered libelous. Also, if there is concern that the former client might
sue for breach of contract, the reason for resignation needs to be appropriately explicit.
g
This paragraph is needed only if the client has an unpaid balance.
ASB-CL-2: Legal Letters
ASB-CL-2.1: Request for Legal RepresentationLawyer Is Requested to Provide Information
a, b
[Clients Letterhead]
[Date]
[Lawyers Name and Address]
c
Our auditors, [Name and Address] , are conducting an audit of our financial statements at [Date] and for the [Period] then
ended. This letter will serve as our consent for you to furnish to our auditors all the information requested herein. Accordingly,
please furnish to them the information requested below involving matters with respect to which you have been engaged and
to which you have devoted substantive attention on behalf of the Company in the form of legal consultation or
representation.
d
Pending or Threatened Litigation, Claims, and Assessments (excluding unasserted claims and assessments)
Please prepare a description of all material litigation, claims, and assessments (excluding unasserted claims and
assessments). Materiality for purposes of this letter includes items involving amounts exceeding $
e
individually or in the
aggregate. The description of each matter should include:
1. the nature of the litigation,
f
2. the progress of the matter to date,
3. how management is responding or intends to respond to the litigation, e.g., to contest the matter vigorously or to seek
an out-of-court settlement, and
4. an evaluation of the likelihood of an unfavorable outcome and an estimate, if one can be made, of the amount or range
of potential loss.
Also, please identify any pending or threatened litigation, claims, and assessments with respect to which you have been
engaged but as to which you have not yet devoted substantive attention.
g
Unasserted Claims and Assessments
We have represented to our auditors that there are no unasserted possible claims or assessments that you have advised us
are probable of assertion and must be disclosed in accordance with FASB Accounting Standards Codification 450,
Contingencies.
h
We understand that whenever, in the course of performing legal services for us with respect to a matter recognized to involve
an unasserted possible claim or assessment that may call for financial statement disclosure, if you have formed a professional
conclusion that we should disclose or consider disclosure concerning such possible claim or assessment, as a matter of
professional responsibility to us, you will so advise us and will consult with us concerning the question of such disclosure and
the applicable requirements of FASB Accounting Standards Codification 450, Contingencies (excerpts of which can be found
in the ABAs Auditors Letter Handbook).
i
Please specifically confirm to our auditors that our understanding is correct.
Response
Your response should include matters that existed as of [Date] , and during the period from that date to the effective date of
your response. Please specify the effective date of your response if it is other than the date of reply.
Please specifically identify the nature of, and reasons for, any limitations on your response.
j
Our auditors expect to have the audit completed by about [Date] .
k
They would appreciate receiving your reply by that date
with a specified effective date no earlier than [Date] .
k
You may also be requested to provide verbal updates to your written
response at a later date. We appreciate your timely response to such requests.
Other Matters
l
Please also indicate the amount we were indebted to you for services and expenses (billed or unbilled) on [Date] .
Very truly yours,
[Officers Name and Title]
[Clients Name]
a
This letter is generally used only if the client represents that there are no unasserted claims or assessments that are
probable of assertion and should be disclosed in accordance with FASB Accounting Standards Codification 450,
Contingencies. Otherwise, use the letter at ASB-CL-2.2. This letter may be used to obtain legal representation related to
litigation, claims, or assessments from both external and in-house legal counsel. Section 1803 discusses lawyers letters.
b
If the auditor obtains an oral response concerning matters covered by the audit inquiry letter, the auditor should
c
The auditor should analyze legal and professional fees and determine with the client the attorneys who are responsible
for general counsel.
d
Some clients prefer to add a statement such as the following to emphasize the retention of attorney-client and attorney
work product privileges:
We do not intend either this request or your response to our auditor to constitute a waiver of the
attorney-client privilege or the attorney work product privilege.
e
The amount should be based on the auditors preliminary judgment about materiality determined during the general
planning phase of the audit. Usually the amount is a fraction of performance materiality.
f
On occasion, an attorney will provide a response that is inadequate because it is incomplete, uses vague terms to
evaluate the outcome of the case, or does not provide an estimate of the range of potential loss. Auditors experiencing
these problems may choose to modify the letter to provide more guidance to the attorney about exactly what type of
information is needed. For example, the letter might specifically request the following information:
1. The nature of the litigation, including identification of:
a. The proceedings.
b. The claim(s) asserted.
c. The amount of monetary or other damages sought. If no amounts are stated in preliminary case filings, please
so state.
d. Whether or not the potential damages are covered by insurance and, if so, to what extent (policy limits,
deductibles, etc.).
e. The objectives sought by the plaintiff (if any) other than monetary or other damages (such as performance or
discontinued performance of certain actions).
2. The progress of the matter to date (in the process of discovery, trial, appeal, etc.).
3. How management is responding or intends to respond to the litigation, for example, to contest the matter vigorously
or to seek out-of-court settlement.
4. An evaluation of the likelihood of an unfavorable outcome. To avoid potential misunderstandings of your opinion,
please avoid vague phrases such as or similar to meritorious defense, without substantial merit, or reasonable
chance of dismissal. If no opinion can be expressed, please so state and explain the reasons.
5. An estimate of the amount or range of potential loss. It is important that you express an upper limit on possible and
probable losses. If no range or upper limits can be expressed, please so state and explain the reasons.
g
Some auditors prefer to inquire about matters for which the attorney has been engaged but has not devoted substantive
attention. The authors believe that this information is valuable if the attorney will respond. Attorneys willingness to
respond depends on the system they use to identify services provided to clients. The American Bar Associations
Statement of Policy Regarding Lawyers Responses to Auditors Requests for Information (AU-C 501, Exhibit A) states that
an attorneys response can be properly limited to matters to which they have given substantive attention. Therefore, it is
not a scope limitation when attorneys limit their response in this fashion.
h
The inquiry letter may state the clients representation about unasserted claims and assessments; however, it is
inappropriate under the ABAs Statement of Policy Regarding Lawyers Responses to Auditors Requests for Information
for lawyers to furnish an auditor with information on unasserted claims (other than those specified by the client in the
letter) because of concern about preserving the attorney-client privilege. In addition, lawyers will not confirm the
completeness of information furnished by management. However, the lawyer is requested, in the preceding paragraph of
the letter, to confirm his or her professional responsibility to advise and consult with the client on the required disclosure
of unasserted possible claims and assessments. Presumably, the lawyer would recognize a professional responsibility to
resign if management fails to disclose to the auditor a matter the lawyer believes will give rise to a material claim if
asserted.
i
The ABAs Auditors Letter Handbook is available in hardcopy or electronically in PDF format from the ABAs website at
www.apps.americanbar.org/abastore/index.cfm.
j
If a more detailed request is desired, auditors may choose to add clarification such as the following:
Please identify the nature and reasons for any limitations on your response, including but not limited to the
following situations:
1. Where you have limited the basis of your opinion(s) to facts obtained from an incomplete review.
2. Where you have limited your response to information obtained while serving as legal counsel and have
excluded other information obtained in the course of performing other services for the company (such as officer
or director).
3. Where you have limited your response to maintain a client confidence or secret.
k
It is preferable that the effective date of the lawyers response be as close as feasible to the date of the auditors report,
ordinarily no earlier than two weeks prior to that date. In cases where the lawyers letter is dated substantially in advance
of the audit report date, the auditor needs to obtain an updated response. This update can be oral or written, including
by email. The letter at ASB-CL-2.3 can be used to request a written update from the attorney. Oral responses should be
documented.
l
This item is optional.
ASB-CL-2.2: Request for Legal RepresentationLawyer Is Requested to Confirm Information
Provided by Client
a, b
[Date]
c
In connection with an audit of our financial statements at [Date] and for the [Period] then ended, management of the
Company has prepared and provided to our auditors, [Name and Address] , a description and evaluation of certain
contingencies, including those set forth below involving matters with respect to which you have been engaged and to which
you have devoted substantive attention on behalf of the Company in the form of legal consultation or representation. This
letter will serve as our consent for you to furnish to our auditors all the information requested herein. These contingencies are
regarded by management of the Company as material. Materiality for purposes of this letter includes items involving amounts
exceeding $
d
individually or in the aggregate.
e
Pending or Threatened Litigation, Claims and Assessments (excluding unasserted claims and assessments)
[Describe]:
f

Please furnish our auditors such explanation, if any, that you consider necessary to supplement the preceding information,
including an explanation of those matters about which your views may differ from those stated and an identification of the
omission of any pending or threatened litigation, claims, and assessments, or a statement that the list of such matters is
complete.
Also, please identify any pending or threatened litigation with respect to which you have been engaged but as to which you
have not yet devoted substantive attention.
g
Unasserted Claims and Assessments (considered by management to be probable of assertion, and that, if asserted, would
have at least a reasonable possibility of an unfavorable outcome)
[Describe]:
h

Please furnish to our auditors such explanation, if any, that you consider necessary to supplement the preceding information,
including an explanation of those matters about which your views may differ from those stated.
We have represented to our auditors that the unasserted claims and assessments listed above include all such claims and
assessments that you have advised us are probable of assertion and must be disclosed in accordance with FASB Accounting
Standards Codification 450, Contingencies.
i
We understand that whenever, in the course of performing legal services for us with respect to a matter recognized to involve
an unasserted possible claim or assessment that may call for financial statement disclosure, if you have formed a professional
conclusion that we should disclose or consider disclosure concerning such possible claim or assessment, as a matter of
professional responsibility to us, you will so advise us and will consult with us concerning the question of such disclosure and
the applicable requirements of FASB Accounting Standards Codification 450, Contingencies. Please specifically confirm to
our auditors that our understanding is correct.
Response:
Your response should include matters that existed as of [Date] and during the period from that date to the effective date of
your response. Please specify the effective date of your response if it is other than the date of reply.
Please specifically identify the nature of and reasons for any limitation on your response.
j
Our auditors expect to have the audit completed by about [Date] .
k
They would appreciate receiving your reply by that date
with a specified effective date no earlier than [Date] .
k
You may also be requested to provide verbal updates to your written
response at a later date. We appreciate your timely response to such requests.
Other Matters:
l
Please also indicate the amount we were indebted to you for services and expenses (billed or unbilled) on [Date] .
Very truly yours,
[Clients Name]
a
This letter is generally used whenever the client can adequately describe claims, litigation, or assessments and evaluate
their outcome. The letter at ASB-CL-2.1 can be used if the client represents that there are no unasserted claims or
assessments that are probable of assertion and should be disclosed in accordance with FASB Accounting Standards
Codification 450, Contingencies. This letter may be used to obtain legal representation related to litigation, claims, or
assessments from both external and in-house legal counsel. Section 1803 discusses lawyers letters.
b
If the auditor obtains an oral response concerning matters covered by the audit inquiry letter, the auditor should
c
The auditor should analyze legal and professional fees and determine with the client the attorneys who are responsible
for general counsel.
d
The amount should be based on the auditors preliminary judgment about materiality determined during the general
planning phase of the audit. Usually the amount is a fraction of performance materiality.
e
Some clients prefer to add a statement such as the following to emphasize the retention of attorney-client and attorney
work product privileges:
We do not intend either this request or your response to our auditor to constitute a waiver of the
attorney-client privilege or the attorney work product privilege.
f
Ordinarily the information would include the following: (1) the nature of the litigation, (2) the progress of the case to date,
(3) how management is responding or intends to respond to the litigation (for example, to contest the case vigorously or
to seek an out-of-court settlement), and (4) an evaluation of the likelihood of an unfavorable outcome and an estimate, if
one can be made, of the amount or range of potential loss.
g
Some auditors prefer to inquire about matters for which the attorney has been engaged but has not devoted substantive
attention. The authors believe that this information is valuable if the attorney will respond. Attorneys willingness to
respond depends on the system they use to identify services provided to clients. The American Bar Associations
Statement of Policy Regarding Lawyers Responses to Auditors Requests for Information (AU-C 501, Exhibit A) states that
an attorneys response can be properly limited to matters to which they have given substantive attention. Therefore, it is
not a scope limitation when attorneys limit their response in this fashion.
h
Ordinarily managements information would include the following: (1) the nature of the matter, (2) how management
intends to respond if the claim is asserted, and (3) an evaluation of the likelihood of an unfavorable outcome and an
estimate, if one can be made, of the amount or range of potential loss.
i
The inquiry letter may state the clients representation about unasserted claims and assessments; however, it is
inappropriate under the ABAs Statement of Policy Regarding Lawyers Responses to Auditors Requests for Information
for lawyers to furnish an auditor with information on unasserted claims (other than those specified by the client in the
letter) because of concern about preserving the attorney-client privilege. In addition, lawyers will not confirm the
completeness of information furnished by management. However, the lawyer is requested, in the preceding paragraph of
the letter, to confirm his or her professional responsibility to advise and consult with the client on the required disclosure
of unasserted possible claims and assessments. Presumably, the lawyer would recognize a professional responsibility to
resign if management fails to disclose to the auditor a matter the lawyer believes will give rise to a material claim if
asserted.
j
If a more detailed request is desired, auditors may choose to add clarification such as the following:
Please identify the nature and reasons for any limitations on your response, including but not limited to the
following situations:
1. Where you have limited the basis of your opinion(s) to facts obtained from an incomplete review.
2. Where you have limited your response to information obtained while serving as legal counsel and have
excluded other information obtained in the course of performing other services for the company (such as officer
or director).
3. Where you have limited your response to maintain a client confidence or secret.
k
It is preferable that the effective date of the lawyers response be as close as feasible to the date of the auditors report,
ordinarily no earlier than two weeks prior to that date. In cases where the lawyers letter is dated substantially in advance
of the audit report date, the auditor needs to obtain an updated response. This update can be written or oral, including
by email. The letter at ASB-CL-2.3 can be used to request a written update from the attorney. Oral responses should be
documented.
l
This item is optional.
ASB-CL-2.3: Updating Request for Legal Representation
a
[Date]
In connection with the audit of our financial statements at [Date] and for the [Period] then ended, please provide our
auditors, [Name and Address] , with an update to your response dated [Date of Previous Response] for the period from
[Date of Previous Response] through the date of this letter for information that would require adjustment to your response.
Very truly yours,
[Clients Name]
Note:
a
If the attorneys response is dated too long before the date of the auditors report, the auditor needs to consider getting
an updated response. Depending upon the circumstances, the update may be oral or written, including by email. This
letter can be used to request a written update. Paragraph 1803.19 discusses dating of the lawyers response and
considerations for determining whether an updated response needs to be obtained.
ASB-CL-3: Management Representations
ASB-CL-3.1: Management Representation Letter
a, b, c, d, e
[Date]
f
[CPA Firms Name and Address]
This representation letter is provided in connection with your audit of the financial statements of [Name of Client] , which
comprise the balance sheet(s) as of [Date(s)] , and the related statement(s) of income, retained earnings, and cash flows for
the [Period(s)]
g
then ended, and the related notes to the financial statements, for the purpose of expressing an opinion as to
whether the financial statements are presented fairly, in all material respects, in accordance with accounting principles
generally accepted in the United States (U.S. GAAP).
h
Certain representations in this letter are described as being limited to matters that are material. Items are considered material,
regardless of size, if they involve an omission or misstatement of accounting information that, in light of surrounding
circumstances, makes it probable that the judgment of a reasonable person relying on the information would be changed or
influenced by the omission or misstatement. An omission or misstatement that is monetarily small in amount could be
considered material as a result of qualitative factors.
i, j
We confirm, to the best of our knowledge and belief, as of [Date of Auditors Report] ,
f
the following representations made to
you during your audit.
k
We have fulfilled our responsibilities, as set out in the terms of the audit engagement letter dated [Date of Engagement
Letter] .
The financial statements referred to above are fairly presented in conformity with U.S. generally accepted accounting
principles.
h
We acknowledge our responsibility for the design, implementation, and maintenance of internal control relevant to the
preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or
error.
We acknowledge our responsibility for the design, implementation, and maintenance of internal control to prevent and
detect fraud.
Significant assumptions we used in making accounting estimates, including those measured at fair value, are
reasonable.
l
Related party relationships and transactions have been appropriately accounted for and disclosed in accordance with
the requirements of U.S. GAAP.
h
All events subsequent to the date of the financial statements and for which U.S. GAAP requires adjustment or disclosure
have been adjusted or disclosed.
f, h, m
The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the financial
statements as a whole. A list of the uncorrected misstatements is attached to the representation letter.
n, o
The effects of all known actual or possible litigation, claims, and assessments have been accounted for and disclosed in
h, p
Material concentrations have been properly disclosed in accordance with U.S. GAAP.
Guarantees, whether written or oral, under which the company is contingently liable, have been properly recorded or
Information Provided
q
We have provided you with:
Access to all information, of which we are aware, that is relevant to the preparation and fair presentation of the
financial statements, such as records, documentation, and other matters.
r
Additional information that you have requested from us for the purpose of the audit.
Unrestricted access to persons within the entity from whom you determined it necessary to obtain audit evidence.
All material transactions have been recorded in the accounting records and are reflected in the financial statements.
s, t
We have disclosed to you the results of our assessment of the risk that the financial statements may be materially
misstated as a result of fraud.
We have no knowledge of any fraud or suspected fraud that affects the entity and involves:
s
Management,
Employees who have significant roles in internal control, or
Others where the fraud could have a material effect on the financial statements.
We have no knowledge of any allegations of fraud or suspected fraud affecting the entitys financial statements
communicated by employees, former employees, analysts, regulators, or others.
s
We have disclosed to you all known instances of noncompliance or suspected noncompliance with laws and regulations
whose effects should be considered when preparing financial statements.
s
We have disclosed to you all known actual or possible litigation, claims, and assessments whose effects should be
considered when preparing the financial statements.
p
We have disclosed to you the identity of the entitys related parties and all the related party relationships and transactions
of which we are aware.
The company has satisfactory title to all owned assets, and there are no liens or encumbrances on such assets nor has
any asset been pledged as collateral.
We acknowledge our responsibility for presenting the [Identify supplementary information.] in accordance with U.S.
GAAP, and we believe the [Identify supplementary information.] , including its form and content, is fairly presented in
accordance with U.S. GAAP. The methods of measurement and presentation of the [Identify supplementary
information.] have not changed from those used in the prior period, and we have disclosed to you any significant
assumptions or interpretations underlying the measurement and presentation of the supplementary information.
u
Signature:
v
Title:
a
This letter reflects the implementation of the clarified auditing standards, which are effective for audits of periods ending
on or after December 15, 2012. AU-C 580, Written Representations, revises the wording of several required
representations and reorganizes certain items in the illustrative representation letter. However, the substance of the letter
and the required representations have not changed from pre-clarified standards. Therefore, this letter may be used both
before and after the effective date of the clarified standards. However, it should be used for audits of periods ending on
or after December 15, 2012. For audits of periods ending before December 15, 2012, if you prefer to use the
management representation letter without consideration of the clarified standards, see ASB-CL-3.5.
b
If the client does not understand certain paragraphs in this letter, it may be advisable to use alternative wording as
discussed in Exhibit 18-6. When management refuses to provide this letter, or when the auditor has concluded that
sufficient doubt exists about managements integrity such that the representations are not reliable, the auditor should
disclaim an opinion on the financial statements or withdraw from the engagement. (See section 1804.)
c
The following are common representations that may need to be added to the letter to appropriately tailor it for individual
client circumstances (list is not all-inclusive):
Receivables recorded in the financial statements represent valid claims against debtors for sales or other charges
arising on or before the balance sheet date and have been reduced to their estimated net realizable value.
Arrangements with financial institutions involving compensating balances or other arrangements involving
restrictions on cash balances, lines of credit, or similar arrangements have been properly disclosed.
Loans to executive officers have been properly accounted for and disclosed.
Agreements to repurchase assets previously sold have been properly disclosed.
Capital stock repurchase options or agreements or capital stock reserved for options, warrants, conversions, or
other requirements have been properly disclosed.
Note [X] to the financial statements discloses all of the matters of which we are aware that are relevant to the
companys ability to continue as a going concern, including significant conditions and events, and managements
plans.
We have reviewed long-lived assets and certain identifiable intangibles to be held and used for impairment whenever
events or changes in circumstances have indicated that the carrying amount of assets might not be recoverable and
have appropriately recorded the adjustment.
Provision has been made to reduce excess or obsolete inventories to their estimated net realizable value.
Provisions have been made for losses to be sustained in the fulfillment of, or from inability to fulfill, any sales
commitments.
Provisions have been made for losses to be sustained as a result of purchase commitments for inventory quantities
in excess of the normal requirements or at prices in excess of the prevailing market prices.
We have fully disclosed to you all sales terms, including all rights of return or price adjustments and all warranty
provisions.
The Internal Revenue Service has examined the Companys Federal income tax returns through [Year] . However,
the Companys Federal income tax returns for [List open years.] are subject to examination by the IRS, generally
for three years after they were filed. The Company recognizes tax benefits only to the extent that the Company
believes it is more likely than not that its tax positions will be sustained upon IRS examination. Accordingly, the
provision for unpaid federal income taxes (liability for unrecognized tax benefits) in the balance sheet reflects all tax
positions that the Company believes do not have greater than a 50% chance of realization after examination.
d
It is not uncommon for auditors to determine that they need to obtain more than just the written representations required
by AU-C 580 (and other authoritative literature) as support for other audit evidence relevant to the financial statements or
specific assertions in the financial statements. For example, additional representations might relate to items such as the
following (Exhibit B of AU-C 580 includes examples of wording for some of the listed representations):
Prepaids, Deferred Charges, Intangibles, and Other Assets
Impairment of goodwill and other intangible assets not subject to amortization.
Material deferred charges.
Securities classification under FASB ASC 320 reflecting managements ability and intent to hold investments.
Management considers the decline in value of debt or equity securities to be temporary.
Existence and completeness of derivatives and appropriate characteristics of hedges.
Unusual considerations involved in determining the application of the equity method of accounting.
Special purpose or variable interest entities.
Income Taxes
Aggressive tax elections or uncertain tax positions.
Assumptions made when determining deferred taxes under FASB ASC 740 (for example, tax-planning strategies
utilized or responsibility for estimates used to determine whether a deferred tax asset valuation allowance is
necessary).
IRS examinations or other matters.
Management intends to reinvest undistributed earnings of a foreign subsidiary.
Contributions to employee benefit plans or bonuses not documented in the minutes.
Pension payments made after the clients year end.
Actuarial assumptions used to measure pension liabilities and costs are appropriate.
Expected employer contributions to defined benefit pension and postretirement benefit plans for the next fiscal year,
if material to the financial statements.
Management has the intent and ability to refinance short-term debt on a long-term basis.
General
Acknowledgement of oral communications made by the auditor.
Transactions for which there is no written supporting documentation.
Representations needed for a specialized industry.
Actions allowed by regulatory agencies that are not documented in writing or by legal references.
GAAP changes/adoption.
Use of a specialist.
Restatement made to correct a material misstatement in a prior period that affects the comparative financial
statements.
Financial instruments with concentration of credit risk.
Future plans or commitments.
Lawsuits, regulatory actions, etc.
Environmental remediation liabilities and related loss contingencies.
Other representations relied on during the audit. (It may be helpful to maintain in the workpapers a list of client
representations relied on during the audit.)
e
If the auditor is providing nonattest services as part of the audit (for example, consulting services, tax return preparation,
or bookkeeping), the provisions of Ethics Interpretation 101-3, Performance of Nonattest Services, should be followed for
the auditor to maintain his or her independence. The Interpretation requires the client to perform certain functions in
connection with the nonattest services. Although not required by ET Interpretation 101-3, the auditor might consider
adding the following additional representations to the management representation letter:
In regards to the [State the nonattest services provided.] services performed by you, we have
1. Made all management decisions and performed all management functions.
2. Designated an individual with suitable skill, knowledge, or experience to oversee the services.
3. Evaluated the adequacy and results of the services performed.
4. Accepted responsibility for the results of the services.
f
The date of this letter, the date of the auditors report, and the date disclosed in the financial statements through which
management evaluated subsequent events should be the same to provide adequate documentation of managements
acceptance of responsibility for the financial statements. The auditor cannot date the report before obtaining sufficient
evidence, which includes (1) evidence provided by the management representation letter that management has taken
responsibility for the financial statements, including evaluating subsequent events, (2) and evidence that subsequent
events have been reviewed through the report date. See the discussions beginning at paragraphs 1804.22, 1805.1, and
1813.11 for considerations of dating and physical receipt of the letter.
g
According to AU-C 580, Written Representations, representation letters should include all periods covered by the
auditors report.
h
This Guide assumes U.S. GAAP as the financial reporting framework. If the financial statements are prepared in
conformity with an OCBOA, modify this paragraph to refer to the OCBOA used (for example, modified cash basis of
accounting or income tax basis of accounting) and tailor the specific representations to the nature and basis of
presentation of the financial statements being audited. Specific additional representations also may apply to financial
statements prepared in conformity with an OCBOA. See PPCs Guide to Cash, Tax, and Other Bases of Accounting for
illustrative language.
i
This paragraph is optional. As discussed in paragraph 1804.19, AU-C 580 gives auditors the option of including an
explicit discussion of materiality in the management representation letter. Such a discussion may address materiality in
either qualitative or quantitative terms. This paragraph provides a discussion of materiality in qualitative terms. Some
auditors prefer to supplement the qualitative discussion of materiality with a quantitative amount. (See practical
consideration j.) As discussed in section 1812, the quantitative amount should be set so that any misstatements below
that amount are immaterial to the financial statements, both individually and in the aggregate, after considering the risk of
further misstatement and the potential influence of qualitative factors. However, the authors discourage using a purely
quantitative discussion of materiality because it is inappropriate to rely solely on quantitative considerations when
determining materiality. Note that materiality considerations do not apply to representations that are not directly related
to amounts included in the financial statements.
j
AU-C 580.A22 indicates that managements representations may be limited to matters considered individually or
collectively material to the financial statements, provided management and the auditor have reached an understanding
on materiality for this purpose. If such an understanding has been reached and the entity prefers to include the amount
in the representation letter, the last sentence may be replaced with the following:
Except where otherwise stated below, immaterial matters less than [Insert $ amount.] collectively are not
considered to be exceptions that require disclosure for the purpose of the following representations. This
amount is not necessarily indicative of amounts that would require adjustment to or disclosure in the financial
statements.
k
The auditor may, if considered necessary, list other appropriate representations related to the financial statements in this
section.
l
According to AU-C 540.A126, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related
Disclosures, audit evidence can include obtaining representations from management about whether it believes that the
significant assumptions used in making accounting estimates are reasonable. Additionally, according to AU-C 580.A13,
such written representations might address the following:
The appropriateness and consistency of the measurement processes used by management in determining
That the assumptions appropriately reflect managements intent and ability to carry out specific courses of action.
That the disclosures related to accounting estimates are complete and appropriate.
That no subsequent event has occurred that would require adjustment to the accounting estimates or disclosures
included in the financial statements.
m
If a subsequent event has been disclosed in the financial statements, this item may begin, Except as disclosed in Note
[X] to the financial statements, all events. . . .
n
AU-C 580.14 requires an acknowledgment in the representation letter that management has considered whether the
effects of uncorrected misstatements are immaterial to the financial statements. The authoritative literature also requires
that a summary of the uncorrected misstatements be included in or attached to the representation letter. The Summary
of Audit Differences at ASB-CL-3.3 is a schedule auditors can attach to the management representation letter. Section
1804 discusses the communication of audit adjustments in more detail and provides an illustration of the Summary of
Audit Differences. Instead of using the Summary of Audit Differences at ASB-CL-3.3, auditors might attach a copy of
ASB-CX-12.2, Audit Difference Evaluation Form, to the representation letter. AU-C 580 does not provide specific
guidance for the auditor when there are no uncorrected misstatements. In that situation (that is, when either no
misstatements are noted in the audit or all noted misstatements are corrected), the authors believe that no representation
about uncorrected misstatements is necessary in the management representation letter. Accordingly, this sentence can
be omitted.
In addition to the representations related to uncorrected audit adjustments, some auditors believe it is desirable to obtain
managements acknowledgment of responsibility for audit adjustments booked by the client. If there are no uncorrected
audit adjustments (that is, if all misstatements noted in the audit are booked), management might state: We are in
agreement with the adjusting journal entries you have proposed, and they have been posted to the companys
accounts. In this case, no representation about uncorrected misstatements is necessary. If there are uncorrected audit
adjustments, management might state: The effects of uncorrected misstatements are immaterial, both individually and
in the aggregate, to the financial statements as a whole. A list of the uncorrected misstatements is attached to the
representation letter. In addition, you have proposed adjusting journal entries that have been posted to the companys
accounts. We are in agreement with those adjustments.
o
Management might disagree with certain items presented in the summary of audit differences included in or attached to
the representation letter. If management believes that certain items presented are not misstatements, the following
sentence can be added to the representation about uncorrected misstatements to acknowledge that belief:
We do not agree that [Describe items.] constitute misstatements because [Describe reasons.] .
p
If management has not consulted a lawyer related to any litigation, claims, or assessments, see paragraph 1803.9 and
revise this representation as follows:
assessments that are required to be accrued or disclosed in the financial statements in accordance with U.S.
q
The auditor may, if considered necessary, list other appropriate representations related to information provided by
management in this section.
r
Among other things, relevant information may include such matters as
Completeness and availability of all minutes of the meetings of stockholders, directors, and committees of directors,
or summaries of actions of recent meetings for which minutes were not yet prepared.
Communications from regulatory agencies concerning noncompliance with, or deficiencies in, financial reporting
practices.
s
The wording of this representation may need to change, when necessary, to say Except as made known to you. . .
t
The auditor may ask certain questions to obtain an understanding of an entitys environmental remediation liabilities or
potential liabilities. After the auditor obtains this understanding, the representation letter may be modified. For example, if
the entity has accrued a liability for losses at a site, the following might be added:
Provision has been made for any material loss that is probable from environmental remediation liabilities
associated with the [Name of Site] . We believe that this estimate is reasonable based on available
information and that it has been adequately described in the entitys financial statements.
u
report on supplementary information, AU-C 725 requires you to obtain written representations from management. If the
supplementary information is prepared in conformity with criteria other than U.S. GAAP, replace the references to U.S.
GAAP with the criteria used for preparation of the information. If there is no supplementary information, or you have not
been engaged to report on the information, delete this item. If you have been engaged to report on supplementary
information but it will not accompany the audited financial statements, add the following sentence to the representation:
If the [Identify supplementary information] is not presented with the audited financial statements, we will
make the audited financial statements readily available to the intended users of the supplementary information
no later than the date we issue the supplementary information and the auditors report thereon.
v
The representation letter should be signed by members of management that have responsibility for the financial
statements and knowledge of the matters concerned. This normally includes the chief executive officer and chief
financial officer. (Paragraph 1804.21 discusses the auditors considerations when management changes during or after
one of the periods being audited.) For small businesses, the representation letter is generally signed by the current
owner/manager. If the small business has a controller or chief financial officer, the auditor might consider having that
person sign the letter also.
ASB-CL-3.2: Management Representation Letter When the Current Year Financial Statements
Have Been Audited and the Prior Year Financial Statements Have Been Reviewed
a, b, c, d, e
[Date]
f
This representation letter is provided in connection with your audit of the financial statements of [Name of Client] , which
comprise the balance sheet as of [Date] , and the related statement of income, retained earnings, and cash flows for the
[Period]
g
then ended, and the related notes to the financial statements, for the purpose of expressing an opinion as to
whether the financial statements are presented fairly, in all material respects, in accordance with accounting principles
generally accepted in the United States (U.S. GAAP).
h
We also are providing this letter in connection with your review of the
balance sheet of [Name of Client] as of [Date] and the related statements of income, retained earnings, and cash flows for
the [Period]
g
then ended for the purpose of expressing limited assurance that there are no material modifications that
should be made to the statements in order for them to be in conformity with U.S. GAAP.
Certain representations in this letter are described as being limited to matters that are material. Items are considered material,
regardless of size, if they involve an omission or misstatement of accounting information that, in light of surrounding
circumstances, makes it probable that the judgment of a reasonable person relying on the information would be changed or
influenced by the omission or misstatement. An omission or misstatement that is monetarily small in amount could be
considered material as a result of qualitative factors.
i, j
f
you during your engagements.
k
We have fulfilled our responsibilities, as set out in the terms of the audit engagement letter dated [Date of Engagement
Letter] .
The financial statements referred to above are fairly presented in conformity with U.S. generally accepted accounting
principles.
h
We acknowledge our responsibility for the design, implementation, and maintenance of internal control relevant to the
preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or
error.
We acknowledge our responsibility for the design, implementation, and maintenance of internal control to prevent and
detect fraud.
Significant assumptions we used in making accounting estimates, including those measured at fair value, are
reasonable.
l
Related party relationships and transactions have been appropriately accounted for and disclosed in accordance with
the requirements of U.S. GAAP.
h
All events subsequent to the date of the financial statements and for which U.S. GAAP requires adjustment or disclosure
have been adjusted or disclosed.
f, h, m
The effects of all known actual or possible litigation, claims, and assessments have been accounted for and disclosed in
h, n
Material concentrations have been properly disclosed in accordance with U.S. GAAP.
Guarantees, whether written or oral, under which the company is contingently liable, have been properly recorded or
Information Provided
o
We have provided you with:
Access to all information, of which we are aware, that is relevant to the preparation and fair presentation of the
financial statements such as records, documentation, and other matters.
p
Additional information that you have requested from us for the purpose of the audit.
Unrestricted access to persons within the entity from whom you determined it necessary to obtain audit evidence.
All material transactions have been recorded in the accounting records and are reflected in the financial statements.
q, r
We have no knowledge of any fraud or suspected fraud that affects the entity and involves:
q
Management,
Employees who have significant roles in internal control, or
Others where the fraud could have a material effect on the financial statements.
We have no knowledge of any allegations of fraud or suspected fraud affecting the entitys financial statements
communicated by employees, former employees, analysts, regulators, or others.
q
We have disclosed to you all known instances of noncompliance or suspected noncompliance with laws and regulations
whose effects should be considered when preparing financial statements.
q
We have disclosed to you all known actual or possible litigation, claims, and assessments whose effects should be
considered when preparing the financial statements.
n
We have disclosed to you the identity of the entitys related parties and all the related party relationships and transactions
of which we are aware.
The company has satisfactory title to all owned assets, and there are no liens or encumbrances on such assets, nor has
We acknowledge our responsibility for presenting the [Identify supplementary information.] in accordance with U.S.
GAAP, and we believe the [Identify supplementary information.] , including its form and content, is fairly presented in
accordance with U.S. GAAP. The methods of measurement and presentation of the [Identify supplementary
information.] have not changed from those used in the prior period, and we have disclosed to you any significant
assumptions or interpretations underlying the measurement and presentation of the supplementary information.
s
In connection with your audit of the [Year] financial statements, the effects of uncorrected misstatements are immaterial,
both individually and in the aggregate, to the financial statements as a whole. A list of the uncorrected misstatements is
attached to the representation letter.
t, u
Additionally, we have disclosed to you the results of our assessment of the risk
that the financial statements may be materially misstated as a result of fraud.
In connection with your review of the [Year] financial statements, we also confirm that we have responded fully and
truthfully to all inquiries made to us by you during your review.
Signature:
v
Title:
a
This letter reflects the implementation of the clarified auditing standards, which are effective for audits of periods ending
on or after December 15, 2012. AU-C 580, Written Representations, revises the wording of several required
representations and reorganizes certain items in the illustrative representation letter. However, the substance of the letter
and the required representations have not changed from pre-clarified standards. Therefore, this letter may be used both
before and after the effective date of the clarified standards. However, it should be used for audits of periods ending on
or after December 15, 2012.
b
With respect to the audited financial statements, when management refuses to provide this letter. or when the auditor has
concluded that sufficient doubt exists about managements integrity such that the representations are not reliable, the
auditor should disclaim an opinion on the financial statements or withdraw from the engagement. (See section 1804.)
Managements refusal to furnish a representation letter in connection with the review engagement would preclude the
accountant from rendering a review report.
c
Loans to executive officers have been properly accounted for and disclosed.
plans.
commitments.
provisions.
d
It is not uncommon for auditors to determine that they need to obtain more than just the written representations required
by AU-C 580 (and other authoritative literature) as support for other audit evidence relevant to the financial statements or
specific assertions in the financial statements. For example, additional representations might relate to items such as the
following (Exhibit B of AU-C 580 and Exhibit B of AR 90 include examples of wording for some of the listed
representations):
Income Taxes
necessary).
General
Restatement made to correct a material misstatement in a prior period that affects the comparative financial
statements.
representations relied on during the audit. Other representations that might be made in connection with a review
engagement are provided in Appendix 4A of PPCs Guide to Compilation and Review Engagements.)
e
If the auditor is providing nonattest services as part of the audit or the review engagement (for example, consulting
services, tax return preparation, or bookkeeping), the provisions of Ethics Interpretation 101-3, Performance of Nonattest
Services, should be followed for the auditor to maintain his or her independence. The Interpretation requires the client to
perform certain functions in connection with the nonattest services. Although not required by ET Interpretation 101-3, the
auditor might consider adding the following additional representations to the management representation letter:
f
management evaluated subsequent events should be the same to provide adequate documentation of managements
acceptance of responsibility for the financial statements. The auditor cannot date the report before obtaining sufficient
evidence, which includes (1) evidence provided by the management representation letter that management has taken
responsibility for the financial statements, including evaluating subsequent events, and (2) evidence that subsequent
events have been reviewed through the report date. See the discussions beginning at paragraphs 1804.22, 1805.1, and
1813.11 for considerations of dating and physical receipt of the letter.
g
According to AU-C 580, Written Representations, and SSARS No. 19 (AR 90.22), representation letters should include all
periods being reported on.
h
This Guide assumes U.S. GAAP as the financial reporting framework. If the financial statements are prepared in
conformity with an OCBOA, modify this paragraph to refer to the OCBOA used (for example, modified cash basis of
accounting or income tax basis of accounting) and tailor the specific representations to the nature and basis of
presentation of the financial statements being audited. Specific additional representations also may apply to financial
statements prepared in conformity with an OCBOA. See PPCs Guide to Cash, Tax, and Other Bases of Accounting for
illustrative language.
i
This paragraph is optional. As discussed in paragraph 1804.19, AU-C 580 gives auditors the option of including an
explicit discussion of materiality in the management representation letter. Such a discussion may address materiality in
either qualitative or quantitative terms. This paragraph provides a discussion of materiality in qualitative terms. Some
auditors prefer to supplement the qualitative discussion of materiality with a quantitative amount. (See practical
consideration j.) As discussed in section 1812, the quantitative amount should be set so that any misstatements below
that amount are immaterial to the financial statements, both individually and in the aggregate, after considering the risk of
further misstatement and the potential influence of qualitative factors. However, the authors discourage using a purely
quantitative discussion of materiality because it is inappropriate to rely solely on quantitative considerations when
determining materiality. Note that materiality considerations do not apply to representations that are not directly related
to amounts included in the financial statements.
j
AU-C 580.A22 indicates that managements representations may be limited to matters considered individually or
collectively material to the financial statements, provided management and the auditor have reached an understanding
on materiality for this purpose. If such an understanding has been reached and the entity prefers to include the amount
in the representation letter, the last sentence may be replaced with the following:
Except where otherwise stated below, immaterial matters less than [Insert $ amount.] collectively are not
considered to be exceptions that require disclosure for the purpose of the following representations. This
amount is not necessarily indicative of amounts that would require adjustment to or disclosure in the financial
statements.
k
The auditor may, if considered necessary, list other appropriate representations related to the financial statements in this
section.
l
According to AU-C 540.A126, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related
Disclosures, audit evidence can include obtaining representations from management about whether it believes that the
significant assumptions used in making accounting estimates are reasonable. Additionally, according to AU-C 580.A13,
such written representations might address the following:
The appropriateness and consistency of the measurement processes used by management in determining
That the assumptions appropriately reflect managements intent and ability to carry out specific courses of action.
That the disclosures related to accounting estimates are complete and appropriate.
That no subsequent event has occurred that would require adjustment to the accounting estimates or disclosures
included in the financial statements.
m
[X] to the financial statements, all events. . . .
n
If management has not consulted a lawyer related to any litigation, claims, or assessments, the auditor should see
paragraph 1803.9 and revise this representation as follows:
assessments that are required to be accrued or disclosed in the financial statements in accordance with U.S.
o
The auditor may, if considered necessary, list other appropriate representations related to information provided by
management in this section.
p
Among other things, relevant information may include such matters as
Completeness and availability of all minutes of the meetings of stockholders, directors, and committees of directors,
or summaries of actions of recent meetings for which minutes were not yet prepared.
Communications from regulatory agencies concerning noncompliance with, or deficiencies in, financial reporting
practices.
q
The wording of this representation may need to change, when necessary, to say Except as made known to you . . .
r
s
report on supplementary information, AU-C 725 requires you to obtain written representations from management. If the
supplementary information is prepared in conformity with criteria other than U.S. GAAP, replace the references to U.S.
GAAP with the criteria used for preparation of the information. If there is no supplementary information, or you have not
been engaged to report on the information, delete this item. If you have been engaged to report on supplementary
information but it will not accompany the audited financial statements, add the following sentence to the representation:
If the [Identify supplementary information] is not presented with the audited financial statements, we will
t
In connection with the audited financial statements, AU-C 580.14 requires an acknowledgment in the representation letter
that management has considered whether the effects of uncorrected misstatements are immaterial to the financial
statements. The authoritative literature also requires that a summary of the uncorrected misstatements be included in or
attached to the representation letter. The Summary of Audit Differences at ASB-CL-3.3 is a schedule auditors can
attach to the management representation letter. Section 1804 discusses the communication of audit adjustments in more
detail and provides an illustration of the Summary of Audit Differences. Instead of using the Summary of Audit
Differences at ASB-CL-3.3, auditors might attach a copy of ASB-CX-12.2, Audit Difference Evaluation Form, to the
representation letter. AU-C 580does not provide specific guidance for the auditor when there are no uncorrected
misstatements. In that situation (that is, when either no misstatements are noted in the audit or all noted misstatements
are corrected), the authors believe that no representation about uncorrected misstatements is necessary in the
management representation letter. Accordingly, this sentence can be omitted.
accounts. In this case, no representation about uncorrected misstatements is necessary. If there are uncorrected audit
adjustments, management might state: The effects of uncorrected misstatements are immaterial, both individually and
in the aggregate, to the financial statements as a whole. A list of the uncorrected misstatements is attached to the
representation letter. In addition, you have proposed adjusting journal entries that have been posted to the companys
u
v
The representation letter should be signed by members of management that have responsibility for the financial
statements and knowledge of the matters concerned. This normally includes the chief executive officer and chief
financial officer. (Paragraph 1804.21 discusses the auditors considerations when management changes during or after
one of the periods being audited.) For small businesses, the representation letter is generally signed by the current
owner/manager. If the small business has a controller or chief financial officer, the auditor might consider having that
ASB-CL-3.3: Summary of Audit Differences
a, b
[Name of Client]
Year Ended [Date]
Income statement misstatements:
c
Current Year
Over (Under)
Statement
$

Pretax effect
Tax effect ( % effective tax rate)
Cumulative effect (before effect of prior year differences) $
Effect of unadjusted audit differencesprior year (net of tax):
d

Cumulative effect (after effect of prior year differences)
d $
Reclassification adjustments:
$

Balance sheet misstatements (including reclassifications):
e
Current assets $
Total assets
Current liabilities
Total liabilities
Stockholders equity:
Beginning
Ending
a
This schedule can be attached to the management representation letter to comply with the requirement of AU-C 580,
Written Representations, to include an acknowledgment in the representation letter that management has considered the
financial statement misstatements aggregated by the auditor during the current engagement and pertaining to the latest
period presented, and has concluded that any uncorrected misstatements are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. AU-C 580 also requires that a summary of the uncorrected
misstatements be included in or attached to the representation letter. Section 1804 discusses the communication of
audit adjustments in more detail and provides an illustration of the summary of audit differences.
b
As discussed in paragraph 1804.11, other approaches for complying with the requirements of AU-C 580 also are
acceptable. Other acceptable approaches might include (1) attaching a copy of ASB-CX-12.2 to the management
representation letter, (2) summarizing the uncorrected misstatements within the body of managements representation
about uncorrected misstatements, or (3) other approaches the auditor believes are sufficient to communicate the
uncorrected misstatements. Completion of ASB-CX-12.2 is illustrated in section 1812.
c
Income statement adjustments might be presented net of their related tax effects, rather than presenting the aggregate
tax effects as a separate line item. Alternatively, only pretax amounts may be presented. Auditors also might consider
presenting the percentage effect on net income of cumulative income statement adjustments.
d
Auditors may find it beneficial to review the guidance beginning in paragraph 1812.34 before concluding whether to
reflect the effect of the prior year unadjusted audit differences in evaluating audit differences in the current audit.
Evaluating audit differences is discussed beginning at paragraph 1812.13.
e
The effect of uncorrected misstatements on assets and liabilities may be presented on a pretax basis and the effect of
uncorrected misstatements on equity may be presented on an after-tax basis, as illustrated in Exhibit 18-5. Alternatively,
only pretax amounts may be presented. Auditors also might consider presenting the percentage effect of the
uncorrected misstatements on assets, liabilities, and equity.
ASB-CL-3.4: Updating Management Representation Letter
a
[Date]
In connection with your audit(s) of the financial statements of [Name of Client] , which comprise the balance sheet(s) as of
[Date(s)] , and the related statement(s) of income, retained earnings, and cash flows for the [Period(s)] then ended, and the
related notes to the financial statements, for the purpose of expressing an opinion as to whether the financial statements are
presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States,
you were previously provided with a representation letter dated [Date of Previous Representation Letter] . No information has
come to our attention that would cause us to believe that any of those previous representations should be modified.
No events have occurred subsequent to [Date of Balance Sheet] and through the date of this letter that would require
adjustment to or disclosure in the financial statements.
b
Signature:
Title:
a
AU-C 560 requires predecessor auditors to obtain updating representation letters when they are asked by a former client
to reissue (or consent to the reuse of) their report on the financial statements of a prior period and those financial
statements are to be presented on a comparative basis with a subsequent period. This letter may be used for that
purpose. ASB-CL-13.6 may be used to obtain representation from the successor auditor.
b
The wording of the representation should be changed based on the circumstances. For example, if a subsequent event
has been disclosed in the financial statements, the wording could be modified as follows: Except as discussed in Note
[X] to the financial statements, no events have occurred . . . .
ASB-CL-3.5: Management Representation Letterfor Audits of Periods Ending before December
15, 2012
a, b, c, d, e
[Date]
f
We are providing this letter in connection with your audit of the balance sheet(s) of [Name of Client] as of [Dates] , and the
related statements of income, retained earnings, and cash flows for the [Periods]
g
then ended for the purpose of expressing
an opinion as to whether the financial statements present fairly, in all material respects, the financial position, results of
operations, and cash flows of [Name of Client] in conformity with U.S. generally accepted accounting principles.
h
We
confirm that we are responsible for the fair presentation in the financial statements of financial position, results of operations,
and cash flows in conformity with generally accepted accounting principles.
h
We are also responsible for adopting sound
accounting policies, establishing and maintaining internal control, and preventing and detecting fraud.
Certain representations in this letter are described as being limited to matters that are material. Items are considered material
if they involve an omission or misstatement of accounting information that, in light of surrounding circumstances, makes it
probable that the judgment of a reasonable person relying on the information would be changed or influenced by the
omission or misstatement. An omission or misstatement that is monetarily small in amount could be considered material as a
result of qualitative factors.
i
f
you during your audit.
1. The financial statements referred to above are fairly presented in conformity with U.S. generally accepted accounting
principles.
h
2. We have made available to you all
a. Financial records and related data.
b. Minutes of the meetings of stockholders, directors, and committees of directors, or summaries of actions of recent
meetings for which minutes have not yet been prepared.
j
3. There have been no communications from regulatory agencies concerning noncompliance with, or deficiencies in,
financial reporting practices.
k
4. There are no material transactions that have not been properly recorded in the accounting records underlying the
k, l
5. We believe that the effects of the uncorrected financial statement misstatements summarized in the attached schedule
are immaterial, both individually and in the aggregate, to the financial statements taken as a whole.
m, n
6. We acknowledge our responsibility for the design and implementation of programs and controls to prevent and detect
fraud.
7. We have no knowledge of any fraud or suspected fraud affecting the company involving:
k
a. Management,
b. Employees who have significant roles in internal control, or
c. Others where the fraud could have a material effect on the financial statements.
8. We have no knowledge of any allegations of fraud or suspected fraud affecting the company received in
communications from employees, former employees, regulators, or others.
k
9. The company has no plans or intentions that may materially affect the carrying value or classification of assets and
liabilities.
10. The following have been properly recorded or disclosed in the financial statements:
a. Related party transactions and related accounts receivable or payable, including sales, purchases, loans, transfers,
leasing arrangements, and guarantees.
b. Guarantees, whether written or oral, under which the company is contingently liable.
c. Significant estimates and material concentrations known to management that are required to be disclosed in
accordance with FASB Accounting Standards Codification 275, Risks and Uncertainties.
o, p
11. There are no:
k
a. Violations or possible violations of laws or regulations whose effect should be considered for disclosure in the
financial statements or as a basis for recording a loss contingency.
b. Unasserted claims or assessments that our lawyer has advised us are probable of assertion and must be disclosed
in accordance with FASB Accounting Standards Codification 450, Contingencies.
q
c. Other liabilities or gain or loss contingencies that are required to be accrued or disclosed by FASB Accounting
Standards Codification 450, Contingencies.
12. The company has satisfactory title to all owned assets, and there are no liens or encumbrances on such assets, nor has
r
13. We have complied with all aspects of contractual agreements that would have a material effect on the financial
statements in the event of noncompliance.
14. We acknowledge our responsibility for presenting the [Identify supplementary information.] in accordance with U.S.
generally accepted accounting principles, and we believe the [Identify supplementary information.] , including its form
and content, is fairly presented in accordance with U.S. generally accepted accounting principles. The methods of
measurement and presentation of the [Identify supplementary information.] have not changed from those used in the
prior period, and we have disclosed to you any significant assumptions or interpretations underlying the measurement
and presentation of the supplementary information.
s
No events have occurred subsequent to the balance sheet date and through the date of this letter that would require
adjustment to, or disclosure in, the financial statements.
f, t
Signature:
u
Title:
a
This letter does not reflect the implementation of the clarified auditing standards, which are effective for audits of periods
ending on or after December 15, 2012. It should be used only for audits of periods ending before December 15, 2012.
See ASB-CL-3.1 for a letter that reflects implementation of the clarified standards. Since the substance of the
management representation letter and the required representations have not changed from pre-clarified standards, the
letter at ASB-CL-3.1 may be used both before and after the effective date of the clarified auditing standards.
b
If the client does not understand certain paragraphs in this letter, it may be advisable to use alternative wording as
discussed in Exhibit 18-6. Managements refusal to provide this letter constitutes a scope limitation sufficient to preclude
an unqualified opinion.
c
plans.
commitments.
provisions.
d
Although a representation letter by itself is not sufficient evidence, representations made by the client that are unusual or
for which the auditor believes additional evidence is necessary ordinarily should be added. For example, additional
representations might relate to items such as the following [Appendix B of SAS No. 85 (AU 333) includes examples of
wording for some of the listed representations]:
Income Taxes
necessary).
General
representations relied on during the audit.)
e
If the auditor is providing nonattest services as part of the audit (for example, consulting services, tax return preparation,
or bookkeeping), the provisions of Ethics Interpretation 101-3, Performance of Nonattest Services, must be followed for
the auditor to maintain his or her independence. The Interpretation requires the client to perform certain functions in
connection with the nonattest services. Although not required by ET Interpretation 101-3, the auditor might consider
adding the following additional representations to the management representation letter:
f
management evaluated subsequent events ordinarily should be the same to provide adequate documentation of
managements acceptance of responsibility for the financial statements. The auditor cannot date the report before
obtaining sufficient evidence, which includes (1) evidence provided by the management representation letter that
management has taken responsibility for the financial statements, including evaluating subsequent events, (2) and
evidence that subsequent events have been reviewed through the report date. See the discussions beginning at
paragraphs 1804.22, 1805.1, and 1813.11 for considerations of dating and physical receipt of the letter.
g
According to SAS No. 85 (AU 333), Management Representations, representation letters should include all periods
covered by the auditors report.
h
If the financial statements are prepared in conformity with an OCBOA, modify this paragraph to refer to the OCBOA used
(for example, modified cash basis of accounting or income tax basis of accounting) and tailor the specific
representations to the nature and basis of presentation of the financial statements being audited. Specific additional
representations also may apply to financial statements prepared in conformity with an OCBOA. See PPCs Guide to
Cash, Tax, and Other Bases of Accounting for illustrative language.
i
This paragraph is optional. SAS No. 85 (AU 333) gives auditors the option of including an explicit discussion of
materiality in the management representation letter. Such a discussion may address materiality in either qualitative or
quantitative terms. This paragraph provides a discussion of materiality in qualitative terms. Some auditors prefer to
supplement the qualitative discussion of materiality with a quantitative amount. The quantitative amount should be set so
that any misstatements below that amount are immaterial to the financial statements, both individually and in the
aggregate, after considering the risk of further misstatement and the potential influence of qualitative factors. However,
the authors discourage using a purely quantitative discussion of materiality because it is inappropriate to rely solely on
quantitative considerations when determining materiality (that is, qualitative factors also must be considered). Note that
materiality considerations do not apply to representations that are not directly related to amounts included in the financial
statements, such as the representations in items 2, 3, 6, 7(a), 7(b), and 8.
j
A list of the minutes made available (including type of meeting and dates) could be provided here.
k
The wording of this representation should be changed, when necessary, to say Except as made known to you, there are
no . . . or Except as made known to you, we have no knowledge of . . .
l
m
SAS No. 85 (AU 333) requires an acknowledgment in the representation letter that management has considered the
financial statement misstatements aggregated by the auditor and has concluded that any uncorrected misstatements are
not material to the financial statements. The SAS also requires that a summary of the uncorrected misstatements be
included in or attached to the representation letter. The Summary of Audit Differences at ASB-CL-3.3 is a schedule
auditors can attach to the management representation letter. Section 1804 discusses the communication of audit
adjustments in more detail and provides an illustration of the Summary of Audit Differences. Instead of using the
Summary of Audit Differences at ASB-CL-3.3, auditors might attach a copy of ASB-CX-12.2, Audit Difference
Evaluation Form, to the representation letter. SAS No. 85 does not provide specific guidance for the auditor when there
are no uncorrected misstatements. In that situation (that is, when either no misstatements are noted in the audit or all
noted misstatements are corrected), the authors believe that no representation about uncorrected misstatements is
required in the management representation letter. Accordingly, this sentence can be omitted.
accounts. In this case, no representation about uncorrected misstatements is required. If there are uncorrected audit
adjustments, management might state: We believe the effects of the uncorrected financial statement misstatements
summarized in the attached schedule are immaterial, both individually and in the aggregate, to the financial statements
taken as a whole. In addition, you have proposed adjusting journal entries that have been posted to the companys
n
o
Some auditors may add the following language to clarify what is meant by significant estimates and concentrations:
Significant estimates are estimates at the balance sheet date that could change materially within the next year.
Concentrations refer to volumes of business, revenues, available sources of supply, or markets or geographic
areas for which events could occur that would significantly disrupt normal finances within the next year.
p
According to SAS No. 57 (AU 342), footnote 4, auditors may wish to obtain representations from management
concerning key factors and assumptions related to significant estimates. In addition, SAS No. 101 (AU 328) requires
auditors to ordinarily obtain management representations about the reasonableness of significant assumptions used to
determine fair value measurements and disclosures. The following might be added to the letter:
We have identified all accounting estimates that could be material to the financial statements, including the
key factors and significant assumptions underlying those estimates, and we believe the estimates and
assumptions are reasonable in the circumstances.
If fair value measurements and disclosures are significant, auditors might also obtain representations about the
appropriateness and consistency of the valuation method used, the completeness and adequacy of the disclosures, and
whether subsequent events require adjustment to the fair value measurements and disclosures.
q
If management has not consulted a lawyer related to any litigation, claims, or assessments, revise this representation as
follows:
assessments that are required to be accrued or disclosed in the financial statements in accordance with FASB
Accounting Standards Codification 450, Contingencies, and we have not consulted a lawyer concerning
litigation, claims, or assessments.
r
If the company has pledged assets, add except as made known to you (optionaland disclosed in the notes to the
financial statements).
s
report on supplementary information, SAS No. 119 (AU 551.07) requires you to obtain written representations from
management. If the supplementary information is prepared in conformity with criteria other than U.S. GAAP, replace the
references to U.S. GAAP with the criteria used for preparation of the information. If there is no supplementary
information, or you have not been engaged to report on the information, delete this item. If you have been engaged to
report on supplementary information but it will not accompany the audited financial statements, add the following
sentence to the representation:
If the [Identify supplementary information.] is not presented with the audited financial statements, we will
t
[X] to the financial statements, no events. . .
u
The representation letter should be signed by current management, normally including the chief executive officer and
chief financial officer. (Paragraph 1804.21 discusses the auditors considerations when management changes during or
after one of the periods being audited.) For small businesses, the representation letter should be signed by the current
owner/manager. If the small business has a controller or chief financial officer, the auditor should consider having that
ASB-CL-4: Internal Control Communications
ASB-CL-4.1: Communication of Significant Deficiencies
a
To [Identify the body or individual(s) charged with governance.]
b
and [Name of Management]
In planning and performing our audit of the financial statements of [Clients Name] as of and for the year ended [Date] , in
accordance with auditing standards generally accepted in the United States of America, we considered [Clients Name] s
internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the
circumstances for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an
opinion on the effectiveness of the Companys internal control.
c, d
Accordingly, we do not express an opinion on the
effectiveness of the Companys internal control.
Our consideration of internal control was for the limited purpose described in the preceding paragraph and was not designed
to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies, and, therefore,
material weaknesses or significant deficiencies may exist that were not identified.
e
However, as discussed below, we
identified certain deficiencies in internal control that we consider to be significant deficiencies.
A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in
the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.
A material weakness is a deficiency, or a combination of deficiencies in internal control, such that there is a reasonable
possibility that a material misstatement of the entitys financial statements will not be prevented, or detected and corrected, on
a timely basis. We did not identify any deficiencies in internal control that we consider to be material weaknesses.
f, g
A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material
weakness, yet important enough to merit attention by those charged with governance. We consider the following deficiencies
in [Clients Name] s internal control to be significant deficiencies:
g
[Describe the significant deficiencies that were identified during the audit, including an explanation of their potential effects.]
h, i, j, k
This communication is intended solely for the information and use of management, [Identify the body or individual(s) charged
with governance.] , and others within the Company, and is not intended to be, and should not be, used by anyone other than
these specified parties.
l, m
[Firm Name]
[Location of Firm (City, State)]
[Report Date]
n
a
Authority(AU-C 265). The communication of significant deficiencies should be in writing and should include the items
discussed at paragraph 1814.52. This letter may be used to communicate that only significant deficiencies were
identified during the audit; however, it also states that there were no material weaknesses identified during the audit. In
contrast, ASB-CL-4.3 presents a letter that may be used when communicating, in a separate letter, that there were no
material weaknesses identified during the audit. ASB-CL-4.2 illustrates the communication of significant deficiencies and
material weaknesses.
b
The communication should be addressed to management and those charged with governance. Determining which
individuals have been charged with governance is discussed beginning at paragraph 1815.5.
c
The communication of significant deficiencies refers to an audit of the financial statements. If the auditors report on the
financial statements was qualified because of a scope restriction, the authors believe that the restriction and its effect on
the evaluation of internal control should be indicated in this communication.
d
For audits of group financial statements, the group engagement team should communicate, to group management and
those charged with governance, material weaknesses in internal control that are relevant to the group (either identified by
the group engagement team or brought to its attention by a component auditor during the audit).
e
Although not required, AU-C 265.A31 permits auditors to describe the general inherent limitations of internal control in
their written communication. In that case, they may add language such as the second sentence of the second paragraph
of the communication:
In addition, because of inherent limitations in internal control, including the possibility of management override
of controls, misstatements due to error or fraud may occur and not be detected by such controls.
f
AU-C 265.14 states that the auditor should include in the written communication the definition of a material weakness
and, when relevant, the definition of a significant deficiency. In this letter, the final sentence in the third paragraph also
clarifies for users that no material weaknesses have been identified during the audit. While auditors are not required to
communicate that none of the identified deficiencies were considered material weaknesses, many elect to make that
communication.
g
AU-C 265.16 states that auditors should not issue a written communication stating that no significant deficiencies were
h
AU-C 265.09 states that the auditor should evaluate control deficiencies, individually and in combination with other
deficiencies that affect the same significant account or disclosure, relevant assertion, or component of internal control to
determine if the control deficiencies collectively result in significant deficiencies (or material weaknesses). See
ASB-CX-15.1.
i
The fact that the auditor communicated a significant deficiency (or material weakness) to those charged with governance
and management in a previous audit does not eliminate the need for the auditor to repeat the communication in the
current year if remedial action has not yet been taken. AU-C 265.A20 states that the auditor may ask management or,
when appropriate, those charged with governance, why the significant deficiency (or material weakness) has not yet
been remedied. A failure to act, in the absence of a rational explanation, may in itself represent a significant deficiency or
material weakness; however, that decision depends upon the auditors professional judgment.
j
Instead of describing the individual significant deficiencies identified during the audit in this letter, some firms describe
them in a separate attachment. In that case, the last sentence of the fourth paragraph could be modified to refer to that
attachment using language such as the following:
We consider the deficiencies in [Clients Name] s internal control presented in [Describe the attachment.] to
this letter to be significant deficiencies.
k
AU-C 265.12(b) states that the auditor should communicate other deficiencies in internal control identified during the
audit that have not been communicated to management by other parties and that, in the auditors professional judgment,
are of sufficient importance to merit managements attention. The auditor may make that communication to management
in writing or orally. The auditor may make that communication, if written, in this letter or make reference to a separate
written communication. In the latter case, a sentence such as the following could be added as the next to last paragraph
of this communication:
In addition, we noted other matters involving internal control and its operation that we have reported to
management of [Clients Name] in a separate letter dated [Date] .
l
Management may prepare (or may be required by a regulator to prepare) a written response to the auditors
communication of significant deficiencies, for example, describing the corrective action taken, plans to implement new
controls, or managements belief that the cost of correcting a significant deficiency would exceed the benefits to be
derived from doing so. If managements response is included in the same document containing the auditors
communication, the auditor may disclaim an opinion on such information by adding a paragraph such as the following to
the auditors communication:
[Clients Name] s written response to the significant deficiencies identified in our audit has not been
subjected to the audit procedures applied in the audit of the financial statements and, accordingly, we express
no opinion on it.
m
If governmental regulations require that the communication be provided to governmental authorities, the last sentence of
the report might read as follows:
This communication is intended solely for the information and use of management, [Identify the body or
individual(s) charged with governance.] , others within the Company, and [Identify any governmental
authorities to which the auditor is required to report.] and is not intended to be, and should not be, used by
anyone other than these specified parties.
n
Generally, the communication is dated the same as the date of the auditors report on the financial statements, but
should be dated no later than 60 days following the report release date. AU-C 230, Audit Documentation, defines the
report release date as the date that the auditor grants the entity permission to use the auditors report in connection
with the financial statements. In many cases, the report release date will be the date that the auditor delivers the audit
report to the entity.
ASB-CL-4.2: Communication of Significant Deficiencies and Material Weaknesses
a
b
c, d
Our consideration of internal control was for the limited purpose described in the preceding paragraph and was not designed
to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and, therefore,
material weaknesses or significant deficiencies may exist that were not identified.
e
However, as discussed below, we
identified certain deficiencies in internal control that we consider to be material weaknesses and other deficiencies that we
consider to be significant deficiencies.
a timely basis. We consider the following deficiencies in [Clients Name] s internal control to be material weaknesses:
[Describe the material weaknesses that were identified during the audit, including an explanation of their potential effects.]
f,
g, h
A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material
weakness, yet important enough to merit attention by those charged with governance. We consider the following deficiencies
in [Clients Name] s internal control to be significant deficiencies:
i
[Describe the significant deficiencies that were identified during the audit, including an explanation of their potential effects.]
f, g, j, k
This communication is intended solely for the information and use of management, [Identify the body or individuals charged
l, m
[Firm Name]
[Report Date]
n
a
Authority(AU-C 265). The communication of significant deficiencies and material weaknesses should be in writing and
should include the items discussed at paragraph 1814.52. This letter may be used to communicate significant
deficiencies and material weaknesses identified during the audit. When only significant deficiencies are identified, the
letter at ASB-CL-4.1 may be used. The letter at ASB-CL-4.3 may be used when communicating, in a separate letter, that
there were no material weaknesses identified during the audit.
b
c
This communication of significant deficiencies and material weaknesses refers to an audit of the financial statements. If
the auditors report on the financial statements was qualified because of a scope restriction, the authors believe that the
restriction and its effect on the evaluation of internal control should be indicated in this communication.
d
For audits of group financial statements, the group engagement team should communicate to group management and
those charged with governance material weaknesses in internal control that are relevant to the group (either identified by
the group engagement team or brought to its attention by a component auditor during the audit).
e
their written communication. In that case, they may add language such as the second sentence of the second paragraph
of the communication:
f
determine if the control deficiencies collectively result in significant deficiencies or material weaknesses. See
ASB-CX-15.1.
g
The fact that the auditor communicated a significant deficiency or material weakness to those charged with governance
and management in a previous audit does not eliminate the need for the auditor to repeat the communication in the
current year if remedial action has not yet been taken. AU-C 265.A20 states that the auditor may ask management or,
when appropriate, those charged with governance, why the significant deficiency or material weakness has not yet been
remedied. A failure to act, in the absence of a rational explanation, may in itself represent a significant deficiency or
material weakness; however, that decision depends upon the auditors professional judgment.
h
Instead of describing the individual material weaknesses identified during the audit in this letter, some firms describe
them in a separate attachment. In that case, the last sentence of the third paragraph could be modified to refer to that
this letter to be material weaknesses.
i
j
Instead of describing the individual significant deficiencies identified during the audit in this letter, some firms describe
them in a separate attachment. In that case, the last sentence of the fourth paragraph could be modified to refer to that
this letter to be significant deficiencies.
k
AU-C 265.12(b) states that the auditor should communicate other deficiencies in internal control identified during the
audit that have not been communicated to management by other parties and that, in the auditors professional judgment,
are of sufficient importance to merit managements attention. The auditor may make that communication to management
in writing or orally. The auditor may make that communication, if written, in this letter or make reference to a separate
written communication. In the latter case, a sentence such as the following could be added as the next to last paragraph
of this communication:
In addition, we noted other matters involving internal control and its operation that we have reported to
management of [Clients Name] in a separate letter dated [Date] .
l
Management may prepare (or may be required by a regulator to prepare) a written response to the auditors
communication of significant deficiencies or material weaknesses, for example, describing the corrective action taken,
plans to implement new controls, or managements belief that the cost of correcting a significant deficiency or a material
weakness would exceed the benefits to be derived from doing so. If managements response is included in the same
document containing the auditors communication, the auditor may disclaim an opinion on such information by adding a
paragraph such as the following to the auditors communication:
[Clients Name] s written response to the significant deficiencies and material weaknesses identified in our
audit has not been subjected to the audit procedures applied in the audit of the financial statements and,
accordingly, we express no opinion on it.
m
If governmental regulations require that the communication be provided to governmental authorities, the last sentence
might read as follows:
n
ASB-CL-4.3: Communication of No Material Weaknesses in a Separate Report
a, b
c
d
a timely basis.
Our consideration of internal control was for the limited purpose described in the first paragraph and was not designed to
identify all deficiencies in internal control that might be material weaknesses.
e
Given these limitations, during our audit we did
not identify any deficiencies in internal control that we consider to be material weaknesses.
f, g, h, i
However, material
weaknesses may exist that have not been identified.
This communication is intended solely for the information and use of management, [Identify the body or individuals charged
j
[Firm Name]
[Report Date]
k
a
Authority(AU-C 265.15). The written communication indicating no material weaknesses were identified should include
the items discussed at paragraph 1814.52. This letter may be used to communicate, in a separate letter, that there were
no material weaknesses identified during the audit. ASB-CL-4.1 illustrates a letter an auditor may use when
communicating that only significant deficiencies were identified. That letter also indicates that no material weaknesses
were identified during the audit.
b
The authors believe that it would be inappropriate for an auditor to issue, at an interim date, a communication stating that
no material weaknesses were identified as of the interim communication date. Such a communication could be
misinterpreted by management and those charged with governance that there are no identified material weaknesses
when material weaknesses could be identified before completing the engagement.
c
d
This separate communication indicating no material weaknesses refers to an audit of the financial statements. If the
auditors report on the financial statements was qualified because of a scope restriction, the authors believe that the
restriction and its effect on the evaluation of internal control should be indicated in this communication.
e
their written communication. In that case, they may add language such as the second sentence of the third paragraph of
the communication:
f
AU-C 265.14 states that the auditor should include in the written communication the definition of a material weakness. In
this letter, the final sentence in the third paragraph also clarifies for users that no material weaknesses have been
g
h
determine if the control deficiencies collectively result in significant deficiencies (or material weaknesses). See
ASB-CX-15.1.
i
If the auditors also identified significant deficiencies and issued a separate communication to management, the auditors
may add the following to the third paragraph of the communication:
Our audit was also not designed to identify deficiencies in internal control that might be significant
deficiencies. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is
less severe than a material weakness, yet important enough to merit attention by those charged with
governance. We communicated the significant deficiencies identified during our audit in a separate
communication dated [Date] .
j
If governmental regulations require that the communication be provided to governmental authorities, the last sentence
might read as follows:
k
ASB-CL-5: Communication with Those Charged with Governance
ASB-CL-5.1: Communication with Those Charged with Governance during Planning
a
[Date]
To the [Identify the body or individual(s) charged with governance.]
b
[Name of Company]
We are engaged to audit the financial statements of [Name of Entity] for the year ended [Date] . Professional standards
require that we provide you with the following information related to our audit. We would also appreciate the opportunity to
meet with you to discuss this information further since a two-way dialogue can provide valuable information for the audit
process.
Our Responsibility under U.S. Generally Accepted Auditing Standards
c, d
As stated in our engagement letter dated [Date of Engagement Letter] , our responsibility, as described by professional
standards, is to express an opinion about whether the financial statements prepared by management with your oversight are
fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles.
e
Our audit of the
financial statements does not relieve you or management of your responsibilities.
Our responsibility for the supplementary information accompanying the financial statements, as described by professional
standards, is to evaluate the presentation of the supplementary information in relation to the financial statements as a whole
and to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial
f, g
Planned Scope and Timing of the Audit
h, i
An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements;
therefore, our audit will involve judgment about the number of transactions to be examined and the areas to be tested.
Our audit will include obtaining an understanding of the entity and its environment, including internal control, sufficient to
assess the risks of material misstatement of the financial statements and to design the nature, timing, and extent of further
audit procedures. Material misstatements may result from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of
assets, or (4) violations of laws or governmental regulations that are attributable to the entity or to acts by management or
employees acting on behalf of the entity. We will generally communicate our significant findings at the conclusion of the audit.
However, some matters could be communicated sooner, particularly if significant difficulties are encountered during the audit
where assistance is needed to overcome the difficulties or if the difficulties may lead to a modified opinion. We will also
communicate any internal control related matters that are required to be communicated under professional standards.
We expect to begin our audit on approximately [Date] and issue our report on approximately [Date] .
This information is intended solely for the use of [Identify the body or individual(s) charged with governance.] and
management of [Name of Entity] and is not intended to be, and should not be, used by anyone other than these specified
parties.
Very truly yours,
[CPA Firms Name]
a
AU-C 260, The Auditors Communication With Those Charged With Governance, applies to all nonpublic entities
regardless of the entitys governance structure or size and establishes requirements for communicating with those
charged with governance. During planning, you should communicate your responsibilities under GAAS and an overview
of the planned scope and timing of the audit to those charged with governance. The communication may be oral or
written, but it should be documented. The documentation related to oral communication should include information
about when and to whom the matters were communicated. The engagement letter, such as the one at ASB-CL-1.1, may
be used to communicate the required matters during the planning phase of the audit, as long as the letter is provided to
those charged with governance. Thus, the engagement letter is sufficient, and this letter is not needed, if all of those
charged with governance are also management. Alternatively, this letter illustrates a separate communication of audit
matters to those charged with governance during the planning phase of the audit. It is also necessary at or near the
completion of the audit to communicate any significant audit findings to those charged with governance. ASB-CL-5.2
illustrates the communication of significant audit findings at or near the conclusion of the audit.
b
The term those charged with governance is defined and discussed beginning at paragraph 1815.5.
c
You may add the following communications in this section:
1. Our responsibility is to plan and perform the audit to obtain reasonable, but not absolute, assurance that the
financial statements are free of material misstatement.
2. As part of our audit, we will consider the internal control of [Name of Company] . Such considerations will be solely
for the purpose of determining our audit procedures and not to provide any assurance concerning such internal
control.
3. We are responsible for communicating significant matters related to the audit that are, in our professional judgment,
relevant to your responsibilities in overseeing the financial reporting process. However, we are not required to
design procedures specifically to identify such matters.
4. We are also responsible for communicating [Describe particular matters required by law, regulation, agreement, or
other requirements applicable to the engagement.] .
d
If you have an independence consideration that you determine should be communicated to those charged with
governance, you may add the following in this section:
We gave significant consideration to [Describe particular circumstances or relationships such as financial
interests, business or family relationships, or nonaudit services provided or expected to be provided.] , which
may reasonably be thought to bear on independence, in reaching the conclusion that independence has not
been impaired.
e
If the financial statements are prepared in conformity with an OCBOA, this paragraph should refer to the OCBOA used
Standards Board, modify this paragraph to refer to IFRS.
f
engaged to report on that information in relation to the financial statements as a whole. If there is no supplementary
information or you have not been engaged to report on it, delete this paragraph. If you have been engaged to report on
supplementary information but it will not accompany the basic financial statements, delete the phrase accompanying
g
AU-C 720, Other Information in Documents Containing Audited Financial Statements, states that if other information is
included in documents containing audited financial statements and the auditors report thereon, you should
communicate your responsibility with respect to such information. Your responsibility should be communicated during
planning with additional information communicated at or near the conclusion of the audit, as illustrated at ASB-CL-5.2. If
you are aware that other information will be included in a document containing the audited financial statements and your
report, include the following:
1. A statement that your responsibility for other information included in documents containing the entitys audited
financial statements and auditors report does not extend beyond the financial information identified in the report.
2. A statement that you have no responsibility for determining whether such other information contained in these
documents is properly stated.
h
You may add communications to address the following in this section:
1. How the auditor proposes to address the significant risks of material misstatement, whether due to fraud or error.
2. The auditors approach to internal control relevant to the audit, including whether the auditor intends to test the
3. The concept of materiality in planning and executing the audit. (This communication would focus on the factors
considered rather than on specific thresholds or amounts.)
4. The extent to which the auditor will use the work of internal audit (if an internal audit function exists), and how the
external and internal auditors can best work together.
The authors recommend that communication about the planned scope and timing of the audit be oral to encourage a
two-way dialogue with those charged with governance. Therefore, if this letter is used, auditors are encouraged to
schedule a follow-up meeting.
i
In group audits for periods ending on or after December 15, 2012, the following matters should be communicated to
those charged with governance of the group (AU-C 600.48):
1. An overview of the type of work to be performed on the financial information of components, including the basis for
a decision to make reference to a component auditor in the auditors report.
2. An overview of the engagement teams planned involvement in the work of component auditors on the financial
information of significant components.
ASB-CL-5.2: Communication with Those Charged with Governance at or near the Conclusion of
the Audit
a
[Date]
b
To the [Identify the body or individual(s) charged with governance.]
c
[Name of Company]
We have audited the financial statements of [Name of Company] for the year ended [Date] , and have issued our report
thereon dated [Date] . Professional standards require that we provide you with information about our responsibilities under
generally accepted auditing standards, as well as certain information related to the planned scope and timing of our audit. We
have communicated such information in our letter to you dated [Date] . Professional standards also require that we
communicate to you the following information related to our audit.
Significant Audit Findings
Qualitative Aspects of Accounting Practices
d, e
Management is responsible for the selection and use of appropriate accounting policies. The significant accounting policies
used by [Name of Company] are described in Note [X] to the financial statements. No new accounting policies were
adopted and the application of existing policies was not changed during [Year] .
f
We noted no transactions entered into by
the Company during the year for which there is a lack of authoritative guidance or consensus.
g
All significant transactions
have been recognized in the financial statements in the proper period.
h
Accounting estimates are an integral part of the financial statements prepared by management and are based on
managements knowledge and experience about past and current events and assumptions about future events. Certain
accounting estimates are particularly sensitive because of their significance to the financial statements and because of the
possibility that future events affecting them may differ significantly from those expected. The most sensitive estimate(s)
affecting the financial statements was (were):
i
Managements estimate of the [Describe accounting estimate.] is based on [Describe basis for estimate.] . We
evaluated the key factors and assumptions used to develop the [Describe accounting estimate.] in determining
that it is reasonable in relation to the financial statements taken as a whole.
Certain financial statement disclosures are particularly sensitive because of their significance to financial statement users. The
most sensitive disclosure(s) affecting the financial statements was (were):
j
The disclosure of [Describe financial statement disclosure.] in Note [X] to the financial statements [Describe
issues and judgments in formulating the disclosure.] .
The financial statement disclosures are neutral, consistent, and clear.
Difficulties Encountered in Performing the Audit
k
We encountered no significant difficulties in dealing with management in performing and completing our audit.
Corrected and Uncorrected Misstatements
l
Professional standards require us to accumulate all misstatements identified during the audit, other than those that are clearly
trivial, and communicate them to the appropriate level of management. Management has corrected all such misstatements.
m
In addition, none of the misstatements detected as a result of audit procedures and corrected by management were material,
either individually or in the aggregate, to the financial statements taken as a whole.
n
Disagreements with Management
o, p
For purposes of this letter, a disagreement with management is a financial accounting, reporting, or auditing matter, whether
or not resolved to our satisfaction, that could be significant to the financial statements or the auditors report. We are pleased
to report that no such disagreements arose during the course of our audit.
Management Representations
q
We have requested certain representations from management that are included in the management representation letter
dated [Date of Management Representation Letter] .
Management Consultations with Other Independent Accountants
r
In some cases, management may decide to consult with other accountants about auditing and accounting matters, similar to
obtaining a second opinion on certain situations. If a consultation involves application of an accounting principle to the
Companys financial statements or a determination of the type of auditors opinion that may be expressed on those
statements, our professional standards require the consulting accountant to check with us to determine that the consultant
has all the relevant facts. To our knowledge, there were no such consultations with other accountants.
Other Audit Findings or Issues
s, t, u, v
We generally discuss a variety of matters, including the application of accounting principles and auditing standards, with
management each year prior to retention as the Companys auditors. However, these discussions occurred in the normal
course of our professional relationship and our responses were not a condition to our retention.
Other Matters
w, x
With respect to the supplementary information accompanying the financial statements, we made certain inquiries of
management and evaluated the form, content, and methods of preparing the information to determine that the information
complies with U.S. generally accepted accounting principles, the method of preparing it has not changed from the prior
period, and the information is appropriate and complete in relation to our audit of the financial statements. We compared and
reconciled the supplementary information to the underlying accounting records used to prepare the financial statements or to
the financial statements themselves.
This information is intended solely for the use of [Identify the body or individual(s) charged with governance.] and
management of [Name of Company] and is not intended to be, and should not be, used by anyone other than these
specified parties.
Very truly yours,
[CPA Firm Name]
a
AU-C 260, The Auditors Communication With Those Charged With Governance, applies to all nonpublic entities
regardless of the entitys governance structure or size and requires you to communicate audit matters that are, in your
professional judgment, significant and relevant to those charged with governance in overseeing the financial reporting
process. Significant findings from the audit should be communicated in writing when oral communication would be
inadequate; however, other communications may be oral or in writing. Oral communications should be documented. The
documentation related to oral communication should include information about when and to whom the matters were
communicated. Additionally, the auditor is required to communicate internal control related matters (see
communications at ASB-CL-4.1, ASB-CL-4.2, and ASB-CL-4.3) and any fraud or violations of laws and regulations
(discussed in sections 1814 and 1816). This letter illustrates the communication of significant findings with those charged
with governance at or near the conclusion of the audit.
b
AU-C 260.18 requires that this communication be made on a timely basis so appropriate action can be taken, if
necessary. If appropriate, it can be made before the issuance of the auditors report on the financial statements. In those
situations, the wording of the letter needs to be modified to reflect the fact that the audit has not been completed.
c
The term those charged with governance is defined and discussed beginning at paragraph 1815.5.
d
If you consider a significant accounting practice that is acceptable under U.S. GAAP to be inappropriate, you should
explain your reasons to those charged with governance and, if necessary, request changes. If your requested changes
are not made, you should inform those charged with governance that you will consider the effect on current and future
financial statements and on the auditors report.
e
Other matters that may be communicated in this section include:
1. The potential effect on the financial statements of significant risks, exposures, and uncertainties, such as pending
litigation, that are disclosed.
2. How the financial statements are affected by unusual transactions, including nonrecurring transactions, and the
extent of disclosure of those items.
3. Factors affecting the carrying values of assets and liabilities, including the assignment of useful lives to tangible and
intangible assets.
4. Managements selective correction of misstatements, such as only correcting misstatements that increase reported
earnings.
For example, if there were significant or unusual accounting transactions, you may add language such as the following:
During [Year] , significant amounts of the Companys accounts payable and long-term debt were
extinguished by payment of cash in amounts less than their carrying values, which resulted in a material gain.
The gain is separately identified in the Companys [Year] Statement of Income. A description of the
transaction is included in Note [X] to the Companys financial statements.
f
If an accounting policy changed during the year, this sentence can be replaced with language such as the following:
As described in Note [X] , the Company changed accounting policies related to [Describe the change.] by
adopting FASB Accounting Standards Update No. [X] , [Name of Standard] , in [Year of Adoption] .
Accordingly, the accounting change has been retrospectively applied to prior periods presented as if the
policy had always been used.
g
If the entity engages in significant transactions for which there is a lack of authoritative accounting guidance or
consensus, a description of the transaction and the rationale for using one accounting method over another would be
presented in place of this sentence. In those cases, you need to understand the basis used by management to select the
particular accounting principle. You may use analogous transactions or events to assess the appropriateness of the
accounting principle selected. The following is an example of a communication that could be used in this circumstance:
As described in Note [X] , management has accounted for [Description of Transaction or Event] by
[Describe accounting method.] . Due to the fact that this type of transaction is new, no authoritative
accounting principles for [Transaction or Event] have been issued. However, management believes that the
transactions covered by [Name of Analogous Literature] are analogous and that the standard (literature) is
relevant to its circumstances. Therefore, management has used that standard (literature) to record the
transaction. We discussed the accounting for this transaction with management and believe that the method
selected is appropriate in this circumstance.
h
If significant transactions have not been recorded properly, this sentence should be replaced. Example language follows:
During [Year] , the Company entered into an agreement to sell significant amounts of inventory to a related
party under terms that would allow the related party to cancel the sale and return the products without
obligation if they are unable to obtain financing for the transaction. The transaction did not qualify for revenue
recognition in [Year] .
i
You should determine that those charged with governance are informed about the process used by management to
formulate particularly sensitive accounting estimates and about the basis for your conclusions regarding the
reasonableness of the estimates. The following is an example of a communication concerning an accounting estimate:
Managements estimate of the allowance for doubtful accounts is based on historical sales, historical loss
levels, and an analysis of the collectibility of individual accounts. We evaluated the key factors and
assumptions used to develop the allowance in determining that it is reasonable in relation to the financial
statements taken as a whole.
j
If there are no significant disclosures that warrant communication to those charged with governance, delete this
paragraph.
k
Modify this paragraph if any difficulties were encountered, such as delays in allowing the audit to commence,
managements refusal to allow external confirmation procedures, delays in providing schedules or information
requested, unreasonable deadlines, or lack of availability of expected information or client personnel. For example,
language such as the following might be included:
The completion of our audit was delayed because the response letter from the Companys legal counsel was
ten days late. We asked management to contact the attorney to request accelerated processing of the
response, but, in spite of the request, the letter was late in arriving.
l
If management has not corrected all misstatements communicated to it during the audit, you should communicate any
uncorrected misstatements and their potential effect on the auditors report to those charged with governance and
request their correction. You should also discuss the possible future implications, if any, of failing to correct
misstatements, as well as the effects of uncorrected prior period misstatements. If those charged with governance
includes individuals who are not involved in managing the entity, also communicate any material misstatements detected
as a result of audit procedures that were corrected by management. (See practical consideration n.) You may also
communicate immaterial misstatements that were corrected if they indicate a pattern of bias in the preparation of the
m
If uncorrected misstatements exist and their effects are immaterial, both individually and in the aggregate, replace the
second sentence of the paragraph with language such as the following:
The attached schedule summarizes uncorrected misstatements of the financial statements. Management has
determined that their effects are immaterial, both individually and in the aggregate, to the financial statements
taken as a whole.
The presentation of uncorrected misstatements to those charged with governance may be similar to the summary of
uncorrected misstatements included in or attached to the management representation letter (see ASB-CL-3.5,
ASB-CL-3.2, and ASB-CL-3.3). When communicating uncorrected misstatements to those charged with governance,
communicate material uncorrected misstatements individually and request their correction. You may communicate the
number and monetary effect of immaterial uncorrected misstatements in the aggregate rather than individually.
n
If all of those charged with governance are also involved in managing the entity, this sentence can be omitted. If there
were material corrected misstatements and all of those charged with governance are not involved in managing the entity,
replace the last sentence of the paragraph with language such as the following:
The following material misstatements detected as a result of audit procedures were corrected by
management: [Describe material adjustments.] .
o
Disagreements may relate to such matters as the appropriate application of accounting principles to the entitys specific
transactions and events, the basis for managements judgments about accounting estimates, the scope of the audit,
disclosures to be included in the notes to the financial statements, or the wording of the auditors report. Disagreements
do not include differences of opinion based on incomplete facts or preliminary information that are later resolved. For
example, there is no disagreement if management initially has a different position about an accounting, auditing, or
reporting matter but changes its position to agree with yours after you explain proper GAAP or GAAS for the situation. On
the other hand, a disagreement would exist if, after hearing your explanation, management still insists that its position is
proper, even if management nevertheless allows you to proceed with your position.
p
If there were disagreements with management, the last sentence of the paragraph should be replaced with a description
of the disagreement. The description should be explicit that there was a disagreement and about the nature of the
disagreement.
q
You may provide a copy of managements written representations to those charged with governance. If all of those
charged with governance are also involved in managing the entity, this section can be omitted.
r
If you are aware of client consultations with other accountants, the following information would be communicated in
place of the last sentence:
1. A description of the transaction or issue discussed.
2. Your opinion and the technical literature on which this opinion is based.
3. A statement about whether the other accountant agreed with your opinion.
If all of those charged with governance are also involved in managing the entity, this section can be omitted.
s
In this section, communicate any other audit findings or issues that are, in your professional judgment, significant and
relevant to those charged with governance in overseeing the financial reporting process. If those charged with
governance includes individuals who are not involved in managing the entity, also communicate any significant issues
that were discussed or were the subject of correspondence with management. In addition to issues discussed with
management prior to auditor retention, significant issues may include, for example, business conditions affecting the
entity or business plans and strategies that may affect the risk of material misstatement of the financial statements.
Additionally, the auditor is required to communicate internal control related matters (see communications at ASB-CL-4.1,
ASB-CL-4.2, and ASB-CL-4.3) and any fraud or violations of laws and regulations (discussed in sections 1814 and 1816).
The auditor is also required to communicate with those charged with governance events or conditions that, when
considered in the aggregate, indicate a substantial doubt about the entitys ability to continue as a going concern for a
reasonable period of time (see paragraph 1807.6).
t
If applicable, the second sentence of the paragraph can be replaced with language such as the following:
During [Year] , we presented management with our formal audit plan and we discussed the following matters:
[Describe the matters discussed.] . The result of those discussions was not a condition to our retention.
u
In a group audit, communicate any matters brought to your attention by component auditors that you consider significant
to the responsibilities of those charged with governance of the group. In group audits of periods ending on or after
December 15, 2012, the following matters should be communicated to those charged with governance of the group:
1. Instances in which the evaluation of the work of a component auditor raised concerns about the quality of that work.
2. Any limitations on the group audit (such as restricted access to information of components).
v
AU-C 260 provides authoritative guidance for communicating with those charged with governance. However, other AU-C
sections also provide requirements for certain communications that should be made to those charged with governance
when the circumstance exists. You should include communications about the following matters in your letter, if
applicable to the circumstances of your engagement:
Management insists on a change in the terms in the audit engagement with no reasonable justification and will not
allow the original audit engagement to continue (AU-C 210.17).
Withdrawal from the engagement and the reasons for the withdrawal due to identified fraud or suspected fraud
(AU-C 240.38).
Identified fraud or suspected fraud involving management, employees who have a significant role in internal control,
or others when the fraud results in a material misstatement in the financial statements (AU-C 240.40).
Any other matters related to fraud that the auditor believes are relevant to the responsibilities of those charged with
governance (AU-C 240.41).
Matters involving noncompliance with laws and regulations that come to the auditors attention, other than those that
are clearly inconsequential (AU-C 250.21).
Significant findings and issues identified during the audit in connection with the entitys related parties (AU-C
550.27).
Subsequently discovered facts that become known either before or after the report release date (AU-C 560.12 and
AU-C 560.15).
After the report release date, management does not revise the financial statements when the auditor believes they
need to be revised or does not take steps to ensure those in receipt of the audited financial statements are informed
of the situation (AU-C 560.17.18).
An inability to obtain sufficient appropriate audit evidence due to a management-imposed scope limitation after the
auditor has accepted the engagement (AU-C 705.12).
Before withdrawing due to a management-imposed scope limitation, communicate any misstatements identified that
would have resulted in a modified opinion (AU-C 705.14).
Material misstatement that results from the omission of information that is required to be presented or disclosed
(AU-C 705.20).
The circumstances that led to an expected modified opinion and the proposed wording of the modification (AU-C
705.29).
The circumstances that led to an expected emphasis-of-matter or other-matter paragraph in the auditors report and
the proposed wording of the paragraph (AU-C 706.09).
Certain information when performing an interim review engagement (AU-C 930.23.28).
w
engaged to report on that information in relation to the financial statements as a whole. If there is no supplementary
information or you have not been engaged to report on it, delete this section. If the supplementary information will not
accompany the basic financial statements, delete the phrase accompanying the financial statements. If the
supplementary information is prepared in conformity with criteria other than U.S. GAAP, replace the reference to U.S.
GAAP with the criteria used for preparation of the information
x
AU-C 720 states that if other information is included in documents containing audited financial statements and the
auditors report thereon, the auditor should communicate any procedures performed relating to such information (such
as reading the other information) and the results of those procedures (such as whether you identified a material
inconsistency with the audited financial statements). If the auditor identifies a material inconsistency in other information
that management refuses to revise or a material misstatement of fact that management refuses to correct, the auditor
should communicate this matter to those charged with governance.
ASB-CL-6: Cash Confirmations and Letters
ASB-CL-6.1: Standard Form to Confirm Account Balance Information with Financial Institutions
a,
b, c, d, e
ORIGINAL
To be mailed to

CUSTOMER NAME
Financial
Institutions
Name and
Address
[Financial Institutions Name and Address] We have provided to our accountants the following information as of
the close of business on [Date] , regarding our deposit and loan
balances. Please confirm the accuracy of the information, noting any
exceptions to the information provided. If the balances have been left
blank, please complete this form by furnishing the balance in the
appropriate space below.* Although we do not request nor expect
you to conduct a comprehensive, detailed search of your records, if
during the process of completing this confirmation additional
information about other deposit and loan accounts we may have with
you comes to your attention, please include such information below.
Please use the enclosed envelope to return the form directly to our
accountants.
1. At the close of business on the date listed above, our records indicated the following deposit balance(s):
ACCOUNT NAME ACCOUNT NO. INTEREST RATE BALANCE*
2. We were directly liable to the financial institution for loans at the close of business on the date listed above as follows:
ACCOUNT NO./
DESCRIPTION BALANCE* DUE DATE
INTEREST
RATE
DATE THROUGH WHICH
INTEREST IS PAID
DESCRIPTION OF
COLLATERAL

(Customers Authorized Signature) (Date)
The information presented above by the customer is in agreement with our records. Although we have not conducted a
comprehensive, detailed search of our records, no other deposit or loan accounts have come to our attention except as noted
below.

(Financial Institution Authorized Signature) (Date)

(Title)
EXCEPTIONS AND/OR COMMENTS
EXCEPTIONS AND/OR COMMENTS
Please return this form directly to our accountants: [Audit Firms Name and Address]
* Ordinarily, balances are intentionally left blank if they are not available at the time the form is prepared.
Approved 1990 by American Bankers Association, American Institute of Certified Public Accountants, and Bank
Administration Institute. Additional forms available from AICPA at www.cpa2biz.com.
a
This form may be used for confirmations of balances with financial institutions. However, it only confirms deposit account
balances (for example, checking accounts, savings accounts, and certificates of deposit) and direct loans. Details of
compensating balances, lines of credit, and contingent liabilities may be separately confirmed with the financial
institution official who is responsible for the clients account or is knowledgeable about such transactions or
arrangements. ASB-CL-10.5 and ASB-CL-10.6 present confirmations of compensating balances and lines of credit.
ASB-CL-10.7 presents a confirmation of contingent liabilities.
b
The form, including a copy for the financial institution to retain for its files, is available from the AICPA with or without the
auditors name and address imprinted on it. The forms can be ordered by calling the AICPA at (888) 777-7077 or by
using the online catalog at www.cpa2biz.com. An editable version of this practice aid is also available in PPCs Practice
Aids.
c
Most financial institutions will also confirm savings and certificate of deposit accounts on this form. Those accounts can
be listed in Item 1 along with checking accounts.
d
The financial institutions response is invalid unless it is signed and dated.
e
Some financial institutions no longer respond to paper confirmations for domestic depository and commercial loan
accounts and only respond to those requests that are submitted via a designated third party service provider. Electronic
confirmations are discussed beginning at paragraph 1101.26.
ASB-CL-6.2: Receipt for Cash Counted by Auditor
a
Cash totaling $ listed below was counted in my presence and returned to me intact by [Auditors Name] ,
representative of [Audit Firms Name] .
Denomination Quantity Extended $
Currency:
One Hundred
Fifty
Twenty
Ten
Five
Two
One
Coins:
Dollar
Half Dollar
Quarter
Dime
Nickel
Penny
Date and Time:
Signed:
Title:
a
Cash on hand is normally immaterial and would typically not be counted. However, this receipt can be used to both
record the count and provide a receipt when cash on hand is counted.
ASB-CL-7: Receivables Confirmations and Letters
ASB-CL-7.1: Positive Accounts Receivable Confirmation RequestItemized Statement Enclosed
a
[Date]
[Customers Name and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm the balance due at [Date] , which
is shown on our records and the enclosed statement as $ .
b
Please indicate in the space below whether this is in agreement with your records. If there are differences, please provide any
information that will assist our auditors in reconciling the difference. Please also indicate any special sale or payment terms
related to this balance.
c
Please sign and date your response and mail your reply directly to [Audit Firms Name and Address] in the enclosed return
envelope. PLEASE DO NOT MAIL PAYMENTS ON YOUR ACCOUNT TO THE AUDITORS.
Very truly yours,
[Clients Name]
To: [Audit Firms Name]
b
The balance due [Clients Name]
b
of $
b
as of [Date]
b
is correct with the following exceptions (if any):

d
Special sale or payment terms (if any):

c, d
Signature:
d
Title:
d
Date:
d
a
This form of accounts receivable confirmation (with itemized statement) normally is the most effective. However, in some
industries, customers pay by invoice rather than by statement. In that case, it is more appropriate to use the confirmation
at ASB-CL-7.2. If it is impractical to attach a statement, the confirmation at ASB-CL-7.3 can be used.
b
These items should be completed by the client before mailing to the customer.
c
These items are optional. However, the auditor, particularly in response to an identified fraud risk (discussed in section
506), may also confirm with the customer any special sale or payment terms extended to the customer, other relevant
contract terms, or the absence of oral or written contract modifications (side agreements). Special terms or side
agreements may include, for example, product acceptance criteria, extended payment terms, future or continuing vendor
obligations, the right to return the product, guaranteed resale amounts, cancellation or refund provisions, and sales for
which the entity is holding merchandise for the customer. A confirmation request for bill-and-hold transactions is
presented at ASB-CL-7.6.
d
These lines should be left blank for the customers response. The response should include the signature of the
respondent to be valid.
ASB-CL-7.2: Positive Accounts Receivable Confirmation RequestOpen Item
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm the amounts on the invoice(s)
[listed below OR in the attached list] as shown by our records, that were due us at [Date] . The invoice(s) that have been
selected for confirmation may represent only a portion of the balance due from you.
Invoice No.
b
Invoice Date
b
(optional)
Your Purchase Order No.
b
Amount
b
Indicate in the space provided below whether this information agrees with your records. If it does not, please provide any
information that will assist our auditors in reconciling the difference. Please also indicate any special sale or payment terms
related to this balance.
c
Please mail your reply directly to [Audit Firms Name and Address] in the enclosed return envelope. PLEASE DO NOT SEND
PAYMENTS FOR THESE ITEMS TO OUR AUDITORS.
Very truly yours,
[Clients Name]
b
The invoice balances due [Clients Name]
b
shown above as of [Date]
b
are correct with the following exceptions (if any):

d

c, d
Signature:
d
Title:
d
Date:
d
a
This form of accounts receivable confirmation is appropriate in industries where the customers pay by invoice.
b
c
d
ASB-CL-7.3: Positive Accounts Receivable Confirmation Requestwithout a Statement
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm the balance due our company as
of [Date] , which is shown on our records as $ .
b
Please indicate in the space provided below if the amount is in agreement with your records. If there are differences, please
provide any information that will assist our auditors in reconciling the differences. Please also indicate any special sale or
payment terms related to this balance.
c
Please mail your reply directly to [Audit Firms Name and Address] in the enclosed return envelope. PLEASE DO NOT MAIL
PAYMENTS ON THIS BALANCE TO OUR AUDITORS.
Very truly yours,
[Clients Name]
b
b
of $
b
as of [Date]
b
is correct with the following exceptions (if any):

d

c, d
Signature:
d
Title:
d
Date:
d
a
This form of confirmation is ordinarily used only if it is impractical to attach the customer statement. The preferable letter
is at ASB-CL-7.1. Use caution when selecting this type of confirmation. If the customers accounts receivable balance is
comprised of numerous invoices or other contractual amounts, differences identified by the customer may be difficult to
resolve without a listing of the specific invoices or other identifying information for the amounts due the client.
b
c
d
ASB-CL-7.4: Negative Accounts Receivable Confirmation Request
a, b
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Our records show an amount of $
c
due from
you as of [Date] . If the amount is not correct, please report any differences directly to our auditors, [Audit Firms Name and
Address] , using the space below and the enclosed return envelope. NO REPLY IS NECESSARY IF THIS AMOUNT AGREES
WITH YOUR RECORDS. PLEASE DO NOT MAIL PAYMENTS ON ACCOUNT TO OUR AUDITORS.
Very truly yours,
[Clients Name]
Differences Noted (If Any)
c
of $
c
at [Date]
c
does not agree with our records because (no reply is necessary if
your records agree):

d
Signature:
d
Title:
d
Date:
d
a
AU-C 505.15 states that negative confirmations may be used as the sole substantive audit procedure only when (1) the
assessed risk of material misstatement is low and relevant controls have been tested for operating effectiveness, (2) a
large number of small, homogeneous balances is involved, (3) the exception rate is expected to be very low, and (4) the
auditor has no reason to believe that recipients are likely to disregard the requests. The use of negative confirmations is
discussed beginning at paragraph 1101.23.
b
A listing of accounts selected for confirmation should be maintained; second requests are not sent.
c
d
ASB-CL-7.5: Blind Accounts Receivable Confirmation Request
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. To facilitate this audit, please indicate in the space
provided below the balance due us at [Date] . Please also indicate any special sale or payment terms related to this
balance.
b
Please mail your reply directly to [Audit Firms Name and Address] in the enclosed return envelope. PLEASE DO NOT MAIL
PAYMENTS ON YOUR ACCOUNT TO OUR AUDITORS.
Very truly yours,
[Clients Name]
c
c
as of [Date]
c
is $
d
according to our records. (If possible, please also furnish a
statement of the invoice numbers, dates, and amounts comprising this total.)

b, d
Signature:
d
Title:
d
Date:
d
a
This type confirmation is rarely used in practice. The confirmations at ASB-CL-7.1 or ASB-CL-7.2 normally are more
effective.
b
c
d
ASB-CL-7.6: Confirmation Request for a Bill-and-hold Transaction
a
[Date]
Our auditors [Name] are conducting an audit of our financial statements. Please compare the following information to your
records and report directly to our auditors whether that information is correct as of [Date] :
1. We sold you [Product Description]
b
on [Date]
b
for [Total Sales Price]
b
under your purchase order [Number]
b
dated [Date] .
b
2. There are no written or oral amendments to the terms specified in the purchase order.
3. At your request we are holding [Product Description]
b
at your risk on our premises and title has passed to you.
4. You requested us to hold [Product Description]
b
for you because [Description of Business Reason for Delayed
Shipment] .
b
5. [Product Description]
b
has been sold to you on our normal payment terms as described in our invoice [Number]
b
dated [Date]
b
and those terms have not been modified.
6. You are obligated to pay us [Total Sales Price]
b
by [Payment Due Date] .
b
Please mail your reply directly to [Audit Firms Name and Address]
b
in the enclosed return envelope. Because this response
is needed for our auditors to complete their audit, we would appreciate a prompt reply.
Very truly yours,
[Clients Name]
b
The above information agrees with our records at [Date]
b
with the following exceptions (if any):

c
Signature:
c
Title:
c
Date:
c
a
This letter can be used to confirm information related to products invoiced prior to shipment. Confirmation of
bill-and-hold transactions may be appropriate in responding to risks of material misstatement due to fraud related to
improper revenue recognition. See the discussion beginning in paragraph 1101.49 concerning revenue recognition
issues and the discussion in paragraph 1101.25 concerning the nature of information being confirmed.
b
c
ASB-CL-7.7: Confirmation of Note Receivable
[Date]
[Note Holders Name and Address]
Our auditors, [Name] , are now conducting an audit of our financial statements. Please confirm directly to them the amount of
your note(s) held by us at [Date] , shown by our records as follows:
Date of Note
a
Due Date
a
Unpaid
Principal
a, b
Annual
Interest Rate
a
Date Interest
Was Paid to
a
Description
of Collateral
a, c
Please state in the space below whether the above information is in agreement with your records. If it is not, please furnish
any information you may have that will assist our auditors in reconciling the difference.
After signing and dating your reply, please mail it directly to [Audit Firms Name and Address] in the enclosed return
envelope.
Very truly yours,
[Clients Name]
a
The above information regarding our note(s) payable to [Clients Name]
a
agrees with our records at [Date]
a
with the
following exceptions (if any):

d
Signature:
d
Title:
d
Date:
d
a
These lines should be completed by the client before mailing.
b
In addition, the auditor might consider confirming the terms of the note based on his or her risk assessment. A response
can sometimes be enhanced by enclosing a copy of the note and related amortization schedule.
c
It may be helpful to attach a copy of the security agreement, safe-keeping receipt, or other evidence of collateral rights.
d
ASB-CL-8: Investments and Securities Confirmations and Letters
ASB-CL-8.1: Receipt for Securities Counted by Auditor
a
I received intact from [Auditors Name] , representative of [Audit Firms Name] , the securities listed below that were counted
in my presence.
Date and Time:
Signed:
Title:
Description
Par or
Principal Amount
Number of
Shares

a
Always count securities in the presence of a client employee and obtain a receipt for their return. If not done
electronically, complete the receipt with a pen.
ASB-CL-8.2: Confirmation of Securities Held by Brokers
a
[Date]
[Brokers Name and Address]
Our auditors, [Name] , are conducting an annual audit of our financial statements. Please send directly to them a statement
of our account(s)
b
with you as of [Date] , indicating the following information:
1. Securities held by you for our account.
2. Securities out for transfer to our name.
3. Any amounts payable to or due from us.
4. A statement of trade activity during the period ended [Date] and a listing of original costs and market values of
securities as of [Date] .
c
envelope.
Very truly yours,
[Clients Name]
a
Send the request so it reaches the broker sufficiently in advance of the confirmation date for the broker to provide a
timely, accurate response.
b
It is usually helpful to include the account number(s) used by the broker for the clients account(s).
c
Most brokerage firms have the capability to provide such an analysis. If so, this analysis can save audit time in preparing
workpaper schedules of year-end portfolios and trades during the year.
ASB-CL-8.3: Confirmation of Securities Held by a Third Party
a
[Date]
[Confirmants Name and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm the following information, as
shown by our records, relating to securities belonging to [Company Name] that were in your possession at [Date] :
Description
b, c
Par or
Principal
Amount
b
Number of
Shares
b
Total Amount
b
In the space provided below, please indicate whether the above information agrees with your records and return the letter
directly to [Audit Firms Name and Address] in the enclosed return envelope. A duplicate copy is enclosed for your files.
Very truly yours,
[Clients Name]
b
The securities listed above were held by [Third Partys Name]
b
at [Date]
b
for the account of [Clients Name]
b
with the

d
Signature:
d
Title:
d
Date:
d
a
This form is typically used when securities are held by companies other than brokerage firms (for example, a bank
located in a remote location). See ASB-CL-8.2 for a confirmation used with brokers and ASB-CL-8.1 for a receipt used
when securities are counted by the auditor.
b
These items should be completed by the client before mailing to the third party.
c
Description should include safekeeping receipt number if securities are held by a bank or other lending institution.
d
These lines should be left blank for the third partys response. The response should include the signature of the
ASB-CL-9: Inventory Confirmations and Letters
ASB-CL-9.1: Confirmation of Inventories Held by a Third PartyListing of Inventories Not
Enclosed
a, b
[Date]
[Name of Third Party and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please provide them the following information
with respect to merchandise held in your custody for our account at [Date] .
1. Quantities on hand (please indicate the following):
c
a. Lot number (list each lot separately)
b. Date received
c. Kind of merchandise
d. Unit of package or measure
(1) Number of units
(2) Kind of units (box, foot, crate, each, pound, dozen, etc.)
e. Condition of merchandise
2. A statement as to whether the quantities you are reporting were determined by physical count, weight, or measure, or
represent your book record only.
3. A statement of any pledged warehouse receipts or other known liens against this merchandise.
envelope.
Very truly yours,
[Clients Name]
a
AU-C-501.15 states that if significant inventories are in the hands of public warehouses or other outside custodians, the
auditor should request direct confirmation in writing from the custodian about the quantity and condition of the inventory
and/or perform inspection or other procedures to obtain sufficient audit evidence. If such inventories represent a
significant portion of current or total assets and warehouse receipts have been pledged as collateral, the auditor ought to
confirm with lenders pertinent details of the pledged receipts (on a test basis, if appropriate). The core audit program at
ASB-AP-6 presents other procedures that might be necessary in the circumstances.
b
If the client has a listing of inventory held by third parties, use the confirmation letter at ASB-CL-9.2.
c
Any of these items that are not appropriate for the circumstances may be deleted or modified.
ASB-CL-9.2: Confirmation of Inventories Held by a Third PartyListing of Inventories Enclosed
a,
b
[Date]
[Name of Third Party and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm directly to them the amount of our
inventory held by you at [Date] , shown in our records according to the attached listing.
c
Please state in the space below whether the attached is in agreement with your records. If it is not, please provide any
information you may have that will assist our auditors in reconciling the difference.
envelope.
Very truly yours,
[Clients Name]
d
The attached inventory list (please return it with your response) is in agreement with our records as of [Date]
d
with the

e
Signature:
e
Title:
e
Date:
e
a
AU-C 501.15 states that if significant inventories are in the hands of public warehouses or other outside custodians, the
auditor should request direct confirmation in writing from the custodian about the quantity and condition of the inventory
and/or perform inspection or other procedures to obtain sufficient audit evidence. If such inventories represent a
significant portion of current or total assets and warehouse receipts have been pledged as collateral, the auditor ought to
confirm with lenders pertinent details of the pledged receipts (on a test basis, if appropriate). The core audit program at
ASB-AP-6 presents other procedures that might be necessary in the circumstances.
b
If the client does not have a listing of inventory held by third parties, use the confirmation letter at ASB-CL-9.1.
c
The listing would typically contain the following information (omit or modify any items that are not appropriate for the
circumstances):
1. Quantities on hand (indicate the following):
a. Lot number (list each lot separately)
b. Date received
c. Kind of merchandise
d. Unit of package or measure
(1) Number of units
(2) Kind of units (box, foot, crate, each, pound, dozen, etc.)
e. Condition of merchandise
2. A statement as to whether the quantities being reported were determined by physical count, weight, or measure, or
represent the book record only.
3. A statement of any pledged warehouse receipts or other known liens against this merchandise.
d
These items should be completed by the client before mailing the confirmation.
e
These lines should be left blank for the third partys response. The response should include the signature of the
ASB-CL-10: Payables and Debt Confirmations and Letters
ASB-CL-10.1: Accounts Payable Confirmation
[Date]
[Vendors Name and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please advise them in the space provided below
whether there is a balance due you by this company as of [Date] . If there is a balance due, please attach a statement of the
items comprising the balance.
envelope.
Very truly yours,
[Clients Name]
a
Our records indicate that a balance of $
b
was due from [Clients Name]
a
at [Date] ,
a
as itemized in the attached
statement.
Signature:
b
Title:
b
Date:
b
a
These items should be completed by the client before mailing to the vendor.
b
These lines should be left blank for the vendors response. The response should include the signature of the respondent
to be valid.
ASB-CL-10.2: Note Payable Confirmation
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm directly to them the following
information relating to our note payable to you at [Date] :
Date of note: b
Original amount of note: $ b
Unpaid principal balance: $ b, c
Maturity date: b
Interest rate: b
Date to which interest has been paid: b
Description of collateral or personal guarantees (If none, please so indicate):

b, d
Please indicate in the space provided below whether the above is in agreement with your records. If it is not, please furnish
our auditors any information you may have that will help them reconcile the difference.
envelope.
Very truly yours,
[Clients Name]
b
The above information regarding the obligation from [Clients Name]
b
b
with the following
exceptions (if any):

e
If there are any direct or contingent liabilities to you not otherwise indicated above, please list:

e
Signature:
e
Title:
e
Date:
e
a
Notes payable with financial institutions may be confirmed using ASB-CL-6.1.
b
These items should be completed by the client before mailing.
c
In addition, the auditor might consider confirming the terms of the note based on his or her risk assessment. To enhance
the confirmants response, it may also be helpful to attach a copy of the note and related amortization schedule.
d
If none, it is better to put NONE in this blank than to delete the item.
e
These items should be left blank for the respondent to complete. The response should include the signature of the
ASB-CL-10.3: Confirmation of Debt for Which No Written Loan Agreement Exists
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please send directly to them the following
information relating to our obligation to you at [Date] .
Date of note: b
Original amount of note: $ b
Principal amount unpaid at [Date:]
c $ b
Maturity date: b
Interest rate: b
Interest payment dates: b
Date to which interest has been paid: b
Terms for payment of principal:

b
Description of collateral or personal guarantees (If none, please so indicate):

b, d
After completing the above information (attach additional sheets if necessary), and signing and dating your reply, please mail
it directly to [Audit Firms Name and Address] in the enclosed return envelope.
Very truly yours,
[Clients Name]
c
The information provided above (and any attachments) regarding the obligation from [Clients Name]
c
agrees with our
records at [Date] .
c
Signature:
b
Title:
b
Date:
b
a
This form can be used when no loan agreement exists. It is best to send this information blind because differences of
opinion regarding oral agreements may exist.
b
These lines should be left blank for the respondent to complete. The response should include the signature of the
c
d
ASB-CL-10.4: Confirmation of Mortgage Debt
a, b
[Date]
[Name of Creditor or Trustee and Address]
Our auditors, [Name] , are conducting an audit of our financial statements. Please send directly to them the following
information about our mortgage indebtedness to you at [Date] .
1. Unpaid principal balance: $ c
2. Interest rate:
%
c
3. Terms for payment of principal:

c
4. Date to which interest has been paid: c
5. Nature of mortgage and descriptions and location of property mortgaged:

c
6. Amounts on deposit with you in escrow for:
a. Insurance: $ c
b. Real estate taxes: $ c
7. Amounts paid during the period from [Date] to [Date] for:
a. Insurance: $ c
b. Taxes: $ c
8. Other amounts on deposit with you (for repairs, for example):

c
9. The nature of defaults, if any:

c
10. Description of personal guarantees (If none, please so indicate):

c, d
After completing the above information (attach additional sheets if necessary) and signing and dating your reply, please mail it
directly to our auditors, [Audit Firms Name and Address]
e
in the enclosed return envelope.
Very truly yours,
[Clients Name]
f
The information provided to you with this letter regarding the mortgage obligation from [Clients Name]
g
agrees with our
records at [Date] .
g
Signature:
h
Title:
h
Date:
h
a
This form is used for mortgages only. See ASB-CL-10.2 and ASB-CL-10.3 for examples of confirmations used with other
types of debt.
b
Many of the items requested will vary with the circumstances of the particular mortgage or other debt involved. This
sample assumes the indenture involves an escrow arrangement for insurance and real estate taxes and a deposit
account for repairs or other contingencies.
c
Some auditors prefer to have the client complete these items before mailing, whereas others prefer to leave them blank
for the respondent to complete. To enhance the confirmants response, it may be helpful to attach a copy of the
mortgage agreement and related amortization schedule.
d
e
This item should be completed by the client before mailing. If the auditor elects to have the client complete the loan
information rather than leaving it blank for the respondent to complete, revise this section as follows:
After signing and dating your reply, please mail it directly to our auditors, [Audit Firms Name and Address]
in the enclosed return envelope.
f
This item should be completed by the client before mailing.
g
These items should be completed by the client before mailing. If the auditor elects to have the client complete the loan
information before mailing rather than leaving it blank for the respondent to complete, revise this section as follows:
The above information regarding the mortgage obligation from [Clients Name] agrees with our records at
[Date] with the following exceptions (if any):

h
These lines should be left blank for the respondent to complete. The response should include the signature of the
ASB-CL-10.5: Confirmation of Compensating Balances
a
[Date]
[Financial Institution Officials Name and Address]
b
In connection with an audit of the financial statements of [Name of Client] as of [Date] and for the [Period] then ended, we
have advised our independent auditors that as of the close of business on [Date] there [were OR were not] compensating
balance arrangements as described in our agreement dated [Date of Agreement] . Although we do not request nor expect
you to conduct a comprehensive, detailed search of your records, if during the process of completing this confirmation
additional information about other compensating balance arrangements between ourselves and your financial institution
comes to your attention, please include such information below.
c
Withdrawal by [Name of Client] of the compensating balance [was OR was not] legally restricted at [Balance Sheet Date] .
The terms of the compensating balance arrangements at [Balance Sheet Date] were as follows:
[Describe terms.]
d, e
In determining compliance with compensating balance arrangements, the Company uses a factor for uncollected funds of
[Number] [business OR calendar] days.
f
[The following changes were made OR There were no changes made] in the compensating balance arrangements during
the [Period] and subsequently through the date of this letter.
[Describe any changes in the compensating balance agreements.]
d
The Company [was OR was not] in compliance with the compensating balance arrangements during the [Period] and
subsequently through the date of this letter.
There were [no OR the following] sanctions applied or imminent by the financial institution because of noncompliance with
compensating balance arrangements.
g
[Describe any applied or imminent sanctions by the financial institution.]
d
During the [Period] and subsequently through the date of this letter [no OR the following] compensating balances were
maintained by the Company at the financial institution on behalf of an affiliate, director, officer, or any other third party, and
[no OR the following] third party maintained compensating balances at the financial institution on behalf of the Company.
(Withdrawal of such compensating balances [was OR was not] legally restricted at [Balance Sheet Date] .)
[List any such compensating balances.]
d
Please confirm whether the above information is in agreement with your records. If it is not, please provide our auditors with
any information you may have that will assist them in reconciling the difference.
After signing and dating your reply, please mail it directly to [Audit Firms Name and Address] in the enclosed envelope.
Very truly yours,
[Clients Name and Title]
d
The above information regarding compensating balances agrees with the records of this financial institution.
h
Although we
have not conducted a comprehensive, detailed search of our records, no information about other compensating balance
arrangements came to our attention. [Note exceptions below or in an attached letter.]

i
Name of Financial Institution:
i
Signature:
i
Title:
i
Date:
i
a
This letter may be used to confirm details of compensating balances directly with an appropriate financial institution
official.
b
This letter should be addressed to the financial institution official who is responsible for the clients relationship or is
knowledgeable about such transactions or arrangements. Some financial institutions centralize this function by assigning
responsibility for responding to confirmation requests to a specific person or department. Auditors should determine the
appropriate recipient.
c
See the letter at ASB-CL-10.7 for confirming details of contingent liabilities related to agreements with financial
institutions.
d
These items should be completed by the client before mailing. The auditor can augment or modify this letter as
appropriate for the specific purpose and terms of the compensating balance arrangement. In some cases, the letter may
be adapted to ask the financial institution to provide the information if the institution can be expected to readily provide
the information.
e
Describe the specific terms of the compensating balance arrangement, for example, an average compensating balance
equal to a specific dollar amount, or a specified percentage of the average loan balance outstanding, as determined
from the financial institutions ledger records with or without adjustment for uncollected funds, etc.
f
This item applies only if the compensating balance amount includes some adjustment for uncollected funds. If some
other method is used for determining collected funds for compensating balances purposes, describe the method
actually used.
g
This item may be omitted unless during the audit period the financial institution has either applied sanctions or informed
the entity that it may apply sanctions.
h
If applicable, some financial institutions may add language such as the following to their replies:
This confirmation does not relate to arrangements, if any, with other branches or affiliates of this financial
institution. Information should be sought separately from such branches or affiliates with which any such
arrangements might exist.
i
These lines should be left blank for the respondent official to complete. The response should include the signature of the
ASB-CL-10.6: Confirmation of Line of Credit
a
[Date]
b
have advised our independent auditors of the information listed below, which we believe is a complete and accurate
description of our line of credit arrangement with your institution as of [Date] . Although we do not request nor expect you to
conduct a comprehensive, detailed search of your records, if, during the process of completing this confirmation, additional
information about other lines of credit from your financial institution comes to your attention, please include such information
below.
c
Total amount of line available to [Name of Client]
d
$
d
Related debt outstanding at the close of business on [Date]
d
$
d
Description of collateral or personal guarantees related to outstanding debt
d, e
Amount of unused line of credit, subject to the terms of the related
agreement, at [Date]
d
$
d
Interest rate at close of business on [Date]
d

d
Expiration date of the agreement
d
Can the line be withdrawn at the institutions option? Yes No
d
Conditions under which the line may be withdrawn are:

d
Compensating balance arrangements are:

d, f
This line of credit supports commercial paper (or other borrowing arrangements) as described below:

d
Very truly yours,
d
The above information about lines of credit agrees with the records of this financial institution.
g
Although we have not
conducted a comprehensive, detailed search of our records, no information about other lines of credit came to our attention.
[Note exceptions below or in an attached letter.]

h
h
Signature:
h
Title:
h
Date:
h
a
This letter may be used to confirm details of lines of credit directly with an appropriate financial institution official.
b
c
See the letter at ASB-CL-10.7 for confirming details of contingent liabilities related to agreements with financial
institutions.
d
These items should be completed by the client before mailing. The auditor can add any additional details as appropriate
for the specific terms of the line of credit agreement, for example, amount of commitment fee or annual charge for
unused funds, etc. In some cases, the letter may be adapted to ask the financial institution to provide the information if
the institution can be expected to readily provide it.
e
f
See the letter at ASB-CL-10.5 for confirming details of compensating balance arrangements with financial institutions.
g
h
ASB-CL-10.7: Confirmation of Contingent Liabilities with Financial Institutions
a
[Date]
b
have advised our independent auditors of the information listed below, which we believe is a complete and accurate
description of our contingent liabilities, including oral and written guarantees, with your financial institution. Although we do
not request nor expect you to conduct a comprehensive, detailed search of your records, if during the process of completing
this confirmation additional information about other contingent liabilities, including oral and written guarantees, between
ourselves and your financial institution comes to your attention, please include such information below.
Name of Maker
c
Date of Note
c
Due Date
c
Current Balance
c
Interest Rate
c
Date to Which Interest
Has Been Paid
c
Description
of Collateral
c
Description of
Purpose of Note
c
Information related to oral or written guarantees is as follows:

c
Very truly yours,
c
The above information listing contingent liabilities, including oral and written guarantees, agrees with the records of this
financial institution.
d
Although we have not conducted a comprehensive, detailed search of our records, no information about
other contingent liabilities, including oral and written guarantees, came to our attention. [Note exceptions below or in an
attached letter.]


e
e
Signature:
e
Title:
e
Date:
e
a
This letter may be used to confirm details of contingent liabilities relating to arrangements with financial institutions, for
example, oral and written guarantees, letters of indemnity, acceptances, and endorsements, etc. Other financing
arrangements may include compensating balances (see ASB-CL-10.5) and lines of credit (see ASB-CL-10.6).
b
c
These items should be completed by the client before mailing. The captions can be modified as appropriate for the
particular type of matter being confirmed. Also, the auditor can add any additional details as appropriate for the specific
agreement. In some cases, the letter may be adapted to ask the financial institution to provide the information if the
institution can be expected to readily provide it.
d
e
ASB-CL-11: Benefit Plan Confirmations and Letters
ASB-CL-11.1: Request for Defined Benefit Plan Information
a
[Date]
[Actuarys Name and Address]
b
Our auditors, [Name] , are conducting an audit of our financial statements for the period ended [Date] . Please furnish
directly to them the information requested regarding your valuation of [Name of Plan] (Plan).
c
For your convenience in
responding to this request, you may supply pertinent sections, properly signed and dated, of your actuarial report, or pension
expense report, if they are available and if they contain the requested information.
1. Please provide a brief description of the following:
d
a. The employee group covered.
b. The benefit provisions of the plan used in the calculation of the net periodic benefit cost for the period and of the
accumulated and projected benefit obligation at the end of the period. Please identify any such benefit provisions
that had not taken effect in the year. Please also provide the date of the most recent plan amendment included in
your calculation. Please identify any participants or benefits excluded from the calculations, such as benefits
guaranteed under an insurance or annuity contract.

c. The method and the amortization period, if any, used for the following:
(1) Calculation of a market-related value of plan assets, if different from the fair value.

(2) Amortization of any transition asset or obligation.

(3) Amortization of prior service cost or credit.

(4) Amortization of net gain or loss.

d. Any substantive commitments for benefits that exceed the benefits defined by the written plan that are included in
the calculations.

e. Determination of the value of any insurance or annuity contracts included in the assets.

f. If information was prepared at an earlier date and projected forward to the measurement date, please describe any
adjustments made to project amounts calculated at the earlier date to the results as of the measurement date
shown in sections 2 or 3.

2. Please provide the following information related to the net periodic benefit cost for the period ended [Date] .
e, f
a. Net periodic benefit cost $
b. The amount included in net periodic benefit cost for the period arising from reclassification
adjustments of other comprehensive income, including:
(1) Net gain or loss $
(2) Net prior service cost or credit
(3) Amortization of net transition asset or obligation
c. The amounts recognized in other comprehensive income arising during the period from:
d. The measurement of the net periodic benefit cost is based on the following assumptions:
Weighted-average discount rate %
Weighted-average rate of compensation increase %
Weighted-average expected long-term rate of return on plan assets %
Please describe the basis on which the above rates were selected and whether the basis is consistent with
the prior period. For the long-term rate of return on plan assets, indicate the general approach used to
determine the rate, the extent to which the rate is based on historical returns, and the nature and extent of
adjustments to historical returns.

Please briefly describe any other assumptions used in the measurement of net periodic benefit cost.

3. Please provide the following information related to benefit obligations and funded status as of or for the period ended
[Date] :
e, f
a. Projected benefit obligation (pension plans only) $
b. Accumulated benefit obligation $
c. Employer contributions $
d. Participant contributions $
e. Benefits paid $
f. Fair value of plan assets $
g. Amount and timing of any plan assets expected to be returned to the
employer during the next 12 months $
h. Net transition asset or obligation remaining in accumulated other
comprehensive income $
i. Net prior service cost or credit remaining in accumulated other
comprehensive income $
j. Net gain or loss remaining in accumulated other comprehensive income $
k. Amounts in accumulated other comprehensive income expected to be recognized in net periodic
benefit cost in the next fiscal year, including:
(3) Net transition asset or obligation
l. The measurement of the benefit obligation is based on the following assumptions:
Weighted-average discount rate %
Weighted-average rate of compensation increase %
Please briefly describe any other assumptions used in the measurement of benefit obligations.

4. Please provide the following information on expected cash flows.
a. Minimum funding requirement for the next fiscal year $
g
b. Expected future benefit payments for each of the next five fiscal years and in the aggregate for the next five years:
Year
Benefit
Payments
h
20 $
20
20
20
20
Years 610
Year
Benefit
Payments
h
5. Please describe any significant transactions of which you are aware between the employer or related parties and the
plan during the period, including, if applicable, the amounts and types of securities of the employer and related parties
included in plan assets and the amount of future annual benefits covered by insurance contracts issued by the employer
or related parties.

6. Please provide our auditors with descriptions of the nature and effect of significant plan amendments and other
significant nonroutine events (for example, combinations, divestitures, settlements, curtailments, or special termination
benefits) affecting the comparability of net periodic benefit cost, benefit obligations, or plan assets for the current period
with those of the prior period, such as:
a. Purchases of annuity contracts,
b. Lump-sum cash payments to plan participants,
c. Other irrevocable actions that relieved the company or the plan of primary responsibility for a pension obligation,
and eliminated significant risks related to the obligation and assets,
d. Any events that significantly reduced the expected years of future service of employees,
e. Any events that eliminated, for a significant number of employees, the accrual of defined benefits for some or all of
their future service, or
f. Any special or contractual termination benefits offered to employees.

7. Was all of the preceding information determined in accordance with generally accepted accounting principles to the best
of your knowledge? If not, please describe any differences.
i

8. Describe the nature of your relationship, if any, with the plan or the plan sponsor that may impair or appear to impair the
objectivity of your work.

Please mail your response directly to [Audit Firms Name and Address] in the enclosed return envelope as soon as possible,
but no later than [Date] .
j
Very truly yours,
[Clients Name]
a
This letter can be tailored for the circumstances. For example, information already available from a copy of an actuarial
valuation report may be deleted from the letter or additional information may be added (see practical considerations d, f,
and i). Disclosure of information on investment strategies and plan asset allocations, which may be available from the
trustees statement of plan assets, is also required. A confirmation letter to the plans trustee is included at ASB-CL-11.2.
b
The letter should be mailed to the actuarial firm that maintains the plan by the auditor.
c
If multiple plans exist, it is ordinarily preferable to send a separate confirmation for each plan.
d
If the entity has significant defined benefit plans requiring actuarial calculations, auditors ordinarily obtain reasonable
assurance that the census data provided to the actuary is complete and accurate. However, in situations where the firm
also audits the plan financial statements, that assurance may be obtained as part of the benefit plan audit, and
procedures need not be repeated. Auditors planning to perform procedures to evaluate the completeness and accuracy
of the employee census data can modify this letter to request additional information. Additional information that may be
requested includes the following:
The source of the census data.
The date as of which the census data was collected.
Any adjustments made to project the census data forward to the measurement date.
The following information concerning participants (to help ensure the census population used by the actuary
appears reasonable):
Participants:
Number
of Persons
Compensation
(if applicable)
Currently receiving payments $
Active with vested benefits
Terminated with deferred vested benefits
Active without vested benefits
Other (describe)
Note: If information is not available for all the above categories, categories may be grouped. If so, request an
indication of the categories that have been grouped and a description of any group or groups of participants
excluded from the information.
The following information for selected individuals contained in the census: (Select individuals from the clients
records to compare with the census data. In addition, you may have the actuary select certain employees and
related census data from his files to compare with the clients records.)
Participant
Name or Number Age or Birth Date Sex Salary
Date Hired or
Years of Service
e
The appropriate dates should be completed by the client before mailing to the actuary. Under FASB ASC 715 (formerly
SFAS No. 158), plan assets and benefit obligations should be measured as of the balance sheet date of the plan
sponsor.
f
FASB ASC 715-20-50-5 [formerly SFAS No. 132(R), Employers Disclosures about Pensions and Other Postretirement
Benefits], provides reduced disclosure requirements for nonpublic entities. This letter assumes entities have elected the
reduced disclosures allowed by that standard. Auditors may tailor this letter to obtain additional information if the entity
has not elected the reduced disclosures or if the auditor believes the additional information would be useful in
determining that the accounting for the plan is in accordance with GAAP. Additional information that may be requested
includes:
The components of net periodic benefit cost for the period.
A reconciliation of the beginning and ending balances of the benefit obligation, showing separately any significant
nonroutine events, such as plan amendments, business combinations, divestitures, curtailments, settlements,
special termination benefits, or foreign currency exchange rate changes.
A reconciliation of the beginning and ending balances of the fair value of plan assets, showing separately any
significant nonroutine events.
g
Nonpublic entities are required to disclose their best estimate, as soon as it can be reasonably determined, of
contributions expected to be paid to the plan during the next fiscal year. Auditors may request confirmation of the
minimum funding requirement for the next fiscal year to assist in evaluating the reasonableness of the clients estimate.
h
The authors believe that the expected future benefits payable for the next fiscal year would ordinarily approximate the
actuarial present value of benefits included in the benefit obligation payable in the next 12 months for purposes of
determining the current portion of an underfunded plan.
i
If the entity has an other postretirement benefit plan, the auditor may also want to confirm information about the assumed
health care cost trend rate. For example, the auditor may confirm the assumed health care cost trend rate for the next
year, a general description of projected changes in the rate thereafter, and the ultimate trend rate and when it is
expected to be achieved.
j
Experience shows that it is often difficult to obtain a timely response to this confirmation request. Specifying a return date
may help.
ASB-CL-11.2: Request for Plan Asset InformationDefined Benefit Pension and Other
Postretirement Benefit Plans
a, b
[Date]
[Trustees Name and Address]
c
Our auditors, [Name] , are conducting an audit of our financial statements for the period ended [Date] . Please furnish
directly to them the information requested below regarding plan assets in the trust account
d
of [Name of Plan] (Plan). For
your convenience in responding to this request, you may supply pertinent sections, properly signed and dated, of your
trustees statement, if it is available and if it contains the requested information.
1. Please provide the following information on plan assets as of [Balance Sheet Date] .
e
a. Plan asset information by major class (if significant):
Asset Class
Total Fair
Value
Quoted
Prices in
Active
Markets for
Identical
Assets
(Level 1)
Significant
Other
Observable
Inputs
(Level 2)
Significant
Unobservable
Inputs
(Level 3)
Target
Allocation
Percentage
or Range,
If Used
(weighted
average if
more than
one plan)
Cash and Cash Equivalents $ $ $ $
%
Equity Securities $ $ $ $
%
Debt Securities Issued by National,
State, and Local Governments $ $ $ $
%
Corporate Debt Securities $ $ $ $
%
Asset-backed Securities $ $ $ $
%
Structured Debt $ $ $ $
%
Derivatives on a Gross Basis: $ $ $ $
%
Interest Rate Contracts $ $ $ $
%
Foreign Exchange Contracts $ $ $ $
%
Equity Contracts $ $ $ $
%
Commodity Contracts $ $ $ $
%
Credit Contracts $ $ $ $
%
Other Contracts $ $ $ $
%
Hedge Funds $ $ $ $
%
Asset Class
Total Fair
Value
Quoted
Prices in
Active
Markets for
Identical
Assets
(Level 1)
Significant
Other
Observable
Inputs
(Level 2)
Significant
Unobservable
Inputs
(Level 3)
Target
Allocation
Percentage
or Range,
If Used
(weighted
average if
more than
one plan)
Hedge Funds $ $ $ $
Private Equity Funds $ $ $ $
%
Venture Capital Funds $ $ $ $
%
Real Estate $ $ $ $
%
Other $ $ $ $
%
b. Describe the nature and amount of any concentration of risk arising within or across classes of plan assets (e.g.,
significant investments in a single entity, industry, country, commodity, or investment fund).

c. For any significant transfers in and out of Levels 1 and 2, provide the following information:
Level 1 Level 2
Amount of transfers in
Amount of transfers out
Reasons for transfers:

d. For any class of plan assets using significant unobservable inputs (Level 3), provide the following information:
[Provide Asset
Class]
[Provide Asset
Class]
[Provide Asset
Class]
Beginning Fair Value $ $ $
Actual Return on Plan Assets:
Relating to Assets Still Held at the
Reporting Date
Relating to Assets Sold During the
Period
Purchases
Sales
Settlements
Amount of Transfers into Level 3
[Provide Asset
Class]
[Provide Asset
Class]
[Provide Asset
Class]
Amount of Transfers out of Level 3
Ending Fair Value $ $ $
Reasons for transfers:

e. For each class of plan assets, describe the valuation technique(s) and inputs used to measure fair value, including a
discussion of any changes in valuation techniques and inputs that may have occurred during the annual period.

2. Describe the Plans investment policies and strategies, including investment goals, risk management practices, permitted
and prohibited investments (including derivatives), diversification strategies, and the relationship between plan assets
and benefit obligations.

3. Provide any other information that may be useful in understanding risks related to assets and the expected long-term
rates of return (for example, additional information about specific assets within a class).

4. Describe any significant transactions of which you are aware between the employer or related parties and the Plan
during the period, including, if applicable, the amounts and types of securities of the employer and related parties
included in plan assets.

5. Provide the amount and timing of any plan assets expected to be returned to the employer during the 12-month period
following [Date of Most Recent Balance Sheet] .
f

Please mail your response directly to [Audit Firms Name and Address] in the enclosed return envelope as soon as possible,
but no later than [Date] .
g
Very truly yours,
[Plan Administrators Name and Title]
[Clients Name]
a
FASB ASC 715-20-50-5 [formerly SFAS No. 132(R), Employers Disclosures about Pensions and Other Postretirement
Benefits] requires companies to disclose information on investment strategies and plan asset allocations.
b
This letter can be tailored for the circumstances. For example, information already available from a copy of the trustees
statement may be deleted from the letter. Alternatively, auditors may request that the trustee confirm (rather than
provide) information about plan assets provided by the plan administrator. In addition, inquire about assets not held by
the trustee. For those assets, auditors may confirm the information directly with the plan administrator. If the plan uses
more than one trustee, a similar letter can be sent to each trustee.
c
The letter should be mailed to the trustee that maintains the plans assets by the auditor.
d
It may be helpful to include the account number used by the trustee for the plans account.
e
This item should be completed by the client before mailing to the trustee.
f
If the operating cycle is longer than twelve months, change this sentence to specify the appropriate operating cycle.
g
It may be difficult to obtain a timely response to this confirmation request. Specifying a return date may help.
ASB-CL-12: Other Confirmations and Letters
ASB-CL-12.1: Standard Confirmation Inquiry for Life Insurance Policies
a, b
LIFE INSURANCE STANDARD CONFIRMATION INQUIRY Developed by American Institute of
Certified Public Accountants,
Life Office Management Association and
Million Dollar Round Table
RETURN TO: [Audit Firms Name and Address] [Date]
Your completion of the following report will be sincerely appreciated.
IF THE ANSWER TO ANY ITEM IS NONE, PLEASE SO STATE. Use
the enclosed envelope to return the original directly to our accountant
(see name to left).
REPORT
FROM
INSURANCE
COMPANY
[Name of Insurance Company] Yours Truly, [Name of Owner as Shown on Policy Contract]
By [Authorized SIgnature]
Information requested as of: [Date]
a
Additional forms available from: AICPA ORDER
P.O. BOX 1003
NYC, NY 10108-1003
Policy #1 Policy #2 Policy #3
A. Policy Number:
B. Insured-Name(s):
C. Beneficiaries as Shown on Policies (If Verification Requested in Item 11):
1. Face Amount of Basic Policy
2. Values Shown as of [Insert date if other than date requested.]
3. Premiums, Including Prepaid Premiums, Are Paid to [Insert date.]
4. Policy Surrender Value (Excluding Dividends, Additions & Indebtedness
Adjustments)
5. Surrender Value of All Dividend Credits, Including Accumulations &
Additions
6. Termination Dividend Currently Available on Surrender
7. Other Surrender Values Available to Policy Owners
a. Prepaid Premium Value
b. Premium Deposit Funds
c. Other
8. Outstanding Policy Loans, Excluding Accrued Interest
9. If Any Policy Loans Exist, Complete Either a or b and c
a. Interest Accrued on Loans
b. Loan Interest Is Paid to [Enter date.]
c. Interest Rate Is [Enter rate.]
NOTE: PLEASE ANSWER ANY ITEM(s) 1012 INDICATED BY A (n)
10. Is There an Assignee of Record? Yes No
11. Is Beneficiary of Record as Shown in Item C Above? Yes No
* * *

12. Is the Name of the Policy Owner (Subject to Any Assignment) as Shown on Top of Form: Yes No
If No, Enter Name of Policy Owner of Record:
* If Answer to Item 11 is No. Please Give Name of Beneficiary or Date of Last Beneficiary Change:
Yours Truly, [Insurance Company]
Date:
Authorized Signature, Title:
c

ORIGINAL
To be mailed to accountant
a
When the risk of material misstatement of cash surrender values is low, it may be more efficient to confirm the balances a
month prior to the balance sheet date so the client can record the annual bookkeeping adjustment without delay.
b
The form, including a copy for the insurance company to retain for its files, is available from the AICPA with or without the
auditors name and address imprinted on it. The form can be ordered by calling the AICPA at (888) 777-7077 or by using
the online catalog at www.cpa2biz.com.
c
The confirmation is invalid if not signed and dated by the respondent.
ASB-CL-12.2: Confirmation of Insurance Coverage (Except Life Insurance)
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please furnish directly to them the following
information concerning the insurance coverage for [Clients Name] as of [Date] .
1. A detailed list of all insurance policies in force, showing:
a. Policy number
b. Nature of insurance
c. Amount of coverage (including all endorsements)
d. Term of policy
e. Annual premium (including all endorsements)
f. Parties at interest
2. The amounts of any refunds on insurance premiums due to [Clients Name] including dividends and credits on mutual
or reciprocal insurance policies to which it may be entitled.
3. A list of claims submitted by [Clients Name] that remain unpaid as of [Date] and through the date of your letter,
estimated date of payment, and collectible amounts.
4. A detailed list of the nature and amount of any claims paid during the period ended [Date] and through the date of your
letter.
5. Any amounts due by [Clients Name] for unpaid insurance premiums, including amounts due on blanket coverage for
which no policies have as yet been issued and assessments on mutual or reciprocal insurance policies for which
[Clients Name] may be liable.
envelope.
Very truly yours,
[Clients Name]
a
Confirmation of insurance coverage will generally only be necessary when the risk of uninsured loss is more than
remote. See section 1401. This letter may be used to confirm insurance coverage with either the insurance company or
agent. The authors believe that it is preferable to confirm directly with the insurance company rather than the agent. If the
confirmation is sent to the agent instead of or in addition to the insurance company, modify Item 1 to include the name of
the insurance company.
ASB-CL-12.3: Confirmation of Lease Agreement
a
[Date]
Our auditors, [Name] , are conducting an audit of our financial statements. Please confirm directly to them the following
information relating to the lease agreement dated [Date of Lease]
b
for a [Description]
b
that we are leasing from you.
1. Inception and expiration dates of the lease: from to .
b
2. Amount of monthly payment: .
b
3. Amount of any deposit: .
b
4. Renewal options (if any):
a. Dates of renewal period: from to .
b
b. Amount of monthly lease payment upon renewal: .
b
5. Purchase options (if any):
a. Amount of purchase price: .
b
b. Inception and expiration dates of option: from to .
b
c. Percent of monthly payment (if any) applicable toward purchase price (if none, so indicate): .
b
Please provide the following related information directly to our auditors.
1. Dates and descriptions of amendments or supplementary understandings, if any, to the lease agreement referred to
above (if none, so indicate): .
c
2. The amount of outstanding delinquent payments, if any (if none, so indicate): .
c
3. A description of the nature of defaults, if any (if none, so indicate): .
c
4. Any direct or contingent liabilities to you not otherwise indicated above (if none, so indicate):
.
c
envelope.
Very truly yours,
[Clients Name]
b
The above information regarding the obligation from [Clients Name]
b
b
with the following
exceptions (if any):

.
c
Signature:
c
Title:
c
Date:
c
a
This form may be used to confirm significant lease obligations, including delinquent payments, defaults, and direct or
contingent liabilities. The content of the letter may vary depending on the individual circumstances.
b
c
These items should be left blank for the respondent to complete. The response should include the signature of the
ASB-CL-12.4: Related Party Confirmation
a
[Date]
[Owner, Officer, or Directors Name and Address]
Our auditors, [Name and Address] , are conducting an audit of our financial statements at [Date] and for the [Period] then
ended. Please furnish to them the information requested in the attached questionnaire. Please sign and date your reply and
mail the questionnaire directly to [Audit Firms Name and Address] in the enclosed return envelope. The questionnaire is
designed to provide the auditors with information about the interests of officers, directors, and other related parties in
transactions with the Company.
Please answer all questions. If the answer to any question is Yes, please explain.
Our auditors expect to have the audit completed on [Date] and would appreciate receiving your reply by that date. We
sincerely appreciate your timely cooperation with this request.
Very truly yours,
[Clients Name]
Related Party Questionnaire
Please answer all questions. If the answer to any question is Yes, please explain.
Yes No
1. Have you or any related party of yours had any interest, direct or indirect, in any sales,
purchases, transfers, leasing arrangements, guarantees, or other transactions since
[Beginning of Period of Audit]
b
to which the company [Or specify any pension, retirement,
savings, or similar plan provided by the client.]
b
was, or is to be, a party?

c
2. Do you or any related party of yours have any interest, direct or indirect, in any pending or
incomplete sales, purchases, transfers, leasing arrangements, guarantees, or other
transactions to which the company [Or specify any pension, retirement, savings, or similar
plan provided by the client.]
b
is, or is to be, a party?

c
3. Have you or any related party of yours been indebted to, or had a receivable from, the
company [Or specify any pension, retirement, savings, or similar plan provided by the
client.]
b
at any time since [Beginning of Period of Audit]
b
(excluding amounts due for
purchases or sales on customary trade terms and for ordinary travel and expense
advances)?

c
The answers to the foregoing questions are correct to the best of my knowledge and belief.
Date:
c
Signature:
c

a
This letter may be used if the auditor wants to confirm the existence of related party transactions with owners, officers,
directors, or others charged with governance. AU-C 580.A15 indicates it may be appropriate to obtain written
representations about related parties from those charged with governance when (1) they have approved specific related
party transactions that involve management or are material to the financial statements, (2) they have made specific oral
representations about related party transactions, or (3) they have financial or other interests in the companys related
parties or related party transactions.
b
These items should be completed by the client before mailing to the related party.
c
These lines should be left blank for the related partys response. The response should include the signature of the
ASB-CL-12.5: Data Request Letter
a
[Audit Firms Letterhead]
[Date]
[Client Information System Contacts Name and Address]
Dear [Name] :
As part of our audit of [Clients Name] for the year ended [Date] , we will be performing certain audit tests on [Describe the
audit area being tested.] . These tests require us to obtain copies of the applicable data files associated with this area. We
expect that our use of these data files will save the accounting department time in providing explanations for our year-end
analytical procedures and in preparing schedules and confirmation requests.
As we discussed today, we would like an electronic version of the [Describe the data file requested.] as of [Date] . We
specifically need the following fields:
[Describe first field.]
[Describe second field.]
[Describe third field.]
[Describe fourth field.]
[Describe additional fields, as necessary.]
Please also note the total number of records included in the file and provide a record layout and printout of the first 100
records for verification purposes.
As we discussed, the file should be provided to us [Describe the file format and medium for transmitting the data.]
b
to be
received by us no later than [Date] . Please send it to the following address:
[Audit Firms Name and Address]
c
If you have any questions, please give me a call.
Sincerely,
[Auditors Name]
a
This letter can be used to request client data files for audit purposes. The authors recommend meeting with appropriate
client personnel to make arrangements to obtain copies of specific client data. This letter may be used as a follow-up to
the meeting to confirm the agreed-upon arrangements.
b
Most DES products available today can work easily with dBase (.dbf), ASCII fixed length or delimited, and EBCDIC fixed
length data file formats as well as with files created in Excel, Lotus, or Access. There are many ways to transmit the data
including email, CD-ROM, tape, storage disks (such as DVDs), FTP or network transfers, flash drives, or flash memory
cards. See the discussion on obtaining data from the client beginning at paragraph 909.20.
c
This may be an email address.
ASB-CL-12.6: Client Assistance Request Letter
a
[Date]
In conjunction with our engagement to audit the financial statement(s) of [Client] as of [Period or Year End(s)] , as
discussed in our engagement letter dated [Date] , we request that your personnel prepare the schedules, analyses,
confirmations, and other items that are listed in the attachment to this letter.
b
As noted in our engagement letter, the timing, scheduling, and associated fees of the engagement are based on the
assumption that your personnel will cooperate and provide assistance by performing tasks such as the timely preparation of
requested schedules, retrieving documents, and preparing confirmations.
c
The attached listing also provides the due dates for the preparation of the requested items. If you are unable to meet any of
these dates, please contact our office at the earliest possible date.
d
Should you need additional explanation or instruction in the preparation of any of the listed items, we would be pleased to
meet with your personnel at your convenience.
e
Very truly yours,
[CPA Firms Name]
[Client Name]
Requested Schedules, Analyses, Confirmations, and Other Items
b, f
For the Period Ending [Date]
Item Due Date
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
a
This letter can be used to request client assistance for the preparation of audit schedules, analyses, confirmations, and
other items that may be required by the auditor in connection with the performance of audit procedures. Some auditors
may prefer to incorporate the request for specific schedules and other client assistance as part of the engagement letter.
Some auditors prefer to meet with the client and discuss the items being requested to help ensure that the client
understands the purpose, format, degree of effort, and timing related to the items requested.
b
Tailor the listing based on the audit approach and procedures reflected in the audit program, considering the clients
specific industry, existing client schedules and analyses, and the abilities of client personnel. Practical consideration f
provides example schedules, analyses, confirmations and other items that may apply in many client situations.
c
Modify this sentence, if necessary, to reflect the language regarding client assistance as indicated in the engagement
letter, as well as the specific client assistance being requested.
d
If necessary, modify this sentence to indicate the specific firm personnel the client should contact.
e
In some cases, the auditor may find it useful to provide the client with examples, templates, or copies of prior year
workpapers for the schedules, analyses, confirmations, and other items requested. In such situations, the auditor may
add the following sentence:
We have also provided examples of the requested items to assist your personnel in their preparation.
f
The following list represents example schedules, analyses, confirmations, and other items that might be requested in an
engagement. As noted in practical consideration b, the listing should be tailored based on the audit approach and
procedures reflected in the audit program, considering the clients specific industry, existing client schedules and
analyses, and the abilities of client personnel. This listing is provided for illustrative purposes; however, the items noted
may frequently apply to many client engagements.
General
Detailed trial balance(s) as of [Date] for [Indicate entity names.] .
Consolidation schedules and related workpapers, including consolidation elimination entries.
Financial statement grouping or other supporting workpapers for the preparation of the financial statements.
Supporting schedules for all financial statement disclosures.
Cash flows statement and supporting schedules.
Manual journal entries for the period ending [Date] including any journal entries prepared after the final trial
balance(s).
Copies of internal financial statements through [Date] .
Articles of incorporation.
Corporate bylaws.
Organization charts.
Names of corporate directors.
Personnel policy manual (or employee handbook).
Employee bonus or incentive plans.
For any employee benefit plan, the plan document, adoption agreement (if any), and Summary Plan Description.
Stock compensation agreements, including stock option plans and copies of individual awards under the plan.
Employment agreements with key management employees.
Deferred compensation agreements with officers or employees.
Officer life insurance policies.
Any noncompete agreement.
Listing of authorized check signers, those authorized to transfer or wire funds from corporate bank accounts, and
those who may borrow against any corporate line of credit.
Minutes of all board of directors and committee meetings through [Date] .
Names and addresses of all legal counsel consulted during the period to allow us to prepare legal request letters.
SOC 1 service auditors report for [Describe] .
Cash and Cash Equivalents
Listing of all cash accounts and investments detailed by bank account, account number, and amount as of [Date]
that reconciles to the trial balance.
Bank reconciliations for all cash accounts as of [Date] .
Bank statements for all bank accounts as of [Date] . We also we will need to have access to your online bank
accounts.
Cash receipts and disbursement journals for the period ending [Date] .
Confirmation requests for all selected accounts (we will provide a separate listing of selected accounts by [Date] ).
Receivables
Listing of all receivable accounts as of [Date] that reconciles to the trial balance.
Accounts receivable aging report detailed by invoice as of [Date] .
Reconciliation of the aging report to the trial balance.
Managements analysis of the reasonableness of the allowance for doubtful accounts as of [Date] .
Credit memo summary for the period ended [Date] and a listing of credits issued subsequent to the period ending
[Date] through [Date] .
Analysis of any write-offs greater than $ [Amount] for the period.
Analysis of the bad debt expense for the period ending [Date] .
Listing of all new customers for the period ending [Date] .
Detail of miscellaneous accounts receivable as of [Date] .
Investments
Schedule of investment activity for the period ending [Date] detailing the investment, cusip number, date of
issuance, purchase date, sold date, and maturity date.
All investment statements as of [Date] . Reconcile any difference between the statement balance and the ending
amounts reflected on the investment activity schedule.
Inventory
A listing of all inventory accounts as of [Date] that reconciles to the trial balance.
Detailed inventory listing by inventory item as of [Date] . Reconcile final balances per the inventory listing to trial
balance amounts.
Count summarization schedules that reconcile counts by tag number to the final detailed inventory listing.
Inventory costing records that support amounts on the final detailed inventory listing such as bills of materials, labor
analysis, and overhead calculations.
Analysis of inventory reserves as of [Date] .
Listings of inventory held on consignment and inventories held by third parties as of [Date] .
Detail of slow-moving, obsolete, and excess inventory as of [Date] .
Supporting documents (shipping reports, invoices, packing slips, receiving reports, bills of lading, etc.) for items
shipped and received 5 business days prior to and subsequent to [Date] .
Final tag control summary and count sheets.
Property and Equipment
Summary schedule for each category of property and equipment that reflects balances as of the beginning of the
period, cost of additions, disposals, transfers, and the ending balance as of [Date] .
Summary schedule for each category of property and equipment accumulated depreciation (and amortization) that
reflects balances as of the beginning of the period, depreciation expense, disposals, transfers, and the ending
balance as of [Date] .
Detailed schedule of property and equipment as of [Date] that reflects (1) asset description and identification, (2)
depreciable life, (3) acquisition date, (4) original cost, (5) accumulated depreciation at the beginning of the period,
(6) depreciation expense for the period, and (7) accumulated depreciation at the end of the period. Provide a
reconciliation of the schedule to the ending balances in the summary schedule of property and equipment.
Detail of all property additions and disposals for the period ending [Date] reflecting (1) transaction date, (2)
description of item acquired or sold, (3) acquisition or sales price, and (4) gain or loss on dispositions.
Analysis of property and equipment obsolescence reserve as of [Date] .
Detail of all repair and maintenance expense accounts for the period ending [Date] .
Supporting analyses for any capitalized leases as of [Date] .
Lease agreements for all real estate and equipment leases.
Other Assets
Detail of prepaid expenses as of [Date] .
Detail of prepaid insurance and cash surrender value as of [Date] .
Detail of deposits as of [Date] .
Analysis of the activity for all investments in closely held companies as of [Date] . Provide related financial
statements and tax returns.
Detail of all other asset accounts as of [Date] .
Accounts Payable
Accounts payable aging detail by vendor as of [Date] reflecting the vendor name and ID, invoice number, invoice
date, due date, and amount. Reconcile the aging to the trial balance.
Check registers and wire detail for the periods subsequent to the period end through [Date] .
Detail for all accruals as of [Date] including (1) accrued bonuses, (2) accrued payroll, (3) accrued vacation, (4)
accrued profit sharing contributions, and (5) all other accruals in excess of $ [Amount] .
Long-term Debt
Detail of notes payable (and capitalized lease obligations) for the period ending [Date] reflecting the following for
each note: (1) description, including date, terms, interest amount, and maturity; (2) balance at the beginning of the
period; (3) additions; (4) payments; (5) ending balance; (6) beginning accrued interest; (7) interest expense; (8)
interest payments; and (9) accrued interest at the end of the period.
For each note, future maturities in each of the five years and thereafter following [Date] .
Detail of lease commitments for each of the five years and thereafter following [Date] .
Copies of all new note agreements for the period ending [Date] .
Equity
Schedule of activity in all equity accounts for the period ending [Date] reflecting (1) description, (2) beginning
balance, (3) additions (including number of shares), (4) retirements (including number of shares), and (5) ending
balance.
Analysis of the activity in the retained earnings account for the period ending [Date] .
Listing of corporate stockholders by name, number, and class of shares held.
Schedule of dividends paid (or declared) during the period ending [Date] .
Copies of new shareholder agreements or other support for share issuances and retirements during the period.
Income Taxes
Rollforward of activity in all federal and state income tax accrual and expense accounts for the period ending [Date]
. Provide copies of all tax payment checks and refund checks from, and to, the IRS and any other state taxing
authority.
Federal and state income tax expense calculation with detailed schedules supporting all M-1s (or M-3s) such as
meals and entertainment, bad debts, charitable donations, etc.
Calculation of deferred taxes, with supporting documentation and reconciliation to the trial balance for the period
ending [Date] .
Income and Expense
Comparison of income and expense accounts for the periods ending [Date] and [Date] , showing the dollar and
percentage change from period to period. Provide detailed explanations for all changes in excess of $ [Amount]
and %.
Income and expense trend detail by month for revenue and expense categories by account detail for the period
ending [Date] . The totals by account should agree to the trial balance.
Comparison schedule of revenue by division [or other meaningful level of disaggregation such as product line,
customer, or geographical area] for the periods ending [Date] and [Date] . Provide detailed explanations for all
changes in excess of $ [Amount] and %.
Schedule of all legal fees that were paid during the period ending [Date] including the attorney, a description of the
payment, and the amount.
ASB-CL-13: Predecessor/Successor Communications
ASB-CL-13.1: Request for Predecessor Auditor to Release Information to Successor Auditor
a, b,
c, d
[Date]
[Predecessors Name and Address]
We have engaged [Successor Firm] to audit our financial statements for the [period, year, OR years] ended [Date(s)] . In
connection with their audit, they would like to make inquiries and examine your workpapers for the audit of our financial
statements for the [period, year, OR years] ended [Date(s)] . Also, they would like to examine the tax records maintained by
you for the [Number] years prior to our current audit date. We hereby authorize you to respond fully and without limitation to
their inquiries.
Please allow our auditors to copy any information needed from files related to our financial statements or tax returns that they
request (unless proprietary in nature) and bill our company for the reproduction costs.
We have represented to our auditors that we are not involved with your firm in any disputes about accounting policies,
auditing procedures, or similarly significant matters and that we [have OR have not] paid in full for all services rendered by
you to date. You will be contacted by [Engagement Partner] of this audit firm concerning these matters.
Very truly yours,
[Clients Name]
a
AU-C 510.07 requires successor auditors to ask the client to authorize the predecessor auditor to allow a review of the
predecessors audit documentation and to respond fully to the successors inquiries. A written communication between
the client and the predecessor auditor is not required. The introduction can be made orally by appropriate company
officials if desired. It is advisable that this letter be used if the client and predecessor are involved in serious disputes of
any kind. If disputes do exist, the client may want to include a description of the relevant facts they made known to the
successor.
b
AU-C 300.13 requires successor auditors to inquire of predecessor auditors about items that will assist the successor in
deciding whether to accept the engagement. AU-C 210.A31 notes that successor auditors may inquire about
management integrity; disagreements with management about accounting policies, audit scope, or other significant
matters; communications to the board of directors or others charged with governance about fraud and noncompliance
with laws and regulations; communications to management and those charged with governance about internal control
matters; and the predecessors understanding of the reasons for the change. The letter at ASB-CL-13.4 may be used to
make these inquiries. See the discussion beginning at paragraph 202.19 for considerations related to communications
between predecessor and successor auditors.
c
See paragraph 202.20 for the definition of the term predecessor auditor and for considerations when more than one
predecessor auditor exists.
d
For audits of periods ending before December 15, 2012, communications with predecessor are not required if the most
recent audited financial statements are more than two years before the beginning of the earliest period being audited.
For audits of periods ending on or after December 15, 2012, communications with a predecessor are not required if the
most recent audited financial statements are more than one year before the beginning of the earliest period being
audited.
ASB-CL-13.2: Letter Granting Successor Auditors Access to Workpapers
a, b
[Predecessor Firms Letterhead]
[Date]
[Successors Name and Address]
We have previously audited, in accordance with U.S. generally accepted auditing standards, the [Date] financial statements
of [Client] . We issued our audit report dated [Report Date] , and we have not performed any audit procedures since that
date.
In connection with your [Year] audit of [Client] financial statements, you have requested access to our audit documentation
prepared in connection with our audit of [Client] [Date] financial statements. [Client] has authorized our firm to allow you to
review that audit documentation. We understand that the purpose of your review is to obtain information regarding [Client]
and our [Year] audit to assist you in planning and performing your [Year] audit. For that purpose only, we will provide you
access to our audit documentation that relates to your objective.
Our audit, and the audit documentation prepared in connection with it, of [Client] financial statements were not planned or
conducted in contemplation of your review. Therefore, items of possible interest to you may not have been specifically
addressed. During our audit, our use of professional judgment and our assessment of audit risk and materiality mean that
matters may have existed that would have been assessed differently by you. We make no representation as to the sufficiency
or appropriateness of the information in our audit documentation for your purposes.
Because your review of our audit documentation is undertaken solely for the purpose described above, and may not entail a
review of all of our audit documentation, you agree that (1) the information obtained from your review will not be used by you
for any other purpose, (2) you will not comment, orally or in writing, to anyone as to whether, as a result of your review, our
audit was performed in accordance with generally accepted auditing standards, (3) you will not provide expert testimony or
litigation support services or otherwise accept an engagement to comment on issues relating to the quality of our audit, and
(4) you accept sole responsibility for the nature, timing, and extent of audit work performed and the conclusions reached in
expressing your opinion on the [Year] financial statements of [Client] .
c
We may, at our discretion, provide copies of audit documentation you request. You agree to subject any such copies or
information otherwise derived from our audit documentation to your normal policies for retention of audit documentation and
protection of confidential client information. Further, in the event a third party requests access to your audit documentation
prepared in connection with your audits of [Client] , you agree to obtain our permission before voluntarily allowing any such
access to our audit documentation or information otherwise derived from our audit documentation. You also agree to obtain
on our behalf any releases that you obtain from such third party. You agree to advise us promptly and provide us a copy of
any subpoena, summons, or other court order for access to your audit documentation that includes copies of our audit
documentation or information otherwise derived therefrom.
Please confirm your acceptance and agreement with the preceding conditions by signing and dating the enclosed copy of
this letter and returning it to us.
Very truly yours,
[Predecessor Firms Name]
RESPONSE:
This letter correctly sets forth our understanding:
[Successor Firms Name]
d
By: Date:
a
This letter is not required by professional standards; however, AU-C 510.A6 states that before granting access to the
workpapers, the predecessor auditor may wish to obtain written confirmation from the successor auditor regarding the
use of the workpapers. This letter is based on Exhibit C of AU-C 510. The authors recommend that predecessor auditors
obtain such a letter.
b
c
Some auditors include this paragraph because experience has shown that the predecessor auditor may grant only
limited access and may not be willing to allow broader access unless given additional assurance concerning the use of
the workpapers.
d
This item should be completed by the predecessor auditor before mailing.
ASB-CL-13.3: Client Consent and Acknowledgment Letter
a, b
[Predecessor Firms Letterhead]
[Date]
You have given your consent to allow [Successor Firm] , as independent auditors for [Client] , access to our audit
documentation for our audit of the financial statements of [Client] for the [period OR year] ended [Date(s)] . You have also
given your consent to us to respond fully to [Successor Firm] inquiries. You understand and agree that the review of our
audit documentation is undertaken solely for the purpose of obtaining an understanding about [Client] and certain
information about our audit to assist [Successor Firm] in planning and performing the audit of the [Date] financial
statements of [Client] .
Please confirm your agreement with the preceding by signing and dating a copy of this letter and returning it to us.
Attached is the form of the letter we will provide [Successor Firm] regarding the use of the audit documentation.
c
Very truly yours,
[Predecessor Firms Name]
RESPONSE:
This letter correctly sets forth our understanding:
[Client]
d
Officer signature:
Title:
Date:
a
This letter is not required; however, AU-C 510.A4 states that predecessor auditors may request a consent and
acknowledgment letter from the client in an effort to reduce misunderstandings about the scope of communications
being authorized by the client. The authors recommend that predecessor auditors request such a consent and
acknowledgment.
b
c
Delete this sentence if the predecessor does not require the successor auditor to sign an acknowledgment letter (such
as the letter illustrated in ASB-CL-13.2) before granting the successor access to the predecessors workpapers.
d
This item should be completed by the predecessor auditor before mailing.
ASB-CL-13.4: Communication with Predecessor Auditor Prior to Final Engagement Acceptance
a,
b, c
[Successor Firms Letterhead]
[Date]
To assist us in making our decision to accept an engagement to audit the financial statements of [Prospective Client] for the
[period, year, OR years] ended [Date(s)] , please provide us with information about the following:
d
1. Information that might bear on the integrity of management of [Prospective Client] .
2. Disagreements with management of [Prospective Client] about accounting policies, audit scope, or other significant
matters.
3. Communications with management and those charged with governance of [Prospective Client] about fraud,
noncompliance with laws and regulations, and internal control matters.
4. Your understanding of the reasons for the change of auditors.
In their letter to you dated [Date] , [Prospective Client] authorized you to respond fully to our inquiries.
e
If for any reason
you are unable to fully respond, please indicate that your response is limited.
f
We agree to subject any communication received from you to our normal policies for retention of audit documentation and
protection of confidential client information.
Please mail your reply directly to us in the enclosed return envelope or if you choose to respond orally, please contact us at
[Phone Number] . We sincerely appreciate your timely cooperation with this request.
g
Very truly yours,
a
This letter is not required. However, AU-C 300.13 requires successor auditors to inquire of predecessor auditors about
items that will assist the successor in deciding whether to accept the engagement. AU-C 210.A31 notes that successor
auditors may inquire about management integrity; disagreements with management about accounting policies, audit
scope, or other significant matters; communications to those charged with governance regarding fraud and
noncompliance with laws and regulations; communications to management and those charged with governance about
internal control matters; and the predecessors understanding of the reasons for the change. (See section 202.) Some
auditors prefer to make these inquiries orally. Oral communications can be documented in a memo or with an
appropriate notation, indicating the date of the inquiry and the person contacted, at the Engagement Acceptance and
Continuance Form at ASB-CX-1.1.
b
See paragraph 202.20 for the definition of the term predecessor auditor and for considerations when more than one
predecessor auditor exists.
c
For audits of periods ending before December 15, 2012, communications with predecessor are not required if the most
recent audited financial statements are more than two years before the beginning of the earliest period being audited.
For audits of periods ending on or after December 15, 2012, communications with a predecessor are not required if the
most recent audited financial statements are more than one year before the beginning of the earliest period being
audited.
d
Successor auditors may also consider it helpful to obtain information from the predecessor about areas that required a
significant amount of audit time, audit problems that arose from the condition of the accounting system or records, or
other reasonable inquiries.
e
The successor auditor should ask the prospective client to authorize the predecessor to respond fully to the successors
inquiries. (The letter at ASB-CL-13.1 includes this authorization.) If the prospective client refuses permission to contact
the predecessor, the successor should find out why and consider the implications of the refusal in deciding whether to
accept the engagement.
f
The response from the predecessor auditor may be limited due to pending, threatened, or potential litigation; disciplinary
proceedings; or other unusual circumstances. If the successor auditor receives a limited response, its implications
should be considered in deciding whether to accept the engagement. The successor may be able to obtain sufficient
information about client integrity and other matters from alternative sources to make the acceptance decision.
g
If the predecessor auditor does not respond within a reasonable time period, the auditor may follow up with a phone call
to make the inquiries.
ASB-CL-13.5: Communication with Predecessor Auditor Prior to Engagement Proposal
a
[Proposing Firms Letterhead]
[Date]
[Predecessor Auditors Name and Address]
In connection with our proposal to audit the financial statements of [Prospective Client] for the [period, year, OR years]
ended [Date(s)] , they have requested our opinion on [Specify the matters on which the proposing firms opinion has been
requested.] . To assist us in making our decision to propose on this engagement, please provide us with the following
information:
1. Information about the [accounting OR reporting] issue.
2. Available facts relevant to forming a judgment about the issue, including:
a. The form and substance of the transaction.
b. How management of [Prospective Client] has applied accounting standards to similar transactions.
c. Whether you and [Prospective Client] have disagreed about the facts or application of relevant accounting
standards.
In their letter to you dated [Date] , [Prospective Client] authorized you to respond fully to our inquiries.
b
If for any reason
you are unable to fully respond, please indicate that your response is limited.
c
We agree to subject any communication received from you to our normal policies for retention of audit documentation and
protection of confidential client information.
Please mail your reply directly to us in the enclosed return envelope or if you choose to respond orally, please contact us at
[Phone Number] . We sincerely appreciate your timely cooperation with this request.
d
Very truly yours,
[Proposing Firms Name]
a
This letter is not required. However, it may be used to request information from the predecessor auditor when the
prospective client has asked for written or oral advice about the application of accounting standards to specified
transactions of the entity or the type of opinion that might be expressed on the entitys financial statements in connection
with a request for proposal. When evaluating accounting standards that relate to a specific transaction or determining the
type of opinion that may be rendered on the entitys financial statements, the proposing auditor may consult with the
predecessor auditor to ascertain all available facts relevant to forming a professional judgment. Some auditors prefer to
make these inquiries orally.
b
The proposing auditor should request permission to consult with the predecessor auditor and request the entitys
management to authorize the predecessor auditor to respond fully to the proposing auditors inquiries. (The letter at
ASB-CL-13.1 can be adapted to provide this authorization.) The responsibilities of an entitys predecessor auditor to
respond to inquiries by the proposing auditor are the same as the responsibilities of a predecessor auditor to respond to
inquiries by a successor auditor (see the discussion beginning at paragraph 202.19). If the prospective client refuses
permission to contact the predecessor, the proposing firm should find out why and consider the implications of the
refusal in deciding whether to propose on the engagement.
c
The response from the predecessor auditor may be limited due to pending, threatened, or potential litigation; disciplinary
proceedings; or other unusual circumstances. If the proposing auditor receives a limited response, its implications
should be considered in deciding whether to propose on the engagement. The proposing firm may be able to obtain
sufficient information about the accounting or reporting issue from alternative sources to make the proposal decision.
d
If the predecessor auditor does not respond within a reasonable time period, the proposing auditor may follow up with a
phone call to make the inquiries.
ASB-CL-13.6: Representation from Successor Auditor to Predecessor AuditorPredecessors
Report Is Reissued
a
[Successor Firms Letterhead]
[Date]
In connection with the reissuance of your report on the financial statements of [Name of Client] for the [period OR year]
ended [Date] that are to be included comparatively with similar statements for the [period OR year] ended [Date] , we
make the following representations:
We have audited, in accordance with auditing standards generally accepted in the United States of America, the
financial statements of [Name of Client] , which comprise the balance sheet as of [Period or Year End] , and the
related statements of income, retained earnings, and cash flows for the [period OR year] then ended, and the
related notes to the financial statements. Our procedures in connection with that engagement did not disclose any
events or transactions subsequent to [Predecessors Balance Sheet Date] which, in our opinion, would have a
material effect upon the financial statements, or which would require disclosure in the notes to the financial
statements of [Entitys Name] for the [period OR year] then ended.
b
We will notify you if anything comes to our attention prior to the date our report is available for issuance that, in our judgment,
would have a material effect upon, or require disclosure in, the financial statements covered by your report.
Very truly yours,
a
As discussed beginning at paragraph 910.55, if comparative financial statements are presented and the predecessor
reissues their report on the prior period financial statements, AU-C 560.19 indicates that the predecessor should obtain a
representation letter from the successor auditor and the management of the former client. The Updating Management
Representation Letter at ASB-CL-3.4 can be used to obtain representation from management of the former client.
b
The wording of this representation should be changed based on the circumstances.
ASB-CL-14: Principal and Other Auditor Communications
ASB-CL-14.1: Request for Representations from Other Auditor Who Audits the Financial
Statements of a Subsidiary, Division, or BranchPeriods Ending before December 15, 2012
a
[Date]
[Name and Address of Other Auditor]
We have been engaged by [Name of Client] to audit its financial statements as of [Date] and for the [period OR year] then
ended. In connection with our audit, we intend to place reliance on your audit of the financial statements of [Name of Entity
Being Audited by Other Auditor] as of [Date] and for the [period OR year] then ended. (We also plan to refer to your report
on [Name of Entity Being Audited by Other Auditor] in our report.)
b
Please provide us with the following representations:
1. You are independent with respect to [Names of Both the Client and the Other Entity] under the requirements of the
American Institute of Certified Public Accountants.
2. You are aware that we intend to place reliance on your audit of the financial statements of [Name of Entity Being Audited
by the Other Auditor] as of [Date] and for the [period OR year] then ended (and that your report will be referred to in
our report).
b
3. You are familiar with U.S. generally accepted accounting principles and with the generally accepted auditing standards
and the Code of Professional Conduct promulgated by the American Institute of Certified Public Accountants, and will
conduct your audit and will report in accordance with those standards.
c
Please indicate in the space provided below your agreement with these representations. After signing and dating your reply,
please mail it to us in the enclosed envelope.
Very truly yours,
[Name of Principal Auditor]
To: [Name of Principal Auditor]
d
With respect to our audit of the financial statements of [Name of Entity Being Audited by Other Auditor]
d
as of [Date] ,
d
and
for the [period OR year]
d
then ended, we make the representations stated above (indicate any exceptions)

e
Signature:
e
Name of Audit Firm:
e
Date:
e
a
One of the primary decisions a principal auditor must make in using the work of another auditor of a subsidiary, branch,
division, or other component is whether he is satisfied with the independence and professional reputation of the other
auditor. SAS No. 1 at AU 543.10 describes the procedures that the principal auditor should apply to obtain knowledge
about the other auditors professional reputation and independence. Those procedures include obtaining certain
representations from the other auditor. This letter may be adapted if the other auditor is performing audit procedures on
certain elements, accounts, or items of component financial statements rather than an audit of financial statements.
b
If a principal auditor does not refer to the work of other auditors, the principal auditor assumes responsibility for the
adequacy of the other auditors work as if it had been performed by the principal auditor and his or her staff. Accordingly,
no reference is made to the other auditor or his work in either the scope or opinion paragraph of the principal auditors
report. In other words, the principal auditor issues a standard report.
c
Standards Board, modify this paragraph to refer to IFRS. This item may be omitted if the principal auditor already knows
the professional reputation and integrity of the other auditor.
d
These items should be completed by the principal auditor before mailing.
e
These items should be left blank for the other auditor to complete. The principal auditor should fill out all other items in
the letter before mailing it.
ASB-CL-14.2: Letter from Principal Auditor to Other Auditors Regarding Related PartiesPeriods
Ending before December 15, 2012
a
[Date]
In connection with our audit of the financial statements of [Name of Parent] for the [Period] ended [Date] , in which you are
participating as auditors of [Name of Component] , enclosed is a list of related parties (as defined by U.S. generally accepted
accounting principles) of which we are aware and a description of transactions with those parties.
b, c
Our primary audit objectives associated with related party transactions are to:
Determine the existence of related parties,
Identify transactions with related parties,
Examine identified related party transactions, and
Determine the adequacy of disclosure.
As a participant in this audit, you should refer to the enclosed list and should be alert for any transactions with related parties
(those on the list or others that may come to your attention) during the conduct of your audit.
Based on your knowledge, please advise us of other related parties not included on the list and of transactions with related
parties that differ from those described herein.
Very truly yours,
[Name of Principal Auditor]
a
When using the work of other auditors, this letter may be used by the principal auditor to help facilitate a timely exchange
of information regarding known related parties and related party transactions.
b
The term related parties is defined in FASB ASC 850-10-20. It may be desirable for principal auditors to confirm with the
other auditors matters such as the following:
A description of the transactions, including transactions to which no amounts or nominal amounts were ascribed, for
each period for which an income statement will be presented.
The dollar volume of transactions with related parties for each period for which income statements will be presented
and the effects of any changes in the method of establishing the terms from that used in the preceding period.
Amounts due to or from related parties as of the date of each balance sheet that will be presented, along with the
terms and manner of settlement.
Any other information considered necessary to an understanding of the effects of the transactions on the financial
statements.
c
If additional related parties or transactions are identified later in the engagement, a list of transactions with those parties
should be forwarded to the other auditors. If this letter is sent at interim, wording may be added to indicate that updated
information will be forwarded at year-end.
ASB-CL-14.3: Inquiry of Group Auditor by Component Auditor
a
[Component Auditors Letterhead]
[Date]
[Name and Address of Group Auditor]
We are auditing the financial statements of [Clients Name] as of [Date] and for the [Period] then ended for the purpose of
expressing an opinion as to whether the financial statements present fairly, in all material respects, the financial position,
results of operations, and cash flows of [Clients Name] in conformity with U.S. generally accepted accounting principles.
b
A draft of the financial statements referred to above and a draft of our report are enclosed solely to aid you in responding to
this inquiry. Please provide us [in writing OR orally] with the following information in connection with your current audit of the
consolidated financial statements of [Name of Parent] :
1. Transactions or other matters (including adjustments made during consolidation or contemplated at the date of your
reply) that have come to your attention that you believe require adjustment to or disclosure in the financial statements of
[Clients Name] being audited by us.
2. Any limitation on the scope of your audit that is related to the financial statements of [Clients Name] being audited by
us or that limits your ability to provide us with the information requested in this inquiry.
c
Please make your response as of a date near [Expected Date of Component Auditors Report] .
Very truly yours,
[Name of Component Auditor]
a
This letter can be used by the auditor (the component auditor) of financial statements that will be included in
consolidated (group) financial statements (or otherwise relied upon by the group auditor) to make inquiries of the group
auditor about matters that may be significant to the component auditors audit. The component auditor may decide to
make this inquiry if there are unusual or complex transactions or relationships between the component and other
members of the group, or if the component auditor is aware that in the past relevant matters have arisen that were known
to the group auditor but not to the component auditor.
b
If the financial statements are prepared in conformity with an OCBOA, refer to the OCBOA used (for example, modified
cash basis of accounting or income tax basis of accounting). If the financial statements are prepared in conformity with
International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board, modify
this paragraph to refer to IFRS.
c
If the group auditors response is limited because the group auditors audit has not progressed to a point sufficient for
providing a satisfactory response, consider whether to apply acceptable alternative procedures, delay issuance of the
report until the group auditor can respond, or qualify the report on the component for a scope limitation.
ASB-CL-14.4: Group Auditors Response to Inquiries from Component Auditor
a
[Group Auditors Letterhead]
[Date]
b
[Name and Address of Component Auditor]
This letter is provided to you in response to your request that we provide you with certain information in connection with your
audit of the financial statements of [Name of Component] , a [subsidiary, division, branch, OR investment] of [Name of
Parent] for the year ended [Date] .
We are auditing the consolidated financial statements of [Name of Parent] for the year ended [Date] (but have not
completed our work as of this date). The objective of our audit is to enable us to express an opinion on the consolidated
financial statements of [Name of Parent] and, accordingly, we have performed no procedures directed toward identifying
matters that would not affect our audit or our report. However, solely for the purpose of responding to your inquiry, we have
read the draft of the financial statements of [Name of Component] as of [Date] and for the [Period Covered by Audit] and
the draft of your report on them, included with your inquiry dated [Date of Component Auditors Inquiry] .
Based solely on the work we have performed (to date) in connection with our audit of the consolidated financial statements,
which would not necessarily reveal all or any of the matters covered in your inquiry, we advise you that:
c
1. No transactions or other matters (including adjustments made during consolidation or contemplated at this date) have
come to our attention that we believe require adjustment to or disclosure in the financial statements of [Name of
Component] being audited by you.
2. No limitation has been placed by [Name of Parent] on the scope of our audit that, to our knowledge, is related to the
financial statements of [Name of Component] being audited by you, that has limited our ability to provide you with the
information requested in your inquiry.
Very truly yours,
[Name of Group Auditor]
a
This letter is appropriate for group auditors to reply to inquiries from component auditors (see the inquiry letter at
ASB-CL-14.3) about matters known by the group auditor that may affect the component auditors audit.
b
Respond as of a date near the expected date of the component auditors report, as specified in the component auditors
inquiry letter.
c
Modify items one and two as necessary if the group auditor is aware of any transactions, adjustments, scope limitations,
or other matters significant to the component auditors audit.
ASB-CL-14.5: Request for Representations from Other Auditor Who Performs Audit Procedures
on Certain Elements, Accounts, or Items in Nongroup Financial Statements
a
[Date]
We have been engaged by [Name of Client] to audit its financial statements as of [Date] and for the [period OR year] then
ended. In connection with our audit, we intend to place reliance on audit procedures you will perform relative to [Describe
element(s), account(s), or item(s) of the financial statements.] of [Name of Client] as of [Date] (and for the [period OR
year] then ended). Please provide us with the following representations:
1. You are independent with respect to [Name of Client] under the requirements of the American Institute of Certified
Public Accountants.
2. You are aware that we intend to place reliance on the audit procedures you will perform relative to the [Describe
element(s), account(s), or item(s) of the financial statements.] of [Name of Client] as of [Date] (and for the [period OR
year] then ended).
3. You are familiar with U.S. generally accepted accounting principles and with generally accepted auditing standards and
the Code of Professional Conduct promulgated by the American Institute of Certified Public Accountants and have
conducted your procedures in accordance with those standards.
b
Very truly yours,
[Name of Auditor]
To: [Name of Auditor]
c
With respect to our audit procedures performed relative to the elements, accounts, or items described above, we make the
representations stated above (indicate any exceptions).

d
Signature:
d
Name of Audit Firm:
d
Date:
d
a
This letter can be used to obtain information about another auditors independence and competence when they will be
used to perform procedures on specific elements, accounts, or items of non-group financial statements. Although the
requirements of AU-C 600 (discussed beginning in paragraph 202.69) technically do not apply to that situation, AU-C
220 requires the engagement partner to be satisfied that the engagement team has the appropriate competence and
capabilities to perform the engagement in accordance with professional standards. Therefore, the authors recommend
obtaining this confirmation whenever the work of other auditors is used (for example, to observe inventory at a remote
location).
b
Standards Board, modify this paragraph to refer to IFRS. This item may be omitted if the professional reputation and
integrity of the other auditor are already known.
c
This item should be completed by the auditor before mailing.
d
These items should be left blank for the other auditor to complete.
ASB-CL-14.6: Request for Representations from Component Auditor When Reference Will Be
MadePeriods Ending on or after December 15, 2012
a, b
[Date]
We have been engaged by [Name of Client] to audit its [consolidated OR combined] financial statements as of [Date] and
for the [period OR year] then ended. The purpose of our audit is to express an opinion on whether the group financial
statements of [Name of Client] present fairly, in all material respects, the financial position of the group as of [Date] and the
results of its operations and its cash flows for the [period OR year] then ended in accordance with U.S. generally accepted
accounting principles.
c
In connection with our audit, we intend to place reliance on your audit of the financial statements of
[Name of Component] , a [Describe components relationship to client.]
d
of [Name of Client] , as of [Date] and for the
[period OR year] then ended. (We also plan to make reference to your audit of [Name of Component] in our report.) Please
provide us with the following representations:
1. You acknowledge that the financial information of [Name of Component] will be included in the group financial
statements of [Name of Client] and agree to cooperate with us in our audit of [Name of Client] .
2. You are aware that we intend to place reliance on your audit of the financial statements of [Name of Component] as of
[Date] and for the [period OR year] then ended (and that your report will be referred to in our report).
3. You have an understanding of the AICPA Code of Professional Conduct that is sufficient to fulfill your responsibilities in
the audit of the group financial statements and will comply therewith. In particular, and with respect to [Name of Client]
and the other components of the group,
e
you are independent within the meaning of, and comply with the applicable
requirements of, Rule 101, Independence, and related Interpretations and Rulings of the Code of Professional Conduct
promulgated by the American Institute of Certified Public Accountants.
4. You have an understanding of U.S. generally accepted auditing standards that is sufficient to fulfill your responsibilities in
the audit of the group financial statements.
f
5. You possess the special skills and industry-specific knowledge necessary to perform the audit of [Name of Component]
.
f
6. You have an understanding of U.S. generally accepted accounting principles
c
that is sufficient to fulfill your
responsibilities in the audit of the group financial statements.
f
7. The financial statements of [Name of Component] will be prepared in accordance with U.S. generally accepted
accounting principles
c
and you expect to issue an unrestricted report on those financial statements. You will conduct
your audit of [Name of Component] in accordance with U.S. generally accepted auditing standards.
Very truly yours,
To: [Name of Group Auditor]
g
With respect to our audit of the financial statements of [Name of Component]
g
as of [Date]
g
and for the [period OR year]
g
then ended, we make the representations stated above (indicate any exceptions).

h
We will inform you of any changes in the above representations during the course of our audit.
Signature:
h
h
Date:
h
a
The purpose of this letter is to (1) obtain an understanding of the component auditors competence and compliance with
independence and other ethical requirements, (2) confirm that the component auditor understands the context in which
their work will be used and agrees to cooperate with the group auditor, and (3) ensure that the preconditions for making
reference to the work of the component auditor in the auditors report on the group financial statements have been met.
Because some of the matters addressed in this letter are preconditions for making reference, it is important that this
communication occur during the planning stage of the group engagement. This communication is not required to be in
writing. The nature and extent of the communication may depend on the group auditors previous experience with the
component auditor and factors such as whether the component auditor is a member of the group auditors same firm or
a network firm or operates in the same or a different jurisdiction. If the information in this letter is obtained orally, the
communication should be documented.
b
Specific instructions and requirements are communicated to the component auditor using ASB-CL-14.8.
c
If the financial statements are prepared in accordance with an OCBOA, refer to the OCBOA used (for example, modified
cash basis of accounting or income tax basis of accounting). If the financial statements are prepared in accordance with
this language to refer to IFRS. Ordinarily, the component financial statements should be prepared on the same basis of
accounting as the group financial statements.
d
The components relationship to the client may be, for example, a wholly owned subsidiary, subsidiary, joint venture,
investee accounted for by the cost or equity method of accounting, branch, or division.
e
It may be necessary to provide a list of group components to facilitate obtaining this representation.
f
These statements pertain to the professional competence of the component auditor and may be omitted if the group
auditor obtains an understanding of the component auditors professional competence through other means.
g
This item should be completed by the group auditor before mailing.
h
This item should be left blank for the component auditor to complete.
ASB-CL-14.7: Request for Representations from Component Auditor When Responsibility Will Be
AssumedPeriods Ending on or after December 15, 2012
a, b
[Date]
We have been engaged by [Name of Client] to audit its [consolidated OR combined] financial statements as of [Date] and
for the [period OR year] then ended. The purpose of our audit is to express an opinion on whether the group financial
statements of [Name of Client] present fairly, in all material respects, the financial position of the group as of [Date] and the
results of its operations and its cash flows for the [period OR year] then ended in accordance with U.S. generally accepted
accounting principles.
c
In connection with our audit, we have requested that you perform work on the financial information of
[Name of Component] , a [Describe components relationship to client.]
d
of [Name of Client] , as of [Date] and for the
[period OR year] then ended. Please provide us with the following representations:
1. You acknowledge that the financial information of [Name of Component] will be included in the group financial
statements of [Name of Client] and agree to cooperate with us in our audit of [Name of Client] .
2. You are aware that we intend to evaluate and, if considered appropriate, use your work for our audit of the group
financial statements of [Name of Client] , and we may consider it necessary to be further involved in your work.
3. You have an understanding of the AICPA Code of Professional Conduct that is sufficient to fulfill your responsibilities in
the audit of the group financial statements and will comply therewith. In particular, and with respect to [Name of Client]
and the other components of the group,
e
you are independent within the meaning of, and comply with the applicable
requirements of, Rule 101, Independence, and related Interpretations and Rulings of the Code of Professional Conduct
promulgated by the American Institute of Certified Public Accountants.
4. You have an understanding of U.S. generally accepted auditing standards that is sufficient to fulfill your responsibilities in
the audit of the group financial statements
f
and will perform your work on the financial information of [Name of
Component] in accordance with those standards.
5. You possess the special skills and industry-specific knowledge necessary to perform your work on the financial
information of [Name of Component] .
f
6. You have an understanding of U.S. generally accepted accounting principles
c
that is sufficient to fulfill your
responsibilities in the audit of the group financial statements.
f
Very truly yours,
g
With respect to the work that we will perform on the financial information of [Name of Component]
g
as of [Date]
g
and for
the [period OR year]
g
then ended, we make the representations stated above (indicate any exceptions).

h
We will inform you of any changes in the above representations during the course of our work.
Signature:
h
Name of Audit Firm:
h
Date:
h
a
The purpose of this letter is to (1) obtain an understanding of the component auditors competence and compliance with
independence and other ethical requirements and (2) confirm that the component auditor understands the context in
which their work will be used and agrees to cooperate with the group auditor. Because independence and competence
are preconditions for using the work of component auditors, this confirmation is ordinarily obtained before work on the
financial information of the component begins. This communication is not required to be in writing. The nature and extent
of the communication may depend on the group auditors previous experience with the component auditor and factors
such as whether the component auditor is a member of the group auditors same firm or a network firm or operates in
the same or a different jurisdiction. If the information in this letter is obtained orally, the communication should be
documented.
b
This letter does not specify the type of work the component auditor will perform on the financial information of the
component, but assumes that oral agreement has been reached on the general nature of that work (that is, whether it will
be an audit of financial statements; audit of specific elements, accounts, or items of a financial statement; specified audit
procedures; or a review of financial information). The letter can be tailored as desired to indicate the type of work.
Specific instructions and requirements are communicated to the component auditor using ASB-CL-14.9.
c
If the financial statements are prepared in accordance with an OCBOA, refer to the OCBOA used (for example, modified
cash basis of accounting or income tax basis of accounting). If the financial statements are prepared in accordance with
this language to refer to IFRS.
d
The components relationship to the client may be, for example, a wholly owned subsidiary, subsidiary, joint venture,
investee accounted for by the cost or equity method of accounting, branch, or division.
e
It may be necessary to provide a list of group components to facilitate obtaining this representation.
f
These statements pertain to the professional competence of the component auditor and may be omitted if the group
auditor obtains an understanding of the component auditors professional competence through other means.
g
h
ASB-CL-14.8: Letter of Instructions from Group Auditor to Component Auditors When Reference
Will Be MadePeriods Ending on or after December 15, 2012
a
[Date]
In connection with our audit of the financial statements of [Name of Client] for the [period OR year] ended [Date], in which
you are participating as auditors of [Name of Component] , please provide us with the following information:
1. At the conclusion of your audit, please provide us with a copy of the financial statements of [Name of Component] for
the [period OR year] ended [Date] and your report thereon.
2. Enclosed is a list of related parties (as defined by U.S. generally accepted accounting principles) of which we are aware
and a description of transactions with those parties.
Determine the existence of related-party relationships and identify transactions with them during the period and
balances with them at the end of the period,
Obtain an understanding of related-party relationships, and transactions sufficient to identify and assess the risks of
material misstatement of the group financial statements,
Examine identified related-party transactions and balances, and
As a participant in this audit, you should refer to the enclosed list and should be alert for any transactions with related
parties (those on the list or others that may come to your attention) during the conduct of your audit.
Based on the knowledge obtained during your audit, please advise us of other related parties not included on the list as
they become known to you and of transactions with related parties that differ from those described herein.
b
3. Please update your subsequent events procedures from the date of your report on the financial statements of [Name of
Component] to [Expected Date of Group Auditors Report] , the expected date of our report on the group financial
statements, and advise us of any subsequent events you identify that may require adjustment to, or disclosure in, the
c
In connection with your audit of [Name of Component] for the [period OR year] ended [Date] , we have identified
the following significant risks of material misstatement of the group financial statements that are relevant to your audit of
[Name of Component] :
d
[List identified significant risks of material misstatement relevant to the component.]
Please confirm in the space provided below your understanding of these instructions. After signing and dating your reply,
Very truly yours,
e
With respect to our audit of the financial statements of [Name of Component] ,
e
we confirm that your instructions are clear,
we understand them, and we will be able to comply with them (indicate any exceptions).

f
Signature:
f
Name of Audit Firm:
f
Date:
f
a
The purpose of this letter is to communicate the group auditors instructions and requirements to the component auditor
in accordance with AU-C 600.40.41 when the group auditor intends to make reference to the work of the component
auditor in the auditors report on the group financial statements. This letter is used in conjunction with the letter at
ASB-CL-14.6 to facilitate the required communications.
b
The term related parties is defined in FASB ASC 850-10-20. If additional related parties or transactions are identified later
in the group audit, forward a list of those parties and transactions with them to the component auditors. If this letter is
sent at interim, wording may be added to indicate that updated information will be forwarded at year-end. If the
component auditors advise you of other previously unidentified related parties, you should communicate those to any
other component auditors involved in the group audit.
c
This item is not required. Although subsequent events procedures are required for the period from the date of the
component auditors report to the date of the group auditors report, the procedures may be performed by the group
auditor. Other procedures group auditors may perform include requesting written representation from component
management, reading interim financial information of the component, making inquiries of group management, reading
minutes, or reading the subsequent years capital and operating budgets. If you are unable to obtain sufficient evidence
about subsequent events, consider the implications for the auditors report on the group financial statements.
d
To help facilitate effective two-way communication, group auditors are required to communicate this information to the
component auditor.
e
f
ASB-CL-14.9: Letter of Instructions from Group Auditor to Component Auditors When
Responsibility Will Be AssumedPeriods Ending on or after December 15, 2012
a, b, c
[Date]
In connection with our audit of the financial statements of [Name of Client] for the [period OR year] ended [Date] , we have
requested that you perform [Describe the type of work to be performed] .
d
Specific instructions and requirements for
performing that work are enclosed. Additional instructions are as follows:
1. Component materiality for purposes of your work is $ [Amount] .
e
2. Enclosed is a list of related-party relationships (as defined by U.S. generally accepted accounting principles) of which we
are aware and a description of transactions with those parties.
Determine the existence of related-party relationships, and identify transactions with them during the period and
balances with them at the end of the period,
Obtain an understanding of related-party relationships and transactions sufficient to identify and assess the risks of
material misstatement of the group financial statements,
Examine identified related-party transactions and balances, and
As a participant in this audit, you should refer to the enclosed list and should be alert for any transactions with related
parties (those on the list or others that may come to your attention) during the conduct of your work.
Based on the knowledge obtained during the performance or your work, please advise us of other related parties not
included on the list as they become known to you and of transactions with related parties that differ from those described
herein.
f
3. Please notify us of any significant risks of material misstatement of the group financial statements, due to fraud or error,
identified by you in [Name of Component] and your responses to such risks as soon as you identify them.
4. At the conclusion of your work, please provide us with [Describe the financial information to be provided.]
g
and
[Describe the form and content of the expected communication.]
h
and inform us about whether you have complied with
our requirements. In addition, please provide us with the following information:
a. Information on instances of noncompliance with laws or regulations at [Name of Component] or at the group level
that could give rise to a material misstatement.
b. A list of corrected and uncorrected misstatements of the financial information of [Name of Component] (the list
need not include misstatements that are below $ [Trivial Amount] ).
c. Indicators of possible management bias regarding accounting estimates and the application of accounting
principles.
d. Description of any identified material weaknesses and significant deficiencies in internal control at [Name of
Component] .
e. Other significant findings and issues that you communicated or expect to communicate to those charged with
governance of [Name of Component] , including fraud or suspected fraud involving (i) component management,
(ii) employees who have significant roles in internal control at [Name of Component] , or (iii) others that resulted in
a material misstatement of the financial information of [Name of Component] .
f. Any other matters that may be relevant to the group audit or that you wish to draw to our attention, including
exceptions noted in the written representations that you requested from management of [Name of Component] .
5. Please perform subsequent events procedures from [Date of Financial Information] to [Expected Date of Group
Auditors Report] , the expected date of our report on the group financial statements, and advise us of any subsequent
events you identify that may require adjustment to, or disclosure in, the group financial statements.
i
In connection with your work on the financial information of [Name of Component] for the [period OR year] ended [Date] ,
we have identified the following significant risks of material misstatement of the group financial statements that are relevant to
your work on [Name of Component] :
j
[List identified significant risks of material misstatement relevant to the component.]
Please confirm in the space provided below your understanding of these instructions. After signing and dating your reply,
Very truly yours,
k
With respect to the work that we will perform on the financial information of [Name of Component] ,
k
we confirm that your
instructions are clear and we understand them, we will be able to comply with your instructions, and we will cooperate with
you and provide you with access to relevant audit documentation (indicate any exceptions).

l
Signature:
l
Name of Audit Firm:
l
Date:
l
a
The purpose of this letter is to (1) communicate the group auditors instructions and requirements to the component
auditor in accordance with AU-C 600.40.41 and AU-C 600.59.60 when the group auditor intends to assume
responsibility for the work of the component auditor in the audit of the group financial statements and (2) obtain
confirmation from the component auditor that they understand and will comply with the group auditors instructions. This
letter is used in conjunction with the letter at ASB-CL-14.7 to facilitate the required communications. It is not necessary
for the communications between the group auditor and component auditor to be in writing. For example, the group
auditor may visit the component auditor to discuss significant risks or to review the component auditors workpapers.
When the component auditor is a member of the group auditors same firm, communication may be accomplished by
sharing the group auditors audit strategy, risk assessment, and audit plan and reviewing the component auditors
workpapers. In the absence of written communication, the requirement to document the nature, timing, and extent of
involvement in the component auditors work, including the review of their documentation and conclusions thereon, as
well as general requirements for audit documentation, apply.
b
Tailor this letter based on the type of work being performed by the component auditor. For example, if the component
auditor will be performing specified audit procedures, communication of component materiality is not necessary and it
may not be necessary to request information about exceptions to written representations.
c
Other matters that may be communicated to the component auditor include the following:
Deadlines for completing the work.
Dates of planned visits or meetings.
A list of key contacts.
Coordination arrangements, including the nature of the group auditors planned involvement in the work.
Work to be performed on intercompany accounts, transactions, profits, or losses.
Results of the group auditors tests of common control systems, and tests of controls to be performed by the
component auditor.
Findings of internal auditors relevant to the component.
A request for timely communication of matters that may alter the group auditors risk assessment, significant
accounting or auditing matters (including significant contingencies, estimates, and judgments), significant or
unusual events, or going concern issues.
A request for written representation from component management about compliance with GAAP or a statement that
differences in accounting between the component and the group have been disclosed.
Specific matters for the component auditor to document.
d
The type of work may be an audit of financial statements; audit of specific elements, accounts, or items of a financial
statement; specified audit procedures; or a review. The letter may state, for example, an audit of the financial statements
of [Name of Component] for the year ended [Date] or an audit of accounts receivable of [Name of Component] as of
[Date] .
e
Communication of component materiality is not applicable when the component auditor performs only specified audit
procedures. In some cases, it may be necessary to communicate an amount lower than component materiality for
particular account balances, transaction classes, or disclosures. That may be communicated in addition to component
materiality for an audit or review, or when the component auditor performs an audit of specific elements, accounts, or
items of a financial statement.
f
The term related parties is defined in FASB ASC 850-10-20. If additional related parties or transactions are identified later
in the group audit, forward a list of those parties and transactions with them to the component auditors. If this letter is
sent at interim, wording may be added to indicate that updated information will be forwarded at year-end. If the
component auditors advise you of other previously unidentified related parties, you should communicate those to any
other component auditors involved in the group audit.
g
The communication should ask the component auditor to identify in their report the financial information of the
component on which they are reporting. For example, the letter may specify the financial statements of [Name of
Component] for the year ended [Date] or a schedule of accounts receivable for [Name of Component] as of [Date]
. The specific financial information identified is later compared with information included in the group financial
statements during the performance of substantive procedures at the group level.
h
The communication should specify the form and content of the expected communication from the component auditor at
the conclusion of their work. For example, the communication may ask for an auditors report, a review report indicating
whether any material modifications should be made to the component financial information for it to be in conformity with
GAAP, or a report of findings and conclusions based on specified audit procedures.
i
This item is not required. Although subsequent events procedures are required for the period from the date of the
components financial information to the date of the group auditors report, the procedures may be performed by the
group auditor. Other procedures group auditors may perform include requesting written representation from component
management, reading interim financial information of the component, making inquiries of group management, reading
minutes, or reading the subsequent years capital and operating budgets. If you are unable to obtain sufficient evidence
about subsequent events, consider the implications for the auditors report on the group financial statements.
j
To help facilitate effective two-way communication, group auditors are required to communicate this information to the
component auditor.
k
l
AUDIT PROGRAMSCORE (ASB-AP)
Instructions
This section includes audit programs for audit areas common to a nonpublic company. If you are performing an initial audit,
you should also use the audit programs included in the ASB-IA section of this Guide. These programs are designed to
correspond to the conclusions about audit approach documented on the Risk Assessment Summary Form at ASB-CX-7.1.
(However, audit programs are not used for those audit areas where the auditor has documented on ASB-CX-7.1 that a Limited
Procedures Approach is appropriate.) The audit program for each audit area includes a Basic Procedures section and a
section of Extended Procedures (Procedures for Additional Assurance). The Assertions column lists the assertions about
which each audit procedure provides assurance. A bracket around an assertion code means that the procedure provides
secondary, rather than primary, assurance about that assertion. Chapter 4 discusses planning and preparing efficient audit
programs.
If the Risk Assessment Summary Form at ASB-CX-7.1 indicates that performing primarily substantive analytical procedures
and certain tests of details (most of which are required by auditing standards) is appropriate, complete the Basic
Procedures section of the program.
If the Risk Assessment Summary Form at ASB-CX-7.1 or the results of audit procedures performed indicates that, in
addition to the basic procedures section of the program, procedures are needed to provide additional assurance for one or
more assertions, select relevant procedures from the Extended Procedures (Procedures for Additional Assurance) section
of the program. You may indicate the choice of a procedure by placing a checkmark in the box provided or circling the
assertion(s) for which the additional assurance is needed. It is not necessary to write N/A by procedures you have not
chosen to perform. Electronic users can simply delete the steps they do not wish to perform. Space is provided at the end of
the Extended Procedures (Procedures for Additional Assurance) section of the program to describe any other unique
procedures performed to obtain additional assurance and to respond to the assessed risks of material misstatement. It is
anticipated that tailoring will be necessary to ensure that the final audit program for each audit area reflects those procedures
that appropriately address the assessed risks for a particular client.
The completion of audit program steps can be indicated by initialing and dating the N/A Performed by and Date column.
Where applicable, steps may be cross-referenced to the workpapers that document the procedures in the Workpaper Index
column. If an audit step has supporting workpapers, some auditors may choose to sign, but not date, that step on the audit
program since the supporting workpapers should indicate the date the procedures were performed.
The audit programs include practical considerations designed to provide useful advice to consider when applying specific
audit steps. For ease of review, the practical considerations have been shaded in the N/A Performed by and Date column. It
is not necessary to initial and date the practical considerations. However, firms may prefer that auditors sign-off these steps
Noted. If so, this decision can be documented in the Firm Policies (ASB-FP) section of this Guide. Some subscribers prefer
to use the audit programs without the practical considerations. Users of the CD version of the Guide, PPCs Practice Aids, and
PPCs SMART Practice Aids are provided the option of turning off the practical considerations.
The Other Audit Procedures sections of the programs include procedures that may be warranted due to specific
circumstances of some engagements. To avoid undue complexity, the procedures are responsive to the nature of the
circumstances (such as uncommon transactions or accounts) but are not further categorized as Basic Procedures or
Extended Procedures (Procedures for Additional Assurance).
Section ASB-AP-S of this Guide includes substantive audit programs for general ledger account groupings common to many
small nonpublic companies based on a set of underlying risk assumptions at the assertion level. You may modify or
supplement procedures in the specified risk audit programs with procedures from the core audit programs. (The core audit
programs designate with an S those steps that have already been included in the specified risk audit programs.)
Generator.
firms workpapers.
PPCs Practice Aids are Word and Excel versions of all editable practice aids contained in your PPC Guide.
products can be ordered by calling your representative at (800) 431-9025. Engagement CS can be ordered at (800) 968-8900
or from the Creative Solutions website at cs.thomsonreuters.com.
Caution: Copies of these programs should be used only to assist you and should not be used in any published document
These programs are updated annually to keep your Guide current with the latest authoritative literature. Thus, if your firm
keeps an inventory or master copies of audit programs, make sure they have not become outdated by subsequent changes.
To determine whether changes have been made to programs in the latest edition of this Guide, refer to the List of Substantive
Changes and Additions, which is furnished with the annual update.
you may have to improve the usefulness of the audit programs.
ASB-AP-1: Audit Program for General Planning Procedures
Audit
Objectives Audit Procedures for Consideration
N/A
Performed by
and Date
Workpaper
Index
AUDIT OBJECTIVES
The objectives in this program are naturally general in nature and
are not necessarily related to specific financial statement assertions.
A. The audit has been properly planned, including developing an
audit strategy, making an appropriate assessment of audit risk,
and developing an audit plan. When applicable, subsequent
changes to planning matters have been appropriately
considered and documented.
B. Engagement team members have been properly directed and
supervised.
C. The audit documentation and financial statements have been
reviewed in accordance with firm policies.
D. The firms quality control procedures for independence and
other ethical requirements, client and engagement acceptance
and continuance, human resources, and engagement
performance have been followed.
IDENTIFICATION CODES
The letters preceding each of the above audit objectives (e.g., A, B, etc.) serve as
identification codes. These codes are presented in the left column labeled Audit
Objectives when a procedure accomplishes an objective. If the alpha code appears
in a bracket (e.g., [A], [B], etc.), the audit procedure only secondarily accomplishes
the objective. If an asterisk (*) precedes a procedure, it is a preliminary step or
follow-up step.
BASIC PROCEDURES
A, D
S
1. Prior to other significant audit activities, perform client
acceptance or continuance procedures by completing or
updating ASB-CX-1.1.
The auditors responsibilities under professional standards
regarding client acceptance and continuance decisions are
Be alert throughout the engagement for evidence of
noncompliance with independence and other ethical
requirements by members of the engagement team.
If information is obtained that would have caused the firm to
decline the engagement if the information had been
available earlier, the engagement partner should notify the
firm. Consider whether there are professional and legal
responsibilities, such as a requirement to report to
regulatory authorities, or whether it may be necessary to
withdraw from the engagement or client relationship.
Audit
N/A
Performed by
and Date
Workpaper
Index
A
S
2. Review correspondence files, prior-period workpapers,
permanent files, financial statements, and auditors reports.
Also, read any current-year interim financial statements.
A
S
3. Establish and document an overall audit strategy that sets the
scope, timing, and direction of the audit and the resources
needed to perform the engagement.
Audit strategy is discussed beginning at paragraph 306.53.
Auditing standards do not require all of the matters that
affect audit strategy to be documented in one place, such as
in a separate audit strategy memorandum. However, a brief
memo that outlines key decisions about the overall scope,
timing, and conduct of the audit can serve as the basis for
planning the current engagement. Subsequent changes in
the strategy, if any, can be documented on the original
memo.
When developing the audit strategy, consider significant
internal and external developments identified during
acceptance and continuance procedures, the agreed-upon
terms of the engagement, and the results of previous
engagements.
Establishing the overall audit strategy need not be complex
or time consuming. Many of the matters that relate to the
overall audit strategy are documented in the normal course
of completing this audit program and the related practice
aids. For example, the determination of materiality
(ASB-CX-2), overall risks and responses at the financial
statement level and significant audit areas (ASB-CX-7.1),
significant transaction classes (ASB-CX-4.1), and the basis
of reporting and industry-specific reporting requirements
(ASB-CX-3.1) are already documented and need not be
repeated as part of this step.
Other matters that might be documented as part of this step
include the following:
Reporting deadlines and key dates for expected
meetings and communications with management and
In a group audit, identification of components that are
likely to be significant, the expected use of component
auditors on the engagement, and whether the planned
approach includes assuming responsibility for the work
of component auditors or making reference to them in
the auditors report.
Whether specialized knowledge is needed and, if so,
the expected use of specialists.
Audit
N/A
Performed by
and Date
Workpaper
Index
When service organizations are used, how evidence
about the design or operation of controls can be
obtained.
If the work of internal auditors will be used on the
engagement, how it will be used.
If procedures will be performed at multiple locations,
the locations and nature of procedures to be
performed.
If data extraction software will be used on the
engagement, how it will be used (see also
ASB-CX-11.5, which can be used for planning and
documenting the use of DES).
If controls will be tested, the planned approach to tests
of controls, including the audit areas or transaction
classes involved, and whether tests will be performed
in the current year or reliance will be placed on control
tests performed in a prior year.
Any procedures that will be performed at an interim
date.
A preliminary identification of areas that have a high risk
of material misstatement.
Selection of audit team members; assignment of work;
and how resources will be managed, directed, and
supervised.
Whether the engagement meets the firms criteria for
requiring an engagement quality control review.
A, D
S
4. Establish and document an understanding with the client by
performing the following procedures:
a. Provide an engagement letter to the client and obtain an
acknowledgment. (See the letter at ASB-CL-1.1.)
It is not appropriate to commence the audit if
management does not acknowledge its responsibilities
as stated in the engagement letter. For audits of
periods ending on or after December 15, 2012, the
auditor is specifically precluded from accepting the
engagement if management does not acknowledge its
responsibilities. (AU-C 210.06)
If nonattest services (such as bookkeeping and tax
return preparation) are part of the engagement,
auditors should document their understanding with the
client regarding performance of those services.
ASB-CX-1.2 provides a form for documenting the
Audit
N/A
Performed by
and Date
Workpaper
Index
understanding, if not done in the engagement letter.
b. Discuss the type, expected scope, and timing of the audit
with management. Also discuss adequacy of working
space for the audit team, access to client records, and
assistance, if any, to be provided by the client.
Consider the schedules and account analyses that will
be needed in the performance of planned audit
procedures. To avoid unnecessary time and delays
during the audit, the client might be given a listing of
such items (along with desired formats) for preparation
prior to the auditors arrival for fieldwork. ASB-CL-12.6
provides a drafting form that may be used to request
items from the client.
A 5. Communicate your responsibilities under GAAS and an
overview of the planned scope and timing of the audit,
including the nature and timing of expected communications,
to those charged with governance.
The communication with those charged with governance
about auditor responsibilities and planned scope and timing
may be oral or written, but it should be documented. An
engagement letter, such as the one at ASB-CL-1.1, may be
used to communicate the required matters, as long as the
letter is provided to those charged with governance.
Alternatively, ASB-CL-5.1 illustrates a separate
communication of audit matters to those charged with
governance during the planning phase of the audit. Section
1815 discusses communication with those charged with
governance.
A
S
6. Review the minutes of the board of directors and committee
meetings for the audit period and any new agreements, leases,
contracts, or other important documents. Also inspect
correspondence, if any, with relevant licensing or regulatory
authorities. Obtain abstracts or copies as needed for the
current or permanent workpaper files. Highlight matters
relevant to the audit or for which disclosure should be made.
For audits of periods ending on or after December 15, 2012,
auditors are specifically required to inspect correspondence
with relevant licensing or regulatory authorities to identify
instances of noncompliance that could potentially be
material to the financial statements.
For audits of periods ending on or after December 15, 2012,
auditors are specifically required to inspect minutes for the
existence of related party relationships or transactions that
management has not identified or disclosed to the auditor.
Audit
N/A
Performed by
and Date
Workpaper
Index
The review of minutes is also performed to identify litigation,
claims, and assessments.
Abstracts or copies of significant contracts or agreements
inspected should be included in the audit documentation.
The authors believe that those documents may be
maintained in either the current or permanent workpaper file
and recommend that documents with carryforward value
(such as significant leases, purchase agreements,
partnership agreements, etc.) be maintained in the
permanent workpaper file.
A
S
7. Perform the following risk assessment procedures:
a. Obtain and document an understanding of the entity and
its environment, and identify risks by completing or
updating ASB-CX-3.1.
During the course of obtaining or updating the
understanding, the auditor should perform inquiry,
observation, and inspection procedures.
Consider risks by determining what can go wrong at
the financial statement level and at the relevant
assertion level related to classes of transactions,
account balances, and disclosures.
When obtaining an understanding of the entity and its
environment, be alert for and inquire about matters that
could give rise to significant risks, including (a)
significant transactions with related parties; (b)
estimates involving a high degree of measurement
uncertainty; (c) transactions that are outside the normal
course of business or that otherwise appear unusual;
(d) potential contingencies arising from litigation,
claims, assessments, or noncompliance with laws and
regulations; and (e) any other significant economic,
accounting, or other developments that may require
specific attention during the audit.
If interim financial statements have been reviewed,
consider whether information from the results of those
reviews may be relevant to identifying risks of material
misstatement. AU-C 930, Interim Financial Information,
b. Complete ASB-CX-3.2 to document your engagement
team discussion about the susceptibility of the entitys
financial statements to material misstatements due to
fraud or error and the application of GAAP to the entitys
facts and circumstances.
c. Complete ASB-CX-3.3 to document your inquiries of
management and others about fraud and compliance with
Audit
N/A
Performed by
and Date
Workpaper
Index
d. Obtain and document an understanding of the entitys
internal control system by completing or updating
ASB-CX-4.1, ASB-CX-4.2 (for each significant transaction
class), and ASB-CX-4.3 (for each walkthrough performed).
In smaller entities, if you do not identify many control
activities, consider whether it will be possible to obtain
sufficient appropriate audit evidence.
Be sure to document an understanding of controls
related to fraud risks and other significant risks
identified during risk assessment. Significant risks often
relate to matters such as (a) significant transactions
with related parties; (b) estimates involving a high
degree of measurement uncertainty; (c) transactions
that are outside the normal course of business or that
otherwise appear unusual; (d) potential contingencies
arising from litigation, claims, assessments, or
noncompliance with laws and regulations; and (e)
other significant economic, accounting, or other
developments that require specific attention during the
audit. Management ought to have a process in place
for identifying and addressing those matters so they do
not result in material misstatement of the financial
statements.
If an auditor is engaged to perform an integrated audit
(an audit of an entitys financial statements and an
examination of its internal control) under AT 501,
guidance and practice aids (including an addendum to
the general audit programs and a separate audit
program for internal control) are provided in PPCs
Guide to Nontraditional Engagements.
e. Apply and document preliminary analytical procedures by
(1) comparing account balances for the current period to
similar amounts in the prior-period annual or interim
financial statements or other expectations and (2)
performing analytical procedures specifically related to
revenue to identify potential fraudulent financial reporting.
Identify unusual or unexpected balances or relationships
and consider whether matters identified have financial
statement and audit planning implications, such as
whether they indicate a higher risk of material
misstatement due to error or fraud.
Risks identified when performing preliminary analytical
procedures should be considered when identifying and
assessing risks on the risk assessment summary form.
Audit
N/A
Performed by
and Date
Workpaper
Index
Ordinarily, comparison of current and prior-period
account balances for revenue accounts will not be
sufficient to identify potential fraudulent financial
reporting, and other types of analytical procedures
need to be used. The types of procedures that may be
appropriate are discussed in section 301. The
procedures should be updated during the final review
stage of the audit.
If financial statements are unavailable, unadjusted
working trial balance amounts may be compared to
prior-period adjusted amounts. If the number and
significance of expected adjustments makes such a
comparison meaningless, document that judgment and
consider other factors for the affected accounts. For
example, consider the relationship to other items in the
current period or perform ratio analysis.
Common solvency, profitability, and activity ratios, and
ratios of financial to nonfinancial information (for
example, current ratio, debt to equity, gross profit,
inventory turnover, etc.) may also improve the auditors
understanding of the company and its operations.
Ratios involving information employees generally are
unable to adjust or manipulate, such as cash flows,
industry data, and nonfinancial data, may be useful in
identifying risks of material misstatement.
Documentation of preliminary analytical procedures
can be limited, but it needs to be sufficient to provide
support for the auditors risk assessment. The results of
the preliminary analytical review ordinarily are
documented using a narrative memorandum,
comparative carryforward schedule, or other form of
workpaper. Documentation may also include the effect
on the audit plan or indicate that the results were
considered when identifying fraud risks.
f. Perform a retrospective review of significant accounting
estimates reflected in the prior year financial statements to
determine whether their outcome or subsequent
reestimation indicates risks of material misstatement of
current year accounting estimates or a possible bias on
the part of management that may represent a risk of
material misstatement due to fraud.
A retrospective review of significant accounting
estimates for bias should be performed to address the
risk of management override of controls.
When testing for bias, significant estimates selected for
retrospective review should include those that are
Audit
N/A
Performed by
and Date
Workpaper
Index
based on highly sensitive assumptions or are otherwise
significantly affected by management judgments. The
nature and extent of the review is a matter of
professional judgment. It may not be necessary to
review the outcome of every accounting estimate.
The retrospective review of prior year accounting
estimates may also provide (a) information about the
effectiveness of managements prior estimation
process that can be used when evaluating their current
estimation process, (b) audit evidence relevant to
revising the estimates in the current period, or (c)
evidence of matters requiring disclosure such as
estimation uncertainty. This review is required to be
performed as a risk assessment procedure under AU-C
540, Auditing Accounting Estimates, Including Fair
Value Accounting Estimates, and Related Disclosures,
for audits of periods ending on or after December 15,
2012. As a practical matter, the retrospective review
performed as a risk assessment procedure may be
done in conjunction with the retrospective review for
bias. It is important to ensure that the procedures
performed satisfy both objectives.
A
S
8. Determine and document materiality levels by completing
ASB-CX-2.1.
A
S
9. Assess the risk of material misstatement of the financial
statements and develop your responses by completing
ASB-CX-7.1.
A, D 10. Develop an audit plan by performing the following procedures:
S
a. Prepare audit work programs for each significant area
covered by the audit, giving effect to the risk assessment,
audit approach, and other responses summarized at
ASB-CX-7.1.
S
b. Ensure that the selection of audit procedures from year to
year incorporates an element of unpredictability.
c. For any audit areas and assertions at ASB-CX-7.1 that
have a reduced control risk assessment, either because
of an expectation of the operating effectiveness of
controls or because substantive procedures alone will not
provide sufficient audit evidence, perform tests of controls
to support your risk assessment. Tests of controls can be
documented using ASB-CX-10.1.
Section 405 provides guidance on developing the detailed
audit plan.
Tests of controls may be necessary to obtain sufficient audit
evidence when a significant amount of information is
Audit
N/A
Performed by
and Date
Workpaper
Index
electronically initiated, recorded, processed, or reported.
This is often encountered for clients in certain specialized
industries, such as financial services, or clients with
complex computer systems or sophisticated applications.
Circumstances where tests of controls should be performed
are related more to the nature and complexity of the clients
systems than to the clients size.
A, D
S
11. Determine staffing assignments based on consideration of
audit risk, and discuss the audit objectives, audit strategy,
audit plan responsibilities, and key dates with the engagement
team.
Audit staffing and supervision need to reflect the auditors
risk assessment. Also, consider the firms quality control
policy when making staffing decisions and plan the nature,
timing, and extent of supervision, including review of the
audit teams work.
Matters to be discussed with the engagement team by the
engagement partner include, among other things:
Matters that affect the nature, timing, and extent of the
audit procedures that assigned staff are to perform
(e.g., key dates such as inventory observation, mailing
of confirmations, reporting deadlines, etc.).
A reminder to prepare audit documentation timely and
that significant audit and accounting issues that are
raised during the audit need to be brought to the
attention of individuals with final authority.
A reminder to bring areas of audit difficulty, such as
missing documents or client resistance in providing
access to information, to the attention of appropriate
individuals in the firm.
The susceptibility of the clients financial statements to
material misstatement, including fraud, and a reminder
to maintain appropriate professional skepticism.
A reminder to accept client records and documents as
genuine, but investigate further if conditions indicate
that a document may not be authentic or that changes
were made and not disclosed.
The importance of audit quality and compliance with
independence and other ethical requirements.
Any matters discussed during the engagement team
discussion that need to be communicated to
engagement team members who did not participate in
that discussion.
Audit
N/A
Performed by
and Date
Workpaper
Index
B, C
S
12. Obtain partner approval of the audit strategy, audit work
programs, staff assignments and, if applicable, time budgets.
The engagement partner should be satisfied that the
engagement team and any specialists, collectively, have the
competence and capabilities to perform the audit in
accordance with professional standards and applicable
legal and regulatory requirements and to enable the
issuance of an appropriate auditors report.
PPCs Workpapers for Nonpublic Companies provides an
electronic Time Control worksheet that can be used for
budgeting, recording actual time incurred, and variance
analysis.
A 13. Consider the need to apply one or more additional procedures.
Certain common additional procedures relating to the
following topics are illustrated in the Other General
Planning ProceduresI section of the core audit planning
program:
Audits of group financial statementsperiods ending
on or after December 15, 2012.
Using the work of other auditorsperiods ending
before December 15, 2012.
Involvement of another office, correspondent, or
affiliate.
Using the work of an auditors specialistperiods
Using the work of a managements specialistperiods
Using specialists on the engagement teamperiods
Using the work of a specialistperiods ending before
December 15, 2012.
Using the work of internal auditors.
Use of service organizations.
Conclusion
*
S
14. We have performed procedures and obtained audit evidence
sufficient to achieve the audit risk assessment and planning
objectives. The procedures performed, evidence obtained, and
our conclusions are adequately documented. (If you are
unable to conclude on any objective, prepare a memo
documenting your reason and the implications for the
Audit
N/A
Performed by
and Date
Workpaper
Index
engagement, including the audit report.)

Other General Planning Procedures
Instructions: Additional procedures may be necessary on some engagements. The following listing, although
not all-inclusive, represents common additional procedures and their related objectives.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Audits of Group Financial StatementsPeriods Ending on or after
December 15, 2012
A, C, [D] Perform the following procedures for audits of group financial
statements:
a. Identify the components of the group and determine whether
to act as auditor of the group financial statements.
The decision about whether to act as group auditor and
issue the report on the group financial statements is made
as part of client acceptance and continuance. Relevant
factors include the materiality of the portion of the financial
statements audited by you compared to the portion audited
by component auditors, the extent of your knowledge of the
overall financial statements, and the extent to which
significant risks of material misstatement are included in
components audited by component auditors. ASB-CX-1.1
includes special considerations for acceptance or
continuance of a group audit, including deciding whether
to act as auditor of the group financial statements.
Group components can be documented on ASB-CX-11.6,
Documentation and Analysis of Group Components.
Consider the components when obtaining an
understanding of the entity and its environment, including
group-wide controls and the consolidation process,
sufficient to assess the risks of material misstatement of the
group financial statements. The results of your risk
assessment may change or confirm your preliminary
conclusions about which components are significant to the
group.
b. Determine whether it will be feasible to obtain information
affecting the consolidation from component auditors, the
extent of involvement in the work of component auditors that
will be possible, and whether a separate auditors report will
be issued for any components.
This consideration may affect your decision about whether
to use the work of a component auditor and, if so, whether
to make reference to his or her work or assume
responsibility for it. For example, it may not be feasible to
obtain the information needed from a component auditor if
the audit of a component will not be completed in time to
meet the groups reporting deadlines. Similarly, it may not
be possible to assume responsibility for the work of a
component auditor if the opportunity to be involved in that
work is less than what you believe is necessary.
c. When a component auditor will issue a separate auditors
report to which you intend to make reference, perform the
following procedures:
(1) Determine whether (a) the components financial
statements are prepared on the same accounting basis
as the group financial statements (for example, GAAP or
an OCBOA), (b) the component auditor performed its
audit in accordance with GAAS, and (c) the component
auditors report is unrestricted.
(2) Determine whether the component auditor understands
and will comply with independence and other ethical
requirements.
(3) Evaluate the component auditors competence by
communicating with the component auditor and
performing procedures such as inquiring about the
component auditors professional reputation and
standing and reviewing the results of peer reviews or
other inspections.
(4) Document the decision about whether to make reference
using ASB-CX-11.6.
ASB-CX-11.6 provides for partner approval of the decision
about whether to make reference.
It is not appropriate to make reference to the work of a
component auditor in the auditors report on the group
financial statements unless the preceding conditions are
met. If the conditions are not met, you need to assume
responsibility for the work of component auditors, including
performing the additional procedures necessary when
responsibility is assumed. If the conditions are met, the
authors recommend making reference for efficiency
reasons.
A component auditors lack of industry-specific knowledge
or other less serious concerns about competence do not
preclude making reference to the component auditor if the
concerns can be overcome by the group auditor being
more involved in the component auditors work or
performing additional procedures on the components
financial information.
The letter at ASB-CL-14.6 can be used to obtain
confirmation from component auditors about their
independence, skills, and understanding of auditing and
accounting requirements when reference will be made.
Information about the competence of component auditors
may also be obtained from the AICPA, state licensing
boards, state society of CPAs, or other professional
organizations; by reviewing peer review or inspection
reports on the auditors firm; or from previous experience
with the auditor. Procedures to evaluate competence are
ordinarily more extensive in the first year of a component
auditors involvement than in subsequent years.
When the component auditor is a member of the same firm,
or a network firm that is subject to the same quality control
policies and procedures as the group auditor, procedures
to evaluate competence and compliance with
independence and other ethical requirements may be
limited to reviewing the results of quality control monitoring
(for example, monitoring of independence and continuing
professional education).
The decision about whether to make reference is made
separately for each component auditor. For example, you
may decide to assume responsibility for the work of a
component auditor who is a member of your firm or a
network firm, but to make reference to the work of a
component auditor from another firm.
d. Determine and document the type of work (that is, audit,
review, specified audit procedures, etc.) to be performed for
each component for which you will assume responsibility and
whether a component auditor will be used to perform that
work, by completing ASB-CX-11.6.
Section 904 provides guidance on determining the type of
work to perform on components.
Your procedures may vary depending on the information
documented at ASB-CX-11.6. For example, the
communication of instructions to the component auditor
and evaluation of his or her findings is ordinarily less
extensive when specified audit procedures are performed
to address a specific risk than when an audit is performed.
e. If a component auditor will be used to perform work for which
you will assume responsibility, perform the following
procedures:
(1) Obtain a representation from the component auditor
about whether the component auditor understands and
will comply with independence and other ethical
requirements.
(2) Evaluate the component auditors competence by
performing procedures such as inquiring about the
component auditors professional reputation and
standing and reviewing the results of peer reviews or
other inspections.
It is not appropriate to use the work of a component auditor
if there are serious concerns about competence or if the
component auditor is not independent.
The letter at ASB-CL-14.7 can be used to obtain
confirmation from component auditors about their
independence, skills, and understanding of auditing and
accounting requirements when responsibility will be
assumed.
f. Determine component materiality for any components on
which you will perform, or request a component auditor to
perform, an audit or review by completing ASB-CX-2.2.
It is not necessary to determine component materiality for
all components.
When a separate auditors report will be issued for a
component, for example, because its debt agreements
require audited financial statements, it can ordinarily be
assumed that the level of materiality determined by the
component auditor for purposes of that audit is acceptable
for the group audit.
g. Communicate appropriate instructions and requirements to
component auditors.
The letter at ASB-CL-14.8 can be used to communicate
instructions and requirements when you will make
reference to the work of a component auditor. The letter at
ASB-CL-14.9 can be used to communicate instructions and
requirements when you will assume responsibility for the
work of a component auditor.
The letters at ASB-CL-14.3 and ASB-CL-14.4 can be used
when component auditors request information from the
group auditor.
h. Perform the following additional procedures if assuming
responsibility for the work of component auditors for
significant components:
(1) Discuss the components business activities of
significance to the group with the component auditor or
component management to identify potential risks of
(2) Discuss with the component auditor the susceptibility of
the components financial information to material
This step may be accomplished by including the
component auditor in the engagement team
discussion documented at ASB-CX-3.2.
(3) Review the component auditors documentation of
identified significant risks of material misstatement of the
(4) Evaluate the appropriateness of component performance
materiality.
(5) Evaluate the appropriateness of the component auditors
planned audit procedures to respond to identified
significant risks of material misstatement of the group
financial statements and determine whether it is
necessary to be involved in those procedures.
i. If information comes to your attention during the audit that
may be significant to the financial statements of a component
being audited by a component auditor, but of which
component management may not be aware, ask group
management to provide that information to component
management. If management refuses, discuss the matter with
those charged with governance. If the matter remains
unresolved, consider whether to advise the component
auditor not to issue his or her report until the matter is
resolved and whether to withdraw from the engagement.
j. Evaluate the adequacy of the component auditors work by
performing the following procedures:
(1) If making reference to the work of a component auditor:
(a) Read the components financial statements,
component auditors report, and any
communication from the component auditor.
(b) Discuss significant findings or issues with the
component auditor, component management, or
group management, as appropriate.
(2) If assuming responsibility for the work of a component
auditor:
(a) Evaluate the component auditors communication
and, if applicable, read the components financial
statements and the component auditors report.
(b) Discuss significant findings or issues with the
component auditor, component management, or
group management, as appropriate.
(c) Determine whether it is necessary to review relevant
parts of the component auditors workpapers.
(d) If the component auditors work is insufficient,
perform additional procedures or request that the
component auditor perform them.
If the component auditor identifies misstatements,
significant deficiencies or material weaknesses in internal
control, fraud or suspected fraud, noncompliance with laws
or regulations, or possible management bias in accounting
estimates, address those matters as indicated in the audit
program for general auditing and completion procedures.
k. Evaluate whether sufficient audit evidence on which to base
the group audit opinion has been obtained from the audit
procedures performed on the consolidation process and the
work performed on the financial information of the
components.
l. For components for which reference is made, include the
components financial statements and component auditors
report in the audit documentation.
m. Document the nature, timing, and extent of your involvement
in the work of component auditors including, if applicable,
your review of the component auditors workpapers and
conclusions thereon.
The requirements of AU-C 600, Special ConsiderationsAudits
of Group Financial Statements (Including the Work of
Component Auditors), apply to audits of consolidated or
combined financial statements, including branches or divisions.
Some requirements, such as determining the type of work to be
performed on each component, apply regardless of whether
component auditors are involved. Other requirements apply only
when component auditors are involved, including when one or
more components are audited by other offices of the same audit
firm.
These procedures do not apply when other auditors are involved
in audits of financial statements that are not group financial
statements, such as when another auditor is used to observe
inventory at a remote location. However, the guidance in AU-C
600 may be useful in those situations.
PPCs Guide to Auditors Reports provides guidance and report
examples for group audits, including how to make reference to a
component auditor in the auditors report on group financial
statements, how to report when the component auditors opinion
is modified or their report includes an emphasis-of-matter or
other-matter paragraph that affects the auditors report on the
group financial statements, and how to report when a
component auditor is named in the auditors report on the group
Section 904 of this Guide discusses group audits and provides a
complete listing of the requirements of AU-C 600.
complete listing of the requirements of AU-C 600.
The procedures in this section are applied in addition to, and in
conjunction with, the other procedures for an audit engagement
using the practice aids in this Guide, as follows:
ASB-AP-1 provides for consideration of the use of
component auditors when developing the group audit
strategy.
ASB-CL-1.1 includes practical considerations appropriate
for group audits when agreeing on the terms of the
engagement.
ASB-CX-4.2.1 is used to document your understanding of
group-wide controls, the consolidation process, and the
instructions issued by group management to components.
ASB-CX-2.1 is used to determine materiality for the group
ASB-AP-8 provides substantive procedures for auditing the
consolidation process involving investments accounted for
using the equity or consolidation methods, including
evaluating whether all components are included, testing
consolidation entries and adjustments, con

Asb

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Asb

Uploaded by

Copyright:

Available Formats

ASB 4/12 Page 1Printed: 9/17/2012 2:52:40 PM

Copyright 2012 Thomson Reuters/PPC. All Rights Reserved.

You might also like