You are on page 1of 38

AUD - Notes Chapter 1

http://www.cpa-cfa.org

Audited F/S The Basics


Companys mgmt responsible to prepare the F/S
Auditors responsible to express an opinion on the F/S and on mgmts assertion on internal controls (if public)
The primary assertion is whether the statements are presented fairly in accordance with GAAP

Professional Standards
Generally Accepted Accounting Standards GAAS
Generally Accepted Government Auditing Standards GAGAS
The Public Company Accounting Oversight Board PCAOB
- Public accounting firms must register with PCAOB in order to audit public companies
- Registered firms are subject to board inspection, disciplinary proceedings, and sanctions
GAAS TIP PIE ACDO
General standards TIP
T Training
I Independence (in fact and appearance)
P Professional Care
Standards of Field Work PIE
P Planning and supervision
I Internal control, entity and environment
Strong controls imply the auditor will require less evidence
Weak controls imply the auditor will require more evidence (more work)
An exam trick; weak internal controls does not equal an adverse opinion
E Evidence
Standards of Reporting ACDO
A Accounting = GAAP
Explicit; Opinion must state that the acctg used was GAAP
C Consistency between periods
Implicit; Silence is okay cause its implied
D Disclosure
Implicit; Silence is okay
O Express Opinion
Explicit; Opinion must state In our opinion
Meant to prevent misinterpretation of the degree of responsibility the auditor is assuming
when his/her name is associated with the F/S
The auditor may express different opinions of different sections (B/S, I/S)
The auditor may express an opinion on 1 section and not the others as long as information has
not been limited

Reports on Audited F/S


The Auditors Standard Report (Unqualified Opinion)
Title
Addressee
Introductory Paragraph R;R
Statement that the F/S as identified in the report were audited
Statement that the F/S are the responsibility of mgmt and the auditors responsibility is to express an opinion
Scope Paragraph APMEAM; APMEAM
Statement that the audit was conducted in accordance with U.S. GAAS
1

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Statement that the audit was planned and performed to obtain reasonable assurance that the F/S are free
from material misstatement
Statement that the audit included examining evidence on a test basis; assessing the accounting principles
used and significant estimates made by mgmt; and evaluating the overall presentation
Statement that the audit provides a reasonable basis for an opinion
Opinion Paragraph
Statement referring to the F/S specifically identified in the introductory paragraph
An opinion as to the fair presentation of the F/S (ACDO)
Statement regarding conformity with U.S. GAAP (ACDO)
Firm Name
Report Date
The Report should be dated on or after the date on which appropriate audit evidence sufficient to support
the opinion has been obtained
Sample unqualified opinion A1-14
GAAS in referenced to in the Scope paragraph
GAAP is referenced to in the Opinion paragraph
PCAOB Standards for publicly traded companies
Audits of Issuers (public companies) PCAOB auditing standard No. 1 requires the auditors report to include
=a reference to the standards of the PCAOB
Audits of nonissuers (private companies) An auditor may, but is not required to, conduct the audit of a
nonissuer in accordance with both GAAS and PCAOD auditing standards
Unqualified opinion clean; F/S presented fairly in all material respects, doesnt mean good investment
Modified Unqualified opinion additional explanatory language
Qualified opinion states except for; material GAAP or GASS problem
Adverse opinions very material GAAP problems
Disclaimer of opinion significant GAAS problem
Chart on A1-17 memorize
Uncertainties impairments, intangibles, lawsuits, warranties
Managements responsibility
Estimate the effect of future events on the F/S and record and present this estimate, or
Determine that a reasonable estimate cannot be made and make the required disclosures to that effect
Remember under GAAP
Both probable and reasonably estimatable record
Either probable or reasonably estimatable disclose
If mgmts analysis is supported and properly reported or disclosed, the auditor issues and unqualified opinion
with no reference to the uncertainty in the report
Unqualified opinion: GAAP = ok; GAAS = ok
If the auditor is unable to obtain sufficient evidential matter involving an uncertainty and its presentation or
disclosure, the auditor should consider expressing a qualified (GAAS) opinion or to disclaim an opinion to
scope limitation.
Qualified or Disclaimer: GAAP = ?; GAAS = Problem

AUD - Notes Chapter 1


http://www.cpa-cfa.org

If the auditor concludes that the F/S are materially misstated due to a departure from GAAP related to
uncertainty, the auditor should express a qualified (GAAP) or adverse opinion. GAAP departures include
inadequate disclosures, use of inappropriate accounting principles, and use of unreasonable acctg estimates
Qualified of Adverse: GAAP = problem; GAAS = ok
Pass key chart on A1-19 memorize
Modified Unqualified opinion still represents an unqualified opinion. The additional language (modified
wording or explanatory paragraph) used to highlight the certain circumstances
Modified wording
Division of responsibility; auditors opinion is based in part on the report of another
Explanatory paragraph
Justified departure from GAAP
Going concern
To emphasize a matter
Lack of consistency
Other;
- Required SEC regulation S-K quarterly financial data has been omitted or has not been reviewed
- Supplementary information required by GAAP has been omitted
- Other information (stuff in 10-K) is inconsistent with F/S
Division of Responsibility (reference in report) The principal auditor decides to mention the work done by
other auditors, the report will express a division of responsibility. The principal auditor will mention this
division in all three paragraphs. The name of the other auditor is not mentioned unless the auditor gives express
permission and the report of the other auditor is presented. Make other CPA responsible by mentioning them in
the Intro, Scope, and Opinion paragraph.
Assumption of Responsibility (no reference to other CPA) The principal auditor must assure on the other
auditors, reputation, independence, professional competency, program steps (RIPP). Visit the other auditor to
discuss audit procedures and review audit program, documentation, and evaluation of internal controls
performed by the other auditor
Justified departure from GAAP The explanatory paragraph should contain a description of the departure, its
approximate effects (if possible) and the reasons why adherence to GAAP would make the F/S misleading
Going Concern The auditor should perform the following procedures:
A Analytical procedures
D Debt compliance
M Review board minutes
I Inquiry of clients legal counsel
T Confirm third party arrangements/agreements
S Subsequent events review
Conditions or events that may indicate substantial doubt:
F Financial difficulties
I Internal matters
N Negative trends
E External matters, legal proceedings, new legislation, loss or expiration of intellectual property
The auditor is not precluded from choosing to disclaim an opinion in cases involving uncertainties
The explanatory paragraph occurs after opinion paragraph
It includes the terms substantial doubt and going concern
3

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Dont limit it for a time period


If, in the auditors judgement, the entitys disclosures are inadequate, a departure from GAAP exists. This may
result in either a qualified or adverse opinion
Emphasis of a matter auditor may wish to emphasis a particular matter but still express an unqualified
opinion. Emphasis when a company is a RECC
A related party transaction
Significant subsequent events
Entity is a component of a larger business
Items that affect the comparability (except changes in accounting principles)
An explanatory paragraph is not required
Lack of consistency (justified changes) ACDO if a change is GAAP has occurred between accounting periods
and the effect is material, the auditor should add an explanatory paragraph to the unqualified report. The
explanatory paragraph comes after the opinion paragraph
When selecting the type of opinion because of a lack of consistency, determine is the change is justified
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = Qualified or Adverse
Qualified except for Opinion and Adverse Opinion for very material GAAP problems
1. Non GAAP unjustified/unacceptable change Issue is consistency (ACDO); an explanatory paragraph
should appear before the opinion paragraph to describe the non-GAAP acctg change and the financial impact
2. Inadequate disclosure when the auditor believes that the omitted items cause the F/S to be deceptive
3. Departure from GAAP
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = except for or Adverse
4. Unreasonable accounting estimates
Qualified except for Opinion for material GAAS problems
1. Uncertainty
2. Scope limitation time constraints, in ability to obtain sufficient competent evidential matter, refusal of
mgmt to provide mgmt letter which acknowledge their responsibility for the fair presentation of the F/S in
conformity with GAAP, refusal of clients attorney to respond to inquiry
The scope limitation should be referred to in the scope and opinion paragraph (as an explanatory
paragraph preceding before the opinion paragraph: Double except for whammy
Disclaimer Opinion for significant GAAS problems
1. Uncertainty
2. Scope limitation
3. Lack of independence
4. Unaudited only an opinion paragraph. States reason of unaudited F/S and we do not express an opinion
Changes to the report include
Introductory paragraph
- Use the words were engaged to audit instead of have audited, and
- Deletion of the reference to the auditors responsibility
Scope paragraph omitted
Explanatory paragraph is the middle paragraph and describes the reasons for the disclaimer
Opinion paragraph disclaimer of opinion is given on the F/S taken as a whole
4

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Reports on Comparative Statements


If the prior years financial statements were not audited and that the current years financial statements are
being audited, the auditor is facing a scope limitation (because the beginning balances may not be correct) and
may require a disclaimer opinion.
When updating (changing prior) periods the explanatory should disclose the:
D Date of the auditors previous report
O Opinion type previously issued
R Reason for prior opinion
C Changes that have occurred
S Statement opinionis different
Only DORCS change their mind
Update or change opinion when now in conformity with GAAP (restate prior yr F/S)
Report of a predecessor auditor presented
The prior (old) CPA should:
Read the current period statements
Compare the statements audited with the current period statements
Obtain a letter of representation from the successor auditor
Obtain a letter of representation from mgmt
If the report is unrevised use the original report date in any reissue
If the report is revised dual date
Report of a predecessor auditor not presented
The current (new) CPA should:
Not name the predecessor auditor
The date of the predecessors auditors report
The type of opinion expressed by the predecessor auditor
The substantive reasons for other than an unqualified report

Subsequent Events
Type I events conditions on or before balance sheet date, accrue, looking backward
Requires a F/S adjustment
Type II events conditions existing after the balance sheet date, disclose in footnotes, looking forward
May require footnote disclosure
Auditors responsibility for subsequent events PRIME is included in yr end fieldwork
P Post balance sheet transactions
R Representation letter should be obtained from mgmt
I Inquiry
M Minutes of stockholders, directors, and other committee meetings should be read
E Examine latest available interim F/S; compare them with the F/S under audit
Auditors responsibility after the original date of the auditors report
The auditor has no active responsibility. However, if the auditor becomes aware of a subsequent event, auditor
must use professional judgement to decide whether to adjust the F/S or disclosures
If adjusts are made after the original date of the auditors report, the auditor may dual date the report
5

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Ex. Jan, 21, 2000, except for Note 2, as to which the date is Feb 3, 2000
Facts discovered after report is issued (the auditors missed it)
Auditor action
Advise client to issue revised F/S or make additional disclosures
Provide notification that the F/S can not be relied upon
If the client refuses to follow procedures
Notify the board of the directors
Dissociate with the client
Inform any regulatory agencies (if applicable)
Notify parties relying on the F/S
Omitted audit procedures discovered after submission of the audit program (we forgot to do it)
Auditor should determine whether other audit procedures tended to compensate for the omitted procedures
Apply the omitted procedures (or alternative procedures)

Reporting on Other Information


Auditor should perform limited procedures on supplementary information and report deficiencies & omissions
1. Inquire of mgmt
2. Determine if the methods uses are consistent with mgmts responses, audited F/S and other knowledge
3. Consider whether the client representation letter should refer to the supplementary information
Segment information is required by GAAP
Material misstatement GAAP problem qualified or adverse opinion
Scope limitation GAAS problem qualified or disclaimer opinion
When an auditor submits a document containing audited F/S to a client or others, the auditor has a
responsibility to report on all information in the document
The auditor must indicate in the report whether the accompanying information is fairly stated in all material
respects in relation to the basic F/S taken as a whole. The report should also describe the character of the
auditor examination and the degree of responsibility the auditor is assuming.
Condensed F/S
The Auditor must indicate:
That the auditor audited and expresses an opinion on the complete F/S
Date of the auditors report on the complete F/S
Type of opinion expressed
Whether the information in the condensed statements is fairly stated, in all material respects
Selected financial data
The auditor must indicate whether the selected financial data is fairly stated, in all material respects, in relation
to the F/S from which it has been derived.
An accountants report should include
1. Brief description of the nature of the engagement
2. Statement that the engagement was performed in accordance with AICPA standards
3. Identification specific entity, descriptions of the transactions, statement about the source of the information
4. A statement describing the appropriate acctg principles (including country of origin) to be applied
5. Statement that mgmt is responsible
6. A statement that any differences in the facts, circumstances or assumptions may change the report
6

AUD - Notes Chapter 1


http://www.cpa-cfa.org

7. Restrict use of report to mgmt, board of directors, prior and current auditors
Reporting on F/S prepared for use in other countries
Distribution outside U.S. only: auditor may use either
- The report of the other country
- US style report modified to the accounting principles of another country
Distribution within the US: auditors report should be the US standard report modified as appropriate for
departures from US GAAP.

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Quality Control Standards


The five interrelated elements of quality control are:
A Acceptance and continuance of clients engagement
I Independence, integrity and objectivity
C Continuous monitoring
P Personnel management
A Assurance regarding engagement performance
Acceptance and continuance of clients and engagements
Considers the risk associated with clients (dont accept a client whose mgmt lacks integrity)
Undertakes only those engagements that the firm can reasonably expect to complete with professional care
Independence, integrity and objectivity
Policies and procedures which help maintain personnel independence in fact and appearance
Lead partner and the reviewing partner must rotate off the audit every five years
Routine tax return preparation, tax planning and employee personal tax services are allowed under
Sarbanes-Oxley but must be approved by the audit committee in writing
Continuous monitoring
What the title implies
Peer review
- One CPA firm reviews another CPA firms quality control system, occurs every 3 years for a CPA firm
that is a member of the AICPA.
- Purpose is to determine and report whether CPA firm being reviewed has developed adequate policies
and procedures for quality control and they are following them
- Upon completion, a report is issued with conclusions and recommendations
Personnel Management
Criteria for hiring, assignment of the firms personnel to engagements, professional development and
advancement
Assurance regarding engagement performance
Policies and procedures that assure that the engagement work meets professional standards, regulatory
requirements, and the firms own standards of quality
GAAS relate to the conduct of each individual engagement, whereas quality control relate to the conduct of all
professional activities of the firms practice as a whole
The quality control standards of a firm affect both the performance of each audit and the performance of the
audit practice as a whole
Deficiencies in a firms quality control do not necessarily mean/indicate a lack of GAAS compliance.

Other Engagements, Reports and Accounting Services


Auditing standards have restricted special reports to the following 5 areas
1. OCBOA use of other comprehensive basis of accounting F/S (cash basis, price-level adjusted F/S)
The use of non-GAAP requires the auditor to issue either a qualified or adverse opinion unless the non-GAAP
method is an OCBOA (in which case an unqualified opinion is appropriate)

AUD - Notes Chapter 1


http://www.cpa-cfa.org

2. Specific elements, accounts or items of a F/S The auditor expresses an opinion on each of the specified
elements, if the element is far-reaching or pervasive (NI, STK EQ, or any item based thereon) the auditor must
audit the complete set of financial statements.
A piecemeal opinion may be expressed if the items do not constitute a major portion of the F/S. A piecemeal
opinion cannot be issued if the auditor has expressed a disclaimer or adverse opinion.
3. Issue special report on a clients compliance with contractual agreements or regulatory requirements
Auditor must have audited the F/S and may only issue negative assurance. Cannot be issued if the auditor has
expressed a disclaimer or adverse opinion. Limitedly distributed
4. Special purpose financial presentations to comply with contractual agreements or regulatory provisions
5. Financial information presented in prescribed forms or schedules the auditor may attest to the fairness on
financial information presented in prescribed forms such as loan applications or regulatory filings.
The auditor may make modifications to an unqualified special report by adding an explanatory paragraph after
the opinion paragraph

Compilation and Review of Financial Statements


CPAs can perform two levels of service (compilation and review) with respect to unaudited F/S of a non-public
company.
Compilation engagement No assurance or opinion. CPA does not perform any audit or review procedures.
A Review Limited (negative) assurance. CPA performs inquiry and analytical procedures
When a CPA performs more than one service (such as complication and an audit) the CPA should issue a report
that is appropriate for the highest level of service rendered.
An engagement letter is recommended but not required
Statements on Standards for Accounting and Review Services pronouncements issued by the accounting and
review services committee of the AICPA
A compilation engagement may involve compiling and reporting on only one financial statement
The compilation engagement report should include: ALARD
A Statement that a compilation has been performed in accordance with SSARS issued by the AICPA
L Statement that a compilation is limited to presenting, in the form of F/S, information that is the
representation of mgmt
A Statement that the accountant has not audited the F/S
R Statement that the accountant has not reviewed the F/S
D Disclaimer of opinion and a statement that the accountant gives no assurance on the F/S
Youre A LARD when all you do is compile F/S
Compiled F/S that omit GAAP disclosures are acceptable if:
Reason for omission was not to deceive user
Compilation report warns user of missing disclosures
Compilation with limited disclosures are labeled Selected Information Substantially All Disclosures
Required By GAAP Are Not Included
9

AUD - Notes Chapter 1


http://www.cpa-cfa.org

An opinion, even qualified or adverse, requires and audit. When an accountant performing a compilation or
review becomes aware of a GAAP departure, the report should be modified or the CPA with withdraw from the
engagement. An opinion would not be expressed
An accountant who submits unaudited F/S to the client that are not expected to be used by a third party may use
an engagement letter rather than a compilation report
Review of F/S a higher level of service than compilation because it results in an expression of limited
assurance. Reviews include inquiry and analytical procedures. However, no required to obtain an understanding
of internal control or assess control risk
An auditor is required to perform these in a Review:
U Understanding with client must be established
L Learn and or obtain sufficient knowledge of the entitys business
I Inquires
A Analytical procedures
R Review, other procedures
C Client representation letter required from mgmt (dont need with a compilation)
P Professional judgement should be used
A Auditor should communicate results
The objective of a review of financial information is to determine whether material modifications are necessary
for the information to be in conformity with GAAP.
Not required to communicate with predecessor auditor
Make inquires of internal personnel, not external people or entities.
Client representation letter from mgmt is required which covers all F/Ss and periods covered by the review
report
Audit test work, including testing internal controls, is not performed
The accountants report in a review engagement should include:
A the review has been performed in accordance with SSARS standards established by the AICPA
M All F/S information is the representation of mgmt
I a review consists principally of inquiries of company personnel
A a review consists of analytical procedures applied to financial data
S a review is substantially less in scope than an audit
N no opinion is expressed
M accountant is not aware of any material modifications that should be made to the F/S in order for
them to be in conformity with GAAP
AM I A SNM

Reporting on Comparative F/S


When the continuing auditor performs a higher level of service (service upgrade) in the current period, the
report on the prior period should be updated and issued as the last paragraph of the current periods report
Downgrade in service (last yr we reviewed, this yr we compile). Issue a compilation report and add a paragraph
to describe prior period responsibility assumed. Or issue both a review report and compilation report
10

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Whenever prior accountants are asked to reissue a prior report (audit, review or compilation) they should reas
the new F/S and obtain a representation letter from the new accountant
Reporting when one period is audited
Reissue the prior period report, or
Include an additional paragraph in the current report describing the responsibility assumed for the prior
period statements

Review of Interim Financial Information


In an initial review of interim financial information, the accountant should make inquires of the predecessor
auditor, and if allowed, review the predecessors documentation
Inquiry of clients lawyer is not required but may be appropriate in certain circumstances
Going concern is not required but may be appropriate
Likely misstatement best estimate of the total misstatement in an account balance or class of transactions. The
accountant should:
Accumulate all such estimates for further evaluation
Consider that the aggregated effect of several immaterial misstatements
Evaluate potential effect on current and future periods
A review of interim F/S of a public company is conducted in accordance with AICPA auditing standards not
SSARS
Should modify their report if, during the review, they become aware of a departure from GAAP
Going concern no modification if disclosed
Lack of Consistency no modification if disclosed

Letters for Underwriters


A comfort letter is a letter from the CPA to the named underwriter. It covers the period from the date of the last
auditors report to the effective date of the registration.
When a comfort letter is issued, the CPA is required to perform a review of interim financial information in
accordance with auditing standards
To obtain a comfort letter, parties other than the names underwriter must provide the CPA with an attorneys
opinion or representation letter, confirming that such a party has a due diligence defense
Comments in a comfort letter a limited to:
Financial info expressed in dollars, and
Financial info derived from accounting records
A comfort letter is solely to assist the underwriters in conducting and documenting their investigation of the
company in connection with the offering
Provide positive assurance on:
11

AUD - Notes Chapter 1


http://www.cpa-cfa.org

CPAs independence
Compliance of the F/S with the SEC Act, assuming the F/S are audited
Provide negative assurance on:
Unaudited F/S if a review has not been performed, procedures performed and findings obtained should be
listed
Changes in selected financial information during subsequent period
Whether non-financial data in the registration statement complies with regulation S-K

Attest Engagements
Attest engagements CPA is engaged to issue or does issue an examination, a review, or an agreed-upon
procedures report on subject matter, or an assertion that is the responsibility of another party (usually mgmt).
Major attest services:
Agreed-upon procedures
Financial forecasts and projections
Pro forma F/S
Internal control over financial reporting
The following standards apply to services a CPA may offer:
Audit engagements SAS (Statements on Auditing Standards)
Compilation and review engagements SSARS (Statements on Standards for Accounting and Review
Services)
Attest engagements SSAE (Statements on Standards for Attest Engagements)
SSAE does not apply to:
Providing consulting/advisory services
Operational audits (usually performed by internal auditors)
There are 11 attestation standards: TIPPY PE ACRS
General Standards TIPPY
T Training and proficiency
I Independence
P Performance/due professional care in planning and performance
P Professional knowledge of subject matter
Y Your belief that the assertion and the criteria is objective, measurable and complete
Field work Standards PE
P Planning and supervision
E Evidence to provide reasonable basis for the conclusion
Reporting Standards ACRS
A Assertion or subject matter should be identified
C Conclusions should be expressed
R Reservations or unresolved issues should be disclosed
S Statement restricting use of the report to specified parties should be included (if necessary)
Agreed-upon procedures CPA is engaged to issue a report of findings based on specific agreed upon
procedures (example is mutual fund performance). Agreed upon procedures may be performed is the following
conditions exist:
I Independence of the practitioner
A Agreement of the parties
M Measurability and consistency
12

AUD - Notes Chapter 1


http://www.cpa-cfa.org

S Sufficiency of the procedures


U Use of the report is restricted to the specified parties
R Responsibility for the subject matter rests with the client
E Engagements to perform agreed upon procedures on prospective financial statements
I AM SURE you can perform these agreed upon procedures
Financial forecasts the expected financial results of a future period, based on expected conditions (i.e.
budget)
Financial projection financial results based on a what if scenario, based on hypothetical assumptions
Forecasts and projections are two types of prospective F/S. Pro forma F/S are different, because it shows what
past financial results of an expired period would have been if something had been different.
Only a financial forecast is appropriate for general use. While both, forecasts and projections are appropriate
for limited use.
Compilation of prospective F/S the proper assembling of financial data based on the partys assumptions
No assurance of any kind given
The practitioner is not required to gather supporting evidence
Significant assumptions must be disclosed otherwise cannot issue compilation

13

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Planning and Supervision


TIP PIE ACDO
The audit committee is responsible for the selection and the appointment of the auditor and the reviewing the
nature and scope of the engagement
In a new client relationship, it is mandatory to make inquiries of the predecessor auditor. Client permission is
needed. If the client is unwilling it is a scope limitation.
Before accepting the client, inquiry the old CPA regarding:
Information that may reveal mgmt integrity
Disagreements with mgmt (accounting principles, auditing procedures)
Reasons for change of auditor
Communication to the audit committee regarding fraud, illegal acts, internal control matters
After acceptance, inquiry the old CPA regarding:
Make specific inquiries about the audit
Review predecessors audit documentation (workpapers)
Preliminary Engagement Activities
Assess the integrity of mgmt
Assess the availability and adequacy of the clients accounting records (lack of records = scope limitation)
Evaluate the firms quality control policies and procedures
An engagement letter a signed contract which documents the understanding with the client is required for an
audit engagement (should be signed and dated by the client)
Managements is responsible for:
The F/S
Internal controls
Compliance with laws
Representation letter (letter to auditor at end of the engagement that confirms the representation made)
Auditor is responsible for:
Conduct the audit in accordance with GAAS (obtain reasonable assurance about whether the F/S are free
from material misstatements
An audit is not designed to detect error or fraud that is immaterial to the F/S
An audit is not designed to provide assurance on internal control or to identify significant deficiencies
Audit is subject to inherent risks that errors and fraud will not be detected. If we discover fraud then we report
it to the audit committee
Planning the Audit
The nature, extent and timing of planning procedures will vary based on the engagement (the NET we cast over
the audit)
The auditor is required to obtain an understanding of the entity, its environment and internal controls
Obtain knowledge about the clients industry and business through:
Audit guides, trade publications and public information
14

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Tour client facilities


Review financial history of client
Obtain understanding of client accounting
Inquire of client personnel

Analytical Procedures used for:


For planning the nature, extent, and timing of other audit procedures (required)
Substantive tests to obtain evidential matter (optional)
Overall review in the final stage of the audit (required)
Analytical procedures performed during planning
Used to enhance the auditors understanding, and identify unusual transactions, events and amounts
During planning, analytical procedures consist of a review of data aggregated at a high level, such as
comparing financial statements to budgeted amounts
Financial data is used through relevant nonfinancial data (number of employees, square footage)
The audit plan
Must be written
Specific audit procedures are documented
Description of the nature, extent, and timing of:
- Planned risk assessment procedures (assess risk of material misstatement) (required)
- Planned further audit procedures
Timing of audit procedures should be discussed with mgmt
Materiality
Known misstatements specific misstatements identified during the audit
Likely misstatements misstatements the auditor considers likely to exist due to differences between auditor
and mgmt judgements or from audit evidence
Tolerable misstatements maximum error in a specific population that the auditor is willing to accept
All misstatements must be communicated to mgmt
Because the F/S are interrelated, the auditor should use the smallest level of misstatement that could be material
to any one of the F/S
The auditor must consider the effects, both individually and in aggregate, of the uncorrected misstatements
(both known and likely)
Misstatements are more likely to be considered if they:
Affect trends in profitability
Affects entitys compliance with loan covenants, contracts or regulatory provisions
Increase mgmts compensation
Affect significant F/S elements
Can be objectively determined
The auditor should document:
Planning levels of materiality and tolerable misstatement, the basis for those levels and any subsequent
changes
15

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Known and likely misstatements that were corrected by mgmt


A summary of uncorrected misstatements (known and likely), auditors conclusions on whether those
misstatements cause the F/S to be materially misstated, and the basis for the conclusion
Documentation of uncorrected misstatements should include:
Separate identification of known and likely misstatements
The aggregate effect on the F/S
Relevant qualitative factors affecting materiality judgements
Audit Risk
Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opinion on the F/S that
are materially misstated (risk that the auditor will give the wrong opinion)
AR = RMM * DR
AR = (IR * CR) * DR
Audit risk (AR) should be low
Risk of Material Misstatement (RMM) assessed by auditor and is independent of F/S audit
Inherent risk (IR) susceptibility of a relevant assertion to a material misstatement, assuming there are
no related controls (mistake in the clients acctg system). Auditor assesses IR but cant change
Control risk (CR) risk that a material misstatement could occur in a relevant assertion will not be
prevented or detected on a timely basis by the clients internal controls (clients internal control does not
catch it)
Detection risk (DR) risk that the auditor will not detect a misstatement that exists within a relevant assertion
(auditor will miss the mistake). Detection risk is a function of the effectiveness of audit procedures. The auditor
can change the detection risk
RMM and DR have inverse relationship. When risk of material misstatement is high, detection risk should be
set low (so we have to do more work)
Substantive procedures are always required
Direct relationship between RMM and assurance required from Substantive procedures. Greater the risk
(RMM) the more persuasive evidence needed.
Audit risk and materiality must be considered at both the F/S level and the account balance (item level)
At the F/S level, the auditor should consider risks that have pervasive effect on the F/S, potentially affecting
many relevant assertions
The account balance level (transaction & item level) is used to determine the nature, extent, and timing of
audit procedures. Inverse relationship between audit risk and materiality
Audit Procedures:
1. Risk assessment procedures
2. Test of controls test of internal controls (CRIME)
3. Substantive procedures tests $ balances
F/S Assertions (made by mgmt)
Transactions and events
C Completeness
P Proper period cutoff
A Accuracy
C Classification
O Occurrence
16

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Account balances
C Completeness
A Allocation and valuation
R Rights and obligations
E Existence
Presentation and disclosure
C Completeness
U Understandability and classification
R Rights and obligations
V Valuation and accuracy
After sufficient planning information has been gathered, an audit plan should be drafted. A written audit plan is
required for every audit.
When planning the audit, the auditor should consider the extent of involvement of the clients internal auditors
in the audit. Internal auditors are not independent, thus, the external auditor cant share with the internal auditor
any responsibility for audit decisions.
Auditor must obtain an understanding of the internal audit function
If the auditor uses the work of internal audit, competence and objectivity must be assessed
The higher the level the internal auditors report to, the more objectivity can be assumed
The auditor remains solely responsible for the report on the F/S. The internal auditor may not be utilized to
make judgement calls
If a specialist is used must evaluate the competence and objectivity of the specialist. Treat like one of your staff.

Fraud and Illegal Acts


Errors unintentional
Fraud intentional; 2 types
1. Fraudulent financial reporting (lying) designed to deceive F/S users. Usually involve
manipulation, misrepresentation, intentional misapplication of accounting principles
2. Misappropriation of assets (stealing) theft of an entities assets
Fraud risk factors include:
Incentives/pressures: a reason to commit fraud
Opportunity: lack of effective controls
Rationalization/attitude: an attempt to justify fraudulent behaviour
Its mgmts responsibility to design and implement programs and controls to prevent and detect fraud
The auditor has a responsibility to plan and perform (referred to as design) the audit to obtain reasonable
assurance about whether the F/S are free from material misstatement, whether caused by error or fraud.
Mgmt override of controls is a major factor in fraud.
Inquire entire personnel regarding their views of fraud risk
- Inconsistent responses indicate a need for additional evidence
Consider the results of analytical procedures (required during the planning and final stage)
17

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Attributes of risk:
Type of risk: fraudulent F/S or misappropriation of assets
Significance of risk: can it lead to a material misstatement
Likelihood of the risk: how likely is this to happen
Pervasiveness of the risk: does it affect the whole F/S or only specific accounts or transactions
2 Areas of greatest fraud concern:
1. Improper revenue recognition
2. Mgmt override controls
Items are more susceptible to manipulation when they involve:
1. High degree of mgmt judgement and subjectivity
2. Highly complex accounting principles
The auditor is required to respond to the results of the risk assessment on three levels
1. Overall, general response
- assigning personnel to the engagement
- determining the appropriate level of supervision of engagement personnel
- evaluating mgmts selection and application of accounting principles
2. Response encompassing specific audit procedures
- change nature
- change extent
- change timing
3. Response addressing risks related to mgmt override
- examine journal entries and other adjustments
- review accounting estimates for biases
- evaluate the business purpose for significant unusual transactions
Significant fraud risk may consider withdrawing from the engagement
Revenue recognition
- perform substantive analytical procedures relating to revenue
- confirm with customers contract terms and the absence of side agreements
Revenue recognition criteria
1. must have an arrangement (signed agreement)
2. must be a delivery
3. must be fixed or determinable price
4. collectability
Inventory quantities
- concern that there may be a failure to reconcile books to physical inventory
Mgmt estimates
- engage a specialist
- develop an independent estimate
- perform a retrospective review of prior period estimates (how good were last yrs estimates)
Misstatements caused by fraud (even immaterial misstatements) may be indicative of an underlying problem
with mgmt integrity. The auditor may need to reevaluate the assessment of fraud risk, the assessed effectiveness
of controls, and the appropriateness of audit procedures applied.
Inform the audit committee of any fraud. Parties outside the entity that we may communicate with in certain
circumstances:
18

AUD - Notes Chapter 1


http://www.cpa-cfa.org

- to comply with certain legal and regulatory requirements


- to a successor auditor
- in response to a subpoena
- to a funding agency
Complete documentation of the auditors risk assessment and response is required
If the auditor has not identified improper revenue recognition as fraud risk, support for this conclusion
Illegal acts violation of law
The auditors responsibility to detect illegal acts are the same for fraud and errors.
The auditor has no obligation to look for illegal acts having an indirect effect on the F/S
The auditor generally does not include procedures to specifically detect illegal acts
Effect of illegal acts on the auditors report
Departure from GAAP expect for or adverse
Insufficient evidence except for or disclaimer
Clients refuses to modify report withdraw

Risk Assessment
TIP PIE ACDO (fieldwork)
Audit Steps IMACPA
I Internal control, understand
M Material misstatement, assess
A Assess risk control
C Control testing
P Perform substantive testing
A Audit evidence, evaluate appropriateness and sufficiency
I - Internal control obtain an understanding of the entity and its environment
Risk assessment procedures
Inquires
Analytical procedures (required for planning and final stages)
Observation and inspection
Discussion among audit team
Other procedures
The auditor may choose to perform substantive procedures or tests of controls, if its efficient to do so
Factors to understand
Industry, regulatory, and other external factors
Nature of the entity
Objectives, strategies and business risks
- Business risks events or circumstances that could adversely affect the firm (ie competition)
Financial performance
Internal controls and accounting policies
M Material misstatement, assessing the risks
Factors that my be indicative of significant risks
Unusual, complex transactions
Business risks
Fraud risk
19

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Significant related party transactions


Highly subjective accounting estimates and principles
Response to significant risks
Evaluate the design of the entitys related controls
Determine whether the controls have been implemented
Evaluate whether and how mgmt responds to such risks
Test of controls test strengths to be relied upon, not weaknesses
Controls that are more directly related to an assertion are more effective in preventing, detecting and correcting
a misstatement in that assertion, than controls which only relate indirectly to an assertion.
Documentation requirements
Discussion among the audit team
Key elements of the understanding of the entity and its environment
The assessment of the risks of material misstatement
The identified risks and related controls evaluated by the auditor
Document
1. control factors that were used/helped to plan the audit engagement
2. control factors that helped ensure mgmt rules and directives were followed
Forms of documentation may include any item the auditor can FIND
F Flowchart
I Internal control questionnaire or checklists
N Narrative
D Decision table
Flowcharts symbolic diagram representing the sequential flow of authority, processes and documents. Depicts
the auditors understanding of the system
An adequate flowchart shows the origin of each document in the system, its subsequent processing, and its
final disposition
IT flowcharts are initially created to document the logic and existing flow of a computer program
Internal control questionnaires used for each item of mgmt assertions
Narratives a narrative is a written version of a flow chart (hard to see weaknesses
Decision tables or trees graphic illustrations that depict the logic of an operation or a process
A flowchart is sequential while a decision table/tree is logical

Internal Control
TIP PIE ACDO
Entity objectives
1. Reliability of financial reporting (most relevant to the audit)
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations

20

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Controls that pertain to the first objective (reliability of financial reporting) are the most relevant to the audit,
and these are the controls that the auditor must consider and understand.
Five components of internal controls CRIME
C Control environment: overall tone of the organization
R Risk assessment mgmts identification of risk
I Information and communication systems
M Monitoring: assessment of internal controls over time
E Existing control activities: control policies and procedures
Its a CRIME not to have strong internal controls
Control testing = internal controls (CRIME)
Substantive testing = $ balances
The auditor should obtain an understanding of CRIME as it pertains to financial reporting:
1. evaluate the design of relevant controls and determine whether then have been implemented
2. assess the risk of material misstatement
3. design the nature, extent and timing of further audit procedures (CPA tests internal controls in order to
adequately plan the NET audit)
Limitations of internal controls
Human error
Collusion
Mgmt override
Segregation of duties may be difficult to achieve in a smaller entity
IT system may make it impossible to reduce detection risk through substantive testing alone (must do control
testing as well)
IT benefits:
Ability to process large volumes of transactions accurately
Improved timeliness and availability of information
Facilitation of data analysis and performance monitoring
Reduction is the risk that controls will be circumvented
Enhanced segregation of duties through effective security controls
IT Risks:
Potential reliance on inaccurate systems
Unauthorized access to data
Unauthorized changes to data, systems and programs
Failure to make required changes and updates to systems or programs
Auditor should document use of programs and perform tests more often during the yr
Organizational structure of the IT department
C Control group responsible for internal control within IT dept.
O Program Operators input data
P Programmers write and develop computer programs
A System Analysts design the overall program, while programmers do the detailed work
L Librarian maintains the storage of the data
21

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Anyone doing for an 1 job or supervising another area is a weakness


CRIME
C Control Environment has pervasive effect on the auditors risk of assessment and preliminary judgements
about its effectiveness may influence NET of further audit procedures to be performed
Sets the tone of an organization, influencing the control consciousness of its people
Communication and enforcement of integrity and ethical values
Mgmts philosophy and operating style
Organizational structure
Assignment of authority, responsibility and accountability
Human resource policies and practices
R Risk assessment
CPA should obtain understanding and knowledge
I Information and communication
CPA should obtain understanding and knowledge
Accounting process (automated and manual), from initiation of a transaction to F/S
Accounting records (electronic and manual) supporting information and specific accounts involved in
initiating, authorizing, recording, processing and reporting transactions
The financial reporting process, including the development of significant accounting estimates and the
inclusion of appropriate disclosure
M Monitoring
CPA should obtain understanding and knowledge
Process that assesses the quality of internal control performance over time
Establishing and maintaining internal control is a responsibility of mgmt
E Existing control activities
Control activities in a strong internal control system have PAID TIPS
P Prenumbering of documents
A Authorization of transactions
I Independent checks to maintain asset accountability
D Documentation
T Timely and appropriate performance reviews
I Information processing controls ensure that transactions are valid, authrorized, and accurate
- Application controls controls for processing of individuals transactions
- General controls apply to information processing throughout the company
P Physical controls for safeguarding assets simply security
S Segregation of duties client should separate: ARC
- Authorization
- Recordkeeping
- Custody of related assets
The internal control environment should be detected in the ordinary course of business by an employee, not
- Collusion
- Mgmt overrides
For internal controls the auditor should
Obtain the necessary understanding of the user organizations internal control to plan the audit
Assess the control risk at the user organization, and
22

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Perform substantive procedures


Report on controls placed in operation may aid the auditor in obtaining an understanding of controls,
however, it is provided when tests of operating effectiveness were not performed, and therefore it does not
provide the user with a basis for reducing the assessment of control risk

Responding to Assessed Risks


IMACPA
Audit approach the auditors specific approach to identified risks at the relevant assertion level may consist of
either a substantive or combined approach
Use substantive approach when:
Controls are not strong for an assertion
Not cost/benefit to test the effectiveness of the controls
Combined approach both control testing and substantive procedures are used. If controls are operating
effectively, less assurance will be required from substantive procedures.
Test of controls may be required in highly electronic environments, substantive procedures alone may not be
sufficient
Status of internal control
None or weak
Some
Strong

Audit approach
Perform control tests
Perform substantive tests
No (because nothing to rely on)
yes-maximum
Yes
Yes
minimal (but never
eliminate for material
balances, transaction classes, or disclosures)
Risk level
high
medium
low

Test of Controls - IMACPA


Test of controls are performed when the auditors risk assessment is based on the assumption that controls are
operating effectively, or when substantive procedures alone are insufficient. (test control strengths, not
weaknesses)
Obtaining an understanding of internal controls includes evaluating the design of controls and determining
whether they have been implemented
Only controls that are suitably designed to prevent or detect material misstatements are subject to tests of
operating effectiveness
Inspect client records documenting use and changes to IT programs
Nature of tests of controls
Tests of operating effectiveness of controls include: inquiries, inspection, observation, and reperfornance
As the planned level of assurance (about operating effectiveness) increases, the auditor should obtain more
reliable or more extensive audit evidence
Evidence hierarchy:
1. Personal observation and knowledge
2. External evidence
23

AUD - Notes Chapter 1


http://www.cpa-cfa.org

3. Internal evidence
4. Oral evidence
Timing of tests of controls
When tests of controls are performed at one particular time, they provide evidence that controls operated
effectively only at that time. Controls tested throughout the period provide evidence of operating
effectiveness during that period
Controls that are tested only during an interim period should be supplemented by additional evidence for
the remaining period (roll forward)
If controls have changed since they were last tested, operating effectiveness must be retested in the current
period
Even if controls have not changed, operating effectiveness must be tested at least one every third year
Perform substantive testing IMACPA
Used to detect material misstatements at the relevant assertion level
Substantive procedures should be designed to be responsive to assessed risks, however, regardless of the
assessed risk, substantive procedures are required for each material transaction class or account balance
2 types of substantive procedures
1. Test of details applied to transaction classes, account balances and disclosures. $ balances, ratios
2. Substantive analytical procedures used for large volume predictable transactions
Directional testing
To test existence or occurrence assertion Top down, start from F/S. Look for support = vouching
Test existence for overstatement of assets and revenues
To test completeness assertion Bottom up, start from item, look to see its included/covered in F/S = tracing
Test completeness for understatement of liabilities and expenses
If substantive procedures are performed at an interim date, the auditor should perform further substantive
procedures (maybe with test of controls) to provide reasonable basis for extending audit conclusions to period
end
If risk of material misstatement is low, performing substantive procedures at interim increases the risk that the
auditor will not detect material misstatements in the F/S
In certain situations, such as those in which there is an identified fraud risk, the auditor may choose to perform
substantive procedures at or near period end.
Audit evidence, evaluate appropriateness and sufficiency IMACPA
Audit evidence obtained may cause the auditor to modify this or her initial risk assessment
The auditor should not assume that an identified instance of fraud or error is an isolated occurrence
When there is a change in the assessed level of risk, the auditor should modify planned procedures
accordingly
The auditor uses judgement to evaluate the sufficiency and appropriateness of audit evidence

24

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Transaction Cycles
TIP PIE ACDO whole chapter 4
Revenue cycle includes sales revenues, receivables and cash receipts
Sales (serially number documents are PAID TIP)
1. Preparation of sales order a serially numbered sales order is prepared and sent to the credit department
for approval
2. Credit approval valuation assertion, credit department determines (ARC)
3. Shipment Shipping department prepares a serially numbered bill of lading (ARC)
4. Billing Billing dept. prepares serially numbered sales invoice. Shipping documents, sales orders, and
invoices are compared to ensure that all shipments were based on customer orders and properly billed.
The invoice is then sent to the customer and A/R dept. (ARC)
5. Accounting the sale is entered into the sales journal and a receivable is recorded (ARC)
Accounts receivable
1. Sales
2. Collection of cash receipts
3. Uncollectible receivables an aging schedule is prepared and sent to the credit department for use in
carrying out its collection program. Auditor observes the preparation of aging schedule to support
assessing control risk below maximum
4. Sales returns a serially numbered receiving report may be used as a sales return slip. Once the return
is approved, the related receivable is eliminated
Cash receipts
1. Collection incoming mail must be opened by a person who does not have access to the A/R ledger.
One receipt copy should be sent to cashier (or treasury) for bank deposit. Another copy sent to A/R dept.
for entry into the A/R subsidiary ledger. A third copy should be sent to acctg dept. for entry into the
general ledger
Testing controls for Sales
Inquire about credit procedures for new customers (valuation) (ARC)
Compare sales journal to subsidiary ledgers
Inspect a sample of prenumbered shipping documents and
- agree to sales order (existence)
- account for prenumbered (completeness)
Vouch a sample of sales invoices, trace a sample of shipping documents
Inspect customer exception file and disposition (existence, completeness, rights and valuation)
Send confirmations follow up on error reports (rights and obligations)
Test cutoff
Test adequacy of uncollectible accounts
Expenditure cycle
Purchases
1. Purchase requisition the dept. needing an asset or services sends an approved serially numbered
requisition to the purchasing dept
2. Purchase orders obtain competitive bids from various suppliers to make sure that the best price is
obtained. Use prenumbered purchase orders
3. Receipt of goods or services- it is preferable that the copy not indicate the quantity ordered (blind copy),
thus the receiving dept is forced to count the goods upon arrival
25

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Accounts payable
1. record the payable
2. approve the bill when the invoice arrives, the accounting department approves it by matching the
invoice, purchase order, receiving report, and (sometimes) the requisition
Cash disbursements
1. best for internal controls to pay invoices by check
2. best for internal control to segregate approving payment and writing checks
3. Treasurer pays the bills
The accounting department has three functions
1. to record the payable
2. to approve the invoice for payment
3. to record the payment after its paid by the treasurer
The auditor should review bills in January to determine is they were incurred in Nov or Dec (search for
unrecorded liabilities.
Audit procedures related to cash
Internal controls over the handling of cash is one the most critical areas of an audit; proper segregation of
duties
The auditor should obtain cutoff bank statements used to test for lapping and kiting
Vouch postings to ledger accounts, reconcile bank statements, and verify cash transactions
Simultaneously verify internal and external evidence
Internal evidence includes counting cash on hand and reconciling it with the journals
External evidence includes confirming accounts on deposit with banks, all securities on deposit and
obtaining bank cut-off statements
Lapping theft of cash is often concealed by failing to account for cash receipts (todays cash receipts cover
yesterdays theft)
Best way to guard against lapping is to use a lock box system. Inspect checks when deposited/cashed and
compare to when accts receivable was booked
Kiting when a check drawn on one bank is deposited in another bank and no record is made (cash is recorded
in 2 places at once (Dec 31))
A bank transfer schedule compares the dates checks are drawn to the dates checks are deposited
A standard bank confirmation should be sent to all banks that the client has done business with during the year,
regardless of whether there is a year end balance to confirm.
Potential misstatements
Recording fictitious sales (existence assertion)
Holding open the sales journal to include next years sales (improper cutoff)
Shipping unordered goods near year end which can be returned (bill and hold)
Failure to record payments
Sales adjustments may be used to conceal thefts of cash collections
Reduce risk by ARC
26

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Audit Documentation
Audit documentation (workpapers) belong to the CPA (not the clients acctg records) and are meant to support
the auditors opinion and record audit procedures performed and evidence obtained
Audit documentation should:
Indicate that the accounting records support/reconcile to the F/S
Contain enough detail so an auditor with no prior knowledge can understand the whole audit
Support that the audit was conducted in accordance with GAAS
Report release date date on which the auditor grants the client permission to use the report (usually date
report is delivered to the client)
For private companies, auditing standards require audit documentation be completed 60 days from report
release date and held for 5 years from that date
For private companies, the PCAOB requires audit documentation be completed 45 days from report release
date and held for 7 years from that date
The specific quantity, type and content of audit documentation are based on the auditors judgement
Permanent (continuous) file audit documentation that has continuing interest from year to year
- contracts, pension plans, leases, stock options, bylaws
Current file all audit documentation applicable to the year under the audit
Audit documentation should include significant audit findings, actions taken, and conclusions reached, such as:
Selection and application of accounting principles
Possible material misstatements
Need to revise the auditors previous risk assessment
Significant difficulty in applying necessary audit procedures
Modification to the auditors standard report
You can provide audit documentation to another party without the clients permission:
If its subpoenaed in court
To your defense team: lawyers, insurance company, expert witnesses
AICPA for an investigation or quality review

Audit Evidence
Audit evidence all the information an auditor uses to arrive at the opinion
The auditor should have access to all pertinent accounting data and corroborating evidential matter (otherwise
its a scope limit)
Types of audit evidence
Underlying accounting records test through analytical procedures and substantive tests, such as retracing,
recalculation and reconciliation
Corroborating evidence provides additional support for the acctg data; observation, inquiry and inspection
27

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Electronic evidence consider the time during which information exists or is available in determining the
nature, extent and timing of audit procedures.
The third standard of fieldwork The auditor must obtain sufficient appropriate evidence by performing audit
procedures to afford a reasonable basis for an opinion regarding the F/S under audit
Evidential matter must persuade the auditor that the ending balance in the F/S are fairly presented (persuasive
rather than conclusive)
Cost/benefit relationship may be a valid reason for performing only certain procedures, cost alone or difficulty
in obtaining evidence is not a valid basis for omitting a procedure
Evidential matter should be valid and relevant
The greater the risk of material misstatement the more evidence will be required
The higher the quality of audit evidence the less audit evidence needed
Evidence must relate to the financial statement assertion under consideration
The evaluation of evidential matter must take into consideration the achievement of audit objectives
Substantive procedures are performed to evaluate mgmts assertions which help detect material misstatement
Substantive procedures consist of:
1. Test of details (applied to transactions balances and disclosures)
2. Substantive analytical procedures
Analytical Procedures
Comparison of financial data review current and prior years F/S and the current years budget, industry
norms, and nonfinancial information
Most effective and efficient for assertions in which potential misstatements are not apparent from detailed
evidence or is not available
The I/S has more predictable relationships than the B/S
Accts with mgmt discretion are less predictable\
Analytical procedures for planning phase and final review phase are required. However analytical procedures
used as substantive tests are not required.
Documentation requirements, expectation, factors, results, additional audit procedures performed and results of
those procedures
Investigate significant differences (if found): make inquires of mgmt, in necessary expand audit procedures or
alternative substantive procedures. Differences do not necessarily indicate errors or fraud, but simply indicate
the need for further investigation
Analytical procedures are applied during the overall review stage of an audit to evaluate the overall F/S
presentation and assess the conclusions reached
Test of Details
Directional testing refers to testing either forward or backward
If a test starts with items in the accounting records, the proper assertion is most likely existence
28

AUD - Notes Chapter 1


http://www.cpa-cfa.org

If a test starts with source documents, it is most likely related to the completeness assertion
Standard auditing procedures FIVE CARROTS
F Footing, crossfooting, recalculation verify mathematical accuracy
I Inquiry both internal and external
V Vouching directional testing; auditor examines support for existence and occurrence assertions
E Examination/Inspection provides evidence about the existence assertion
C Confirmation Type of inquiry obtained from third party
A Analytical procedures evaluate financial information through the study of data relationships
R Reperformance auditor re-performs procedures or controls originally performed by the client
R Reconciliation substantiates the existence and valuation of accounts
O Observation auditor looks at a process or procedure performed by others
T Tracing directional testing; examines support for the completeness assertions
S Subsequent events review perform certain procedures after balance sheet date
Other procedures
Cut-off testing
Test related account simultaneously
Requesting a comprehensive mgmt representation letter
Reading pertinent information

Evidential Procedures for Selected Accounts


Inventory
The observation of beginning and ending inventory is required. May use alternative procedures to justify an
opinion (acceptable when its impractical or impossible to observe inventory.
The client counts the inventory and the auditor simply observes and test counts certain items
Consigned inventory on hand is excluded from inventory count
Related accounts inventories, purchases, sales, sales returns and allowances, and COGS
The auditor should examine purchase invoices and receiving report around yr end for cut-off testing
The auditor should examine sales invoices and compare them to shipping documents around yr end for cut-off
Determine whether inventory adhere to lower of cost or market principles and whether inventory is pledged or
subject to liens
Examine vendor invoices, direct labor rates and test the computation of overhead rates
Accounts receivable confirmations
Positive confirmations request response from the recipient (may be blank)
Best type of confirmation for: large accounts, expect errors and disputes, weak internal controls
A greater degree of assurance but may result in lower response rate
Non-responses should be: followed up, the client may have to intervene, perform alternative procedures
Generally provide evidence regarding existence and rights and obligations
Negative confirmations recipient is asked to respond only if the amount stated in incorrect
Not as good as positive confirmation
29

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Use when there is low risk, small balances, belief that the receipt would respond if there was a discrepancy
Accounts payable confirmation not required
Are positive confirmations and generally left blank
Objective is to determine whether A/P is understated
Should be sent when internal control is weak
Typically send to vendors with small or zero balances would be selected for confirmation
However, unrecorded liabilities generally surface eventually when unpaid vendors stop delivering goods
Payroll and Personnel
There should be segregation of duties as follows
Authorization to employ and pay function of HR to hire new employees
Supervision all pay base data (hours, time-off) should be approved
Timekeeping and costs accounting data on which pay is based, hours worked or jobs completed
Payroll check preparation computes salary based on information received, later signed by the treasurer
Control procedures PAID TIPS
PPE
Acquisition a special requisition form is needed. Acquisitions are ties to the capital budget and the board
of directors should also have to approve the acquisition.
Subsidiary ledgers detailed information on each asset is kept in the subsidiary ledger
Physical security
Written policies on depreciation and capitalization
Disposition retirement of assets should be documented and sequentially numbered
Audit procedures
Vouch additions
Review retirements and recalculate any gains/losses
Review repair and maintenance accounts in order to locate items that should have been capitalized
Be alert for liens on assets (borrowed)
- Companies cannot/do not insure fixed assests they do not have
- Companies do not pay real estate taxes on property they dont own
- Tour plant and inquire
Liabilities
Notes payable examine the note, comparing terms and amounts to board approval. Interest expense should
be independently computed
Long term debt ensure that interest expense is properly reported, valuation is fairly reported, all debt has
been recorded. Compare interest expense with the bond payable amount for reasonableness
Contingencies look at guarantees, purchase commitments, leases, tax returns, clients legal counsel
Owners Equity
Treasury stock auditor should examine all shares of treasury stock and reconcile the number of TS shares.
Compare to authorization in the minutes of the board meeting
Stock transactions vouch to supporting documentation
All issues relating to stock, dividends, and TS must be authorized by the board of directors
Articles of incorporation goes in the permanent audit file
30

AUD - Notes Chapter 1


http://www.cpa-cfa.org

If the client uses a stock transfer agent, use third party confirmations
If the client doesnt use a stock transfer agent, check the stock certificate book
Consider whether any appropriations of retained earnings are necessary (due to loan covenants). The auditor
focuses on evaluating the presentation and disclosure of the F/S (mgmt assertions = classification &
understandability)

Audit Evidence: Miscellaneous Items


Related Party Transactions
Concerned about valuation and accuracy
A related party transaction is not considered to be an arms length transaction
Should be adequately disclosed
Determining the existence of related party transactions
Evaluate companys procedures and policies for related party transactions
Inquire mgmt and predecessor auditor
Review entitys filings with the SEC
Review board minutes
Compensating balance agreements
Loan agreements
Unusual, non-recurring transactions new year end
Accounting Estimates
Assess mgmts written policies and practices of acctg estimates
Verify that all material estimates have been developed
Determine that the accounting estimates are reasonable
Ensure that the accounting estimates are properly presented and disclosed in conformity with GAAP
Test for reasonableness
Are they using the same methods
Past track record of estimates is good
Justify any changes in approach
Auditing Fair Values
Estimates and valuation methods may be used when market values are not available
Changes in fair value measurements may be treated in different ways under GAAP (NI or OCI)
Evaluate the sufficiency, competency, and consistency of evidence obtained with respect to fair value
measurements and disclosures.
Determine whether mgmts significant assumptions provide a reasonable basis for fair value measurement
Litigation
Mgmt is the primary source of information regarding litigation. An external inquiry of the entitys attorney
is simply a means to corroborate information provided by mgmt. R
Review minutes, invoices from lawyers, and IRS correspondence
Its mgmts responsibility to identify and account for litigation, claims
Letter inquiry to clients attorneys should be signed by the client but sent to the lawyer by the auditor
31

AUD - Notes Chapter 1


http://www.cpa-cfa.org

The lawyers response to the letter should include a professional opinion on the expected outcome of any
lawsuit and the likely outcome of any liability, including court costs
If the lawyer refuses to respond scope limitation qualified or disclaimer opinion
Client refuses to permit inquiry disclaimer opinion

32

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Audit Sampling (statistic sampling)


Sampling risk reach the wrong conclusion based on the sample
Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgement. Professional judgement is still needed/required to set parameters and evaluate the results.
2 main types of sampling
1. Attribute sampling (rate of occurrence) used for testing internal controls (yes/no questions)
2. Variable sampling (probability-proportional to size PPS or estimation sampling or numerical quantity)
used in substantive testing of account balances ($ values)
Audit risk risk of getting the opinion wrong due to uncertainty in applying audit procedures (sampling and
other)
Risk of assessing control risk too low risk that the assessed level of control risk based on the sample is less
than the true risk based on the actual operating effectiveness of the control (i.e. sample results indicate a lower
deviation rate than actually exists in the population)
Risk of assessing control risk too high risk that the assessed level of control risk based on the sample is
greater than the true risk based on the actual operating effectiveness of the control. sample results indicate a
greater deviation rate than actually exists in the population
There are two sorts of mistakes an auditor can make with sampling:
1. The auditor may fail to identify an existing problem (incorrect acceptance and assessing control risk too low)
2. The auditor may falsely identify a problem where none exist (incorrect rejection and assessing control risk
too high)
The risk of incorrect acceptance and the risk of assessing control risk too low relate to the effectiveness of an
audit in (possibly not) detecting an existing material misstatement. Auditors usually accept a risk of 5% (or
10%). Inverse to the risk is the confidence level (also called reliability). The auditor is 95% confident that the
sample is representative of the population.
The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit
(the auditor does more audit work than is necessary)
Attribute Sampling
Planning considerations
Relationship between the sample to the objective of the test of controls
Tolerable deviation rate maximum rate of deviation from a prescribed procedure the auditor will tolerate
without modifying planned reliance (or changing control risk assessment) on internal control. Rate set by
the auditor
Auditors allowable risk of assessing control risk too low
Characteristics of the population
Deviation rate auditors best estimate of the deviation rate in the population from which the sample was
selected. There is a direct relationship to sample size: the fewer the deviations expected, the smaller the sample
size would be needed.
Population of 1000 and sample 100 items and 7 deviations identified within the sample
7% sample deviation rate
Estimate 70 deviations in the population (7% sample deviation rate)
33

AUD - Notes Chapter 1


http://www.cpa-cfa.org

If the estimated deviation rate for the entire population is less than the tolerable rate for the population, the
auditor should consider the risk that such a result might be obtained even though the true deviation rate for the
population exceeds the tolerable rate for the population. For example assume the tolerable rate for a population
is 5% and the sample consists of 60 items:
If no deviations are found in the sample of 60, the auditor may conclude that there is an acceptably low
sampling risk that the true deviation rate in the population exceeds the tolerable rate of 5% (this is because
the sample deviation rate is much less than the tolerable rate)
If the sample includes two or more deviations (2 in 60 = 3.33%), the auditor may conclude that there is an
unacceptably high sampling risk that the rate of deviations in the population exceeds the tolerable rate of
5% (this is because the sample deviation rate is close to the tolerable rate)
The auditor applies professional judgement in making such evaluations
Perform the following steps when conducting attribute sampling
Define the objective of the test
Define the population
Define the sampling unit
Define the attributes of interest
Determine the sample size including risk of assessing control risk, tolerable deviation rate, expected
deviation rate
Sample deviation rate + allowance for sampling risk = Upper deviation rate
Allowance for sampling risk = what we found in the sample isnt representative of the population
If the upper deviation rate is less than or equal to the auditors tolerable deviation rate, the auditor may rely on
the control (assuming results of other audit tests do not contradict such results)
If the upper deviation rate exceeds the auditors tolerable deviation rate, the auditor would not rely on the
control. Instead the auditor would either:
Select and test compliance with some other internal accounting control, or
Modify the nature, extent, or timing of related substantive tests to reflect the reduced reliance
Discovery sampling used for detecting fraud
Stop-or-go sampling allows auditor to stop and audit test before completing all the steps (to avoid over
sampling) used when few error are expected in the population
Variable sampling (estimation sampling)
Stratification items subject to sampling are separated into relatively homogenous groups and treated as a
separate population, which usually results in a reduced sample size. Commonly used when a population has
highly variable recorded amounts
Higher the tolerable misstatement the lower the sample size
The auditor projects the misstatements found in the sample to the population using one of several methods
(MPU, ratio, difference, etc). The projected misstatement is applied to the recorded balance to obtain a point
estimate of the true balance.
The auditor must then add an allowance for the sampling risk (sometimes called a precision interval) to this
estimate
34

AUD - Notes Chapter 1


http://www.cpa-cfa.org

In deciding whether to accept the clients book value, the auditor determines whether the recorded book value
falls within the acceptable range (i.e. point estimate +/- the allowance for sampling risk). If so, the book value
is fairly stated
Probability-Proportional to size (PPS)
PPS sampling unit is defined as an individual dollar in a population
Advantages
Emphasizes larger items by stratifying the sample. The chance of an item being selected is proportionate to
its dollar amount
If no errors are expected, PPS sampling generally requires a smaller sample than other methods
Disadvantages
Items with zero, negative or understated balances require special design considerations
Sampling interval = tolerable misstatement reliability factor
Sample size = recorded amount of the population sampling interval
Tolerable misstatement - the maximum dollar error that may exist in the account without causing the F/S to be
materially misstated
Reliability factors correspond to the risk of incorrect acceptance and are generally obtained from a table

The Effect of Information Technology on the Audit


Test data (test deck) technique that uses the application program to process a set of test data, the results of
which are already known. (the clients system is used to process the auditors data, off-line, and while under the
auditors control
Integrated test facility (ITF) similar to test data approach except that the test data is commingled with live
data (the clients system is used to process the auditors data, on-line)
Test data must be separated from the live data before the reports are created. This is usually accomplished
by processing the test data to dummy accounts (fictitious customer, branch, vendor)
Client personnel are not informed that the test is being run
Parallel simulation (reperformance test) auditor re-processes some or all the clients live data (using auditor
software) and then compares the results with the clients files (the auditors system is used to process client data)
Generalized audit software packages (GASPs) allows the auditor to have little technical knowledge of the
clients system (computerized environment)

Internal Control Communication


2 types of control deficiency deficiency in design and deficiency in operation
Significant deficiency adversely affects the fairness of the F/S
Previously communicated significant deficiencies and material weaknesses that have not been corrected should
be communicated again
It is mgmts responsibility to evaluate and address control deficiencies
35

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Reporting on an entitys internal control over financial reporting (not an audit, just hired to review internal
controls)
The CPA may report on mgmts assertion or may report directly on the effectiveness of the entitys internal
control
Obtain from mgmt a written assertion about the effectiveness of the entitys internal control. The assertion may
be presented in two ways:
1. a separate report that will accompany the accountants report
2. a representation letter to the accounts
When a material weakness exists, the CPA should express an opinion directly on the effectiveness of internal
control, and not on mgmts assertion
In a F/S audit, use of the report on the internal control is restricted, while
In a separate examination of internal control, use of the report is generally not restricted
SOX requirements related to internal controls
PCAOB standards require:
Issuers report (within the annual report) on mgmts assessment of the effectiveness of the companys
internal control over financial reporting, and
Auditors attest to (audit) the accuracy of mgmts report
The auditors report must disclose material weaknesses in internal control, but is not required to disclose
significant deficiencies that are not material weakness (different than the attestation standards)
If an auditor conducts the audit (of a nonissuer) in accordance with both GAAS and PCAOB, the auditor may
indicate in the auditors report that the audit was conducted in accordance with both standards

Government Auditing
Auditors responsibilities
Obtaining reasonable assurance that the F/S are free of material misstatements resulting from violations of
laws and regulations that have direct and material effect on the F/S
Obtaining an understanding of the possible effects on F/S of laws and regulations
Assessing whether mgmt has identified laws and regulations that have direct and material effect
Communicating to mgmt and the audit committee that an audit in accordance with GAAP may not be
sufficient if, during the audit, the auditor becomes aware that the entity is subject to additional audit
requirements that may not be encompassed in the terms of the engagement
Attestation engagements performed in conformity with Generally Accepted Government Auditing Standards
(GAGAS) (the yellow book) incorporate the AICPAs standards for examinations, reviews, and agreed upon
procedures by reference and include expanded requirements
Audit requirements for federal financial assistance
1. Expanded internal control documentation and testing requirements
2. Expanded reporting to include formal written reports on the consideration of internal control and the
assessment of control risk
3. Expanded reporting to include whether the federal financial assistance has been administered in
accordance with applicable laws and regulations (compliance requirements)
4. Application of single audit standards to federal financial assistance
5. Auditors provide a copy of their peer review to government audit clients
36

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Mgmt is responsible for the entitys compliance with laws and regulations
Mgmt has identified and disclosed in writing to the auditor all the laws and regulations that have a direct and
material effect on its F/S
Audit reports should be distributed to the appropriate officials of the entity requiring or arranging for the audit
(including external funding sources)
GAGAS requires a written report on the auditors understanding of internal control and the assessment of
control risk in all audits. This is different from GAAS, which requires written communication only when
significant deficiencies are noted
Single audits: OMB Circular A-133
The single audit act (OMB Circular A-133) requires entities that expend total federal assistance equal to or in
excess of $500,00 in a fiscal year to have an audit performed in accordance with the Act
Programs classified as major are those that expend $300,000 or more in federal financial assistance, but
smaller programs may be deemed major is they are classified as high risk
Materiality evaluation in a single audit includes a separate evaluation of materiality for each major program
selected
Single audits - audits of an entire organization that include additional audit procedures on specific programs
and include a report on the F/S of the whole organization and audit reports on the specific programs
program-specific audits - audits of specific programs and do not include reports on the F/S of the
organization taken as a whole
Auditor communication requirements increase in government settings. Auditors often have the responsibility of
reporting significant deficiencies to specific regulatory bodies or grantor agencies
A5-47 chart memorize

Communication with the Audit Committee


Audit committee committee of the board of directors, composed of 3-5 members of the board who are outside
directors. Outside directors are not employees of the firm and do not have a material financial interest in the
firm
main purpose is to enhance the internal control by creating a means of direct communication between the
committee and the auditors. An audit committee is considered to be part of the internal control structure
SOX requires the audit committee to approve the engagement of an auditor, and oversee the services
All material communications must be made to the audit committee before the auditors report is filed with
the SEC
Communication may be oral or written. If its oral the auditor should document the conversation
Do not communicate with the audit committee on how we (the auditor) plan to implement the audit

Management Representations
Obtained from mgmt at the conclusion of fieldwork and should address all F/S covered by the report even if
current mgmt was not present during all such periods
Purpose:
1. To confirm representations explicitly or implicitly given to auditor
2. To indicate and document the continuing appropriateness of such representations
3. To reduce the possibility of misunderstanding concerning matter that are the subject of the
representations
37

AUD - Notes Chapter 1


http://www.cpa-cfa.org

Letter is mandatory to issue an unqualified opinion, otherwise issue disclaimer or withdraw


Dated same as the audit report
Signed by the CEO and CFO
Representations may be limited to items that mgmt and the auditor agree are material
The auditor should obtain additional representations from mgmt for special or specific situations. Changes
in the business that may impact the F/S (new acctg principle, impairment of an asset, inventory
obsolescence)

38