Professional Documents
Culture Documents
2009 A-3 Class Notes PDF
2009 A-3 Class Notes PDF
I. AUDITING 3
Auditing 3 primarily deals with two key areas on the exam, planning (which includes consideration
of fraud/illegal acts) and risk assessment (which includes consideration of internal control).
A. PRE-ENGAGEMENT ACCEPTANCE ACTIVITIES
1. You must be familiar with the specific procedures an auditor performs before
deciding to accept a client.
2. You must separate these procedures from the procedures that are performed after
acceptance.
3. Pre-acceptance activities:
a. Make inquiries of the predecessor auditor.
b. Assess the auditablity of the client.
(1) Evaluate management's integrity.
(2) Consider the availability and adequacy of the client's accounting records.
(3) Determine whether the audit firm is capable of performing the audit
(knowledge, staffing, etc.).
(4) Consider whether an audit is the most appropriate form of engagement.
c. Assess the client's business risk and the CPA's business risk.
d. Evaluate compliance with ethical requirements (i.e., independence; quality
control procedures).
B. ESTABLISH AN UNDERSTANDING WITH THE CLIENT
1. The auditor must establish an understanding with the client regarding the services to
be performed.
a. Be aware of the general contents of the letter.
b. An engagement letter is required in most circumstances.
C. PLANNING PHASE OF THE AUDIT
1. The objective of this phase is to develop an overall strategy for the audit.
2. The following are required during the planning stage of the audit:
a. Obtain a sufficient understanding of the entity and its environment, including its
internal control.
b. Obtain knowledge of the client's industry and business (tour facilities, review
financial history, etc.).
c. Perform analytical procedures.
d. Develop an overall audit strategy, and develop and document a written audit
plan.
e. Consider materiality and audit risk so that an overall low level of audit risk is
attained.
1
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
2
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
b. Detection Risk risk that the auditor does not detect a material misstatement
in a financial statement assertion.
(1) This is the only element that the auditor can control, by varying the
nature, extent, or timing of audit procedures.
3. It is imperative that you understand that audit risk needs to stay relatively low.
a. If the auditor's assessment of the risk of material misstatement increases
(usually through an increase in inherent risk or control risk), then the auditor
must reduce detection risk to keep overall audit risk low. The auditor may:
(1) Change the nature of substantive tests from a less effective to a more
effective procedure.
(2) Change the extent of substantive tests (i.e., use a larger sample size)
(3) Change the timing of substantive tests (i.e., perform substantive tests at
year-end rather than at interim)
b. The risk of material misstatement (inherent risk and control risk) has an inverse
relationship to detection risk if you don't understand this, memorize it.
c. Remember that the auditor can change his or her assessment of the risk of
material misstatement (inherent and control risks), but cannot change the
actual risks.
G. AUDIT RISK AND MATERIALITY
1. Audit risk and materiality must be considered together in designing audit procedures.
2. Audit risk and materiality must be considered at both the financial statement level and
at the individual account balance, transaction class, or disclosure item level.
3. There is an inverse relationship between materiality and audit risk.
H. FINANCIAL STATEMENT ASSERTIONS
1. There are three categories of financial statement assertions and thirteen assertions
within those categories (CPA CO CARE CURV).
a. Assertions related to transactions and events:
(1) Completeness
(2) Cutoff (proper period)
(3) Accuracy
(4) Classification
(5) Occurrence
b. Assertions related to account balances:
(1) Completeness
(2) Allocation and valuation
(3) Rights and obligations
(4) Existence
3
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
4
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
5
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
2. The purpose of internal control is to help a company meet its objectives (reliable
financial statements, effective/efficient operations, compliance).
3. There are five components of internal control (CRIME). Know the basic definition of
each, and be familiar with the factors included in each component.
a. Control environment.
b. Risk assessment (this is the company's assessment, not the auditor's).
c. Information and communication systems.
d. Monitoring.
e. Existing control activities.
3. The auditor studies internal control to assess the risk of material misstatement and to
determine the nature, extent, and timing of further audit procedures.
4. The auditor should:
a. Evaluate the design of controls.
b. Determine whether controls have been implemented (i.e., are being used).
5. Be familiar with the inherent limitations of internal control (i.e., the reasons why
errors may occur in spite of an effective system of internal control).
N. CONTROL ACTIVITIES
When there is a strong system of internal control, control activities implemented by the
client might include (PAID TIPS):
1. Prenumbering of documents.
2. Authorization of transactions.
3. Independent checks to maintain asset accountability.
4. Documentation.
5. Timely and appropriate performance reviews.
6. Information processing controls.
7. Physical controls for safeguarding assets.
8. Segregation of duties (ARC: separate authorization, recordkeeping, and custodial
functions).
O. INFORMATION TECHNOLOGY (IT)
1. Use of information technology may impact any of the five components of internal
control.
2. There are both benefits (faster processing, improved consistency) and risks
(unauthorized access to data or programs) associated with the use of information
technology.
3. Segregation of duties within the IT department is important. (Know the specific
breakout of duties for an IT department.)
P. RESPONDING TO ASSESSED RISKS
1. The auditor must respond to the assessed level of risk at two levels:
a. The financial statement level an overall response is required, such as
assigning more experienced staff or increasing the level of supervision.
6
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review Auditing 3 Class Notes
b. The relevant assertion level the nature, extent, and timing of specific audit
procedures is based on the assessed level of risk for the relevant assertions.
2. The auditor may choose between two audit approaches:
a. A substantive approach only substantive procedures will be performed
(controls are nonexistent or it would be inefficient to test them).
(1) Tests of controls may be required when there is extensive use of
technology, even if a completely substantive approach would otherwise
have been utilized.
b. A combined approach tests of controls are performed, in the hope that
effective controls will allow a reduction in substantive testing.
(1) Even if controls are effective, substantive tests are always required to
some extent for each material transaction class, account balance, or
disclosure item.
3. Tests of Controls
a. Tests of controls are used to evaluate the operating effectiveness of controls.
(1) The auditor may, purposefully or incidentally, obtain evidence regarding
the operating effectiveness of controls while obtaining an understanding
of the entity and its environment.
b. Inquiry, inspection, observation, and reperformance are used to test the
operating effectiveness of controls. (Note that inquiry alone is insufficient, and
observation relates only to a specific point in time.)
c. Be familiar with the factors that affect the nature, extent, and timing of tests of
controls.
d. Evidence from prior years about operating effectiveness may be used as long
as it is still relevant and it is not too old (tests should be reperformed at least
once every three years).
4. Substantive Tests
a. Substantive tests include tests of details and analytical procedures.
b. The financial statements should be agreed to the underlying accounting
records, and material journal entries or adjustments should be examined.
c. Be familiar with the factors that affect the nature, extent, and timing of
substantive tests.
(1) In particular, understand that the extent of substantive testing is affected
by the risk of material misstatement (which in turn is affected by inherent
and control risks).
(2) Be familiar with the factors affecting a decision to perform substantive
tests at interim instead of year-end.
5. In responding to the assessed level of risk, the auditor may discover that the initial
risk assessment needs to be modified, and the audit plan should be revised
accordingly.
6. The auditor must use judgment to evaluate the sufficiency and appropriateness of
audit evidence.
7. Be familiar with the documentation requirements, especially the need to demonstrate
how audit procedures are linked in some way to the assessed level of risk.
7
2009 DeVry/Becker Educational Development Corp. All rights reserved.