Auditing Notes

Unit-1 (Professional Responsibility and Ethics)

• Statutory Audit: Legally required review of Financial Statements of the company by an

independent and expert external auditor.

• Auditing (5W’s and 1H)

a) What: Examination of Financial Statements.

b) Why: To give objective opinion as to fairness of Financial Statement in conformity

with US GAAP.

c) When: It is incurred after the Financial Statements are prepared by the Management
of the Company.

d) Who: It is conducted by Independent and Expert External Auditor.

e) Where: Report Audit Findings in Audit Report

f) How: Performing Audit as per GAAS (Generally Accepted Auditing Standards) for
Non-Issuers (Non-Public Companies) and PCAOB AS (Public Company Accounting
Oversight Board Auditing Standards) for Issuers (Public Companies).

Result:
1. Audited
CPA's Audit Financial
(GAAS) Statements

Management's 2. Audit
Financial Report with
Statement (US Opinion on
GAAP) Financial
Statements

• GAAS Standards (10 in Number)

 General Standards Fieldwork Standards Reporting Standards

(Standards to be followed (Standards to be followed (Standards to be followed
on a General Basis) at Clients Place) while writing a Report)
Accounting (As per US
Training and Proficiency Planning and Supervision
GAAP)
Independence Internal Controls Consistency
Corroborative Audit
Professional Care Disclosure
Evidence
Expression of an Opinion

- Shortcut to remember 10 GAAS Standards: General (TIP) is to take (PIC) of Field and
Report ALL CLEAN AND DIRTY ELEMENTS (ACDE)

• General Standards

Professional Care
Training and Proficiency Independence (Exercise in the Planning,

(Auditor’s Qualification (Independence in Mental Performance of the Audit

and Quality of Work) Attitude in all matters) and Preparation of the

Report)
Professional Scepticism
From Management of the
Accounting Education (Reasonable Doubt)
Company
(Questioning Mind)
Professional Judgement
(Neither Assume
Auditing Experience Free from Biasness in Fact Management is dishonest nor
(Material Direct Interest) assume unquestioned
and Appearance honesty)

 and Appearance
(Immaterial Direct
Interest)
Industry Knowledge
Reasonable Assurance
(That Financial Statements
are free of material
misstatement)

• Fieldwork Standards

Corroborative Audit
Planning and Supervision Internal Controls
Evidence
1. Sufficient Audit
1. Understand Internal
Evidence
SOP (Standard Operating Controls of the Company
2. Appropriate Audit
Procedure) (Should establish
Evidence
an overall audit strategy as to 2. Asses Risk of Material
3. Performing Substantive
how the auditor is planning Misstatement
tests (When financial
to conduct the audit)
numbers and transactions
3. Perform test of Controls
are tested)

*IF Internal Controls are good then RMM is low which leads to less Substantive tests and
less Audit Evidence and vice-versa.

• Reporting Standards

Accounting Consistency Disclosures Expression of an

Principles = US Opinion
GAAP

 Types of Opinion
1. Unqualified:
Fairly in
Auditor must state in Auditor must identify accordance with
the auditor’s report in the report whether GAAP
Implicit Statement in
whether Financial the organization has 2. Qualified: Some
Audit Report (When
Statements are been consistent in issues with F/S
the auditor
presented in applying US GAAP 3. Adverse: F/S not
determines that
compliance with US principles from Year in accordance
informative
GAAP. to Year. with GAAP.
disclosures are not
4. If no opinion then
reasonably adequate,
a disclaimer to be
the auditor must so
given.
state in the Audit
Implicit Statement in
Report.)
Audit Report (If new
Explicit Statement in principles have been Explicit Statement in
Audit Report used then they are to Audit Report.
be mentioned in
Audit Report)

• Important Terms

- Implicit- Not Expressed Clearly or can be left to be included in the Audit Report.

- Explicit- Stated Clearly and In-detail in the Audit Report.

GAAS (Generally Accepted ISA (International

Auditing Standards) Standards on Auditing)
AICPA (American Institute
IFAC (International
Managed by of Certified Public
Federation of Accountants)
Accountants)

 IAASB (International
ASB (Accounting Standard
Prepared by Auditing and Assurance
Board)
Standards Board)
SAS (Statement of Auditing ISA (International Standards
Statement Prepared
Standards) on Auditing)

• NOTE- In effort to make US GAAS easier to read, understand and apply with the ISA,
ASB Introduced Clarified SAS which uses AU-C for section numbers. Initially the
sections were coded as AU.

• NOTE: Audit of Financial Statements does not assure the future viability of the entity nor
the efficiency or effectiveness with which management has conducted affairs of the entity.
(However, in some circumstances applicable laws or regulations may require auditors to
provide opinion on other specific matters like effectiveness of Internal Controls.)

• Inherent Limitations of Audit (Reason due to which absolute assurance cannot be

given)

1. Nature of Financial Reporting (Involves Judgement to the facts & Circumstances for
compliance with GAAP).

2. Nature of Audit Procedures (Practical and Legal Limits on Auditor’s Ability to obtain
Audit Evidence) (Audit is not an official investigation into alleged wrongdoing.
Accordingly, the auditor is not given legal powers such as power of search)

3. Timeliness of Financial Reporting

4. Balance between Cost and Benefit

5. Other Matters: Auditor’s ability to detect material misstatements due to Fraud, Non-
Compliance with laws and regulations.)

 *Because of the inherent limitations of Audit, there is an unavoidable risk that some material
misstatements of Financial Statements may not be detected even though Audit is properly
planned and performed in accordance with GAAS due to which it provides reasonable
assurance.

• Different frameworks for Auditing Standards

Particulars Audit Standards Professional Conduct

American Institute of
US Auditing for Non-
GAAS Certified Public Accountant
Issuers
Code
AICPA Code + Sarbanes
Issuers PCAOB AS + GAAS Oxley Act 2002 + Securities
and Exchange Commission
International Ethics Standard
International ISA
Board for Accountants Code

*GAAS is used for All Audit Engagements.

*GAAS is used to measure the quality of Auditor’s work.

*AICPA Code is used for All Engagements including Audits

*Public Accounting Firms must register with PCAOB to audit a Issuer (Public) Company.

• AICPA Code: AICPA Code is set of guidelines that guides CPAs in the performance of
their professional responsibilities.

• Different parts of AICPA Code of Professional Conduct

 Part-0 Rules that apply to all members

Part-1 Members in Public Practise
Part-2 Members in Business
Part-3 Others (Including Retired or Unemployed)

• A member in public practise should be independent in fact (Real State of Mind) and
appearance (How it appears to the Public) when providing auditing and other attestation
(Providing an Opinion) services.

• Independence: Applies to member in public practise who need to be independent in the

performance of professional services. (Should be maintained in both fact and appearance)

• Independence to be maintained in

- Audit Engagements: Examination of Historical Financial Statements leading to opinion.

- Attest Engagements: Examination of other than Historical Financial Statements.

• Independence not required for

- Compilations

- Consulting Services

- Tax Services

*Independence Terms Applicable for Covered Members: Audit Team, All Partners in Audit
Team’s Office, CPA Firm, Partners/Managers providing over 10hrs/year of non-attest
services, Immediate Family, Close Relatives.

*Independence must be maintained during the entire period of professional engagement

which begins when the CPA signs an Initial engagement letter and lasts until the professional
relationship is terminated.

• Potential Threats to Independence of Auditor

1. Financial Interests: Material or Immaterial Direct or Indirect Financial Interest

2. Employment Relationships

3. Business Relationships

• Safeguards that may eliminate threats or reduce them

- Safeguards created by the Legislation or Regulation

- Safeguards implemented by Client (Audit Committee, Internal Controls)

- Safeguards implemented by CPA firm (Quality Internal Controls)

*If the auditor wants to join the Client at a key position there is a cooling-off period of 1 year.

*Audit Fees for any year must be paid before the issuance of next year’s audit report.

• Conditions to share Confidential Client Information

1. Members in public practise can share information about company only after approval
from Audit Committee

2. Or they can do IRIS Scan

- I: Investigation authorized by AICPA

- R: Review of Quality by AICPA

- I: Inquiry by AICPA

 - S: Subpoena from a valid judicial authority

• Sarbanes Oxley Act 2002 Provisions

1. New Board- PCAOB

2. Auditors to keep audit documents for 7 years.

3. No Non-Audit services to issuers (Either Choose Audit Services or Consulting/Non-

Attest Services, Tax Services are allowed if approved by Audit Committee and disclosed
to SEC)

4. Audit Partner rotation after 5 years.

5. Second Partner required to review and approve all audit reports. (Engagement Quality
Review)

6. Independent Audit Committee is mandatory (At least 1 member to be financial expert)

7. Management responsible for Internal Controls

8. Auditor must attest (access and report) about Internal Controls (ICFR)

Unit-2 (Planning and Supervision)

• Process of Auditing

•Pre-

Accepting Planning
the the Audit, Evaluating Preparing
Engagement Initial Audit the Audit
(Obtain Assesment Evidence Report
Engagement of Risk as

Engagement
Acceptance Activities

- Appointment of Auditor by Audit Committee

- Auditor’s Client Acceptance (Checking Own CPA Firm)

 - Assessment of Client’s Auditability (Checking the Client)

- Communication with Previous Auditor (Only after Prior-Approval from Management)

- Establishing Written Understanding with client (Via Engagement Letter)

*Auditors communicate to the Audit Committee only.

• Planning the Audit: Involves establishing the Overall Audit Strategy for the engagement
and developing an audit plan.

• Audit Strategy: Sets the Scope, timing and direction of the audit and that guides the
development of Audit plan.

• Audit Plan: Nature, Extent and Timing of all planned audit procedures (Written is
mandatory)

• Audit Risk: It refers to the risk that the auditor will give a wrong opinion. E.g.- Auditor
issues unqualified opinion on materially misstated Financial Statements.

*Audit Risk = (Inherent Risk * Control Risk) Risk of Material Misstatement * Detection Risk

* If assessed that RMM is high then Reliance on Client’s IC is less which leads to DR being
reduced due to Increased Substantive Tests and Evidence and vice.

*Overall, the Audit Risk should be low which can de done by varying the level of audit
procedures.

*Only those items are considered for risk which are Material in nature.

 • Misstatement: Either due to Fraud or Error. The following listed are different types of
Misstatements

- Factual Misstatement: Misstatement about which there is no doubt.

- Judgemental Misstatement: Arise from unreasonable accounting estimated or

application of inappropriate accounting policies.

- Projected Misstatement: Auditor’s best estimate of misstatements in entire population

based on projection of misstatements identified in audit samples.

• Inherent Risk: Errors inherent in the nature of client’s business

• Control Risk: Risk that entity’s Internal Controls will fail to prevent, detect, correct a
material misstatement on a timely basis. (Audit can only asses but not change Control
Risk)

• Detection Risk: Risk that procedures performed by the auditor will not detect a material
misstatement that exists. (This can be altered by the Auditor by altering Nature, Extent
and Timing of Substantive Tests).

*Components of Audit Risk Model may be assessed in Quantitative Terms (%) or Non-
Quantitative Terms (High, Medium or Low Risk).

• Supervising the Audit:

- Direction: Directing the Engagement team (Objectives of work to be performed, Nature

of Business, Problems that may arise)

- Supervision: Tracking the Progress, addressing significant or issues, Identifying matters

for consultation or consideration.

 • Elements of a System of Quality Control (Quality Control for the CPA Firm)

- Tone at the TOP (Leadership Responsibilities for quality within the firm)

- Independence

- Acceptance & Continuance of Client Relationships

- Human Resources (Sufficient Personnel with Competence, Capabilities & Commitment)

- Monitoring (System of Quality Control are relevant, adequate and operating effectively)

- Engagement Performance (Performed in accordance with professional standards and

applicable legal and regulatory requirements)

Unit-3 (Internal Controls)

• Internal Controls: It is a process, effected by an entity’s board of directors, management

and other personnel, designed to provide reasonable assurance regarding the achievement
of objects relating to Reporting (Reliable Internal & External Financial & Non-Financial
Reporting), Compliance (Adherence to applicable laws and regulations), Operations
(Effectiveness and Efficiency of business operations).

• Accepted Framework: Internal Controls- Integrated Framework published by COSO

(Committee of Sponsoring Organizations) is broadly accepted and widely used
framework for Internal Controls.

• Components of COSO’s Internal Controls (CRIME)

- C: Control Environment (Sets of Standards, processes and structures that provide the basis
for carrying out Internal Controls across the organization like Performance Measures,
Organizational Structure)

- R: Risk Assessment (Dynamic and Iterative process for Identification, Analysis and
Management of Risks by the Management)

- I: Information & Communication Systems (Communication of Relevant and Quality

Information to support the functioning of Internal Controls)

- M: Monitoring (Ascertaining whether each of the five components of Internal Controls are
present and functioning via ongoing and/or separate evaluations)

- E: Existent Control Activities (Policies and Procedures that help ensure that management
directives are carried out and performed at all levels of activity)

*COSO Original Framework was issued in 1992. In 2013, COSO added the 17 I/C Principles
because they are presumed essential in asserting that the CRIME Components are present and
functioning properly.

• Limitations of Internal Controls (COCOC)

- Competence (Issues could lead to mistakes or misjudgements)

- Obsolescence (External Events may make existing I/C obsolete)

- Collusion (Ability of Management or Other Personnel to avoid controls through collusion)

- Override by Management (Ability of Management to override Internal Controls)

- Cost Constraints (Cost of Internal Costs may exceed benefits derived)

• Integrated Audit: According to Sarbanes Oxley Act (2002), Management is responsible

for Internal Controls and Auditor is required to attest to management’s assessment of
effectiveness of Internal Controls over financial reporting.

 • Auditor’s Consideration of Internal Controls

RMM below Max Level RMM at Max Level

R: Risk Assessment Procedures R: Risk Assessment Procedures

U: Understanding Internal Controls U: Understanding Internal Controls

(Evaluating design and Implementation (Evaluating design and Implementation
of Internal Controls) of Internal Controls)

C: CR/ RMM Assessment C: CR/ RMM Assessment

P: Performing Test of Controls S: Planning extensive substantive tests
A: Asses results Test of Controls (If yes then
Substantive Test Approach (Because rely on
reduced Substantive Tests, If No then Plan
IC is less)
Substantive Tests)
S: Substantive Tests (Known as Combined
Approach= Test of Controls + Substantive
Tests)

• Method for testing of Controls (RIIO)

- R: Re-Perfomance

- I: Inquiry

- I: Inspection

- O: Observation

 *ARCC: Authorization, Recording, Custody and Compa

• Various Methods of Inspection

- Vouching: Examining documents in a Reverse Order of preparation to test the assertion of

existence & occurrence.

- Tracing: Examining documents in Order of Preparation to test the assertion of

Completeness.

Unit-4 (Corroborative Audit Evidence)

• Audit Evidence

1. Sufficient: Extent (Quantity)

2. Appropriate: Nature and Timing (Quality: Relevance and Reliability)

*Professional Judgement is required to conclude whether Audit Evidence is Sufficient and

Appropriate.

*Tie-outs: Verifying Financial Numbers

• Source of Audit Evidence

- Obtained from Knowledgeable Independent Sources outside the entity.

- Generated Internally by the Entity.

- Statements prepared by Outsider but obtained from Entity.

• Levels of Audit Evidence

1. Something that Auditor has developed (E.g.- Stock Check)

2. Something that Received from Outsider Knowledgeable Sources (Predecessor Audit)

 3. Something that Received from Outsider and Insider Knowledgeable Sources (Bank
Statement)

4. Something that is Received from the Client

• Professional Scepticism (Doubt about Something)

- Availability Bias: Tendency to Starting your Procedure with the documents available.

- Confirmation Bias: Tendency to look on the evidence that suits your beliefs.

- Overconfidence Bias: Tendency to belief that whatever evidence and judgement is right.

- Anchoring Bias: Tendency to build your belief using only an initial piece of evidence.

- Automation Bias: Tendency to favour output generated from Automated Systems.

• Substantive Tests (Process of Performing Audit)

- Test of Details (Quantitative Focus): Transaction Classes (Income Statement), A/c

Balances (Balance Sheet), Disclosures (Notes to Accounts)

- Analytical Procedures (Quantitative and Qualitative Focus)

• Management Assertions: Explicit or Implicit Claims made by Management about the

Financial Statements of the company.

• Different Management Assertions and Test of Details (COVER-UP)

- C: Completeness:

- O: Cut Off:

- V: Valuation, Allocation and Accuracy:

- E: Existence & Occurrence

- R: Rights and Obligations

- UP: Understandability & Classification