Wiley Loose-Leaf Print Edition
AUDITING
A P R AC T I C A L A P P R O AC H W I T H D ATA A N A LY T I C S
2ND EDITION
Cover Design: Wiley
Cover Image: © Lidiia Moor / Getty Images
www.wiley.com
JOHNSON | WILEY
MOR ONEY | CAMPBELL | HAMILTON
Get Complete eBook Download Link below
for instant download
https://browsegrades.net/documents/2
86751/ebook-payment-link-for-instantdownload-after-payment
Auditing
A Practical Approach with Data Analytics
Second Edition
RAYMOND N. JOHNSON PhD, CPA
Portland State University
Portland, Oregon
LAURA D. WILEY Ph D, CPA
Louisiana State University
Baton Rouge, Louisiana
Adapted from Robyn Moroney, Fiona Campbell,
and Jane Hamilton, Auditing: A Practical Approach (Wiley)
Johnson_FM.indd 1
8/24/21 9:41 AM
DEDICATION
This book would not be what it is today without the
unconditional support and thoughtful input and suggestions from
our spouses, Marilyn Johnson and Joe Wiley.
VICE PRESIDENT, EDITORIAL PRODUCT MANAGEMENT
Michael McDonald
ASSOCIATE EDITORIAL DIRECTOR
Zoe Craig
ACQUISITIONS EDITOR
Veronica Schram
SENIOR MANAGER, COURSE DEVELOPMENT
AND PRODUCTION Ed Brislin
MARKETING MANAGER
Christina Koop
EDITORIAL SUPERVISOR
Terry Ann Tatro
EDITORIAL ASSISTANT
Natalie Munoz
Nicole Repasky
SENIOR COURSE PRODUCTION OPERATIONS SPECIALIST
SENIOR DESIGNER
Wendy Lai
COVER IMAGE© Lidiia Moor/Getty
Images
This book was set in Source Sans Pro-Regular 9.5/12.5 by Lumina Datamatics.
Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their
aspirations. Our company is built on a foundation of principles that include responsibility to the
communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship
Initiative, a global effort to address the environmental, social, economic, and ethical challenges we
face in our business. Among the issues we are addressing are carbon impact, paper specifications
and procurement, ethical conduct ­within our business and among our vendors, and community and
charitable support. For more information, please visit our website: www.wiley.com/go/citizenship.
Copyright © 2022 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of
the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright
Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com.
Requests to the Publisher for permission should be addressed to the Permissions Department, John
Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008,
website http://www.wiley.com/go/permissions.
ISBN-13: 978-1-119-78608-5
The inside back cover will contain printing identification and country of origin if omitted from this
page. In addition, if the ISBN on the back cover differs from the ISBN on this page, the one on the
back cover is correct.
Printed in the United States of America.
10
Johnson_FM.indd 2
9
8
7
6
5
4
3
2
1
8/24/21 9:41 AM
Brief Contents
1Introduction and Overview of Audit and Assurance 1-1
2
Professionalism and Professional Responsibilities 2-1
3Risk Assessment Part I: Audit Risk and Audit Strategy 3-1
4
Risk Assessment Part II: Understanding the Client 4-1
5Audit Evidence 5-1
6Gaining an Understanding of the Client’s System of Internal
Control 6-1
7
Risk Response: Performing Tests of Controls 7-1
8
Audit Data Analytics 8-1
9Risk Response: Performing Substantive Procedures 9-1
10Risk Response: Audit Sampling for Substantive Procedures 10-1
11Auditing the Revenue Process 11-1
12Auditing the Purchasing and Payroll Processes 12-1
13Auditing Cash, Inventory, and Related Income Statement
Accounts 13-1
14
Auditing Investing and Financing Activities 14-1
15Completing the Audit 15-1
16Reporting on the Audit 16-1
APPE ND IX A
Cloud 9 Inc. Audit A-1
AU D I T IN G A N D A SS URA N C E STA N DA RDS AS-1
GLOSS A RY G-1
I N D E X I- 1
iii
Johnson_FM.indd 3
8/24/21 9:41 AM
From the Authors
Being an auditor is being a trusted professional. Auditing is about developing an inquisitive
mind and mastering decision-making. It is also about adapting to change and pivoting when
unexpected situations occur. With companies evolving more rapidly than ever, auditors must
think critically, act ethically, communicate clearly, and embrace new technologies.
To help you develop these skills, we have taken a very practical approach in this second
edition:
Auditing is about developing an inquisitive
mind and mastering decision-making. With
companies evolving more rapidly than ever, auditors must think critically, act ethically, communicate clearly, and embrace new technologies. To help you develop these skills, we have
taken a very practical approach in this text.
ritten the text in a conversational style and incorporated more
• W
headings and bulleted/numbered lists to streamline the content.
• Created a five-step audit decision-making framework to assist you
with developing your critical thinking skills.
• Added information about biases in decision-making.
• Included new infographics to increase your understanding of key
topics.
pdated content for recent changes in auditing standards and new
• U
CPA exam content to provide you with the most up-to-date content.
In the area of technology, auditors and their clients are incorporating more technology
than ever before. You should not be concerned about mastering any specific technology or
software at this time, but you should be knowledgeable about how auditors are incorporating
various technologies, and you should be technologically nimble and willing to experiment
with using technology to analyze client data. To help you do this, we have:
• I ncluded a separate chapter on audit data analytics (ADA) and integrated the use of ADA
into many chapters.
• O
ffered IDEA-based cases, Tableau exercises, and Excel exercises in Wiley Course Resources.
dded discussions about clients’ digital mindset, automated tools for performing audit
• A
procedures, artificial intelligence and machine learning, and cybersecurity.
The accounting and auditing skills you build in this course will serve you for the rest of
your life as you develop independence of thought and action. If you keep asking questions,
continue to explore the application of new technologies, and stay true to the importance of
integrity and independent thought and actions that will earn the public trust, you should have
a rich and rewarding career.
We are excited and honored to lead you on this “auditing” journey. We hope you dive
into the material and explore the resources provided in this text and Wiley Course Resources.
Above all else, we wish you great success in your auditing course and your career!
Raymond N. Johnson, PhD, CPA
Laura D. Wiley, PhD, CPA
iv
Johnson_FM.indd 4
8/24/21 9:41 AM
©The National Association of State
Boards of Accountancy
©Aaron Hogan, Eye Wander Photo
©The National Association of State Boards of
Accountancy
About the Authors
©Aaron Hogan, Eye Wander Photo
Raymond N. Johnson
Laura D. Wiley
Raymond N. Johnson, PhD, CPA, has taught auditing concepts and practices, financial statement analysis, and a case
course focused on developing students’ critical-thinking skills
at Portland State University for 35 years. He was the first recipient of Harry C. Visse Excellence in Teaching Fellowship
and is currently a professor emeritus from Portland State
University. He has also taught auditing and accounting at
Bond University, The University of Queensland, the Australian National University, and Southampton University.
Dr. Johnson is a past Chair of the International Accounting
Education Standards Board’s Consultative Advisory Group.
Previously, he served on the NASBA board of directors for
seven years, and he previously chaired NASBA’s Education
Committee and the NASBA Ethics Committee. He also served
on an AACSB Task Force that was responsible for the most
recent update to AACSB Accounting Accreditation rules.
Dr. Johnson served a three-year term on the AICPA Professional Ethics Executive Committee, which sets ethical standards for
CPAs in the United States. He is a former member of NASBA’s
Standard Setting Advisory Committee and served for seven
years on the NASBA/AICPA International Qualifications
Appraisal Board. Previously, Dr. Johnson served on the Oregon
Board of Accountancy for seven years and was Chair of the
Board for two years. Dr. Johnson is a past president of the Oregon
Society of CPAs. He has previously served as staff to the U.S.
Auditing Standards Board, has written numerous academic
and professional articles, and has made numerous presentations at professional meetings.
Laura Wiley, PhD, CPA, is the Assistant Department Chair
and senior instructor in the Department of Accounting
at the E. J. Ourso College of Business, Louisiana State
University (LSU). She came to LSU in 1996 and teaches
financial accounting and auditing courses. She also leads
a study-abroad excursion in the Master of Accountancy
program, taking students on educational business trips to
Central and South American countries. Dr. Wiley is active
in the Society of Louisiana CPAs (LCPA) and has served as
the chair of the Accounting Education Issues committee
since 2014. She received the LSU Tiger Athletic Foundation Outstanding Instructor Award in 2019 and the LCPA’s
Distinguished Achievement in Education award in 2015.
Dr. Wiley has consulted with large and small companies on
accounting-related matters and conducted onsite training
sessions for company employees. Over her career, she has
also been a presenter at numerous CPE events and published
in the Journal of Accounting Education. Prior to coming to
LSU, she was an auditor with PricewaterhouseCoopers in
Atlanta, Georgia. She earned her bachelor’s degree in accounting from The University of Alabama, her master’s degree in accounting from LSU, and her doctorate in human
resource education and workforce development from LSU.
Her research interests are accounting education and financial literacy. She is an active licensed CPA in the state of
Louisiana.
v
Johnson_FM.indd 5
8/24/21 9:41 AM
New to This Edition:
Chapter-by-Chapter Changes
Chapter 1: Introduction and Overview of Audit and
Assurance
• ADDED the 2020 ASB Audit Report Updates.
• NEW discussion of review of interim financial statements.
• NEW section on the critical-thinking and data analytics
skills required by auditors.
• NEW illustration on the audit decision-making framework.
• NEW Audit Decision-Making Example at the end of the
text discussion.
Chapter 2: Professionalism and Professional
Responsibilities
• NEW section on applying the conceptual framework
through use of an example.
• UPDATED Illustration 2.10 to reflect the most recent depiction of auditor liability under common law.
• UPDATED discussion of Ultramares Corp. v. Touche case
reflecting the latest appeal.
Chapter 3: Risk Assessment Part I: Audit Risk and
Audit Strategy
• UPDATED Illustration 3.1 and following discussion for
clear connection and focus on the factors that influence
client acceptance and retention.
• UPDATED Illustration 3.4 to include “Developing an Audit Strategy” as part of the risk assessment phase.
• UPDATED definition and discussion of materiality from
SAS 138, including qualitative and quantitative factors.
• NEW discussion of unconscious and conscious biases
that impact professional skepticism.
• IMPROVED discussion of audit risk with more logical
flow of audit risk components.
• NEW illustration on inherent and control risk components.
• NEW discussion on role of data analytics in audit risk and
audit strategy.
• ENHANCED discussion of fraud risk.
Chapter 4: Risk Assessment Part II: Understanding the
Client
• NEW illustrations: (1) comparing entity risks of a fastfood restaurant versus a high-end restaurant and (2) how
KPIs vary by industry.
• UPDATED tables on financial ratios to include not only
the formulas but also a description of what they assess
and how they are interpreted.
• REDUCED text discussions where they repeated illustration or table information.
• UPDATED discussions on (1) procedures performed to
gain an understanding of the client, (2) tools for performing analytical procedures, (3) related parties, and
(4) inherent risk considerations for IT, as well as a client’s digital mindset.
Chapter 5: Audit Evidence
• UPDATED discussion of management assertions from
SAS 134.
• NEW illustrations on (1) the four forms of information
that auditors can use as audit evidence, (2) attributes that
auditors should consider when evaluating audit evidence,
and (3) using ADA and automated tools to perform audit
procedures.
• UPDATED discussion and examples of sufficient appropriate audit evidence from SAS 142.
• UPDATED discussion of ADA and automated tools for
performing audit procedures.
Chapter 6: Gaining an Understanding of the Client’s
System of Internal Control
• NEW illustrations on (1) common inherent limitations
of internal control, (2) steps involved in assessing control
risk, and (3) major benefits and risks of IT systems.
• REDUCED text discussions that repeated information
presented in tables.
• DELETED cash receipts example of transaction flows, as
sales process example is comprehensive.
• NEW Professional Environment feature on cybersecurity.
• NEW discussion on the use of a service organization by
an audit client (SOC 1 Reports).
• MOVED section on management letters to Chapter 7.
Chapter 7: Risk Response: Performing Tests of Controls
(previously Chapter 8)
• MOVED discussion of steps in assessing control risk into
Chapter 6.
• NEW discussion, illustrations, and EOC on evaluating an
SOC 1, Type 2 report.
• ADDED section on management letters from Chapter 6.
vi
Johnson_FM.indd 6
8/24/21 9:41 AM
NEW TO THIS EDITION: CHAPTER-BY-CHAPTER CHANGES vii
• NEW Professional Environment feature on AICPA evidence from peer reviews on control testing.
• HIGHLIGHTED AND EXPANDED example of New Millennium Ecoproducts throughout.
Chapter 8: Audit Data Analytics (previously Chapter 7)
• NEW learning objective (and related EOC material) on
how artificial intelligence and machine learning may be
used in an audit.
• NEW emphasis on how ADA fits into the five-step audit
decision-making framework with specific focus on use of
ADA as a risk assessment tool and as a substantive procedure.
Chapter 12: Auditing the Purchasing and Payroll
Processes
• NEW illustrations detailing the auditing steps for both
the purchasing and payroll processes.
• COMBINED some learning objectives for improved presentation of topics.
Chapter 13: Auditing Cash, Inventory, and Related
Income Statement Accounts (previously
first half of Chapter 13)
• NEW discussions of understanding internal controls, developing a preliminary audit strategy, and drawing a final
conclusion.
• NEW focus on how gathering data for ADA application
involves two key steps: (1) accessing and preparing the
data for ADA and (2) considering the relevance and reliability of the data used.
• REVISED discussion of bank transfers for improved understanding.
• NEW Professional Environment feature detailing a recent
report on the use of technology in UK audit firms.
• NEW discussion on the three-step process of valuing inventory.
Chapter 9: Risk Response: Performing Substantive
Procedures
• NEW illustrations highlighting (1) dual-purpose tests,
(2) using a substantive analytical procedure in the context of the audit decision-making framework, (3) an example of estimation uncertainty, (4) inherent risk factors,
and (5) an illustrative timeline of an event related to an
estimate occurring before the date of the audit report.
• UPDATED discussion on auditing accounting estimates
from SAS 143, including a running case example to illustrate application.
Chapter 10: Risk Response: Audit Sampling for
Substantive Procedures
• COMBINED discussions within Learning Objectives 1
with 2, and 4 with 5, for a more streamlined, focused approach.
• ADDED audit risk model depictions to illustrate example
scenarios for improved understanding.
• NEW summary discussion of PPS sampling.
Chapter 11: Auditing the Revenue Process
• NEW section and assessment material on evaluating control activities in a paperless revenue system.
• NEW Professional Environment feature on bank confirmations.
• NEW discussion of the use of ADA to count inventories.
Chapter 14: Auditing Investing and Financing Activities
(previously second half of Chapter 13)
• NEW discussions of how audit planning decisions affect
the assessment of inherent risk, understanding internal
controls, developing a preliminary audit strategy, and
drawing a final conclusion.
• NEW section on auditing debt transactions.
• NEW Auditing Decision-Making Example on investing
and financing activities.
Chapter 15: Completing the Audit (previously Chapter 14)
• ENHANCED discussions and explanations throughout.
• REVISED Professional Environment feature on forensic
accounting.
Chapter 16: Reporting on the Audit (previously
Chapter 15)
• UPDATED throughout to reflect 2020 ASB auditing
standards.
• NEW audit reports from Amazon.com and Photronics,
Inc.
• NEW discussion of preparation engagements.
• NEW discussions of the preliminary audit strategy as well
as drawing a final conclusion for revenues.
• NEW illustration on (1) the five-step process for auditing
revenues, (2) the lapping scheme, and (3) the ADA decision tree for auditing allowance for doubtful accounts.
Johnson_FM.indd 7
8/24/21 9:41 AM
Hallmark Features
Auditing provides a unique pedagogical framework that helps students master the content and
prepare them for a successful career in accounting.
CHAPTER 8
The Big Picture
Each chapter begins with a flowchart detailing exactly what section of the audit
process students are about to learn. The
chart helps students see the big picture of
the audit process.
Audit Data Analytics
Special thanks to Dr. Adrian Gepp of Bond University, Queensland, Australia, for his invaluable
assistance in co-authoring this chapter.
The Audit Process
Overview of Audit and Assurance
(Chapter 1)
Professionalism and Professional Responsibilities
(Chapter 2)
Client Acceptance/Continuance and Risk Assessment
(Chapters 3 and 4)
Gaining an
Understanding of
the Client
Identifying Significant
Accounts and
Transactions
Setting Planning
Materiality
Gaining an Understanding
of the System of Internal Control
(Chapter 6)
Making Preliminary
Risk Assessments
Performing Tests of Controls
(Chapter 7)
Performing Substantive Procedures
(Chapter 9)
Audit Sampling for
Substantive Procedures
(Chapter 10)
Auditing the
Revenue Process
(Chapter 11)
Auditing the Purchasing
and Payroll Processes
(Chapter 12)
Audit Data Analytics
(Chapter 8)
Audit Evidence
(Chapter 5)
Developing Responses to Risk and an Audit Strategy
Auditing Investing and
Financing Activities
(Chapter 14)
Auditing Cash and
Inventory
(Chapter 13)
c03RiskAssessmentPartI.indd Page 3-2 24/01/19 9:35 PM F-0590
Learning Objectives
Completing and Reporting on the Audit
(Chapters 15 and 16)
Procedures Performed Near
the End of the Audit
c05AuditEvidence.indd Page 2 04/03/19 8:37 PM F-0590
5-2
Chapt e r 5
Drawing Audit
Conclusions
3-2 CH A PT E R 3
/208/WB02435/9781119401810/ch05/text_s
Reporting
Risk Assessment Part I
LearningLearning
Objectives
Objectives have been carefully crafted to reflect the Bloom’s
Taxonomy
framework,
LO 5 Explain
how auditors determine
their audit
strategy and how audit strategy affects audit decisions.
well
asofreinforce
the
practical
auditing
skills
LO 6 Explain
the fraud risk assessment
process and
LO 2 Identifyas
the diff
erent phases
an audit.
analyze fraud risk.
LO 3 Explain and apply the concept of materiality.
that students will develop.
LO 1 Evaluate client acceptance and continuance
decisions.
audit evidence
Learning Objectives
8-1
LO 1 Define management assertions about classes of
LO 4 evaluate when it is appropriate for auditors to use
transactions, account balances, and presentation and
the work of others.
5-6 C h a pt er 5 audit evidence
disclosure.
LO 5 Document the details of evidence gathered in
LO 2 Discuss the characteristics of audit evidence.
c08AuditDataAnalytics.indd 1
LO 3 apply the procedures for gathering audit evidence,
including the use of audit data analytics.
Auditing and Assurance Standards
PCAOB
working papers.
LO 4 Explain professional skepticism and apply the
audit risk model.
Auditing and Assurance Standards
assets and liabilities may exist but not be owned by the
entity. For example, inventory held on
7/23/21 8:18 AM
consignment in the client’s warehouse exists, but it is not owned by the client. This inventory
should not be listed as an asset because it does not meet the rights and obligations
assertion
P C AO
B
since it is not owned by the client.
1015items
Due Professional Care in the Performance of Work
When considering (9) completeness, auditors search for assets, liabilities, andAS
equity
to ensure they have been recorded. This assertion is particularly important when
auditors
AS 1101
Audit Risk
believe there is a risk of understatement and the client has omitted some items from the balAS to
1301
Communications with Audit Committees
ance sheet. For example, a client may fail to record various accrued liabilities due
an error
or an attempt to improve reported financial ratios for the period. In addition, auditors
gather
AS 2101
Audit Planning
evidence that all related disclosures are included in the notes to the financial statements.
Au d i t i n g StA n dA r dSWhen
BOAconsidering
rd
2105 that
Consideration of Materiality in Planning and
(10) accuracy, valuation and allocation, auditors search forAS
evidence
assets, liabilities, and equity items have been recorded at appropriate amounts and
subsequent
Performing
an Audit
Au-C 230 audit Documentation
allocation or valuation adjustments are appropriately recorded. Allocation refers to the allocaAu-C 315 Understanding the entity and Its environment
AS 2110 Identifying and Assessing Risk of Material
tion of historical cost over a period of time, such as depreciation of buildings and equipment.
and assessing the risks
of
Material
Misstatement
Misstatement
Valuation refers to subsequent measurements that determine fair value or net realizable
value.
Au-C 500 audit evidence
This assertion is particularly important when auditors believe there is a risk of overor underAS 2301
The Auditor’s Responses to the Risks of
valuation. Here are some examples:
Material Misstatement
Au-C 505 external Confirmations
Auditing and Assurance
Standards
AS 1105 audit evidence
AS 1205 part of the audit performed by Other
Independent auditors
AS 1210 Using the Work of a Specialist
Relevant AICPA and
PCAOB
Auditing
and
• An auditor verifies
that inventory has been appropriately recorded at the lower
of cost
or
Au-C 600 Special Considerations—audits
of Group
AS 2401
Consideration
of Fraud in a Financial
net realizable
(risk of overstatement).
Financial Statements (Including
the Workvalue
of Component
Statement Audit
Assurance Standards
are
listed
at
the
beauditors)
• An auditor tests for the adequacy of the allowance for doubtful accounts (risk of underAS 2610 Initial Audits—Communication Between
statement
or
overstatement
depending
on
the
client’s
motivation).
AS 2310 the Confirmation process
610 Using the Work of Internal auditors
Predecessor and Successor Auditors
ginning of each Au-C
chapter
and
highlighted
• An auditor verifies that equipment used in operations has been appropriately marked
AS 2605 Consideration of the Internal audit Function
Au-C 620 Using the Work of an auditor’s Specialist
down if it is impaired (risk of overstatement).
throughout the discussion. For (11) classification, auditors gather evidence that assets, liabilities, and equity interests
AS 1215 audit Documentation
AS 2110 Identifying and assessing risks of Material
Misstatement
3-44
/208/WB02435/9781119401810/ch03/text_s
C hApte R 3
AUDIT ING STA NDARD S B OARD
AU-C 200 Overall Objectives of the Independent
Auditor and the Conduct of an Audit in Accordance With
Generally Accepted Auditing Standards
AU-C 210 Terms of Engagement
AU-C 240 Consideration of Fraud in a Financial
Statement Audit
AU-C 300 Planning an Audit
AU-C 315 Understanding the Entity and Its Environment
and Assessing the Risks of Material Misstatement
AU-C 320 Materiality in Planning and Performing an
Audit
AU-C 330 Performing Audit Procedures in Response to
Assessed Risks and Evaluating Audit Evidence Obtained
QC10 A Firm’s System of Quality Control
Risk Assessment part I: Audit Risk and Audit Strategy
are recorded in the proper accounts. For example, a parking lot added to land should
be clasCloud
9 - Continuing Case
sified in a separate account from land. A parking lot is considered a land improvement and is
subject to depreciation. Including the parking lot with the land account is improper
classificaSharon
and Josh have already discussed some specific client acceptance issues, such as independence threats and safeguards. Sharon
tion because land is not depreciated.
explains they
When considering (12) presentation, auditors gather evidence that assets, liabilities,
andalso must consider the overall integrity of the client
the accounts
receivable and
inventory
themselves.
At the next planning meeting
for Partners
the Cloud has
9 audit,
(that is, management
of Cloud 9). This means they need to perform
Partners
uses the Second,
following
percentages
as starting in the financial statements.
W&S
justSuzie
wonPickering
the Januaryhandle
31, 2026,
audit for
equityW&S
interests
are
appropriately
aggregated
or disaggregated
For
Sharon
they for
willthe
gather
evidence
regarding a
presents the results of theCloud
analytical
procedures
performed
and document procedures that are likely to provide information
points
various
benchmarks:
9. The
audit team
assignedso
to far
this client
is: is worried about how
example,
liabilities
are
separated into current and long-term portions on the balance
sheet. In
subsidiary of Cloud 9 located in Vietnam. W&S Partners does not
and a working draft of the audit program. The audit manager,
about the client’s integrity. Josh is a little skeptical. “Do you mean
Benchmark
Threshold
(%)should be relevant and understandable. In the
related
disclosures
foreffeclong-term
debt
have an office in Vietnam,addition,
so they must
determine
the most
Sharon Gallagher, and the audit senior, Josh Thomas, are also inthat we should ask them if they are honest?” Sharon suggests it is
• Partner, Jo Wadley
Incomedescribes
before tax its long-term
5.0 debt and includes relevant details such as interest
notes,
a company
tive and efficient way to gather
evidence
regarding the subsidiary.
volved in the planning, with special responsibility for the internal
probably more useful to ask others, and the key people to ask are
Total
revenue and maturity 0.5
• Audit manager, Sharon Gallagher
rates,the
payment
schedule,
dates.
In the planning meeting,
team considers
the following
control assessment.
the existing auditors. Josh is still skeptical. “The existing auditors
Continuing Case
Cloud 9 - Continuing
Case
Cloud
9 Continuing Case
and is part of professional ethics. Sharon also gives Josh the task
of researching Cloud 9’s press coverage, with special focus on anything that may indicate poor management integrity.
Sharon emphasizes they must perform and document procedures to determine whether W&S Partners is competent to perform the engagement and has the capabilities, time, and resources
to do so. For example, they must make sure they have audit team
members who understand the clothing and footwear business.
They also must have enough staff to complete the audit on time.
In addition, Sharon and Josh must perform and document
procedures to show that W&S Partners can comply with all parts
of the code of professional conduct, not just those that focus on
independence threats and safeguards. Finally, they can draft the
engagement letter to cover the contractual relationship between
W&S Partners and Cloud 9.
A Cloud 9 Continuing Case exercise
applies concepts introduced in each
chapter, concludes each chapter, and is
available as an assessment question.
Gross profit
2.0
questions:
The meeting’s agenda is •to Audit
discusssenior,
the available
sources of evJosh Thomas
are Ellis & Associates. Are they going to help us take one of their
Total assets
0.5
idence at Cloud 9 and specify•these
in the
detailedMark
audit Batten
program.
clients from them?” Sharon says the client must give permission
IT audit
manager,
• What evidence is available?
Equity
1.0
The team members also must ensure they have enough evidence
first, and, if that is given, the existing auditor will usually state
• Experienced
staff,members
Suzie Pickering
• What criteria will theThese
team use
to choose
starting
pointsamong
can bealternative
increased or decreased by taking into
to conduct the audit. Two specific
issues worry
of the
whether or not there were any issues that the new auditor should
sources of evidence? account qualitative client factors, which could be:
• First-year
staff,
Ian Harper
team. First, there are three very
large asset
balances
on Cloud 9’s
be aware of before accepting the work. This type of communicaCloud 9 Continuing
Case of using the work of specialists
• What are the implications
trial balance that have particular valuation issues. Josh suggests
tion is covered by AS 2610 (AU-C 210 for private company clients)
• The nature of the client’s business and industry (for example,
and
other
auditors?
that a specialist will be required
forofthe
but they
can
As a part
thederivatives,
risk assessment
phase
for
the
new
audit,
the
audit
Ian and Suzie have already talked in general
abouteither
the through
• No
accounts
receivables or
were omitted when calculating the
rapidlyterms
changing,
growth
or downsizing,
team needs to gain an understanding
of
Cloud
9’s
structure
and
its
errors that could occur in Cloud 9’s accounts
For examtotal—completeness.
an receivable.
unstable environment).
business environment, determineple,
materiality,
and assess the
risk and other clerical errors could
basic mathematical
mistakes
• Whether the client is a public•company
subsidiary
of) in the total do exist at year-end—
Accounts(or
receivables
included
of material misstatement. This will
assist
team in developing
affect
thethe
customer’s
total in either direction.
Suzie
emphasizes
subject
to regulations.
existence.
an audit strategy and designing the
and timingasserts
of
thatnature,
Cloudextent,
9’s management
this error did not exist when
• The knowledge of or high risk of
audit procedures.
• fraud.
Accounts receivables belong to Cloud 9 and have not been
they prepared the financial statements—i.e., they assert that
One task during the planning
phase is
to consider
consold or factored—rights
and obligations.
Typically, income before tax is used; however,
it cannot be used
accounts
receivable
are the
valued
correctly.
cept of materiality
as it3 applies
to the
client. Auditors
will and
dereporting
a loss
for the
year
profitability
is not
Auditors
must
evidence
about each
assertion
for or iffocused
In Chapters
and 4, we
considered
auditgather
risk
riskif assessment.
Those
chapters
• Bad debts
haveconsistent.
been provided for—accuracy, valuation and
sign procedures
identify and
correct
errors or class,
irregularities
calculating
PM
basedofonrisk
interim
and note
in the
financial
stateon the to
importance
of each
risk transaction
identification
to account,
help ensure
theWhen
auditor’s
desired
level
is figures, it may be necallocation.
that would have a material effect
on
the
financial
statements
essary
annualize
theidenresults. This allows the auditors to plan
ments. Now that Ian understands this
ideatobetter,
he can
• Sales from the next period are not included in the earlier period—
and affect the decision-makingtify
of the
the assertions
users of the
audit properly
on an approximate projected year-end
thatfinancial
relate to the the
potential
errors in based
accounts
cutoff. Ian is a bit confused about this because cutoff is an asserstatements. Materiality is used inreceivable
determining
balance. Then, at year-end, the figure is adjusted, if necessary, to
thataudit
they procedures
discussed earlier:
tion for transactions, not account balances. Suzie agrees it is a
and sample selections, and evaluating differences from client
reflect the actual results.
special sort of assertion that relates to transactions or events, but
mistakes
records to audit results. Materiality•isNo
themathematical
maximum amount
of or other clerical errors exist that
also gives evidence about balance sheet accounts (e.g., an overcould that
affectcan
thebe
total
receivables Required
in either direction—accuracy,
misstatement, individually or in aggregate,
accepted
of revenue is also
valuation
and allocation.
Answer the following questions basedstatement
on the information
pre-an overstatement of receivables).
in the financial statements. In selecting
the benchmark
to be
Chapter Preview—Audit Process in Focus
viii
Johnson_FM.indd 8
used to calculate materiality, the auditors should consider the
key drivers of the business. They should ask, “What are the end
users (that is, stockholders, banks, etc.) of the accounts going
to be looking at?” For example, will stockholders be interested
in profit figures that can be used to pay dividends and increase
share price?
W&S Partners’ audit methodology dictates that one planning materiality (PM)c05AuditEvidence.indd
amount is to be6 used for the financial
statements as a whole. The benchmark selected for determining materiality is the one determined to be the key driver of the
business.
sented for Cloud 9 in the appendix to this text and in the current
chapter and previous chapters.
a. Using the October 31, 2025, trial balance (in the appendix
to this text), calculate planning materiality, and include the
justification for the benchmark that you have used for your
calculation.
b. Discuss how the planning materiality would be used to determine performance materiality.
7/26/21 12:26 PM
c. If the planning materiality amount is increased or decreased
later in the audit, how would that impact the audit?
8/24/21 9:42 AM
3-18
C h Apt e R 3
Risk Assessment part I: Audit Risk and Audit Strategy
• Significant subjectivity in measurement of financial information.
• Significant unusual transactions.
As part of risk assessment, auditors will document the identified inherent risks for the client,
including documenting which risks are considered significant. Knowing where the risks are
greatest assists the auditor in planning the best procedures for the audit.
Control Risk After assessing IR, the second step is to gain an understanding of the cli-
2-8
Chapter 2
professionalism and professional responsibilities
ILLUSTRATION 2.2
Threats
identified
Step 1
Conceptual framework
flowchart
Identify
threats
Step 2
Evaluate
significance
of threats
c03RiskAssessmentPartI.indd Page 3-15 24/01/19
No threats
identified
ent’s system of internal controls. The client should have controls in place to minimize the
risk of material misstatement caused by inherent risks. The auditors gain an understanding of internal controls for the purpose of assessing control risk. Control risk (CR) is the
risk that a client’s internal controls will not prevent or detect a material misstatement on
a timely basis.
Illustration 3.7 shows inherent and control risks for a jewelry store. An inherent risk
for jewelry inventory is that it is susceptible to theft from both customers and employees. If
5-32 Ch a pt e r 5 audit evidence
jewelry is stolen without the client knowing, the inventory account will be overstated because
stolen goods would remain recorded in the client’s records. The client knows that jewelry is
The trial balance is then referenced into the appropriate lead and supporting schedules where
susceptible
to
theft;
therefore,
the
client
has
put
controls
in place to minimize the risk of theft.
Threats
Step 3
The control risk for this client would be the risk of one or more of these controls failingaudit
and work is documented for each account in the trial balance. At Bell & Bowerman, LLP,
significant
Identify
the trial balance is referenced using the letter “A”; cash and cash equivalents in various banks
jewelry stolen without client management knowing.
and apply
are referenced into the C Lead; accounts receivable are referenced into the E Lead; inventory
safeguards
accounts are referenced into the F Lead; property, plant and equipment are referenced into
the K Lead; and so on.
9:35 PM F-0590
/208/WB02435/9781119401810/ch03/text_s
The first working paper example is the cash and cash equivalents lead schedule
Step 4
in Illustration 5.15. The purpose of this lead is to summarize all general ledger accounts that
Evaluate
ILLUSTRATION
3.7 the
Example of inherent and control risks
are combined into the cash and cash equivalents account on the financial statements. The
effectiveness
lead schedule also has adjusting journal entries, if any, that are proposed by the auditor. In the
of safeguards
top-left corner of the lead schedule are the client name, period-end, and currency unit (in this
Professional Skepticism and Audit Risk 3-15
example, balances are rounded to the nearest thousand dollars). In the top center of the lead
schedule is section identification (C). In the top-right corner, details of the working paper preDecline or
Are threats
parer and reviewers are documented. Next, details of the cash and cash equivalents balance
No
terminate
at an acceptable
are listed. For each item listed in the lead schedule, the following are noted.
control risk (CR) the risk that
a client’s system of internal controls will not prevent or detect a
material misstatement on a
timely basis
Threats not
significant
ix
Flowcharts and Graphs
Detailed flowcharts and graphs help students visualize important processes.
Conceptual Illustrations
Professional Skepticism
level?
NEW situational art helps students
conceptualize auditing concepts.
engagement
Auditors have a responsibility to plan and perform an audit with professional skepticism.
Professional skepticism is an attitude adoptedYes
by auditors when conducting all phases of the
audit. It means that auditors remain independent of the entity, its management, and its staff
when completing the audit work. In a practical
sense,
Step
5 professional skepticism means auProceed
Document
ditors maintain a questioning mind and thoroughly
investigate all evidence presented by the
with
threats
and auditors should be skeptical if any of
client (AS 1015.07). For example, AU-C 200.A22
states
engagement
safeguards
the following arise during the audit:
applied
• Audit evidence recently gathered that is contradictory to other evidence previously gathered.
Inherent Risk
• New information that bringsJewelry
into question
reliabilitytoof
client
documents
inventorythe
is susceptible
theft.
Inventory
accountor responses
will be overstated if client is unaware of the theft.
to auditor inquiries.
Step 1: Identify
ThreatsthatCPAs
clients
a number
of circumstances. CPAs
• Conditions
may interact
provide with
evidence
of in
possible
fraud.
need to be alert to a possible relationship or situation that might cause a threat to their com• Situations
thatfollowing
indicate the
for additional
procedures
what
pliance with ethical
rules. The
is aneed
discussion
of sevenaudit
common
threatsbeyond
that CPAs
in is required
by generally
accepted
auditingofstandards.
public practice should
be alert
to, irrespective
the services the CPA is engaged to perform.
• General ledger account number, per the client records.
• General ledger account name, per the client records.
• Preadjusted balance, any adjustments, and the audit-adjusted current-year balance per
the client’s trial balance (TB).
professional skepticism an
attitude that includes a questioning mind, being alert to conditions that may indicate possible
misstatement due to fraud or
error, and a critical assessment of
Control Risk
audit evidence
• The prior-year balance, per the prior-year audit file (PY).
• Variance and percentage change, the calculated difference between the prior-year and
current-year balances.
• The cross-reference to the working paper where supporting documentary evidence is
Controls put in place include security cameras and a security guard. kept for each balance (e.g., C02).
Risk of one or more of the controls failing and inventory
being stolen without the client knowing.
The final section of the lead working paper includes any relevant background information
Real-World Illustrations
about the account and comments based upon completed testing.
ILLUSTRATION 5.15 Working paper example: Cash lead schedule
Does maintaining
skepticism
mean
auditors
assume
• Adverse interest
threat. Anprofessional
adverse interest
threat
is the
threat should
that a CPA
willclient
not manageNew Millennium
Note that
IR and CRis are
exist separately
fromEcoproducts
the audit of the
ment
is beingbecause
dishonest?
answer
is no.
not assume
management
dis-the client’s risks and Client:
act with
objectivity
the The
CPA’s
interests
areAuditors
opposedshould
to the client’s
interests.
For
Period-end:
12/31/2025
financial statements.
In other words, the auditors have
no control
over a client’s inherent
honest,
but at interest
the samethreat
time,exists
auditors
notexpressed
assume management
C–LEAD
example,
an adverse
if a should
client has
an intention is
to always
begin honest or
Currency
unit: $000and client factors that
and
control
risks.
Inherentand
risk is driven by industry,
economic,
correct.
Using
professional
skepticism
means
even
if auditors
believe management
litigation
against
the CPA
regarding
the quality
of taxthat
work
previously
performed.
outreliable
of the evidence
control of
those charged with governance are being honest, they should are
gather
to the
sup-auditor. Control risk is impacted by the client’s design and
Lead
schedule:
• Advocacy
An advocacy
threat
the threat
that a CPA
promote
a client’s interimplementation
of internal
controls, which are also out of the auditor’s control. These two
portthreat.
management’s
responses
toisauditor
inquiries
andwill
to support
amounts
and
disclosures
advocacy threat the threat that
ests or in
position
to
the point
that
his orF-0590
her objectivity
or independence
is compromised.
risks
combine
toFor
form
thethese
RMM.
the
financial
statements.
all phases
of the audit,
auditors
should
keep
Page
3-28 24/01/19
9:35 PMThroughout
/208/WB02435/9781119401810/ch03/text_s
Prea CPA will promote a client’sc03RiskAssessmentPartI.indd
example,
an advocacy
threat
exists
if the CPA
provides
expert
witness
services reliable?
to a clientDo
in we need to
adjusted
questions
in mind
when
gathering
audit
evidence:
Is this
information
interests or position to the point
litigation
or
in
a
dispute
with
a
customer
regarding
a
licensing
arrangement.
Once
the
CPA
is
balance
Account
that his or her objectivity or
perform more audit procedures? When auditors exercise professional skepticism during the
Account name
12/31/2025 Adjustments
no.
advocating
for
a
client,
the
CPA
is
no
longer
objective.
An
advocacy
threat
would
also
exist
if
independence is compromised
risk assessment phase, it helps to ensure they are using appropriate assumptions when devela firm acts
as their
an investment
adviser
to an
or director
of aresponse
client. phase. In the reporting phase,
10100
Cash in Bank: Wells Fargo
$ 11,000
$0
oping
audit strategy
that
willofficer
be used
in the risk
familiarity threat the threat
Familiarity
A familiarity
is the evaluating
threat that,the
dueevidence
to a longgathered
or close and
rela-forming an
auditors
use Assessment
professional
skepticism
3-28 • CHAPT
ER 3 threat.
Risk
Part
I threatwhen
Cash in Bank: U.S. Bank
134
0
10200
that, due to a long or close
tionship
with athat
client,
CPA willstatements
become too
to the client’s interests or too
opinion
the afinancial
aresympathetic
presented fairly.
Cash in Bank: Barclays
126
0
10300
relationship with a client, a CPA
accepting of the client’s work or product. For example, a familiarity threat would exist if
• Ongoing losses.
will become too sympathetic
10400
Cash
in
Bank:
Citigroup
56
0
a CPA’s immediate family member were employed by the client in a key position (such
c03RiskAssessmentPartI.indd
18
8/19/21 1:41 PM
to the client’s interests or too
• Rapid
growth.
as the CFO). A familiarity threat
would
also exist if a former partner or professional
10500
Short -Term Deposits
5,796
0
accepting of the client’s work or
• Example
Poor
cash flas
ows
combined
high earnings.
employeeAudit
of an audit
firm joined
the client
itsProfessional
CFO and with
had Skepticism
knowledge
of the firm’s
Reasoning
Total Cash and Cash
$17,112
$0
product
policies and practices for the audit
engagement.
• Pressure
to meet market expectations and profit targets.
Equivalents
• Management
participation
A management
participation
threat
the some
management participation
An auditor
was auditing•threat.
aPlanning
recreational
vehicle
dealership.
The auditor
had is
obtained
to list
on a(RV)
stock
exchange.
Key to audit tick marks (TM):
threat the threat that a CPA
financial
information
from
client
showing unaudited
results for
the end
of the third
threat thatinitial
a CPA
will take
on the role
ofthe
client
management
or otherwise
assume
manTB Agrees to client’s trial balance.
• Planning to raise debt or renegotiate a loan.
will take on the role of client
quarter. Sales were
upexample,
and profitamargins
were
up, making
the best year
so and
far for
the client.
PY Agrees to prior-year audit file.
agement responsibilities.
For
CPA may
have
a small itbusiness
client,
the
•that
The
client
being
about
to enter
intothe
ainventory
signifi
newshowed
contract.
management or otherwise assume
Interim
recordsfirm
showed
inventory
was also
up, and
the client’s
records
over
owner asks
the CPA’s
to do
various
bookkeeping
services
for
client.cant
Providing
adverse interest threat the
threat that a CPA will not act
with objectivity because the
CPA’s interests are opposed to the
client’s interests
H A LLMA RK FEATU RES
Many illustrations, such as working
papers and confirmations, present
documents that students will encounter in a real-world audit.
Prepared by:
Reviewed by:
Reviewed by:
Bell & Bowerman, LLP
Reference: C-Lead
Adjusted
current-year
balance
12/31/2025
Prior-year
balance
12/31/2024
KM 1/21/2026
SO 1/22/2026
MM 1/24/2026
Variance
%
Variance
Ref
$ 11,000
TB
$ 10,500
PY
$500
5%
C01
134
TB
134
PY
0
0%
C02
126
TB
126
PY
0
0%
C03
56
TB
50
PY
6
12%
C04
TB
5,600
PY
196
4%
$702
4%
Real-World Examples
management responsibilities
5,796
$17,112
$16,410
C05
Audit Reasoning Examples apply chapter
concepts in brief real-world scenarios that
students might encounter in a professional
environment. They also provide real-world
company examples of chapter concepts.
300 RVs
on hand
the •end
the third
quarter.
Theofaudit
senior went
to talk
towhich
the audit
manA of
signifi
cant
proportion
remuneration
tied
to earnings
(that
is, bonuses or stock options). Background: No significant changes in banks or bank accounts from the prior period. Note: Analytical review on movements in the cash flows has
bookkeeping
services
mayatcause
the
CPA
to make
various
management
decisions,
been performed on the cash flow schedule — see A1.1.
ager about the good news and the client’s performance. The audit manager asked the senior a key
is a threat to the firm’s objectivity and independence. This may also put an accounting
question. “You did the inventory observation last year. How many RVs did the client have then?”
firm in a position of auditing its own work.
Comments: Cash and cash equivalents: In line with budget and change consistent with level of activity for the period (see also our review of the
self-interest threat the threat
that a CPA could benefit, financially
or otherwise, from an interest in,
or a relationship with, a client or
persons associated with the client
“I think it was about 210,” the senior replied. Then the audit manager asked, “How full was the lot
• Self-interest
threat.
self-interest
threat
is theoverfl
threat
thatthe
a CPA
couldThe
benefit,
last year?”
The A
senior
replied that it
was “almost
owing”
year before.
manager then
financiallysaid,
or otherwise,
interest
in, or relationship
with,have
a client
or persons
asso“Let’s look from
at thisan
more
skeptically.
I don’t think
they
storage
capacity
for
another
90 I
Audit
Reasoning
Example
Fraud
at Toshiba:
Part
RVs
though
are up.
could be
an error
in the
inventory
This information
ciated with
theeven
client.
For sales
example,
a There
self-interest
threat
exists
when
a CPArecords.
has a financial
statement of cash flows referenced in A1.1). Short-term deposits: Although the balance is very consistent with previous period, inclusion of
short-term deposits within cash and cash equivalents is acceptable (refer to C5).
makes me believe that the existence of inventory is a very high inherent risk.”
You may be familiar with Toshiba Corporation, a publicly traded Japanese company headquartered in Tokyo that makes consumer electronics, household electronics, office equipment, and
more. In July 2015, the CEO of Toshiba announced he was resigning amid an accounting scandal
in which profits had been overstated for the past seven years by approximately
$1.9 billion (224.8
7/23/21 8:43 AM
c05AuditEvidence.indd
billion yen). What incentives and pressures were involved that led to the fraud? The technology
industry is extremely competitive and Toshiba’s upper management set aggressive profit targets.
The home electronics and appliances division was showing losses and the memory chip division
Audit risk is the risk that an auditor expresses an inappropriate audit opinion when financial
was feeling pressure because of decreasing demand from Chinese electronics companies.6 As an
statements are materially misstated (AU-C 200 Overall Objectives of the Independent Auditor
example, in September 2012, the head of the digital products and service division was told by the
and the Conduct of an Audit
in Accordance With Generally Accepted Auditing Standards and
CEO to improve a 24.8 billion yen loss into a 12 billion yen profit in just three days!7 Think about
AS 1101 Audit Risk). Thishow
means
audit
reportwould
stateslearn
the about
financial
statements
aretopresented
the the
external
auditor
the incentives
given
lower-level management. How
fairly, in all material respects,
in actuality
the fiabout
nancial
might when
an internal
auditor learn
thesestatements
incentives?contain a material
c02ProfessionalismAndProfessionalResponsibilities.indd 8
Audit Risk
32
7/23/21 8:20 AM
c05AuditEvidence.indd Page 5-20 1/15/19 9:44 PM f-1241
/208/WB02435/9781119401810/ch05/text_s
error or fraud. While it is impossible to eliminate audit risk, auditors aim to reduce it to an
5-20
Opportunities to Environment
Perpetrate a Fraud
The Professional
CH A PT E R 5
Audit Evidence
Professional Environment Working with IT Auditors
After identifying one or more incentives or pressures to commit a fraud, auditors assess
whether a client’s employees have an opportunity to perpetrate a fraud. Auditors utilize their
knowledge of how other frauds have been perpetrated to assess whether the same opportunities exist at the client. While the examples below of opportunities to commit a fraud suggest
a fraud may have been committed, their existence does not mean a fraud has definitely occurred. Auditors must use professional judgment to assess each opportunity in the context of
other risk indicators and consider available evidence thoroughly.
Audit Decision-Making example 3-35
Examples of opportunities that increase the risk that a fraud may have been perpetrated
include:
Professional Environment features provide in-depth discussions
of how concepts in a chapter are applied in the business world.
Audit Decision-Making Example
• Accounts that rely on estimates and judgment (discussed further in Chapter 9).
• A high volume of transactions close to year-end.
Obtain Company Background
Information
and Data
• Signifi
cant adjusting
entries and reversals after year-end.
You have been assigned to the audit of• inventory
forrelated-party
a private company
that owns(discussed
and operates
a chain
Significant
transactions
further
in Chapter 4).
of retail jewelers. The company’s sales revenue has grown by 300% in the last two years, primarily
• Poor corporate governance mechanisms.
by acquisitions. Seventy-eight percent of the value of the company’s inventory is in wedding rings,
•
Poor
system
of
internal
control
(discussed
further
in
Chapters
6 and 8).
diamonds, gold necklaces, and high-end watches. Because the company has grown through acquisition, the company has not yet brought
two acquired
(representing
of sales) control
under responsibilities.
• A high
turnovercompanies
of staff with
accounting35%
or internal
the company’s inventory system. As a result, the company is currently operating with three different
inventory-control systems. The core inventory system being used by the retail stores represents 65%
of sales. Sixty percent of inventory was tested in the prior year and controls over the existence of
inventory were effective.
6
E. Pfanner and M. Fujikawa, M. “Toshiba Slashes Earnings for Past Seven Years,” The Wall Street Journal,
The CFO’s top priority is to put
all retail7,operations
under this one inventory-control system by the
September
2015. https://www.wsj.com/articles/toshiba-slashes-earnings-for-past-7-years-1441589473
7
end of the fiscal year (January 31). He
particularly
concerned
gross margins
K. is
Nagata.
“Pressure
to show about
a profitlower-than-expected
led to Toshiba’s accounting
scandal,” The Japan Times, September 18,
at some of the acquired stores, and 2015.
he expects
that better inventory control will improve this situation. In
http://www.japantimes.co.jp/news/2015/09/18/business/corporate-business/pressure-to-show-a-profi
taddition, gold prices have risen 15%led-to-toshibas-accounting-scandal/#.WNJjNmQrLjA
in the last 12 months, and the company is making sure it is not selling
“conflict diamonds” illegally traded to fund conflict in war-torn areas of Africa. Your responsibility is to
develop an audit strategy for testing the existence of inventory.
Specialist IT auditors are often used in audits of clients with complex information technology (IT) environments because the effective audit of the IT systems contributes to overall audit quality.
Large audit firms usually have such specialists within the firm, but
smaller audit firms could engage external IT consultants for this
part of the financial statement audit. In general, reliance on an
IT specialist is appropriate when the financial statement auditor
complies with the conditions of AU-C 620.
If the IT expert and the financial statement auditor do not
work well together, audit quality can be impaired. For this reason, researchers have investigated the factors that affect the way
that financial statement auditors work with specialist IT auditors.
Brazel12 reviewed this research evidence and drew the following
conclusions. First, responses from financial statement auditors in
the United States who were surveyed about their experiences with
IT auditors indicated that they believe IT auditors’ competence
levels vary in practice. Financial statement auditors also said that
IT auditors appear to be overconfident in their abilities in some
settings, and questioned the value provided by IT auditors to the
financial statement audit.
Second, Brazel suggests the research shows that both financial statement auditors’ IT ability and experience and the IT auditor’s competence affect how these two professions interact on an
audit engagement. This indicates that audit firms need to ensure
that staff training and scheduling produce appropriate combinations of financial statement auditors and IT auditors on an
engagement.
Finally, Brazel argues that the research findings demonstrated that auditors need to consider the implications of finding
a balance between greater software-assisted audit techniques
training for financial statement auditors and greater use of IT
specialists for overall audit efficiency and effectiveness.
The role of IT audit specialists could grow to become even
more than a support function for auditors. Some researchers
suggest that in e-businesses, the external financial statement
auditor’s authority will be challenged by IT audit specialists because of technological change and its impact on auditing.13 In
e-businesses, economic transactions are captured, measured,
and reported on a real-time basis without either internal human
intervention or paper documentation.14 Auditing is likely to become more real-time and continuous to reflect the pattern of the
transactions. If traditional auditors are unwilling or unable to
adapt to the new environment, their role could be taken over by
IT specialists.
Other developments such as reporting using XBRL (eXtensible Business Reporting Language) provide challenges for auditors as they have to adapt their techniques and approaches to
audit financial information that is disaggregated and tagged. Users can extract and analyze XBRL data directly without re-entry
and the tag provides additional information about the calculation
and source of the data. This means auditors have to recognize that
their clients are reporting financial data with different levels of
information and users might have greater expectations of the data.
Learn more about XBRL at www.xbrl.org.
? What Is the Audit Problem You Are Trying to Solve?
Cloud 9 - Continuing Case
The focus of attention in this instance is to develop an audit strategy for testing the existence of inventory.
The auditor may develop a different audit strategy for testing the valuation of that inventory.
Josh will take responsibility for obtaining a specialist’s opinion on
the derivatives. He knows that W&S Partners has other staff (who
are not part of the audit team) who can provide additional expertise.
However, because he believes the accounts are so material to the
audit and derivatives have become such a big issue in audits in recent
years, he deems an external specialist’s opinion is also required. He
Gather Information and Evidence
Important information includes:
Audit Decision-Making
Framework
Using the Work of Internal Auditors
• A significant portion of the inventory is high in value, small in size, and susceptible to theft.
• Although internal controls may be strong overall, there is risk they may not be operating effectively
and uniformly in some locations.
• The weak gross margins in some stores may be evidence of inventory shrinkage or theft.
• Fraud risk may be high in some locations due to the opportunity offered by weak internal
controls.
• The auditor needs to determine how internal controls affect audit strategy and whether the auditor
wants one audit strategy for part of the inventory and another audit strategy for another part of the
inventory.
internal auditors employees
of the client who perform assurance and consulting activities
designed to evaluate and improve
the effectiveness of the entity’s
governance, risk management,
and internal control processes
The role of the internal audit function was introduced in Chapter 1. Internal auditors are
employees of the client who perform assurance and consulting activities designed to evaluate
and improve the effectiveness of the entity’s governance, risk management, and internal control processes. Not every client will have an internal audit function. For example, small and
medium-sized companies, especially private companies, may not have the resources to staff
an internal audit function. But if the client does have an internal audit function, what role,
if any, do the internal auditors play in the financial statement audit? According to AU-C 610
Each chapter concludes with an Audit
Decision-Making Example that takes students through specific steps of the audit
process while offering solutions to issues
presented throughout the example.
Perform the Analysis and Evaluate the Results
Analysis of risk:
• Inherent risk factors include valuable inventory that is subject to theft and misappropriation.
• Internal controls are not uniform. Based on the prior year’s evidence and a preliminary understanding of the system in the current year, strong internal controls appear to operate over only 60% of
the inventory.
12
J. F. Brazel. “How do financial statement auditors and IT auditors work together?” The CPA Journal,
November, 2008, pages 38–41.
A. Kotb, C. Roberts, & S. Sian. “E-business Audit: Advisory Jurisdiction or Occupational Invasion?” Critical
Perspectives on Accounting 23, no. 6 (2012), pages 468–82.
14
Kotb et al., 2012.
• It may be more efficient to physically inspect inventory as of one date and use one audit strategy for
all inventory testing.
13
• Fraud risk is considered to be high at locations where inventory controls are not strong.
!
has some experience of using a derivatives specialist on prior audits,
and he also plans to ask Jo Wadley (the partner) to recommend a
suitable specialist.
Josh plans to investigate any possible connections between
the specialist and Cloud 9 that could adversely impact the specialist’s objectivity before engaging him for this audit.
Draw an Audit Conclusion
• Inherent risk is set at the maximum because inventory is high in value and susceptible to theft and
misappropriation.
• Control risk is set at high, as 40% of inventory may not have sufficient internal controls.
• Fraud risk is considered high due to the opportunity offered by weak internal controls.
• These risk settings result in setting detection risk at low.
• Low detection risk impacts the nature, timing, and extent of substantive procedures. For example, the auditor will plan testing of the physical existence of inventory at year-end, select a larger
number of locations to visit, and vary the extent of inventory testing at each location depending on
internal controls over the counting of inventory at each location.
c03RiskAssessmentPartI.indd 35
Johnson_FM.indd 9
7/23/21 8:20 AM
8/24/21 9:42 AM
Engaging Students
The Auditing online homework system features a suite of teaching and learning resources
that were developed under close review of the authors. In the homework system, students can
access review content and practice assessment that will help them better understand course
material.
Student Practice
Each chapter includes practice questions
for each learning objective that students
can review to assess their understanding
of chapter topics.
Data Visualization
Assignments—Tableau
and PowerBI
Tableau and NEW PowerBI visualizations accompanied by assessments
are available with most chapters.
IDEA Cases
Select chapters include IDEA cases and case video
resources that allow students to use IDEA software
to analyze data. An IDEA casebook and accompanying data sets, provided by Audimation Data Analytic
Software and Services, is also available.
Alteryx
NEW Alteryx cases and supporting video
resources are available with some chapters.
Gradable Excel
Select chapters include gradable Excel questions that
assess students’ understanding of Excel formulas.
x
Johnson_FM.indd 10
8/24/21 9:43 AM
ENGAGING STUDENTS
xi
Relevant Accounting
Articles
Up-to-date accounting articles and videos
are posted to the Wiley accounting update
site, www.wileyaccountingupdates.com.
Many of these updates address auditingrelated topics.
Adaptive Assignments
Adaptive Assignments ignite students’ confidence to persist so that they can succeed in
their courses and beyond. By continuously
adapting to each student’s needs and providing
achievable goals with just-in-time instruction,
Adaptive Assignments close knowledge gaps
to accelerate learning.
Johnson_FM.indd 11
8/24/21 9:43 AM
Preparing for the CPA Exam
For each chapter in the Auditing course, students can access CPAexcel videos, CPA Exam
Practice Questions in the PrometricTM Testing Interface, and Task-Based Simulations (TBSs),
which are the primary form of assessment used by the American Institute of Certified Public
Accountants (AICPA). These resources:
1. Reinforce understanding of course topics.
2. Demonstrate relevance to show students how the auditing content they are learning will be
assessed on the CPA exam.
3. Build student confidence with early exposure to CPA exam questions.
CPA Exam Practice Questions in
the Prometric™ Testing Interface
Wiley partners with CPAexcel to provide CPA exam
practice questions for each chapter that recreate the
environment students will encounter on the CPA
exam.
Task-Based Simulation in the
Prometric™ Testing Interface
CPA simulations recreate the environment students will see on the CPA exam.
CPA Exam Video Lessons
Each chapter includes CPA exam text discussions and videos that provide students with
insight into auditing topics commonly addressed on the CPA exams.
CPA Exam Assignment
Each chapter includes one CPA exam assignment that allows instructors to assign CPA
multiple-choice questions. Student performance is tied to the gradebook.
xii
Johnson_FM.indd 12
8/24/21 9:43 AM
Student Assessment
Each chapter of Auditing has over 300 assessment questions that can help keep your students
engaged and on track.
End-of-Chapter Assessment
Questions and Problems
Each Auditing text chapter concludes with over 40 assessment questions and problems you can
use to gauge students’ understanding and ability to apply auditing concepts, as follows:
• Multiple-Choice Questions—Available to quickly and effectively test students’ understanding of the chapter material.
hort Answer Questions—Open-ended questions that require students to begin
• S
thinking critically about the auditing process.
• Analysis Problems—Based on scenarios students might encounter as auditors in the
business world, analysis problems assess how well students understand specific topics in
a chapter.
Cases
Because no two audits are alike, Auditing uses a practical, case-based approach to help students develop professional judgment, think critically about the auditing process, and develop
the decision-making skills necessary to perform a real-world audit. The best way for a student
to learn auditing is to actually do auditing. To help provide real-world application, we have
developed the following cases:
• A
udit Decision Cases—Three cases run through most of the text chapters and provide
a broad review of the audit process (King Companies, Inc., Mobile Security, Inc., and
Brookwood Pines Hospital). In addition, chapter-specific cases help you assess students’
understanding of topics that are the focus of a particular chapter.
• C
loud 9 Continuing Case—Requires students to apply chapter concepts to the ongoing
Cloud 9 case that is highlighted in the chapter.
To help you more easily identify what questions you want to assign, questions are tagged
with learning objectives, professional AICPA and AACSB outcome standards, Bloom’s
Taxonomy level, level of difficulty, and a recommended time of completion. You can track
student performance in the gradebook found in the Wiley online homework system.
Test Bank
Over 150 NEW, more challenging application and analysis questions were added to this edition’s test bank. Each chapter of the test bank has between 130 and 200 questions that you
can assign to students in an exam or as graded practice. Question types include true/false,
multiple-choice (NEW multiple-select), fill-in-the-blank, and short answer questions. To help
you more easily identify what questions you want to assign, questions are tagged with learning
objectives, professional AICPA and AACSB outcome standards, Bloom’s Taxonomy level, level
of difficulty, and a recommended time of completion. You can track student performance in
the gradebook.
xiii
Johnson_FM.indd 13
8/24/21 9:43 AM
Acknowledgments
Auditing has benefited tremendously from the input of students who have used this text’s material in class. We are also very appreciative of the comments and suggestions we received from
instructors who reviewed and used the first edition of this textbook, as well as the instructors
who participated in development and authoring activities for this new edition. A special thank
you to Kathleen Bakarich. We greatly appreciate her contributions to our Alteryx resources.
Sanaz Aghazadeh
Louisiana State University
Dale Flesher
University of Mississippi
Joe Looney
Hofstra University
Anne Albrecht
Texas Christian University
Paul Franklin
Purdue Global
Jason MacGregor
Baylor University
Matthew Anderson
Michigan State University
Scott Fulkerson
University of California—Santa Barbara
Roger Martin
University of Virginia
LuAnn Bean
Florida Institute of Technology
Lori Fuller
West Chester University
Susanna Matson
Siena College of Taytay, Philippines
Marie Blouin
Ithaca College
Amber Gray
Adrian College
Linda McCann
Metropolitan State University
A. Faye Borthick
Georgia State University
Abo-El-Yazeed Habib
Minnesota State University—Manka
Karen McDougal
Pennsylvania State University—Brandywine
Joe Brazel
North Carolina State University
James Hansen
Weber State University
Linda McKeag
University of Dubuque
Billy Brewster
Texas State University
Frederick Harmon
University of Bridgeport
Mary Mindak
DePaul University
Rich Brody
The University of New Mexico
Julia Higgs
Florida Atlantic University
Ashley Minnich
Park University
Melodi Bunting CPA, CMA, CGMA
Wegner CPAs
Karen Hooks
Florida Atlantic University
Paula Mooney
Savannah State University
Jeffrey R. Cohen
Boston College
Carol Jessup
University of Illinois—Springfield
Anita Morgan
Indiana University
Emily Cokeley
Rochester Institute of Technology
Eric Johnson
University of Wyoming
Grace Mubako
California Stata University—Sacramento
Sheila Coomes
Kansas State University
Joe Johnston
Illinois State University
Christine Noel
Metropolitan State University of Denver
Laurence DeGaetano
Montclair State University
Bill Joyce
Bemidji State University
Christopher A. Nogot
Siena College of Taytay, Philippines
Kristina Demek
University of Central Florida
Brett Kawada
San Diego State University
Connie O’Brien
Minnesota State University—Mankato
Lisa Derouin
Wisconsin Lutheran College
Walied Keshk
California State University—Fullerton
Aimee Pernsteiner
University of Wisconsin—Eau Claire
Raymond Elson
Valdosta State University
Katherine Kinkela
Iona College
Rossen Petkov
Lehman College
Steven Ernest
Baton Rouge Community College
Milton Krivokuca
California State University—Dominguez Hills
Byron Pike
Minnesota State University—Mankato
Reza Espahbodi
Washburn University of Topeka
Ellen L. Landgraf
Loyola University—Chicago
Lincoln Pinto
Concordia University Chicago
Kel-Ann Eyler
Georgia College and State University
Betsy Lin
Montclair State University
Marshall Pitman
University of Texas—San Antonio
Magdy Farag
California Polytechnic University—Pomona
Cathy Liu
University of Houston—Downtown
Dwayne Powell
Arkansas State University
xiv
Johnson_FM.indd 14
8/24/21 9:43 AM
AC K NOWLED GMENTS
Sridhar Ramamoorti
University of Dayton—Ohio
Margaret B. Shackell-Dowell
Ithaca College
Lisa Victoravich
University of Denver
Matthew Reidenbach
Pace University—New York
Philip Slater
Forsyth Technical Community College
Jim Vogt
University of Colorado—Denver
Maria Sanchez
Rider University
Vicki Stewart
Texas A&M University—Commerce
Rick Warne
University of Cincinnati
Matthew J. Sargent
University of Texas at Arlington
Jaclyn Strauss
Purdue Global
Amanda Warren
University of Tennessee—Knoxville
Gary Schneider
California State University—Monterey Bay
Floran Syler
Azusa Pacific University
Barrett Wheeler
Tulane University
Dan Schrag
Baldwin Wallace University
Paula Thomas
Middle Tennessee State University
Angela Woodland
Montana State University
Edward B. Seibert
Wesley College
Andrea Tietjen
Caldwell College
Gail E. Wright
Tim Seidel
Brigham Young University
Patricia Timm
Northwood University—Michigan
Jamie L. Seitz
University of Southern Indiana
Madeline Trimble
Illinois State University
Suzanne Seymoure
Saint Leo University, University Campus
Richard Turpen
University of North Carolina—Asheville
We also want to thank several individuals for their help in
moving this text from concept to publication. This work would
not have come to fruition without the extensive support and
guidance of Emily Marcoux, Veronica Schram, Joel Hollenbeck, Ed Brislin, Nicole Repasky, Natalie Munoz, Terry Ann
Tatro, and Vimal Shanmugavelu.
Johnson_FM.indd 15
xv
Fengyun Wu
Manhattan College
Aleksandra Zimmerman
Florida State University
Ally Zimmerman
Northern Illinois University
We appreciate suggestions and comments from users—
instructors and students alike. Please send us your thoughts
and ideas about the text.
Raymond Johnson
Sunriver, Oregon
Laura Wiley
Baton Rouge, Louisiana
8/24/21 9:43 AM
Table of Contents
1Introduction and Overview of Audit
and Assurance
1-1
1.1 Assurance, Attestation, and Audit Services 1-3
Audit Services 1-4
Attestation Services 1-4
Assurance Services 1-5
1.2 Different Assurance Services 1-6
Financial Statement Audits 1-6
Compliance Audits 1-8
Operational (Performance) Audits 1-8
Internal Audits 1-8
1.3 Demand for Audit and Assurance Services 1-9
Financial Statement Users 1-9
Demand for Audit and Assurance Services 1-10
1.4 Preparers and Auditors 1-11
Preparer Responsibility 1-11
Auditor Responsibility 1-12
Auditor Skills 1-12
Assurance Providers 1-13
1.5 The Role of Regulators and Regulations 1-14
Securities and Exchange Commission (SEC) 1-14
Public Company Accounting Oversight Board (PCAOB) 1-15
American Institute of Certified Public Accountants
(AICPA) 1-16
Financial Accounting Standards Board (FASB) 1-19
Committee on Sponsoring Organizations of the Treadway
Commission (COSO) 1-19
National Association of State Boards of Accountancy
(NASBA) and State Boards of Accountancy 1-19
1.6 Audit Report on Financial Statements 1-20
Reasonable Assurance and the Financial Statements 1-20
Materiality and the Financial Statements 1-21
The Auditorʼs Report on Financial Statements 1-21
1.7 Audit Report on Internal Controls over
Financial Reporting 1-27
Reasonable Assurance and Internal Controls 1-27
The Auditor’s Report on Internal Control over Financial
Reporting 1-28
1.8 The Audit Expectation Gap 1-30
Audit Decision-Making Example 1-33
2 Professionalism and Professional
Responsibilities
2-1
2.1 Professionalism and Accounting 2-3
Level of Expertise 2-3
Concern for the Public Interest 2-4
2.2 The Structure of the AICPA Code of Professional
Conduct 2-5
Purpose of the Code 2-5
Organization of the Code 2-6
2.3 Conceptual Framework for Members
in Public Practice 2-7
Steps in the Conceptual Framework 2-7
Applying the Conceptual Framework: An Example 2-10
2.4 Integrity and Objectivity 2-11
Conflicts of Interest 2-11
Subordination of Judgment 2-12
2.5 Independence 2-12
Key Individuals and Independence Requirements 2-14
Employment or Association with an Attest Client 2-18
Nonattest Services 2-19
SEC and PCAOB Independence Rules 2-22
2.6 General Standards 2-25
2.7 Other Rules of Conduct for Members in
Public Practice 2-26
Accounting Principles Rule 2-26
Fees and Other Types of Remuneration 2-27
Confidential Information 2-27
2.8 Auditor Liability Under Common Law 2-28
Liability to Clients 2-29
Liability to Third Parties 2-31
Burden of Proof and Common Law Defenses 2-34
2.9 Auditor Liability Under Statutory Law 2-35
The Securities Act of 1933 2-36
The Securities Act of 1934 2-37
The Foreign Corrupt Practices Act of 1977 2-38
The Private Securities Litigation Reform Acts of 1995 and
1998 2-38
The Sarbanes-Oxley Act of 2002 2-39
Criminal Liability 2-41
Audit Decision-Making Example 2-45
3 Risk Assessment Part I: Audit Risk
and Audit Strategy
3-1
3.1 Client Acceptance and Continuance
Decisions 3-3
3.2 Phases of an Audit 3-8
Risk Assessment Phase 3-9
Risk Response Phase 3-10
Reporting Phase 3-10
3.3 Materiality 3-11
Qualitative and Quantitative Factors 3-11
Setting Materiality 3-12
xvi
Johnson_FM.indd 16
8/24/21 9:43 AM
TAB LE
3.4 Professional Skepticism and Audit Risk 3-15
Professional Skepticism 3-15
Audit Risk 3-16
3.5 Audit Strategy 3-23
Reliance on Controls Approach 3-24
Substantive Approach 3-26
Where Does Data Analytics Fit In? 3-26
3.6 Fraud Risk 3-28
Incentives and Pressures to Commit a Fraud 3-30
Opportunities to Perpetrate a Fraud 3-31
Attitudes and Rationalization to Justify a Fraud 3-32
Fraud Risk Assessment Process 3-32
Audit Decision-Making Example 3-35
4 Risk Assessment Part II:
Understanding the Client
4-1
4.1 Understand the Entity and the Industry 4-3
Gain an Understanding of the Entity 4-4
Gain an Understanding of the Industry and Business
Environment 4-6
Procedures Performed to Gain an Understanding of
the Client 4-8
Compliance with Laws and Regulations 4-8
4.2 Client Approaches to Measuring Performance 4-11
Profitability 4-11
Liquidity, Solvency, and Cash Flow 4-12
4.3 Analytical Procedures 4-13
Comparisons 4-14
Trend Analysis 4-14
Common-Size Analysis 4-15
Ratio Analysis 4-16
Software Tools for Performing Analytical
Procedures 4-19
Factors to Consider When Conducting
Analytical Procedures 4-19
Audit Data Analytics During Risk Assessment 4-20
4.4 Related Parties 4-21
Risk Associated with Related Parties 4-21
Audit Procedures 4-22
4.5 Corporate Governance 4-23
Audit Committee 4-24
Public Company Requirements 4-24
4.6 Internal Control, Information Technology, and
the Client’s Digital Mindset 4-26
System of Internal Controls 4-26
Information Technology 4-26
Client’s Digital Mindset 4-27
4.7 Closing Procedures 4-28
Audit Decision-Making Example 4-31
Johnson_FM.indd 17
5 Audit Evidence
OF CONTENTS
xvii
5-1
5.1 Management Assertions 5-3
Assertions in the ASB Auditing Standard 5-3
Assertions in the PCAOB Standard 5-7
Relevant Assertions 5-7
5.2 Characteristics of Audit Evidence 5-8
Sufficient Audit Evidence 5-8
Appropriate Audit Evidence 5-9
Persuasive Audit Evidence 5-12
5.3 Procedures for Gathering Audit Evidence 5-13
Inspection of Documents and Assets 5-14
Observation 5-15
Inquiry 5-15
Confirmation 5-16
Recalculation 5-19
Reperformance 5-19
Analytical Procedures 5-20
Scanning 5-20
Audit Data Analytics and Automated Tools 5-20
5.4 Using the Work of Others 5-22
Using the Work of an Auditor’s Specialist 5-23
Using the Work of Internal Auditors 5-25
Using the Work of Another Auditor 5-27
5.5 Documentation—Audit Working Papers 5-29
Permanent File 5-29
Current File 5-30
Examples of Working Papers 5-31
Audit Decision-Making Example 5-36
6 Gaining an Understanding of
the Client’s System of Internal
Control 6-1
6.1 Internal Control Defined 6-3
The COSO Framework 6-4
Inherent Limitations 6-6
Steps for Understanding and Assessing Control Risk 6-6
6.2 Entity-Level Internal Controls 6-8
The Control Environment 6-9
Risk Assessment 6-11
Control Activities 6-13
Information and Communication 6-16
Monitoring Activities 6-17
Internal Control in Small Entities 6-19
6.3 Transaction-Level Internal Controls 6-20
Example Transaction Flows—Sales Process 6-21
6.4 Information Technology (IT) Controls 6-23
Benefits and Risks of IT Systems 6-23
IT General Controls 6-25
IT Application Controls 6-26
IT-Dependent Manual Controls 6-28
8/24/21 9:43 AM
xviii
TAB LE OF CON TEN TS
6.5 Documenting Internal Controls 6-30
6.6 Identifying Strengths and Weaknesses in a
System of Internal Controls 6-33
Internal Controls and Audit Strategy 6-33
Evaluating Internal Control Weaknesses 6-33
6.7 Use of a Service Organization by an Audit Client 6-34
Significant User Entity Controls over the Service
Organization 6-35
User Auditor Obtains a Systems Organization and
Controls (SOC) 1 Report 6-36
What Is a Soc 2 Report and How Does It Differ from a
SOC 1 Report? 6-38
Audit Decision-Making Example 6-40
7 Risk Response: Performing Tests
of Controls
7-1
7.1 Identify Relevant Transaction-Level Controls and
Determine Preliminary Audit Strategy 7-3
Preventive and Detective Controls 7-4
Manual and Automated Controls 7-7
Determine Preliminary Audit Strategy 7-8
7.2 Procedures for Testing Controls 7-10
Inquiry 7-10
Observation 7-10
Inspection of Physical Evidence 7-10
Reperformance 7-11
Tests of Software Controls 7-11
7.3 Selecting and Designing Tests of Controls 7-12
Selecting the Controls for Testing 7-13
Selecting Audit Procedures 7-15
The Extent of Tests of Controls 7-16
Timing of Tests of Controls 7-20
Benchmarking 7-21
Selecting and Designing Tests of Controls—A Summary 7-22
7.4 Results of the Auditor’s Testing 7-25
Tests of Controls and Audit Strategy 7-27
Classifying Control Exceptions 7-27
7.5 Using a Soc 1, Type 2 Report 7-29
Section 1: Independent Service Auditor’s Report 7-31
Section 2: Management’s Assertion 7-34
Section 3: Management’s Description of the System 7-36
Section 4: Control Descriptions, Related Controls,
and Tests of Operating Effectiveness 7-38
7.6 Documenting Conclusions 7-41
7.7 Management Letters 7-43
Audit Decision-Making Example 7-46
8 Audit Data Analytics
8-1
8.1 Applying the Audit Decision-Making
Framework to Audit Data Analytics 8-3
Step 1: Obtain Company Background Information
and Data 8-4
Johnson_FM.indd 18
Step 2: What Is the Audit Problem You Are Trying to
Solve? 8-5
Step 3: Gather Information and Evidence 8-6
Step 4: Perform the Analysis and Evaluate
the Results 8-7
Step 5: Draw an Audit Conclusion 8-8
Audit Documentation 8-9
8.2 Steps Associated with Accessing and Preparing
Data for Audit Data Analytics 8-11
Are the Data Complete? 8-11
Do the Data Need to Be Cleaned? 8-12
Key Questions to Be Addressed in Evaluating
the Relevance and Reliability of Data Used in
Audit Data Analytics 8-12
8.3 Using Audit Data Analytics as a Risk
Assessment Procedure 8-13
Understanding the Risk Analysis Decision Tree 8-14
What Do We Mean by Notable Items? 8-15
Tools for Searching for Notable Items 8-15
What to Do When ADA Identifies a Large Number of
Items for Further Consideration 8-16
8.4 Applying Audit Data Analytics as a Risk Assessment
Procedure 8-18
Cluster Analysis 8-18
Matching Information in Key Data Fields 8-26
Regression Analysis 8-31
Visualization 8-35
8.5 Using Audit Data Analytics as a Substantive
Procedure 8-38
8.6 Applying Audit Data Analytics as a Substantive
Procedure 8-39
Validating Sales Revenue and Accounts Receivable with
Subsequent Cash Receipts 8-39
8.7 Artificial Intelligence and Machine Learning 8-44
Examples from Audit Practice 8-45
The Role of Professional Judgment in the AI
Environment 8-46
Audit Decision-Making Example 8-48
9 Risk Response: Performing
Substantive Procedures
9-1
9.1 Audit Risk and Substantive Procedures 9-3
9.2 Risk Response at the Financial Statement Level 9-5
Auditor’s Understanding of the Entity’s Control
Environment 9-6
Risk of Material Misstatement Due to Fraud 9-6
9.3 Nature of Substantive Procedures 9-7
Determining the Purpose of an Audit Procedure 9-7
Determining the Type of Substantive Procedure 9-8
Initial Procedures 9-9
Substantive Analytical Procedures 9-10
Tests of Details 9-14
ADA and Substantive Procedures 9-15
8/24/21 9:43 AM
TA B LE OF CONTENTS
9.4 Timing of Substantive Procedures 9-17
During an Interim Period 9-17
During Year-End 9-18
9.5 Extent of Substantive Procedures 9-19
Auditing an Entire Population 9-20
Auditing Select Items from a Population 9-21
9.6 Auditing Accounting Estimates 9-22
Inherent Risk Factors 9-22
Possible Management Bias 9-23
Risk Assessment Procedures for
Accounting Estimates 9-24
Identifying and Assessing the Risks of Material
Misstatement 9-26
Risk Response Procedures for Accounting Estimates 9-26
Overall Evaluation and Documentation 9-28
9.7 Documenting Results of Substantive
Procedures 9-30
Audit Decision-Making Example 9-33
10 Risk Response: Audit Sampling for
Substantive Procedures
10-1
10.1 Audit Sampling versus Audit Data Analytics 10-3
10.2 Sampling Risk and Nonsampling Risk 10-4
Risk of Incorrect Acceptance 10-5
Risk of Incorrect Rejection 10-5
Nonsampling Risk 10-5
10.3 Statistical versus Nonstatistical Sampling 10-7
Population and Sampling Unit 10-7
Sampling Methods 10-8
10.4 Factors That Influence the Sample
Size—Substantive Procedures 10-10
Tolerable Misstatement 10-10
Desired Level of Assurance 10-11
Expected Misstatement in the Population 10-11
Stratification of the Population 10-12
10.5 A Basic Framework for Audit Sampling 10-12
Step 1: Determine the Objectives of the Substantive
Procedure 10-14
Step 2: Determine the Substantive Procedures to
Perform 10-14
Step 3: Determine Whether to Audit a Sample
or the Entire Population 10-14
Step 4: Define the Population and Sampling Unit 10-15
10.6 Applying Probability-Proportionate-to-Size
Sampling for Substantive Procedures 10-15
Step 5: Choose the Audit Sampling Technique 10-15
Step 6: Determine Sample Size 10-16
Step 7: Randomly Select Representative Sample 10-18
Step 8: Apply Audit Procedures 10-20
Step 9: Evaluate Results Statistically and
Judgmentally 10-20
Step 10: Document Conclusions 10-25
Summary of PPS Sampling 10-26
Johnson_FM.indd 19
xix
10.7 Applying Nonstatistical Sampling for
Substantive Procedures 10-27
Step 5: Choose the Audit Sampling
Technique 10-27
Step 6: Determine Sample Size Using
Professional Judgment 10-27
Step 7: Judgmentally Select Representative
Sample 10-28
Step 8: Apply Audit Procedures 10-28
Step 9: Evaluate Results Judgmentally 10-29
Step 10: Document Conclusions 10-31
Appendix 10A: Applying Classical Variables
Sampling for Substantive Procedures 10-32
Step 5: Apply Classical Variables Sampling 10-32
Step 6: Determine the Sample Size 10-33
Step 7: Select a Random Sample 10-37
Step 8: Apply Audit Procedures 10-37
Step 9: Evaluate the Sample Results 10-37
Step 10: Document Results 10-39
Audit Decision-Making Example 10-42
11 Auditing the Revenue Process
11-1
11.1 Understanding the Revenue Process 11-3
Understand the Nature of the Revenue Process 11-4
Revenue Transactions 11-4
11.2 How Audit Planning Decisions Affect the
Assessment of Inherent Risk 11-5
Understanding the Entity and Its
Environment 11-6
Determining Inherent Risk in the Revenue
Process 11-10
11.3 Control Activities for Credit Sales 11-14
Example Transaction Flows—Credit Sales 11-15
Evaluate What Can Go Wrong (WCGW) and Identify
Key Controls—Credit Sales and Accounts
Receivable 11-17
11.4 Control Activities for Cash Receipts 11-20
Example Transaction Flows—Cash Receipts 11-20
Evaluate WCGW and Identify Key Controls—Cash
Receipts 11-22
11.5 Control Activities in a “Paperless” Revenue
System 11-24
Initiating an ERS Transaction 11-25
Shipping Goods 11-25
Recording Sales and Receivables 11-25
Electronic Cash Receipt 11-25
Internal Controls in an ERS System 11-26
11.6 Control Activities for Sales Adjustments
and Revenue Process Disclosures 11-27
Granting Sales Returns and Allowances 11-27
Determining Uncollectible Accounts 11-28
Other Controls in the Revenue Process 11-28
Preliminary Audit Strategy 11-29
8/24/21 9:43 AM
xx TAB LE OF CON TEN TS
11.7 Tests of Controls in the Revenue Process and
Audit Strategy 11-30
Tests of Controls in the Revenue Process 11-30
Fraud Risk Assessment 11-31
Audit Data Analytics as a Risk Assessment Procedure 11-32
The Risk of Material Misstatement and Audit Strategy 11-32
11.8 Substantive Procedures for the Revenue
Process 11-33
Initial Procedures 11-36
Substantive Analytical Procedures 11-36
Audit Data Analytics as a Substantive Procedure 11-36
Tests of Details of Transactions 11-37
Tests of Details of Balances 11-38
Tests of Details of Presentation 11-43
Draw a Final Conclusion 11-44
Audit Decision-Making Example 11-46
12 Auditing the Purchasing and
Payroll Processes
12-1
12.1 Auditing Purchase Transactions and Balances 12-2
Overview of Auditing Purchases 12-2
Understand the Nature of the Purchasing Process 12-3
Purchase Transactions 12-4
12.2 How Audit Planning Decisions Affect the
Assessment of Inherent Risk 12-5
Understanding the Entity and Its Environment 12-5
Determining Inherent Risks in the Purchasing Process 12-9
12.3 Control Activities for Purchases 12-12
Example Transaction Flows—Credit Purchases 12-12
Evaluate What Can Go Wrong (WCGW) and Identify Key
Controls—Purchases and Accounts Payable 12-15
12.4 Control Activities for Cash Disbursements 12-18
Example Transaction Flows—Cash Disbursements 12-18
Evaluate What Can Go Wrong (WCGW) and
Identify Key Controls—Cash Disbursements 12-20
12.5 Evaluated Receipt Settlement (ERS) 12-21
Initiating an ERS Transaction 12-22
Receiving Goods 12-22
Recording Payables 12-22
Electronic Payment 12-22
Internal Controls in an ERS System 12-23
12.6 Control Activities for Purchase Adjustments and
Purchasing Process Disclosures 12-24
Purchase Returns and Allowances 12-24
Other Controls in the Purchasing Process 12-25
Preliminary Audit Strategy 12-25
12.7 Tests of Controls in the Purchasing Process and
Audit Strategy 12-26
Tests of Controls in the Purchasing Process 12-26
Fraud Risk Assessment 12-27
Audit Data Analytics as a Risk Assessment Procedure 12-28
The Risk of Material Misstatement and Audit
Strategy 12-28
Johnson_FM.indd 20
12.8 Substantive Procedures for the Purchasing
Process 12-29
Initial Procedures 12-30
Substantive Analytical Procedures 12-31
Audit Data Analytics as a Substantive Procedure 12-31
Tests of Details of Transactions 12-31
Tests of Details of Balances 12-33
Tests of Details of Presentation 12-33
Draw a Final Conclusion 12-34
Appendix 12A: Auditing Payroll 12-35
12.9 Explain the Nature of Payroll Transactions and
Balances 12-36
Understand the Nature of the Payroll Process 12-36
Payroll Transactions 12-36
12.10 How Audit Planning Decisions Affect
the Assessment of Inherent Risk 12-37
Understanding the Entity and Its Environment 12-37
Determining Inherent Risk in the Payroll Process 12-39
12.11 Control Activities for Payroll 12-40
Example Transactions Flows—Payroll Transactions 12-40
Evaluate What Can Go Wrong (WCGW) and Identify Key
Controls—Payroll 12-42
Preliminary Audit Strategy 12-44
12.12 Tests of Controls in the Payroll Process and Audit
Strategy 12-45
Tests of Controls for Payroll 12-45
Fraud Risk Assessment 12-46
Audit Data Analytics Used in Fraud Risk Assessment 12-46
The Risk of Material Misstatement and Audit Strategy 12-46
12.13 Substantive Procedures for the Payroll
Process 12-47
Initial Procedures 12-48
Substantive Analytical Procedures 12-49
Audit Data Analytics as a Substantive Procedure 12-49
Tests of Details of Transactions 12-49
Tests of Details of Balances 12-50
Tests of Details of Presentation 12-50
Draw a Final Conclusion 12-51
Audit Decision-Making Example 12-53
13 Auditing Cash, Inventory, and
Related Income Statement
Accounts 13-1
13.1 Auditing Cash and Cash Equivalents 13-3
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 13-3
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 13-4
Assessing Control Risk, Fraud Risk, and RMM and
Determining a Final Audit Strategy 13-5
Substantive Procedures for Cash and Cash
Equivalents 13-6
Draw a Final Conclusion 13-13
8/24/21 9:43 AM
TA B LE OF CONTENTS
13.2 Auditing Inventory 13-13
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 13-14
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 13-17
Assessing Control Risk, Fraud Risk, and RMM and
Determining a Final Audit Strategy 13-19
Substantive Procedures for Inventory 13-21
Audit Decision-Making Example 13-31
14 Auditing Investing and Financing
Activites
14-1
14.1 Auditing Property, Plant, and Equipment 14-2
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 14-3
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 14-5
Assessing Control Risk and Fraud Risk, and Determining a
Final Audit Strategy 14-7
Substantive Procedures for Property, Plant, and
Equipment 14-7
Draw a Final Conclusion 14-12
14.2 Auditing Financing Activities 14-13
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 14-13
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 14-16
Assessing Control Risk and Fraud Risk, and Determining a
Final Audit Strategy 14-17
Substantive Procedures for Long-Term Debt 14-18
Substantive Procedures for Stockholders’ Equity 14-21
Audit Decision-Making Example 14-25
15 Completing the Audit
15-1
15.1 Audit Procedures for Loss Contingencies 15-3
Accounting for Loss Contingencies 15-3
Auditing Loss Contingencies 15-4
Legal Letter 15-4
15.2 Subsequent Events 15-7
Accounting for Subsequent Events 15-8
Auditing Subsequent Events 15-9
15.3 Engagement Wrap-Up 15-11
Final Analytical Procedures 15-11
Final Evaluation of Audit Findings 15-12
Completion of Working Paper Review 15-17
Engagement Quality Review 15-18
Completion of Documentation 15-19
15.4 Going Concern 15-20
Management Responsibility 15-20
Auditor Responsibility 15-21
Audit Procedures to Evaluate Going Concern 15-21
Johnson_FM.indd 21
xxi
15.5 Management Representation and Communication
with Those Charged with Governance 15-23
Management Representation Letter 15-23
Communication with Those Charged with Governance 15-26
Audit Decision-Making Example 15-30
16 Reporting on the Audit
16-1
16.1 Standard Unmodified/Unqualified Audit
Report 16-3
16.2 Additional Wording for the Standard Unmodified
Report 16-9
Going Concern Section 16-9
Emphasis Added at Discretion of the Auditor 16-10
Consistency of Financial Statements 16-11
16.3 Opinion Based in Part on the Report of Another
Auditor 16-13
16.4 Modifying the Audit Opinion 16-15
Departure from Applicable Financial Reporting
Framework 16-16
Scope Limitation 16-18
16.5 Subsequently Discovered Facts 16-24
Subsequently Discovered Facts That Become Known
Before the Report Release Date 16-24
Subsequently Discovered Facts That Become Known After
the Report Release Date 16-26
16.6 Reports on the Audit of ICFR 16-28
Standard Unqualified Opinion on ICFR 16-28
Modified Opinion on ICFR 16-30
Integrated Audits for Private Companies 16-32
16.7 Preparation, Compilation, and Review
Engagements 16-32
Preparation of Financial Statements 16-33
Compilation of Financial Statements 16-33
Review of Financial Statements 16-35
Audit Decision-Making Example 16-39
APPENDIX A Cloud 9 Inc. Audit A-1
Cloud 9 Inc. Company Background A-1
Personnel A-2
Financial Information A-2
Transcript of Meeting with David Collier A-4
AUDITING AND ASSURANCE STANDARDS
GLOSSARY
INDEX
AS-1
G-1
I-1
8/24/21 9:43 AM
Johnson_FM.indd 22
8/24/21 9:43 AM
CHAPTER 1
Introduction and Overview of
Audit and Assurance
The Audit Process
Overview of Audit and Assurance
(Chapter 1)
Professionalism and Professional Responsibilities
(Chapter 2)
Client Acceptance/Continuance and Risk Assessment
(Chapters 3 and 4)
Identifying Significant
Accounts and
Transactions
Setting Planning
Materiality
Gaining an Understanding
of the System of Internal Control
(Chapter 6)
Making Preliminary
Risk Assessments
Audit Evidence
(Chapter 5)
Developing Responses to Risk and an Audit Strategy
Performing Tests of Controls
(Chapter 7)
Performing Substantive Procedures
(Chapter 9)
Audit Sampling for Substantive Procedures
(Chapter 10)
Auditing the
Revenue Process
(Chapter 11)
Auditing the Purchasing
and Payroll Processes
(Chapter 12)
Auditing Cash and
Inventory
(Chapter 13)
Audit Data Analytics
(Chapter 8)
Gaining an
Understanding of
the Client
Auditing Investing and
Financing Activities
(Chapter 14)
Completing and Reporting on the Audit
(Chapters 15 and 16)
Procedures Performed Near
the End of the Audit
Drawing Audit
Conclusions
Reporting
1-1
c01IntroductionAndOverviewOfAuditAndAssurance.indd 1
8/23/21 1:55 PM
1-2
C h a pt er 1
Introduction and Overview of Audit and Assurance
Learning Objectives
LO 1 Differentiate among assurance, attestation, and
audit services.
LO 2 Describe the different types of assurance
services.
LO 3 Explain the demand for audit and assurance
services.
LO 4 Discuss the different roles of the financial
statement preparer and the auditor.
LO 6 Explain the concepts of reasonable assurance and
materiality, and the nature of an unqualified/
unmodified report on the audit of financial statements.
LO 7 Explain the concept of reasonable assurance and
the nature of an unqualified report on internal controls
over financial reporting.
LO 8 Discuss the audit expectation gap.
LO 5 Identify the roles of different regulators and
organizations that affect the audit profession.
Auditing and Assurance Standards
PCAOB
AUDITING STANDARDS BOARD (ASB)
Framework for Audits of Public Companies
Framework for Audits of Private Companies
AS 2201 An Audit of Internal Control Over Financial
Reporting That Is Integrated with An Audit of Financial
Statements
AU-C 200 Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance with Generally
Accepted Auditing Standards
AS 3101 The Auditor’s Report on an Audit of Financial
Statements When the Auditor Expresses an Unqualified
Opinion
AU-C 700 Forming an Opinion and Reporting on
Financial Statements
This text is designed to provide you with the opportunity to learn about auditing by using a practical, problem-based approach.
Each chapter begins with some information about an example audit client—Cloud 9 Inc. (Cloud 9). The chapter then provides the
underlying concepts and background information needed to deal with this client’s situation and the problems facing its auditor. As
you work through the chapters, you will gradually build your knowledge of auditing by studying how the contents of each chapter are
applied to Cloud 9. The end-of-chapter exercises and problems also provide you with the opportunity to study other aspects of Cloud
9’s audit, in addition to applying the knowledge gained in the chapter to other practical examples.
Cloud 9 Continuing Case
Cloud 9 Inc., a listed company (publicly traded) in the United
States, is looking to expand. Stotez Shoes was seen as a potential
target.
In 1985, Ron Stotez started Stotez Shoes in Seattle, Washington,
manufacturing and retailing customized basketball shoes. Ron
borrowed from the bank to start the company, using his house as
security. Over the years, he worked very hard to establish a profitable niche in the highly competitive sport shoe market. Ron repaid
the bank in 1999, and he vows to never borrow again.
As the business grew, Ron’s wife and three adult children
started to work with him, with responsibility for administration,
marketing and sales, production, and distribution. By the early
c01IntroductionAndOverviewOfAuditAndAssurance.indd 2
2000s, Ron’s business employed 20 people full-time, most of whom
work in production. There are also several seasonal employees and
part-time staff in the retail outlet in Seattle, particularly during
busy periods.
In February 2023, Ron received a call from Chip Masters, the
senior vice president of Cloud 9. Chip expressed an interest in buying Stotez Shoes. Ron wants to retire, and his children are starting
to fight among themselves about who is going to take over their
father’s business. Ron is looking for an exit strategy, but he does not
want Chip to know that. He asks if Chip is ready to talk about the
price. Chip says he is, but first he needs to see the audited financial
statements for Stotez Shoes.
8/23/21 1:55 PM
1-3
1.1 Assurance, Attestation, and Audit Services
Ron asks for some time. He tells Chip that he first needs to talk
to his family and will then get back to him. When Ron puts the phone
down, he immediately calls his friend Ernie Black, who is a CPA. For
years, Ernie has been suggesting to Ron that his business affairs need
attention. Ron is good at making deals and working hard, but he
has never bothered with sophisticated financial arrangements. He
is still running his business as a sole proprietor (not a corporation),
and his wife does all the tax returns. Ron is in a panic—he wants to
sell Stotez Shoes, but what is he going to do about Chip’s request for
audited financial statements?
Chapter Preview: Audit Process in Focus
The purpose of this chapter is to provide an overview of assurance, attestation, and audit
services. While the focus of this text is the audit of financial statements, in this chapter we
define assurance and attest engagements, and differentiate among the types of assurance engagements. We also discuss why there is a demand for audit and assurance services, and then
identify the separate roles of the financial statement preparer and the auditors.
In addition, we introduce regulatory bodies and other organizations that impact the audit
profession. We also explain what is communicated in the auditor’s report as well as discuss
the audit expectation gap.
Cloud 9 Continuing Case
Chip Masters has asked Ron Stotez for audited financial statements of Stotez Shoes. Ron has never had an audit and is not sure
what it involves. He has heard about tax audits, safety audits, efficiency audits, as well as financial statement audits. Are they all
the same thing?
1.1
Ernie explains to Ron that there are several services that people call “audits” that are different from financial statement audits.
However, all these services, including financial statement audits,
can be defined as assurance services.
Assurance, Attestation, and Audit Services
LEARNING OBJECTIVE 1
Differentiate among assurance, attestation, and audit services.
The terms assurance, attestation, and auditing are sometimes used interchangeably, but they
actually represent different types of services. The services have the following characteristics
in common.
n independent accounting firm is taking information prepared by someone else and
• A
then comparing it to an established set of criteria.
• T
he independent accounting firm provides a written report about the results of the service performed.
• T
he services add credibility, or integrity, to the information, which makes it more useful
for decision making.
An everyday example of this process would be needing a physical exam from a medical doctor
before joining a sports team. The doctor would be the independent professional. The doctor
would conduct the physical exam and compare your results to standards considered acceptable for someone of your age and height. At the completion of the physical exam, the doctor
would provide you with written documentation stating that you were in good physical condition to play on the sports team. The service provided by the doctor improves the “integrity” of
your claim that you are in good condition to participate on the team.
The relationship of assurance, attestation, and auditing services is shown in Illustration 1.1 and resembles overlapping umbrellas. We will refer to Illustration 1.1 as we discuss
the three services in more detail.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 3
8/23/21 1:55 PM
1-4
C h a pt er 1
Introduction and Overview of Audit and Assurance
ILLUSTRATION 1.1
Assurance Services
Relationship of assurance,
attestation, and auditing
services
Website security
Attestation Services
Review of historical financial statements
System and Organization Controls (SOC) Report
Risk advisory
services
Examination
of financial
forecast
AU-C 200 Overall Objectives of
the Independent Auditor and the
Conduct of an Audit in Accordance with Generally Accepted
Auditing Standards
audit services services by an
independent CPA that provide
financial statement users with
(1) an opinion on whether the
financial statements are presented
fairly, in all material respects, in
accordance with an applicable
financial reporting framework
and, in some cases, (2) an opinion
on the effectiveness of internal
controls over financial reporting
(ICFR), which enhance the degree of confidence that intended
users can place in the financial
statements
Data
integrity
Audit Services
Historical
Internal
financial
controls
statements
Agreed-upon
procedures
Audit Services
Audit services are the most specific and narrow of the three services; therefore, it is the smallest umbrella in Illustration 1.1. Two primary types of audit services are an audit of financial statements
and an audit of internal controls over financial reporting (ICFR). The purpose of an audit of financial statements is to provide financial statement users with an opinion by the auditor on whether
the financial statements are presented fairly in accordance with an applicable financial reporting
framework. The purpose of an audit of ICFR is to provide financial statement users with an opinion
by the auditor on the design and operating effectiveness of ICFR. These audit services enhance the
degree of confidence that intended users can place in the financial statements (AU-C 200.04).
Some key concepts in these descriptions require further explanation.
• The financial statements refer to historical financial statements of either a public or private company.
• T
he auditor refers to an independent certified public accountant, or CPA, who is qualified
to perform the audit service. The only professional who can sign an audit report on historical financial statements and internal controls for a public or private company is a CPA.
• The applicable financial reporting framework refers to the set of standards used in preparing the historical financial statements, such as generally accepted accounting principles
(GAAP) in the United States, International Financial Reporting Standards (IFRS), or governmental accounting standards for governmental entities.
• The intended users refer to any group that will be using the financial statements to make
decisions, such as investors and creditors.
Attestation Services
attestation services services
performed when an independent
practitioner, or CPA, is engaged
to issue a report on subject matter
that is the responsibility of another party
c01IntroductionAndOverviewOfAuditAndAssurance.indd 4
Companies produce financial information that goes beyond historical financial statements.
Examples include financial forecasts and detailed schedules for specific accounts. When CPAs
are hired to report on the integrity of this type of financial information, it is called an attestation service. Attestation services are performed when an independent practitioner, or CPA,
is engaged to issue a report on subject matter that is the responsibility of another party.
As depicted in Illustration 1.1, audit services fall under the umbrella of attestation services, but so do other services that involve a CPA reporting on other financial information.
Note the use of the term practitioner in the definition of attestation services. The term practitioner
is used rather than auditor because attestation services encompass more than just the audit of
historical financial statements and internal controls.
8/23/21 1:55 PM
1-5
1.1 Assurance, Attestation, and Audit Services
Another example of an attestation service is a review of historical financial statements. Small
private companies often do not want or need a service as extensive as an audit. In a review engagement, the practitioner expresses limited assurance that no material modifications need to
be made to the financial statements. So a review is a less extensive and, therefore, less expensive
service that can be very useful for smaller private companies. A more detailed discussion of a
review is presented in Chapter 16.
One final example is a System and Organization Controls Report, referred to as a SOC 1
Report. Many clients outsource key accounting functions, such as payroll, to an outside service
organization. An independent CPA can evaluate and report on the controls at the service organization. This SOC reporting helps to build trust and confidence in the services provided by the
service organization. SOC reporting is discussed further in Chapters 6 and 7.
Assurance Services
The largest umbrella in Illustration 1.1 represents assurance services. Assurance services are
independent professional services that improve the quality of information, or its context, for
decision makers. Let’s discuss some key concepts in this definition:
• Independent. This term is common to audit, attestation, and assurance services. It implies that the service is performed by someone who was not involved with the creation
of the information and who is objective in the evaluation of the information. (Chapter 2
covers independence in more depth.)
assurance services independent professional services that
improve the quality of information, or its context, for decision
makers
• Quality. This refers to the relevance and reliability of the information.
• Information. This refers to subject matter that can be financial or nonfinancial, historical or prospective, standalone or entire systems of data, internal or external to a company.
Essentially, the concept of assurance services encompasses any service that a professional provides that involves improving the quality of information that was prepared by someone else.
Both attestation and audit services fall under the broad term of assurance services, and therefore are depicted under the assurance umbrella in Illustration 1.1.
While the audit of a company’s historical financial statements and internal controls is
the focus of this text, there are other types of audit and assurance services that warrant some
discussion. The next section provides a description of these different types of services.
Professional Environment Becoming a CPA
Certified public accountants (CPAs) are the only licensed accounting
professionals in the United States. CPA licenses are not issued at the
national level but at the state level. To become a licensed CPA, an individual must earn the three Es—Education, Exam, and Experience.1
The first step is meeting the education requirements set by a state
board of accountancy, which vary from state to state. All states require a
bachelor’s degree and completion of 150 hours of total college credit to
be a licensed CPA. Within the 150 hours, some states require completion of courses in specific subject areas in accounting, business, or ethics. (See the discussion in this chapter on National Association of State
Boards of Accountancy (NASBA) and State Boards of Accountancy.)
The second step is passing the Uniform CPA Examination,
or CPA exam. The CPA exam is accepted for CPA licensure by all
states, which is why it is called the “uniform” CPA exam. Currently,
the CPA exam consists of four sections: Auditing and Attestation
(AUD), Business Environment and Concepts (BEC), Financial
Accounting and Reporting (FAR), and Regulation (REG). The
testing time for each section is four hours, for a total test time
of 16 hours. Each part of the exam consists of multiple-choice
questions and task-based simulations, and the BEC section also
requires written responses. CPA candidates can take one part of
the exam at a time and have 18 months to pass all four parts once
the first part has been successfully passed.
In January 2024, a new model for the CPA exam is expected to
launch. It will continue to be a four-section exam. Three sections
will cover the core topics of accounting, audit, tax, and technology.
The fourth section will be a specialty area chosen by the exam candidate. The specialty areas are business reporting and analysis, information systems and controls, and tax compliance and planning.
To keep up to date with these future changes to the CPA exam, visit
the CPA Evolution initiative website.
The final step is work experience. Work experience requirements also vary by state. In general, states require one to two years
of work experience under the supervision of a licensed CPA. The
work experience can be earned either before, during, or after sitting for the CPA exam, but some restrictions may apply for when
the experience can be earned.
A state board of accountancy will only issue a license to practice after all three Es have been earned. The purpose of the entire
licensure process is to ensure that individuals possess the level of
knowledge and the skills necessary to perform the duties of a CPA
and to protect the public interest.
1
American Institute of Certified Public Accountants, The Uniform CPA Examination: Purpose and Structure (2018).
c01IntroductionAndOverviewOfAuditAndAssurance.indd 5
8/23/21 1:55 PM
1-6
C h a pt er 1
Introduction and Overview of Audit and Assurance
Before You Go On
1.1 Who are intended users of assurance services?
1.2 What does “independent” mean in the context of assurance services?
1.3 What is an example of an “applicable financial reporting framework”?
1.2
Different Assurance Services
LEARNING OBJECTIVE 2
Describe the different types of assurance services.
In this section, we provide an overview of the most common types of assurance services that
a practitioner can provide. We will discuss financial statement audits, compliance audits, operational (performance) audits, and internal audits.
Financial Statement Audits
As stated earlier, the purpose of an audit of financial statements is to provide financial
statement users with an opinion by the auditor on whether the financial statements are
presented fairly in accordance with an applicable financial reporting framework, which
enhances the degree of confidence that intended users can place in the financial statements (AU-C 200.04). Within a U.S. context, the applicable financial reporting framework
is typically GAAP.
Public companies, or issuers, in the United States are required by the federal government
to have an annual financial statement audit. Private companies, or non-issuers, are not required
by the U.S. government to have an annual financial statement audit, but often other interested
users request that a private company provide audited financial statements. A good example
would be a lender (bank or other financial institution) requesting audited financial statements
when considering whether to lend money to the private company. Audited financial statements
add a degree of confidence that helps the lender make an informed lending decision.
Public companies are also required to prepare quarterly financial information, referred to
as interim financial statements. Although these interim financial statements are not required
to be audited, they are required to be reviewed by the company’s external auditors. Recall that
a review is less extensive than an audit. In a review, the auditor does not provide an opinion
on whether the interim financial statements are presented fairly. Instead, the auditor will only
state if there are any material modifications that should be made for the interim financial
statements to be in conformity with the appliable financial reporting framework.
In the course of your accounting studies, you have probably seen an annual report issued
by a public company. These annual reports can be found on a company’s website and i­ nclude
other information besides the company’s financial statements, such as a management discussion and analysis section. Are the auditors required to audit this other information included
in the annual report? The answer is no. The auditors are only required to audit the financial
statements and related notes. However, the auditors have a responsibility to read the other
information included in the annual report to ensure it is not inconsistent with or contradictory
to information included in the financial statements.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 6
8/23/21 1:55 PM
Get Complete eBook Download Link below
for instant download
https://browsegrades.net/documents/2
86751/ebook-payment-link-for-instantdownload-after-payment
1.2 Different Assurance Services 1-7
Cloud 9 Continuing Case
Ron is not running a corporation. He operates his customized
basketball shoe business as a sole proprietor. He is aware that
big corporations have to be audited. However, because his business is not a publicly traded company, Ron does not believe that
he has to have an audit.
Ernie agrees that Ron does not have to follow the same rules,
but he also tells him that there are auditing standards in place that
apply to a company like his. This means that although all the attention is usually on corporations, sole proprietors can, and may
be required to, have their financial statements audited, too.
Integrated Audit
Certain public companies in the United States are also required to have an audit of internal
control over financial reporting (ICFR). The objective in an audit of ICFR is to express an opinion on the effectiveness of the company’s system of internal controls over financial reporting
(AS 2201.03). The reason for requiring an audit of ICFR is because effective internal control
provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (AS 2201.02). Therefore, public companies
are required to have two audits every year, one on the financial statements and one on the
effectiveness of the company’s internal controls.
For efficiency purposes, these two audits are performed at the same time. This is called
an integrated audit. The objectives of the audits are not identical, however, and the auditor
must plan and perform the work to achieve the objectives of each audit (AS 2201.06). Private
companies are not required by the government to have an audit of ICFR. As mentioned above,
other interested users, such as a lender, may require a private company to have an audit of ICFR
along with an audit of the financial statements as a condition for being approved for a loan.
AS 2201 An Audit of Internal
Control Over Financial Reporting
That Is Integrated with An Audit
of Financial Statements
integrated audit an audit that
combines the financial statement
audit with an audit of the effectiveness of ICFR
Limitations of an Audit
A financial statement audit is conducted to enhance the reliability and credibility of the
information included in the financial statements. It is not a guarantee that the financial
statements are free from error or fraud. The limitations of an audit are caused by (1) the nature
of financial reporting, (2) the nature of audit procedures, and (3) the need for the audit to be
conducted within a reasonable period of time at a reasonable cost (AU-C 200.A49).
Nature of Financial Reporting The nature of financial reporting refers to the use of
j­ udgment when preparing financial statements. Since you have taken financial accounting courses, think about the estimates that are included in preparing a set of financial statements. Can
you list a few? And think about the judgment required when selecting and applying accounting
methods. For example, depreciating a piece of equipment is an estimate that requires judgment
in selecting a depreciation method and determining a useful life and salvage value. While an
estimate may not be precise, the auditor must evaluate whether the estimate is fairly presented.
Nature of Audit Procedures The nature of audit procedures refers to the reliance on
evidence provided by the client and its management. For example, what if client management
withholds or hides important documents from the auditors? If auditors are unaware of this
situation, they may arrive at an inappropriate conclusion based on incomplete facts. Evidence
may be withheld or modified by perpetrators of fraud. It can be difficult for an auditor to
determine whether a fraud has occurred because documents altered by those committing the
fraud generally hide evidence. Also, auditors often use sampling techniques when gathering
audit evidence. If a sample is not representative of all items available for testing, an auditor
may arrive at an incorrect conclusion.
The nature of audit procedures also refers to the concept of materiality. The Financial
Accounting Standards Board (FASB) defines materiality as follows.
Materiality is entity specific. The omission or misstatement of an item in a financial
report is material if, in light of surrounding circumstances, the magnitude of the item
is such that it is probable that the judgment of a reasonable person relying upon the
report would have been changed or influenced by the inclusion or correction of the item.
(SFAC No. 8, para QC11)
c01IntroductionAndOverviewOfAuditAndAssurance.indd 7
materiality the ability of information to influence decisions
that reasonable users make on the
basis of the financial information
of a specific reporting entity
8/23/21 1:55 PM
1-8
C h a pt er 1
Introduction and Overview of Audit and Assurance
In other words, an error or misstatement in the financial statements is considered material
if it impacts, or changes, the decision-making process of those individuals or groups who are
using the financial statements. Therefore, when planning an audit, auditors select procedures
that are designed to discover material misstatements. Because of time and cost constraints, it
would be impractical for an audit to focus on finding all misstatements.
Need for a Timely Audit The timeliness and cost of an audit refer to the pressures auditors face to complete their audit within a certain time frame at a reasonable cost. While it is
important that auditors do not omit procedures in an effort to meet time and cost constraints,
they may be under some pressure to do so. This pressure will come from clients wanting to issue their financial statements by a certain date, from clients refusing to pay additional fees for
additional audit effort, and from within the accounting firm because of pressures to complete
all audits on a timely basis to avoid incurring costs that may not be recovered. By taking the
time to plan the audit properly, auditors can ensure that adequate time is spent where the risks
of a material error or fraud are greatest.
Compliance Audits
compliance audit an audit
to determine whether the entity
has conformed with regulations,
rules, or processes
A compliance audit involves gathering evidence to determine whether the person or entity
under review has followed the rules, policies, procedures, laws, and regulations with which
they must conform. One of the best examples of a compliance audit is an income tax audit.
The Internal Revenue Service (IRS) may conduct an audit of an individual or a company to
determine if tax laws have been followed and the correct amount of tax paid.
Operational (Performance) Audits
operational (performance)
audit an assessment of
the economy, efficiency and
effectiveness of an organization’s
operations
Operational (performance) audits are concerned with the economy, efficiency, and effectiveness of an organization’s activities.
• Economy refers to the cost of inputs, including wages and materials.
fficiency refers to the relationship between inputs and outputs, or the use of the mini• E
mum amount of inputs to achieve a given output.
• E
ffectiveness refers to the achievement of certain goals or the production of a certain
level of outputs.
From an organization’s perspective, it is important to perform well across all three d
­ imensions
and not allow one to dominate. For example, if buying cheap inputs results in an inefficient
production process, efficiency is sacrificed to achieve economic goals. Operational audits are
generally conducted by an organization’s internal auditors (discussed in the next section), or
they may be outsourced to an external accounting firm.
Internal Audits
internal audit a unit within an
entity which generally evaluates
and improves risk management,
internal control procedures,
and elements of the governance
process
those charged with
governance persons with
responsibility for overseeing the
strategic direction of the entity
and the obligations related to the
accountability of the entity
c01IntroductionAndOverviewOfAuditAndAssurance.indd 8
Internal audits are conducted to provide assurance about various aspects of an organization’s activities. The internal audit function is typically conducted by employees of the
­organization being audited but can be outsourced to an accounting firm. The purpose of an
internal audit is determined by those charged with governance and management within
the organization. While the purposes of internal audits vary widely from one organization to
another, they are often concerned with evaluating and improving risk management, internal
control procedures, and elements of the governance process.
The internal a­ uditors often conduct operational audits, compliance audits, internal control assessments, and r­ eviews. Many internal auditors are members of the Institute of Internal
Auditors (IIA). The IIA is an international organization with more than 120,000 members that
provides guidance and standards to aid internal auditors in their work. When conducting the
financial statement audit, the external auditor may rely on the work done by internal auditors
when evaluating the evidence needed to form an opinion on the financial statements or on
ICFR. A more detailed discussion of how internal auditors may assist with the external audit
is provided in Chapter 5.
8/23/21 1:55 PM
1-9
1.3 Demand for Audit and Assurance Services
Cloud 9 Continuing Case
Ron is not concerned about internal audits—his business is too
small for a separate internal audit function. He is also not worried about compliance and operational audits. His priority at the
­ oment is to close the deal with Chip Masters, and he still does
m
not know what he will do about the financial statement audit.
Before You Go On
2.1 What is the objective of a financial statement audit?
2.2 Explain the inherent limitations of a financial statement audit.
2.3 What are the three elements of an operational audit?
2.4 What are the most common functions of the internal auditors?
1.3
Demand for Audit and Assurance Services
LEARNING OBJECTIVE 3
Explain the demand for audit and assurance services.
In this section, we provide an overview of the primary financial statement users followed by a
description of why these users may demand an audit of the financial statements.
Cloud 9 Continuing Case
Ron believes that his business has good, reliable financial records.
Ron’s wife helps him keep tight control of the cash and other assets, and together they prepare some simple reports on a regular
basis. Ron believes he knows exactly what is happening in the
business and monitors the business’s cash flow and profit very
closely. However, he has not prepared financial statements that
comply with GAAP. Is this a problem?
Ernie explains to Ron that many businesses must apply the
accounting standards, even if they are not corporations. It all
depends on whether there are individuals or groups who are using
the financial statements for decision-making purposes. Ron is a bit
worried now—how does he know if he has these users?
Financial Statement Users
Financial statement users include current and potential investors, suppliers, customers, lenders, employees, governments, and the general public. Each of these groups will read the financial statements for a slightly different reason, as described below.
Investors
Investors generally read financial statements to determine whether they should invest in
the company. They are interested in the return on their investment and are concerned that
the entity will remain a going concern (continue operating) into the foreseeable future.
­Investors may also be interested in the capacity of the company to pay a dividend. Prospective investors read financial statements to determine whether they should buy shares
in the entity.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 9
8/23/21 1:55 PM
1-10
C h a pte r 1
Introduction and Overview of Audit and Assurance
Suppliers
Suppliers may read financial statements to determine whether the company can pay for goods
or services supplied. They are also interested in whether the company is likely to remain a
going concern (is likely to continue to be a customer of the supplier) and continue to pay its
debts when they come due.
Customers
In many business-to-business transactions, customers may read financial statements to d
­ etermine
whether a company they rely on is likely to remain a going concern and meet their needs.
Lenders
Lenders may read financial statements to determine whether an entity is sufficiently creditworthy to qualify for a loan and whether it can pay the interest and principal as they come due.
Employees
Employees may read financial statements to determine whether the entity can pay their wages
or salaries and other benefits (for example, pensions). They may also be interested in assessing
the future stability and profitability of the entity, as these affect job security.
Governments
Governments may read financial statements to determine whether the company is complying with regulations, to evaluate if the company is paying a fair amount of taxes given its
reported earnings, and to gain a better understanding of the company’s activities. A company
in ­receipt of government grants often must provide a copy of its audited financial statements
when ­applying for a grant and when reporting on how grant funds have been spent.
The General Public
The general public may read financial statements to determine whether they should associate
with the company (for example, as a future employee, customer, or supplier) and to gain a
better understanding of the company, what it does, and its plans for the future.
Demand for Audit and Assurance Services
Financial statement users and their needs are many and varied. There are a number of reasons
why some or all of these users would demand an audit of financial statements:
• R
emoteness. Most financial statement users do not have access to the company under
­review. This makes it difficult to determine whether the information contained in the
­financial statements is a fair presentation of the entity and its activities for the relevant
period.
• C
omplexity. Financial statements are complex, the amounts are often affected by significant estimates, and the disclosures often require significant knowledge and experience to
evaluate. Most financial statement users do not have the accounting and legal knowledge
to assess the reasonableness of complex accounting and disclosure choices being made
by the company.
• Competing incentives. Company managers have an incentive to disclose the information contained in the financial statements in a way that presents their performance in the
best possible light. Users may find it difficult or impossible to identify when management
is presenting biased information.
• R
eliability. Financial statement users are concerned with the reliability of the information contained in the financial statements. Since they use that information to make
decisions that have real consequences, it is very important that users can rely on the
information contained in the financial statements.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 10
8/23/21 1:55 PM
1.4 Preparers and Auditors
1-11
An independent third-party review of the financial statements by a team of auditors, who
have the knowledge and expertise to assess the fairness of the information being presented by
the preparers, helps users address all these issues.
Auditors have access to company records, so they are not remote. Auditors are trained
accountants and have detailed knowledge about the complex technical accounting and disclosure issues required to evaluate the choices made by the financial statement preparers.
Independent auditors, whose work is regularly reviewed by regulators, have little incentive
to aid the company in presenting its results in the best possible light. Auditors are concerned
with verifying the information contained in the financial statements is reliable and free from
any material misstatements.
The audit service plays a vital role in maintaining the stability of the U.S. capital markets
and instilling investor confidence. Investors in public companies consider audited information reliable, which facilitates the trading of stocks and other financial instruments.
Cloud 9 Continuing Case
Ron tells Ernie that he has no remote users, such as shareholders
or lenders, and his business is not very complex. He is the owner
and the manager of Stotez Shoes and therefore has no competing
incentives. For all these reasons, he has never felt the need to pur-
chase an audit to assure users of the reliability of his business’s
financial information.
Ernie agrees but points out that there is now a user who is very
interested in the reliability of the financial information: Chip Masters.
Before You Go On
3.1 Who are the main users of company financial statements?
3.2 Why might financial statement users demand an audit?
3.3 Explain why auditors, or CPAs, are the appropriate professionals to conduct an audit.
1.4
Preparers and Auditors
LEARNING OBJECTIVE 4
Discuss the different roles of the financial statement preparer and the auditor.
In this section, we explain and contrast the different responsibilities of financial statement
preparers and auditors. We provide details of the role that each group plays in ensuring the
financial statements are an accurate representation of the company. Following this discussion
is an overview of the different firms that provide assurance services.
Preparer Responsibility
As you know from your financial accounting courses, the financial statements include the
balance sheet (statement of financial position), income statement (statement of earnings),
statement of cash flows, statement of changes in equity, and accompanying notes. It is the
responsibility of management, with oversight from those charged with governance, to prepare
the financial statements. Specifically, management is responsible for the following.
1. Ensuring the information included in the financial statements is presented fairly and
complies with the applicable financial reporting framework, which in the United States
is most often GAAP.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 11
8/23/21 1:55 PM
1-12
C h a pte r 1
Introduction and Overview of Audit and Assurance
2. Designing, implementing, and maintaining internal control relevant to the preparation
and fair presentation of the financial statements.
3. Providing the auditors with access to all records, documentation, and personnel relevant
to the preparation and fair presentation of the financial statements, and any additional
information the auditors may consider relevant to complete the audit.
The preparation of financial statements requires the use of knowledge and judgment on the
part of management. Management is responsible for making estimates for some financial
statement items (e.g., allowance for doubtful accounts or a goodwill impairment) and selecting appropriate accounting policies within the applicable financial reporting framework, usually GAAP (AU-C 200.A2–A3).
Auditor Responsibility
The auditor’s responsibility is to provide an opinion on whether the financial statements
are presented fairly in accordance with the applicable financial reporting framework. It is
­important to emphasize the auditor is not responsible for preparing the financial statements.
Preparation of financial statements is management’s responsibility. Auditors are responsible
for the following.
1. Conducting the audit in accordance with the appropriate auditing standards.
­Auditing standards provide minimum requirements and guidance for the performance of
an audit. Later in this chapter, we discuss the auditing standards that apply to financial
statement audits.
professional skepticism an
attitude that includes a questioning mind, being alert to conditions that may indicate possible
misstatement due to fraud or
error, and a critical assessment of
audit evidence
2. P
lanning and performing the audit with professional skepticism. Professional
skepticism is an attitude adopted by auditors when conducting an audit. It means
­auditors remain independent of the entity, its management, and its staff when completing the audit work. In a practical sense, it means auditors maintain a questioning mind and thoroughly investigate all evidence presented by their client. Auditors
must seek independent evidence to corroborate, or confirm, information provided by
their client. Auditors must be suspicious when evidence contradicts documents held
by their client or inquiries made of client personnel, including management and those
charged with governance.
professional judgment the
application of relevant training,
knowledge, and experience in
making informed decisions about
the courses of action that are
appropriate in the circumstances
of the audit engagement
3. P
lanning and performing the audit with professional judgment. Professional
judgment relates to the application of relevant training, knowledge, and experience that
auditors use while making informed audit decisions in conducting an audit. Auditors must
use their judgment throughout the entire audit. For example, auditors must use judgment
when determining if an information source is reliable. They must also use judgment when
deciding if enough audit evidence has been gathered to support the audit opinion.
The concepts of professional skepticism and professional judgment will be addressed throughout this text as we learn about the process used by auditors to arrive at their opinion.
It is important to note that the auditor’s opinion on the financial statements is not meant
to be a predictor of the future success of the company. Also, the opinion is not a reflection of
how effectively management is performing its role of running the company. The auditor’s
opinion is simply a report on whether the financial statements are fairly presented in accordance with the applicable financial reporting framework (AU-C 200.A1).
Auditor Skills
Being an auditor requires a broad skill set. Most importantly, an auditor must have extensive knowledge of accounting and auditing standards. When you finish college, you will have
a good foundation of accounting and auditing standards, but your knowledge will become
deeper and more extensive with work experience.
As an auditor, most of your time is spent analyzing client data and making decisions based
on that data. Because accounting firms want to hire individuals who have good ­analytical
c01IntroductionAndOverviewOfAuditAndAssurance.indd 12
8/23/21 1:55 PM
1.4 Preparers and Auditors
1-13
and critical-thinking skills, one of our goals in this text is to assist in developing these skills.
Illustration 1.2 outlines a framework for audit decision making.
Throughout the text, we will use this framework to critically analyze audit problems. At the end of
every chapter, you will find an Audit Decision-Making Example that uses the framework to walk you
through an audit issue.
ILLUSTRATION 1.2 Audit decision-making framework
Audit Decision-Making Process
!
?
Step 1:
Obtain company
background information
and data.
Step 2:
What is the audit
problem you are
trying to solve?
Step 3:
Gather
information and
evidence.
Step 4:
Perform the analysis
and evaluate the
results.
Step 5:
Draw an audit
conclusion.
Employers also want new hires to possess technology skills, especially in the area of data
analytics. You may be familiar with software like Excel, Tableau, or Power BI that is used to
manipulate data and create visualizations. These types of technologies are being used more
frequently in auditing, along with audit software such as Idea and ACL.
It is important to understand that data analytics skills are a subset of critical-thinking skills.
For example, referring to the framework in Illustration 1.2, auditors must first understand what
data are available to assist in solving an audit problem and then determine the best way to analyze and evaluate the data. In some situations, auditors may analyze data without the use of
specialized software. In other instances, it may be best to use data analytics or audit software.
Throughout the text, we discuss situations when auditors may use data analytics or audit
software as a tool to help solve an audit problem. Chapter 8 will dive more deeply into the
concept of audit data analytics after you understand the key audit topics of audit risk, audit
evidence, and the reliability of data.
Assurance Providers
Assurance services are provided by accounting and other consulting firms. The largest
­accounting firms in the United States are known collectively as the “Big 4” firms: Deloitte,
Ernst & Young (EY), KPMG, and PricewaterhouseCoopers (PwC). These four firms
­operate internationally through a network of affiliate companies, and dominate the assurance
market throughout the world.
The next tier of accounting firms is known as the mid-tier. The firms that comprise the
mid-tier have a significant presence nationally, and most have international affiliations. The
mid-tier firms in the United States include, among others, Grant Thornton, BDO USA,
RSM, CBIZ/MHM, and Crowe. These firms service medium-sized and smaller clients.
The next tier of accounting firms are regional and local accounting firms. Regional
firms have a significant presence across multiple states in a geographical region. For example, a ­regional firm might have offices located in the southeastern states of Georgia, Florida, ­Alabama, and Mississippi. The regional offices could be as large as some of the national
firms, with just as many partners and professional staff. Like the national firms, the regional
firms service m
­ edium-sized and smaller clients. Local accounting firms service clients in their
­local areas and range in size from a single-partner firm to several-partner firms. Local firms
­primarily service small-company clients and individuals.
Many of these accounting firms provide non-assurance (or non-audit) services as well as
assurance services. Independence is not required to provide non-assurance services. These
non-assurance services include management consulting, business valuation, mergers and
­acquisitions, tax, and accounting. In Chapter 2, we will discuss rules regarding what types of
non-assurance services, if any, can be provided to audit clients.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 13
8/23/21 1:55 PM
1-14
C h a pte r 1
Introduction and Overview of Audit and Assurance
Finally, note that accounting firms are not the only providers of assurance services. A number of consulting firms provide assurance services in areas such as website security and environmental sustainability reporting. Consulting firms employ staff with a variety of expertise
including, for example, engineers, accountants, IT professionals, scientists, and economists.
Cloud 9 Continuing Case
Ernie stresses to Ron that any financial statements prepared for
Stotez Shoes are Ron’s responsibility, even if they are audited.
The auditor must be skeptical about the claims made by Ron in
the financial statements. These claims include, for example, that
the assets shown on the balance sheet exist and are valued correctly, and that the balance sheet contains a complete list of the
business’s liabilities. In other words, the auditor is not just going
to believe whatever Ron tells him or her. Auditors must gather
evidence about the financial statements before they can give an
audit opinion.
Ernie also explains to Ron that because his business is relatively small, he has a choice between large and small audit firms.
Very large companies must choose a Big 4 auditor because often
the other auditors are too small to do the work and still maintain
their independence. If a small audit firm audits a large company,
it is open to the criticism that it will not be sufficiently skeptical
because it does not want to lose the fees from that client. A large
audit firm has many other clients, so the fees from any one client
are a relatively small part of its revenue. Ron likes the idea that the
smaller audit firms are generally less expensive.
Before You Go On
4.1 Describe management’s responsibilities in terms of the financial statement audit.
4.2 What is professional skepticism?
4.3 What are non-audit services? Provide several examples of non-audit services provided by
accounting firms.
1.5
The Role of Regulators and Regulations
LEARNING OBJECTIVE 5
Identify the roles of different regulators and organizations that affect the audit
profession.
In this section, we discuss the regulators and other organizations that impact the audit process
and the profession.
Securities and Exchange Commission (SEC)
The SEC is a federal government agency whose mission is to protect investors, maintain fair
and efficient markets, and facilitate capital formation (www.sec.gov). A primary task of the
SEC is to enforce and interpret securities laws. Some of the key laws that impact the audit
profession are as follows.
• T
he Securities Act of 1933 regulates the disclosure of financial information in a company’s initial public offering of stock and requires that the financial information be audited.
• T
he Securities Exchange Act of 1934 regulates the ongoing trading of securities after the
initial public offering and requires the annual audit of a public company’s financial statements and the quarterly review of interim financial information.
• T
he Sarbanes-Oxley Act of 2002 (SOX) was passed to help restore investor confidence after
a series of corporate accounting scandals were revealed in the late 1990s and early 2000s.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 14
8/23/21 1:55 PM
1.5 The Role of Regulators and Regulations
1-15
The SOX Act enhanced financial disclosures for public companies and placed more emphasis on corporate responsibility. It also created the Public Company Accounting Oversight
Board, or PCAOB, which oversees the audits of public companies.
Public Company Accounting Oversight
Board (PCAOB)
The PCAOB is a nonprofit corporation established through the SOX legislation in 2002. Its
mission is to oversee the audits of public companies to protect the interests of investors
(www.pcaobus.org). Prior to the creation of the PCAOB, the audit profession was selfregulated. This means that audit professionals, through their own professional organization,
created the auditing standards to be followed in the conduct of an audit. The audit profession
also created a system of peer review for inspecting audit work to ensure auditors were following the standards, and would take enforcement action for auditors who did not perform
audits according to the standards. The audit profession is still self-regulated with respect to
the audits of private companies, but when the PCAOB was created, it took over the regulation
and standard setting for the audits of public companies.
Standards issued by the PCAOB are called Auditing Standards (AS), which provide minimum requirements and guidance for auditing services. When the PCAOB was created, it adopted the audit profession’s standards in 2003 as its interim standards, providing a starting
point for the audits of public companies. Since then, the PCAOB has issued its own standards
that supersede, or replace, some of the interim standards.
The topical organization of the PCAOB standards is listed in Illustration 1.3. Throughout the text, you will be learning some of the specific PCAOB standards in the different topical
categories. The beginning of each chapter will list which PCAOB ­standards will be discussed
General Auditing Standards (1000)
1000
General Principles and Responsibilities
1100
General Concepts
1200
General Activities
1300
Auditor Communications
ILLUSTRATION 1.3
PCAOB Auditing Standards
topical organization
Audit Procedures (2000)
2100
Audit Planning and Risk Assessment
2200
Auditing Internal Control Over Financial Reporting
2300
Audit Procedures in Response to Risks—Nature, Timing, and Extent
2400
Audit Procedures for Specific Aspects of the Audit
2500
Audit Procedures for Certain Accounts or Disclosures
2600
Special Topics
2700
Auditor’s Responsibilities Regarding Supplemental and Other Information
2800
Concluding Audit Procedures
2900
Post-Audit Matters
Auditor Reporting (3000)
3100
Reporting on Audits of Financial Statements
3300
Other Reporting Topics
Matters Relating to Filings Under Federal Securities Laws (4000)
Other Matters Associated with Audits (6000)
Source: www.pcaobus.org/standards/auditing.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 15
8/23/21 1:55 PM
1-16
C h a pte r 1
Introduction and Overview of Audit and Assurance
in that particular chapter. You will also see references to the PCAOB standards within each
chapter. The reference will begin with “AS” followed by the standard number, a decimal, and
then a paragraph number, such as “AS 2201.06.”
Accounting firms that want to audit public companies must register with the PCAOB.
Registration involves paying fees to the board, complying with the Auditing Standards, and
having their audit work inspected by the board. The PCAOB has disciplinary authority over
registered firms and can impose punishment on accounting firms that do not adhere to standards. Punishments can include revoking a firm’s registration, imposing monetary fines, and
banning an individual within a firm from auditing public companies.
American Institute of Certified Public
Accountants (AICPA)
The AICPA is a private professional membership organization of CPAs representing the
­accounting profession. There are over 400,000 members in 145 countries (www.aicpa.org).
Some key activities of the AICPA include representing the profession before rule-making bodies, acting as an advocate for the profession before legislative bodies, providing educational
materials to its members, and setting ethical standards for the profession. The AICPA is also
responsible for creating and grading the Uniform CPA Exam.
The AICPA accomplishes many of its activities through its system of committees. One of
the standing committees is the Auditing Standards Board, or ASB. Prior to the creation of the
PCAOB, the ASB was responsible for issuing auditing standards used for the audits of public
and private companies. Since 2003, the task of the ASB has been to issue audit standards
for the audits of private companies and not-for-profit organizations only. Auditing standards
­issued by the ASB are called Statements on Auditing Standards (SAS).
The auditing standards include a comprehensive set of principles underlying an audit
conducted in accordance with generally accepted auditing standards (GAAS), which are presented in Illustration 1.4. These principles explicitly address the concepts of materiality
ILLUSTRATION 1.4
Principles underlying an audit
conducted in accordance with
generally accepted auditing
standards (GAAS)
Purpose of an Audit
The purpose of an audit is to provide financial statement users with an opinion by the auditor on
whether the financial statements are presented fairly, in all material respects, in accordance with
the applicable financial reporting framework. An auditor’s opinion enhances the degree of confidence that intended users can place in the financial statements.
Premise Upon Which an Audit Is Conducted
An audit in accordance with generally accepted auditing standards is conducted on the premise
that management, and where appropriate, those charged with governance, have responsibility:
a. for the preparation and fair presentation of the financial statements in accordance with the
applicable financial reporting framework; this includes the design, implementation, and
maintenance of internal control relevant to the preparation and fair presentation of financial
statements that are free from material misstatements, whether due to fraud or error.
b. to provide the auditor with:
i. all information, such as records, documentation, and other matters that are relevant to
the preparation and fair presentation of the financial statements;
ii. any additional information that the auditor may request from management, and where
appropriate, those charged with governance; and
iii. unrestricted access to those within the entity from whom the auditor determines it
necessary to obtain audit evidence.
Responsibilities of the Auditor
Auditors are responsible for having appropriate competence and capabilities to perform the audit;
complying with relevant ethical requirements; and maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 16
8/23/21 1:55 PM
1.5 The Role of Regulators and Regulations
Performing the Audit
To express an opinion, the auditor obtains reasonable assurance about whether the financial statements as a whole are free of material misstatement, whether due to fraud or error.
1-17
ILLUSTRATION 1.4
(continued)
To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor:
• plans the work and properly supervises any assistants.
• determines and applies appropriate materiality level or levels throughout the audit.
• identifies and assesses risks of material misstatement, whether due to fraud or error, based
on an understanding of the entity and its environment, including the entity’s internal control.
btains sufficient appropriate audit evidence about whether material misstatements exist,
• o
through designing and implementing appropriate responses to the assessed risks.
The auditor is unable to obtain absolute assurance that the financial statements are free of
material misstatement because of inherent limitations, which arise from:
• the nature of financial reporting;
• the nature of audit procedures; and
• t he need for the audit to be conducted within a reasonable period of time and so as to achieve
a balance between benefit and cost.
Reporting the Results of an Audit
Based on an evaluation of the audit evidence obtained, the auditor expresses, in the form of a
written report, an opinion in accordance with the auditor’s findings, or states that an opinion cannot be expressed. The opinion states whether the financial statements are presented fairly, in all
material respects, in accordance with applicable financial reporting framework.
Source: AU-C Preface.
and professional skepticism. The principles describe the responsibilities of management, and
those charged with governance of an entity, for the financial statements. The auditor responsibilities also address the important concepts of compliance with ethical requirements (including independence requirements) and the use of professional judgment. Take a few minutes to
read the principles in Illustration 1.4.
The SASs are interpretations of the principles underlying an audit conducted in accordance with GAAS. The SASs explain the nature and extent of an auditor’s responsibility and
offer guidance to an auditor in performing the audit of a private company. Compliance with
the SASs is mandatory for AICPA members, who must justify any departures from the standards. The SASs are numbered in the order in which they are issued by the ASB. Then the
standards are organized by topical content using the AU numbering system. (Note that the
“AU” stands for auditing standards, but these are not to be confused with the Auditing Standards (AS) from the PCAOB.) The AU-C topical order (the “C” denotes the clarified standards)
is listed in Illustration 1.5.
ILLUSTRATION 1.5
AU-C Section
General Topic
AU-C 200–299
General Principles and Responsibilities
AU-C 300–499
Risk Assessment and Response to Assessed Risks
AU-C 500–599
Audit Evidence
AU-C 600–699
Using the Work of Others
AU-C 700–799
Audit Conclusions and Reporting
AU-C 800–899
Special Considerations
AU-C 900–999
Special Considerations in the United States
Auditing Standards Board
AU-C topical content
Source: AICPA.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 17
8/23/21 1:55 PM
1-18
C h a pte r 1
Introduction and Overview of Audit and Assurance
Throughout the text, we will be learning some of the specific ASB auditing standards in
the different topical categories. The beginning of each chapter will list which ASB standards
will be discussed in that chapter. You will also see references to the ASB standards within the
text. The reference will begin with “AU-C” followed by the standard number, a decimal, and
then a paragraph number, such as “AU-C 200.05.”
The ASB also issues Statements on Standards for Attestation Engagements (SSAE) and Statements on Quality Control Standards (SQCS) for AICPA member firms. Another standing committee of the AICPA is the Accounting and Review Services Committee. This committee is tasked with
issuing Statements on Standards for Accounting and Review Services (SSARS). The SSARS provide
guidance for services provided on historical financial statements that are less extensive than an
audit. An example that we discussed earlier is a review of historical financial statements. A more
detailed discussion of accounting and review services is provided in Chapter 16.
To help summarize the audit standard-setting environment in the United States, Illustration 1.6 provides a diagram of the current audit standard setting-structure for the audits of
public and private companies.
ILLUSTRATION 1.6
Audit Standard Setting
Audit standard setting in the
United States
Statements on
Auditing Standards
(SAS)
Private company
(non-issuer)
Public company
(issuer)
AICPA’S Auditing
Standards Board
(ASB)
Public Company Accounting
Oversight Board
(PCAOB)
Statements on
Standards for
Attestation
Engagements (SSAE)
Statements on
Quality Control
Standards (SQCS)
Interpretive publications from the ASB to provide guidance to
CPAs and auditors
Auditing Standards
(AS)
Staff audit practice
alerts from the PCAOB
to provide guidance to
CPAs and auditors
Professional Environment International Auditing and Assurance Standards Board (IAASB)
In 1977, 63 accountancy bodies (including the AICPA) representing 51 countries signed an agreement creating the International Federation of Accountants (IFAC). The mission of IFAC
is to serve the public interest and strengthen the accountancy
profession by supporting the development and implementation
of high-quality international standards.2
Toward this end, IFAC has established, as a standing subcommittee, the International ­Auditing and Assurance Standards Board
(IAASB) with the responsibility and authority to issue International
Standards on Auditing (ISA). The mission of the IAASB is to establish high-quality auditing, assurance, quality control, and related
services standards and to improve the uniformity of practice by professional accountants throughout the world, thereby strengthening
c01IntroductionAndOverviewOfAuditAndAssurance.indd 18
public confidence in the global auditing profession and serving the
public interest.3
Today, auditing has become a global profession. Many countries
adopt IAASB standards as their own. Other countries have auditing
standards that closely resemble the IAASB standards (for example,
the SAS in the United States). Where differences exist between the
international standards and local standards, the local member body,
such as the AICPA’s ASB, is expected to give prompt consideration to
such differences with a view to achieving harmonization.
In recent years, the U.S. ASB and the IAASB have worked
jointly in creating auditing standards that have global acceptance.
Most of the auditing principles and practices discussed in this text
are consistent with IAASB standards.
2
International Federation of Accountants website (accessed June 5, 2020), www.ifac.org.
3
International Auditing and Assurance Standards Board website (accessed June 5, 2020), www.iaasb.org.
8/23/21 1:55 PM
1.5 The Role of Regulators and Regulations
1-19
Financial Accounting Standards Board (FASB)
The FASB is a privately funded organization whose mission is to establish financial accounting and reporting standards for nongovernmental entities with the goal of providing information that is useful for decision making (www.fasb.org). You are probably familiar with the
FASB from your financial accounting courses.
The FASB maintains the Accounting Standards Codification (ASC), which represents the
authoritative standards of financial reporting recognized by the SEC, the PCAOB, and the
AICPA. We commonly refer to the authoritative standards as GAAP. There are seven full-time
members of the FASB who have diverse backgrounds in accounting, finance, business, and
research. Members of the FASB work closely with the AICPA, SEC, and the PCAOB when
researching and drafting financial accounting and reporting standards.
Committee on Sponsoring Organizations of the
Treadway Commission (COSO)
COSO is an independent private-sector group that focuses on providing guidance to management and expertise in the areas of internal control, enterprise risk management, and
fraud deterrence (www.coso.org). COSO was organized in 1985 and is sponsored by the following organizations: the American Accounting Association (AAA), the AICPA, Financial
Executives International (FEI), the Institute of Internal Auditors (IIA), and the ­Institute of
Management Accountants (IMA). Because the first chairman of the commission was James
C. Treadway, Jr., a former commissioner of the SEC, the group is often referred to as the
“Treadway Commission.”
In 1992, COSO issued a landmark report titled Internal Control—Integrated Framework.
This report provided a comprehensive definition of internal controls and a framework that
companies could use to design their own internal control systems. In 2013, the framework
went through a comprehensive update and was reissued. This updated framework will be
covered in depth in Chapter 6.
National Association of State Boards of
Accountancy (NASBA) and State Boards of
Accountancy
CPAs are professionals who are licensed by state governments. Each state legislature has
established a state board of accountancy to license and regulate CPAs to protect the public
interest. Some of the functions of a state board of accountancy include:
• Issuing CPA licenses to individuals who meet all the requirements.
• Adopting and enforcing rules of professional conduct for CPAs.
• Adopting and enforcing rules regarding continuing professional education requirements.
• Investigating complaints, conducting hearings, and taking appropriate disciplinary actions, such as suspension or revocation of the CPA license.
NASBA is a professional organization whose mission is to enhance the effectiveness and
advance the common interests of its members, which are the state boards of accountancy
(www.nasba.org). There are actually 55 jurisdictions with boards of accountancy. They include the 50 states, the District of Columbia, the Commonwealth of the Northern Mariana
Islands, Guam, Puerto Rico, and the Virgin Islands.
NASBA acts as a collective voice for the boards of accountancy and works to promote the interests of the state boards with legislative and regulatory bodies. NASBA also provides education
and development opportunities for its members, provides technology support, and promotes
ethical behavior in the profession. One of the services NASBA provides to state boards is that it
serves as the application center for individuals applying to sit for the CPA exam. When you are
ready to apply to take the CPA exam, you may be asked to apply through NASBA’s website.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 19
8/23/21 1:55 PM
1-20
C h a pte r 1
Introduction and Overview of Audit and Assurance
Cloud 9 Continuing Case
Ernie explains that, in general, the regulators and regulations
that apply to publicly traded corporations are not relevant to
Stotez Shoes. However, any auditor Ron engages would apply the
auditing and accounting standards that are relevant to an audit
engagement when auditing a small business. Since Stotez Shoes
is a private company, the auditors would follow the auditing standards of the ASB when conducting the audit.
Before You Go On
5.1 What is the SEC and what is its role?
5.2 Which organization sets the standards for the audits of public companies? For the audits of
private companies?
5.3 What are the main functions of a state board of accountancy?
1.6
Audit Report on Financial Statements
LEARNING OBJECTIVE 6
Explain the concepts of reasonable assurance and materiality, and the nature of an
unqualified/unmodified report on the audit of financial statements.
In this section, we introduce you to the independent auditor’s report, which is the “end product”
of the financial statement audit. The independent auditor’s report is used to communicate the
auditor’s opinion about a company’s financial statements to interested users. We will revisit the
independent auditor’s report in more depth in Chapter 16, but it is helpful to understand this
report from the perspective of a financial statement reader as you begin to learn the audit process.
Reasonable Assurance and the Financial
Statements
reasonable assurance a high,
but not absolute, level of assurance
We have explained how the responsibility of the auditor is to provide an opinion on whether the
financial statements are presented fairly in accordance with the applicable financial reporting
framework. An opinion is defined as a judgment about matters that are subjective. The preparation of financial statements is considered somewhat subjective because management must
make some estimates and choose between different accounting methods. Therefore, the auditor is only required to obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or error.
• Reasonable assurance is a high, but not absolute, level of assurance (AU-C 200.06).
• I n other words, the a­ uditor does not “guarantee” or “certify” that the financial statements
are 100% accurate because that is considered absolute assurance, which is not possible
with content that is subjective.
In addition, an audit could not be completed in a reasonable amount of time if auditors had
to provide absolute assurance. For some accounts and transactions, auditors use sampling
techniques when gathering audit evidence and therefore do not examine 100% of a company’s
transactions for the period under audit. So, how do auditors know when they have gathered
enough evidence? Ultimately, that is a matter of professional judgment. Since judgment is
c01IntroductionAndOverviewOfAuditAndAssurance.indd 20
8/23/21 1:55 PM
1.6 Audit Report on Financial Statements
involved, there will always be a risk the auditors will give the wrong opinion. This is called
audit risk.
Audit risk is affected by client characteristics as well as actions of the auditor. For example, when a client implements a new accounting standard, audit risk increases because there
is increased risk for error when implementing a new process. The internal control system of
the client also impacts audit risk. If the client has strong internal controls, it is more likely the
internal controls will prevent, or detect and correct, material misstatements, which decreases
audit risk. Auditors impact audit risk by the decisions made in how to conduct the audit. The
concept of audit risk is covered in depth in Chapter 3.
We will devote considerable attention throughout the text to the concept of audit risk and
determining how auditors make important professional judgments about collecting sufficient,
appropriate evidence to achieve reasonable assurance and support the auditor’s opinion.
1-21
audit risk the risk that an auditor expresses an inappropriate
audit opinion when the financial statements are materially
misstated
Materiality and the Financial Statements
Although financial statements contain approximations, they must reflect a reasonable degree
of precision. However, accounting is not precise, or accurate, the way we might think of
Newtonian physics as being precise. If a potential misstatement of the financial statements is
significant enough to influence or make a difference in the judgment of a financial statement
user, it is considered material.
Materiality is a relative concept, and it differs from company to company and from year to year
for a given company. For example, a $25,000 misstatement of revenues may be material to a company with $200,000 of net income, while a $25,000 misstatement for a company with $5,000,000
in net income may be immaterial. In addition, qualitative characteristics influence materiality. For
example, an error in the financial statements may be a small percentage of an account balance.
This small error, however, may be considered material because it could cause an entity to breach a
loan covenant, which could result in a misclassification of current and noncurrent debt.
Auditors design an audit to provide reasonable assurance that the financial statements
are free of material misstatement. However, auditors do not design an audit to look for immaterial misstatements because they would not influence a financial statement user. A deeper
discussion of how auditors make materiality decisions can be found in Chapter 3.
Professional Environment Materiality
In the audit of a very large company, the amount of misstatement
that would be considered immaterial might be quite large. Consider
the audit of Starbucks for the year ended September 27, 2020,
when Starbucks had total revenues of $23.518 billion, earnings
before income taxes of $1.164 billion, net income of $928 million,
and total assets of $29.374 billion at September 27, 2020. Starbucks
rounds its financial statement amounts to the nearest $1 million.
For the year ended September 27, 2020, Starbucks had a return on
assets of 38.19%.
As an investor, would you consider a return on assets of
38.19% or 38.18% to be substantially the same? It would take approximately a $6 million misstatement to change return on assets
by only 1/100 of 1% for Starbucks for the year ended September 27,
2020. Alternatively, as an investor, would you consider a return on
assets of 38.19% or 38.09% to be substantially the same? It would
take approximately a $60 million misstatement to change r­ eturn
on assets by only 1/10 of 1% for Starbucks for the year ended
September 27, 2020.
The Auditorʼs Report on Financial Statements
When the audit firm has determined that it has gathered sufficient, appropriate evidence to
form an opinion, then it is ready to issue the audit report. Auditing standards require a standard
format of the audit report be used for all audits. In other words, all accounting firms use the
same standard format and standard wording for reporting their audit opinions. Using a standard
format makes it easier for financial statement users to navigate the audit report.
There is a standard report for the audit of public company financial statements and a
standard report for the audit of private company financial statements. The actual process of
auditing the financial statements of public and private companies is similar, but there are also
some differences, which will be discussed throughout the text. One of the key differences is
the format of the audit reports.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 21
8/23/21 1:55 PM
1-22
C h a pte r 1
Introduction and Overview of Audit and Assurance
AU-C 700 Forming an Opinion
and Reporting on Financial
Statements
Illustration 1.7 provides an example of an unmodified audit report on the financial
statements of Stotez Shoes, a private company. If auditors have determined the financial statements are presented fairly in accordance with the applicable financial reporting framework,
they issue the standard unmodified report. Take a moment to read over the report. You will
see some of the key concepts we have already discussed in this chapter. Sections of the report
are numbered so we can further explain each component. Explanations of each numbered
component follow.
ILLUSTRATION 1.7
Example of an unmodified
audit report on the financial
statements of Stotez Shoes, a
private company
[1] INDEPENDENT AUDITOR’S REPORT
[2] To the owners of Stotez Shoes
[3] Opinion
We have audited the financial statements of Stotez Shoes, which comprise the balance sheets as
of December 31, 2025 and 2024, and the related statements of income, changes in stockholders’
equity, and cash flows for the years then ended, and the related notes to the financial statements.
In our opinion, the accompanying financial statements present fairly, in all material respects, the
financial position of Stotez as of December 31, 2025 and 2024, and the results of its operations
and its cash flows for the years then ended in accordance with accounting principles generally
accepted in the United States of America.
[4] Basis for Opinion
We conducted our audits in accordance with auditing standards generally accepted in the United
States of America (GAAS). Our responsibilities under those standards are further described in the
Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are
required to be independent of Stotez Shoes and to meet our other ethical responsibilities, in accordance with the relevant ethical requirements relating to our audits. We believe that the audit
evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
[5] Responsibilities of Management for the Financial Statements
Management is responsible for the preparation and fair presentation of the financial statements
in accordance with accounting principles generally accepted in the United States of America, and
for the design, implementation, and maintenance of internal control relevant to the preparation
and fair presentation of financial statements that are free from material misstatement, whether
due to fraud or error.
In preparing the financial statements, management is required to evaluate whether there are conditions or events, considered in the aggregate, that raise substantial doubt about Stotez Shoes’
ability to continue as a going concern for one year from the issuance date of the financial statements.
[6] Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not
absolute assurance and therefore is not a guarantee that an audit conducted in accordance with
GAAS will always detect a material misstatement when it exists. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may
involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal
control. Misstatements are considered material if there is substantial likelihood that, individually
or in the aggregate, they would influence the judgment made by a reasonable user based on the
financial statements.
In performing an audit in accordance with GAAS, we:
• Exercise professional judgment and maintain professional skepticism throughout the audit.
• I dentify and assess the risks of material misstatement of the financial statements, whether due
to fraud or error, and design and perform audit procedures responsive to those risks. Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in
the financial statements.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 22
8/23/21 1:55 PM
1.6 Audit Report on Financial Statements
• O
btain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of Stotez Shoes’ internal control. Accordingly, no such opinion is
expressed.
1-23
ILLUSTRATION 1.7
(continued)
• Evaluate the appropriateness of accounting policies used and the reasonableness of significant
accounting estimates made by management, as well as evaluate the overall presentation of the
financial statements.
• C
onclude whether, in our judgment, there are conditions or events, considered in the aggregate,
that raise substantial doubt about Stotez Shoes’ ability to continue as a going concern for a
reasonable period of time.
We are required to communicate with those charged with governance regarding, among other
matters, the planned scope and timing of the audit, significant audit findings, and certain internal
control–related matters that we identified during the audit.
[7] Bell & Bowerman, LLP
Seattle, Washington
[8] February 15, 2026
Source: AU-C 700.A63 Exhibit—Illustration 1.
1. Title. The term independent is in the title of the report to emphasize the auditors are
external to the company, are unbiased, and therefore can provide an objective opinion.
2. Address. The report is addressed to the owners or shareholders of the company and to
the board of directors, if applicable.
3. Opinion section. Identifies the financial statements that were audited and clearly states
the auditor’s opinion that the financial statements were fairly presented, in all material
respects, in accordance with the applicable financial reporting framework.
4. Basis for Opinion section. States the auditor conducted the audit in accordance with
auditing standards and is required to be independent of the company.
5. Responsibilities of Management section. States management’s responsibility for the
preparation and fair presentation of the financial statements; the design, implementation, and maintenance of internal control; and the evaluation of conditions or events that
raise substantial doubt about the company’s ability to continue as a going concern.
6. Auditor’s Responsibilities section. States the auditor’s objective is to obtain reasonable assurance about whether the financial statements are free from material misstatement due to fraud or error. Lists specific actions the auditor takes in performing an audit
in accordance with GAAS.
7. Signature. The firm name and location are used as the signature.
8. Date. The date represents the end of fieldwork, which is the conclusion of gathering and
evaluating evidence, and drawing all conclusions for the audit.
Illustration 1.8 provides an example of an unqualified audit report on the financial
statements of Amazon.com, a public company. If auditors have determined the financial
statements are presented fairly in accordance with the applicable financial reporting framework, they issue the standard unqualified report. The PCAOB standards use the term unqualified report. The term unqualified is equivalent to the term unmodified used for the private
company audit report. The terms are sometimes used interchangeably.
Take a moment to look over the report in Illustration 1.8 and note some of the similarities and differences with the private company audit report. Again, you will see some
of the key concepts discussed in this chapter. Sections of the report are numbered so we
can further explain each component. Explanations of each numbered component follow
Illustration 1.8.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 23
AS 3101 The Auditor’s Report on
an Audit of Financial Statements
When the Auditor Expresses an
Unqualified Opinion
8/23/21 1:55 PM
1-24
C h a pte r 1
Introduction and Overview of Audit and Assurance
ILLUSTRATION 1.8
Example of an unqualified
audit report on the financial
statements of Amazon.com, a
public company
[1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
[2] To the Board of Directors and Shareholders
Amazon.com, Inc.
Opinion on the Financial Statements
[3] We have audited the accompanying consolidated balance sheets of Amazon.com, Inc. (the Company) as of December 31, 2020 and 2019, and the related consolidated statements of operations,
comprehensive income, stockholders’ equity, and cash flows, for each of the three years in the period ended December 31, 2020, and the related notes (collectively referred to as the “consolidated
financial statements”). In our opinion, the consolidated financial statements present fairly, in all
material respects, the financial position of the Company at December 31, 2020 and 2019, and the
results of its operations and its cash flows for each of the three years in the period ended December
31, 2020, in conformity with U.S. generally accepted accounting principles.
[4] We have also audited, in accordance with the standards of the Public Company Accounting
Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting
as of December 31, 2020, based on criteria established in Internal Control—Integrated Framework
issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 2, 2021, expressed an unqualified opinion on the Company’s
internal control over financial reporting.
Basis for Opinion
[5] These consolidated financial statements are the responsibility of the Company’s management.
Our responsibility is to express an opinion on the Company’s financial statements based on our
audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the
applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
[6] We conducted our audits in accordance with the standards of the PCAOB. Those standards
require that we plan and perform the audit to obtain reasonable assurance about whether the
consolidated financial statements are free of material misstatement, whether due to error or fraud.
Our audits included performing procedures to assess the risks of material misstatement of the
consolidated financial statements, whether due to error or fraud, and performing procedures that
respond to those risks. Such procedures included examining, on a test basis, evidence regarding
the amounts and disclosures in the consolidated financial statements. Our audits also included
evaluating the accounting principles used and significant estimates made by management, as well
as evaluating the overall presentation of the consolidated financial statements. We believe that our
audits provide a reasonable basis for our opinion.
[7] Critical Audit Matter
The critical audit matter communicated below is a matter arising from the current-period audit of
the consolidated financial statements that was communicated or required to be communicated
to the audit committee and that (1) relates to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex
judgments. The communication of the critical audit matter does not alter in any way our opinion
on the consolidated financial statements, taken as a whole, and we are not, by communicating
the critical audit matter below, providing a separate opinion on the critical audit matter or on the
accounts or disclosures to which it relates.
Uncertain Tax Positions
Description of the Matter
The Company is subject to income taxes in the U.S. and numerous foreign jurisdictions and, as
discussed in Note 9 of the consolidated financial statements, during the ordinary course of business, there are many tax positions for which the ultimate tax determination is uncertain. As a result, significant judgment is required in evaluating the Company’s tax positions and determining
its provision for income taxes. The Company uses significant judgment in (1) determining whether a tax position’s technical merits are more likely than not to be sustained and (2) measuring
the amount of tax benefit that qualifies for recognition. As of December 31, 2020, the Company
accrued liabilities of $2.8 billion for various tax contingencies.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 24
8/23/21 1:55 PM
1.6 Audit Report on Financial Statements
Auditing the measurement of the Company’s tax contingencies was challenging because the evaluation of whether a tax position is more likely than not to be sustained and the measurement of
the benefit of various tax positions can be complex, involves significant judgment, and is based on
interpretations of tax laws and legal rulings.
1-25
ILLUSTRATION 1.8
(continued)
How We Addressed the Matter in Our Audit
We tested controls over the Company’s process to assess the technical merits of its tax contingencies, including controls over the assessment as to whether a tax position is more likely than not to
be sustained, management’s process to measure the benefit of its tax positions, and the development of the related disclosures.
We involved our international tax, transfer pricing, and research and development tax professionals
in assessing the technical merits of certain of the Company’s tax positions. Depending on the nature
of the specific tax position and, as applicable, developments with the relevant tax authorities relating thereto, our procedures included obtaining and examining the Company’s analysis including the
Company’s correspondence with such tax authorities and evaluating the underlying facts upon which
the tax positions are based. We used our knowledge of, and experience with, international, transfer
pricing, and other income tax laws by the relevant income tax authorities to evaluate the Company’s
accounting for its tax contingencies. We evaluated developments in the applicable regulatory environments to assess potential effects on the Company’s positions, including recent decisions in relevant court cases. We analyzed the Company’s assumptions and data used to determine the amount
of tax benefits to recognize and tested the accuracy of the Company’s calculations. We have also evaluated the Company’s income tax disclosures included in Note 9 in relation to these matters.
[8] /s/ Ernst & Young LLP
Seattle, Washington
[9] February 2, 2021
[10] We have served as the Company’s auditor since 1996.
1. Title. The term independent is also in the title of this report to emphasize the auditors are
external to the company, unbiased, and therefore can provide an objective opinion. In addition, the term registered is included to emphasize the firm is registered with the PCAOB.
2. Address. The report is addressed to the shareholders and board of directors of the company.
3. Opinion section. The first sentence explains that an audit was conducted and identifies
the financial statements and the dates of the financial statements. The second sentence
states the auditor’s opinion. Note the opinion sentence is virtually identical to the opinion
sentence for the private company audit report.
4. Paragraph referencing the audit of internal control. This paragraph is unique to the
public company audit report. Public companies are required to have an audit of ICFR, and
auditors issue a separate opinion for that audit, which is discussed in the next section.
5. Basis for Opinion section. This section states the differing responsibilities of management
and auditors. It is similar to the responsibility paragraphs of the report for private company
audits, but the private company report goes into more detail regarding the responsibilities of
management and auditors. One key difference is that this section references registration with
the PCAOB and independence requirements of the SEC and other federal securities laws.
6. Scope paragraph. This paragraph explains, in brief terms, the process of conducting an
­audit. It mentions the concept of reasonable assurance about whether the financial statements are free of material misstatement. It includes an explicit statement that PCAOB
auditing standards were followed since it is a public company. The scope paragraph also
includes a brief discussion of the professional judgments made during the audit. Finally,
it concludes with a statement that the audit firm believes that its audit provides a reasonable basis for its opinion.
7. Critical Audit Matters section. Defines critical audit matters, provides a description of
the critical audit matter(s), and details how the critical audit matter was addressed in the
audit. This section is unique to the public company audit report and is discussed further
in the following Professional Environment and in Chapter 16.
8. Signature. The firm name and location is used as the signature.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 25
8/23/21 1:55 PM
1-26
C h a pte r 1
Introduction and Overview of Audit and Assurance
9. Date. The date represents the end of fieldwork, which is the conclusion of gathering and
evaluating evidence, and drawing all conclusions for the audit.
10. Auditor tenure. The final component of the report is a sentence that states the year in
which the firm began serving consecutively as the company’s auditor.
After reviewing the standard audit reports, you may have a few questions. What happens if
auditors conclude the financial statements are not presented fairly in accordance with the applicable financial reporting framework? Or what happens if auditors cannot gather enough evidence to
form an opinion? When situations such as these occur, auditors may have to modify their opinion.
Auditing standards have established three types of modified audit opinions: a qualified
opinion, an adverse opinion, and a disclaimer of opinion. Illustration 1.9 provides a brief
summary of situations that could cause auditors to issue a modified opinion. It is important to
note that only material situations would cause auditors to modify the opinion. The discovery
of immaterial errors would not prevent the issuance of an unmodified/unqualified opinion.
The different types of modified reports will be covered in depth in Chapter 16, so consider
Illustration 1.9 a basic introduction.
ILLUSTRATION 1.9
Situations that cause a
modified opinion
Situation
Type of Modified Opinion
Material departure(s) from the applicable financial reporting framework and the client refuses to
make corrections
ualified—financial statements are presented
• Q
fairly, except for the uncorrected departure(s)
Material limitation on the auditor’s ability to
gather sufficient appropriate evidence, referred to
as a scope limitation
ualified—financial statements are presented
• Q
fairly, except for the auditor’s inability to gather
evidence for a material item
• A
dverse—financial statements are not
presented fairly and should not be relied upon
(pervasively material departures)
• D
isclaimer of opinion—auditor was not able to
gather sufficient appropriate evidence and cannot
express an opinion on the financial statements
(pervasively material scope limitations)
Auditor is not independent
• D
isclaimer of opinion—auditor is not
independent and cannot express an opinion
Professional Environment PCAOB Released New Audit Report
Prior to 2017, the standard unqualified auditor’s report had remained substantially unchanged since the 1940s. Over the years,
there had been much debate about the relevance of continuing to
use the same standard report, particularly in the modern information age in which investors and other users demand better and
faster information. Since 2011, the PCAOB has encouraged open
discussion, comments, and feedback on various proposals for making the auditor’s report more relevant to the public. Finally, on June
1, 2017, the PCAOB adopted a new auditor reporting standard, AS
3101 The Auditor’s Report on an Audit of Financial Statements
When the Auditor Expresses an Unqualified Opinion. The standard
was approved by the SEC on October 23, 2017. The standard included two significant changes to the existing auditor’s report.
The first significant change is the communication of critical audit matters (CAMs) in the audit report. A CAM is any audit
matter that was communicated to or required to be communicated
to the audit committee. The rationale is that if a matter is being
communicated to the audit committee, it must be important and
should be made available to users of the financial statements. The
standard states that a CAM “relates to accounts or disclosures that
are material to the financial statements and involves especially challenging, subjective, or complex auditor judgement” (AS 3101.11).
For each CAM that is included in the auditor’s report, the auditor
must identify the CAM, describe why the auditor considered the
item a CAM and how it was addressed during the audit, and refer to
the relevant accounts or disclosures that relate to the CAM.
The second significant change is the inclusion of auditor
tenure in the auditor’s report. After the signature of the firm at
the conclusion of the report, there is a statement that says, “We
have served as the Company’s auditor since [year]” (AS 3101
Appendix B). The firm includes the year in which it began serving consecutively as the company’s auditor.
The changes to the auditor’s report, including the disclosure
of auditor tenure, went into effect for fiscal years ending on or
after December 15, 2017. However, the PCAOB recognized that
including CAMs in the auditor’s report was a significant change.
Therefore, the requirement to include CAMs was delayed until fiscal years ending on or after June 2019.4 The auditor’s report for
Amazon.com in Illustration 1.8 reflects the new audit report, including the discussion of CAMs.
4
PCAOB Release No. 2017-001, The Auditor’s Report on an Audit of Financial Statements When the Auditor
Expresses an Unqualified Opinion.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 26
8/23/21 1:55 PM
1.7 Audit Report on Internal Controls over Financial Reporting
1-27
Before You Go On
6.1 Why do auditors provide reasonable assurance and not absolute assurance?
6.2 Explain the concept of materiality. How does the concept of materiality relate to reasonable
assurance?
6.3 W
hat are the meanings of the terms unqualified and unmodified in the context of an audit of
financial statements?
Audit Report on Internal Controls over
Financial Reporting
1.7
LEARNING OBJECTIVE 7
Explain the concept of reasonable assurance and the nature of an unqualified
report on internal controls over financial reporting.
Next, we will discuss the audit report for the audit of ICFR. Recall from earlier in the chapter
that only certain public companies are required to have an audit on the effectiveness of ICFR.
The SEC classifies public companies into three categories based on worldwide market value
(in U.S. dollars) of outstanding common equity:
1. Large accelerated filer. At least $700 million in outstanding common equity.
2. Accelerated filer. Between $75 and $700 million in outstanding common equity and
at least $100 million in annual revenues.
3. Non-accelerated filer. Two subcategories as follows.
a. Between $75 and $700 million in outstanding common equity and less than
$100 million in annual revenues.
b. Less than $75 million in outstanding common equity and no revenue limitation.
Public companies categorized as non-accelerated filers are not required to have an audit of
ICFR. Therefore, when we discuss the audit of ICFR for public companies, we are referring to
public companies categorized as accelerated filers and large accelerated filers.
Reasonable Assurance and Internal Controls
Section 404 of the SOX legislation requires that management accept responsibility for the
design and maintenance of internal controls. It also requires that management issue a report
each year asserting whether internal controls over financial reporting were effective. Further,
management’s claims about the effectiveness of ICFR must be audited by the independent
external auditor. The reason for requiring an audit of internal controls is because effective ICFR provides reasonable assurance regarding the reliability of financial reporting and
the preparation of financial statements for external purposes (AS 2201.02).
Here again we see the phrase reasonable assurance. If internal controls are effective, then
it is more likely that the financial statements will be free of material misstatements and errors.
Even though internal controls may be considered effective, it does not mean they will prevent
all misstatements or errors from affecting the financial statements. There is still some risk that
a material error could occur on the financial statements. Even an effective system of internal
controls over financial reporting will only provide reasonable assurance, not absolute assurance, that financial statements are free from material misstatement.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 27
8/23/21 1:55 PM
1-28
C h a pte r 1
Introduction and Overview of Audit and Assurance
AS 2201 An Audit of Internal
Control Over Financial Reporting
That Is Integrated with An Audit
of Financial Statements
Auditing standards from the PCAOB guide the conduct of an integrated audit for public
companies. Auditors must:
lan and perform their work to achieve the objectives of both the financial statement
• P
audit and the audit of the effectiveness of ICFR simultaneously.
elect audit procedures that allow them to gather evidence that is useful to both of the
• S
audits.
• Obtain reasonable assurance about whether the company maintained effective ICFR for
the period under audit.
Auditors cannot provide absolute assurance about the effectiveness of internal controls for the
same reasons they cannot provide absolute assurance on the fair presentation of the financial
statements. The design and implementation of controls is somewhat subjective, and there is
not enough time for auditors to test the effectiveness of all of the entity’s internal controls.
Using professional judgment, auditors select the most critical internal controls over financial reporting and test the effectiveness of those controls. This will be discussed further in
Chapters 6 and 7.
The Auditor’s Report on Internal Control over
Financial Reporting
When auditors have determined they have gathered sufficient, appropriate evidence to form
an opinion on the effectiveness of ICFR, then they are ready to issue the audit report. Similar
to the financial statement audit report, a standard format is used for all audits of effectiveness
of ICFR. Illustration 1.10 provides an example of an audit report on the effectiveness of
ICFR for a public company. If auditors have determined the company has maintained effective ICFR for the period under audit, then they issue the standard unqualified report. Take a
moment to read over the report, and you will see some similarities to the financial statement
audit report for a public company.
ILLUSTRATION 1.10
Example of an unqualified
audit report on the effectiveness of ICFR for Amazon.com,
a public company
[1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
[2] The Board of Directors and Shareholders
Amazon.com, Inc.
[3] Opinion on Internal Control over Financial Reporting
We have audited Amazon.com, Inc.’s internal control over financial reporting as of December 31,
2020, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Amazon.com, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2020, based on the COSO criteria.
[4] We have also audited, in accordance with the standards of the Public Company Accounting
Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of
December 31, 2020 and 2019, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the three years in the period ended
December 31, 2020 and the related notes and our report dated February 2, 2021, expressed an
unqualified opinion thereon.
[5] Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial
reporting and for its assessment of the effectiveness of internal control over financial reporting,
­included in the accompanying Management’s Report on Internal Control over Financial Reporting.
Our responsibility is to express an opinion on the Company’s internal control over financial reporting
based on our audit. We are a public accounting firm registered with the PCAOB and are required to be
independent with respect to the Company in accordance with the U.S. federal securities laws and the
applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 28
8/23/21 1:55 PM
1.7 Audit Report on Internal Controls over Financial Reporting
[6] We conducted our audit in accordance with the standards of the PCAOB. Those standards ­require
that we plan and perform the audit to obtain reasonable assurance about whether effective internal
control over financial reporting was maintained in all material respects.
1-29
ILLUSTRATION 1.10
(continued)
Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we
considered necessary in the circumstances. We believe that our audit provides a reasonable basis
for our opinion.
[7] Definition and Limitations of Internal Control over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable
assurance regarding the reliability of financial reporting and the preparation of financial statements
for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the
maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and
dispositions of the assets of the company; (2) provide reasonable assurance that transactions are
recorded as necessary to permit preparation of financial statements in accordance with generally
accepted accounting principles, and that receipts and expenditures of the company are being made
only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use,
or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or
detect misstatements. Also, projections of any evaluation of effectiveness to future periods are
subject to the risk that controls may become inadequate because of changes in conditions, or that
the degree of compliance with the policies or procedures may deteriorate.
[8] /s/ Ernst & Young LLP
Seattle, Washington
[9] February 2, 2021
The key components of the unqualified report in Illustration 1.10 are as follows.
1. Title. The term independent is also in the title of this report to emphasize the auditors are
external to the company, are unbiased, and therefore can provide an objective opinion. In addition, the term registered is required to indicate that the firm is registered with the PCAOB.
2. Address. The report is addressed to the shareholders and board of directors of the ­company.
3. Opinion section. The first sentence explains that an audit of ICFR was conducted and references the COSO Internal Control Integrated Framework as the criterion used as the basis
for determining if ICFR are effective. The second sentence states the auditor’s opinion.
4. Paragraph referencing the financial statement audit. This paragraph is a reference
to the financial statement audit report and states the type of opinion that was given on the
financial statements.
5. Basis for Opinion section. This section states the different responsibilities of management and auditors. Like the audit report on the financial statements, this section references registration with the PCAOB and independence requirements of the SEC and other
federal securities laws.
6. Scope paragraph. This paragraph explains that auditors conducted their audit in accordance with the standards of the PCAOB. In brief terms, it explains the process of conducting an audit of the effectiveness of ICFR. It mentions that auditors are only required
to obtain reasonable assurance about whether the company maintained, in all material
respects, effective ICFR. It concludes with a statement that the audit firm believes its
audit provides a reasonable basis for its opinion.
7. Definition and Limitations section. This section provides a definition of ICFR that is
taken directly from AS 2201. This is helpful for users of the financial statements in case
they are not familiar with the concept of internal controls. Also note the use of reasonable
assurance in the definition to clarify that an internal control system does not eliminate all
c01IntroductionAndOverviewOfAuditAndAssurance.indd 29
8/23/21 1:55 PM
1-30
C h a pte r 1
Introduction and Overview of Audit and Assurance
risk associated with the preparation of financial statements. The final sentence cautions
users not to use the current-year opinion to assume that future internal controls will be
effective. Circumstances may change in the future that could render controls ineffective
if the controls are not modified appropriately.
8. Signature. The audit firm’s name and location are used as the signature.
9. Date. The date represents the end of fieldwork, which is the conclusion of gathering and
evaluating evidence for the audit. Since the audits are integrated, the date on both the
financial statement audit report and the audit report on the effectiveness of ICFR will be
the same.
material weakness a
deficiency, or combination of
deficiencies, in ICFR, such that
there is a reasonable possibility
that a material misstatement of
the financial statements will not
be prevented or detected on a
timely basis
What happens if auditors conclude the company did not maintain effective ICFR over the
period under audit? That would mean the auditors discovered a material weakness in the
client’s ICFR. The PCAOB defines a material weakness as follows.
A deficiency, or combination of deficiencies, in ICFR, such that there is a reasonable
possibility that a material misstatement of the financial statements will not be
prevented or detected on a timely basis. (AS 2201.A7)
If one or more material weaknesses are discovered during the audit, then auditors issue an adverse opinion on the effectiveness of ICFR that explicitly states the company did not maintain
effective ICFR during the period under audit. AS 2201 dictates how auditors would modify the
audit report to express an adverse opinion. If auditors encounter a material limitation in the
scope of their work, they may consider disclaiming an opinion. We will cover these modifications in greater detail in Chapter 16.
Before You Go On
7.1 Explain the concept of reasonable assurance as it applies to a system of internal controls and
to the audit of the effectiveness of internal controls.
7.2 What is management’s responsibility for internal controls as stated in the audit report on the
effectiveness of internal controls?
7.3 What date is used on the audit report on the effectiveness of internal controls, and what does
the date represent?
1.8
The Audit Expectation Gap
LEARNING OBJECTIVE 8
Discuss the audit expectation gap.
The overall audit expectation gap occurs when there is a difference between the expectations of
auditors and those of financial statement users, as shown in Illustration 1.11. The gap occurs
when user beliefs do not align with an auditor’s professional responsibilities.
ILLUSTRATION 1.11
Audit expectations gap
User Expectations
Reality
• The auditor is providing absolute assurance.
• An auditor provides reasonable assurance.
• T
he auditor is guaranteeing the future viability
of the entity.
• T
he audit does not guarantee the future viability
of the entity.
(continues)
c01IntroductionAndOverviewOfAuditAndAssurance.indd 30
8/23/21 1:55 PM
1.8 The Audit Expectation Gap 1-31
User Expectations
ILLUSTRATION 1.11
Reality
• A
n unmodified audit opinion is an indicator of
complete accuracy of the financial statements.
• A
n unmodified opinion indicates the auditor
believes there are no material misstatements in
the financial statements.
• T
he auditor will definitely find any and all
fraud.
• T
he auditor will assess the risk of fraud and
conduct tests to try to uncover any fraud, but
there is no guarantee the auditor will find all
material fraud, should one have occurred.
• The auditor has checked all transactions.
• The auditor tests a sample of transactions.
(continued)
The overall audit expectation gap is graphically represented in Illustration 1.12. In this
figure, note the performance gap, which is the difference between auditor performance and
auditing standards and regulations. There is also an expectation gap, which is the difference
between a financial statement user’s expectations and auditing standards and regulations.
ILLUSTRATION 1.12 Audit expectation and performance gaps
Auditor Performance
Performance Gap
• Auditor failure to
follow firm policy,
standards, and
regulations
Auditing Standards and
Regulations
Expectation Gap
Auditor performance impacted by:
• Auditing standards
• Ethical standards
• Regulations
• Legislation
• Firm policy and procedures
Financial Statement
User’s Expectations
Financial statement user’s
expectations impacted by:
• Audit firm reputation
• Audit firm independence
• Reader’s knowledge of
auditing
• Economic conditions
The performance gap can be reduced by:
uditors performing their duties appropriately, complying with auditing standards, and
• A
meeting the minimum standards of performance that should be expected of all auditors.
• Inspections of audits to ensure that auditing standards have been correctly applied.
• Assurance providers reporting accurately the level of assurance being provided.
The audit expectation gap can be reduced by:
• A
uditing standards being reviewed and updated on a regular basis to enhance the work
being done by auditors.
• E
ducation of financial statement users as to the responsibilities of preparers and auditors
of financial statements.
As described in this chapter, financial statement users rely on audited financial statements to
make a variety of decisions. Financial statement users demand access to reliable information
to help ensure the stability of financial markets. The audit profession is dedicated to providing
reliable assurance services in the interest of protecting the public trust.
Cloud 9 Continuing Case
Ron believes that Chip Masters would know what an audit can
provide, and what it cannot, because Chip is an experienced vice
president of a large international company. He deals with auditors
on a regular basis.
Ron thanks Ernie for his time. Ernie has helped him to understand that preparing more detailed financial statements and
c01IntroductionAndOverviewOfAuditAndAssurance.indd 31
engaging an auditor to perform a financial statement audit would
not be as bad as he first thought. Ron now understands why Ernie
thinks audits are valuable, and not just another business expense.
If Chip Masters thinks that Ron’s financial statements are more
credible with an audit, then it is likely he will be prepared to pay a
higher price for Ron’s business.
8/23/21 1:55 PM
1-32
C h a pte r 1
Introduction and Overview of Audit and Assurance
Before You Go On
8.1 Define the audit expectation gap. Define the audit performance gap.
8.2 What has caused the audit expectation gap?
8.3 What can be done to reduce the audit expectation gap? What can be done to reduce the audit
performance gap?
Review and Practice
Learning Objectives Review
Differentiate among assurance, attestation, and auditing services.
1
An assurance engagement involves an assurance provider arriving at
an opinion about some information being provided by their client to
a third party. Attestation and auditing services are types of assurance
services. A financial statement audit involves an audit firm obtaining evidence to support an opinion about the fair presentation of the
financial statements, in all material respects, in accordance with an
applicable financial reporting framework.
2
Describe the different types of assurance services.
Assurance services include financial statement audits, audits of effectiveness over internal control of financial reporting, compliance
audits, operational/performance audits, and internal audits.
3
Identify the roles of different regulators and organizations that affect the audit profession.
5
Regulators and organizations that impact the audit profession include
the Securities and Exchange Commission (SEC), the Public Company
Accounting Oversight Board (PCAOB), the American Institute of
Certified Public Accountants (AICPA), the Financial Accounting
­
Standards Board (FASB), the Committee on Sponsoring Organizations
of the Treadway Commission (COSO), and the National Association
of State Boards of Accountancy (NASBA). Auditors must follow the
PCAOB’s Auditing Standards (AS) when auditing public companies
and follow the Auditing Standards Board’s Statements on Auditing
Standards (SAS) when auditing private companies.
Explain the concepts of reasonable assurance and
materiality, and the nature of an unqualified/unmodified
report on the audit of financial statements.
6
Explain the demand for audit and assurance services.
Financial statement users include investors (shareholders), suppliers,
customers, lenders, employees, governments, and the general public.
These groups of users demand audited financial statements due to
their remoteness from the entity, accounting complexity, competing
incentives between them and the entity’s managers, and their need
for reliable information on which to base decisions.
Discuss the different roles of the financial statement
preparer and the auditor.
4
It is the responsibility of the company’s management to prepare the
financial statements in accordance with the applicable financial reporting framework. Management is also responsible for the design,
implementation, and maintenance of internal control over financial
reporting and for providing the auditors with access to all documentation needed to complete the audit.
It is the responsibility of the auditor to form an opinion on the
fair presentation of the financial statements. In doing so, the auditor
must utilize professional skepticism and professional judgment in the
planning and performance of the audit and must adhere to the appropriate auditing standards.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 32
Auditors are only required to provide reasonable assurance about
whether the financial statements as a whole are free from material
misstatement, whether due to error or fraud. In a private company
audit, if auditors determine the financial statements are presented
fairly in accordance with the applicable financial reporting framework, then they issue the standard unmodified audit report. In a public company audit, if auditors determine the financial statements are
presented fairly in accordance with the applicable financial reporting
framework, then they issue the standard unqualified audit report.
7 Explain the concept of reasonable assurance and the
nature of an unqualified report on internal controls over
financial reporting.
An effective system of ICFR provides reasonable assurance the financial statements will be free of material misstatements. Only public
companies are required to have an audit of the effectiveness of ICFR.
In the audit of the effectiveness of ICFR, auditors provide reasonable
assurance regarding whether or not there is a material weakness in
ICFR for the period under audit. If auditors have determined the
company has maintained effective ICFR, then they issue the standard
unqualified audit report on ICFR.
8/23/21 1:55 PM
Audit Decision-Making Example
8
Discuss the audit expectation gap.
The difference between what assurance providers provide and
what financial statement users expect consists of two components:
(1) the expectation gap, which is the difference between a financial
1-33
statement user’s expectations and professional standards and regulations, and (2) a performance gap, which occurs when assurance
providers do not follow professional standards. The total gap occurs
when user beliefs do not align with what an auditor has actually
done.
Key Terms Review
Assurance services
Attestation services
Audit risk
Audit services
Compliance audit
Integrated audit
Internal audit
Materiality
Material weakness
Operational (performance) audit
Professional judgment
Professional skepticism
Reasonable assurance
Those charged with governance
Audit Decision-Making Example
Obtain Company Background Information and Data
You just started a job as an auditor at a regional accounting firm. The first two weeks consist of training
courses about conducting an audit. During training, you are given a scenario related to audit opinions
on the financial statements. The scenario states that a team of auditors has conducted an audit of a
manufacturing client for the year ended December 31, 2025. The team has discovered two financial
statement errors: (1) an overstatement of revenue and the related accounts receivable, and (2) an
understatement of expenses and the related payables.
Both errors resulted from a cutoff problem at year-end, meaning the client recorded transactions at
the end of 2025 that should have been recorded in 2026. Individually, the misstatements are immaterial.
However, the auditors believe the misstatements, when aggregated, would have a material impact on
both the financial statements and the users who would read the financial statements. The client has been
notified of these errors but does not agree that they are errors and will not make adjustments to correct
them. How should the auditors proceed? Use the audit decision-making framework from Illustration 1.2
to discuss how you would approach this situation.
? What Is the Audit Problem You Are Trying to Solve?
If the client is unwilling to correct the errors, the auditors must determine the impact on the financial
statements and the type of audit opinion that can be issued.
Gather Information and Evidence
The auditors should gather more information about the errors as follows.
• Determine the dollar amount of each error.
• Gather evidence about the possible reasons the errors occurred.
• Inquire of client management the reasons why the identified errors are not being corrected.
Perform the Analysis and Evaluate the Results
After gathering relevant information, the auditors have analyzed the information as follows.
• I ndividually, the amounts of the two errors are immaterial to the overall financial statements. However, when the two errors are combined, the total error amount is material to the financial statements as a whole. The overstatement of revenue combined with the understatement of expense
results in a material overstatement of the client’s net income.
• T
he auditors inquired of various client employees that record revenue and expense journal entries.
No one seemed to have an idea of how the error occurred, and most of the employees did not understand the importance of achieving proper cutoff at the end of the accounting period.
• T
he auditors discussed the errors with upper management and inquired as to why the errors would
not be corrected even though they are material. The company CFO also does not agree that the
transactions are material errors. She argues that net income has already been determined and reported to the board of directors, and she also disagrees that the total error is material to the overall
financial statements.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 33
8/23/21 1:55 PM
1-34
C h a pte r 1
Introduction and Overview of Audit and Assurance
!
Draw an Audit Conclusion
If the client refuses to make corrections that the auditors deem necessary for the financial statements to
be fairly presented, then the auditors must issue a modified audit opinion. Since the financial statements
contain a material departure from the applicable financial reporting framework, and the client refuses to
make corrections, the auditors must issue either a qualified opinion or an adverse opinion. If the errors
are considered pervasively material, the auditors should issue an adverse opinion so that users know not
to rely on the financial statements at all.
Going forward, the auditors would carefully consider if they want to continue to audit this client.
The fact that management refused to correct the errors reflects on management integrity. It also causes a
heightened risk that fraudulent activity could be occurring in the client’s accounting practices. The client
may be purposely trying to overstate net income to attract new investors or obtain additional financing.
If the client had corrected the errors, the auditors could have issued an unmodified audit report,
stating that the financial statements were fairly presented.
CPAexcel
CPAexcel questions and data analytics resources are available in Wiley Course Resources.
Multiple-Choice Questions
1. (LO 1) Which of the following is not a characteristic of an assurance service?
a. The engagement is conducted by an independent professional.
b. The service lends credibility to information.
c. The subject matter is limited to financial information.
d. The service is useful for decision makers.
2. (LO 2) An assurance service that determines whether the entity
has conformed with regulations, rules, or processes is a (an):
a. compliance audit.
b. financial statement audit.
c. internal audit.
d. operational audit.
3. (LO 2) Operational (performance) audits are useful because they:
c. cost.
d. reliability.
6. (LO 4) Management is responsible for which of the following?
reparing financial statements in accordance with the approa. P
priate auditing standards.
b. D
esigning, implementing, and maintaining internal control
relevant to the preparation of the financial statements.
sing professional skepticism in the preparation of the financ. U
cial statements.
d. Issuing an opinion on whether the financial statements are
presented fairly in accordance with the appropriate financial
reporting framework.
7. (LO 5) Which of the following organizations issues auditing standards for the audits of public companies?
a. include a comprehensive audit.
a. PCAOB.
b. a re concerned with the economy, efficiency, and effectiveness
of an organization’s activities.
c. ASB.
c. involve gathering evidence to determine whether the entity
under review has followed the rules, policies, procedures,
laws, or regulations with which they must conform.
d. ensure companies pay appropriate taxes.
4. (LO 2) The function of internal audit is determined by:
a. the external auditor.
b. the IIA.
c. those charged with governance and management.
d. the government.
5. (LO 3) All of the following are reasons why users would demand
an audit of financial statements except:
a. complexity.
b. remoteness.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 34
b. SEC.
d. COSO.
8. (LO 5) The role of COSO is to:
a. establish financial accounting and reporting standards.
b. establish auditing standards for private companies.
c. prepare and grade the CPA exam.
d. p
rovide guidance in the area of internal control and risk management.
9. (LO 6) Auditors can only provide reasonable assurance that the
financial statements are presented fairly because:
a. sampling techniques are used to gather evidence.
b. some items in the financial statements are subjective.
c. an audit must be completed in a reasonable amount of time.
d. All of the answer choices are correct.
8/23/21 1:55 PM
Analysis Problems
10. (LO 6) What is the appropriate date for an audit report?
a. The date the auditors were hired.
b. The date of the balance sheet.
c. The conclusion of the gathering of evidence for the audit.
d. The date required by regulators.
11. (LO 7) Auditors of publicly traded companies are required to perform a(an) ________ for their clients.
a. compliance audit
b. integrated audit
1-35
12. (LO 8) The audit expectation gap occurs when:
a. a uditors perform their duties appropriately and satisfy users’
demands.
b. u
ser beliefs do not align with what professional standards and
regulations expect of auditors.
c. inspections of audits ensure that auditing standards have
been applied correctly and the standards are at the level that
satisfy users’ demands.
d. the public is well educated about auditing.
c. internal audit
d. operational audit
Review Questions
R1.1 (LO 1) What does assurance mean in the financial reporting context? Who are the three parties relevant to an assurance
­engagement?
R1.2 (LO 1) An assurance engagement involves evaluation or measurement of subject matter against criteria. What criteria are used in
a financial statement audit?
R1.3 (LO 2) Discuss some limitations of a financial statement audit.
R1.4 (LO 2) Who would request an operational (performance) audit?
Why?
R1.5 (LO 3) Why would investors in a company demand an audit of
financial statements?
R1.6 (LO 4) Compare and contrast the responsibilities of preparers
and auditors regarding a financial statement audit.
R1.7 (LO 5) Describe the relationship between the SEC and the
PCAOB.
R1.8 (LO 5) Compare and contrast the functions of a state board of
accountancy and of NASBA.
R1.9 (LO 5) Briefly describe the principles underlying an audit conducted in accordance with GAAS that are issued by the ASB.
R1.10 (LO 6) Discuss the similarities and differences in the auditor’s reports for a public company client and a private company client.
R1.11 (LO 7) List and briefly describe the components of the auditor’s report on internal controls over financial reporting for a public
company.
R1.12 (LO 8) Debate the audit expectation gap. Why do you think
professional auditing standard do not give users what they want? Why
do you think auditors sometimes do not meet professional standards?
Analysis Problems
AP1.1 (LO 1, 2) Basic Research Types of assurance engagements A friend knows that you are
studying auditing and asks you what the difference is between internal and external auditing.
Required
Using what you learned in this chapter and from information from the AICPA website (www.aicpa.org)
and the IIA website (www.theiia.org), compare and contrast the duties and characteristics of internal and
external auditors.
AP1.2 (LO 3) Challenging Demand for assurance In 2002, the audit firm Arthur Andersen collapsed following charges brought against it in the United States relating to the failure of its client, Enron.
Some other clients announced they would be dismissing Arthur Andersen as their auditor even before it
was clear that Arthur Andersen would not survive.
Required
Using the discussion in this chapter on the demand for audits, explain some reasons why these clients
took this action.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 35
8/23/21 1:55 PM
1-36
C h a pte r 1
Introduction and Overview of Audit and Assurance
AP1.3 (LO 3, 4) Moderate Big 4 versus non-Big 4 assurance providers Most audit firms maintain a website that explains the services offered by the firm and provides resources to their clients and
other interested parties. The services offered by most firms include both audit and non-audit services.
Required
Find the websites for a Big 4 audit firm and a mid-tier audit firm. Compare them on the following:
a. The range of services provided.
b. Geographic coverage (i.e., where their offices are located).
c. Staff numbers and special skills offered.
d. Industries in which they claim specialization.
e. Publications and other materials provided to their clients or the general public.
f. Marketing message.
AP1.4 (LO 3, 4) Challenging Big 4 versus non-Big 4 assurance providers
Economic changes
can affect how clients select their assurance providers.
Required
a. In times of economic recession, would you expect the demand for audits to increase or decrease?
b.Would you expect clients to shift either from large (Big 4) auditors to mid-tier auditors or from
mid-tier auditors to Big 4 auditors in times of economic recession? Why or why not?
AP1.5 (LO 5) Basic Research Requirements to become a CPA Each state has the power to
determine the education and experience requirements to be a licensed CPA in that state. The power is
delegated to the state board of accountancy in each state.
Required
Visit the state board of accountancy website for the state in which you are attending college. What are
the education and experience requirements? If you intend to begin your career in another state, also research the education and experience requirements for that state. What are the similarities and differences
between the two states?
AP1.6 (LO 5) Basic Research Accounting firm registration Since the creation of the PCAOB
in 2003, accounting firms that wish to audit public companies must be registered with the PCAOB. Visit
the PCAOB’s website (www.pcaobus.org) and browse the information.
Required
Explain what is required for an accounting firm to be registered with the PCAOB.
AP1.7 (LO 5) Basic Organizations that impact the audit profession The following organizations impact the audit profession.
1. AICPA
5. IIA
9. SEC
2. ASB
6. IAASB
10. State Board of Accountancy
3. COSO
7. NASBA
4. FASB
8. PCAOB
Required
Match the organization with the proper description. Each organization can be used once, more than
once, or not at all.
a. Membership organization that acts as an advocate for the accounting profession.
b. Maintains the Accounting Standards Codification.
c. Issues International Standards on Auditing.
d. Has the power to enforce the Sarbanes-Oxley Act of 2002.
e. Issues Auditing Standards and oversees the auditors of issuers.
f. Provides guidance and standards for internal auditing.
g. A federal agency tasked with enforcing and interpreting securities laws.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 36
8/23/21 1:55 PM
Analysis Problems
1-37
h. Serves as the application center for individuals applying to take the CPA exam.
i. Prepares and grades the CPA exam.
j. Issues Statements on Auditing Standards for the audits of non-issuers.
AP1.8 (LO 6, 7) Basic Audit reports The two standard-setting bodies are the PCAOB for the audits
of public companies and the ASB for the audits of private companies. Each organization has a standard
format for the auditor’s report on the financial statements. There are similarities and differences in the
two standard formats.
Required
For each item listed below, indicate if the item or phrase appears in the unmodified audit report of
the ASB, the unqualified audit report of the PCAOB, or both. Use the following letters to indicate your
answer.
a. Unmodified audit report—ASB
b. Unqualified audit report—PCAOB
c. Audit reports of both bodies—ASB and PCAOB
1. Contains the word “independent” in the title.
2. We have also audited the company’s internal control over financial reporting.
3. In our opinion, the financial statements present fairly, in all material respects, the financial position
of the company.
4. We are required to be independent with respect to the company in accordance with the U.S. federal
securities laws.
5. Management is responsible for the design, implementation, and maintenance of internal control
relevant to the preparation and fair presentation of the financial statements.
6. Contains a section on critical audit matters.
7. Dated as of the end of fieldwork.
8. Contains a statement about auditor tenure.
9. Obtain an understanding of internal control relevant to the audit in order to design audit procedures
that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of internal control.
10. Obtain reasonable assurance about whether the financial statements are free from material
misstatement.
AP1.9 (LO 6, 7) Basic Audit reports Auditor’s reports for Amazon.com are provided in Illustrations 1.8 and 1.10 in this chapter. Select another public company of your choice and visit the investor
relations website to ­access the most recent annual report and 10-K. Find the auditor’s reports on the
financial statements and the effectiveness of ICFR.
Required
a. Compare the audit reports of Amazon.com and the public company you selected. What type of opinion did the company receive on its financial statements and on the effectiveness of ICFR?
b. What are the advantages of having a standard report format for all clients?
AP1.10 (LO 4, 6, 8) Moderate Being an auditor You have recently graduated from your university
and started work with an accounting firm. You meet an old school friend, Kim, for dinner—you haven’t
seen each other for several years. Kim is surprised that you are now working as an auditor because your
childhood dream was to be a ballet dancer. Unfortunately, your knees were damaged in a fall, and you
can no longer dance. The conversation turns to your work, and Kim wants to know how you do your job.
Kim cannot understand why an audit is not a guarantee the company will succeed. Kim also thinks that
company managers will lie to you to protect themselves. As an auditor, you would have to assume that
you cannot believe anything a company manager says to you.
Required
Compose a letter to Kim explaining the concept of reasonable assurance, and how reasonable assurance is determined. Explain why an auditor cannot offer absolute assurance. Describe the concept of
c01IntroductionAndOverviewOfAuditAndAssurance.indd 37
8/23/21 1:55 PM
1-38
C h a pte r 1
Introduction and Overview of Audit and Assurance
professional skepticism and how it is not the same as assuming that managers are always trying to deceive
auditors. Explain to Kim why her perceptions are a perfect example of the expectations gap.
AP1.11 (LO 2, 4, 6, 7, 8) Challenging Limitations of an audit You are an intern at a Big 4 accounting firm and have just finished your internship training. You feel a little overwhelmed with all of
the information from the training session, and you are wondering if you are qualified to perform work
that is of high-enough quality to meet the firm’s and the profession’s standards. What if you miss something or forget to do something? What if it takes you too long to complete your tasks? What if you spend
time on something that is trivial and miss something that is important? You decide to review your notes
from the training session and from your undergraduate audit course.
Required
a. Discuss the limitations of an audit.
Refer to the audit reports in Illustrations 1.7, 1.8, and 1.10. What are some key terms and phrases
b. included in the reports that address these limitations?
Cloud 9 Continuing Case
Ron Stotez established his business, Stotez Shoes, in 1985. Since
then, he has run his business as a sole proprietor. Ron keeps records, and his wife helps him prepare basic accounting records. As
Stotez Shoes has no outside owners, Ron has never seen the need
to have his accounts audited.
When Chip Masters from Cloud 9 Inc. expressed an interest
in buying Stotez Shoes in 2023, Ron was asked to provide audited
financial statements. Ron discussed his concerns about having an
audit with his friend Ernie Black. Ernie is concerned that Ron may
forget their conversations and has asked you to prepare a summary
of the issues listed below for Ron.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 38
Required
a. What are the main differences between a financial statement
audit, a compliance audit, and an operational audit?
b. What is the difference between reasonable assurance and
absolute assurance?
c. Why would Chip ask that Ron have the financial statements
for Stotez Shoes audited rather than reviewed?
d. What factors should Ron consider when selecting an accounting firm to complete the Stotez Shoes audit?
8/23/21 1:55 PM
Get Complete eBook Download Link below
for instant download
https://browsegrades.net/documents/2
86751/ebook-payment-link-for-instantdownload-after-payment