Wiley Loose-Leaf Print Edition AUDITING A P R AC T I C A L A P P R O AC H W I T H D ATA A N A LY T I C S 2ND EDITION Cover Design: Wiley Cover Image: © Lidiia Moor / Getty Images www.wiley.com JOHNSON | WILEY MOR ONEY | CAMPBELL | HAMILTON Get Complete eBook Download Link below for instant download https://browsegrades.net/documents/2 86751/ebook-payment-link-for-instantdownload-after-payment Auditing A Practical Approach with Data Analytics Second Edition RAYMOND N. JOHNSON PhD, CPA Portland State University Portland, Oregon LAURA D. WILEY Ph D, CPA Louisiana State University Baton Rouge, Louisiana Adapted from Robyn Moroney, Fiona Campbell, and Jane Hamilton, Auditing: A Practical Approach (Wiley) Johnson_FM.indd 1 8/24/21 9:41 AM DEDICATION This book would not be what it is today without the unconditional support and thoughtful input and suggestions from our spouses, Marilyn Johnson and Joe Wiley. VICE PRESIDENT, EDITORIAL PRODUCT MANAGEMENT Michael McDonald ASSOCIATE EDITORIAL DIRECTOR Zoe Craig ACQUISITIONS EDITOR Veronica Schram SENIOR MANAGER, COURSE DEVELOPMENT AND PRODUCTION Ed Brislin MARKETING MANAGER Christina Koop EDITORIAL SUPERVISOR Terry Ann Tatro EDITORIAL ASSISTANT Natalie Munoz Nicole Repasky SENIOR COURSE PRODUCTION OPERATIONS SPECIALIST SENIOR DESIGNER Wendy Lai COVER IMAGE© Lidiia Moor/Getty Images This book was set in Source Sans Pro-Regular 9.5/12.5 by Lumina Datamatics. Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifications and procurement, ethical conduct ­within our business and among our vendors, and community and charitable support. For more information, please visit our website: www.wiley.com/go/citizenship. Copyright © 2022 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions. ISBN-13: 978-1-119-78608-5 The inside back cover will contain printing identification and country of origin if omitted from this page. In addition, if the ISBN on the back cover differs from the ISBN on this page, the one on the back cover is correct. Printed in the United States of America. 10 Johnson_FM.indd 2 9 8 7 6 5 4 3 2 1 8/24/21 9:41 AM Brief Contents 1Introduction and Overview of Audit and Assurance 1-1 2 Professionalism and Professional Responsibilities 2-1 3Risk Assessment Part I: Audit Risk and Audit Strategy 3-1 4 Risk Assessment Part II: Understanding the Client 4-1 5Audit Evidence 5-1 6Gaining an Understanding of the Client’s System of Internal Control 6-1 7 Risk Response: Performing Tests of Controls 7-1 8 Audit Data Analytics 8-1 9Risk Response: Performing Substantive Procedures 9-1 10Risk Response: Audit Sampling for Substantive Procedures 10-1 11Auditing the Revenue Process 11-1 12Auditing the Purchasing and Payroll Processes 12-1 13Auditing Cash, Inventory, and Related Income Statement Accounts 13-1 14 Auditing Investing and Financing Activities 14-1 15Completing the Audit 15-1 16Reporting on the Audit 16-1 APPE ND IX A Cloud 9 Inc. Audit A-1 AU D I T IN G A N D A SS URA N C E STA N DA RDS AS-1 GLOSS A RY G-1 I N D E X I- 1 iii Johnson_FM.indd 3 8/24/21 9:41 AM From the Authors Being an auditor is being a trusted professional. Auditing is about developing an inquisitive mind and mastering decision-making. It is also about adapting to change and pivoting when unexpected situations occur. With companies evolving more rapidly than ever, auditors must think critically, act ethically, communicate clearly, and embrace new technologies. To help you develop these skills, we have taken a very practical approach in this second edition: Auditing is about developing an inquisitive mind and mastering decision-making. With companies evolving more rapidly than ever, auditors must think critically, act ethically, communicate clearly, and embrace new technologies. To help you develop these skills, we have taken a very practical approach in this text. ritten the text in a conversational style and incorporated more • W headings and bulleted/numbered lists to streamline the content. • Created a five-step audit decision-making framework to assist you with developing your critical thinking skills. • Added information about biases in decision-making. • Included new infographics to increase your understanding of key topics. pdated content for recent changes in auditing standards and new • U CPA exam content to provide you with the most up-to-date content. In the area of technology, auditors and their clients are incorporating more technology than ever before. You should not be concerned about mastering any specific technology or software at this time, but you should be knowledgeable about how auditors are incorporating various technologies, and you should be technologically nimble and willing to experiment with using technology to analyze client data. To help you do this, we have: • I ncluded a separate chapter on audit data analytics (ADA) and integrated the use of ADA into many chapters. • O ffered IDEA-based cases, Tableau exercises, and Excel exercises in Wiley Course Resources. dded discussions about clients’ digital mindset, automated tools for performing audit • A procedures, artificial intelligence and machine learning, and cybersecurity. The accounting and auditing skills you build in this course will serve you for the rest of your life as you develop independence of thought and action. If you keep asking questions, continue to explore the application of new technologies, and stay true to the importance of integrity and independent thought and actions that will earn the public trust, you should have a rich and rewarding career. We are excited and honored to lead you on this “auditing” journey. We hope you dive into the material and explore the resources provided in this text and Wiley Course Resources. Above all else, we wish you great success in your auditing course and your career! Raymond N. Johnson, PhD, CPA Laura D. Wiley, PhD, CPA iv Johnson_FM.indd 4 8/24/21 9:41 AM ©The National Association of State Boards of Accountancy ©Aaron Hogan, Eye Wander Photo ©The National Association of State Boards of Accountancy About the Authors ©Aaron Hogan, Eye Wander Photo Raymond N. Johnson Laura D. Wiley Raymond N. Johnson, PhD, CPA, has taught auditing concepts and practices, financial statement analysis, and a case course focused on developing students’ critical-thinking skills at Portland State University for 35 years. He was the first recipient of Harry C. Visse Excellence in Teaching Fellowship and is currently a professor emeritus from Portland State University. He has also taught auditing and accounting at Bond University, The University of Queensland, the Australian National University, and Southampton University. Dr. Johnson is a past Chair of the International Accounting Education Standards Board’s Consultative Advisory Group. Previously, he served on the NASBA board of directors for seven years, and he previously chaired NASBA’s Education Committee and the NASBA Ethics Committee. He also served on an AACSB Task Force that was responsible for the most recent update to AACSB Accounting Accreditation rules. Dr. Johnson served a three-year term on the AICPA Professional Ethics Executive Committee, which sets ethical standards for CPAs in the United States. He is a former member of NASBA’s Standard Setting Advisory Committee and served for seven years on the NASBA/AICPA International Qualifications Appraisal Board. Previously, Dr. Johnson served on the Oregon Board of Accountancy for seven years and was Chair of the Board for two years. Dr. Johnson is a past president of the Oregon Society of CPAs. He has previously served as staff to the U.S. Auditing Standards Board, has written numerous academic and professional articles, and has made numerous presentations at professional meetings. Laura Wiley, PhD, CPA, is the Assistant Department Chair and senior instructor in the Department of Accounting at the E. J. Ourso College of Business, Louisiana State University (LSU). She came to LSU in 1996 and teaches financial accounting and auditing courses. She also leads a study-abroad excursion in the Master of Accountancy program, taking students on educational business trips to Central and South American countries. Dr. Wiley is active in the Society of Louisiana CPAs (LCPA) and has served as the chair of the Accounting Education Issues committee since 2014. She received the LSU Tiger Athletic Foundation Outstanding Instructor Award in 2019 and the LCPA’s Distinguished Achievement in Education award in 2015. Dr. Wiley has consulted with large and small companies on accounting-related matters and conducted onsite training sessions for company employees. Over her career, she has also been a presenter at numerous CPE events and published in the Journal of Accounting Education. Prior to coming to LSU, she was an auditor with PricewaterhouseCoopers in Atlanta, Georgia. She earned her bachelor’s degree in accounting from The University of Alabama, her master’s degree in accounting from LSU, and her doctorate in human resource education and workforce development from LSU. Her research interests are accounting education and financial literacy. She is an active licensed CPA in the state of Louisiana. v Johnson_FM.indd 5 8/24/21 9:41 AM New to This Edition: Chapter-by-Chapter Changes Chapter 1: Introduction and Overview of Audit and Assurance • ADDED the 2020 ASB Audit Report Updates. • NEW discussion of review of interim financial statements. • NEW section on the critical-thinking and data analytics skills required by auditors. • NEW illustration on the audit decision-making framework. • NEW Audit Decision-Making Example at the end of the text discussion. Chapter 2: Professionalism and Professional Responsibilities • NEW section on applying the conceptual framework through use of an example. • UPDATED Illustration 2.10 to reflect the most recent depiction of auditor liability under common law. • UPDATED discussion of Ultramares Corp. v. Touche case reflecting the latest appeal. Chapter 3: Risk Assessment Part I: Audit Risk and Audit Strategy • UPDATED Illustration 3.1 and following discussion for clear connection and focus on the factors that influence client acceptance and retention. • UPDATED Illustration 3.4 to include “Developing an Audit Strategy” as part of the risk assessment phase. • UPDATED definition and discussion of materiality from SAS 138, including qualitative and quantitative factors. • NEW discussion of unconscious and conscious biases that impact professional skepticism. • IMPROVED discussion of audit risk with more logical flow of audit risk components. • NEW illustration on inherent and control risk components. • NEW discussion on role of data analytics in audit risk and audit strategy. • ENHANCED discussion of fraud risk. Chapter 4: Risk Assessment Part II: Understanding the Client • NEW illustrations: (1) comparing entity risks of a fastfood restaurant versus a high-end restaurant and (2) how KPIs vary by industry. • UPDATED tables on financial ratios to include not only the formulas but also a description of what they assess and how they are interpreted. • REDUCED text discussions where they repeated illustration or table information. • UPDATED discussions on (1) procedures performed to gain an understanding of the client, (2) tools for performing analytical procedures, (3) related parties, and (4) inherent risk considerations for IT, as well as a client’s digital mindset. Chapter 5: Audit Evidence • UPDATED discussion of management assertions from SAS 134. • NEW illustrations on (1) the four forms of information that auditors can use as audit evidence, (2) attributes that auditors should consider when evaluating audit evidence, and (3) using ADA and automated tools to perform audit procedures. • UPDATED discussion and examples of sufficient appropriate audit evidence from SAS 142. • UPDATED discussion of ADA and automated tools for performing audit procedures. Chapter 6: Gaining an Understanding of the Client’s System of Internal Control • NEW illustrations on (1) common inherent limitations of internal control, (2) steps involved in assessing control risk, and (3) major benefits and risks of IT systems. • REDUCED text discussions that repeated information presented in tables. • DELETED cash receipts example of transaction flows, as sales process example is comprehensive. • NEW Professional Environment feature on cybersecurity. • NEW discussion on the use of a service organization by an audit client (SOC 1 Reports). • MOVED section on management letters to Chapter 7. Chapter 7: Risk Response: Performing Tests of Controls (previously Chapter 8) • MOVED discussion of steps in assessing control risk into Chapter 6. • NEW discussion, illustrations, and EOC on evaluating an SOC 1, Type 2 report. • ADDED section on management letters from Chapter 6. vi Johnson_FM.indd 6 8/24/21 9:41 AM NEW TO THIS EDITION: CHAPTER-BY-CHAPTER CHANGES vii • NEW Professional Environment feature on AICPA evidence from peer reviews on control testing. • HIGHLIGHTED AND EXPANDED example of New Millennium Ecoproducts throughout. Chapter 8: Audit Data Analytics (previously Chapter 7) • NEW learning objective (and related EOC material) on how artificial intelligence and machine learning may be used in an audit. • NEW emphasis on how ADA fits into the five-step audit decision-making framework with specific focus on use of ADA as a risk assessment tool and as a substantive procedure. Chapter 12: Auditing the Purchasing and Payroll Processes • NEW illustrations detailing the auditing steps for both the purchasing and payroll processes. • COMBINED some learning objectives for improved presentation of topics. Chapter 13: Auditing Cash, Inventory, and Related Income Statement Accounts (previously first half of Chapter 13) • NEW discussions of understanding internal controls, developing a preliminary audit strategy, and drawing a final conclusion. • NEW focus on how gathering data for ADA application involves two key steps: (1) accessing and preparing the data for ADA and (2) considering the relevance and reliability of the data used. • REVISED discussion of bank transfers for improved understanding. • NEW Professional Environment feature detailing a recent report on the use of technology in UK audit firms. • NEW discussion on the three-step process of valuing inventory. Chapter 9: Risk Response: Performing Substantive Procedures • NEW illustrations highlighting (1) dual-purpose tests, (2) using a substantive analytical procedure in the context of the audit decision-making framework, (3) an example of estimation uncertainty, (4) inherent risk factors, and (5) an illustrative timeline of an event related to an estimate occurring before the date of the audit report. • UPDATED discussion on auditing accounting estimates from SAS 143, including a running case example to illustrate application. Chapter 10: Risk Response: Audit Sampling for Substantive Procedures • COMBINED discussions within Learning Objectives 1 with 2, and 4 with 5, for a more streamlined, focused approach. • ADDED audit risk model depictions to illustrate example scenarios for improved understanding. • NEW summary discussion of PPS sampling. Chapter 11: Auditing the Revenue Process • NEW section and assessment material on evaluating control activities in a paperless revenue system. • NEW Professional Environment feature on bank confirmations. • NEW discussion of the use of ADA to count inventories. Chapter 14: Auditing Investing and Financing Activities (previously second half of Chapter 13) • NEW discussions of how audit planning decisions affect the assessment of inherent risk, understanding internal controls, developing a preliminary audit strategy, and drawing a final conclusion. • NEW section on auditing debt transactions. • NEW Auditing Decision-Making Example on investing and financing activities. Chapter 15: Completing the Audit (previously Chapter 14) • ENHANCED discussions and explanations throughout. • REVISED Professional Environment feature on forensic accounting. Chapter 16: Reporting on the Audit (previously Chapter 15) • UPDATED throughout to reflect 2020 ASB auditing standards. • NEW audit reports from Amazon.com and Photronics, Inc. • NEW discussion of preparation engagements. • NEW discussions of the preliminary audit strategy as well as drawing a final conclusion for revenues. • NEW illustration on (1) the five-step process for auditing revenues, (2) the lapping scheme, and (3) the ADA decision tree for auditing allowance for doubtful accounts. Johnson_FM.indd 7 8/24/21 9:41 AM Hallmark Features Auditing provides a unique pedagogical framework that helps students master the content and prepare them for a successful career in accounting. CHAPTER 8 The Big Picture Each chapter begins with a flowchart detailing exactly what section of the audit process students are about to learn. The chart helps students see the big picture of the audit process. Audit Data Analytics Special thanks to Dr. Adrian Gepp of Bond University, Queensland, Australia, for his invaluable assistance in co-authoring this chapter. The Audit Process Overview of Audit and Assurance (Chapter 1) Professionalism and Professional Responsibilities (Chapter 2) Client Acceptance/Continuance and Risk Assessment (Chapters 3 and 4) Gaining an Understanding of the Client Identifying Significant Accounts and Transactions Setting Planning Materiality Gaining an Understanding of the System of Internal Control (Chapter 6) Making Preliminary Risk Assessments Performing Tests of Controls (Chapter 7) Performing Substantive Procedures (Chapter 9) Audit Sampling for Substantive Procedures (Chapter 10) Auditing the Revenue Process (Chapter 11) Auditing the Purchasing and Payroll Processes (Chapter 12) Audit Data Analytics (Chapter 8) Audit Evidence (Chapter 5) Developing Responses to Risk and an Audit Strategy Auditing Investing and Financing Activities (Chapter 14) Auditing Cash and Inventory (Chapter 13) c03RiskAssessmentPartI.indd Page 3-2 24/01/19 9:35 PM F-0590 Learning Objectives Completing and Reporting on the Audit (Chapters 15 and 16) Procedures Performed Near the End of the Audit c05AuditEvidence.indd Page 2 04/03/19 8:37 PM F-0590 5-2 Chapt e r 5 Drawing Audit Conclusions 3-2 CH A PT E R 3 /208/WB02435/9781119401810/ch05/text_s Reporting Risk Assessment Part I LearningLearning Objectives Objectives have been carefully crafted to reflect the Bloom’s Taxonomy framework, LO 5 Explain how auditors determine their audit strategy and how audit strategy affects audit decisions. well asofreinforce the practical auditing skills LO 6 Explain the fraud risk assessment process and LO 2 Identifyas the diff erent phases an audit. analyze fraud risk. LO 3 Explain and apply the concept of materiality. that students will develop. LO 1 Evaluate client acceptance and continuance decisions. audit evidence Learning Objectives 8-1 LO 1 Define management assertions about classes of LO 4 evaluate when it is appropriate for auditors to use transactions, account balances, and presentation and the work of others. 5-6 C h a pt er 5 audit evidence disclosure. LO 5 Document the details of evidence gathered in LO 2 Discuss the characteristics of audit evidence. c08AuditDataAnalytics.indd 1 LO 3 apply the procedures for gathering audit evidence, including the use of audit data analytics. Auditing and Assurance Standards PCAOB working papers. LO 4 Explain professional skepticism and apply the audit risk model. Auditing and Assurance Standards assets and liabilities may exist but not be owned by the entity. For example, inventory held on 7/23/21 8:18 AM consignment in the client’s warehouse exists, but it is not owned by the client. This inventory should not be listed as an asset because it does not meet the rights and obligations assertion P C AO B since it is not owned by the client. 1015items Due Professional Care in the Performance of Work When considering (9) completeness, auditors search for assets, liabilities, andAS equity to ensure they have been recorded. This assertion is particularly important when auditors AS 1101 Audit Risk believe there is a risk of understatement and the client has omitted some items from the balAS to 1301 Communications with Audit Committees ance sheet. For example, a client may fail to record various accrued liabilities due an error or an attempt to improve reported financial ratios for the period. In addition, auditors gather AS 2101 Audit Planning evidence that all related disclosures are included in the notes to the financial statements. Au d i t i n g StA n dA r dSWhen BOAconsidering rd 2105 that Consideration of Materiality in Planning and (10) accuracy, valuation and allocation, auditors search forAS evidence assets, liabilities, and equity items have been recorded at appropriate amounts and subsequent Performing an Audit Au-C 230 audit Documentation allocation or valuation adjustments are appropriately recorded. Allocation refers to the allocaAu-C 315 Understanding the entity and Its environment AS 2110 Identifying and Assessing Risk of Material tion of historical cost over a period of time, such as depreciation of buildings and equipment. and assessing the risks of Material Misstatement Misstatement Valuation refers to subsequent measurements that determine fair value or net realizable value. Au-C 500 audit evidence This assertion is particularly important when auditors believe there is a risk of overor underAS 2301 The Auditor’s Responses to the Risks of valuation. Here are some examples: Material Misstatement Au-C 505 external Confirmations Auditing and Assurance Standards AS 1105 audit evidence AS 1205 part of the audit performed by Other Independent auditors AS 1210 Using the Work of a Specialist Relevant AICPA and PCAOB Auditing and • An auditor verifies that inventory has been appropriately recorded at the lower of cost or Au-C 600 Special Considerations—audits of Group AS 2401 Consideration of Fraud in a Financial net realizable (risk of overstatement). Financial Statements (Including the Workvalue of Component Statement Audit Assurance Standards are listed at the beauditors) • An auditor tests for the adequacy of the allowance for doubtful accounts (risk of underAS 2610 Initial Audits—Communication Between statement or overstatement depending on the client’s motivation). AS 2310 the Confirmation process 610 Using the Work of Internal auditors Predecessor and Successor Auditors ginning of each Au-C chapter and highlighted • An auditor verifies that equipment used in operations has been appropriately marked AS 2605 Consideration of the Internal audit Function Au-C 620 Using the Work of an auditor’s Specialist down if it is impaired (risk of overstatement). throughout the discussion. For (11) classification, auditors gather evidence that assets, liabilities, and equity interests AS 1215 audit Documentation AS 2110 Identifying and assessing risks of Material Misstatement 3-44 /208/WB02435/9781119401810/ch03/text_s C hApte R 3 AUDIT ING STA NDARD S B OARD AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards AU-C 210 Terms of Engagement AU-C 240 Consideration of Fraud in a Financial Statement Audit AU-C 300 Planning an Audit AU-C 315 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement AU-C 320 Materiality in Planning and Performing an Audit AU-C 330 Performing Audit Procedures in Response to Assessed Risks and Evaluating Audit Evidence Obtained QC10 A Firm’s System of Quality Control Risk Assessment part I: Audit Risk and Audit Strategy are recorded in the proper accounts. For example, a parking lot added to land should be clasCloud 9 - Continuing Case sified in a separate account from land. A parking lot is considered a land improvement and is subject to depreciation. Including the parking lot with the land account is improper classificaSharon and Josh have already discussed some specific client acceptance issues, such as independence threats and safeguards. Sharon tion because land is not depreciated. explains they When considering (12) presentation, auditors gather evidence that assets, liabilities, andalso must consider the overall integrity of the client the accounts receivable and inventory themselves. At the next planning meeting for Partners the Cloud has 9 audit, (that is, management of Cloud 9). This means they need to perform Partners uses the Second, following percentages as starting in the financial statements. W&S justSuzie wonPickering the Januaryhandle 31, 2026, audit for equityW&S interests are appropriately aggregated or disaggregated For Sharon they for willthe gather evidence regarding a presents the results of theCloud analytical procedures performed and document procedures that are likely to provide information points various benchmarks: 9. The audit team assignedso to far this client is: is worried about how example, liabilities are separated into current and long-term portions on the balance sheet. In subsidiary of Cloud 9 located in Vietnam. W&S Partners does not and a working draft of the audit program. The audit manager, about the client’s integrity. Josh is a little skeptical. “Do you mean Benchmark Threshold (%)should be relevant and understandable. In the related disclosures foreffeclong-term debt have an office in Vietnam,addition, so they must determine the most Sharon Gallagher, and the audit senior, Josh Thomas, are also inthat we should ask them if they are honest?” Sharon suggests it is • Partner, Jo Wadley Incomedescribes before tax its long-term 5.0 debt and includes relevant details such as interest notes, a company tive and efficient way to gather evidence regarding the subsidiary. volved in the planning, with special responsibility for the internal probably more useful to ask others, and the key people to ask are Total revenue and maturity 0.5 • Audit manager, Sharon Gallagher rates,the payment schedule, dates. In the planning meeting, team considers the following control assessment. the existing auditors. Josh is still skeptical. “The existing auditors Continuing Case Cloud 9 - Continuing Case Cloud 9 Continuing Case and is part of professional ethics. Sharon also gives Josh the task of researching Cloud 9’s press coverage, with special focus on anything that may indicate poor management integrity. Sharon emphasizes they must perform and document procedures to determine whether W&S Partners is competent to perform the engagement and has the capabilities, time, and resources to do so. For example, they must make sure they have audit team members who understand the clothing and footwear business. They also must have enough staff to complete the audit on time. In addition, Sharon and Josh must perform and document procedures to show that W&S Partners can comply with all parts of the code of professional conduct, not just those that focus on independence threats and safeguards. Finally, they can draft the engagement letter to cover the contractual relationship between W&S Partners and Cloud 9. A Cloud 9 Continuing Case exercise applies concepts introduced in each chapter, concludes each chapter, and is available as an assessment question. Gross profit 2.0 questions: The meeting’s agenda is •to Audit discusssenior, the available sources of evJosh Thomas are Ellis & Associates. Are they going to help us take one of their Total assets 0.5 idence at Cloud 9 and specify•these in the detailedMark audit Batten program. clients from them?” Sharon says the client must give permission IT audit manager, • What evidence is available? Equity 1.0 The team members also must ensure they have enough evidence first, and, if that is given, the existing auditor will usually state • Experienced staff,members Suzie Pickering • What criteria will theThese team use to choose starting pointsamong can bealternative increased or decreased by taking into to conduct the audit. Two specific issues worry of the whether or not there were any issues that the new auditor should sources of evidence? account qualitative client factors, which could be: • First-year staff, Ian Harper team. First, there are three very large asset balances on Cloud 9’s be aware of before accepting the work. This type of communicaCloud 9 Continuing Case of using the work of specialists • What are the implications trial balance that have particular valuation issues. Josh suggests tion is covered by AS 2610 (AU-C 210 for private company clients) • The nature of the client’s business and industry (for example, and other auditors? that a specialist will be required forofthe but they can As a part thederivatives, risk assessment phase for the new audit, the audit Ian and Suzie have already talked in general abouteither the through • No accounts receivables or were omitted when calculating the rapidlyterms changing, growth or downsizing, team needs to gain an understanding of Cloud 9’s structure and its errors that could occur in Cloud 9’s accounts For examtotal—completeness. an receivable. unstable environment). business environment, determineple, materiality, and assess the risk and other clerical errors could basic mathematical mistakes • Whether the client is a public•company subsidiary of) in the total do exist at year-end— Accounts(or receivables included of material misstatement. This will assist team in developing affect thethe customer’s total in either direction. Suzie emphasizes subject to regulations. existence. an audit strategy and designing the and timingasserts of thatnature, Cloudextent, 9’s management this error did not exist when • The knowledge of or high risk of audit procedures. • fraud. Accounts receivables belong to Cloud 9 and have not been they prepared the financial statements—i.e., they assert that One task during the planning phase is to consider consold or factored—rights and obligations. Typically, income before tax is used; however, it cannot be used accounts receivable are the valued correctly. cept of materiality as it3 applies to the client. Auditors will and dereporting a loss for the year profitability is not Auditors must evidence about each assertion for or iffocused In Chapters and 4, we considered auditgather risk riskif assessment. Those chapters • Bad debts haveconsistent. been provided for—accuracy, valuation and sign procedures identify and correct errors or class, irregularities calculating PM basedofonrisk interim and note in the financial stateon the to importance of each risk transaction identification to account, help ensure theWhen auditor’s desired level is figures, it may be necallocation. that would have a material effect on the financial statements essary annualize theidenresults. This allows the auditors to plan ments. Now that Ian understands this ideatobetter, he can • Sales from the next period are not included in the earlier period— and affect the decision-makingtify of the the assertions users of the audit properly on an approximate projected year-end thatfinancial relate to the the potential errors in based accounts cutoff. Ian is a bit confused about this because cutoff is an asserstatements. Materiality is used inreceivable determining balance. Then, at year-end, the figure is adjusted, if necessary, to thataudit they procedures discussed earlier: tion for transactions, not account balances. Suzie agrees it is a and sample selections, and evaluating differences from client reflect the actual results. special sort of assertion that relates to transactions or events, but mistakes records to audit results. Materiality•isNo themathematical maximum amount of or other clerical errors exist that also gives evidence about balance sheet accounts (e.g., an overcould that affectcan thebe total receivables Required in either direction—accuracy, misstatement, individually or in aggregate, accepted of revenue is also valuation and allocation. Answer the following questions basedstatement on the information pre-an overstatement of receivables). in the financial statements. In selecting the benchmark to be Chapter Preview—Audit Process in Focus viii Johnson_FM.indd 8 used to calculate materiality, the auditors should consider the key drivers of the business. They should ask, “What are the end users (that is, stockholders, banks, etc.) of the accounts going to be looking at?” For example, will stockholders be interested in profit figures that can be used to pay dividends and increase share price? W&S Partners’ audit methodology dictates that one planning materiality (PM)c05AuditEvidence.indd amount is to be6 used for the financial statements as a whole. The benchmark selected for determining materiality is the one determined to be the key driver of the business. sented for Cloud 9 in the appendix to this text and in the current chapter and previous chapters. a. Using the October 31, 2025, trial balance (in the appendix to this text), calculate planning materiality, and include the justification for the benchmark that you have used for your calculation. b. Discuss how the planning materiality would be used to determine performance materiality. 7/26/21 12:26 PM c. If the planning materiality amount is increased or decreased later in the audit, how would that impact the audit? 8/24/21 9:42 AM 3-18 C h Apt e R 3 Risk Assessment part I: Audit Risk and Audit Strategy • Significant subjectivity in measurement of financial information. • Significant unusual transactions. As part of risk assessment, auditors will document the identified inherent risks for the client, including documenting which risks are considered significant. Knowing where the risks are greatest assists the auditor in planning the best procedures for the audit. Control Risk After assessing IR, the second step is to gain an understanding of the cli- 2-8 Chapter 2 professionalism and professional responsibilities ILLUSTRATION 2.2 Threats identified Step 1 Conceptual framework flowchart Identify threats Step 2 Evaluate significance of threats c03RiskAssessmentPartI.indd Page 3-15 24/01/19 No threats identified ent’s system of internal controls. The client should have controls in place to minimize the risk of material misstatement caused by inherent risks. The auditors gain an understanding of internal controls for the purpose of assessing control risk. Control risk (CR) is the risk that a client’s internal controls will not prevent or detect a material misstatement on a timely basis. Illustration 3.7 shows inherent and control risks for a jewelry store. An inherent risk for jewelry inventory is that it is susceptible to theft from both customers and employees. If 5-32 Ch a pt e r 5 audit evidence jewelry is stolen without the client knowing, the inventory account will be overstated because stolen goods would remain recorded in the client’s records. The client knows that jewelry is The trial balance is then referenced into the appropriate lead and supporting schedules where susceptible to theft; therefore, the client has put controls in place to minimize the risk of theft. Threats Step 3 The control risk for this client would be the risk of one or more of these controls failingaudit and work is documented for each account in the trial balance. At Bell & Bowerman, LLP, significant Identify the trial balance is referenced using the letter “A”; cash and cash equivalents in various banks jewelry stolen without client management knowing. and apply are referenced into the C Lead; accounts receivable are referenced into the E Lead; inventory safeguards accounts are referenced into the F Lead; property, plant and equipment are referenced into the K Lead; and so on. 9:35 PM F-0590 /208/WB02435/9781119401810/ch03/text_s The first working paper example is the cash and cash equivalents lead schedule Step 4 in Illustration 5.15. The purpose of this lead is to summarize all general ledger accounts that Evaluate ILLUSTRATION 3.7 the Example of inherent and control risks are combined into the cash and cash equivalents account on the financial statements. The effectiveness lead schedule also has adjusting journal entries, if any, that are proposed by the auditor. In the of safeguards top-left corner of the lead schedule are the client name, period-end, and currency unit (in this Professional Skepticism and Audit Risk 3-15 example, balances are rounded to the nearest thousand dollars). In the top center of the lead schedule is section identification (C). In the top-right corner, details of the working paper preDecline or Are threats parer and reviewers are documented. Next, details of the cash and cash equivalents balance No terminate at an acceptable are listed. For each item listed in the lead schedule, the following are noted. control risk (CR) the risk that a client’s system of internal controls will not prevent or detect a material misstatement on a timely basis Threats not significant ix Flowcharts and Graphs Detailed flowcharts and graphs help students visualize important processes. Conceptual Illustrations Professional Skepticism level? NEW situational art helps students conceptualize auditing concepts. engagement Auditors have a responsibility to plan and perform an audit with professional skepticism. Professional skepticism is an attitude adoptedYes by auditors when conducting all phases of the audit. It means that auditors remain independent of the entity, its management, and its staff when completing the audit work. In a practical sense, Step 5 professional skepticism means auProceed Document ditors maintain a questioning mind and thoroughly investigate all evidence presented by the with threats and auditors should be skeptical if any of client (AS 1015.07). For example, AU-C 200.A22 states engagement safeguards the following arise during the audit: applied • Audit evidence recently gathered that is contradictory to other evidence previously gathered. Inherent Risk • New information that bringsJewelry into question reliabilitytoof client documents inventorythe is susceptible theft. Inventory accountor responses will be overstated if client is unaware of the theft. to auditor inquiries. Step 1: Identify ThreatsthatCPAs clients a number of circumstances. CPAs • Conditions may interact provide with evidence of in possible fraud. need to be alert to a possible relationship or situation that might cause a threat to their com• Situations thatfollowing indicate the for additional procedures what pliance with ethical rules. The is aneed discussion of sevenaudit common threatsbeyond that CPAs in is required by generally accepted auditingofstandards. public practice should be alert to, irrespective the services the CPA is engaged to perform. • General ledger account number, per the client records. • General ledger account name, per the client records. • Preadjusted balance, any adjustments, and the audit-adjusted current-year balance per the client’s trial balance (TB). professional skepticism an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of Control Risk audit evidence • The prior-year balance, per the prior-year audit file (PY). • Variance and percentage change, the calculated difference between the prior-year and current-year balances. • The cross-reference to the working paper where supporting documentary evidence is Controls put in place include security cameras and a security guard. kept for each balance (e.g., C02). Risk of one or more of the controls failing and inventory being stolen without the client knowing. The final section of the lead working paper includes any relevant background information Real-World Illustrations about the account and comments based upon completed testing. ILLUSTRATION 5.15 Working paper example: Cash lead schedule Does maintaining skepticism mean auditors assume • Adverse interest threat. Anprofessional adverse interest threat is the threat should that a CPA willclient not manageNew Millennium Note that IR and CRis are exist separately fromEcoproducts the audit of the ment is beingbecause dishonest? answer is no. not assume management dis-the client’s risks and Client: act with objectivity the The CPA’s interests areAuditors opposedshould to the client’s interests. For Period-end: 12/31/2025 financial statements. In other words, the auditors have no control over a client’s inherent honest, but at interest the samethreat time,exists auditors notexpressed assume management C–LEAD example, an adverse if a should client has an intention is to always begin honest or Currency unit: $000and client factors that and control risks. Inherentand risk is driven by industry, economic, correct. Using professional skepticism means even if auditors believe management litigation against the CPA regarding the quality of taxthat work previously performed. outreliable of the evidence control of those charged with governance are being honest, they should are gather to the sup-auditor. Control risk is impacted by the client’s design and Lead schedule: • Advocacy An advocacy threat the threat that a CPA promote a client’s interimplementation of internal controls, which are also out of the auditor’s control. These two portthreat. management’s responses toisauditor inquiries andwill to support amounts and disclosures advocacy threat the threat that ests or in position to the point that his orF-0590 her objectivity or independence is compromised. risks combine toFor form thethese RMM. the financial statements. all phases of the audit, auditors should keep Page 3-28 24/01/19 9:35 PMThroughout /208/WB02435/9781119401810/ch03/text_s Prea CPA will promote a client’sc03RiskAssessmentPartI.indd example, an advocacy threat exists if the CPA provides expert witness services reliable? to a clientDo in we need to adjusted questions in mind when gathering audit evidence: Is this information interests or position to the point litigation or in a dispute with a customer regarding a licensing arrangement. Once the CPA is balance Account that his or her objectivity or perform more audit procedures? When auditors exercise professional skepticism during the Account name 12/31/2025 Adjustments no. advocating for a client, the CPA is no longer objective. An advocacy threat would also exist if independence is compromised risk assessment phase, it helps to ensure they are using appropriate assumptions when devela firm acts as their an investment adviser to an or director of aresponse client. phase. In the reporting phase, 10100 Cash in Bank: Wells Fargo $ 11,000 $0 oping audit strategy that willofficer be used in the risk familiarity threat the threat Familiarity A familiarity is the evaluating threat that,the dueevidence to a longgathered or close and rela-forming an auditors use Assessment professional skepticism 3-28 • CHAPT ER 3 threat. Risk Part I threatwhen Cash in Bank: U.S. Bank 134 0 10200 that, due to a long or close tionship with athat client, CPA willstatements become too to the client’s interests or too opinion the afinancial aresympathetic presented fairly. Cash in Bank: Barclays 126 0 10300 relationship with a client, a CPA accepting of the client’s work or product. For example, a familiarity threat would exist if • Ongoing losses. will become too sympathetic 10400 Cash in Bank: Citigroup 56 0 a CPA’s immediate family member were employed by the client in a key position (such c03RiskAssessmentPartI.indd 18 8/19/21 1:41 PM to the client’s interests or too • Rapid growth. as the CFO). A familiarity threat would also exist if a former partner or professional 10500 Short -Term Deposits 5,796 0 accepting of the client’s work or • Example Poor cash flas ows combined high earnings. employeeAudit of an audit firm joined the client itsProfessional CFO and with had Skepticism knowledge of the firm’s Reasoning Total Cash and Cash $17,112 $0 product policies and practices for the audit engagement. • Pressure to meet market expectations and profit targets. Equivalents • Management participation A management participation threat the some management participation An auditor was auditing•threat. aPlanning recreational vehicle dealership. The auditor had is obtained to list on a(RV) stock exchange. Key to audit tick marks (TM): threat the threat that a CPA financial information from client showing unaudited results for the end of the third threat thatinitial a CPA will take on the role ofthe client management or otherwise assume manTB Agrees to client’s trial balance. • Planning to raise debt or renegotiate a loan. will take on the role of client quarter. Sales were upexample, and profitamargins were up, making the best year so and far for the client. PY Agrees to prior-year audit file. agement responsibilities. For CPA may have a small itbusiness client, the •that The client being about to enter intothe ainventory signifi newshowed contract. management or otherwise assume Interim recordsfirm showed inventory was also up, and the client’s records over owner asks the CPA’s to do various bookkeeping services for client.cant Providing adverse interest threat the threat that a CPA will not act with objectivity because the CPA’s interests are opposed to the client’s interests H A LLMA RK FEATU RES Many illustrations, such as working papers and confirmations, present documents that students will encounter in a real-world audit. Prepared by: Reviewed by: Reviewed by: Bell & Bowerman, LLP Reference: C-Lead Adjusted current-year balance 12/31/2025 Prior-year balance 12/31/2024 KM 1/21/2026 SO 1/22/2026 MM 1/24/2026 Variance % Variance Ref $ 11,000 TB $ 10,500 PY $500 5% C01 134 TB 134 PY 0 0% C02 126 TB 126 PY 0 0% C03 56 TB 50 PY 6 12% C04 TB 5,600 PY 196 4% $702 4% Real-World Examples management responsibilities 5,796 $17,112 $16,410 C05 Audit Reasoning Examples apply chapter concepts in brief real-world scenarios that students might encounter in a professional environment. They also provide real-world company examples of chapter concepts. 300 RVs on hand the •end the third quarter. Theofaudit senior went to talk towhich the audit manA of signifi cant proportion remuneration tied to earnings (that is, bonuses or stock options). Background: No significant changes in banks or bank accounts from the prior period. Note: Analytical review on movements in the cash flows has bookkeeping services mayatcause the CPA to make various management decisions, been performed on the cash flow schedule — see A1.1. ager about the good news and the client’s performance. The audit manager asked the senior a key is a threat to the firm’s objectivity and independence. This may also put an accounting question. “You did the inventory observation last year. How many RVs did the client have then?” firm in a position of auditing its own work. Comments: Cash and cash equivalents: In line with budget and change consistent with level of activity for the period (see also our review of the self-interest threat the threat that a CPA could benefit, financially or otherwise, from an interest in, or a relationship with, a client or persons associated with the client “I think it was about 210,” the senior replied. Then the audit manager asked, “How full was the lot • Self-interest threat. self-interest threat is theoverfl threat thatthe a CPA couldThe benefit, last year?” The A senior replied that it was “almost owing” year before. manager then financiallysaid, or otherwise, interest in, or relationship with,have a client or persons asso“Let’s look from at thisan more skeptically. I don’t think they storage capacity for another 90 I Audit Reasoning Example Fraud at Toshiba: Part RVs though are up. could be an error in the inventory This information ciated with theeven client. For sales example, a There self-interest threat exists when a CPArecords. has a financial statement of cash flows referenced in A1.1). Short-term deposits: Although the balance is very consistent with previous period, inclusion of short-term deposits within cash and cash equivalents is acceptable (refer to C5). makes me believe that the existence of inventory is a very high inherent risk.” You may be familiar with Toshiba Corporation, a publicly traded Japanese company headquartered in Tokyo that makes consumer electronics, household electronics, office equipment, and more. In July 2015, the CEO of Toshiba announced he was resigning amid an accounting scandal in which profits had been overstated for the past seven years by approximately $1.9 billion (224.8 7/23/21 8:43 AM c05AuditEvidence.indd billion yen). What incentives and pressures were involved that led to the fraud? The technology industry is extremely competitive and Toshiba’s upper management set aggressive profit targets. The home electronics and appliances division was showing losses and the memory chip division Audit risk is the risk that an auditor expresses an inappropriate audit opinion when financial was feeling pressure because of decreasing demand from Chinese electronics companies.6 As an statements are materially misstated (AU-C 200 Overall Objectives of the Independent Auditor example, in September 2012, the head of the digital products and service division was told by the and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards and CEO to improve a 24.8 billion yen loss into a 12 billion yen profit in just three days!7 Think about AS 1101 Audit Risk). Thishow means audit reportwould stateslearn the about financial statements aretopresented the the external auditor the incentives given lower-level management. How fairly, in all material respects, in actuality the fiabout nancial might when an internal auditor learn thesestatements incentives?contain a material c02ProfessionalismAndProfessionalResponsibilities.indd 8 Audit Risk 32 7/23/21 8:20 AM c05AuditEvidence.indd Page 5-20 1/15/19 9:44 PM f-1241 /208/WB02435/9781119401810/ch05/text_s error or fraud. While it is impossible to eliminate audit risk, auditors aim to reduce it to an 5-20 Opportunities to Environment Perpetrate a Fraud The Professional CH A PT E R 5 Audit Evidence Professional Environment Working with IT Auditors After identifying one or more incentives or pressures to commit a fraud, auditors assess whether a client’s employees have an opportunity to perpetrate a fraud. Auditors utilize their knowledge of how other frauds have been perpetrated to assess whether the same opportunities exist at the client. While the examples below of opportunities to commit a fraud suggest a fraud may have been committed, their existence does not mean a fraud has definitely occurred. Auditors must use professional judgment to assess each opportunity in the context of other risk indicators and consider available evidence thoroughly. Audit Decision-Making example 3-35 Examples of opportunities that increase the risk that a fraud may have been perpetrated include: Professional Environment features provide in-depth discussions of how concepts in a chapter are applied in the business world. Audit Decision-Making Example • Accounts that rely on estimates and judgment (discussed further in Chapter 9). • A high volume of transactions close to year-end. Obtain Company Background Information and Data • Signifi cant adjusting entries and reversals after year-end. You have been assigned to the audit of• inventory forrelated-party a private company that owns(discussed and operates a chain Significant transactions further in Chapter 4). of retail jewelers. The company’s sales revenue has grown by 300% in the last two years, primarily • Poor corporate governance mechanisms. by acquisitions. Seventy-eight percent of the value of the company’s inventory is in wedding rings, • Poor system of internal control (discussed further in Chapters 6 and 8). diamonds, gold necklaces, and high-end watches. Because the company has grown through acquisition, the company has not yet brought two acquired (representing of sales) control under responsibilities. • A high turnovercompanies of staff with accounting35% or internal the company’s inventory system. As a result, the company is currently operating with three different inventory-control systems. The core inventory system being used by the retail stores represents 65% of sales. Sixty percent of inventory was tested in the prior year and controls over the existence of inventory were effective. 6 E. Pfanner and M. Fujikawa, M. “Toshiba Slashes Earnings for Past Seven Years,” The Wall Street Journal, The CFO’s top priority is to put all retail7,operations under this one inventory-control system by the September 2015. https://www.wsj.com/articles/toshiba-slashes-earnings-for-past-7-years-1441589473 7 end of the fiscal year (January 31). He particularly concerned gross margins K. is Nagata. “Pressure to show about a profitlower-than-expected led to Toshiba’s accounting scandal,” The Japan Times, September 18, at some of the acquired stores, and 2015. he expects that better inventory control will improve this situation. In http://www.japantimes.co.jp/news/2015/09/18/business/corporate-business/pressure-to-show-a-profi taddition, gold prices have risen 15%led-to-toshibas-accounting-scandal/#.WNJjNmQrLjA in the last 12 months, and the company is making sure it is not selling “conflict diamonds” illegally traded to fund conflict in war-torn areas of Africa. Your responsibility is to develop an audit strategy for testing the existence of inventory. Specialist IT auditors are often used in audits of clients with complex information technology (IT) environments because the effective audit of the IT systems contributes to overall audit quality. Large audit firms usually have such specialists within the firm, but smaller audit firms could engage external IT consultants for this part of the financial statement audit. In general, reliance on an IT specialist is appropriate when the financial statement auditor complies with the conditions of AU-C 620. If the IT expert and the financial statement auditor do not work well together, audit quality can be impaired. For this reason, researchers have investigated the factors that affect the way that financial statement auditors work with specialist IT auditors. Brazel12 reviewed this research evidence and drew the following conclusions. First, responses from financial statement auditors in the United States who were surveyed about their experiences with IT auditors indicated that they believe IT auditors’ competence levels vary in practice. Financial statement auditors also said that IT auditors appear to be overconfident in their abilities in some settings, and questioned the value provided by IT auditors to the financial statement audit. Second, Brazel suggests the research shows that both financial statement auditors’ IT ability and experience and the IT auditor’s competence affect how these two professions interact on an audit engagement. This indicates that audit firms need to ensure that staff training and scheduling produce appropriate combinations of financial statement auditors and IT auditors on an engagement. Finally, Brazel argues that the research findings demonstrated that auditors need to consider the implications of finding a balance between greater software-assisted audit techniques training for financial statement auditors and greater use of IT specialists for overall audit efficiency and effectiveness. The role of IT audit specialists could grow to become even more than a support function for auditors. Some researchers suggest that in e-businesses, the external financial statement auditor’s authority will be challenged by IT audit specialists because of technological change and its impact on auditing.13 In e-businesses, economic transactions are captured, measured, and reported on a real-time basis without either internal human intervention or paper documentation.14 Auditing is likely to become more real-time and continuous to reflect the pattern of the transactions. If traditional auditors are unwilling or unable to adapt to the new environment, their role could be taken over by IT specialists. Other developments such as reporting using XBRL (eXtensible Business Reporting Language) provide challenges for auditors as they have to adapt their techniques and approaches to audit financial information that is disaggregated and tagged. Users can extract and analyze XBRL data directly without re-entry and the tag provides additional information about the calculation and source of the data. This means auditors have to recognize that their clients are reporting financial data with different levels of information and users might have greater expectations of the data. Learn more about XBRL at www.xbrl.org. ? What Is the Audit Problem You Are Trying to Solve? Cloud 9 - Continuing Case The focus of attention in this instance is to develop an audit strategy for testing the existence of inventory. The auditor may develop a different audit strategy for testing the valuation of that inventory. Josh will take responsibility for obtaining a specialist’s opinion on the derivatives. He knows that W&S Partners has other staff (who are not part of the audit team) who can provide additional expertise. However, because he believes the accounts are so material to the audit and derivatives have become such a big issue in audits in recent years, he deems an external specialist’s opinion is also required. He Gather Information and Evidence Important information includes: Audit Decision-Making Framework Using the Work of Internal Auditors • A significant portion of the inventory is high in value, small in size, and susceptible to theft. • Although internal controls may be strong overall, there is risk they may not be operating effectively and uniformly in some locations. • The weak gross margins in some stores may be evidence of inventory shrinkage or theft. • Fraud risk may be high in some locations due to the opportunity offered by weak internal controls. • The auditor needs to determine how internal controls affect audit strategy and whether the auditor wants one audit strategy for part of the inventory and another audit strategy for another part of the inventory. internal auditors employees of the client who perform assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management, and internal control processes The role of the internal audit function was introduced in Chapter 1. Internal auditors are employees of the client who perform assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management, and internal control processes. Not every client will have an internal audit function. For example, small and medium-sized companies, especially private companies, may not have the resources to staff an internal audit function. But if the client does have an internal audit function, what role, if any, do the internal auditors play in the financial statement audit? According to AU-C 610 Each chapter concludes with an Audit Decision-Making Example that takes students through specific steps of the audit process while offering solutions to issues presented throughout the example. Perform the Analysis and Evaluate the Results Analysis of risk: • Inherent risk factors include valuable inventory that is subject to theft and misappropriation. • Internal controls are not uniform. Based on the prior year’s evidence and a preliminary understanding of the system in the current year, strong internal controls appear to operate over only 60% of the inventory. 12 J. F. Brazel. “How do financial statement auditors and IT auditors work together?” The CPA Journal, November, 2008, pages 38–41. A. Kotb, C. Roberts, & S. Sian. “E-business Audit: Advisory Jurisdiction or Occupational Invasion?” Critical Perspectives on Accounting 23, no. 6 (2012), pages 468–82. 14 Kotb et al., 2012. • It may be more efficient to physically inspect inventory as of one date and use one audit strategy for all inventory testing. 13 • Fraud risk is considered to be high at locations where inventory controls are not strong. ! has some experience of using a derivatives specialist on prior audits, and he also plans to ask Jo Wadley (the partner) to recommend a suitable specialist. Josh plans to investigate any possible connections between the specialist and Cloud 9 that could adversely impact the specialist’s objectivity before engaging him for this audit. Draw an Audit Conclusion • Inherent risk is set at the maximum because inventory is high in value and susceptible to theft and misappropriation. • Control risk is set at high, as 40% of inventory may not have sufficient internal controls. • Fraud risk is considered high due to the opportunity offered by weak internal controls. • These risk settings result in setting detection risk at low. • Low detection risk impacts the nature, timing, and extent of substantive procedures. For example, the auditor will plan testing of the physical existence of inventory at year-end, select a larger number of locations to visit, and vary the extent of inventory testing at each location depending on internal controls over the counting of inventory at each location. c03RiskAssessmentPartI.indd 35 Johnson_FM.indd 9 7/23/21 8:20 AM 8/24/21 9:42 AM Engaging Students The Auditing online homework system features a suite of teaching and learning resources that were developed under close review of the authors. In the homework system, students can access review content and practice assessment that will help them better understand course material. Student Practice Each chapter includes practice questions for each learning objective that students can review to assess their understanding of chapter topics. Data Visualization Assignments—Tableau and PowerBI Tableau and NEW PowerBI visualizations accompanied by assessments are available with most chapters. IDEA Cases Select chapters include IDEA cases and case video resources that allow students to use IDEA software to analyze data. An IDEA casebook and accompanying data sets, provided by Audimation Data Analytic Software and Services, is also available. Alteryx NEW Alteryx cases and supporting video resources are available with some chapters. Gradable Excel Select chapters include gradable Excel questions that assess students’ understanding of Excel formulas. x Johnson_FM.indd 10 8/24/21 9:43 AM ENGAGING STUDENTS xi Relevant Accounting Articles Up-to-date accounting articles and videos are posted to the Wiley accounting update site, www.wileyaccountingupdates.com. Many of these updates address auditingrelated topics. Adaptive Assignments Adaptive Assignments ignite students’ confidence to persist so that they can succeed in their courses and beyond. By continuously adapting to each student’s needs and providing achievable goals with just-in-time instruction, Adaptive Assignments close knowledge gaps to accelerate learning. Johnson_FM.indd 11 8/24/21 9:43 AM Preparing for the CPA Exam For each chapter in the Auditing course, students can access CPAexcel videos, CPA Exam Practice Questions in the PrometricTM Testing Interface, and Task-Based Simulations (TBSs), which are the primary form of assessment used by the American Institute of Certified Public Accountants (AICPA). These resources: 1. Reinforce understanding of course topics. 2. Demonstrate relevance to show students how the auditing content they are learning will be assessed on the CPA exam. 3. Build student confidence with early exposure to CPA exam questions. CPA Exam Practice Questions in the Prometric™ Testing Interface Wiley partners with CPAexcel to provide CPA exam practice questions for each chapter that recreate the environment students will encounter on the CPA exam. Task-Based Simulation in the Prometric™ Testing Interface CPA simulations recreate the environment students will see on the CPA exam. CPA Exam Video Lessons Each chapter includes CPA exam text discussions and videos that provide students with insight into auditing topics commonly addressed on the CPA exams. CPA Exam Assignment Each chapter includes one CPA exam assignment that allows instructors to assign CPA multiple-choice questions. Student performance is tied to the gradebook. xii Johnson_FM.indd 12 8/24/21 9:43 AM Student Assessment Each chapter of Auditing has over 300 assessment questions that can help keep your students engaged and on track. End-of-Chapter Assessment Questions and Problems Each Auditing text chapter concludes with over 40 assessment questions and problems you can use to gauge students’ understanding and ability to apply auditing concepts, as follows: • Multiple-Choice Questions—Available to quickly and effectively test students’ understanding of the chapter material. hort Answer Questions—Open-ended questions that require students to begin • S thinking critically about the auditing process. • Analysis Problems—Based on scenarios students might encounter as auditors in the business world, analysis problems assess how well students understand specific topics in a chapter. Cases Because no two audits are alike, Auditing uses a practical, case-based approach to help students develop professional judgment, think critically about the auditing process, and develop the decision-making skills necessary to perform a real-world audit. The best way for a student to learn auditing is to actually do auditing. To help provide real-world application, we have developed the following cases: • A udit Decision Cases—Three cases run through most of the text chapters and provide a broad review of the audit process (King Companies, Inc., Mobile Security, Inc., and Brookwood Pines Hospital). In addition, chapter-specific cases help you assess students’ understanding of topics that are the focus of a particular chapter. • C loud 9 Continuing Case—Requires students to apply chapter concepts to the ongoing Cloud 9 case that is highlighted in the chapter. To help you more easily identify what questions you want to assign, questions are tagged with learning objectives, professional AICPA and AACSB outcome standards, Bloom’s Taxonomy level, level of difficulty, and a recommended time of completion. You can track student performance in the gradebook found in the Wiley online homework system. Test Bank Over 150 NEW, more challenging application and analysis questions were added to this edition’s test bank. Each chapter of the test bank has between 130 and 200 questions that you can assign to students in an exam or as graded practice. Question types include true/false, multiple-choice (NEW multiple-select), fill-in-the-blank, and short answer questions. To help you more easily identify what questions you want to assign, questions are tagged with learning objectives, professional AICPA and AACSB outcome standards, Bloom’s Taxonomy level, level of difficulty, and a recommended time of completion. You can track student performance in the gradebook. xiii Johnson_FM.indd 13 8/24/21 9:43 AM Acknowledgments Auditing has benefited tremendously from the input of students who have used this text’s material in class. We are also very appreciative of the comments and suggestions we received from instructors who reviewed and used the first edition of this textbook, as well as the instructors who participated in development and authoring activities for this new edition. A special thank you to Kathleen Bakarich. We greatly appreciate her contributions to our Alteryx resources. Sanaz Aghazadeh Louisiana State University Dale Flesher University of Mississippi Joe Looney Hofstra University Anne Albrecht Texas Christian University Paul Franklin Purdue Global Jason MacGregor Baylor University Matthew Anderson Michigan State University Scott Fulkerson University of California—Santa Barbara Roger Martin University of Virginia LuAnn Bean Florida Institute of Technology Lori Fuller West Chester University Susanna Matson Siena College of Taytay, Philippines Marie Blouin Ithaca College Amber Gray Adrian College Linda McCann Metropolitan State University A. Faye Borthick Georgia State University Abo-El-Yazeed Habib Minnesota State University—Manka Karen McDougal Pennsylvania State University—Brandywine Joe Brazel North Carolina State University James Hansen Weber State University Linda McKeag University of Dubuque Billy Brewster Texas State University Frederick Harmon University of Bridgeport Mary Mindak DePaul University Rich Brody The University of New Mexico Julia Higgs Florida Atlantic University Ashley Minnich Park University Melodi Bunting CPA, CMA, CGMA Wegner CPAs Karen Hooks Florida Atlantic University Paula Mooney Savannah State University Jeffrey R. Cohen Boston College Carol Jessup University of Illinois—Springfield Anita Morgan Indiana University Emily Cokeley Rochester Institute of Technology Eric Johnson University of Wyoming Grace Mubako California Stata University—Sacramento Sheila Coomes Kansas State University Joe Johnston Illinois State University Christine Noel Metropolitan State University of Denver Laurence DeGaetano Montclair State University Bill Joyce Bemidji State University Christopher A. Nogot Siena College of Taytay, Philippines Kristina Demek University of Central Florida Brett Kawada San Diego State University Connie O’Brien Minnesota State University—Mankato Lisa Derouin Wisconsin Lutheran College Walied Keshk California State University—Fullerton Aimee Pernsteiner University of Wisconsin—Eau Claire Raymond Elson Valdosta State University Katherine Kinkela Iona College Rossen Petkov Lehman College Steven Ernest Baton Rouge Community College Milton Krivokuca California State University—Dominguez Hills Byron Pike Minnesota State University—Mankato Reza Espahbodi Washburn University of Topeka Ellen L. Landgraf Loyola University—Chicago Lincoln Pinto Concordia University Chicago Kel-Ann Eyler Georgia College and State University Betsy Lin Montclair State University Marshall Pitman University of Texas—San Antonio Magdy Farag California Polytechnic University—Pomona Cathy Liu University of Houston—Downtown Dwayne Powell Arkansas State University xiv Johnson_FM.indd 14 8/24/21 9:43 AM AC K NOWLED GMENTS Sridhar Ramamoorti University of Dayton—Ohio Margaret B. Shackell-Dowell Ithaca College Lisa Victoravich University of Denver Matthew Reidenbach Pace University—New York Philip Slater Forsyth Technical Community College Jim Vogt University of Colorado—Denver Maria Sanchez Rider University Vicki Stewart Texas A&M University—Commerce Rick Warne University of Cincinnati Matthew J. Sargent University of Texas at Arlington Jaclyn Strauss Purdue Global Amanda Warren University of Tennessee—Knoxville Gary Schneider California State University—Monterey Bay Floran Syler Azusa Pacific University Barrett Wheeler Tulane University Dan Schrag Baldwin Wallace University Paula Thomas Middle Tennessee State University Angela Woodland Montana State University Edward B. Seibert Wesley College Andrea Tietjen Caldwell College Gail E. Wright Tim Seidel Brigham Young University Patricia Timm Northwood University—Michigan Jamie L. Seitz University of Southern Indiana Madeline Trimble Illinois State University Suzanne Seymoure Saint Leo University, University Campus Richard Turpen University of North Carolina—Asheville We also want to thank several individuals for their help in moving this text from concept to publication. This work would not have come to fruition without the extensive support and guidance of Emily Marcoux, Veronica Schram, Joel Hollenbeck, Ed Brislin, Nicole Repasky, Natalie Munoz, Terry Ann Tatro, and Vimal Shanmugavelu. Johnson_FM.indd 15 xv Fengyun Wu Manhattan College Aleksandra Zimmerman Florida State University Ally Zimmerman Northern Illinois University We appreciate suggestions and comments from users— instructors and students alike. Please send us your thoughts and ideas about the text. Raymond Johnson Sunriver, Oregon Laura Wiley Baton Rouge, Louisiana 8/24/21 9:43 AM Table of Contents 1Introduction and Overview of Audit and Assurance 1-1 1.1 Assurance, Attestation, and Audit Services 1-3 Audit Services 1-4 Attestation Services 1-4 Assurance Services 1-5 1.2 Different Assurance Services 1-6 Financial Statement Audits 1-6 Compliance Audits 1-8 Operational (Performance) Audits 1-8 Internal Audits 1-8 1.3 Demand for Audit and Assurance Services 1-9 Financial Statement Users 1-9 Demand for Audit and Assurance Services 1-10 1.4 Preparers and Auditors 1-11 Preparer Responsibility 1-11 Auditor Responsibility 1-12 Auditor Skills 1-12 Assurance Providers 1-13 1.5 The Role of Regulators and Regulations 1-14 Securities and Exchange Commission (SEC) 1-14 Public Company Accounting Oversight Board (PCAOB) 1-15 American Institute of Certified Public Accountants (AICPA) 1-16 Financial Accounting Standards Board (FASB) 1-19 Committee on Sponsoring Organizations of the Treadway Commission (COSO) 1-19 National Association of State Boards of Accountancy (NASBA) and State Boards of Accountancy 1-19 1.6 Audit Report on Financial Statements 1-20 Reasonable Assurance and the Financial Statements 1-20 Materiality and the Financial Statements 1-21 The Auditorʼs Report on Financial Statements 1-21 1.7 Audit Report on Internal Controls over Financial Reporting 1-27 Reasonable Assurance and Internal Controls 1-27 The Auditor’s Report on Internal Control over Financial Reporting 1-28 1.8 The Audit Expectation Gap 1-30 Audit Decision-Making Example 1-33 2 Professionalism and Professional Responsibilities 2-1 2.1 Professionalism and Accounting 2-3 Level of Expertise 2-3 Concern for the Public Interest 2-4 2.2 The Structure of the AICPA Code of Professional Conduct 2-5 Purpose of the Code 2-5 Organization of the Code 2-6 2.3 Conceptual Framework for Members in Public Practice 2-7 Steps in the Conceptual Framework 2-7 Applying the Conceptual Framework: An Example 2-10 2.4 Integrity and Objectivity 2-11 Conflicts of Interest 2-11 Subordination of Judgment 2-12 2.5 Independence 2-12 Key Individuals and Independence Requirements 2-14 Employment or Association with an Attest Client 2-18 Nonattest Services 2-19 SEC and PCAOB Independence Rules 2-22 2.6 General Standards 2-25 2.7 Other Rules of Conduct for Members in Public Practice 2-26 Accounting Principles Rule 2-26 Fees and Other Types of Remuneration 2-27 Confidential Information 2-27 2.8 Auditor Liability Under Common Law 2-28 Liability to Clients 2-29 Liability to Third Parties 2-31 Burden of Proof and Common Law Defenses 2-34 2.9 Auditor Liability Under Statutory Law 2-35 The Securities Act of 1933 2-36 The Securities Act of 1934 2-37 The Foreign Corrupt Practices Act of 1977 2-38 The Private Securities Litigation Reform Acts of 1995 and 1998 2-38 The Sarbanes-Oxley Act of 2002 2-39 Criminal Liability 2-41 Audit Decision-Making Example 2-45 3 Risk Assessment Part I: Audit Risk and Audit Strategy 3-1 3.1 Client Acceptance and Continuance Decisions 3-3 3.2 Phases of an Audit 3-8 Risk Assessment Phase 3-9 Risk Response Phase 3-10 Reporting Phase 3-10 3.3 Materiality 3-11 Qualitative and Quantitative Factors 3-11 Setting Materiality 3-12 xvi Johnson_FM.indd 16 8/24/21 9:43 AM TAB LE 3.4 Professional Skepticism and Audit Risk 3-15 Professional Skepticism 3-15 Audit Risk 3-16 3.5 Audit Strategy 3-23 Reliance on Controls Approach 3-24 Substantive Approach 3-26 Where Does Data Analytics Fit In? 3-26 3.6 Fraud Risk 3-28 Incentives and Pressures to Commit a Fraud 3-30 Opportunities to Perpetrate a Fraud 3-31 Attitudes and Rationalization to Justify a Fraud 3-32 Fraud Risk Assessment Process 3-32 Audit Decision-Making Example 3-35 4 Risk Assessment Part II: Understanding the Client 4-1 4.1 Understand the Entity and the Industry 4-3 Gain an Understanding of the Entity 4-4 Gain an Understanding of the Industry and Business Environment 4-6 Procedures Performed to Gain an Understanding of the Client 4-8 Compliance with Laws and Regulations 4-8 4.2 Client Approaches to Measuring Performance 4-11 Profitability 4-11 Liquidity, Solvency, and Cash Flow 4-12 4.3 Analytical Procedures 4-13 Comparisons 4-14 Trend Analysis 4-14 Common-Size Analysis 4-15 Ratio Analysis 4-16 Software Tools for Performing Analytical Procedures 4-19 Factors to Consider When Conducting Analytical Procedures 4-19 Audit Data Analytics During Risk Assessment 4-20 4.4 Related Parties 4-21 Risk Associated with Related Parties 4-21 Audit Procedures 4-22 4.5 Corporate Governance 4-23 Audit Committee 4-24 Public Company Requirements 4-24 4.6 Internal Control, Information Technology, and the Client’s Digital Mindset 4-26 System of Internal Controls 4-26 Information Technology 4-26 Client’s Digital Mindset 4-27 4.7 Closing Procedures 4-28 Audit Decision-Making Example 4-31 Johnson_FM.indd 17 5 Audit Evidence OF CONTENTS xvii 5-1 5.1 Management Assertions 5-3 Assertions in the ASB Auditing Standard 5-3 Assertions in the PCAOB Standard 5-7 Relevant Assertions 5-7 5.2 Characteristics of Audit Evidence 5-8 Sufficient Audit Evidence 5-8 Appropriate Audit Evidence 5-9 Persuasive Audit Evidence 5-12 5.3 Procedures for Gathering Audit Evidence 5-13 Inspection of Documents and Assets 5-14 Observation 5-15 Inquiry 5-15 Confirmation 5-16 Recalculation 5-19 Reperformance 5-19 Analytical Procedures 5-20 Scanning 5-20 Audit Data Analytics and Automated Tools 5-20 5.4 Using the Work of Others 5-22 Using the Work of an Auditor’s Specialist 5-23 Using the Work of Internal Auditors 5-25 Using the Work of Another Auditor 5-27 5.5 Documentation—Audit Working Papers 5-29 Permanent File 5-29 Current File 5-30 Examples of Working Papers 5-31 Audit Decision-Making Example 5-36 6 Gaining an Understanding of the Client’s System of Internal Control 6-1 6.1 Internal Control Defined 6-3 The COSO Framework 6-4 Inherent Limitations 6-6 Steps for Understanding and Assessing Control Risk 6-6 6.2 Entity-Level Internal Controls 6-8 The Control Environment 6-9 Risk Assessment 6-11 Control Activities 6-13 Information and Communication 6-16 Monitoring Activities 6-17 Internal Control in Small Entities 6-19 6.3 Transaction-Level Internal Controls 6-20 Example Transaction Flows—Sales Process 6-21 6.4 Information Technology (IT) Controls 6-23 Benefits and Risks of IT Systems 6-23 IT General Controls 6-25 IT Application Controls 6-26 IT-Dependent Manual Controls 6-28 8/24/21 9:43 AM xviii TAB LE OF CON TEN TS 6.5 Documenting Internal Controls 6-30 6.6 Identifying Strengths and Weaknesses in a System of Internal Controls 6-33 Internal Controls and Audit Strategy 6-33 Evaluating Internal Control Weaknesses 6-33 6.7 Use of a Service Organization by an Audit Client 6-34 Significant User Entity Controls over the Service Organization 6-35 User Auditor Obtains a Systems Organization and Controls (SOC) 1 Report 6-36 What Is a Soc 2 Report and How Does It Differ from a SOC 1 Report? 6-38 Audit Decision-Making Example 6-40 7 Risk Response: Performing Tests of Controls 7-1 7.1 Identify Relevant Transaction-Level Controls and Determine Preliminary Audit Strategy 7-3 Preventive and Detective Controls 7-4 Manual and Automated Controls 7-7 Determine Preliminary Audit Strategy 7-8 7.2 Procedures for Testing Controls 7-10 Inquiry 7-10 Observation 7-10 Inspection of Physical Evidence 7-10 Reperformance 7-11 Tests of Software Controls 7-11 7.3 Selecting and Designing Tests of Controls 7-12 Selecting the Controls for Testing 7-13 Selecting Audit Procedures 7-15 The Extent of Tests of Controls 7-16 Timing of Tests of Controls 7-20 Benchmarking 7-21 Selecting and Designing Tests of Controls—A Summary 7-22 7.4 Results of the Auditor’s Testing 7-25 Tests of Controls and Audit Strategy 7-27 Classifying Control Exceptions 7-27 7.5 Using a Soc 1, Type 2 Report 7-29 Section 1: Independent Service Auditor’s Report 7-31 Section 2: Management’s Assertion 7-34 Section 3: Management’s Description of the System 7-36 Section 4: Control Descriptions, Related Controls, and Tests of Operating Effectiveness 7-38 7.6 Documenting Conclusions 7-41 7.7 Management Letters 7-43 Audit Decision-Making Example 7-46 8 Audit Data Analytics 8-1 8.1 Applying the Audit Decision-Making Framework to Audit Data Analytics 8-3 Step 1: Obtain Company Background Information and Data 8-4 Johnson_FM.indd 18 Step 2: What Is the Audit Problem You Are Trying to Solve? 8-5 Step 3: Gather Information and Evidence 8-6 Step 4: Perform the Analysis and Evaluate the Results 8-7 Step 5: Draw an Audit Conclusion 8-8 Audit Documentation 8-9 8.2 Steps Associated with Accessing and Preparing Data for Audit Data Analytics 8-11 Are the Data Complete? 8-11 Do the Data Need to Be Cleaned? 8-12 Key Questions to Be Addressed in Evaluating the Relevance and Reliability of Data Used in Audit Data Analytics 8-12 8.3 Using Audit Data Analytics as a Risk Assessment Procedure 8-13 Understanding the Risk Analysis Decision Tree 8-14 What Do We Mean by Notable Items? 8-15 Tools for Searching for Notable Items 8-15 What to Do When ADA Identifies a Large Number of Items for Further Consideration 8-16 8.4 Applying Audit Data Analytics as a Risk Assessment Procedure 8-18 Cluster Analysis 8-18 Matching Information in Key Data Fields 8-26 Regression Analysis 8-31 Visualization 8-35 8.5 Using Audit Data Analytics as a Substantive Procedure 8-38 8.6 Applying Audit Data Analytics as a Substantive Procedure 8-39 Validating Sales Revenue and Accounts Receivable with Subsequent Cash Receipts 8-39 8.7 Artificial Intelligence and Machine Learning 8-44 Examples from Audit Practice 8-45 The Role of Professional Judgment in the AI Environment 8-46 Audit Decision-Making Example 8-48 9 Risk Response: Performing Substantive Procedures 9-1 9.1 Audit Risk and Substantive Procedures 9-3 9.2 Risk Response at the Financial Statement Level 9-5 Auditor’s Understanding of the Entity’s Control Environment 9-6 Risk of Material Misstatement Due to Fraud 9-6 9.3 Nature of Substantive Procedures 9-7 Determining the Purpose of an Audit Procedure 9-7 Determining the Type of Substantive Procedure 9-8 Initial Procedures 9-9 Substantive Analytical Procedures 9-10 Tests of Details 9-14 ADA and Substantive Procedures 9-15 8/24/21 9:43 AM TA B LE OF CONTENTS 9.4 Timing of Substantive Procedures 9-17 During an Interim Period 9-17 During Year-End 9-18 9.5 Extent of Substantive Procedures 9-19 Auditing an Entire Population 9-20 Auditing Select Items from a Population 9-21 9.6 Auditing Accounting Estimates 9-22 Inherent Risk Factors 9-22 Possible Management Bias 9-23 Risk Assessment Procedures for Accounting Estimates 9-24 Identifying and Assessing the Risks of Material Misstatement 9-26 Risk Response Procedures for Accounting Estimates 9-26 Overall Evaluation and Documentation 9-28 9.7 Documenting Results of Substantive Procedures 9-30 Audit Decision-Making Example 9-33 10 Risk Response: Audit Sampling for Substantive Procedures 10-1 10.1 Audit Sampling versus Audit Data Analytics 10-3 10.2 Sampling Risk and Nonsampling Risk 10-4 Risk of Incorrect Acceptance 10-5 Risk of Incorrect Rejection 10-5 Nonsampling Risk 10-5 10.3 Statistical versus Nonstatistical Sampling 10-7 Population and Sampling Unit 10-7 Sampling Methods 10-8 10.4 Factors That Influence the Sample Size—Substantive Procedures 10-10 Tolerable Misstatement 10-10 Desired Level of Assurance 10-11 Expected Misstatement in the Population 10-11 Stratification of the Population 10-12 10.5 A Basic Framework for Audit Sampling 10-12 Step 1: Determine the Objectives of the Substantive Procedure 10-14 Step 2: Determine the Substantive Procedures to Perform 10-14 Step 3: Determine Whether to Audit a Sample or the Entire Population 10-14 Step 4: Define the Population and Sampling Unit 10-15 10.6 Applying Probability-Proportionate-to-Size Sampling for Substantive Procedures 10-15 Step 5: Choose the Audit Sampling Technique 10-15 Step 6: Determine Sample Size 10-16 Step 7: Randomly Select Representative Sample 10-18 Step 8: Apply Audit Procedures 10-20 Step 9: Evaluate Results Statistically and Judgmentally 10-20 Step 10: Document Conclusions 10-25 Summary of PPS Sampling 10-26 Johnson_FM.indd 19 xix 10.7 Applying Nonstatistical Sampling for Substantive Procedures 10-27 Step 5: Choose the Audit Sampling Technique 10-27 Step 6: Determine Sample Size Using Professional Judgment 10-27 Step 7: Judgmentally Select Representative Sample 10-28 Step 8: Apply Audit Procedures 10-28 Step 9: Evaluate Results Judgmentally 10-29 Step 10: Document Conclusions 10-31 Appendix 10A: Applying Classical Variables Sampling for Substantive Procedures 10-32 Step 5: Apply Classical Variables Sampling 10-32 Step 6: Determine the Sample Size 10-33 Step 7: Select a Random Sample 10-37 Step 8: Apply Audit Procedures 10-37 Step 9: Evaluate the Sample Results 10-37 Step 10: Document Results 10-39 Audit Decision-Making Example 10-42 11 Auditing the Revenue Process 11-1 11.1 Understanding the Revenue Process 11-3 Understand the Nature of the Revenue Process 11-4 Revenue Transactions 11-4 11.2 How Audit Planning Decisions Affect the Assessment of Inherent Risk 11-5 Understanding the Entity and Its Environment 11-6 Determining Inherent Risk in the Revenue Process 11-10 11.3 Control Activities for Credit Sales 11-14 Example Transaction Flows—Credit Sales 11-15 Evaluate What Can Go Wrong (WCGW) and Identify Key Controls—Credit Sales and Accounts Receivable 11-17 11.4 Control Activities for Cash Receipts 11-20 Example Transaction Flows—Cash Receipts 11-20 Evaluate WCGW and Identify Key Controls—Cash Receipts 11-22 11.5 Control Activities in a “Paperless” Revenue System 11-24 Initiating an ERS Transaction 11-25 Shipping Goods 11-25 Recording Sales and Receivables 11-25 Electronic Cash Receipt 11-25 Internal Controls in an ERS System 11-26 11.6 Control Activities for Sales Adjustments and Revenue Process Disclosures 11-27 Granting Sales Returns and Allowances 11-27 Determining Uncollectible Accounts 11-28 Other Controls in the Revenue Process 11-28 Preliminary Audit Strategy 11-29 8/24/21 9:43 AM xx TAB LE OF CON TEN TS 11.7 Tests of Controls in the Revenue Process and Audit Strategy 11-30 Tests of Controls in the Revenue Process 11-30 Fraud Risk Assessment 11-31 Audit Data Analytics as a Risk Assessment Procedure 11-32 The Risk of Material Misstatement and Audit Strategy 11-32 11.8 Substantive Procedures for the Revenue Process 11-33 Initial Procedures 11-36 Substantive Analytical Procedures 11-36 Audit Data Analytics as a Substantive Procedure 11-36 Tests of Details of Transactions 11-37 Tests of Details of Balances 11-38 Tests of Details of Presentation 11-43 Draw a Final Conclusion 11-44 Audit Decision-Making Example 11-46 12 Auditing the Purchasing and Payroll Processes 12-1 12.1 Auditing Purchase Transactions and Balances 12-2 Overview of Auditing Purchases 12-2 Understand the Nature of the Purchasing Process 12-3 Purchase Transactions 12-4 12.2 How Audit Planning Decisions Affect the Assessment of Inherent Risk 12-5 Understanding the Entity and Its Environment 12-5 Determining Inherent Risks in the Purchasing Process 12-9 12.3 Control Activities for Purchases 12-12 Example Transaction Flows—Credit Purchases 12-12 Evaluate What Can Go Wrong (WCGW) and Identify Key Controls—Purchases and Accounts Payable 12-15 12.4 Control Activities for Cash Disbursements 12-18 Example Transaction Flows—Cash Disbursements 12-18 Evaluate What Can Go Wrong (WCGW) and Identify Key Controls—Cash Disbursements 12-20 12.5 Evaluated Receipt Settlement (ERS) 12-21 Initiating an ERS Transaction 12-22 Receiving Goods 12-22 Recording Payables 12-22 Electronic Payment 12-22 Internal Controls in an ERS System 12-23 12.6 Control Activities for Purchase Adjustments and Purchasing Process Disclosures 12-24 Purchase Returns and Allowances 12-24 Other Controls in the Purchasing Process 12-25 Preliminary Audit Strategy 12-25 12.7 Tests of Controls in the Purchasing Process and Audit Strategy 12-26 Tests of Controls in the Purchasing Process 12-26 Fraud Risk Assessment 12-27 Audit Data Analytics as a Risk Assessment Procedure 12-28 The Risk of Material Misstatement and Audit Strategy 12-28 Johnson_FM.indd 20 12.8 Substantive Procedures for the Purchasing Process 12-29 Initial Procedures 12-30 Substantive Analytical Procedures 12-31 Audit Data Analytics as a Substantive Procedure 12-31 Tests of Details of Transactions 12-31 Tests of Details of Balances 12-33 Tests of Details of Presentation 12-33 Draw a Final Conclusion 12-34 Appendix 12A: Auditing Payroll 12-35 12.9 Explain the Nature of Payroll Transactions and Balances 12-36 Understand the Nature of the Payroll Process 12-36 Payroll Transactions 12-36 12.10 How Audit Planning Decisions Affect the Assessment of Inherent Risk 12-37 Understanding the Entity and Its Environment 12-37 Determining Inherent Risk in the Payroll Process 12-39 12.11 Control Activities for Payroll 12-40 Example Transactions Flows—Payroll Transactions 12-40 Evaluate What Can Go Wrong (WCGW) and Identify Key Controls—Payroll 12-42 Preliminary Audit Strategy 12-44 12.12 Tests of Controls in the Payroll Process and Audit Strategy 12-45 Tests of Controls for Payroll 12-45 Fraud Risk Assessment 12-46 Audit Data Analytics Used in Fraud Risk Assessment 12-46 The Risk of Material Misstatement and Audit Strategy 12-46 12.13 Substantive Procedures for the Payroll Process 12-47 Initial Procedures 12-48 Substantive Analytical Procedures 12-49 Audit Data Analytics as a Substantive Procedure 12-49 Tests of Details of Transactions 12-49 Tests of Details of Balances 12-50 Tests of Details of Presentation 12-50 Draw a Final Conclusion 12-51 Audit Decision-Making Example 12-53 13 Auditing Cash, Inventory, and Related Income Statement Accounts 13-1 13.1 Auditing Cash and Cash Equivalents 13-3 How Audit Planning Decisions Affect the Assessment of Inherent Risk 13-3 Understanding Internal Controls and Developing a Preliminary Audit Strategy 13-4 Assessing Control Risk, Fraud Risk, and RMM and Determining a Final Audit Strategy 13-5 Substantive Procedures for Cash and Cash Equivalents 13-6 Draw a Final Conclusion 13-13 8/24/21 9:43 AM TA B LE OF CONTENTS 13.2 Auditing Inventory 13-13 How Audit Planning Decisions Affect the Assessment of Inherent Risk 13-14 Understanding Internal Controls and Developing a Preliminary Audit Strategy 13-17 Assessing Control Risk, Fraud Risk, and RMM and Determining a Final Audit Strategy 13-19 Substantive Procedures for Inventory 13-21 Audit Decision-Making Example 13-31 14 Auditing Investing and Financing Activites 14-1 14.1 Auditing Property, Plant, and Equipment 14-2 How Audit Planning Decisions Affect the Assessment of Inherent Risk 14-3 Understanding Internal Controls and Developing a Preliminary Audit Strategy 14-5 Assessing Control Risk and Fraud Risk, and Determining a Final Audit Strategy 14-7 Substantive Procedures for Property, Plant, and Equipment 14-7 Draw a Final Conclusion 14-12 14.2 Auditing Financing Activities 14-13 How Audit Planning Decisions Affect the Assessment of Inherent Risk 14-13 Understanding Internal Controls and Developing a Preliminary Audit Strategy 14-16 Assessing Control Risk and Fraud Risk, and Determining a Final Audit Strategy 14-17 Substantive Procedures for Long-Term Debt 14-18 Substantive Procedures for Stockholders’ Equity 14-21 Audit Decision-Making Example 14-25 15 Completing the Audit 15-1 15.1 Audit Procedures for Loss Contingencies 15-3 Accounting for Loss Contingencies 15-3 Auditing Loss Contingencies 15-4 Legal Letter 15-4 15.2 Subsequent Events 15-7 Accounting for Subsequent Events 15-8 Auditing Subsequent Events 15-9 15.3 Engagement Wrap-Up 15-11 Final Analytical Procedures 15-11 Final Evaluation of Audit Findings 15-12 Completion of Working Paper Review 15-17 Engagement Quality Review 15-18 Completion of Documentation 15-19 15.4 Going Concern 15-20 Management Responsibility 15-20 Auditor Responsibility 15-21 Audit Procedures to Evaluate Going Concern 15-21 Johnson_FM.indd 21 xxi 15.5 Management Representation and Communication with Those Charged with Governance 15-23 Management Representation Letter 15-23 Communication with Those Charged with Governance 15-26 Audit Decision-Making Example 15-30 16 Reporting on the Audit 16-1 16.1 Standard Unmodified/Unqualified Audit Report 16-3 16.2 Additional Wording for the Standard Unmodified Report 16-9 Going Concern Section 16-9 Emphasis Added at Discretion of the Auditor 16-10 Consistency of Financial Statements 16-11 16.3 Opinion Based in Part on the Report of Another Auditor 16-13 16.4 Modifying the Audit Opinion 16-15 Departure from Applicable Financial Reporting Framework 16-16 Scope Limitation 16-18 16.5 Subsequently Discovered Facts 16-24 Subsequently Discovered Facts That Become Known Before the Report Release Date 16-24 Subsequently Discovered Facts That Become Known After the Report Release Date 16-26 16.6 Reports on the Audit of ICFR 16-28 Standard Unqualified Opinion on ICFR 16-28 Modified Opinion on ICFR 16-30 Integrated Audits for Private Companies 16-32 16.7 Preparation, Compilation, and Review Engagements 16-32 Preparation of Financial Statements 16-33 Compilation of Financial Statements 16-33 Review of Financial Statements 16-35 Audit Decision-Making Example 16-39 APPENDIX A Cloud 9 Inc. Audit A-1 Cloud 9 Inc. Company Background A-1 Personnel A-2 Financial Information A-2 Transcript of Meeting with David Collier A-4 AUDITING AND ASSURANCE STANDARDS GLOSSARY INDEX AS-1 G-1 I-1 8/24/21 9:43 AM Johnson_FM.indd 22 8/24/21 9:43 AM CHAPTER 1 Introduction and Overview of Audit and Assurance The Audit Process Overview of Audit and Assurance (Chapter 1) Professionalism and Professional Responsibilities (Chapter 2) Client Acceptance/Continuance and Risk Assessment (Chapters 3 and 4) Identifying Significant Accounts and Transactions Setting Planning Materiality Gaining an Understanding of the System of Internal Control (Chapter 6) Making Preliminary Risk Assessments Audit Evidence (Chapter 5) Developing Responses to Risk and an Audit Strategy Performing Tests of Controls (Chapter 7) Performing Substantive Procedures (Chapter 9) Audit Sampling for Substantive Procedures (Chapter 10) Auditing the Revenue Process (Chapter 11) Auditing the Purchasing and Payroll Processes (Chapter 12) Auditing Cash and Inventory (Chapter 13) Audit Data Analytics (Chapter 8) Gaining an Understanding of the Client Auditing Investing and Financing Activities (Chapter 14) Completing and Reporting on the Audit (Chapters 15 and 16) Procedures Performed Near the End of the Audit Drawing Audit Conclusions Reporting 1-1 c01IntroductionAndOverviewOfAuditAndAssurance.indd 1 8/23/21 1:55 PM 1-2 C h a pt er 1 Introduction and Overview of Audit and Assurance Learning Objectives LO 1 Differentiate among assurance, attestation, and audit services. LO 2 Describe the different types of assurance services. LO 3 Explain the demand for audit and assurance services. LO 4 Discuss the different roles of the financial statement preparer and the auditor. LO 6 Explain the concepts of reasonable assurance and materiality, and the nature of an unqualified/ unmodified report on the audit of financial statements. LO 7 Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting. LO 8 Discuss the audit expectation gap. LO 5 Identify the roles of different regulators and organizations that affect the audit profession. Auditing and Assurance Standards PCAOB AUDITING STANDARDS BOARD (ASB) Framework for Audits of Public Companies Framework for Audits of Private Companies AS 2201 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards AS 3101 The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion AU-C 700 Forming an Opinion and Reporting on Financial Statements This text is designed to provide you with the opportunity to learn about auditing by using a practical, problem-based approach. Each chapter begins with some information about an example audit client—Cloud 9 Inc. (Cloud 9). The chapter then provides the underlying concepts and background information needed to deal with this client’s situation and the problems facing its auditor. As you work through the chapters, you will gradually build your knowledge of auditing by studying how the contents of each chapter are applied to Cloud 9. The end-of-chapter exercises and problems also provide you with the opportunity to study other aspects of Cloud 9’s audit, in addition to applying the knowledge gained in the chapter to other practical examples. Cloud 9 Continuing Case Cloud 9 Inc., a listed company (publicly traded) in the United States, is looking to expand. Stotez Shoes was seen as a potential target. In 1985, Ron Stotez started Stotez Shoes in Seattle, Washington, manufacturing and retailing customized basketball shoes. Ron borrowed from the bank to start the company, using his house as security. Over the years, he worked very hard to establish a profitable niche in the highly competitive sport shoe market. Ron repaid the bank in 1999, and he vows to never borrow again. As the business grew, Ron’s wife and three adult children started to work with him, with responsibility for administration, marketing and sales, production, and distribution. By the early c01IntroductionAndOverviewOfAuditAndAssurance.indd 2 2000s, Ron’s business employed 20 people full-time, most of whom work in production. There are also several seasonal employees and part-time staff in the retail outlet in Seattle, particularly during busy periods. In February 2023, Ron received a call from Chip Masters, the senior vice president of Cloud 9. Chip expressed an interest in buying Stotez Shoes. Ron wants to retire, and his children are starting to fight among themselves about who is going to take over their father’s business. Ron is looking for an exit strategy, but he does not want Chip to know that. He asks if Chip is ready to talk about the price. Chip says he is, but first he needs to see the audited financial statements for Stotez Shoes. 8/23/21 1:55 PM 1-3 1.1 Assurance, Attestation, and Audit Services Ron asks for some time. He tells Chip that he first needs to talk to his family and will then get back to him. When Ron puts the phone down, he immediately calls his friend Ernie Black, who is a CPA. For years, Ernie has been suggesting to Ron that his business affairs need attention. Ron is good at making deals and working hard, but he has never bothered with sophisticated financial arrangements. He is still running his business as a sole proprietor (not a corporation), and his wife does all the tax returns. Ron is in a panic—he wants to sell Stotez Shoes, but what is he going to do about Chip’s request for audited financial statements? Chapter Preview: Audit Process in Focus The purpose of this chapter is to provide an overview of assurance, attestation, and audit services. While the focus of this text is the audit of financial statements, in this chapter we define assurance and attest engagements, and differentiate among the types of assurance engagements. We also discuss why there is a demand for audit and assurance services, and then identify the separate roles of the financial statement preparer and the auditors. In addition, we introduce regulatory bodies and other organizations that impact the audit profession. We also explain what is communicated in the auditor’s report as well as discuss the audit expectation gap. Cloud 9 Continuing Case Chip Masters has asked Ron Stotez for audited financial statements of Stotez Shoes. Ron has never had an audit and is not sure what it involves. He has heard about tax audits, safety audits, efficiency audits, as well as financial statement audits. Are they all the same thing? 1.1 Ernie explains to Ron that there are several services that people call “audits” that are different from financial statement audits. However, all these services, including financial statement audits, can be defined as assurance services. Assurance, Attestation, and Audit Services LEARNING OBJECTIVE 1 Differentiate among assurance, attestation, and audit services. The terms assurance, attestation, and auditing are sometimes used interchangeably, but they actually represent different types of services. The services have the following characteristics in common. n independent accounting firm is taking information prepared by someone else and • A then comparing it to an established set of criteria. • T he independent accounting firm provides a written report about the results of the service performed. • T he services add credibility, or integrity, to the information, which makes it more useful for decision making. An everyday example of this process would be needing a physical exam from a medical doctor before joining a sports team. The doctor would be the independent professional. The doctor would conduct the physical exam and compare your results to standards considered acceptable for someone of your age and height. At the completion of the physical exam, the doctor would provide you with written documentation stating that you were in good physical condition to play on the sports team. The service provided by the doctor improves the “integrity” of your claim that you are in good condition to participate on the team. The relationship of assurance, attestation, and auditing services is shown in Illustration 1.1 and resembles overlapping umbrellas. We will refer to Illustration 1.1 as we discuss the three services in more detail. c01IntroductionAndOverviewOfAuditAndAssurance.indd 3 8/23/21 1:55 PM 1-4 C h a pt er 1 Introduction and Overview of Audit and Assurance ILLUSTRATION 1.1 Assurance Services Relationship of assurance, attestation, and auditing services Website security Attestation Services Review of historical financial statements System and Organization Controls (SOC) Report Risk advisory services Examination of financial forecast AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards audit services services by an independent CPA that provide financial statement users with (1) an opinion on whether the financial statements are presented fairly, in all material respects, in accordance with an applicable financial reporting framework and, in some cases, (2) an opinion on the effectiveness of internal controls over financial reporting (ICFR), which enhance the degree of confidence that intended users can place in the financial statements Data integrity Audit Services Historical Internal financial controls statements Agreed-upon procedures Audit Services Audit services are the most specific and narrow of the three services; therefore, it is the smallest umbrella in Illustration 1.1. Two primary types of audit services are an audit of financial statements and an audit of internal controls over financial reporting (ICFR). The purpose of an audit of financial statements is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly in accordance with an applicable financial reporting framework. The purpose of an audit of ICFR is to provide financial statement users with an opinion by the auditor on the design and operating effectiveness of ICFR. These audit services enhance the degree of confidence that intended users can place in the financial statements (AU-C 200.04). Some key concepts in these descriptions require further explanation. • The financial statements refer to historical financial statements of either a public or private company. • T he auditor refers to an independent certified public accountant, or CPA, who is qualified to perform the audit service. The only professional who can sign an audit report on historical financial statements and internal controls for a public or private company is a CPA. • The applicable financial reporting framework refers to the set of standards used in preparing the historical financial statements, such as generally accepted accounting principles (GAAP) in the United States, International Financial Reporting Standards (IFRS), or governmental accounting standards for governmental entities. • The intended users refer to any group that will be using the financial statements to make decisions, such as investors and creditors. Attestation Services attestation services services performed when an independent practitioner, or CPA, is engaged to issue a report on subject matter that is the responsibility of another party c01IntroductionAndOverviewOfAuditAndAssurance.indd 4 Companies produce financial information that goes beyond historical financial statements. Examples include financial forecasts and detailed schedules for specific accounts. When CPAs are hired to report on the integrity of this type of financial information, it is called an attestation service. Attestation services are performed when an independent practitioner, or CPA, is engaged to issue a report on subject matter that is the responsibility of another party. As depicted in Illustration 1.1, audit services fall under the umbrella of attestation services, but so do other services that involve a CPA reporting on other financial information. Note the use of the term practitioner in the definition of attestation services. The term practitioner is used rather than auditor because attestation services encompass more than just the audit of historical financial statements and internal controls. 8/23/21 1:55 PM 1-5 1.1 Assurance, Attestation, and Audit Services Another example of an attestation service is a review of historical financial statements. Small private companies often do not want or need a service as extensive as an audit. In a review engagement, the practitioner expresses limited assurance that no material modifications need to be made to the financial statements. So a review is a less extensive and, therefore, less expensive service that can be very useful for smaller private companies. A more detailed discussion of a review is presented in Chapter 16. One final example is a System and Organization Controls Report, referred to as a SOC 1 Report. Many clients outsource key accounting functions, such as payroll, to an outside service organization. An independent CPA can evaluate and report on the controls at the service organization. This SOC reporting helps to build trust and confidence in the services provided by the service organization. SOC reporting is discussed further in Chapters 6 and 7. Assurance Services The largest umbrella in Illustration 1.1 represents assurance services. Assurance services are independent professional services that improve the quality of information, or its context, for decision makers. Let’s discuss some key concepts in this definition: • Independent. This term is common to audit, attestation, and assurance services. It implies that the service is performed by someone who was not involved with the creation of the information and who is objective in the evaluation of the information. (Chapter 2 covers independence in more depth.) assurance services independent professional services that improve the quality of information, or its context, for decision makers • Quality. This refers to the relevance and reliability of the information. • Information. This refers to subject matter that can be financial or nonfinancial, historical or prospective, standalone or entire systems of data, internal or external to a company. Essentially, the concept of assurance services encompasses any service that a professional provides that involves improving the quality of information that was prepared by someone else. Both attestation and audit services fall under the broad term of assurance services, and therefore are depicted under the assurance umbrella in Illustration 1.1. While the audit of a company’s historical financial statements and internal controls is the focus of this text, there are other types of audit and assurance services that warrant some discussion. The next section provides a description of these different types of services. Professional Environment Becoming a CPA Certified public accountants (CPAs) are the only licensed accounting professionals in the United States. CPA licenses are not issued at the national level but at the state level. To become a licensed CPA, an individual must earn the three Es—Education, Exam, and Experience.1 The first step is meeting the education requirements set by a state board of accountancy, which vary from state to state. All states require a bachelor’s degree and completion of 150 hours of total college credit to be a licensed CPA. Within the 150 hours, some states require completion of courses in specific subject areas in accounting, business, or ethics. (See the discussion in this chapter on National Association of State Boards of Accountancy (NASBA) and State Boards of Accountancy.) The second step is passing the Uniform CPA Examination, or CPA exam. The CPA exam is accepted for CPA licensure by all states, which is why it is called the “uniform” CPA exam. Currently, the CPA exam consists of four sections: Auditing and Attestation (AUD), Business Environment and Concepts (BEC), Financial Accounting and Reporting (FAR), and Regulation (REG). The testing time for each section is four hours, for a total test time of 16 hours. Each part of the exam consists of multiple-choice questions and task-based simulations, and the BEC section also requires written responses. CPA candidates can take one part of the exam at a time and have 18 months to pass all four parts once the first part has been successfully passed. In January 2024, a new model for the CPA exam is expected to launch. It will continue to be a four-section exam. Three sections will cover the core topics of accounting, audit, tax, and technology. The fourth section will be a specialty area chosen by the exam candidate. The specialty areas are business reporting and analysis, information systems and controls, and tax compliance and planning. To keep up to date with these future changes to the CPA exam, visit the CPA Evolution initiative website. The final step is work experience. Work experience requirements also vary by state. In general, states require one to two years of work experience under the supervision of a licensed CPA. The work experience can be earned either before, during, or after sitting for the CPA exam, but some restrictions may apply for when the experience can be earned. A state board of accountancy will only issue a license to practice after all three Es have been earned. The purpose of the entire licensure process is to ensure that individuals possess the level of knowledge and the skills necessary to perform the duties of a CPA and to protect the public interest. 1 American Institute of Certified Public Accountants, The Uniform CPA Examination: Purpose and Structure (2018). c01IntroductionAndOverviewOfAuditAndAssurance.indd 5 8/23/21 1:55 PM 1-6 C h a pt er 1 Introduction and Overview of Audit and Assurance Before You Go On 1.1 Who are intended users of assurance services? 1.2 What does “independent” mean in the context of assurance services? 1.3 What is an example of an “applicable financial reporting framework”? 1.2 Different Assurance Services LEARNING OBJECTIVE 2 Describe the different types of assurance services. In this section, we provide an overview of the most common types of assurance services that a practitioner can provide. We will discuss financial statement audits, compliance audits, operational (performance) audits, and internal audits. Financial Statement Audits As stated earlier, the purpose of an audit of financial statements is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly in accordance with an applicable financial reporting framework, which enhances the degree of confidence that intended users can place in the financial statements (AU-C 200.04). Within a U.S. context, the applicable financial reporting framework is typically GAAP. Public companies, or issuers, in the United States are required by the federal government to have an annual financial statement audit. Private companies, or non-issuers, are not required by the U.S. government to have an annual financial statement audit, but often other interested users request that a private company provide audited financial statements. A good example would be a lender (bank or other financial institution) requesting audited financial statements when considering whether to lend money to the private company. Audited financial statements add a degree of confidence that helps the lender make an informed lending decision. Public companies are also required to prepare quarterly financial information, referred to as interim financial statements. Although these interim financial statements are not required to be audited, they are required to be reviewed by the company’s external auditors. Recall that a review is less extensive than an audit. In a review, the auditor does not provide an opinion on whether the interim financial statements are presented fairly. Instead, the auditor will only state if there are any material modifications that should be made for the interim financial statements to be in conformity with the appliable financial reporting framework. In the course of your accounting studies, you have probably seen an annual report issued by a public company. These annual reports can be found on a company’s website and i­ nclude other information besides the company’s financial statements, such as a management discussion and analysis section. Are the auditors required to audit this other information included in the annual report? The answer is no. The auditors are only required to audit the financial statements and related notes. However, the auditors have a responsibility to read the other information included in the annual report to ensure it is not inconsistent with or contradictory to information included in the financial statements. c01IntroductionAndOverviewOfAuditAndAssurance.indd 6 8/23/21 1:55 PM Get Complete eBook Download Link below for instant download https://browsegrades.net/documents/2 86751/ebook-payment-link-for-instantdownload-after-payment 1.2 Different Assurance Services 1-7 Cloud 9 Continuing Case Ron is not running a corporation. He operates his customized basketball shoe business as a sole proprietor. He is aware that big corporations have to be audited. However, because his business is not a publicly traded company, Ron does not believe that he has to have an audit. Ernie agrees that Ron does not have to follow the same rules, but he also tells him that there are auditing standards in place that apply to a company like his. This means that although all the attention is usually on corporations, sole proprietors can, and may be required to, have their financial statements audited, too. Integrated Audit Certain public companies in the United States are also required to have an audit of internal control over financial reporting (ICFR). The objective in an audit of ICFR is to express an opinion on the effectiveness of the company’s system of internal controls over financial reporting (AS 2201.03). The reason for requiring an audit of ICFR is because effective internal control provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (AS 2201.02). Therefore, public companies are required to have two audits every year, one on the financial statements and one on the effectiveness of the company’s internal controls. For efficiency purposes, these two audits are performed at the same time. This is called an integrated audit. The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of each audit (AS 2201.06). Private companies are not required by the government to have an audit of ICFR. As mentioned above, other interested users, such as a lender, may require a private company to have an audit of ICFR along with an audit of the financial statements as a condition for being approved for a loan. AS 2201 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements integrated audit an audit that combines the financial statement audit with an audit of the effectiveness of ICFR Limitations of an Audit A financial statement audit is conducted to enhance the reliability and credibility of the information included in the financial statements. It is not a guarantee that the financial statements are free from error or fraud. The limitations of an audit are caused by (1) the nature of financial reporting, (2) the nature of audit procedures, and (3) the need for the audit to be conducted within a reasonable period of time at a reasonable cost (AU-C 200.A49). Nature of Financial Reporting The nature of financial reporting refers to the use of j­ udgment when preparing financial statements. Since you have taken financial accounting courses, think about the estimates that are included in preparing a set of financial statements. Can you list a few? And think about the judgment required when selecting and applying accounting methods. For example, depreciating a piece of equipment is an estimate that requires judgment in selecting a depreciation method and determining a useful life and salvage value. While an estimate may not be precise, the auditor must evaluate whether the estimate is fairly presented. Nature of Audit Procedures The nature of audit procedures refers to the reliance on evidence provided by the client and its management. For example, what if client management withholds or hides important documents from the auditors? If auditors are unaware of this situation, they may arrive at an inappropriate conclusion based on incomplete facts. Evidence may be withheld or modified by perpetrators of fraud. It can be difficult for an auditor to determine whether a fraud has occurred because documents altered by those committing the fraud generally hide evidence. Also, auditors often use sampling techniques when gathering audit evidence. If a sample is not representative of all items available for testing, an auditor may arrive at an incorrect conclusion. The nature of audit procedures also refers to the concept of materiality. The Financial Accounting Standards Board (FASB) defines materiality as follows. Materiality is entity specific. The omission or misstatement of an item in a financial report is material if, in light of surrounding circumstances, the magnitude of the item is such that it is probable that the judgment of a reasonable person relying upon the report would have been changed or influenced by the inclusion or correction of the item. (SFAC No. 8, para QC11) c01IntroductionAndOverviewOfAuditAndAssurance.indd 7 materiality the ability of information to influence decisions that reasonable users make on the basis of the financial information of a specific reporting entity 8/23/21 1:55 PM 1-8 C h a pt er 1 Introduction and Overview of Audit and Assurance In other words, an error or misstatement in the financial statements is considered material if it impacts, or changes, the decision-making process of those individuals or groups who are using the financial statements. Therefore, when planning an audit, auditors select procedures that are designed to discover material misstatements. Because of time and cost constraints, it would be impractical for an audit to focus on finding all misstatements. Need for a Timely Audit The timeliness and cost of an audit refer to the pressures auditors face to complete their audit within a certain time frame at a reasonable cost. While it is important that auditors do not omit procedures in an effort to meet time and cost constraints, they may be under some pressure to do so. This pressure will come from clients wanting to issue their financial statements by a certain date, from clients refusing to pay additional fees for additional audit effort, and from within the accounting firm because of pressures to complete all audits on a timely basis to avoid incurring costs that may not be recovered. By taking the time to plan the audit properly, auditors can ensure that adequate time is spent where the risks of a material error or fraud are greatest. Compliance Audits compliance audit an audit to determine whether the entity has conformed with regulations, rules, or processes A compliance audit involves gathering evidence to determine whether the person or entity under review has followed the rules, policies, procedures, laws, and regulations with which they must conform. One of the best examples of a compliance audit is an income tax audit. The Internal Revenue Service (IRS) may conduct an audit of an individual or a company to determine if tax laws have been followed and the correct amount of tax paid. Operational (Performance) Audits operational (performance) audit an assessment of the economy, efficiency and effectiveness of an organization’s operations Operational (performance) audits are concerned with the economy, efficiency, and effectiveness of an organization’s activities. • Economy refers to the cost of inputs, including wages and materials. fficiency refers to the relationship between inputs and outputs, or the use of the mini• E mum amount of inputs to achieve a given output. • E ffectiveness refers to the achievement of certain goals or the production of a certain level of outputs. From an organization’s perspective, it is important to perform well across all three d ­ imensions and not allow one to dominate. For example, if buying cheap inputs results in an inefficient production process, efficiency is sacrificed to achieve economic goals. Operational audits are generally conducted by an organization’s internal auditors (discussed in the next section), or they may be outsourced to an external accounting firm. Internal Audits internal audit a unit within an entity which generally evaluates and improves risk management, internal control procedures, and elements of the governance process those charged with governance persons with responsibility for overseeing the strategic direction of the entity and the obligations related to the accountability of the entity c01IntroductionAndOverviewOfAuditAndAssurance.indd 8 Internal audits are conducted to provide assurance about various aspects of an organization’s activities. The internal audit function is typically conducted by employees of the ­organization being audited but can be outsourced to an accounting firm. The purpose of an internal audit is determined by those charged with governance and management within the organization. While the purposes of internal audits vary widely from one organization to another, they are often concerned with evaluating and improving risk management, internal control procedures, and elements of the governance process. The internal a­ uditors often conduct operational audits, compliance audits, internal control assessments, and r­ eviews. Many internal auditors are members of the Institute of Internal Auditors (IIA). The IIA is an international organization with more than 120,000 members that provides guidance and standards to aid internal auditors in their work. When conducting the financial statement audit, the external auditor may rely on the work done by internal auditors when evaluating the evidence needed to form an opinion on the financial statements or on ICFR. A more detailed discussion of how internal auditors may assist with the external audit is provided in Chapter 5. 8/23/21 1:55 PM 1-9 1.3 Demand for Audit and Assurance Services Cloud 9 Continuing Case Ron is not concerned about internal audits—his business is too small for a separate internal audit function. He is also not worried about compliance and operational audits. His priority at the ­ oment is to close the deal with Chip Masters, and he still does m not know what he will do about the financial statement audit. Before You Go On 2.1 What is the objective of a financial statement audit? 2.2 Explain the inherent limitations of a financial statement audit. 2.3 What are the three elements of an operational audit? 2.4 What are the most common functions of the internal auditors? 1.3 Demand for Audit and Assurance Services LEARNING OBJECTIVE 3 Explain the demand for audit and assurance services. In this section, we provide an overview of the primary financial statement users followed by a description of why these users may demand an audit of the financial statements. Cloud 9 Continuing Case Ron believes that his business has good, reliable financial records. Ron’s wife helps him keep tight control of the cash and other assets, and together they prepare some simple reports on a regular basis. Ron believes he knows exactly what is happening in the business and monitors the business’s cash flow and profit very closely. However, he has not prepared financial statements that comply with GAAP. Is this a problem? Ernie explains to Ron that many businesses must apply the accounting standards, even if they are not corporations. It all depends on whether there are individuals or groups who are using the financial statements for decision-making purposes. Ron is a bit worried now—how does he know if he has these users? Financial Statement Users Financial statement users include current and potential investors, suppliers, customers, lenders, employees, governments, and the general public. Each of these groups will read the financial statements for a slightly different reason, as described below. Investors Investors generally read financial statements to determine whether they should invest in the company. They are interested in the return on their investment and are concerned that the entity will remain a going concern (continue operating) into the foreseeable future. ­Investors may also be interested in the capacity of the company to pay a dividend. Prospective investors read financial statements to determine whether they should buy shares in the entity. c01IntroductionAndOverviewOfAuditAndAssurance.indd 9 8/23/21 1:55 PM 1-10 C h a pte r 1 Introduction and Overview of Audit and Assurance Suppliers Suppliers may read financial statements to determine whether the company can pay for goods or services supplied. They are also interested in whether the company is likely to remain a going concern (is likely to continue to be a customer of the supplier) and continue to pay its debts when they come due. Customers In many business-to-business transactions, customers may read financial statements to d ­ etermine whether a company they rely on is likely to remain a going concern and meet their needs. Lenders Lenders may read financial statements to determine whether an entity is sufficiently creditworthy to qualify for a loan and whether it can pay the interest and principal as they come due. Employees Employees may read financial statements to determine whether the entity can pay their wages or salaries and other benefits (for example, pensions). They may also be interested in assessing the future stability and profitability of the entity, as these affect job security. Governments Governments may read financial statements to determine whether the company is complying with regulations, to evaluate if the company is paying a fair amount of taxes given its reported earnings, and to gain a better understanding of the company’s activities. A company in ­receipt of government grants often must provide a copy of its audited financial statements when ­applying for a grant and when reporting on how grant funds have been spent. The General Public The general public may read financial statements to determine whether they should associate with the company (for example, as a future employee, customer, or supplier) and to gain a better understanding of the company, what it does, and its plans for the future. Demand for Audit and Assurance Services Financial statement users and their needs are many and varied. There are a number of reasons why some or all of these users would demand an audit of financial statements: • R emoteness. Most financial statement users do not have access to the company under ­review. This makes it difficult to determine whether the information contained in the ­financial statements is a fair presentation of the entity and its activities for the relevant period. • C omplexity. Financial statements are complex, the amounts are often affected by significant estimates, and the disclosures often require significant knowledge and experience to evaluate. Most financial statement users do not have the accounting and legal knowledge to assess the reasonableness of complex accounting and disclosure choices being made by the company. • Competing incentives. Company managers have an incentive to disclose the information contained in the financial statements in a way that presents their performance in the best possible light. Users may find it difficult or impossible to identify when management is presenting biased information. • R eliability. Financial statement users are concerned with the reliability of the information contained in the financial statements. Since they use that information to make decisions that have real consequences, it is very important that users can rely on the information contained in the financial statements. c01IntroductionAndOverviewOfAuditAndAssurance.indd 10 8/23/21 1:55 PM 1.4 Preparers and Auditors 1-11 An independent third-party review of the financial statements by a team of auditors, who have the knowledge and expertise to assess the fairness of the information being presented by the preparers, helps users address all these issues. Auditors have access to company records, so they are not remote. Auditors are trained accountants and have detailed knowledge about the complex technical accounting and disclosure issues required to evaluate the choices made by the financial statement preparers. Independent auditors, whose work is regularly reviewed by regulators, have little incentive to aid the company in presenting its results in the best possible light. Auditors are concerned with verifying the information contained in the financial statements is reliable and free from any material misstatements. The audit service plays a vital role in maintaining the stability of the U.S. capital markets and instilling investor confidence. Investors in public companies consider audited information reliable, which facilitates the trading of stocks and other financial instruments. Cloud 9 Continuing Case Ron tells Ernie that he has no remote users, such as shareholders or lenders, and his business is not very complex. He is the owner and the manager of Stotez Shoes and therefore has no competing incentives. For all these reasons, he has never felt the need to pur- chase an audit to assure users of the reliability of his business’s financial information. Ernie agrees but points out that there is now a user who is very interested in the reliability of the financial information: Chip Masters. Before You Go On 3.1 Who are the main users of company financial statements? 3.2 Why might financial statement users demand an audit? 3.3 Explain why auditors, or CPAs, are the appropriate professionals to conduct an audit. 1.4 Preparers and Auditors LEARNING OBJECTIVE 4 Discuss the different roles of the financial statement preparer and the auditor. In this section, we explain and contrast the different responsibilities of financial statement preparers and auditors. We provide details of the role that each group plays in ensuring the financial statements are an accurate representation of the company. Following this discussion is an overview of the different firms that provide assurance services. Preparer Responsibility As you know from your financial accounting courses, the financial statements include the balance sheet (statement of financial position), income statement (statement of earnings), statement of cash flows, statement of changes in equity, and accompanying notes. It is the responsibility of management, with oversight from those charged with governance, to prepare the financial statements. Specifically, management is responsible for the following. 1. Ensuring the information included in the financial statements is presented fairly and complies with the applicable financial reporting framework, which in the United States is most often GAAP. c01IntroductionAndOverviewOfAuditAndAssurance.indd 11 8/23/21 1:55 PM 1-12 C h a pte r 1 Introduction and Overview of Audit and Assurance 2. Designing, implementing, and maintaining internal control relevant to the preparation and fair presentation of the financial statements. 3. Providing the auditors with access to all records, documentation, and personnel relevant to the preparation and fair presentation of the financial statements, and any additional information the auditors may consider relevant to complete the audit. The preparation of financial statements requires the use of knowledge and judgment on the part of management. Management is responsible for making estimates for some financial statement items (e.g., allowance for doubtful accounts or a goodwill impairment) and selecting appropriate accounting policies within the applicable financial reporting framework, usually GAAP (AU-C 200.A2–A3). Auditor Responsibility The auditor’s responsibility is to provide an opinion on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework. It is ­important to emphasize the auditor is not responsible for preparing the financial statements. Preparation of financial statements is management’s responsibility. Auditors are responsible for the following. 1. Conducting the audit in accordance with the appropriate auditing standards. ­Auditing standards provide minimum requirements and guidance for the performance of an audit. Later in this chapter, we discuss the auditing standards that apply to financial statement audits. professional skepticism an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence 2. P lanning and performing the audit with professional skepticism. Professional skepticism is an attitude adopted by auditors when conducting an audit. It means ­auditors remain independent of the entity, its management, and its staff when completing the audit work. In a practical sense, it means auditors maintain a questioning mind and thoroughly investigate all evidence presented by their client. Auditors must seek independent evidence to corroborate, or confirm, information provided by their client. Auditors must be suspicious when evidence contradicts documents held by their client or inquiries made of client personnel, including management and those charged with governance. professional judgment the application of relevant training, knowledge, and experience in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement 3. P lanning and performing the audit with professional judgment. Professional judgment relates to the application of relevant training, knowledge, and experience that auditors use while making informed audit decisions in conducting an audit. Auditors must use their judgment throughout the entire audit. For example, auditors must use judgment when determining if an information source is reliable. They must also use judgment when deciding if enough audit evidence has been gathered to support the audit opinion. The concepts of professional skepticism and professional judgment will be addressed throughout this text as we learn about the process used by auditors to arrive at their opinion. It is important to note that the auditor’s opinion on the financial statements is not meant to be a predictor of the future success of the company. Also, the opinion is not a reflection of how effectively management is performing its role of running the company. The auditor’s opinion is simply a report on whether the financial statements are fairly presented in accordance with the applicable financial reporting framework (AU-C 200.A1). Auditor Skills Being an auditor requires a broad skill set. Most importantly, an auditor must have extensive knowledge of accounting and auditing standards. When you finish college, you will have a good foundation of accounting and auditing standards, but your knowledge will become deeper and more extensive with work experience. As an auditor, most of your time is spent analyzing client data and making decisions based on that data. Because accounting firms want to hire individuals who have good ­analytical c01IntroductionAndOverviewOfAuditAndAssurance.indd 12 8/23/21 1:55 PM 1.4 Preparers and Auditors 1-13 and critical-thinking skills, one of our goals in this text is to assist in developing these skills. Illustration 1.2 outlines a framework for audit decision making. Throughout the text, we will use this framework to critically analyze audit problems. At the end of every chapter, you will find an Audit Decision-Making Example that uses the framework to walk you through an audit issue. ILLUSTRATION 1.2 Audit decision-making framework Audit Decision-Making Process ! ? Step 1: Obtain company background information and data. Step 2: What is the audit problem you are trying to solve? Step 3: Gather information and evidence. Step 4: Perform the analysis and evaluate the results. Step 5: Draw an audit conclusion. Employers also want new hires to possess technology skills, especially in the area of data analytics. You may be familiar with software like Excel, Tableau, or Power BI that is used to manipulate data and create visualizations. These types of technologies are being used more frequently in auditing, along with audit software such as Idea and ACL. It is important to understand that data analytics skills are a subset of critical-thinking skills. For example, referring to the framework in Illustration 1.2, auditors must first understand what data are available to assist in solving an audit problem and then determine the best way to analyze and evaluate the data. In some situations, auditors may analyze data without the use of specialized software. In other instances, it may be best to use data analytics or audit software. Throughout the text, we discuss situations when auditors may use data analytics or audit software as a tool to help solve an audit problem. Chapter 8 will dive more deeply into the concept of audit data analytics after you understand the key audit topics of audit risk, audit evidence, and the reliability of data. Assurance Providers Assurance services are provided by accounting and other consulting firms. The largest ­accounting firms in the United States are known collectively as the “Big 4” firms: Deloitte, Ernst & Young (EY), KPMG, and PricewaterhouseCoopers (PwC). These four firms ­operate internationally through a network of affiliate companies, and dominate the assurance market throughout the world. The next tier of accounting firms is known as the mid-tier. The firms that comprise the mid-tier have a significant presence nationally, and most have international affiliations. The mid-tier firms in the United States include, among others, Grant Thornton, BDO USA, RSM, CBIZ/MHM, and Crowe. These firms service medium-sized and smaller clients. The next tier of accounting firms are regional and local accounting firms. Regional firms have a significant presence across multiple states in a geographical region. For example, a ­regional firm might have offices located in the southeastern states of Georgia, Florida, ­Alabama, and Mississippi. The regional offices could be as large as some of the national firms, with just as many partners and professional staff. Like the national firms, the regional firms service m ­ edium-sized and smaller clients. Local accounting firms service clients in their ­local areas and range in size from a single-partner firm to several-partner firms. Local firms ­primarily service small-company clients and individuals. Many of these accounting firms provide non-assurance (or non-audit) services as well as assurance services. Independence is not required to provide non-assurance services. These non-assurance services include management consulting, business valuation, mergers and ­acquisitions, tax, and accounting. In Chapter 2, we will discuss rules regarding what types of non-assurance services, if any, can be provided to audit clients. c01IntroductionAndOverviewOfAuditAndAssurance.indd 13 8/23/21 1:55 PM 1-14 C h a pte r 1 Introduction and Overview of Audit and Assurance Finally, note that accounting firms are not the only providers of assurance services. A number of consulting firms provide assurance services in areas such as website security and environmental sustainability reporting. Consulting firms employ staff with a variety of expertise including, for example, engineers, accountants, IT professionals, scientists, and economists. Cloud 9 Continuing Case Ernie stresses to Ron that any financial statements prepared for Stotez Shoes are Ron’s responsibility, even if they are audited. The auditor must be skeptical about the claims made by Ron in the financial statements. These claims include, for example, that the assets shown on the balance sheet exist and are valued correctly, and that the balance sheet contains a complete list of the business’s liabilities. In other words, the auditor is not just going to believe whatever Ron tells him or her. Auditors must gather evidence about the financial statements before they can give an audit opinion. Ernie also explains to Ron that because his business is relatively small, he has a choice between large and small audit firms. Very large companies must choose a Big 4 auditor because often the other auditors are too small to do the work and still maintain their independence. If a small audit firm audits a large company, it is open to the criticism that it will not be sufficiently skeptical because it does not want to lose the fees from that client. A large audit firm has many other clients, so the fees from any one client are a relatively small part of its revenue. Ron likes the idea that the smaller audit firms are generally less expensive. Before You Go On 4.1 Describe management’s responsibilities in terms of the financial statement audit. 4.2 What is professional skepticism? 4.3 What are non-audit services? Provide several examples of non-audit services provided by accounting firms. 1.5 The Role of Regulators and Regulations LEARNING OBJECTIVE 5 Identify the roles of different regulators and organizations that affect the audit profession. In this section, we discuss the regulators and other organizations that impact the audit process and the profession. Securities and Exchange Commission (SEC) The SEC is a federal government agency whose mission is to protect investors, maintain fair and efficient markets, and facilitate capital formation (www.sec.gov). A primary task of the SEC is to enforce and interpret securities laws. Some of the key laws that impact the audit profession are as follows. • T he Securities Act of 1933 regulates the disclosure of financial information in a company’s initial public offering of stock and requires that the financial information be audited. • T he Securities Exchange Act of 1934 regulates the ongoing trading of securities after the initial public offering and requires the annual audit of a public company’s financial statements and the quarterly review of interim financial information. • T he Sarbanes-Oxley Act of 2002 (SOX) was passed to help restore investor confidence after a series of corporate accounting scandals were revealed in the late 1990s and early 2000s. c01IntroductionAndOverviewOfAuditAndAssurance.indd 14 8/23/21 1:55 PM 1.5 The Role of Regulators and Regulations 1-15 The SOX Act enhanced financial disclosures for public companies and placed more emphasis on corporate responsibility. It also created the Public Company Accounting Oversight Board, or PCAOB, which oversees the audits of public companies. Public Company Accounting Oversight Board (PCAOB) The PCAOB is a nonprofit corporation established through the SOX legislation in 2002. Its mission is to oversee the audits of public companies to protect the interests of investors (www.pcaobus.org). Prior to the creation of the PCAOB, the audit profession was selfregulated. This means that audit professionals, through their own professional organization, created the auditing standards to be followed in the conduct of an audit. The audit profession also created a system of peer review for inspecting audit work to ensure auditors were following the standards, and would take enforcement action for auditors who did not perform audits according to the standards. The audit profession is still self-regulated with respect to the audits of private companies, but when the PCAOB was created, it took over the regulation and standard setting for the audits of public companies. Standards issued by the PCAOB are called Auditing Standards (AS), which provide minimum requirements and guidance for auditing services. When the PCAOB was created, it adopted the audit profession’s standards in 2003 as its interim standards, providing a starting point for the audits of public companies. Since then, the PCAOB has issued its own standards that supersede, or replace, some of the interim standards. The topical organization of the PCAOB standards is listed in Illustration 1.3. Throughout the text, you will be learning some of the specific PCAOB standards in the different topical categories. The beginning of each chapter will list which PCAOB ­standards will be discussed General Auditing Standards (1000) 1000 General Principles and Responsibilities 1100 General Concepts 1200 General Activities 1300 Auditor Communications ILLUSTRATION 1.3 PCAOB Auditing Standards topical organization Audit Procedures (2000) 2100 Audit Planning and Risk Assessment 2200 Auditing Internal Control Over Financial Reporting 2300 Audit Procedures in Response to Risks—Nature, Timing, and Extent 2400 Audit Procedures for Specific Aspects of the Audit 2500 Audit Procedures for Certain Accounts or Disclosures 2600 Special Topics 2700 Auditor’s Responsibilities Regarding Supplemental and Other Information 2800 Concluding Audit Procedures 2900 Post-Audit Matters Auditor Reporting (3000) 3100 Reporting on Audits of Financial Statements 3300 Other Reporting Topics Matters Relating to Filings Under Federal Securities Laws (4000) Other Matters Associated with Audits (6000) Source: www.pcaobus.org/standards/auditing. c01IntroductionAndOverviewOfAuditAndAssurance.indd 15 8/23/21 1:55 PM 1-16 C h a pte r 1 Introduction and Overview of Audit and Assurance in that particular chapter. You will also see references to the PCAOB standards within each chapter. The reference will begin with “AS” followed by the standard number, a decimal, and then a paragraph number, such as “AS 2201.06.” Accounting firms that want to audit public companies must register with the PCAOB. Registration involves paying fees to the board, complying with the Auditing Standards, and having their audit work inspected by the board. The PCAOB has disciplinary authority over registered firms and can impose punishment on accounting firms that do not adhere to standards. Punishments can include revoking a firm’s registration, imposing monetary fines, and banning an individual within a firm from auditing public companies. American Institute of Certified Public Accountants (AICPA) The AICPA is a private professional membership organization of CPAs representing the ­accounting profession. There are over 400,000 members in 145 countries (www.aicpa.org). Some key activities of the AICPA include representing the profession before rule-making bodies, acting as an advocate for the profession before legislative bodies, providing educational materials to its members, and setting ethical standards for the profession. The AICPA is also responsible for creating and grading the Uniform CPA Exam. The AICPA accomplishes many of its activities through its system of committees. One of the standing committees is the Auditing Standards Board, or ASB. Prior to the creation of the PCAOB, the ASB was responsible for issuing auditing standards used for the audits of public and private companies. Since 2003, the task of the ASB has been to issue audit standards for the audits of private companies and not-for-profit organizations only. Auditing standards ­issued by the ASB are called Statements on Auditing Standards (SAS). The auditing standards include a comprehensive set of principles underlying an audit conducted in accordance with generally accepted auditing standards (GAAS), which are presented in Illustration 1.4. These principles explicitly address the concepts of materiality ILLUSTRATION 1.4 Principles underlying an audit conducted in accordance with generally accepted auditing standards (GAAS) Purpose of an Audit The purpose of an audit is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. An auditor’s opinion enhances the degree of confidence that intended users can place in the financial statements. Premise Upon Which an Audit Is Conducted An audit in accordance with generally accepted auditing standards is conducted on the premise that management, and where appropriate, those charged with governance, have responsibility: a. for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatements, whether due to fraud or error. b. to provide the auditor with: i. all information, such as records, documentation, and other matters that are relevant to the preparation and fair presentation of the financial statements; ii. any additional information that the auditor may request from management, and where appropriate, those charged with governance; and iii. unrestricted access to those within the entity from whom the auditor determines it necessary to obtain audit evidence. Responsibilities of the Auditor Auditors are responsible for having appropriate competence and capabilities to perform the audit; complying with relevant ethical requirements; and maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit. c01IntroductionAndOverviewOfAuditAndAssurance.indd 16 8/23/21 1:55 PM 1.5 The Role of Regulators and Regulations Performing the Audit To express an opinion, the auditor obtains reasonable assurance about whether the financial statements as a whole are free of material misstatement, whether due to fraud or error. 1-17 ILLUSTRATION 1.4 (continued) To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor: • plans the work and properly supervises any assistants. • determines and applies appropriate materiality level or levels throughout the audit. • identifies and assesses risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity’s internal control. btains sufficient appropriate audit evidence about whether material misstatements exist, • o through designing and implementing appropriate responses to the assessed risks. The auditor is unable to obtain absolute assurance that the financial statements are free of material misstatement because of inherent limitations, which arise from: • the nature of financial reporting; • the nature of audit procedures; and • t he need for the audit to be conducted within a reasonable period of time and so as to achieve a balance between benefit and cost. Reporting the Results of an Audit Based on an evaluation of the audit evidence obtained, the auditor expresses, in the form of a written report, an opinion in accordance with the auditor’s findings, or states that an opinion cannot be expressed. The opinion states whether the financial statements are presented fairly, in all material respects, in accordance with applicable financial reporting framework. Source: AU-C Preface. and professional skepticism. The principles describe the responsibilities of management, and those charged with governance of an entity, for the financial statements. The auditor responsibilities also address the important concepts of compliance with ethical requirements (including independence requirements) and the use of professional judgment. Take a few minutes to read the principles in Illustration 1.4. The SASs are interpretations of the principles underlying an audit conducted in accordance with GAAS. The SASs explain the nature and extent of an auditor’s responsibility and offer guidance to an auditor in performing the audit of a private company. Compliance with the SASs is mandatory for AICPA members, who must justify any departures from the standards. The SASs are numbered in the order in which they are issued by the ASB. Then the standards are organized by topical content using the AU numbering system. (Note that the “AU” stands for auditing standards, but these are not to be confused with the Auditing Standards (AS) from the PCAOB.) The AU-C topical order (the “C” denotes the clarified standards) is listed in Illustration 1.5. ILLUSTRATION 1.5 AU-C Section General Topic AU-C 200–299 General Principles and Responsibilities AU-C 300–499 Risk Assessment and Response to Assessed Risks AU-C 500–599 Audit Evidence AU-C 600–699 Using the Work of Others AU-C 700–799 Audit Conclusions and Reporting AU-C 800–899 Special Considerations AU-C 900–999 Special Considerations in the United States Auditing Standards Board AU-C topical content Source: AICPA. c01IntroductionAndOverviewOfAuditAndAssurance.indd 17 8/23/21 1:55 PM 1-18 C h a pte r 1 Introduction and Overview of Audit and Assurance Throughout the text, we will be learning some of the specific ASB auditing standards in the different topical categories. The beginning of each chapter will list which ASB standards will be discussed in that chapter. You will also see references to the ASB standards within the text. The reference will begin with “AU-C” followed by the standard number, a decimal, and then a paragraph number, such as “AU-C 200.05.” The ASB also issues Statements on Standards for Attestation Engagements (SSAE) and Statements on Quality Control Standards (SQCS) for AICPA member firms. Another standing committee of the AICPA is the Accounting and Review Services Committee. This committee is tasked with issuing Statements on Standards for Accounting and Review Services (SSARS). The SSARS provide guidance for services provided on historical financial statements that are less extensive than an audit. An example that we discussed earlier is a review of historical financial statements. A more detailed discussion of accounting and review services is provided in Chapter 16. To help summarize the audit standard-setting environment in the United States, Illustration 1.6 provides a diagram of the current audit standard setting-structure for the audits of public and private companies. ILLUSTRATION 1.6 Audit Standard Setting Audit standard setting in the United States Statements on Auditing Standards (SAS) Private company (non-issuer) Public company (issuer) AICPA’S Auditing Standards Board (ASB) Public Company Accounting Oversight Board (PCAOB) Statements on Standards for Attestation Engagements (SSAE) Statements on Quality Control Standards (SQCS) Interpretive publications from the ASB to provide guidance to CPAs and auditors Auditing Standards (AS) Staff audit practice alerts from the PCAOB to provide guidance to CPAs and auditors Professional Environment International Auditing and Assurance Standards Board (IAASB) In 1977, 63 accountancy bodies (including the AICPA) representing 51 countries signed an agreement creating the International Federation of Accountants (IFAC). The mission of IFAC is to serve the public interest and strengthen the accountancy profession by supporting the development and implementation of high-quality international standards.2 Toward this end, IFAC has established, as a standing subcommittee, the International ­Auditing and Assurance Standards Board (IAASB) with the responsibility and authority to issue International Standards on Auditing (ISA). The mission of the IAASB is to establish high-quality auditing, assurance, quality control, and related services standards and to improve the uniformity of practice by professional accountants throughout the world, thereby strengthening c01IntroductionAndOverviewOfAuditAndAssurance.indd 18 public confidence in the global auditing profession and serving the public interest.3 Today, auditing has become a global profession. Many countries adopt IAASB standards as their own. Other countries have auditing standards that closely resemble the IAASB standards (for example, the SAS in the United States). Where differences exist between the international standards and local standards, the local member body, such as the AICPA’s ASB, is expected to give prompt consideration to such differences with a view to achieving harmonization. In recent years, the U.S. ASB and the IAASB have worked jointly in creating auditing standards that have global acceptance. Most of the auditing principles and practices discussed in this text are consistent with IAASB standards. 2 International Federation of Accountants website (accessed June 5, 2020), www.ifac.org. 3 International Auditing and Assurance Standards Board website (accessed June 5, 2020), www.iaasb.org. 8/23/21 1:55 PM 1.5 The Role of Regulators and Regulations 1-19 Financial Accounting Standards Board (FASB) The FASB is a privately funded organization whose mission is to establish financial accounting and reporting standards for nongovernmental entities with the goal of providing information that is useful for decision making (www.fasb.org). You are probably familiar with the FASB from your financial accounting courses. The FASB maintains the Accounting Standards Codification (ASC), which represents the authoritative standards of financial reporting recognized by the SEC, the PCAOB, and the AICPA. We commonly refer to the authoritative standards as GAAP. There are seven full-time members of the FASB who have diverse backgrounds in accounting, finance, business, and research. Members of the FASB work closely with the AICPA, SEC, and the PCAOB when researching and drafting financial accounting and reporting standards. Committee on Sponsoring Organizations of the Treadway Commission (COSO) COSO is an independent private-sector group that focuses on providing guidance to management and expertise in the areas of internal control, enterprise risk management, and fraud deterrence (www.coso.org). COSO was organized in 1985 and is sponsored by the following organizations: the American Accounting Association (AAA), the AICPA, Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the ­Institute of Management Accountants (IMA). Because the first chairman of the commission was James C. Treadway, Jr., a former commissioner of the SEC, the group is often referred to as the “Treadway Commission.” In 1992, COSO issued a landmark report titled Internal Control—Integrated Framework. This report provided a comprehensive definition of internal controls and a framework that companies could use to design their own internal control systems. In 2013, the framework went through a comprehensive update and was reissued. This updated framework will be covered in depth in Chapter 6. National Association of State Boards of Accountancy (NASBA) and State Boards of Accountancy CPAs are professionals who are licensed by state governments. Each state legislature has established a state board of accountancy to license and regulate CPAs to protect the public interest. Some of the functions of a state board of accountancy include: • Issuing CPA licenses to individuals who meet all the requirements. • Adopting and enforcing rules of professional conduct for CPAs. • Adopting and enforcing rules regarding continuing professional education requirements. • Investigating complaints, conducting hearings, and taking appropriate disciplinary actions, such as suspension or revocation of the CPA license. NASBA is a professional organization whose mission is to enhance the effectiveness and advance the common interests of its members, which are the state boards of accountancy (www.nasba.org). There are actually 55 jurisdictions with boards of accountancy. They include the 50 states, the District of Columbia, the Commonwealth of the Northern Mariana Islands, Guam, Puerto Rico, and the Virgin Islands. NASBA acts as a collective voice for the boards of accountancy and works to promote the interests of the state boards with legislative and regulatory bodies. NASBA also provides education and development opportunities for its members, provides technology support, and promotes ethical behavior in the profession. One of the services NASBA provides to state boards is that it serves as the application center for individuals applying to sit for the CPA exam. When you are ready to apply to take the CPA exam, you may be asked to apply through NASBA’s website. c01IntroductionAndOverviewOfAuditAndAssurance.indd 19 8/23/21 1:55 PM 1-20 C h a pte r 1 Introduction and Overview of Audit and Assurance Cloud 9 Continuing Case Ernie explains that, in general, the regulators and regulations that apply to publicly traded corporations are not relevant to Stotez Shoes. However, any auditor Ron engages would apply the auditing and accounting standards that are relevant to an audit engagement when auditing a small business. Since Stotez Shoes is a private company, the auditors would follow the auditing standards of the ASB when conducting the audit. Before You Go On 5.1 What is the SEC and what is its role? 5.2 Which organization sets the standards for the audits of public companies? For the audits of private companies? 5.3 What are the main functions of a state board of accountancy? 1.6 Audit Report on Financial Statements LEARNING OBJECTIVE 6 Explain the concepts of reasonable assurance and materiality, and the nature of an unqualified/unmodified report on the audit of financial statements. In this section, we introduce you to the independent auditor’s report, which is the “end product” of the financial statement audit. The independent auditor’s report is used to communicate the auditor’s opinion about a company’s financial statements to interested users. We will revisit the independent auditor’s report in more depth in Chapter 16, but it is helpful to understand this report from the perspective of a financial statement reader as you begin to learn the audit process. Reasonable Assurance and the Financial Statements reasonable assurance a high, but not absolute, level of assurance We have explained how the responsibility of the auditor is to provide an opinion on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework. An opinion is defined as a judgment about matters that are subjective. The preparation of financial statements is considered somewhat subjective because management must make some estimates and choose between different accounting methods. Therefore, the auditor is only required to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. • Reasonable assurance is a high, but not absolute, level of assurance (AU-C 200.06). • I n other words, the a­ uditor does not “guarantee” or “certify” that the financial statements are 100% accurate because that is considered absolute assurance, which is not possible with content that is subjective. In addition, an audit could not be completed in a reasonable amount of time if auditors had to provide absolute assurance. For some accounts and transactions, auditors use sampling techniques when gathering audit evidence and therefore do not examine 100% of a company’s transactions for the period under audit. So, how do auditors know when they have gathered enough evidence? Ultimately, that is a matter of professional judgment. Since judgment is c01IntroductionAndOverviewOfAuditAndAssurance.indd 20 8/23/21 1:55 PM 1.6 Audit Report on Financial Statements involved, there will always be a risk the auditors will give the wrong opinion. This is called audit risk. Audit risk is affected by client characteristics as well as actions of the auditor. For example, when a client implements a new accounting standard, audit risk increases because there is increased risk for error when implementing a new process. The internal control system of the client also impacts audit risk. If the client has strong internal controls, it is more likely the internal controls will prevent, or detect and correct, material misstatements, which decreases audit risk. Auditors impact audit risk by the decisions made in how to conduct the audit. The concept of audit risk is covered in depth in Chapter 3. We will devote considerable attention throughout the text to the concept of audit risk and determining how auditors make important professional judgments about collecting sufficient, appropriate evidence to achieve reasonable assurance and support the auditor’s opinion. 1-21 audit risk the risk that an auditor expresses an inappropriate audit opinion when the financial statements are materially misstated Materiality and the Financial Statements Although financial statements contain approximations, they must reflect a reasonable degree of precision. However, accounting is not precise, or accurate, the way we might think of Newtonian physics as being precise. If a potential misstatement of the financial statements is significant enough to influence or make a difference in the judgment of a financial statement user, it is considered material. Materiality is a relative concept, and it differs from company to company and from year to year for a given company. For example, a $25,000 misstatement of revenues may be material to a company with $200,000 of net income, while a $25,000 misstatement for a company with $5,000,000 in net income may be immaterial. In addition, qualitative characteristics influence materiality. For example, an error in the financial statements may be a small percentage of an account balance. This small error, however, may be considered material because it could cause an entity to breach a loan covenant, which could result in a misclassification of current and noncurrent debt. Auditors design an audit to provide reasonable assurance that the financial statements are free of material misstatement. However, auditors do not design an audit to look for immaterial misstatements because they would not influence a financial statement user. A deeper discussion of how auditors make materiality decisions can be found in Chapter 3. Professional Environment Materiality In the audit of a very large company, the amount of misstatement that would be considered immaterial might be quite large. Consider the audit of Starbucks for the year ended September 27, 2020, when Starbucks had total revenues of $23.518 billion, earnings before income taxes of $1.164 billion, net income of $928 million, and total assets of $29.374 billion at September 27, 2020. Starbucks rounds its financial statement amounts to the nearest $1 million. For the year ended September 27, 2020, Starbucks had a return on assets of 38.19%. As an investor, would you consider a return on assets of 38.19% or 38.18% to be substantially the same? It would take approximately a $6 million misstatement to change return on assets by only 1/100 of 1% for Starbucks for the year ended September 27, 2020. Alternatively, as an investor, would you consider a return on assets of 38.19% or 38.09% to be substantially the same? It would take approximately a $60 million misstatement to change r­ eturn on assets by only 1/10 of 1% for Starbucks for the year ended September 27, 2020. The Auditorʼs Report on Financial Statements When the audit firm has determined that it has gathered sufficient, appropriate evidence to form an opinion, then it is ready to issue the audit report. Auditing standards require a standard format of the audit report be used for all audits. In other words, all accounting firms use the same standard format and standard wording for reporting their audit opinions. Using a standard format makes it easier for financial statement users to navigate the audit report. There is a standard report for the audit of public company financial statements and a standard report for the audit of private company financial statements. The actual process of auditing the financial statements of public and private companies is similar, but there are also some differences, which will be discussed throughout the text. One of the key differences is the format of the audit reports. c01IntroductionAndOverviewOfAuditAndAssurance.indd 21 8/23/21 1:55 PM 1-22 C h a pte r 1 Introduction and Overview of Audit and Assurance AU-C 700 Forming an Opinion and Reporting on Financial Statements Illustration 1.7 provides an example of an unmodified audit report on the financial statements of Stotez Shoes, a private company. If auditors have determined the financial statements are presented fairly in accordance with the applicable financial reporting framework, they issue the standard unmodified report. Take a moment to read over the report. You will see some of the key concepts we have already discussed in this chapter. Sections of the report are numbered so we can further explain each component. Explanations of each numbered component follow. ILLUSTRATION 1.7 Example of an unmodified audit report on the financial statements of Stotez Shoes, a private company [1] INDEPENDENT AUDITOR’S REPORT [2] To the owners of Stotez Shoes [3] Opinion We have audited the financial statements of Stotez Shoes, which comprise the balance sheets as of December 31, 2025 and 2024, and the related statements of income, changes in stockholders’ equity, and cash flows for the years then ended, and the related notes to the financial statements. In our opinion, the accompanying financial statements present fairly, in all material respects, the financial position of Stotez as of December 31, 2025 and 2024, and the results of its operations and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America. [4] Basis for Opinion We conducted our audits in accordance with auditing standards generally accepted in the United States of America (GAAS). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are required to be independent of Stotez Shoes and to meet our other ethical responsibilities, in accordance with the relevant ethical requirements relating to our audits. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. [5] Responsibilities of Management for the Financial Statements Management is responsible for the preparation and fair presentation of the financial statements in accordance with accounting principles generally accepted in the United States of America, and for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, management is required to evaluate whether there are conditions or events, considered in the aggregate, that raise substantial doubt about Stotez Shoes’ ability to continue as a going concern for one year from the issuance date of the financial statements. [6] Auditor’s Responsibilities for the Audit of the Financial Statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not absolute assurance and therefore is not a guarantee that an audit conducted in accordance with GAAS will always detect a material misstatement when it exists. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Misstatements are considered material if there is substantial likelihood that, individually or in the aggregate, they would influence the judgment made by a reasonable user based on the financial statements. In performing an audit in accordance with GAAS, we: • Exercise professional judgment and maintain professional skepticism throughout the audit. • I dentify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and design and perform audit procedures responsive to those risks. Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. c01IntroductionAndOverviewOfAuditAndAssurance.indd 22 8/23/21 1:55 PM 1.6 Audit Report on Financial Statements • O btain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of Stotez Shoes’ internal control. Accordingly, no such opinion is expressed. 1-23 ILLUSTRATION 1.7 (continued) • Evaluate the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluate the overall presentation of the financial statements. • C onclude whether, in our judgment, there are conditions or events, considered in the aggregate, that raise substantial doubt about Stotez Shoes’ ability to continue as a going concern for a reasonable period of time. We are required to communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit, significant audit findings, and certain internal control–related matters that we identified during the audit. [7] Bell & Bowerman, LLP Seattle, Washington [8] February 15, 2026 Source: AU-C 700.A63 Exhibit—Illustration 1. 1. Title. The term independent is in the title of the report to emphasize the auditors are external to the company, are unbiased, and therefore can provide an objective opinion. 2. Address. The report is addressed to the owners or shareholders of the company and to the board of directors, if applicable. 3. Opinion section. Identifies the financial statements that were audited and clearly states the auditor’s opinion that the financial statements were fairly presented, in all material respects, in accordance with the applicable financial reporting framework. 4. Basis for Opinion section. States the auditor conducted the audit in accordance with auditing standards and is required to be independent of the company. 5. Responsibilities of Management section. States management’s responsibility for the preparation and fair presentation of the financial statements; the design, implementation, and maintenance of internal control; and the evaluation of conditions or events that raise substantial doubt about the company’s ability to continue as a going concern. 6. Auditor’s Responsibilities section. States the auditor’s objective is to obtain reasonable assurance about whether the financial statements are free from material misstatement due to fraud or error. Lists specific actions the auditor takes in performing an audit in accordance with GAAS. 7. Signature. The firm name and location are used as the signature. 8. Date. The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence, and drawing all conclusions for the audit. Illustration 1.8 provides an example of an unqualified audit report on the financial statements of Amazon.com, a public company. If auditors have determined the financial statements are presented fairly in accordance with the applicable financial reporting framework, they issue the standard unqualified report. The PCAOB standards use the term unqualified report. The term unqualified is equivalent to the term unmodified used for the private company audit report. The terms are sometimes used interchangeably. Take a moment to look over the report in Illustration 1.8 and note some of the similarities and differences with the private company audit report. Again, you will see some of the key concepts discussed in this chapter. Sections of the report are numbered so we can further explain each component. Explanations of each numbered component follow Illustration 1.8. c01IntroductionAndOverviewOfAuditAndAssurance.indd 23 AS 3101 The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion 8/23/21 1:55 PM 1-24 C h a pte r 1 Introduction and Overview of Audit and Assurance ILLUSTRATION 1.8 Example of an unqualified audit report on the financial statements of Amazon.com, a public company [1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM [2] To the Board of Directors and Shareholders Amazon.com, Inc. Opinion on the Financial Statements [3] We have audited the accompanying consolidated balance sheets of Amazon.com, Inc. (the Company) as of December 31, 2020 and 2019, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows, for each of the three years in the period ended December 31, 2020, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2020 and 2019, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2020, in conformity with U.S. generally accepted accounting principles. [4] We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 2, 2021, expressed an unqualified opinion on the Company’s internal control over financial reporting. Basis for Opinion [5] These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. [6] We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion. [7] Critical Audit Matter The critical audit matter communicated below is a matter arising from the current-period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of the critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates. Uncertain Tax Positions Description of the Matter The Company is subject to income taxes in the U.S. and numerous foreign jurisdictions and, as discussed in Note 9 of the consolidated financial statements, during the ordinary course of business, there are many tax positions for which the ultimate tax determination is uncertain. As a result, significant judgment is required in evaluating the Company’s tax positions and determining its provision for income taxes. The Company uses significant judgment in (1) determining whether a tax position’s technical merits are more likely than not to be sustained and (2) measuring the amount of tax benefit that qualifies for recognition. As of December 31, 2020, the Company accrued liabilities of $2.8 billion for various tax contingencies. c01IntroductionAndOverviewOfAuditAndAssurance.indd 24 8/23/21 1:55 PM 1.6 Audit Report on Financial Statements Auditing the measurement of the Company’s tax contingencies was challenging because the evaluation of whether a tax position is more likely than not to be sustained and the measurement of the benefit of various tax positions can be complex, involves significant judgment, and is based on interpretations of tax laws and legal rulings. 1-25 ILLUSTRATION 1.8 (continued) How We Addressed the Matter in Our Audit We tested controls over the Company’s process to assess the technical merits of its tax contingencies, including controls over the assessment as to whether a tax position is more likely than not to be sustained, management’s process to measure the benefit of its tax positions, and the development of the related disclosures. We involved our international tax, transfer pricing, and research and development tax professionals in assessing the technical merits of certain of the Company’s tax positions. Depending on the nature of the specific tax position and, as applicable, developments with the relevant tax authorities relating thereto, our procedures included obtaining and examining the Company’s analysis including the Company’s correspondence with such tax authorities and evaluating the underlying facts upon which the tax positions are based. We used our knowledge of, and experience with, international, transfer pricing, and other income tax laws by the relevant income tax authorities to evaluate the Company’s accounting for its tax contingencies. We evaluated developments in the applicable regulatory environments to assess potential effects on the Company’s positions, including recent decisions in relevant court cases. We analyzed the Company’s assumptions and data used to determine the amount of tax benefits to recognize and tested the accuracy of the Company’s calculations. We have also evaluated the Company’s income tax disclosures included in Note 9 in relation to these matters. [8] /s/ Ernst & Young LLP Seattle, Washington [9] February 2, 2021 [10] We have served as the Company’s auditor since 1996. 1. Title. The term independent is also in the title of this report to emphasize the auditors are external to the company, unbiased, and therefore can provide an objective opinion. In addition, the term registered is included to emphasize the firm is registered with the PCAOB. 2. Address. The report is addressed to the shareholders and board of directors of the company. 3. Opinion section. The first sentence explains that an audit was conducted and identifies the financial statements and the dates of the financial statements. The second sentence states the auditor’s opinion. Note the opinion sentence is virtually identical to the opinion sentence for the private company audit report. 4. Paragraph referencing the audit of internal control. This paragraph is unique to the public company audit report. Public companies are required to have an audit of ICFR, and auditors issue a separate opinion for that audit, which is discussed in the next section. 5. Basis for Opinion section. This section states the differing responsibilities of management and auditors. It is similar to the responsibility paragraphs of the report for private company audits, but the private company report goes into more detail regarding the responsibilities of management and auditors. One key difference is that this section references registration with the PCAOB and independence requirements of the SEC and other federal securities laws. 6. Scope paragraph. This paragraph explains, in brief terms, the process of conducting an ­audit. It mentions the concept of reasonable assurance about whether the financial statements are free of material misstatement. It includes an explicit statement that PCAOB auditing standards were followed since it is a public company. The scope paragraph also includes a brief discussion of the professional judgments made during the audit. Finally, it concludes with a statement that the audit firm believes that its audit provides a reasonable basis for its opinion. 7. Critical Audit Matters section. Defines critical audit matters, provides a description of the critical audit matter(s), and details how the critical audit matter was addressed in the audit. This section is unique to the public company audit report and is discussed further in the following Professional Environment and in Chapter 16. 8. Signature. The firm name and location is used as the signature. c01IntroductionAndOverviewOfAuditAndAssurance.indd 25 8/23/21 1:55 PM 1-26 C h a pte r 1 Introduction and Overview of Audit and Assurance 9. Date. The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence, and drawing all conclusions for the audit. 10. Auditor tenure. The final component of the report is a sentence that states the year in which the firm began serving consecutively as the company’s auditor. After reviewing the standard audit reports, you may have a few questions. What happens if auditors conclude the financial statements are not presented fairly in accordance with the applicable financial reporting framework? Or what happens if auditors cannot gather enough evidence to form an opinion? When situations such as these occur, auditors may have to modify their opinion. Auditing standards have established three types of modified audit opinions: a qualified opinion, an adverse opinion, and a disclaimer of opinion. Illustration 1.9 provides a brief summary of situations that could cause auditors to issue a modified opinion. It is important to note that only material situations would cause auditors to modify the opinion. The discovery of immaterial errors would not prevent the issuance of an unmodified/unqualified opinion. The different types of modified reports will be covered in depth in Chapter 16, so consider Illustration 1.9 a basic introduction. ILLUSTRATION 1.9 Situations that cause a modified opinion Situation Type of Modified Opinion Material departure(s) from the applicable financial reporting framework and the client refuses to make corrections ualified—financial statements are presented • Q fairly, except for the uncorrected departure(s) Material limitation on the auditor’s ability to gather sufficient appropriate evidence, referred to as a scope limitation ualified—financial statements are presented • Q fairly, except for the auditor’s inability to gather evidence for a material item • A dverse—financial statements are not presented fairly and should not be relied upon (pervasively material departures) • D isclaimer of opinion—auditor was not able to gather sufficient appropriate evidence and cannot express an opinion on the financial statements (pervasively material scope limitations) Auditor is not independent • D isclaimer of opinion—auditor is not independent and cannot express an opinion Professional Environment PCAOB Released New Audit Report Prior to 2017, the standard unqualified auditor’s report had remained substantially unchanged since the 1940s. Over the years, there had been much debate about the relevance of continuing to use the same standard report, particularly in the modern information age in which investors and other users demand better and faster information. Since 2011, the PCAOB has encouraged open discussion, comments, and feedback on various proposals for making the auditor’s report more relevant to the public. Finally, on June 1, 2017, the PCAOB adopted a new auditor reporting standard, AS 3101 The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. The standard was approved by the SEC on October 23, 2017. The standard included two significant changes to the existing auditor’s report. The first significant change is the communication of critical audit matters (CAMs) in the audit report. A CAM is any audit matter that was communicated to or required to be communicated to the audit committee. The rationale is that if a matter is being communicated to the audit committee, it must be important and should be made available to users of the financial statements. The standard states that a CAM “relates to accounts or disclosures that are material to the financial statements and involves especially challenging, subjective, or complex auditor judgement” (AS 3101.11). For each CAM that is included in the auditor’s report, the auditor must identify the CAM, describe why the auditor considered the item a CAM and how it was addressed during the audit, and refer to the relevant accounts or disclosures that relate to the CAM. The second significant change is the inclusion of auditor tenure in the auditor’s report. After the signature of the firm at the conclusion of the report, there is a statement that says, “We have served as the Company’s auditor since [year]” (AS 3101 Appendix B). The firm includes the year in which it began serving consecutively as the company’s auditor. The changes to the auditor’s report, including the disclosure of auditor tenure, went into effect for fiscal years ending on or after December 15, 2017. However, the PCAOB recognized that including CAMs in the auditor’s report was a significant change. Therefore, the requirement to include CAMs was delayed until fiscal years ending on or after June 2019.4 The auditor’s report for Amazon.com in Illustration 1.8 reflects the new audit report, including the discussion of CAMs. 4 PCAOB Release No. 2017-001, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. c01IntroductionAndOverviewOfAuditAndAssurance.indd 26 8/23/21 1:55 PM 1.7 Audit Report on Internal Controls over Financial Reporting 1-27 Before You Go On 6.1 Why do auditors provide reasonable assurance and not absolute assurance? 6.2 Explain the concept of materiality. How does the concept of materiality relate to reasonable assurance? 6.3 W hat are the meanings of the terms unqualified and unmodified in the context of an audit of financial statements? Audit Report on Internal Controls over Financial Reporting 1.7 LEARNING OBJECTIVE 7 Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting. Next, we will discuss the audit report for the audit of ICFR. Recall from earlier in the chapter that only certain public companies are required to have an audit on the effectiveness of ICFR. The SEC classifies public companies into three categories based on worldwide market value (in U.S. dollars) of outstanding common equity: 1. Large accelerated filer. At least $700 million in outstanding common equity. 2. Accelerated filer. Between $75 and $700 million in outstanding common equity and at least $100 million in annual revenues. 3. Non-accelerated filer. Two subcategories as follows. a. Between $75 and $700 million in outstanding common equity and less than $100 million in annual revenues. b. Less than $75 million in outstanding common equity and no revenue limitation. Public companies categorized as non-accelerated filers are not required to have an audit of ICFR. Therefore, when we discuss the audit of ICFR for public companies, we are referring to public companies categorized as accelerated filers and large accelerated filers. Reasonable Assurance and Internal Controls Section 404 of the SOX legislation requires that management accept responsibility for the design and maintenance of internal controls. It also requires that management issue a report each year asserting whether internal controls over financial reporting were effective. Further, management’s claims about the effectiveness of ICFR must be audited by the independent external auditor. The reason for requiring an audit of internal controls is because effective ICFR provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (AS 2201.02). Here again we see the phrase reasonable assurance. If internal controls are effective, then it is more likely that the financial statements will be free of material misstatements and errors. Even though internal controls may be considered effective, it does not mean they will prevent all misstatements or errors from affecting the financial statements. There is still some risk that a material error could occur on the financial statements. Even an effective system of internal controls over financial reporting will only provide reasonable assurance, not absolute assurance, that financial statements are free from material misstatement. c01IntroductionAndOverviewOfAuditAndAssurance.indd 27 8/23/21 1:55 PM 1-28 C h a pte r 1 Introduction and Overview of Audit and Assurance AS 2201 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements Auditing standards from the PCAOB guide the conduct of an integrated audit for public companies. Auditors must: lan and perform their work to achieve the objectives of both the financial statement • P audit and the audit of the effectiveness of ICFR simultaneously. elect audit procedures that allow them to gather evidence that is useful to both of the • S audits. • Obtain reasonable assurance about whether the company maintained effective ICFR for the period under audit. Auditors cannot provide absolute assurance about the effectiveness of internal controls for the same reasons they cannot provide absolute assurance on the fair presentation of the financial statements. The design and implementation of controls is somewhat subjective, and there is not enough time for auditors to test the effectiveness of all of the entity’s internal controls. Using professional judgment, auditors select the most critical internal controls over financial reporting and test the effectiveness of those controls. This will be discussed further in Chapters 6 and 7. The Auditor’s Report on Internal Control over Financial Reporting When auditors have determined they have gathered sufficient, appropriate evidence to form an opinion on the effectiveness of ICFR, then they are ready to issue the audit report. Similar to the financial statement audit report, a standard format is used for all audits of effectiveness of ICFR. Illustration 1.10 provides an example of an audit report on the effectiveness of ICFR for a public company. If auditors have determined the company has maintained effective ICFR for the period under audit, then they issue the standard unqualified report. Take a moment to read over the report, and you will see some similarities to the financial statement audit report for a public company. ILLUSTRATION 1.10 Example of an unqualified audit report on the effectiveness of ICFR for Amazon.com, a public company [1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM [2] The Board of Directors and Shareholders Amazon.com, Inc. [3] Opinion on Internal Control over Financial Reporting We have audited Amazon.com, Inc.’s internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Amazon.com, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2020, based on the COSO criteria. [4] We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2020 and 2019, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2020 and the related notes and our report dated February 2, 2021, expressed an unqualified opinion thereon. [5] Basis for Opinion The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, ­included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. c01IntroductionAndOverviewOfAuditAndAssurance.indd 28 8/23/21 1:55 PM 1.7 Audit Report on Internal Controls over Financial Reporting [6] We conducted our audit in accordance with the standards of the PCAOB. Those standards ­require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. 1-29 ILLUSTRATION 1.10 (continued) Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. [7] Definition and Limitations of Internal Control over Financial Reporting A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. [8] /s/ Ernst & Young LLP Seattle, Washington [9] February 2, 2021 The key components of the unqualified report in Illustration 1.10 are as follows. 1. Title. The term independent is also in the title of this report to emphasize the auditors are external to the company, are unbiased, and therefore can provide an objective opinion. In addition, the term registered is required to indicate that the firm is registered with the PCAOB. 2. Address. The report is addressed to the shareholders and board of directors of the ­company. 3. Opinion section. The first sentence explains that an audit of ICFR was conducted and references the COSO Internal Control Integrated Framework as the criterion used as the basis for determining if ICFR are effective. The second sentence states the auditor’s opinion. 4. Paragraph referencing the financial statement audit. This paragraph is a reference to the financial statement audit report and states the type of opinion that was given on the financial statements. 5. Basis for Opinion section. This section states the different responsibilities of management and auditors. Like the audit report on the financial statements, this section references registration with the PCAOB and independence requirements of the SEC and other federal securities laws. 6. Scope paragraph. This paragraph explains that auditors conducted their audit in accordance with the standards of the PCAOB. In brief terms, it explains the process of conducting an audit of the effectiveness of ICFR. It mentions that auditors are only required to obtain reasonable assurance about whether the company maintained, in all material respects, effective ICFR. It concludes with a statement that the audit firm believes its audit provides a reasonable basis for its opinion. 7. Definition and Limitations section. This section provides a definition of ICFR that is taken directly from AS 2201. This is helpful for users of the financial statements in case they are not familiar with the concept of internal controls. Also note the use of reasonable assurance in the definition to clarify that an internal control system does not eliminate all c01IntroductionAndOverviewOfAuditAndAssurance.indd 29 8/23/21 1:55 PM 1-30 C h a pte r 1 Introduction and Overview of Audit and Assurance risk associated with the preparation of financial statements. The final sentence cautions users not to use the current-year opinion to assume that future internal controls will be effective. Circumstances may change in the future that could render controls ineffective if the controls are not modified appropriately. 8. Signature. The audit firm’s name and location are used as the signature. 9. Date. The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence for the audit. Since the audits are integrated, the date on both the financial statement audit report and the audit report on the effectiveness of ICFR will be the same. material weakness a deficiency, or combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis What happens if auditors conclude the company did not maintain effective ICFR over the period under audit? That would mean the auditors discovered a material weakness in the client’s ICFR. The PCAOB defines a material weakness as follows. A deficiency, or combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis. (AS 2201.A7) If one or more material weaknesses are discovered during the audit, then auditors issue an adverse opinion on the effectiveness of ICFR that explicitly states the company did not maintain effective ICFR during the period under audit. AS 2201 dictates how auditors would modify the audit report to express an adverse opinion. If auditors encounter a material limitation in the scope of their work, they may consider disclaiming an opinion. We will cover these modifications in greater detail in Chapter 16. Before You Go On 7.1 Explain the concept of reasonable assurance as it applies to a system of internal controls and to the audit of the effectiveness of internal controls. 7.2 What is management’s responsibility for internal controls as stated in the audit report on the effectiveness of internal controls? 7.3 What date is used on the audit report on the effectiveness of internal controls, and what does the date represent? 1.8 The Audit Expectation Gap LEARNING OBJECTIVE 8 Discuss the audit expectation gap. The overall audit expectation gap occurs when there is a difference between the expectations of auditors and those of financial statement users, as shown in Illustration 1.11. The gap occurs when user beliefs do not align with an auditor’s professional responsibilities. ILLUSTRATION 1.11 Audit expectations gap User Expectations Reality • The auditor is providing absolute assurance. • An auditor provides reasonable assurance. • T he auditor is guaranteeing the future viability of the entity. • T he audit does not guarantee the future viability of the entity. (continues) c01IntroductionAndOverviewOfAuditAndAssurance.indd 30 8/23/21 1:55 PM 1.8 The Audit Expectation Gap 1-31 User Expectations ILLUSTRATION 1.11 Reality • A n unmodified audit opinion is an indicator of complete accuracy of the financial statements. • A n unmodified opinion indicates the auditor believes there are no material misstatements in the financial statements. • T he auditor will definitely find any and all fraud. • T he auditor will assess the risk of fraud and conduct tests to try to uncover any fraud, but there is no guarantee the auditor will find all material fraud, should one have occurred. • The auditor has checked all transactions. • The auditor tests a sample of transactions. (continued) The overall audit expectation gap is graphically represented in Illustration 1.12. In this figure, note the performance gap, which is the difference between auditor performance and auditing standards and regulations. There is also an expectation gap, which is the difference between a financial statement user’s expectations and auditing standards and regulations. ILLUSTRATION 1.12 Audit expectation and performance gaps Auditor Performance Performance Gap • Auditor failure to follow firm policy, standards, and regulations Auditing Standards and Regulations Expectation Gap Auditor performance impacted by: • Auditing standards • Ethical standards • Regulations • Legislation • Firm policy and procedures Financial Statement User’s Expectations Financial statement user’s expectations impacted by: • Audit firm reputation • Audit firm independence • Reader’s knowledge of auditing • Economic conditions The performance gap can be reduced by: uditors performing their duties appropriately, complying with auditing standards, and • A meeting the minimum standards of performance that should be expected of all auditors. • Inspections of audits to ensure that auditing standards have been correctly applied. • Assurance providers reporting accurately the level of assurance being provided. The audit expectation gap can be reduced by: • A uditing standards being reviewed and updated on a regular basis to enhance the work being done by auditors. • E ducation of financial statement users as to the responsibilities of preparers and auditors of financial statements. As described in this chapter, financial statement users rely on audited financial statements to make a variety of decisions. Financial statement users demand access to reliable information to help ensure the stability of financial markets. The audit profession is dedicated to providing reliable assurance services in the interest of protecting the public trust. Cloud 9 Continuing Case Ron believes that Chip Masters would know what an audit can provide, and what it cannot, because Chip is an experienced vice president of a large international company. He deals with auditors on a regular basis. Ron thanks Ernie for his time. Ernie has helped him to understand that preparing more detailed financial statements and c01IntroductionAndOverviewOfAuditAndAssurance.indd 31 engaging an auditor to perform a financial statement audit would not be as bad as he first thought. Ron now understands why Ernie thinks audits are valuable, and not just another business expense. If Chip Masters thinks that Ron’s financial statements are more credible with an audit, then it is likely he will be prepared to pay a higher price for Ron’s business. 8/23/21 1:55 PM 1-32 C h a pte r 1 Introduction and Overview of Audit and Assurance Before You Go On 8.1 Define the audit expectation gap. Define the audit performance gap. 8.2 What has caused the audit expectation gap? 8.3 What can be done to reduce the audit expectation gap? What can be done to reduce the audit performance gap? Review and Practice Learning Objectives Review Differentiate among assurance, attestation, and auditing services. 1 An assurance engagement involves an assurance provider arriving at an opinion about some information being provided by their client to a third party. Attestation and auditing services are types of assurance services. A financial statement audit involves an audit firm obtaining evidence to support an opinion about the fair presentation of the financial statements, in all material respects, in accordance with an applicable financial reporting framework. 2 Describe the different types of assurance services. Assurance services include financial statement audits, audits of effectiveness over internal control of financial reporting, compliance audits, operational/performance audits, and internal audits. 3 Identify the roles of different regulators and organizations that affect the audit profession. 5 Regulators and organizations that impact the audit profession include the Securities and Exchange Commission (SEC), the Public Company Accounting Oversight Board (PCAOB), the American Institute of Certified Public Accountants (AICPA), the Financial Accounting ­ Standards Board (FASB), the Committee on Sponsoring Organizations of the Treadway Commission (COSO), and the National Association of State Boards of Accountancy (NASBA). Auditors must follow the PCAOB’s Auditing Standards (AS) when auditing public companies and follow the Auditing Standards Board’s Statements on Auditing Standards (SAS) when auditing private companies. Explain the concepts of reasonable assurance and materiality, and the nature of an unqualified/unmodified report on the audit of financial statements. 6 Explain the demand for audit and assurance services. Financial statement users include investors (shareholders), suppliers, customers, lenders, employees, governments, and the general public. These groups of users demand audited financial statements due to their remoteness from the entity, accounting complexity, competing incentives between them and the entity’s managers, and their need for reliable information on which to base decisions. Discuss the different roles of the financial statement preparer and the auditor. 4 It is the responsibility of the company’s management to prepare the financial statements in accordance with the applicable financial reporting framework. Management is also responsible for the design, implementation, and maintenance of internal control over financial reporting and for providing the auditors with access to all documentation needed to complete the audit. It is the responsibility of the auditor to form an opinion on the fair presentation of the financial statements. In doing so, the auditor must utilize professional skepticism and professional judgment in the planning and performance of the audit and must adhere to the appropriate auditing standards. c01IntroductionAndOverviewOfAuditAndAssurance.indd 32 Auditors are only required to provide reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to error or fraud. In a private company audit, if auditors determine the financial statements are presented fairly in accordance with the applicable financial reporting framework, then they issue the standard unmodified audit report. In a public company audit, if auditors determine the financial statements are presented fairly in accordance with the applicable financial reporting framework, then they issue the standard unqualified audit report. 7 Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting. An effective system of ICFR provides reasonable assurance the financial statements will be free of material misstatements. Only public companies are required to have an audit of the effectiveness of ICFR. In the audit of the effectiveness of ICFR, auditors provide reasonable assurance regarding whether or not there is a material weakness in ICFR for the period under audit. If auditors have determined the company has maintained effective ICFR, then they issue the standard unqualified audit report on ICFR. 8/23/21 1:55 PM Audit Decision-Making Example 8 Discuss the audit expectation gap. The difference between what assurance providers provide and what financial statement users expect consists of two components: (1) the expectation gap, which is the difference between a financial 1-33 statement user’s expectations and professional standards and regulations, and (2) a performance gap, which occurs when assurance providers do not follow professional standards. The total gap occurs when user beliefs do not align with what an auditor has actually done. Key Terms Review Assurance services Attestation services Audit risk Audit services Compliance audit Integrated audit Internal audit Materiality Material weakness Operational (performance) audit Professional judgment Professional skepticism Reasonable assurance Those charged with governance Audit Decision-Making Example Obtain Company Background Information and Data You just started a job as an auditor at a regional accounting firm. The first two weeks consist of training courses about conducting an audit. During training, you are given a scenario related to audit opinions on the financial statements. The scenario states that a team of auditors has conducted an audit of a manufacturing client for the year ended December 31, 2025. The team has discovered two financial statement errors: (1) an overstatement of revenue and the related accounts receivable, and (2) an understatement of expenses and the related payables. Both errors resulted from a cutoff problem at year-end, meaning the client recorded transactions at the end of 2025 that should have been recorded in 2026. Individually, the misstatements are immaterial. However, the auditors believe the misstatements, when aggregated, would have a material impact on both the financial statements and the users who would read the financial statements. The client has been notified of these errors but does not agree that they are errors and will not make adjustments to correct them. How should the auditors proceed? Use the audit decision-making framework from Illustration 1.2 to discuss how you would approach this situation. ? What Is the Audit Problem You Are Trying to Solve? If the client is unwilling to correct the errors, the auditors must determine the impact on the financial statements and the type of audit opinion that can be issued. Gather Information and Evidence The auditors should gather more information about the errors as follows. • Determine the dollar amount of each error. • Gather evidence about the possible reasons the errors occurred. • Inquire of client management the reasons why the identified errors are not being corrected. Perform the Analysis and Evaluate the Results After gathering relevant information, the auditors have analyzed the information as follows. • I ndividually, the amounts of the two errors are immaterial to the overall financial statements. However, when the two errors are combined, the total error amount is material to the financial statements as a whole. The overstatement of revenue combined with the understatement of expense results in a material overstatement of the client’s net income. • T he auditors inquired of various client employees that record revenue and expense journal entries. No one seemed to have an idea of how the error occurred, and most of the employees did not understand the importance of achieving proper cutoff at the end of the accounting period. • T he auditors discussed the errors with upper management and inquired as to why the errors would not be corrected even though they are material. The company CFO also does not agree that the transactions are material errors. She argues that net income has already been determined and reported to the board of directors, and she also disagrees that the total error is material to the overall financial statements. c01IntroductionAndOverviewOfAuditAndAssurance.indd 33 8/23/21 1:55 PM 1-34 C h a pte r 1 Introduction and Overview of Audit and Assurance ! Draw an Audit Conclusion If the client refuses to make corrections that the auditors deem necessary for the financial statements to be fairly presented, then the auditors must issue a modified audit opinion. Since the financial statements contain a material departure from the applicable financial reporting framework, and the client refuses to make corrections, the auditors must issue either a qualified opinion or an adverse opinion. If the errors are considered pervasively material, the auditors should issue an adverse opinion so that users know not to rely on the financial statements at all. Going forward, the auditors would carefully consider if they want to continue to audit this client. The fact that management refused to correct the errors reflects on management integrity. It also causes a heightened risk that fraudulent activity could be occurring in the client’s accounting practices. The client may be purposely trying to overstate net income to attract new investors or obtain additional financing. If the client had corrected the errors, the auditors could have issued an unmodified audit report, stating that the financial statements were fairly presented. CPAexcel CPAexcel questions and data analytics resources are available in Wiley Course Resources. Multiple-Choice Questions 1. (LO 1) Which of the following is not a characteristic of an assurance service? a. The engagement is conducted by an independent professional. b. The service lends credibility to information. c. The subject matter is limited to financial information. d. The service is useful for decision makers. 2. (LO 2) An assurance service that determines whether the entity has conformed with regulations, rules, or processes is a (an): a. compliance audit. b. financial statement audit. c. internal audit. d. operational audit. 3. (LO 2) Operational (performance) audits are useful because they: c. cost. d. reliability. 6. (LO 4) Management is responsible for which of the following? reparing financial statements in accordance with the approa. P priate auditing standards. b. D esigning, implementing, and maintaining internal control relevant to the preparation of the financial statements. sing professional skepticism in the preparation of the financ. U cial statements. d. Issuing an opinion on whether the financial statements are presented fairly in accordance with the appropriate financial reporting framework. 7. (LO 5) Which of the following organizations issues auditing standards for the audits of public companies? a. include a comprehensive audit. a. PCAOB. b. a re concerned with the economy, efficiency, and effectiveness of an organization’s activities. c. ASB. c. involve gathering evidence to determine whether the entity under review has followed the rules, policies, procedures, laws, or regulations with which they must conform. d. ensure companies pay appropriate taxes. 4. (LO 2) The function of internal audit is determined by: a. the external auditor. b. the IIA. c. those charged with governance and management. d. the government. 5. (LO 3) All of the following are reasons why users would demand an audit of financial statements except: a. complexity. b. remoteness. c01IntroductionAndOverviewOfAuditAndAssurance.indd 34 b. SEC. d. COSO. 8. (LO 5) The role of COSO is to: a. establish financial accounting and reporting standards. b. establish auditing standards for private companies. c. prepare and grade the CPA exam. d. p rovide guidance in the area of internal control and risk management. 9. (LO 6) Auditors can only provide reasonable assurance that the financial statements are presented fairly because: a. sampling techniques are used to gather evidence. b. some items in the financial statements are subjective. c. an audit must be completed in a reasonable amount of time. d. All of the answer choices are correct. 8/23/21 1:55 PM Analysis Problems 10. (LO 6) What is the appropriate date for an audit report? a. The date the auditors were hired. b. The date of the balance sheet. c. The conclusion of the gathering of evidence for the audit. d. The date required by regulators. 11. (LO 7) Auditors of publicly traded companies are required to perform a(an) ________ for their clients. a. compliance audit b. integrated audit 1-35 12. (LO 8) The audit expectation gap occurs when: a. a uditors perform their duties appropriately and satisfy users’ demands. b. u ser beliefs do not align with what professional standards and regulations expect of auditors. c. inspections of audits ensure that auditing standards have been applied correctly and the standards are at the level that satisfy users’ demands. d. the public is well educated about auditing. c. internal audit d. operational audit Review Questions R1.1 (LO 1) What does assurance mean in the financial reporting context? Who are the three parties relevant to an assurance ­engagement? R1.2 (LO 1) An assurance engagement involves evaluation or measurement of subject matter against criteria. What criteria are used in a financial statement audit? R1.3 (LO 2) Discuss some limitations of a financial statement audit. R1.4 (LO 2) Who would request an operational (performance) audit? Why? R1.5 (LO 3) Why would investors in a company demand an audit of financial statements? R1.6 (LO 4) Compare and contrast the responsibilities of preparers and auditors regarding a financial statement audit. R1.7 (LO 5) Describe the relationship between the SEC and the PCAOB. R1.8 (LO 5) Compare and contrast the functions of a state board of accountancy and of NASBA. R1.9 (LO 5) Briefly describe the principles underlying an audit conducted in accordance with GAAS that are issued by the ASB. R1.10 (LO 6) Discuss the similarities and differences in the auditor’s reports for a public company client and a private company client. R1.11 (LO 7) List and briefly describe the components of the auditor’s report on internal controls over financial reporting for a public company. R1.12 (LO 8) Debate the audit expectation gap. Why do you think professional auditing standard do not give users what they want? Why do you think auditors sometimes do not meet professional standards? Analysis Problems AP1.1 (LO 1, 2) Basic Research Types of assurance engagements A friend knows that you are studying auditing and asks you what the difference is between internal and external auditing. Required Using what you learned in this chapter and from information from the AICPA website (www.aicpa.org) and the IIA website (www.theiia.org), compare and contrast the duties and characteristics of internal and external auditors. AP1.2 (LO 3) Challenging Demand for assurance In 2002, the audit firm Arthur Andersen collapsed following charges brought against it in the United States relating to the failure of its client, Enron. Some other clients announced they would be dismissing Arthur Andersen as their auditor even before it was clear that Arthur Andersen would not survive. Required Using the discussion in this chapter on the demand for audits, explain some reasons why these clients took this action. c01IntroductionAndOverviewOfAuditAndAssurance.indd 35 8/23/21 1:55 PM 1-36 C h a pte r 1 Introduction and Overview of Audit and Assurance AP1.3 (LO 3, 4) Moderate Big 4 versus non-Big 4 assurance providers Most audit firms maintain a website that explains the services offered by the firm and provides resources to their clients and other interested parties. The services offered by most firms include both audit and non-audit services. Required Find the websites for a Big 4 audit firm and a mid-tier audit firm. Compare them on the following: a. The range of services provided. b. Geographic coverage (i.e., where their offices are located). c. Staff numbers and special skills offered. d. Industries in which they claim specialization. e. Publications and other materials provided to their clients or the general public. f. Marketing message. AP1.4 (LO 3, 4) Challenging Big 4 versus non-Big 4 assurance providers Economic changes can affect how clients select their assurance providers. Required a. In times of economic recession, would you expect the demand for audits to increase or decrease? b.Would you expect clients to shift either from large (Big 4) auditors to mid-tier auditors or from mid-tier auditors to Big 4 auditors in times of economic recession? Why or why not? AP1.5 (LO 5) Basic Research Requirements to become a CPA Each state has the power to determine the education and experience requirements to be a licensed CPA in that state. The power is delegated to the state board of accountancy in each state. Required Visit the state board of accountancy website for the state in which you are attending college. What are the education and experience requirements? If you intend to begin your career in another state, also research the education and experience requirements for that state. What are the similarities and differences between the two states? AP1.6 (LO 5) Basic Research Accounting firm registration Since the creation of the PCAOB in 2003, accounting firms that wish to audit public companies must be registered with the PCAOB. Visit the PCAOB’s website (www.pcaobus.org) and browse the information. Required Explain what is required for an accounting firm to be registered with the PCAOB. AP1.7 (LO 5) Basic Organizations that impact the audit profession The following organizations impact the audit profession. 1. AICPA 5. IIA 9. SEC 2. ASB 6. IAASB 10. State Board of Accountancy 3. COSO 7. NASBA 4. FASB 8. PCAOB Required Match the organization with the proper description. Each organization can be used once, more than once, or not at all. a. Membership organization that acts as an advocate for the accounting profession. b. Maintains the Accounting Standards Codification. c. Issues International Standards on Auditing. d. Has the power to enforce the Sarbanes-Oxley Act of 2002. e. Issues Auditing Standards and oversees the auditors of issuers. f. Provides guidance and standards for internal auditing. g. A federal agency tasked with enforcing and interpreting securities laws. c01IntroductionAndOverviewOfAuditAndAssurance.indd 36 8/23/21 1:55 PM Analysis Problems 1-37 h. Serves as the application center for individuals applying to take the CPA exam. i. Prepares and grades the CPA exam. j. Issues Statements on Auditing Standards for the audits of non-issuers. AP1.8 (LO 6, 7) Basic Audit reports The two standard-setting bodies are the PCAOB for the audits of public companies and the ASB for the audits of private companies. Each organization has a standard format for the auditor’s report on the financial statements. There are similarities and differences in the two standard formats. Required For each item listed below, indicate if the item or phrase appears in the unmodified audit report of the ASB, the unqualified audit report of the PCAOB, or both. Use the following letters to indicate your answer. a. Unmodified audit report—ASB b. Unqualified audit report—PCAOB c. Audit reports of both bodies—ASB and PCAOB 1. Contains the word “independent” in the title. 2. We have also audited the company’s internal control over financial reporting. 3. In our opinion, the financial statements present fairly, in all material respects, the financial position of the company. 4. We are required to be independent with respect to the company in accordance with the U.S. federal securities laws. 5. Management is responsible for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of the financial statements. 6. Contains a section on critical audit matters. 7. Dated as of the end of fieldwork. 8. Contains a statement about auditor tenure. 9. Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. 10. Obtain reasonable assurance about whether the financial statements are free from material misstatement. AP1.9 (LO 6, 7) Basic Audit reports Auditor’s reports for Amazon.com are provided in Illustrations 1.8 and 1.10 in this chapter. Select another public company of your choice and visit the investor relations website to ­access the most recent annual report and 10-K. Find the auditor’s reports on the financial statements and the effectiveness of ICFR. Required a. Compare the audit reports of Amazon.com and the public company you selected. What type of opinion did the company receive on its financial statements and on the effectiveness of ICFR? b. What are the advantages of having a standard report format for all clients? AP1.10 (LO 4, 6, 8) Moderate Being an auditor You have recently graduated from your university and started work with an accounting firm. You meet an old school friend, Kim, for dinner—you haven’t seen each other for several years. Kim is surprised that you are now working as an auditor because your childhood dream was to be a ballet dancer. Unfortunately, your knees were damaged in a fall, and you can no longer dance. The conversation turns to your work, and Kim wants to know how you do your job. Kim cannot understand why an audit is not a guarantee the company will succeed. Kim also thinks that company managers will lie to you to protect themselves. As an auditor, you would have to assume that you cannot believe anything a company manager says to you. Required Compose a letter to Kim explaining the concept of reasonable assurance, and how reasonable assurance is determined. Explain why an auditor cannot offer absolute assurance. Describe the concept of c01IntroductionAndOverviewOfAuditAndAssurance.indd 37 8/23/21 1:55 PM 1-38 C h a pte r 1 Introduction and Overview of Audit and Assurance professional skepticism and how it is not the same as assuming that managers are always trying to deceive auditors. Explain to Kim why her perceptions are a perfect example of the expectations gap. AP1.11 (LO 2, 4, 6, 7, 8) Challenging Limitations of an audit You are an intern at a Big 4 accounting firm and have just finished your internship training. You feel a little overwhelmed with all of the information from the training session, and you are wondering if you are qualified to perform work that is of high-enough quality to meet the firm’s and the profession’s standards. What if you miss something or forget to do something? What if it takes you too long to complete your tasks? What if you spend time on something that is trivial and miss something that is important? You decide to review your notes from the training session and from your undergraduate audit course. Required a. Discuss the limitations of an audit. Refer to the audit reports in Illustrations 1.7, 1.8, and 1.10. What are some key terms and phrases b. included in the reports that address these limitations? Cloud 9 Continuing Case Ron Stotez established his business, Stotez Shoes, in 1985. Since then, he has run his business as a sole proprietor. Ron keeps records, and his wife helps him prepare basic accounting records. As Stotez Shoes has no outside owners, Ron has never seen the need to have his accounts audited. When Chip Masters from Cloud 9 Inc. expressed an interest in buying Stotez Shoes in 2023, Ron was asked to provide audited financial statements. Ron discussed his concerns about having an audit with his friend Ernie Black. Ernie is concerned that Ron may forget their conversations and has asked you to prepare a summary of the issues listed below for Ron. c01IntroductionAndOverviewOfAuditAndAssurance.indd 38 Required a. What are the main differences between a financial statement audit, a compliance audit, and an operational audit? b. What is the difference between reasonable assurance and absolute assurance? c. Why would Chip ask that Ron have the financial statements for Stotez Shoes audited rather than reviewed? d. What factors should Ron consider when selecting an accounting firm to complete the Stotez Shoes audit? 8/23/21 1:55 PM Get Complete eBook Download Link below for instant download https://browsegrades.net/documents/2 86751/ebook-payment-link-for-instantdownload-after-payment