CHAPTER 03 Engagement Planning "Vision without action is a daydream. Action without vision is a nightmare.” Japanese Proverb 3-1 LEARNING OBJECTIVES 1. 2. 3. 4. 5. 6. List and describe the required pre-engagement activities that auditors undertake before beginning an audit engagement. Understand the importance of planning the audit engagement so that it is conducted in accordance with professional standards. Define materiality and explain its importance in the audit planning process. List and describe the eight general types of audit procedures for gathering evidence. List and discuss matters of planning that auditors should consider related to the client’s computer environment and describe how CAATs can be used to improve the efficiency of the audit process. Define what is meant by the proper form and content of audit documentation. 3-2 Engagement Overview and Principles OBTAIN (OR RETAIN) CLIENT Responsibilities: Competence and capabilities, Independence ENGAGEMENT PLANNING RISK ASSESSMENT AUDIT EVIDENCE REPORTING Responsibilities: Professional skepticism, Professional judgment, Due care Performance Reporting 2-3 WHAT NEEDS TO BE CONSIDERED WHEN A FIRM IS DECIDING TO ACCEPT OR RETAIN A CLIENT? Independence & Objectivity Competence & Expertise Available Resources Acceptable Level of Engagement Risk Background checks of Senior Management Inherent risks of the industry Communication w/Predecessor Auditor Obtain & review financial information Inquire of key parties – Legal Counsel, Bankers, Analysts PRE-ENGAGEMENT ACTIVITIES Client Acceptance or Continuance Communication between predecessor and prospective auditors Compliance with Independence and Ethical Requirements Engagement Letters Termination Letter 3-5 COMMUNICATION BETWEEN PREDECESSOR AND PROSPECTIVE AUDITORS Attempt If – to communicate is required client permits, issues to discuss Disagreements about accounting principles or audit procedures. – Communications the predecessor auditors gave the former client about fraud, illegal acts, and internal control recommendations. – The predecessor auditors’ understanding about the reasons for the change of auditors (particularly about the predecessor auditors’ termination). – Client management integrity issues. 3-6 COMPLIANCE WITH INDEPENDENCE AND ETHICAL REQUIREMENTS The responsibilities principle requires auditors to comply with appropriate ethical requirements for each audit engagement Auditors must maintain independence in mental attitude and independence in fact Independence in appearance relates to perceptions of auditors’ independence A lack of independence can result in disciplinary action by regulators and/or professional organizations and litigation by those who relied on the financial statements Public accounting firms must have a process in place to ensure that they are independent of the company being audited 3-7 ENGAGEMENT LETTERS When a new client is accepted or when an audit engagement continues from year to year, an engagement letter should be prepared. Acts as a contract between auditor and client. Serves as a means of reducing the risk of misunderstandings with the client and as a means of avoiding legal liability for claims that the auditors did not perform the work promised Should include: Objectives of the engagement Management’s responsibilities Auditors’ responsibilities Any limitations of the engagement 3-8 SEE EXHIBIT 3.1 FOR EXAMPLE TERMINATION LETTERS Reduces the risk of misunderstandings with the client in order to avoid legal liability Termination letters are NOT required, but, may be a good idea to reduce misunderstandings with clients LIST THREE SPECIFIC INQUIRIES A SUCCESSOR AUDITOR SHOULD MAKE OF A PREDECESSOR AUDITOR IN REGARDS TO THE CLIENT: 1. Disagreements about accounting principles or audit procedures. 2. Communications the predecessor auditors gave the former client about fraud, illegal acts, and internal control recommendations. 3. The predecessor auditors’ understanding about the reasons for the change of auditors (particularly about the predecessor auditors’ termination). 4. Client management integrity issues. TRUE OR FALSE? AN AUDITORS ENGAGEMENT LETTER SHOULD INCLUDE AN ACKNOWLEDGMENT OF MANAGEMENT’S RESPONSIBILITY FOR MAINTAINING EFFECTIVE INTERNAL CONTROL. A) TRUE B) FALSE WHICH OF THE FOLLOWING MATTERS IS GENERALLY INCLUDED IN AN AUDITOR’S ENGAGEMENT LETTER? A. B. C. D. Management’s responsibility for the fair presentation of the financial statements. The factors to be considered in setting preliminary judgments about materiality. Management’s vicarious liability for violations of laws and regulations committed by its employees. The auditor’s responsibility to search for significant internal control deficiencies. AUDIT PLAN A comprehensive list of the specific audit procedures that the audit team needs to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements When planning the engagement, the auditor needs to develop and document a plan the describes the procedures to be performed to assess the risk of material misstatement at the financial statement and assertion level The auditor must then carefully plan the nature, timing and extent of control tests and substantive tests that are designed to mitigate these risks to an acceptable level 3-14 EXAMPLE OF AN AUDIT PLAN Risk Vendor Management ALCS does not have authorized contracts and project agreements in place to document scope of services to be provided by ADP, Inc. ADP, Inc. performance on services provided is not in accordance with contractual requirements. ALCS Corporate Audit Department Audit: Review of ADP Payroll Processes Scope: January 2010 to Exit Date Audit Team: A. R. Thompson; E. J. Lynch; and, M. Moore Key Control Test Plan Assigned To The contracts included the standard Obtain and review a copy of the Altria terms and conditions (e.g., right master agreement and related project to audit, insurance, confidentiality, agreements for ADP, Inc. etc.) and related attachments (e.g., 1. Ensure the contract includes all background screening procedures, required standard terms and contractor expense guidelines and conditions. code of conduct, IT security policy, 2. Ensure the contract has all the etc.). required attachments. 3. Verify the required deliverables are provided in accordance with contractual terms. ALCS measures ADP, Inc. performance Obtain and review service level against the service level agreement agreement attached to the Master pursuant to the Master Agreement. Agreement. E. Lynch E. Lynch Required Documents 1. ADP, Inc Master Services Agreement 2. Insurance Certification 3. Contract Approval 4. RFP and Bid Documentation / Waiver E. Lynch E. Lynch M. Moore 1. Gain an understanding of ALCS M. Moore process for monitoring ADP, Inc. performance against service level requirements. 2. Obtain copies of quarterly service M. Moore level reports. Determine whether or not service levels not achieved have been properly analyzed and corrected. 3. For service levels not achieved, M. Moore review and recalculate credits due ALCS. Ensure all credit have been properly received by ALCS. 1. Service Level Agreements (Annex B) 2. Quarterly Performance Reports 3. SLA Credits Issued 4. Credit Supporting Documentation STAFFING THE AUDIT ENGAGEMENT Teams usually consist of the: Audit engagement partner Audit manager IT audit specialist Tax partner Quality assurance partner Audit staff For new clients, companies with complex transactions and public companies, more experienced staff members are typically assigned. 3-16 CONSIDERING THE WORK OF INTERNAL AUDITORS Must obtain an understanding of a client’s internal audit department and its work Audit efficiency can be realized when the two groups work together Prior to using the work of internal auditors, external auditors should consider internal auditors’ objectivity and competence Who do they report to? What education, experience, certifications? Internal auditors should not be delegated tasks that require extensive professional judgment 3-17 USE OF SPECIALISTS Specialists are persons skilled in fields other than accounting and auditing who are not members of the audit team Auditors must know about the specialist’s professional qualifications, experience and reputation Should be unrelated to the company being audited Auditors should obtain an understanding of the specialist’s methods and assumptions Specialists are NOT referred to in the audit report unless the specialists’ findings cause the auditors’ report to be modified 3-18 USE OF IT AUDITORS Specialized skills are often needed to evaluate the effect of computerized processing on the audit, to understand the flow of transactions, or to design and perform audit procedures IT auditors are members of the audit team and are called in when the need for their skills arises Audit managers and partners should possess sufficient knowledge to know when to call on specialists and to supervise their work 3-19 THE PRIMARY PURPOSE FOR OBTAINING AN UNDERSTANDING OF THE ENTITY’S ENVIRONMENT (INCLUDING ITS INTERNAL CONTROL) IN A FINANCIAL STATEMENT AUDIT IS: A) to determine the nature, timing, and extent of substantive procedures to be performed. B) to make consulting suggestions to the entity’s management. C) to obtain indirect sufficient appropriate audit evidence to afford a reasonable basis for an opinion on the financial statements. D) to determine whether the entity has changed any accounting principles. DURING THE INITIAL PLANNING PHASE OF AN AUDIT, THE AUDITOR MOST LIKELY WOULD: A. B. C. D. Identify specific internal control activities that are likely to prevent fraud. Evaluate the reasonableness of the client’s accounting estimates. Discuss the timing of the audit procedures with the client’s management. Inquire of the client’s attorney as to whether any unrecorded claims are probable of assertion. IN DEVELOPING AN OVERALL AUDIT STRATEGY, AN AUDITOR SHOULD CONSIDER: A. B. C. D. Whether the allowance for sampling risk exceeds the achieved upper precision limit. Findings from substantive tests performed at interim dates. Whether the inquiry of client’s attorney identifies any litigation, claims, or assessments not disclosed in the financial statements. Preliminary evaluations of materiality, audit risk, and internal control. TIME BUDGET Used to maintain control of the audit by identifying problem areas early in the engagement, thereby ensuring that the engagement in completed on a timely basis Interim audit work refers to procedures performed several weeks or months before the balance sheet date Year-end audit work refers to procedures performed shortly before and after the balance sheet date 3-23 TIME REPORTS Everyone who works on the audit engagement is required to report the time taken to perform procedures for the audit Helps in evaluating the efficiency of the audit team members Compiling a record for billing the client Compiling a record for planning the next audit Eating Time? Interim versus Year-end audit work 3-24 MATERIALITY • Materiality refers to an amount (or transaction) that would influence the decisions of users (i.e., an amount (or event) that would make a difference). The emphasis is on user, rather than management or the audit team. • Materiality Criteria: Quantitative Criteria: Absolute size Relative size Cumulative effects Qualitative Criteria Nature of the item or issue Circumstances Uncertainty • Ultimately, materiality is a matter of professional judgment. 3-25 MATERIALITY Material information = Important information Misstatements are not immaterial simply because they fall beneath a numerical threshold (e.g., fraud) Material = an amount (or transaction) that would influence the decisions of users It is a professional judgment calculated by staff auditors but MUST be signed-off by the Partner Rule of Thumb <5% is likely not material, but >10% probably is material Low Materiality = More Audit Work High Materiality = Less Audit Work USING MATERIALITY ON THE AUDIT Use as a guide to planning substantive procedures— directing attention and audit work to those items or accounts that are important, uncertain, or susceptible to errors or frauds. As a guide to evaluation of the evidence. Auditors use performance materiality to make sure that the aggregate of uncorrected and undetected immaterial misstatements does not exceed materiality for the financial statements as a whole. As a guide for making decisions about the audit report. 3-27 USE OF AUDIT PROCEDURES To gain an understanding of the client and the risks associated with the client (risk assessment procedures) To test the operating effectiveness of client internal control activities (test of controls) To produce evidence about management’s assertions related to the amounts and disclosures in a client’s financial statements (substantive procedures) 3-28 SUBSTANTIVE AUDIT PLAN Should contain a list of audit procedures for gathering evidence related to the relevant assertions identified for the significant financial statement accounts and disclosures of an audit client Two ways to conduct substantive tests: Substantive analytical procedures Auditor must develop an independent expectation of the balance More efficient Tests of details Generally requires sampling More effective 3-29 CONTROLS VS SUBSTANTIVE TESTS SUMMARY Tests of controls - test segregation of duties (authorization, recording, custody, and comparison) by reperformance, inquiry, inspection, and observation. Substantive tests - deal with management assertions (e.g., classification, presentation & disclosure, existence/occurrence, rights & obligations, completeness & cutoff, and valuation/allocation) and testing them by using the audit procedures of inquiry, confirmation, observation, recalculation/reperformance, inspection of assets, inspection of records and analytical procedures. Test of controls = internal controls Substantive testing = test of details & analytical procedures 3-31 TYPES OF AUDIT PROCEDURES 1. Inspection of records and documents Vouching Tracing Scanning 2. Inspection of tangible assets 3. Observation 4. Inquiry 5. Confirmation 6. Recalculation 7. Reperformance 8. Analytical Procedures 3-32 TYPES OF AUDIT EVIDENCE F ooting and Crossfooting I nquiry V ouching E xamination, Inspecting, and Reviewing C onfirmation A nalytical Procedures R eperformance R ecalculation O bservation T racing S ubsequent Events Footing and Crossfooting- verifying the mathematical accuracy of columns of numbers by adding down and across Inquiry- written or oral information in response to questions from the auditor Requires corroboration to be conclusive An exception exists for negative statements regarding fraud, theft, accounting irregularities, etc. Vouching- Directional testing from accounting records back to the supporting documents Supports the existence and occurrence assertion Gathers evidence supporting overstatement errors Examination, Inspecting, and Reviewing Physical examination is the examination or inspecting of tangible assets: -Direct test of existence -One of the most reliable types of AE -Does not provide AE regarding rights & obligations Inspection of documentation is the auditor’s inspection of the clients documents and records to substantiate the information that is, or should be, included in the financial statements 1. Internal document 2. External document 3. Internal Control 4. Original Documents Confirmations - describes the receipt of a direct response from a 3rd party verifying the accuracy of information that was requested by the auditor Highly regarded and often-used types of AE May be costly and inconvenient When practical and reasonable, A/R confirms are required To be reliable must be controlled Positive vs. Negative Positive (good) = Must respond Negative (sloppy/bad) = Optional response (only if amount differs) CONFIRMATIONS CONTINUED Auditing Standards Requirements United States Auditor must confirm accounts receivable Auditors control the mailing and receipt of replies Electronic confirmations are permitted International Confirmations are not required CONFIRMATIONS CONTINUED Analytical Procedures - Use comparisons and relationships to assess whether account balances appear reasonable given expectations, required during planning and completion phases Help understand the entity and environment Assess Going Concern “Attention Directing” Reduce other substantive tests ANALYTICAL PROCEDURES 3-40 Reperformance- Auditor’s independent tests of client accounting procedures or controls Recalculation- Involves rechecking a sample of calculations made by the client Observation- Use of the senses to assess client activities. -Requires corroboration Tracing-Directional testing from source documents to accounting records -Supports the completeness assertion -Gathers evidence supporting understatement errors Subsequent Events- The auditor is required to perform procedures for the period after the balance sheet date up to the date of the auditor’s report Tracing vs. Vouching Trace = Forward (source documents to accounting records) Vouch = Backward (accounting records to source documents) “Vouch back, Trace forward” Vouching = occurrence Tracing = completeness VOUCH VS. TRACING EXAMPLE (CHAP. 8): AN AUDIT PLAN CONTAINS… A) Specifications of audit standards relevant to the financial statements being audited. B) Specifications of the procedures the auditors believe appropriate for the financial statements under audit. C) Documentation of the assertions under audit, the evidence obtained, and the conclusions reached. D) Reconciliation of the account balances in the financial statements with the account balances in the client’s general ledger. WHICH OF THE FOLLOWING AUDIT PROCEDURES, AS DISCUSSED IN CLASS, ARE NOT SPECIFICALLY REQUIRED DURING AN AUDIT? a) b) c) d) e) Confirmation of accounts receivable Evidence regarding subsequent events Analytical procedures during fieldwork Only a and c None of the above, all of the above (a-c) are required during a financial statement audit PLANNING IN A COMPUTERIZED ENVIRONMENT Auditor must evaluate the client’s computerized environment (i.e. potential for errors or fraud, use of cloud computing applications) Auditor must consider: Extent to which computers are used Complexity of computer operations Availability of data Need for specialized IT auditors CAATs (Computer Assisted Audit Techniques) Used for recalculation, confirmation, document examination, scanning, analytical procedures, fraud investigation 3-46 EFFECT OF CLIENT’S COMPUTER PROCESSING ON AUDIT PLANNING Complexity of computer operations Organizational Availability Use structure of computer processing of data of CAAT’s Need for specialized skills 3-47 COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES (CAATS) E.g., IDEA, ACL With CAATS, the auditor is able to access and extract client information without disrupting data processing. Some CAATs Procedures: Calculate field statistics (totals, high, low and average value) Perform complex recalculations Join and compare different data files Perform detailed analysis Stratification Gap and duplicate detection Sample selection 3-48 AUDIT DOCUMENTATION Definition The written record of the basis for the auditor’s conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise. Objectives Improve audit quality Enhance public confidence 3-49 PURPOSES OF AUDIT DOCUMENTATION Integral part of audit quality Documents the nature, timing and extent of work performed Evidence Basis of due care for conclusion Facilitates planning, performance and supervision Provides basis for review/Assessment of audit quality 3-50 AUDIT DOCUMENTATION Permanent files Information of continuing audit significance For example, key contracts, bylaws, organization chart, royalty and bond agreements Current files Includes the entire engagement administration file for the year under audit Includes all documentation that is sufficient to support all conclusions on the audit 3-51 Permanent Files - Contain data of a historic or continuing nature pertinent to the current audit Documents of continuing importance -articles of incorporation -bylaws -stock option contracts Previous analyses of continuing importance long-term debt fixed assets Internal control documentation Previous analytical procedures Current files- Include all audit documentation applicable to the year under audit. Set for each year’s audit. Audit Program General Information Working Trial Balance Listing of general ledger accounts at YE supported by a lead schedule which shows how each balance is calculated Adjusting and Reclassification Entries AUDIT DOCUMENTATION REQUIREMENTS Audit documentation should be prepared in sufficient detail to enable an experienced auditor having no previous connection with the engagement to: Understand the nature timing, extent and results of procedures, evidence obtained and conclusions reached. Determine who performed the work, date of work, reviewer and date of review. Audit documentation should provide a clear link to significant findings or issues and Demonstrate compliance with professional standards. Support basis for conclusions for each relevant assertion. Document that accounting records agree with financial statements. 3-54 DOCUMENTATION RETENTION Documentation must be retained seven years from report release date. If no report—from last day of fieldwork Documentation to be retained include those documenting discussion and subsequent resolution of differences in professional judgments among team members All documentation must be finalized within 45 days of the audit report’s release date 3-55 EXHIBIT 3.5 CURRENT AUDIT DOCUMENTATION FILE 3-56 HOW TO CREATE WORKPAPERS – “PSSPC” Name/Date P S S P C - Purpose Source Scope Procedures Conclusion *Walkthrough Example *For those of you going into auditing this slide should help you. Otherwise this wont be on the test. 3-57 EXHIBIT 3.6 ILLUSTRATIVE AUDIT DOCUMENTATION Information on Each Workpaper Name, date, purpose, page number Procedures performed and conclusions reached by the auditor Evidence that auditor followed GAAS Audit Tick Mark Legend Preparer’s and Reviewers’ initials 3-58 HOW TO CREATE WORKPAPERS – “PSSPC” Name/Date P S S P C - Purpose Source Scope Procedures Conclusion *Walkthrough Example 3-59 IN-CLASS EXAMPLE – AUDIT EVIDENCE What are some risks to consider? What kinds of evidence might you gather? 3-60 IN CLOSING…. SOME LIFE/CAREER ADVICE Communication Don’t assume people know what you’re saying Join Toastmasters