The sufficiency and appropriateness of audit evidence are
advertisement
Ch09_PrinciplesOfAuditing_Ed3 P a g e | 1 Chapter 9 Auditor’s Response to Assessed Risk (ISA 330 ISA 500) 9.1 Learning Objectives After studying this chapter, you should be able to: 1 List audit procedures responsive to assessed risk 2 Know the definition of evidence in an audit and legal sense. 3 Differentiate between nature, extent and timing of audit procedures. 4 Understand the difference between legal evidence and audit evidence. 5 Identify the common management assertions for classes of transactions, account balances and disclosure. 6 Define the management standard assertions: completeness, occurrence, accuracy, rights and obligations, valuation, existence, cutoff, classification, understanding, presentation and disclosure, and measurement. 7 Discuss the systematic process of gathering evidence. 8 Recognize tests of controls for design and effectiveness. 9 Charaterize a substantive procedure. 10 Explain what is meant by the nature, timing, and extent of substantive procedures. 11 List and define the two types of substantive procedures. 12 Realize the process of search for unrecorded liabilities. 13 Describe the components of and the meaning of “sufficient appropriate audit evidence.” 14 Determine which evidence is relevant and which evidence is reliable. Ch09_PrinciplesOfAuditing_Ed3 P a g e | 2 9.2 Introduction Evidence gathering procedures in auditing are directed by the assessment of risk of material misstatement. ISA 330 states1, “The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks.” Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level To meet this objective of obtaining sufficient appropriate audit evidence, the auditor must design and perform audit procedures whose nature, timing and extent are based on, and are responsive to, the assessed risks. The nature of an audit procedure refers to its purpose (that is, test of controls or substantive procedure) and its type (that is, inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedure). The nature of the audit procedures is of most importance in responding to the assessed risks. Timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies.2 Extent of an audit procedure refers to the quantity to be performed, for example, a sample size or the number of observations of a control activity. Designing and performing further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level provides a clear linkage between the auditor’s further audit procedures and the risk assessment. The auditor’s assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. For example, the auditor may determine that only by performing tests of controls she can achieve an effective response to the assessed risk of misstatement for a particular assertion.3 Or the auditor may find that performing only substantive procedures is appropriate for particular assertions and, therefore, Ch09_PrinciplesOfAuditing_Ed3 P a g e | 3 she excludes the effect of controls from the relevant risk assessment. This may be because the auditor’s risk assessment procedures have not identified any effective controls relevant to the assertion, or because testing controls would be inefficient and therefore the auditor does not intend to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures. Of course, the auditor may try a combined approach using both tests of controls and substantive procedures. Irrespective of the approach selected, however, the auditor designs and performs substantive procedures for each material class of transactions, account balance, and disclosure. Overall responses to address the assessed risks of material misstatement at the financial statement level may include: • Emphasizing to the engagement team the need to maintain professional skepticism. • Assigning more experienced staff or those with special skills or using experts. • Providing more supervision. • Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed. • Making general changes to the nature, timing or extent of audit procedures, for example: performing substantive procedures at the period end instead of at an interim date; or modifying the nature of audit procedures to obtain more persuasive audit evidence. Reasons for Risk Assessment When she designs these audit procedures to be performed, the auditor should consider the reasons for the assessment including: the likelihood of material misstatement due to inherent risk and whether the risk assessment takes account of relevant controls (that is, the control risk), thereby obtaining audit evidence to determine whether the controls are operating effectively. Such considerations have a significant bearing on the auditor’s general approach, for example, an emphasis on substantive procedures (substantive approach), or an approach that uses tests of controls as well as substantive procedures (combined approach). By using an approach of gathering evidence by testing controls, the auditor is lowering the control risk. This allows the auditor to accept a higher detection Ch09_PrinciplesOfAuditing_Ed3 P a g e | 4 risk , which allows the auditor to reduce the evidence needed from substantive procedures. This also applies the other way around. The auditor can accept a high control risk by not testing controls. This needs to be compensated by reducing the detection risk. In order to have a low detection risk, the auditor needs to gather relatively more evidence from performing substantive procedures. The assessment of the risks of material misstatement at the financial statement level, and thereby the auditor’s overall responses, is affected by the auditor’s understanding of the control environment. An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct some audit procedures at an interim date rather than at the period end. Deficiencies in the control environment, however, have the opposite effect; for example, the auditor may respond to an ineffective control environment by: • Conducting more audit procedures as of the period end rather than at an interim date. • Obtaining more extensive audit evidence from substantive procedures. • Increasing the number of locations to be included in the audit scope. The higher the auditor’s assessment of risk, the more persuasive audit evidence she needs. When obtaining more persuasive audit evidence because of a higher assessment of risk, the auditor may increase the quantity of the evidence, or obtain evidence that is more relevant or reliable, for example, by placing more emphasis on obtaining third party evidence or by obtaining corroborating evidence from a number of independent sources. The auditor must consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements (completeness of expense, existence of revenue, etc.). If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor must express a qualified opinion or disclaim an opinion on the financial statements. Documentation in workpapers of responses to assessed risk The auditor must include in the audit documentation the overall responses to address the assessed risks of material misstatement and the nature, timing and extent of the further audit procedures Ch09_PrinciplesOfAuditing_Ed3 P a g e | 5 performed. The auditor should also document the linkage of those procedures with the assessed risks at the assertion level; and the results of the audit procedures, including the conclusions where these are not otherwise clear. 9.3 The Basis of Evidence Evidence is anything that can make a person believe that a fact, proposition, or assertion is true or false. Audit evidence is information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based.4 Audit evidence includes both information contained in the accounting records underlying the financial statements and other information. Auditors are not expected to address all information that may exist. Audit evidence, which is cumulative in nature, includes audit evidence obtained from audit procedures performed during the course of the audit and may include audit evidence obtained from other sources such as previous audits and a firm’s quality control procedures for client acceptance and continuance. Audit evidence is different from the legal evidence required by forensic accounting5. Evidence for proof of audit assertions is different from evidence in a legal sense. Audit evidence needs only to prove reasonable assurance, whereas in a legal environment there is a more rigorous standard of proof and documentation. (See Illustration 9.1) ILLUSTRATION 9.1 LEGAL EVIDENCE AND AUDIT EVIDENCE [Figure Second Edition 9.1 near here] Ch09_PrinciplesOfAuditing_Ed3 P a g e | 6 Electronic Evidence Some of the entity’s accounting data and other information may be available only in electronic form. For example, entities may use electronic data interchange (EDI) or image processing systems. In EDI, the entity and its customers or suppliers use communication links to transact business electronically. Purchase, shipping, billing, cash receipt, and cash disbursement transactions are often consummated entirely by the exchange of electronic messages between the parties. In image processing systems, documents are scanned and converted into electronic images to facilitate storage and reference, and the source documents may not be retained after conversion. Certain electronic information may exist at a certain point in time, but may not be retrievable after a specified period of time if files are changed and if back-up files do not exist. The electronic nature of the accounting documentation usually requires that the auditor use computer-assisted audit techniques (CAATs). 9.4 Financial Statement Assertions Management is responsible for the fair presentation of financial statements so that they reflect the nature and operations of the company based on the applicable financial reporting framework (IAS, GAAP, etc.). Management prepares the financial statements based upon the accounting records and other information, such as minutes of meetings; confirmations from third parties; analysts’ reports; Ch09_PrinciplesOfAuditing_Ed3 P a g e | 7 comparable data about competitors (benchmarking); and controls manuals. The auditor is likely to use the accounting records and that other information as audit evidence. In representing that the financial statements are in accordance with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of financial statements and related disclosures. Management makes assertions that can be grouped into three groups: (1) assertions about about classes of transactions and events for the period under audit; (2) assertions about account balances at the period end; and (3) assertions about presentation and disclosure. Illustration 9.2 makes a graphic presentation of the areas and assertions. Assertions are representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur.6 The standard assertions are occurrence, completeness, accuracy, cutoff, classification, existence, rights and obligations, valuation and allocation, and understandability . The auditor assesses risks of potential misstatements based on these assertions and designs audit procedures to discover sufficient appropriate evidence. ILLUSTRATION 9.2 FINANCIAL STATEMENT ASSERTIONS GROUPED BY SUBSTANTIVE TEST AREAS [Figure Second Edition 9.2 near here] Ch09_PrinciplesOfAuditing_Ed3 P a g e | 8 Classes of transactions and events for the period under audit Occurrence Completion Accuracy Cutoff Classification Assertion Account balance at the period end Presentation and disclosure Existence Rights and obligation Completeness Valuation Occurrence and rights and Obligations Completeness Classification and Understandability Accuracy and valuation Standard Assertions Auditors have identified several assertions that management makes, directly or indirectly, relating to the financial statements. The standard assertions are occurrence, completeness, accuracy, cutoff, classification, existence, rights and obligations, valuation and allocation, and understandability. In each of the three groups, the assertions are defined differently and sometimes combined, Illustration 9.3 gives the definitions of the management assertions by group.7 Ch09_PrinciplesOfAuditing_Ed3 P a g e | 9 Illustration 9.3 Management Assertions by group ASSERTIONS about classes of transactions and events for the period under audit Occurrence Completeness Accuracy Cutoff Classification transactions and events that have been recorded have occurred and pertain to the entity. all transactions and events that should have been recorded have been recorded. amounts and other data relating to recorded transactions and events have been recorded appropriately. transactions and events have been recorded in the correct accounting period. transactions and events have been recorded in the proper accounts. ASSERTIONS about account balances at the period end Existence Rights and obligations Completeness Valuation and allocation assets, liabilities, and equity interests exist. the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. all assets, liabilities and equity interests that should have been recorded have been recorded. assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. ASSERTIONS about presentation and disclosure Occurrence and rights and obligations Completeness Classification and understandability Accuracy and valuation disclosed events transactions, and other matters have occurred and pertain to the entity. all disclosures that should have been included in the financial statements have been included. financial information is appropriately presented and described, and disclosures are clearly expressed. financial and other information are disclosed fairly and at appropriate amounts. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. 9.5 Test of Controls Test of controls are audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.8 Designing Ch09_PrinciplesOfAuditing_Ed3 P a g e | 10 tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. The auditor must design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if she assumes that the controls are operating effectively or substantive procedures alone would be inadequate to get sufficient evidence. The auditor will perform other audit procedures in combination with inquiry to obtain audit evidence about the operating effectiveness of the controls, including details about how the controls were applied at relevant times during the period under audit; the consistency with which they were applied, and by whom or by what means they were applied. The auditor must also determine whether the controls to be tested depend upon other controls (indirect controls), and, if so, whether it is necessary to obtain audit evidence supporting the effective operation of those indirect controls. The auditor tests controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls. Audit evidence pertaining only to a point in time may be sufficient for the auditor’s purpose, for example, when testing controls over the entity’s physical inventory counting at the period end. If, on the other hand, the auditor intends to rely on a control over a period, tests of the control at relevant times during that period are appropriate. Such tests may include tests of the entity’s monitoring of controls. When evaluating the operating effectiveness of relevant controls, the auditor must evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, however, does not mean that controls related to the assertion being tested are effective. A material misstatement detected by the auditor’s procedures is a strong indicator of the existence of a significant deficiency in internal control. If deviations from controls upon which the auditor intends to rely are detected, the auditor must make specific inquiries and determine whether the tests of controls that have been performed provide an appropriate basis for reliance on the controls. He must also determine if additional tests of controls are necessary or potential risks of misstatement need to be addressed using substantive procedures. Ch09_PrinciplesOfAuditing_Ed3 P a g e | 11 The concept of effectiveness of the operation of controls recognizes that some deviations in the way controls are applied may occur. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. The detected rate of deviation, in particular in comparison with the expected rate, may indicate that the control cannot be relied on to reduce risk at the assertion level to that assessed by the auditor. Designing and Performing Tests of Controls Tests of controls are performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. If substantially different controls were used at different times during the period under audit, each is considered separately. In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control. Testing the operating effectiveness of controls is different from obtaining an understanding of and evaluating the design and implementation of controls. However, the same types of audit procedures are used. The auditor may test the operating effectiveness of controls at the same time as evaluating their design and implementation. Although some risk assessment procedures may not have been specifically designed as tests of controls, they may nevertheless provide audit evidence about the operating effectiveness of the controls and, consequently, serve as tests of controls. For example, the auditor’s risk assessment procedures may have included inquiring about management’s use of budgets, observing management’s comparison of monthly budgeted and actual expenses, and inspecting reports about the variances between budgeted and actual amounts. These audit procedures provide knowledge about budgeting policies and whether they have been implemented, but may also provide audit evidence about the effectiveness of the operation of budgeting policies in preventing or detecting material misstatements in the classification of expenses. In some cases, the auditor may find it impossible to design effective substantive procedures that by themselves provide sufficient appropriate audit evidence. This may occur when an entity conducts Ch09_PrinciplesOfAuditing_Ed3 P a g e | 12 its business using IT and no documentation of transactions is produced or maintained, other than through the IT system. In such cases, the auditor is required to perform tests of relevant controls. Nature and Extent of Tests of Controls The nature of the particular control influences the type of procedure required to obtain audit evidence about whether the control was operating effectively. For example, if operating effectiveness is evidenced by documentation, the auditor may decide to inspect the documents. For other controls, however, documentation may not be available or relevant. For example, documentation of operation may not exist for some factors such as assignment of authority and responsibility, or for some types of control activities, such as control activities performed by a computer. In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit procedures such as observation or the use of computer assisted audit techniques9 (CAATs). Inquiry alone is not sufficient to test the operating effectiveness of controls so other audit procedures are performed in combination with inquiry, for instance inquiry combined with inspection or reperformance may provide more assurance When more persuasive audit evidence is needed regarding the effectiveness of a control, it the auditor increases the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the frequency of the performance of the control during the period, the expected rate of deviation from a control, the relevance and reliability of the audit evidence, and the extent to which audit evidence is obtained from tests of other controls. Because of the inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an automated control. An automated control can be expected to function consistently unless the program (including the tables, files, or other permanent data used by the program) is changed. Once the auditor determines that an automated control is functioning as intended (which could be done at the time the control is initially implemented or at some other date), the auditor may consider performing tests to determine that the control continues to function effectively. Such tests might include determining that changes to the program are not made without being subject Ch09_PrinciplesOfAuditing_Ed3 P a g e | 13 to the appropriate program change controls and the authorized version of the program is used for processing transactions. Using Previous Audit Evidence In certain circumstances, audit evidence obtained from previous audits may provide audit evidence where the auditor may perform audit procedures to establish its continuing relevance. For example, in a previous audit, the auditor may have determined that an automated control was functioning as intended. The auditor may obtain audit evidence to determine whether changes to the automated control have been made that affect its continued effective functioning through, for example, inquiries of management and the inspection of logs to indicate what controls have been changed. Changes may affect the relevance of the audit evidence obtained in previous audits such that there may no longer be a basis for continued reliance. For example, changes in a system that enable an entity to receive a new report from the system probably do not affect the relevance of audit evidence from a previous audit; however, a change that causes data to be accumulated or calculated differently does affect it. The auditor depends on professional judgment in deciding on whether to rely on audit evidence obtained in previous audits for controls that have not changed since they were last tested and are not controls that mitigate a significant risk. However, ISA 33010 requires controls to be retested at least once in every third year. Factors that may decrease the period for retesting a control, or result in not relying on audit evidence obtained in previous audits at all, include the following: A deficient control environment. Deficient monitoring of controls. A significant manual element to the relevant controls. Personnel changes that significantly affect the application of the control. Changing circumstances that indicate the need for changes in the control. Deficient general IT controls. Ch09_PrinciplesOfAuditing_Ed3 P a g e | 14 9.6 Substantive Procedures The main work of an auditor is to find evidence using test procedures. A substantive procedure is an audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise: (1) tests of details (of classes of transactions, account balances, and disclosures); and (2) substantive analytical procedures. [UNFig near here] Test of details of transations and balances Analytical Procedures Substantive Procedures Audit evidence is the information used by the auditor in arriving at the conclusions on which the audit opinion is based. Audit evidence consists of source documents and accounting records underlying the financial statements and corroborating information from other sources and can be gathered by tests of controls as well as substantive procedures. This chapter provides guidance on the basis of evidence (standards of proof and documentation and financial statement assertions), what constitutes sufficient appropriate audit evidence (the quantity and quality of audit evidence) and the substantive audit procedures that auditors use for obtaining 11 that audit evidence. Substantive procedures are tests performed to obtain audit evidence to detect material misstatements or significant misstatements that may in aggregate be material in the financial statements. Substantive procedures are responses to the auditor’s assessment of the risk of material Ch09_PrinciplesOfAuditing_Ed3 P a g e | 15 misstatement. The higher the assessed risk, the more likely the extent of the substantive procedures will increase and the timing of procedures will be performed close to the period. Irrespective of the assessed risks of material misstatement, the auditor should design and perform substantive procedures for all relevant assertions related to each material class of transactions, account balance, and disclosure.12 Furthermore, if the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor should perform substantive procedures that are specifically responsive to that risk. For example, if there is a significant risk that management is inflating revenue to meet earnings expectations the auditor may design external confirmations (discussed in the next section) not only to confirm outstanding amounts, but also to confirm the details of the sales agreements, and then follow up those confirmations with inquiries regarding any changes in sales agreements and delivery terms. Nature of Substantive Procedures The nature of substantive procedures includes tests of details (of transactions and of balances) and substantive analytical procedures. The auditor’s substantive procedures include agreeing the financial statements to the accounting records, examining material adjustments made during the course of preparing the financial statements, and other procedures relating to the financial reporting closing process. Substantive analytical procedures, discussed in Chapter 8 Analytical Procedures, are generally more applicable to large volumes of transactions that tend to be predictable over time. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain financial statement assertions, including existence and valuation. Tests of Balances Tests of balances are substantive tests that provide either reasonable assurance of the validity of a general ledger balance or identify a misstatement in the account. When testing balances the auditor is concerned with overstatement or understatement of the line item in the financial statement. These tests are used to examine the actual details making up high turnover accounts such as cash, accounts receivable, accounts payable, etc. Tests of balances are important because the auditor’s ultimate Ch09_PrinciplesOfAuditing_Ed3 P a g e | 16 objective is to express an opinion on financial statements that are made up of account balances. In audits of small businesses, auditors may rely exclusively on tests of balances. Illustration – Test of Accounts Receivable Balance A test of balance may be illustrated as follows. If accounts receivable total €1,500,000 at the end of the year, tests of details may be made of the individual components of the total account. Assume that the accounts receivable control account balance of €1,500,000 is the total of 300 individual customer accounts. As a test of balances, an auditor might decide to confirm a sample of these 300 accounts. Based on an analysis of internal controls, the auditor may decide that the proper sample size should be 100 accounts that should be tested by confirmation. Thus the auditor tests the detail supporting the account to determine if the line item “Accounts Receivable” is overstated – i.e. the existence of the accounts has been confirmed. As an additional test, the auditor may examine cash receipts received after year-end, testing for understatement, which provides evidence as to both the existence and measurement of the accounts. Concept and a Company 9.1 Kmart Executives Manipulate the Contract Process Concept Side agreements that materially impact a company may be concealed. Story Kmart Corporation is a US discount retailer and a general merchandise retailer. The company operates in the general merchandise retailing industry through 1,829 Kmart discount stores with locations in all 50 states, Puerto Rico, the United States Virgin Islands and Guam. On January 22, 2002, Kmart and 37 of its US subsidiaries filed voluntary petitions for reorganization under Chapter11 of the federal bankruptcy laws. Just prior to the bankruptcy, two executives lied to Kmart accounting personnel and concealed a side letter relating to the $42 million payment from one of Kmart’s vendors in order to improperly recognize the entire amount in the quarter ended August 1, 2001. Those deceptions caused Kmart to understate losses by the material amount of $0.06 per share, or 32 percent. (Merrick 2003) The Securities and Exchange Commission (SEC 2003) filed civil charges against the two men responsible for this misstatement – Joseph A. Hofmeister and Enio A. Montini Jr. Montini and Ch09_PrinciplesOfAuditing_Ed3 P a g e | 17 Hofmeister negotiated a five-year contract for which American Greetings paid Kmart an “allowance” of $42,350,000 on June 20, 2001. The contract was for, among other things, exclusive rights to sell their product – greetings cards – in Kmart stores. American Greetings was to take over the 847 stores that were formerly supplied by Hallmark, the major competitor of American Greetings, at a rate of $50,000 per store. Under the terms of its 1997 contract with Hallmark, Kmart was obligated to repay a portion of certain prepaid allowances and other costs, and accordingly Kmart paid Hallmark $27,298,210 on or about June 4, 2001. Accounting Makes a Difference in Bonus Kmart classified these vendor allowances as a reduction in cost of goods sold in its statement of operations. One of the primary measures of performance for Montini and Hofmeister was contribution to gross margin. Because vendor allowances were generally accounted for as a reduction of cost of goods sold, this could help the two make their gross margin numbers and their bonuses. Montini also received an additional $750,000 forgivable cash loan after the deal was closed. Secret Negotiations Montini and Hofmeister conducted their negotiations with American Greetings in secret, excluding from the process key finance and accounting personnel. Since the accounting people had been frozen out of the negotiations, they depended on the two men to give them the details. Montini assured the Finance Divisional VP that there were “no strings attached” to the $42 million. In fact, American Greetings had insisted that any and all up front monies be covered by a payback provision. American Greetings worried that, given Kmart’s shaky financial condition, the retailer might not survive the contract term. (SEC 2003) Montini had made two agreement letters with American Greetings. One agreement letter appeared to exclude the $42,350,000 from any repayment obligation. A second letter (the side letter) obligated Kmart to pay American Greetings “liquidated damages” for early termination of the agreement. Montini and Hofmeister provided a copy of the signed “No Strings Attached” letter, but not the “Liquidated Damages” letter, to the Finance DVP and Internal Audit. GAAP, as well as the company’s own accounting policies and practices, required that the $42 million be recognized over the term of the agreement. Instead, Kmart improperly recognized the entire $42 million allowance during the quarter ended August 1, 2001; $27 million as an “offset” to the payment to Hallmark and $15 million in “incremental” merchandise allowances. Discussion Questions agreement? What procedures can Kmart’s independent auditor use to uncover the side Ch09_PrinciplesOfAuditing_Ed3 P a g e | 18 What circumstances should have alerted Kmart’s management and internal auditors to possible problems? References Merrick, A., 2003, “Leading the News: U.S Indicts 2 Ex-Executives of Kmart Corp,” Wall Street Journal, February 27. SEC, 2003, Litigation Release No. 18000, “SEC Charges Two Former Kmart Executives with $42 Million Accounting Fraud,” US Securities and Exchange Commission, February 26. Test of Accounts Receivable Test of Revenue From this example we can see an interesting aspect of a test of balances which is that the test makes use of the inherent properties of double-entry accounting systems. Accounting transactions involve a double entry. From the auditor’s perspective, this means that a test of one side of the transaction simultaneously tests the other side of the transaction. Direction of Testing Testing for overstatement or understatement is called the direction of testing. By coordinating the direction of testing each account balance is simultaneously tested for both overstatement and understatement. For instance, if all liability, equity, and revenue balances are tested for understatement and all asset and expense accounts are tested for overstatement, then all account balances in the balance sheet and the income statement will be tested, either directly or indirectly, for both overstatement and understatement. Interim Testing Using Substantive Procedures There are several considerations in determining the timing of substantive procedures. In some instances, primarily as a practical matter, substantive procedures may be performed at an interim date. Only using interim testing procedures will increase the risk that misstatements existing at the period end will not be detected. That risk increases the longer the time between interim and period end. If substantive procedures are performed at an interim date, the auditor must cover the remaining period by either performing substantive procedures combined with tests of controls for the intervening period Ch09_PrinciplesOfAuditing_Ed3 P a g e | 19 or further substantive procedures only, as long as that will provide a reasonable basis for extending the audit conclusions from the interim date to the period end.13 . Performing audit procedures at an interim date may assist the auditor in identifying and resolving issues at an early stage of the audit. Ordinarily, the auditor compares and reconciles information concerning the account balances at the period end with the comparable information at the interim date to identify amounts that appear unusual, investigates any such amounts, and performs substantive analytical procedures or tests of details to test the intervening period. Extent of Substantive Procedures The greater the risk of material misstatement, the greater the extent of substantive procedures. In planning tests of details of transactions or balances, the extent of testing is ordinarily thought of in terms of the sample size,14 which is affected by the risk of material misstatement. The use of CAATs may enable more extensive testing of electronic transactions and files. For example, in performing audit procedures, such techniques may be used to test an entire population instead of a sample. Because the risk of material misstatement takes account of internal control, the extent of substantive procedures may be reduced if tests of control show that controls are adequate. Test of Details: Search for Unrecorded Liabilities A substantive test usually performed on accounts payable is a search for unrecorded liabilities. This test may be part of the closing procedures or done in concert with the confirmation of accounts payable. This test provides evidence as to completeness and some evidence as to valuation. To search for unrecorded liabilities, the auditor reviews disbursements made by the client for a period after the balance sheet date, sometimes to the date of the completion of field work. Even though a client may not record accounts payable at year-end, vendors will probably pressure the client to pay the accounts payable within a reasonable period of time. Due to this pressure, most unrecorded accounts payable are paid within a reasonable time after the balance sheet date. By reviewing cash Ch09_PrinciplesOfAuditing_Ed3 P a g e | 20 disbursements subsequent to the balance sheet date, the auditor has a good idea of the potential population of unrecorded accounts payable. Procedures to find unrecorded liabilities start with a review of the cash disbursements journal for the period after the balance sheet date. The auditor then vouches a sample of invoices to determine to which period the payment relates. For example, vouching a January electricity payment to an unaccounted December bill will indicate that the payment relates to the period of December, prior to year-end. This would result in an unrecorded liability for which the auditor may propose an adjusting entry, if it is material. 9.7 Sufficient Appropriate Audit Evidence According to ISA 50015, the objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. As explained in ISA 20016, reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It Ch09_PrinciplesOfAuditing_Ed3 P a g e | 21 may also include information obtained from other sources such as previous audits . In addition to other sources inside and outside the entity, the entity’s accounting records are an important source of audit evidence. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. In addition, in some cases the absence of information (for example, management’s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperformance, and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. Professional Judgment on Sufficient and Appropriate ISA 330 requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained.17 Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. The auditor’s judgment as to what constitutes sufficient appropriate audit evidence is influenced by such factors as:18 the significance of the potential misstatement in the assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements: the more material the item, the greater the required sufficiency and appropriateness of evidence; the effectiveness of management’s responses and controls to address the risks: strong controls reduce evidence requirements; Ch09_PrinciplesOfAuditing_Ed3 P a g e | 22 the experience gained during previous audits with respect to similar potential misstatements: prior experience with the client will indicate how much evidence was taken before and if that was enough or appropriate; results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error; source and reliability of the available information; persuasiveness of the audit evidence; understanding of the entity and its environment, including its internal control. Illustration 9.4 summarizes the considerations for determining whether audit evidence is “sufficient appropriate evidence.” ILLUSTRATION 9.4 SUFFICIENT APPROPRIATE AUDIT EVIDENCE When designing and performing audit procedures, the auditor must consider the relevance and reliability of the information to be used as audit evidence. Reliability is the quality of information when it is free from material error and bias and can be depended upon by users to represent faithfully that which it either purports to represent or could reasonably be expected to represent. Relevance of Ch09_PrinciplesOfAuditing_Ed3 P a g e | 23 evidence is the appropriateness (pertinence) of the evidence to the audit objective being tested. The quantity (relevance and reliability) of audit evidence needed is affected by the risk of misstatement (the greater the risk, the more audit evidence is required) and also by the quality of the audit evidence (the higher the quality of evidence, the less is required).19 See Illustration 9.5. ILLUSTRATION 9.5 THE QUALITY OF AUDIT EVIDENCE [Figure Second Edition 9.5 near here] Ch09_PrinciplesOfAuditing_Ed3 P a g e | 24 Relevance Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing (overstatement or understatement of the account). For example, if the purpose of an audit procedure is to test for overstatement of accounts payable, testing the recorded accounts payable may be a relevant audit procedure. On the other hand, when testing for understatement of accounts payable, testing the recorded accounts payable would not Ch09_PrinciplesOfAuditing_Ed3 P a g e | 25 be relevant, but testing such information as subsequent disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may be relevant. A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation of sales and the related receivable, but not necessarily cutoff (when the sales occurred). Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion, for example, the valuation of that inventory. Tests of controls are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion. Reliability When using information produced by the entity, the auditor must evaluate whether the information is sufficiently reliable for the auditor’s purposes, including obtaining audit evidence about the accuracy and completeness of the information; and evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes. The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, Ch09_PrinciplesOfAuditing_Ed3 P a g e | 26 including the controls over its preparation and maintenance where relevant. Therefore, generalizations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, information obtained from an independent external source may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful20 (See Illustration 9.6): The reliability of audit evidence is increased when it is obtained from independent sources outside the entity. The reliability of audit evidence that is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective. Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control). Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed). Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized or otherwise transformed into electronic form, the reliability of which may depend on the controls over their preparation and maintenance. ILLUSTRATION 9.6 RELIABILITY OF EVIDENCE Ch09_PrinciplesOfAuditing_Ed3 P a g e | 27 An audit performed in accordance with ISAs rarely involves the authentication of documents, nor is the auditor trained as or expected to be an expert in such authentication.21 Ordinarily the auditor may accept records and documents as genuine. However, there may be circumstances where the auditor has reason to believe that a document used as evidence may not be authentic, or may have been modified without that modification having been disclosed to the auditor. In such a case, the auditor must investigate further.22 Possible procedures to investigate further may include confirming directly with the third party and using the work of an expert to assess the document’s authenticity. While audit evidence is primarily obtained from audit procedures performed during the course of the audit, it may also include information obtained from other sources such as, for example, management’s expert, the entity itself, previous audits, or a firm’s quality control procedures for client acceptance and continuance. If information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor must evaluate the competence, capabilities and objectivity of that expert; obtain an understanding of the work of that expert; and evaluate the appropriateness of that expert’s work as audit evidence. Audit evidence to determine that the accounting records are internally consistent and agree to the financial statements is obtained by performing audit procedures to test the accounting records, for example, through analysis and review, re-performing procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Corroborating information, such as evidence existing within the accounting records, minutes of meetings, or Ch09_PrinciplesOfAuditing_Ed3 P a g e | 28 evidence obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally. Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from third parties, analysts’ reports, and comparable data about competitors (benchmarking data). Audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing risk assessment procedures, tests of controls and substantive procedures, including tests of details and substantive analytical procedures. Persuasive Evidence Persuasive evidence has the power or ability to persuade based on logic or reason, often depending on the use of inductive or deductive reasoning. Evidence may be persuasive based on the character, credibility, or reliability of the source. Unlike legal evidence, audit evidence does not have to be conclusive to be useful. Ordinarily, the auditor finds it necessary to rely on audit evidence that is persuasive rather than conclusive and will often seek audit evidence from different sources or of a different nature to support the same assertion on which the evidence is based. Not all the information available is examined. Conclusions can be reached about controls, transactions, or the account balance by using a sample of the available information that is analyzed by statistical sampling or judgment. Audit evidence is more persuasive when there is consistency between items from different sources or of a different nature. Evidence is usually more persuasive for balance sheet accounts when it is obtained close to the balance sheet date. For income statements, evidence is more persuasive if it is a sample from the entire period. A random sample from the entire period is more persuasive than a sample from the first six months. Cost/Benefit The auditor also needs to think about the relationship between the cost of obtaining audit evidence and the usefulness of the information obtained. However, the matter of difficulty and expense involved is not in itself a valid basis for omitting a necessary procedure. If an auditor is Ch09_PrinciplesOfAuditing_Ed3 P a g e | 29 unable to obtain sufficient appropriate audit evidence, he should express a qualified opinion or a disclaimer of opinion. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, he should attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, he should express a qualified opinion or a disclaimer of opinion. Concept and a Company 9.2 Concept Sufficient appropriate audit evidence. Mattel employs several accounting tricks that went unnoticed or were not investigated in the audit. Story Mattel, Inc. of El Segundo, California designs, manufactures and markets various toy products worldwide. Mattel brands include: Barbie dolls and accessories, Hot Wheels, Matchbox, Nickelodeon, Harry Potter, Yu-Gi-Oh!, He-Man and Masters of the Universe, Fisher-Price, Sesame Street, Winnie the Pooh, Blue’s Clues, Barney, and View-Master, as well as games and puzzles. Almost from its founding in 1945, Mattel was very successful, but the company began experiencing serious problems in the early 1970s. Mattel tried several accounting schemes to keep their growth high including a “bill and hold” program, understatement of inventory reserves, improper amortization of tooling costs, non-payment of royalties, and booking insurance recovery in the wrong period. (Knapp 2001) Here we will address the sales and accounts receivable “bill and hold” issues. Mattel Invents the Term In order to inflate the company’s reported earnings, top executives established the “bill and hold” program. This was the first instance of the term “bill and hold” for the practice of billing customers for future sales, recording the sales immediately, and holding on to the inventory – bill and hold. The SEC gave several reasons why the subject sales should not have been recorded in 1991 (SEC 1981): The merchandise was not shipped. The merchandise was not physically segregated from Mattel’s inventory. The customer could cancel the order without penalty. Mattel retained the risks of ownership. In many instances, the invoices were prepared without knowledge of the customer. Ch09_PrinciplesOfAuditing_Ed3 P a g e | 30 Covering Their Tracks To support the bill and hold sales, Mattel prepared bogus sales orders, sales invoices, and bills of lading. The bills of lading were signed by the same employees as both themselves and a common carrier and were stamped “bill and hold” on the face. When the goods were actually sold much later, Mattel’s inventory records were full of errors. To resolve the problem, Mattel reversed the sales booked, but this created negative sales for the next period. To fix that problem, Mattel booked a fictitious $11 million sale in their general ledger, but not their accounts receivable subsidiary ledger, creating an unreconciled difference. They reversed another $7 million of the remaining bill and hold sales in fiscal 1992. (SEC 1981) The Audit of Sales Mattel’s auditors, Arthur Andersen, sent accounts receivable confirmations. The confirmations were returned with discrepancies in what the customers claimed and what Mattel booked. To resolve the discrepancies, the auditors obtained copies of bills of lading to determine whether goods had actually been shipped. Even though the bills of lading were stamped “bill and hold,” the auditors never asked Mattel to explain the phrase. Furthermore, the bills of lading lacked required routing or delivery instructions. The employee signatures as themselves and common carriers did not get noticed. (SEC 1981) When the auditors looked at fiscal 1972 they found the $7 million reversing entry that caused that month’s general ledger sales to be $7 million less than the sales figure in the corresponding sales invoice register. The staff auditor accepted the explanation of a Mattel employee that the offset to sales was due to “invoicing errors” uncovered by Mattel employees when comparing computerprepared invoices to bills of lading. The Andersen senior reviewing the workpapers wrote the staff person, “Need a better explanation. This looks like a big problem,” but the problem was investigated no further. (Knapp 2001) Had Arthur Anderson utilized analytical procedures to evaluate the overall reasonableness of Mattel’s monthly sales, they should have discovered that monthly sales varied dramatically from 1970 to 1972. This was a result of errors introduced by the bill and hold scheme and the subsequent reversals. Discussion Questions What alternative audit procedures could the Andersen auditors perform when (or if) they found the inconsistencies in conformations and bills of lading? Why do you think the staff auditor accepted the explanation of the $7 million discrepancy by the Mattel employee? Why was it not followed up? Ch09_PrinciplesOfAuditing_Ed3 P a g e | 31 References Knapp, M., 2001, “Mattel, Inc,” Contemporary Auditing Real Issues & Cases, South Western College Publishing, Cincinnati, Ohio. pp.3–14. SEC, 1981, Accounting Series Release No. 292, “SEC Charges Mattel, Inc. with Financial Fraud,” US Securities and Exchange Commission, June 22. Mattel, Inc. Originators of “Bill and Hold” Toy with Accounting Ch09_PrinciplesOfAuditing_Ed3 P a g e | 32 9.7 Summary Evidence gathering procedures in auditing are directed by the assessment of risk of material misstatement. ISA 330 states, “The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks.” To meet this objective of obtaining sufficient appropriate audit evidence, the auditor must design and perform audit procedures whose nature, timing and extent are based on, and are responsive to, the assessed risks. The nature of an audit procedure refers to its purpose (that is, test of controls or substantive procedure) and its type (that is, inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedure). The nature of the audit procedures is of most importance in responding to the assessed risks. Timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies. Extent of an audit procedure refers to the quantity to be performed, for example, a sample size or the number of observations of a control activity. Evidence is anything that can make a person believe that a fact, proposition, or assertion is true or false. Audit evidence is information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence includes both information contained in the accounting records underlying the financial statements and other information. Auditors are not expected to address all information that may exist. Audit evidence, which is cumulative in nature, includes audit evidence obtained from audit procedures performed during the course of the audit and may include audit evidence obtained from other sources such as previous audits and a firm’s quality control procedures for client acceptance and continuance. Evidence for proof of audit assertions is different from evidence in a legal sense. Audit evidence needs only to prove reasonable assurance, whereas in a legal environment there is a more rigorous standard of proof and documentation. Management is responsible for the fair presentation of financial statements so that they reflect the nature and operations of the company based on the applicable financial reporting framework (IAS, GAAP, etc.). Management prepares the financial statements based upon the accounting records and Ch09_PrinciplesOfAuditing_Ed3 P a g e | 33 other information, such as minutes of meetings; confirmations from third parties; analysts’ reports; comparable data about competitors (benchmarking); and controls manuals. The auditor is likely to use the accounting records and that other information as audit evidence. In representing that the financial statements are in accordance with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of financial statements and related disclosures. Management makes assertions that can be grouped into three groups: (1) assertions about about classes of transactions and events for the period under audit; (2) assertions about account balances at the period end; and (3) assertions about presentation and disclosure. The standard assertions are occurrence, completeness, accuracy, cutoff, classification, existence, rights and obligations, valuation and allocation, and understandability. Test of controls are audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. The main work of an auditor is to find evidence using test procedures. A substantive procedure is an audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise: (1) tests of details (of classes of transactions, account balances, and disclosures); and (2) substantive analytical procedures. Audit evidence is the information used by the auditor in arriving at the conclusions on which the audit opinion is based. Audit evidence consists of source documents and accounting records underlying the financial statements and corroborating information from other sources and can be gathered by tests of controls as well as substantive procedures. Substantive procedures are tests performed to obtain audit evidence to detect material misstatements or significant misstatements that may in aggregate be material in the financial statements. Substantive procedures are responses to the auditor’s assessment of the risk of material Ch09_PrinciplesOfAuditing_Ed3 P a g e | 34 misstatement. The higher the assessed risk, the more likely the extent of the substantive procedures will increase and the timing of procedures will be performed close to the period. A substantive test usually performed on accounts payable is a search for unrecorded liabilities. This test may be part of the closing procedures or done in concert with the confirmation of accounts payable. This test provides evidence as to completeness and some evidence as to valuation. To search for unrecorded liabilities, the auditor reviews disbursements made by the client for a period after the balance sheet date, sometimes to the date of the completion of field work. According to ISA 500, the objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. As explained in ISA 200, reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. When designing and performing audit procedures, the auditor must consider the relevance and reliability of the information to be used as audit evidence. Reliability is the quality of information when it is free from material error and bias and can be depended upon by users to represent faithfully that which it either purports to represent or could reasonably be expected to represent. Relevance of evidence is the appropriateness (pertinence) of the evidence to the audit objective being tested. The quantity (relevance and reliability) of audit evidence needed is affected by the risk of misstatement (the greater the risk, the more audit evidence is required) and also by the quality of the audit evidence (the higher the quality of evidence, the less is required). Ch09_PrinciplesOfAuditing_Ed3 P a g e | 35 9.8 Notes 1 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 330 (ISA 330). “The Auditor’s Responses to Assessed Risks”. Paragraph 3. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 2 Two different explanations are provided for timing of an audit procedure. Alternative e.g.: Timing of the audit procedure is when the auditor performs the procedure e.g. interim from oct-dec (by a year-end of dec 31) and substantive procedures after year-end. The auditor further determines the period to which the audit evidence applies, e.g. for a test of control the whole financial year and for inventory count as close to the year end as possible, e.g. 31 December. 3 ISA 330.21 requires the auditor to perform substantive procedures for every significant risk. 4 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 500 (ISA 500). “Audit Evidence”. Paragraph 5. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 5 Forensic accounting is the application of accounting methods and financial techniques to collect civil and criminal legal evidence. 6 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 315 (ISA 315). “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment”. Paragraph A111. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 7 8 Ibid. ISA 315. Paragraph A111. Ibid. ISA 500. Paragraph A20. 9 Computer assisted audit techniques – Applications of auditing procedures using the computer as an audit tool. 10 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 330 (ISA 330). “The Auditor’s Responses to Assessed Risks”. Paragraph 14(b). Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 11 . International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 500 (ISA 500). “Audit Evidence.” Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York. 12 See Auditing Standards Board (U.S.). 2012. Statement on Auditing Standards: Clarification and Recodification AU-C 330 “Performing Audit Procedures in Response to Assessed Risks”. Paragraph 330.18. American Institute of Certified Public Accountants. June 1. http://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AU-C-00330.pdf 13 Ibid. ISA 330. Paragraph 22 Ch09_PrinciplesOfAuditing_Ed3 P a g e | 36 14 Audit sampling is the application of audit procedures to less than 100% of items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population 15 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 500 (ISA 500). “Audit Evidence”. Paragraph 5. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 16 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 200 (ISA 200). “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing”. Paragraph 5. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 17 Ibid. ISA 330. paragraph 26. 18 Ibid. ISA 330. Paragraph A62 19 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 500 (ISA 500). “Audit Evidence.” Paragraph A4. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York 20 Ibid. ISA 500. Paragraph A31. 21 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 200 (ISA 200). “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing”. Paragraph A47. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York. 22 International Auditing and Assurance Standards Board (IAASB). 2012. International Standard on Auditing 240 (ISA 240). “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”. Paragraph 13. Handbook of International Quality Control, Auditing Review, Other Assurance, and Related Services Pronouncements, 2012 Edition, Volume 1. International Federation of Accountants. New York
