Add to collection(s) Add to saved
  1. Business
  2. Finance

AUD - CAclubindia

advertisement 
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
Audit Sampling (statistic sampling)
Sampling risk – reach the wrong conclusion based on the sample
Although statistical sampling aids the auditor in quantitative ways, it
is not a substitute for professional
judgement. Professional judgement is still needed/required to set
parameters and evaluate the results.
2
main
types
of
sampling
1. Attribute sampling (rate of occurrence) – used for testing internal controls
(yes/no
questions)
2. Variable sampling (probability-proportional to size PPS or estimation sampling or numerical
quantity)
–
used in substantive testing of account balances ($ values)
Audit risk – risk of getting the opinion wrong due to uncertainty in applying audit procedures
(sampling and
other)
Risk of assessing control risk too low – risk that the assessed level of control risk
based on the sample is less
than the true risk based on the actual operating effectiveness of the
control (i.e. sample results indicate a lower
deviation rate than actually exists in the population)
Risk of assessing control risk too high – risk that the assessed level of control risk
based on the sample is
greater than the true risk based on the actual operating effectiveness
of the control. sample results indicate a
greater deviation rate than actually exists in the population
There are two sorts of mistakes an auditor can make with sampling:
1. The auditor may fail to identify an existing problem (incorrect
acceptance
and
assessing
control
risk
too
low)
2. The auditor may falsely identify a problem where none exist
(incorrect
too high)
rejection
and
assessing
control
risk
The risk of incorrect acceptance and the risk of assessing control risk too low relate to the
effectiveness of an audit in (possibly not) detecting an existing material misstatement. Auditors
usually accept a risk of 5% (or 10%). Inverse to the risk is the confidence level (also called
reliability). The auditor is 95% confident that the sample is representative of the population.
The risk of incorrect rejection and the risk of assessing control risk
too high relate to the efficiency of the audit
(the auditor does more audit work than is necessary)
Attribute Sampling
Planning considerations
•
Relationship between the sample to the objective of the test of controls
•
Tolerable deviation rate – maximum rate of deviation from a prescribed procedure the auditor
will tolerate
without modifying planned reliance (or changing control risk
assessment) on internal control. Rate set by
the auditor
•
Auditors allowable risk of assessing control risk too low
•
Characteristics of the population
Deviation rate – auditors best estimate of the deviation rate in the
population
from
which
the
sample
was
selected. There is a direct relationship to sample size: the fewer the
deviations
expected,
the
smaller
the
sample
size would be needed.
Population of 1000 and sample 100 items and 7 deviations identified
within
the
sample
7%
sample
deviation
rate
Estimate 70 deviations in the population (7% sample deviation rate)
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
If the estimated deviation rate for the entire population is less than
the
tolerable
rate
for
the
population,
the
auditor should consider the risk that such a result might be obtained
even
though
the
true
deviation
rate
for
the
population exceeds the tolerable rate for the population. For example
assume
the
tolerable
rate
for
a
population
is 5% and the sample consists of 60 items:
•
If no deviations are found in the sample of 60, the auditor may conclude that there is an
acceptably low
sampling risk that the true deviation rate in the population exceeds
the tolerable rate of 5% (this is because
the sample deviation rate is much less than the tolerable rate)
•
If the sample includes two or more deviations (2 in 60 = 3.33%), the auditor may conclude that
there is an
unacceptably high sampling risk that the rate of deviations in the
population exceeds the tolerable rate of
5% (this is because the sample deviation rate is close to the tolerable
rate)
•
The auditor applies professional judgement in making such evaluations
Perform the following steps when conducting attribute sampling
•
•
•
•
•
Define
Define
Define
the
objective
of
the
the
sampling
the
test
population
unit
Define
the
attributes
of
interest
Determine the sample size including risk of assessing control risk, tolerable deviation rate,
expected
deviation rate
Sample deviation rate + allowance for sampling risk = Upper
deviation
rate
Allowance for sampling risk = what we found in the sample isn’t
representative
of
the
population
If the upper deviation rate is less than or equal to the auditors
tolerable deviation rate, the auditor may rely on
the control (assuming results of other audit tests do not contradict
such results)
If the upper deviation rate exceeds the auditors tolerable deviation
rate, the auditor would not rely on the
control. Instead the auditor would either:
•
Select and test compliance with some other internal accounting control, or
•
Modify the nature, extent, or timing of related substantive tests to reflect the reduced reliance
Discovery
sampling
–
used
for
detecting
fraud
Stop-or-go sampling – allows auditor to stop and audit test before
completing
all
the
steps
(to
avoid
over
sampling) used when few error are expected in the population
Variable
sampling
(estimation
sampling)
Stratification – items subject to sampling are separated into relatively
homogenous
groups
and
treated
as
a
separate population, which usually results in a reduced sample size.
Commonly
used
when
a
population
has
highly variable recorded amounts
Higher the tolerable misstatement the lower the sample size
The auditor projects the misstatements found in the sample to the
population
using
one
of
several
methods
(MPU, ratio, difference, etc). The projected misstatement is applied to
the
recorded
balance
to
obtain
a
“point
estimate” of the true balance.
The auditor must then add an allowance for the sampling risk
(sometimes called a precision interval) to this
estimate
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
In deciding whether to accept the clients book value, the auditor determines whether the recorded
book value falls within the acceptable range (i.e. point estimate +/- the allowance for sampling risk).
If so, the book value is fairly stated
Probability-Proportional to size (PPS)
PPS – sampling unit is defined as an individual dollar in a population
Advantages
•
Emphasizes larger items by stratifying the sample. The chance of an item being selected is
proportionate to
its dollar amount
•
If no errors are expected, PPS sampling generally requires a smaller sample than other methods
Disadvantages
•
Items with zero, negative or understated balances require special design considerations
Sampling interval = tolerable misstatement ÷ reliability factor
Sample size = recorded amount of the population ÷ sampling interval
Tolerable misstatement - the maximum dollar error that may exist in
the account without causing the F/S to be
materially misstated
Reliability factors correspond to the risk of incorrect acceptance and
are generally obtained from a table
The Effect of Information Technology on the Audit
Test data (test deck) – technique that uses the application program to
process
a
set
of
test
data,
the
results
of
which are already known. (the clients system is used to process the
auditors
data,
off-line,
and
while
under
the
auditors control
Integrated test facility (ITF) – similar to test data approach except that
the test data is commingled with live
data (the clients system is used to process the auditors data, on-line)
•
Test data must be separated from the live data before the reports are created. This is usually
accomplished
by processing the test data to dummy accounts (fictitious customer,
branch, vendor)
•
Client personnel are not informed that the test is being run
Parallel simulation (reperformance test) – auditor re-processes some
or all the clients live data (using auditor
software) and then compares the results with the clients files (the
auditors system is used to process client data)
Generalized audit software packages (GASPs) – allows the auditor to
have little technical knowledge of the
clients system (computerized environment)
Internal Control Communication
2 types of control deficiency – deficiency in design and deficiency in
operation
Significant deficiency – adversely affects the fairness of the F/S
Previously communicated significant deficiencies and material
weaknesses that have not been corrected should
be communicated again
It is mgmt’s responsibility to evaluate and address control
deficiencies
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
Reporting on an entity’s internal control over financial reporting (not
an audit, just hired to review internal
controls)
The CPA may report on mgmt’s assertion or may report directly on
the effectiveness of the entity’s internal
control
Obtain from mgmt a written assertion about the effectiveness of the
entity’s internal control. The assertion may
be
presented
in
two
ways:
1. a separate report that will accompany the accountants report
2. a representation letter to the accounts
When a material weakness exists, the CPA should express an opinion
directly on the effectiveness of internal
control, and not on mgmt’s assertion
In a F/S audit, use of the report on the internal control is restricted,
while
In a separate examination of internal control, use of the report is
generally not restricted
SOX requirements related to internal controls
PCAOB standards require:
•
Issuers report (within the annual report) on mgmt’s assessment of the effectiveness of the
company’s
internal control over financial reporting, and
•
Auditors attest to (audit) the accuracy of mgmt’s report
The auditors report must disclose material weaknesses in internal
control, but is not required to disclose
significant deficiencies that are not material weakness (different than
the attestation standards)
If an auditor conducts the audit (of a nonissuer) in accordance with
both GAAS and PCAOB, the auditor may
indicate in the auditors report that the audit was conducted in
accordance with both standards
Government Auditing
Auditors responsibilities
•
Obtaining reasonable assurance that the F/S are free of material misstatements resulting from
violations of
laws and regulations that have direct and material effect on the F/S
•
•
•
Obtaining an understanding of the possible effects on F/S of laws and regulations
Assessing whether mgmt has identified laws and regulations that have direct and material effect
Communicating to mgmt and the audit committee that an audit in accordance with GAAP may
not be
sufficient if, during the audit, the auditor becomes aware that the
entity is subject to additional audit
requirements that may not be encompassed in the terms of the
engagement
Attestation engagements performed in conformity with Generally Accepted Government Auditing
Standards (GAGAS) (the yellow book) incorporate the AICPA’s standards for examinations,
reviews, and agreed upon procedures by reference and include expanded requirements
Audit
requirements
for
federal
financial
assistance
1. Expanded internal control documentation and testing requirements
2. Expanded reporting to include formal written reports on the
consideration of internal control and the
assessment of control risk
3. Expanded reporting to include whether the federal financial
assistance has been administered in
accordance with applicable laws and regulations (compliance
requirements)
4. Application of single audit standards to federal financial assistance
5. Auditors provide a copy of their peer review to government audit
clients
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
Mgmt is responsible for the entity’s compliance with laws and
regulations
Mgmt has identified and disclosed in writing to the auditor all the
laws
and
regulations
that
have
a
direct
and
material effect on its F/S
Audit reports should be distributed to the appropriate officials of the
entity requiring or arranging for the audit
(including external funding sources)
GAGAS requires a written report on the auditors understanding of internal control and the
assessment of control risk in all audits. This is different from GAAS, which requires written
communication only when significant deficiencies are noted
Single
audits:
OMB
Circular
A-133
The single audit act (OMB Circular A-133) requires entities that
expend
total
federal
assistance
equal
to
or
in
excess of $500,00 in a fiscal year to have an audit performed in
accordance with the Act
•
Programs classified as major are those that expend $300,000 or more in federal financial
assistance, but
smaller programs may be deemed major is they are classified as high
risk
•
Materiality evaluation in a single audit includes a separate evaluation of materiality for each
major program
selected
•
Single audits - audits of an entire organization that include additional audit procedures on
specific programs
and include a report on the F/S of the whole organization and audit
reports on the specific programs
•
program-specific audits - audits of specific programs and do not include reports on the F/S of the
organization taken as a whole
Auditor communication requirements increase
settings. Auditors often have the responsibility of
in
government
reporting significant deficiencies to specific regulatory bodies or
grantor agencies
A5-47 chart memorize
Communication with the Audit Committee
Audit committee
– committee of the board of directors, composed of 3-5 members of the
board who are outside
directors. Outside directors are not employees of the firm and do not
have a material financial interest in the
firm
•
main purpose is to enhance the internal control by creating a means of direct communication
between the
committee and the auditors. An audit committee is considered to be
part of the internal control structure
•
SOX requires the audit committee to approve the engagement of an auditor, and oversee the
services
•
All material communications must be made to the audit committee before the auditors report is
filed with
the SEC
•
Communication may be oral or written. If its oral the auditor should document the conversation
•
Do not communicate with the audit committee on how we (the auditor) plan to implement the
audit
Management Representations
Obtained from mgmt at the conclusion of fieldwork and should
address all F/S covered by the report even if
current mgmt was not present during all such periods
Purpose:
1. To confirm representations explicitly or implicitly given to auditor
2. To indicate and document the continuing appropriateness of such
representations
3. To reduce the possibility of misunderstanding concerning matter
that are the subject of the
AUD - Notes Chapter 5
http://cpacfa.blogspot.com
•
•
•
•
•
Letter is mandatory to issue an unqualified opinion, otherwise issue disclaimer or withdraw
Dated
same
as
the
audit
report
Signed
by
the
CEO
and
CFO
Representations may be limited to items that mgmt and the auditor agree are material
The auditor should obtain additional representations from mgmt for special or specific situations.
Changes
in the business that may impact the F/S (new acctg principle,
impairment of an asset, inventory
obsolescence)
Related documents
Case
Case
Quiz 3
Quiz 3
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Green Impact Auditor
Green Impact Auditor
Auditor Reporting ppt
Auditor Reporting ppt
AUDIT SAMPLING
AUDIT SAMPLING
analisa pengaruh struktur kepemilikan dan dewan
analisa pengaruh struktur kepemilikan dan dewan
Chapter 8
Chapter 8
Download
advertisement