AU1 summary Module 1 summary This module provides a framework for auditing and an explanation of its nature and purpose. External and internal auditing are described and compared. The module also includes a discussion of the audit report and an overview of the umbrella concept of assurance engagements. Explain the objective and purpose of an audit of financial statements, and outline the two key components of the audit process Auditing is the systematic process of objectively obtaining and evaluating evidence regarding assertions to ascertain the degree of correspondence between assertions and established criteria. The objective of an audit of financial statements is to express an opinion as to whether or not the information in the financial statements is presented fairly. The purposes of an audit of financial statements include o fulfilling statutory or other requirements o reducing information risk, and o addressing the asymmetry of information between providers and users of financial information. The two key components of the audit process are Determining the nature, extent, and timing of evidence to obtain, and obtaining and evaluating the evidence effectively and efficiently, and Communicating the auditor’s findings through the auditor’s report. Explain how information risk arises and how audits can help reduce information risk Information risk is the risk that the financial statements are false or misleading. Sources of information risk are o asymmetry of information o errors from weak accounting system o deceptive management practices Information asymmetry arises because of o remoteness of information o bias or motivation of those providing information o high volumes of transactions and data o the complexity of transactions Audits help reduce information risk because o auditors are independent and can reduce or counter the effect of the biases that management may have in preparing the financial statements o auditors have accounting expertise and are able to ensure that complex financial transactions are appropriately recorded and reported o the auditor must apply judgment within clearly defined professional and ethical standards Describe the principal activities of a public accounting firm The principal activities of a public accounting firm include o audit engagements o review engagements o other assurance services o accounting services o taxation services o consulting services o bankruptcy and receivership engagements Describe the role of the staff accountant on a typical audit engagement, and explain how continuous training on audit engagements prepares staff for future opportunities in the organization The staff accountant (or junior auditor) prepares working papers to document the results of audit procedures and performs other tasks assigned by the in-charge accountant on the engagement. Auditors must gain a combination of both theoretical knowledge and practical experience. On-thejob training provides practical experience, allowing the auditor to develop professional judgment and move on to undertake more challenging tasks. Continuing professional development is required of all professional accountants to keep abreast with changes in standards and other developments. Compare external auditing to internal auditing External auditing and internal auditing are similar in a number of ways: o Both require independence. o Both use sampling. o Both produce reports. o Both function within established standards. External auditing and internal auditing are different in a number of ways: o They produce reports for different people. o They have different objectives. o They have different scopes of work. o They have different degrees of concern with day-to-day operations. o The nature and form of their reports are different. o They are remunerated in different ways. Describe the concept of an assurance engagement, explain audit engagements in terms of the general framework of assurance engagements, and explain the difference between an attest engagement and a direct reporting engagement In an assurance engagement, the auditor issues a written opinion about the subject matter of the engagement for which the accountable party (usually management) is responsible. The public accountant provides credibility or assurance to the assertions made by the responsible party. Financial statement audits are a sub-class of assurance engagements. Audit engagements: Audit engagements are attest engagements. Management (the asserter) is responsible for the assertions in the financial statements. The users are the investors, creditors, and others, who make decisions based on the financial statements. The auditor (the assurer) provides a high level of assurance on the assertions made by management. The audit can only be carried out by suitably qualified, independent public accountants. Attest engagements and direct reporting engagements: In an attest engagement, the public accountant's conclusion will be on a written assertion prepared by the accountable party. In a direct reporting engagement, the public accountant's conclusion will evaluate directly, using suitable criteria, the subject matter for which the accountable party is responsible. Distinguish between audit, review, and compilation engagements An audit provides a high level of assurance that financial statements are fair in all material respects. Review engagements provide a moderate level of assurance that financial statements are in accordance with appropriate criteria, in all material respects. The accountant’s role is to ensure that the information is plausible (or credible). A compilation engagement is used when an accounting firm provides bookkeeping services or prepares financial statements for a client. No assurance is provided by the accountant, but there is an over-riding professional responsibility not to be associated with information that the accountant believes to be misleading. Draft a standard auditor’s report and describe its components Drafting a standard auditor's report: An example of a standard unqualified auditor’s report is given in CAS 700 ( CICA Handbook section 5400) and page 62 of the text. Study carefully the wording of the report and be familiar with the contents of each of the three paragraphs. Components of a standard auditor's report: 1. 2. 3. 4. The The The The introductory paragraph management’s responsibility paragraph auditor’s responsibility paragraphs auditor’s opinion In addition, the report must contain a title, the name of the addressee, the city and date of issue, as well as the auditor’s signature. Evaluate when an auditor would issue an audit report containing an unqualified opinion, a qualified opinion, an adverse opinion, or a denial of opinion There are two causes for reservations of opinion: o A misstatment in the financial statements resulting from a departure from generally accepted accounting principles, such as an inappropriate accounting treatment an inappropriate valuation inadequate disclosure o A scope limitation, which happens when the auditors were unable to obtain sufficient and appropriate audit evidence, and is caused by client-imposed restrictions circumstances or uncertainties If the reservation arises because of a departure from GAAP, the auditor will issue an unqualified opinion, a qualified opinion, or an adverse opinion, depending on whether the auditor considers the effect of the departure to be immaterial, material, or highly material. If the reservation is caused by a scope limitation, the auditor will issue an unqualified opinion, a qualified opinion, or a denial of opinion, depending on whether the auditor considers the effect of the scope limitation to be immaterial, material, or highly material. Module 2 summary State the generally accepted auditing standards (GAAS) and describe their implications for auditors; differentiate between assurance standards, generally accepted auditing standards, and auditing procedures The generally accepted auditing standards consist of o one general standard o three examination standards, and o four reporting standards General standard The audit should be performed objectively and with due care by a person or persons having adequate technical training. Examination standards The auditor should plan and perform the audit to reduce audit risk to an acceptably low level that is consistent with the objective of an audit. The auditor should plan the nature, timing, and extent of the direction and supervision of the engagement team members and review their work. The auditor should obtain an understanding of the entity and its environment, including internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures. The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. Reporting standards The report should identify the financial statements, the responsibilities of management, and the responsibilities of the auditor. The report should describe the scope of the auditor’s examination. The report should contain either an expression of opinion on the financial statements or an assertion that an opinion cannot be expressed. In the latter case, reasons should be stated. Where an opinion is expressed, it should indicate whether the financial statements present fairly, in all material respects, the financial position, results of operations and cash flows, in accordance with Canadian GAAP, except when the financial statements are prepared using a basis of accounting other than Canadian GAAP. The report should adequately explain any reservations of opinion. Implications for auditors These standards cover all audit engagements. Compliance with these standards is an essential part of auditing. The standards cover the minimum requirements to be met before the auditor can state that the audit was carried out in accordance with generally accepted auditing standards. Auditing standards and procedures Auditing standards are recommendations that remain the same through time and for all audits. Auditing procedures are the particular and specialized actions auditors take to obtain sufficient appropriate evidence in a specific audit engagement. Assurance and GAAS Assurance standards provide an umbrella framework for all assurance engagements. They cover a much wider range of audit and related activities than just financial statement audits. Generally accepted auditing standards apply only to the audit of financial statements. The major differences between the two sets of standards are in the areas of practitioner competence, internal control, and reporting. Define ethics, describe accountants’ ethical concerns, and explain the fundamental principles in accounting codes of conduct in relation to the CGA Code of Ethical Principles and Rules of Conduct Ethics has been defined as "that branch of philosophy which is the systematic study of reflective choice, of the standards of right and wrong by which it is to be guided, and of the good toward which it may ultimately be directed. The three elements of ethics are o decision problems o moral principles o the consequences of decisions The Code of Ethical Principles sets out the ethical principles governing the behaviour of CGAs and students. The Rules of Conduct show how the general ethical principles should be applied to specific situations. These standards apply to all members, although some are specific to those in public practice. They apply whenever a member is acting as an accountant or holding himself or herself out to be a member of the Association. The fundamental principles are 1. 2. 3. 4. 5. 6. Responsibility to society Trust and duties Due care and professional judgment Deceptive information Professional practice Responsibilities to the profession You should be able to explain the meaning of each of these fundamental principles. Explain the importance of independence for a CGA, and evaluate situations that may threaten independence Independence is a major attribute of the CGA in public practice. It is a special condition of objectivity that applies to audit engagements as specified in the codes or their interpretations (or as interpreted by the courts, because it is also a legal term in Canada). Independence requires o independence in mind, and o independence in appearance. Independence is potentially affected by self-interest, self-review, advocacy, familiarity, and intimidation threats. Safeguards to eliminate threats to independence (or reduce them to an acceptable level) fall into three broad categories: o those created by the profession, legislation, or regulation o those within the assurance client o those within the public accounting firm’s own systems and procedures Resolve ethical dilemmas using a case analysis approach The nine steps to analyzing a case are 1. Skim the case. 2. Read the case closely. 3. Identify problems and issues. 4. Analyze the data. 5. Generate alternatives. 6. Select the decision criteria. 7. Analyze and evaluate the alternatives. 8. Make a recommendation or decision. 9. Write a report or action plan. Describe the relationship between legal liability and ethical responsibility Under common law, an auditor will only be found liable if the plaintiff can prove all of the following: 1. The plaintiff suffered damages or loss. 2. The necessary privity of beneficiary relationship existed. 3. The financial statements were misleading or the auditor’s advice was faulty. 4. The plaintiff relied on the statements or advice. 5. Such reliance was the direct cause of the loss. 6. The auditor was negligent, grossly negligent, deceitful, or otherwise responsible for damages. The auditor’s moral responsibilities to third parties include a responsibility to act in the interest of his or her clients, employers, and interested third parties. This includes acting with independence, and exercising due care and professional judgment. It also includes acting in accordance with appropriate assurance and auditing standards. Identify the parties to which an auditor owes a duty of care, and describe the circumstances under which liability to third parties arises The auditor owes a duty of care to the client. The auditor also owes a duty of care to third parties. Usually this duty is limited to fraud or gross negligence unless the auditor has actual knowledge that the third party will rely on the statements, in which case the auditor is liable for ordinary negligence as well. Describe how an auditor’s negligence is established, and explain how an auditor can respond to legal liability There are four requirements for negligence to be established: 1. There must be a legal duty of care to the plaintiff. 2. There must be a breach of that duty (such as failure to follow generally accepted auditing standards). 3. There must be proof that damage resulted. 4. There must be a reasonably proximate connection between the breach of duty and the resulting damage. The auditor can deny that the plaintiff has established the necessary conditions to recover damages by asserting the following: o There was no legal duty of care to the plaintiff. o There was no breach of that duty (such as failure to follow generally accepted auditing standards). o No damage resulted. o There was no reasonably proximate connection between the breach of duty and the resulting damage. Module 3 summary Describe the auditor's responsibility to consider fraud and error and the consequences of illegal acts, in order to achieve the objective of financial statement audits Misstatements can arise from error or fraud. (Fraud may be either fraudulent financial reporting or misappropriation of assets.) It is the auditor’s responsibility to detect material misstatements, however caused. If an auditor detects a misstatement (that is, either a misstatement resulting from a non-trivial error, or one indicating a serious weakness in internal controls), the auditor should immediately bring it to the attention of the appropriate level of management and the audit committee (or equivalent). Any evidence of fraud discovered or suspected should be communicated to the appropriate level of management and the audit committee (or equivalent). Any questions regarding management competence and integrity should be communicated to the audit committee (or equivalent). The CICA Handbook defines illegal acts as "violations of domestic or foreign statutory law or government regulation attributable to the entity under audit, or to management or employees acting on the entity’s behalf." Management is responsible for identifying and complying with laws and regulations that affect the entity, as well as preventing and detecting illegal acts. Management is responsible for establishing policies and procedures to accomplish this aim. The auditor should attempt to identify laws and regulations that, if violated, could be expected to result in a material misstatement in the financial statements. Discovery of possible illegal acts should be communicated to the audit committee and other appropriate levels of management. Explain the various types of management assertions and their relationship to specific audit objectives Assertions about classes of transactions and events for the period under audit include o o o o o occurrence completeness accuracy cut-off classification Assertions about account balances at the period end include o o o o existence rights and obligations completeness valuation and allocation Assertions about presentation and disclosure include o o o o occurrence rights and obligations completeness, classification, and understandability accuracy and valuation Specific audit objectives are to obtain and evaluate sufficient appropriate evidence about each assertion. Explain how an auditor determines what and how much evidence is required The appropriateness and sufficiency of evidence are a matter of judgment and are influenced by the following factors: o o o o o materiality inherent risk and control risk considerations experience from prior audits the persuasiveness of the evidence error or fraud found during the audit Identify and apply evidence-gathering audit procedures commonly used to obtain audit evidence, and describe the strengths and weaknesses of each procedure Audit procedures (also called techniques or methods) include computation, observation, confirmation, enquiry, inspection (including tracing, scanning, and vouching), and analysis. Computation by the auditor is strong evidence for the valuation assertion but does not provide evidence of existence or completeness. Computation can be evidence for existence when the financial statement element is one that is principally a calculation, for example, amortization. Observation by the auditor is strong evidence for the assertion of existence. Observation, however, does not provide evidence on any other level. The existence of an asset, for example, does not prove ownership. Confirmation from third parties (if the auditor has control over mailing and receipt) constitutes strong evidence of existence and valuation because of the independent form of the evidence. If, however, the auditor does not have control over mailing and receipt, then the client’s opportunity to alter the responses lessens the strength of the evidence obtained by the procedure. Direct enquiry by the auditor to third parties can be strong evidence, but direct enquiry of internal parties is considered weaker evidence. An assessment of the source on the basis of integrity, independence from the entity, and knowledge of the audit entity must always accompany the use of direct enquiry. Inspection consists of looking at records and documents or at assets having physical substance. It encompasses the following procedures: o Vouching is used to examine documents that provide evidence supporting the assertion of existence. o Tracing provides evidence of completeness. Documents held by third parties (bank loan documents on file at the bank, for example) are most reliable. Third-party documents held internally are less reliable, and documents prepared by the entity and held by the entity are the least reliable as they can be subject to manipulation. o Scanning alerts auditors to unusual items and events in the client’s documentation. When using analysis, the auditor must ensure that there really is a meaningful relationship between amounts in the data to allow the development of reasonable expectations. It is also important to ensure that the level of assurance that the expectations provide is consistent with the objective of the analytical procedure. Analysis is best used to highlight areas in the financial statements that require further investigation and is less valuable as hard evidence. Explain the purpose and key elements of audit working papers, and describe the form and content of documentation required in a professional engagement Working papers document the work done during the audit and the conclusions based on that work. They provide evidence that the audit was carried out in accordance with generally accepted auditing standards. Good working papers should normally include o o o o o o evidence of adequate audit planning a description of audit evidence obtained evidence of adequate supervision and review evidence that the financial statements agree with the supporting records evidence of evaluation and disposition of misstatements copies of correspondence with the client The form and content of documentation included in working paper files are covered on pages 298 to 303 of the text, CAS 230 and CGA Auditing Guideline No. 5 (Reading 3-3). The form and content of working papers are affected by such factors as o o o the terms of the engagement and the type of report required the nature and complexity of the client’s business the nature and condition of the client’s control environment and control system o the need for review and supervision of work carried out by assistants Identify the main pre-engagement activities and the factors to consider when accepting a new audit engagement The main pre-engagement activities performed before accepting an engagement include 1. 2. 3. 4. 5. 6. assessing independence between the firm and client obtaining information such as past financial statements and annual reports communicating with the previous auditor communicating with the client’s bankers, lawyers, and so on considering any special requirements or risks related to the engagement assessing if the firm has the necessary resources to complete the assignment The factors to consider when deciding to accept a new engagement include o o o o business and/or financial relationships between the firm’s personnel and the client client integrity business risk facing the client (that is, risk of business failure), and the likelihood of significant reservations in the auditor’s report. Describe the purpose and main features of an engagement letter An engagement letter defines the terms of the audit engagement to which the auditor and the client have agreed. They usually refer to o o o o o o the nature and objectives of the audit management’s responsibility for the financial statements the risk that the audit will not identify all material misstatements the fee structure a list of working papers for the client to prepare a confirmation of the terms of engagement by the client CAS 210, Agreeing the Terms of Engagements, provides guidance on establishing an understanding of, and agreement on, the terms of the engagement for the audit of financial statements. Module 4 summary Identify and explain the main audit planning considerations and the activities involved in audit planning The process of audit planning develops an overall strategy for an audit followed by a detailed strategy for obtaining sufficient appropriate audit evidence within the framework of the overall strategy. This work is facilitated by obtaining an understanding of the entity and its environment, and assessing the risks of material misstatement in accordance with CAS 315. According to CAS 300, Planning, the overall audit strategy involves a. determining the characteristics of the engagement for scope definition, such as the financial reporting framework used, industry specific reporting requirements, and the locations of the components of the entity b. determining the reporting requirement objectives, such as reporting deadlines and communication requirements with management and those charged with governance c. There o o o o o considering the important factors to focus on, such as i. materiality levels ii. preliminary identification of areas that may pose a higher risk of material misstatement iii. preliminary identification of material components and account balances iv. evaluation of the feasibility of obtaining evidence regarding the effectiveness of internal control v. identification of recent significant entity-specific, industry, financial reporting, or other recent developments are five steps in audit planning: conducting the preliminary analysis assessing materiality assessing risk determining the extent, timing and nature of audit work preparing the audit program Explain the purpose of analysis at the planning stage, and apply general analytical procedures in audit planning The purpose of analysis at the planning stage is to assist in planning the nature, extent, and timing of the audit’s procedures. Through analysis, the auditor identifies potential high-risk areas so that appropriate audit attention can be paid to them. Auditors use their understanding of the business, together with the prior period’s information, industry statistics, budgets, and so on, to develop expectations for the current year’s results. The auditor compares the amounts recorded with the expectations for that year, directing attention to areas where the results are not as anticipated. Trend analysis, ratio analysis, regression analysis, and decision rules can be used in this process. Identify and apply the three steps used to perform an analysis of unaudited financial statements The three steps in analyzing unaudited financial statements are: 1. Use an organized approach to prepare comparative information and calculate changes from the previous period. 2. Identify and describe the changes and relationships found in the comparative data. 3. Ask the right questions to obtain explanations for the changes and identify areas of increased audit risk. Explain materiality by highlighting its quantitative and qualitative aspects, and determine overall materiality for a particular audit A misstatement is considered to be material if it is likely that such a misstatement could change the decision of a user of the financial statements. Knowledge of the potential users of the financial statements, and the nature of the decisions that they might make, could affect the amount considered material for any given audit. The quantitative aspect of materiality is the potential dollar misstatement in the financial statements. The qualitative aspect of materiality concerns areas such as o potential breaches of laws or regulations o inadequate disclosure of accounting policies o inadequate disclosure of issues that are ongoing concerns and extend beyond the figures reported in the financial statements, but that are important in determining if the position of the company is presented fairly in the financial statements Misstatements that are not material from a quantitative point of view might very well be material when qualitative factors are taken into account. The determination of materiality is a matter of professional judgment. Auditors use guidelines to provide ranges for materiality. The most common base is net income or after-tax income (income from continuing operations). Other bases that might be appropriate under specific circumstances include o total assets o total equity o o o gross profit total revenue or total expenses cash flows from operations Explain how materiality is applied during an audit, and describe the types of misstatements and their impact on the audit report During an audit, the auditor accumulates all possible misstatements on a possible adjustment sheet. When o o o Then the auditor decides if an unqualified opinion can be given. The auditor detects identified misstatements during the audit. Likely misstatements are statements the auditor considers probable. The auditor makes this decision by extrapolating sample results to the populations from which the representative samples are selected. Likely aggregate misstatements include the identified misstatements in non-representative samples plus any unadjusted misstatements from prior years. Further possible misstatement is an allowance for sampling and non-sampling errors. The total of likely aggregate misstatements plus further possible misstatements is the maximum possible misstatement in the financial statements. The auditor compares this number with the amount considered material when deciding if an unqualified audit report can be issued. the audit is complete, the auditor calculates the possible misstatements identified during the audit accounts for those corrected by the client compares the remaining amount to the amount considered to be material Explain the components of audit risk Audit risk is the risk that an auditor will issue an unqualified audit report on a set of financial statements that contains a material misstatement. (The auditor determines the amount of audit risk that he or she is prepared to accept based on the estimated likelihood of the client suffering business failure and the extent of use of the financial statements.) The risk of material misstatement is the risk that the client’s financial statements are materially misstated before the start of the audit. The risk of material misstatement is the product of inherent risk and control risk. Inherent risk is the risk that a material error will occur before considering the effect of the client’s control systems. Control risk is the risk that the control systems will not detect such an error, should one occur. Detection risk is the risk that the auditor will fail to detect a material misstatement during the audit. Explain the importance of materiality and risk in audit planning using the audit risk model, and describe the relationship of audit risk components to the amount of evidence required to support an assertion The risk model states that the detection risk (DR) that the auditor is prepared to take varies directly with the audit risk (AR) the auditor is prepared to take and inversely with the client’s inherent risk (IR) and control risk (CR) or the risk of material misstatement (RMM). The risk model can be used to calculate the detection risk that the auditor is prepared to take for any specific financial statement assertion. Or The auditor can use the audit risk model during the planning stages to estimate the amount of evidence required and to plan the nature, extent, and timing of the audit work. The amount of evidence required varies inversely with the amount considered to be material so that a preliminary assessment of materiality helps the auditor plan the nature, extent, and timing of the audit work. The amount of evidence required varies inversely with the detection risk that the auditor is prepared to take; in other words, the lower the detection risk, the greater the amount of evidence required. Accordingly, the amount of evidence will vary directly with the inherent risk and control risk, and inversely with the audit risk that the auditor is prepared to take. Explain how the auditee’s objectives, strategies, and related business risk are translated into a preliminary assessment of the risk of material misstatement. The auditor should perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. It must be recognized that risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion. (CAS 315) Explain the content and purpose of the two different types of audit program Internal control audit programs are used by the auditor to gain an understanding of the client's internal controls and to test controls when assessing the inherent risk and control risk. Substantive testing programs or balance sheet audit programs (called balance audit programs in the text) are used to gain the evidence necessary to verify the assertions relating to the various balances appearing in the financial statements. Audit programs set out the audit work and document its completion They are designed by the audit firm to cover a wide variety of activities and/or accounts. They serve as a checklist to increase audit efficiency so that the auditor does not have to develop a sequence of audit procedures from scratch for each audit. They also ensure that all necessary audit procedures are carried out. Module 5 summary Define internal control, and explain the two reasons for evaluating internal control Internal control is defined as "the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations." Auditors understand and evaluate internal control relevant to the audit in order to assess risks of material misstatement, identify types of potential misstatements, and determine the nature, timing, and extent of audit procedures. Differentiate between management and auditor responsibility with respect to internal control, and describe their internal control objectives Management’s objectives with respect to internal control are to ensure the orderly and efficient conduct of the entity’s business. It is management’s responsibility to establish and maintain the entity’s controls that provide reasonable assurance that its objectives of reliable financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations will be achieved. The auditor is concerned with management’s control objectives as they relate to financial statement preparation in accordance with generally accepted accounting principles and the management of risk that may give rise to a material misstatement in the financial statements. It is the auditor’s responsibility to gain a sufficient understanding of internal controls to enable the auditor to plan the audit. The objectives that are of interest to both management and the auditor include validity, completeness, authorization, accuracy, classification, accounting, and proper period, as they pertain to the financial statements. The auditor has the responsibility to report internal control deficiencies to the appropriate level of management. If the auditor identifies deficiencies that create a serious risk of material misstatement, the auditor must report these in writing to the audit committee or equivalent. Identify the components of internal control, and explain the nature of a control environment Internal control consists of the following components: o the control environment o the entity’s risk assessment process o the information system, including the related business processes, relevant to financial reporting, and communication o control activities o monitoring of controls The control environment is the foundation for effective internal control. It includes the governance, management philosophy, and operating style of an entity and communication of its values and standards. It also includes the attitudes, awareness, and actions of management and those charged with governance relating to the entity’s internal control. It sets the tone of an organization influencing the control consciousness of its people through appropriate human resource policies/practices and assignment of authority and responsibility. Identify the three phases of internal control evaluation The three phases of internal control evaluation are 1. gaining an understanding of the internal controls stated to be in effect 2. assessing the preliminary control risk and determining the audit approach to be used 3. testing control audit procedures when assessing control risk below maximum (based on identified specific controls on which risk could be assessed low) Auditors are required to understand internal controls in order to assess the risk of material misstatements. At the planning stage, generally accepted auditing standards require the auditor to understand the controls adequately enough to permit audit planning. When using a substantive approach (assessing control risk at maximum), the auditor must understand the control environment and the control systems that collect, record, and process data. The auditor must report the information found. When using a combined approach, the auditor must also understand the control systems that enhance the reliability of data and information. In addition, the auditor must test the controls relied upon to establish that they are operating as intended. Identify and describe the seven internal control objectives, explain how they relate to financial statement assertions, and describe effective control procedures The seven control objectives are as follows: 1. Validity: recorded transactions are ones that should have been recorded, that is, they really "exist." 2. Completeness: no valid transactions have been omitted. 3. Authorization: all transactions have been approved prior to being recorded. 4. Accuracy: the dollar amounts have been calculated correctly. 5. Classification: transactions are recorded in the right accounts. 6. Accounting: all transactions are recorded in conformity with GAAP. 7. Proper period: the accounting transactions are in the period in which they occur. The relationship between control objectives and financial statement assertions: Control Objectives Validity Existence Occurrence Accuracy Valuation X Completeness Authorization Completeness X X X Rights, Obligations X X X X Presentation and Disclosure Classification X Accounting X Proper Period Good o o o o o o o X X control systems should include the following: competent and trustworthy personnel proper authorization of transactions and activities adequate segregation of duties design and use of adequate documents and records controlled access to assets and records periodic, independent comparison or verification error-checking routines Explain the generally accepted auditing standards (GAAS) requirements for documenting internal control, including the use of narratives, internal control questionnaires, flowcharts, and walk-through tests Documentation of internal controls should include o a record of the discussion and significant decisions reached among the engagement team regarding the susceptibility of the entity's financial statements to material misstatement o records of the results of control environment evaluation o descriptions of control systems that collect, record, and process data o descriptions of control systems that enhance the reliability of information (if relying on internal controls) and those that address significant risks Narrative descriptions are best used to describe the characteristics of the system. Internal control questionnaires can be very useful when identifying weaknesses in control systems. Flowcharts provide an easy way to understand and overview the control systems. Walk-through tests consist of the auditor walking one transaction through the accounting system to verify if the documented controls are actually in place and being applied. Explain how an auditor decides whether to assess control risk at maximum or below maximum The auditor should assess control for a specific assertion at maximum if o internal controls do not address that assertion; o internal controls are not effective; or o it is not efficient for the auditor to evaluate the internal controls relating to that specific assertion. Explain the conditions under which an auditor tests controls, describe the nature and extent of tests of controls, and provide examples of tests of controls audit procedures Controls are tested by the auditor only if the auditor intends to rely on the controls to reduce substantive testing. This would only apply when the auditor believes that the design of policies and procedures is adequate. The reduction in substantive testing must also justify the effort involved in testing the controls. In circumstances where the auditor cannot obtain sufficient appropriate evidence on the basis of substantive procedures alone, tests of controls may be required. Tests of controls are designed to establish that the controls were used as intended, used effectively, and used throughout the period. A test of controls might be selecting a sample of paid invoices and matching them to purchase orders and receiving reports, or establishing if controls over validity and authorization were working as intended. Explain the rationale for testing controls at an interim date Controls are usually tested at an interim date so that a control assessment can justify the decision to assess control risk below maximum. Interim testing also reduces sample sizes for substantive testing. Because some substantive testing is carried out at the interim audit, tests of controls should be carried out simultaneously. Use of dual-purpose testing (that is, combined tests of controls and balances) can increase audit efficiency. Explain how audit strategy is affected by the study and evaluation of internal control The auditor will usually want to rely on some internal controls to reduce substantive tests of balances. This requires that the auditor first understand the controls and then test compliance throughout the audit period. For a preliminary evaluation of internal control, the auditor looks at possible misstatements and the controls that exist to prevent or detect such misstatements. If the auditor intends to rely on internal controls as part of gathering sufficient appropriate evidence, tests of control need to be planned and executed. The decision to carry out tests of controls is dependent on the evaluation of the design of the system and the cost-benefit tradeoffs of control testing, if appropriate. Describe the auditor’s considerations when issuing an audit report on internal control over the client’s financial reporting processes that is integrated with an audit of the client’s financial statements Although such reports are not required by Canadian law or securities regulations, they may be issued for Canadian companies listed on an American exchange, Canadian subsidiaries of listed American companies, or at the request of the client. The examination must be performed by the public accountants who audit the entity’s financial statements. Detailed guidance is provided in section 5925 of the CICA Handbook — Assurance. A standard reporting format is provided in that Handbook section. Module 6 summary Explain why auditors use sampling, and describe the two applications of audit sampling Auditors use sampling because it is seldom possible to obtain absolute assurance about an audit population and, in any case, it is not economical to examine every transaction or item making up an account balance. Audit sampling can be applied when testing controls to assess control risk. It can also be used during substantive testing of the balances appearing in financial statements. Explain statistical and nonstatistical sampling, describe the advantages of each method, and explain when each method should be used Statistical sampling uses the laws of probability when selecting the sample and extrapolates the sample result to the population. Nonstatistical sampling is audit sampling not based on statistical calculations. The advantage of statistical sampling is that the sampling risk is known. It requires a precise and definite approach to the audit problem. The advantage of nonstatistical sampling is that it permits the auditor to use greater judgment. Statistical sampling is used when random numbers can be assigned to population items and an objectively defensible result is desired. Nonstatistical samples can be used when the auditor has additional knowledge about the population, when strictly defensible results are not required, and when assignment of random numbers to population items is difficult or impossible. Explain sampling error, including errors arising from alpha risk (Type I error), beta risk (Type II error), and nonsampling error Sampling error arises because there is always a risk that the sample will not be representative of the population. The risk of incorrect rejection of the population is referred to as alpha risk (or the risk of a Type I error); the risk of incorrect acceptance is referred to as beta risk (or the risk of a Type II error). The auditor is mainly concerned about beta risk, which could lead to accepting a population that contains material misstatements. Nonsampling risk arises because the auditor fails to detect an error when verifying selected items or because the test is inappropriately designed for the purpose for which it is conducted (for example, selecting from the wrong population). Outline the seven-step framework for conducting attribute sampling for tests of control The seven steps in attribute sampling are 1. 2. 3. 4. 5. 6. 7. Specify the audit objectives. Define the deviation conditions. Define the population. Determine the sample size. Select the sample. Perform the test of controls procedures. Evaluate the evidence. Describe the factors that influence sample size determination in attribute sampling, and determine the sample size for a test of controls using statistical sampling The factors that influence sample size in attribute sampling are o acceptable risk of overreliance o tolerable deviation rate o expected population deviation rate o population size Sample size varies directly with the expected population deviation rate and the population size. Sample size varies inversely with the acceptable risk of overreliance and the tolerable deviation rate. The influence of the population size is minimal, except for relatively small populations. The sample size is determined using a table for the appropriate acceptable risk of overreliance and selecting the value on that table corresponding to the tolerable deviation rate and the expected population deviation rate. The table corresponding to an acceptable risk of overreliance of 5% is found in Exhibit 6-5 of Topic 6.5. Describe how the auditor evaluates the results of a test in the context of nonstatistical and statistical sampling If using statistical sampling, the auditor can look up the computed upper deviation rates on the table corresponding to the predetermined acceptable risk of overreliance. The auditor finds the value for the sample size used and the number of deviations found. The auditor can accept or reject the population by comparing the upper deviation rate from the table with the tolerable deviation rate used in determining the sample size. If using nonstatistical sampling, the auditor must use judgment to decide whether to accept or reject the population based on the sample results. Describe the nature of audit risk, sampling risk, and materiality in the context of substantive testing Sampling risk in substantive testing is related to audit risk as both denote the risk that the auditor will accept a population containing a material misstatement. The tolerable misstatement for such sampling is usually set as the overall financial statement materiality determined by the auditor at the planning stage of the audit. Outline the seven-step framework for audit sampling in substantive testing, and explain how an auditor can use stratification to reduce sample sizes in audit sampling The seven steps in audit sampling for substantive testing are 1. Specify the objectives of the test. 2. Determine the population from which the sample is to be drawn. 3. Choose the audit sample method. 4. Determine the sample size. 5. Select the sample. 6. Perform the substantive audit procedures. 7. Evaluate the evidence. Through stratification, the auditor selects for specific examination items considered to represent the greatest risk by separating them from other sample items. Stratification can be based on the size of the item or on its risk characteristics. An example of the latter would be selecting and separating older accounts receivable from current accounts. This would usually result in a smaller sample size and potentially a lower estimate of likely error in the population. Describe the factors that influence sample size determination in substantive testing The factors influencing the sample size in substantive testing are o risk of incorrect acceptance o risk of incorrect rejection o tolerable misstatement o expected dollar misstatement o variability within the population o population size The first three factors affect the sample size inversely; the last three affect the sample size directly. Explain how the auditor evaluates the results of a test in substantive testing The auditor first determines the known misstatement from the sample and then extrapolates the misstatement to the general population to determine the likely misstatement in the population. The auditor then considers sampling risks to attempt to assess further possible misstatement and compares the total of all known misstatements extrapolated to the population to the amount of misstatement considered material for the audit. Describe and demonstrate the dollar-unit sampling process to test an account balance The following are the steps in dollar-unit sampling: 1. State the objectives of the audit test. 2. Define the error conditions. 3. Define the population. 4. Define the sampling unit. 5. Specify tolerable misstatement. 6. Specify acceptable risk of incorrect acceptance. 7. Estimate the population error rate. 8. Determine the initial sample size. 9. Randomly select the sample (using random or systematic selection). 10. Perform the audit procedures. 11. Generalize from the sample to the population. 12. Analyze the errors. 13. Decide the acceptability of the population. The auditor uses attribute sampling tables to calculate the results. The attribute results must be converted to dollars. This requires the auditor to make an assumption about the percentage of error for each population item that is in error. This information is used to calculate both an upper and lower error bound. The sample will usually be rejected if either of the error bounds is greater than the tolerable error in the population. The tolerable error in the population will usually be the amount considered material for the audit. See the computer illustration for more information. Module 7 summary Explain the major effects of computerization of accounting systems on a company's operations and on the audit approach Effects on the company’s operations o absence or short life of transaction trails o uniform processing of transactions o concentration of functions o increased potential for certain types of errors and irregularities o potential for increased management supervision and review o existence of system-generated transactions Effects on the approach to auditing o Consider IT-related matters when planning the audit o The impact of the computer environment on internal controls and the audit When acquiring sufficient knowledge of the client’s business, the auditor should obtain an understanding of the client’s computer systems and how they are used. The auditor must sufficiently understand the internal controls related to the computer systems. This understanding includes both general controls and application controls. The auditor can also consider using computer-assisted audit techniques when gathering and evaluating evidence concerning the assertions at the account balance and transaction level. Describe the major elements of audit significance in today’s computer environment Major elements of audit significance include microcomputers, databases, online systems, and ecommerce (Electronic Data Interchange and the Internet). Explain the audit implications of a simple computer-based system for a company’s internal control as it relates to the organizational structure and the processing of transactions Although control objectives do not change, the procedures used to achieve control and the means of evaluation will change. Increased concern must be placed on controls related to o the concentration of functions o documentation of transactions o controls over online authorizations and system-generated transactions Explain the audit implications of a simple computer-based system for a company’s internal control as it relates to system access, design, backup, and data recovery Although control objectives do not change, the procedures used to achieve control and the means of evaluation will change. Increased concern must be placed on controls related to o controls over access to programs and data o controls over system design and maintenance o protection of the system against hazards of nature and against potential sabotage Describe general controls and application controls and explain how they relate to accounting controls General controls apply to all or many computerized accounting activities. They include controls over segregation of duties, physical access to the computer, programs, data, documentation, systems development controls, hardware controls, backup and recovery procedures, and so on. Application controls are related to specific applications such as order processing and payroll. They include input controls, processing controls, and output controls. Application controls are usually evaluated using flowcharts and internal control questionnaires in much the same way that accounting controls are evaluated for manual systems. The auditor must consider the potential weaknesses in the computer controls as well as the manual controls over the data before and after computer processing. Summarize the impact of EDI and the Internet on a company’s operations, including the implications of electronic commerce for a company’s internal control and for its audit The two main effects of EDI for auditors are o a paperless environment, resulting in the loss of an audit trail o the lack of human involvement in the data interchange, resulting in a complete dependence on the electronic system The main concerns about the use of the Internet are related to security issues such as the need for firewalls to keep external users outside the organization’s internal networks and systems. The main implications for internal control are related to security issues. These include control over access to websites and protection from viruses, and so on. Both websites and the transactions carried out on the Internet must be secure. The main implications for the audit are an expansion of the area of knowledge required of the auditor, who will have to gain knowledge of the additional controls and almost certainly test their performance. Explain how an audit is conducted in a computer environment Auditors should comply with GAAS in GAAS audits regardless of whether an entity operates a manual system or a computer system. The audit should be properly planned. The auditor should gain an understanding of the entity and its environment, including its internal controls and should use that understanding to plan the audit. Sufficient appropriate evidence must be obtained from tests of control and substantive audit procedures. The auditor may be able to use computer assisted audit techniques to improve the effectiveness and efficiency of the audit. Identify the phases of auditing a computerized accounting system The auditor should conduct a preliminary evaluation of internal control. This should include general and application controls the auditor might consider effective to rely on when conducting the audit. The auditor must then test the controls to see if they were functioning properly throughout the period being audited. Identify internal control considerations in personal computer, online, and database environments The auditor should take into account any unique internal control considerations for personal computers, online, and database environments. Guidance in auditing microcomputers, online systems and database environments are found in Sections 9 and 10 of CGA-Canada’s Auditing Guideline No. 6. Explain the difference between auditing around/without the computer and auditing through/with the computer to test internal control Auditing around (or without) the computer consists of manually processing client transactions and comparing the results to the computer output. This does not necessarily violate generally accepted auditing standards and may be the most efficient approach in some circumstances. Auditing through (or with) the computer is usually necessary whenever the transaction volume is very large, there is little or no audit trail, or the system is complex. Two of the approaches that can be used in auditing through the computer are the test data and parallel simulation approaches. Explain how an auditor can use computers in conducting audits by using test data and generalized audit software The test data approach is used by developing simulated data and processing it through the client’s system and comparing the output to predetermined results. Generalized audit software can be used for a variety of audit purposes. Such programs will extract data from the client system, sort data, perform calculations, match data from different files, select statistical samples, and generate worksheets or databases for further analysis. The auditor should consider the extent to which it will be efficient to use computer-assisted audit techniques in carrying out the compliance or substantive testing required for the audit. Identify ways to use computers in conducting an audit commercial general-use software such as Excel pre-built spreadsheet templates special-use software such as expert systems custom programs for auditing specific areas working paper software networked files standardized document templates Module 8 summary Explain how net income is indirectly audited through the balance sheet approach to auditing Because assets minus liabilities equals equity, establishing the validity of the asset and liability amounts establishes the validity of the resulting equity balance. Transactions other than net income that affect equity can be verified relatively easily. Auditing assets and liabilities combined with auditing those transactions (other than net income) that affect equity serves to prove (albeit indirectly) the net income or loss for the period. In addition, audit work on balance sheet accounts provides the auditor with assurance about the related income statement accounts. Identify the main activities, accounts, sources of evidence, and functional responsibilities in the revenue and collection cycle, and explain how the responsibilities should be segregated The main activities include o processing customer orders o granting credit o shipping goods/providing services o billing customers and recording sales o processing and recording cash receipts o processing and recording returns and allowances o writing off uncollectible accounts o providing bad debts o reconciling bank accounts and receivable ledgers The main accounts include o sales o accounts receivable o allowance for doubtful accounts o bad debt expense o sales returns and allowances o cash The sources of evidence are o customer orders o sales orders o shipping documents o sales invoices o sales journal and summary sales reports o credit memos o remittance advices o price lists o cash receipts journals o uncollectible account writeoff authorization o accounts receivable master file o accounts receivable aged trial balance o monthly statements o accounts receivable reconciliations o o bank reconciliations pending order files The key responsibilities that should be segregated in the revenue and collection cycle are as follows: o Authorization of credit should be separate from the sales function. o Custody of cash receipts should be separate from the posting of sales and collections to the receivable records. o Recording of sales should be separate from the recording of cash receipts. o Recording of non-cash credits should be separate from custody of cash. o Custody and recording of cash should be separate from the reconciliation function. Explain the control objectives and tests of controls procedures for the revenue and collection cycle The main control objectives for the revenue and collection cycle are as follows: o Recorded sales are valid and documented. o All valid sales and all receipts are recorded. o Sales and writeoffs are authorized. o Sales invoices are accurately prepared. o Sales transactions are properly classified. o Accounting for sales is proper. o Sales and receipts are recorded in the proper period. Tests of controls procedures are: o The auditor should identify the key control procedures established by management to ensure that the control objectives for the revenue and collection cycle are achieved. o The auditor should assess the extent to which the designed control procedures, if operating effectively, could be relied upon to reduce the risk of material misstatement at the assertion level. o The auditor must design test of controls procedures to evaluate the operating effectiveness of those key controls which the auditor proposes to rely upon in the assessment of the risk of material misstatement at the assertion level. Identify the knowledge of the business and significant assertions relevant to the audit of cash balances, and describe the analytical and substantive procedures to support these assertions The auditor should attempt to ascertain the amount of money held on the premises, the bank accounts used by the company, the names of those authorized to sign cheques, and so on. This information will enable the auditor to assess the relative risk related to the cash balances shown on the balance sheet and to evaluate controls over cash handling and disbursements. The most significant assertions with respect to cash balances are those of existence and disclosure. Analysis is usually limited to comparing cash balances with those of the prior year and scanning the transactions and bank statements/reconciliations for unusual items. The main concern is existence of cash balances, which is usually established by confirmation with the company’s bankers. Significant amounts of cash on hand can be counted by the auditor at the balance sheet date. Ownership is usually presumptive with possession. Valuation is only a problem when balances are held in foreign currencies. The auditor should also verify that disclosure is appropriate, particularly if there are restrictions attached to any of the company’s cash holdings. The principal substantive audit procedure for the audit of cash balances is the confirmation of bank balances with the company’s bankers. The auditor will also verify the reconciling items on the bank reconciliation at year end. Where there is substantial cash on hand (for example, in a bank or casino), the auditor may conduct a cash count at the year end or at an interim date. Explain the knowledge of the entity’s business that is relevant to the audit of accounts receivable, and describe the analytical procedures used to audit accounts receivable The auditor should obtain knowledge of sales returns and warranty experience, past collection problems, the economic state of the market into which the company sells, and so on. This knowledge should help the auditor assess valuation of the receivables. Knowledge of the business also helps identify related parties to ensure that disclosure is appropriate. The auditor's analytical review should include o reviewing changes in both sales volumes and margin percentages o reviewing the accounts receivable aged trial balance o reviewing the provision for uncollectible accounts This review can include calculation of ratios and comparison with prior periods. Identify the most significant assertions with respect to accounts receivable, and describe the substantive procedures used to support these assertions The existence of accounts receivable is established through confirmation with the customer. Collectability (valuation) requires o confirmation plus testing the ageing of accounts receivable o reviewing payments received subsequent to the year end o reviewing the adequacy of provisions for returns, allowances, and warranties o reviewing the provision for doubtful accounts Substantive audit procedures include o testing the ageing of the accounts receivable trial balance o confirming receivables with customers o reviewing subsequent cash receipts Explain the nature and types of confirmations in the context of accounts receivable and their reliability as evidence Positive confirmations require that the customer confirm the balance whether the customer is in agreement or not. Such confirmations are considered to be strong evidence of existence and that the amount recorded is in fact owing to the company (although the confirmation does not guarantee that the debt will be paid). Negative confirmations require a reply only where there is a disagreement as to the amount owed. They are generally considered to be less reliable than positive confirmations. Identify the main activities, accounts, sources of evidence, and functional responsibilities in the acquisition and expenditure cycle, and explain how these responsibilities should be segregated The main activities in the acquisition and expenditure cycle include o requisitioning purchases o authorizing purchases o issuing purchase orders o receiving goods or services o receiving and approving vendor invoices o recording payables o approving payment o issuing cheques o reconciling bank accounts and accounts payable ledgers The main accounts affected are o the various asset (inventory) and expense accounts o accounts payable o bank accounts The sources of evidence are o open purchase orders o unmatched receiving reports o unmatched vendor invoices o accounts payable trial balance o inventory trial balance o purchases journals o capital asset reports o cash disbursement reports o bank statements o vendor invoices o vendor statements o paid cheques o bank reconciliations The key responsibilities that should be segregated in the acquisition and expenditure cycle are as follows: 1. Authorization of purchases should be separate from requisitioning of materials. 2. Those signing cheques should not authorize payments. 3. Authorization of non-cash debits to accounts payable should be separate from cheque signing. 4. Custody and recording of cash should be separate from the reconciliation function. Explain the control objectives and test of controls procedures for the acquisition and expenditure cycle General control considerations in this cycle include o appropriate segregation of duties o fidelity bonding of employees o adequate physical security over assets such as inventory o checking and reconciliation procedures o appropriate authorizations for transactions o appropriate documents and records The main control objectives for the acquisition and expenditure cycle are as follows: o Recorded purchases are valid and documented. o All valid purchases and all payments are recorded. o Purchases are authorized. o Purchase orders are accurately prepared. o Purchase transactions are properly classified. o Accounting for purchases is proper. o Purchase transactions are recorded in the proper period. The auditor should identify the key control procedures established by management to ensure that the control objectives for the acquisition and expenditure cycle are achieved. The auditor should assess the extent to which the designed control procedures, if operating effectively, could be relied upon to reduce the risk of material misstatement at the assertion level. The auditor must design test of controls procedures to evaluate the operating effectiveness of those key controls which the auditor proposes to rely upon in the assessment of the risk of material misstatement at the assertion level. Explain the knowledge of the entity’s business that is relevant to the audit of accounts payable and accrued liabilities Knowing which companies are the client’s main suppliers and knowing business plans and trends can help identify unrecorded purchases or purchase commitments. An understanding of management’s motivations helps the auditor assess the likelihood of unrecorded liabilities (the greatest risk facing the auditor when auditing purchases and accounts payable). The auditor usually compares the balance owing to significant suppliers with those of prior years and tests the payables/purchases ratio and margins for reasonableness. Stability in ratios provides the auditor with comfort that liabilities have been recorded. Reviewing related expenditure accounts can indicate the reasonableness of accruals for items such as wages and related costs. Identify the most significant assertions with respect to accounts payable and accrued liabilities, and describe the substantive procedures used to support these assertions Completeness is the most significant assertion with respect to current liabilities. To ensure completeness, the auditor will search for unrecorded liabilities. Auditors may also confirm payables with suppliers. Valuation of accruals, such as those for warranties, can be supported by a review of the methods used in their calculation and a comparison with prior periods and industry statistics. Existence of accounts payable and accrued liabilities is usually considered a significant assertion only when the auditor believes that the client may be motivated to overstate liabilities. Substantive procedures may include o confirming payable balances with suppliers o reviewing for unrecorded liabilities by scanning open purchase orders, unmatched receiving reports, and vendor invoices, and o reviewing payments made shortly after the year end. The auditor also reviews accrued liabilities for reasonableness and compares them with prior periods. Module 9 summary Explain the knowledge of the entity’s business that is relevant to the audit of inventory and describe the types of analysis used to audit inventory The auditor should be aware of o the company’s raw material and finished goods inventories and their related controls o any motivation to overstate or understate inventories o the life cycle of the products that the entity deals with in order to assess the adequacy of any provision for obsolescence Analysis for inventory includes comparison of gross profit and inventory turnover ratios with the same ratios from prior periods and industry statistics. The auditor should also scan the inventory accounts for unusual or large entries and review the entries to ensure the book figures agree with the quantities on hand. Identify the most significant assertions with respect to inventory, and explain the substantive procedures used to support these assertions The most significant assertions are existence, valuation, and ownership. The auditor establishes the inventory’s existence by attending stock-taking and test counting. Inventory held off-site can be confirmed with the holders. Cut-off tests at the end of the period help to verify both existence and completeness. Valuation of inventory is one of the more difficult (and highest risk) areas of audit work. Valuation methods must be established and their consistent application verified. Tests must also be conducted to ensure that the inventory is not valued at amounts in excess of its net realizable value. Documentary evidence should be reviewed to verify ownership of inventories. The most important substantive audit procedure for the audit of inventory is attendance by the auditor at the annual stock taking. The auditor must observe the stock taking unless it is impractical to do so. The auditor should o conduct test counts o verify that all inventory has been counted and included in the inventory summary o verify the cut-off and the condition of the inventory Other substantive procedures involve the auditor’s verification of the inventory valuation at the lower of cost or net realizable value in accordance with generally accepted accounting principles. Identify the issues related to the observation of physical inventory counts The Canadian Auditing Standards and the CICA Handbook — Assurance require that the auditor attend the stock taking and test the quantities, pricing, and clerical accuracy of the inventory, unless it is impractical to do so. After examining the evidence, the auditor must be satisfied that the inventories physically exist in good condition and are owned by the client’s business. The auditor must also be satisfied that the declared basis of valuation is being followed and is consistent with the previous period’s method of valuation. Describe the knowledge of the entity’s business that is relevant to the audit of manufacturing inventory, and describe the analytical and substantive procedures used to support the most significant assertions The auditor should know enough about the business to review adequately the appropriateness and consistency of the methods of valuation. Knowing the business also helps alert the auditor to any obsolete inventory. The auditor reviews margins and inventory turnover ratios. The auditor also reviews the manufacturing variance accounts. Large or erratic fluctuations in variances may indicate some valuation problems with manufacturing inventory. The auditor’s main concern is usually the valuation of the inventory. The auditor must understand the valuation methods and test their consistent application. The auditor also has to verify that inventory is valued at the lower of cost and net realizable value and on a basis consistent with that of prior periods. Summarize how knowledge of the entity’s business is relevant to the audit of capital assets, and describe the analytical procedures used to audit such assets Knowledge of the client’s business helps the auditor know what types of assets are likely to have been acquired or disposed of. This knowledge also helps when reviewing the adequacy of disclosure regarding lease obligations and capital commitments. Knowing the business helps the auditor verify that the net book value of the capital assets does not exceed their value to the business. For purposes of calculating amortization, knowledge of the business helps the auditor when assessing the reasonableness of estimated residual values and asset lives. Analysis connected with capital assets might include o comparing capital asset balances to prior years o comparing the ratio of amortization expense to capital assets to prior years o comparing the balance of maintenance and repair expenses to prior years o scanning maintenance and repair expense for items that should have been capitalized o comparing total additions to capital budgets Summarize the most significant assertions with respect to capital assets, and describe the substantive procedures used to support these assertions with examples of specific substantive procedures The auditor is most concerned with existence, ownership, and valuation of capital assets. The auditor usually obtains a continuity schedule and vouches additions and disposals with supporting documentation. The auditor may physically inspect significant additions. Documentary evidence should be reviewed to establish ownership. The auditor also verifies that disclosure of capital assets is in accordance with Handbook requirements. Typical audit procedures in this area include o vouching additions and disposals o physically inspecting assets o verifying that leases are appropriately accounted for o reviewing amortization calculations and gains/losses on disposal o ensuring that disclosure meets the requirements of generally accepted accounting principles Describe the main activities and accounts, segregation of functional responsibilities, and sources of evidence in the production and payroll cycles The main activities in the production cycle include production planning, authorization, production of goods or services, custody of inventory, recordkeeping, issue of goods, and reconciliation of various records. The main activities in the payroll cycle include maintaining personnel records, timekeeping, calculation of payroll, approval of payroll, payment of payroll, remittance of deductions, filing of statutory returns, as well as reconciling pay and production records. The main accounts affected by the production cycle are inventory accounts (including work in process), overhead accounts, variance accounts, labour and material costs, and cost of goods sold. The main accounts affected by the payroll cycle are labour costs, benefits, accrued payroll costs, and bank accounts. The responsibilities for authorization, custody, and accountability should be separated. Combinations of two or more of the duties of authorization, custody, or cost accounting in one person may open the door for errors or fraud. In the payroll cycle, the following five responsibilities should be performed by separate people or departments: o personnel and labour relations o approval of time worked o timekeeping and cost accounting o payroll accounting o payroll distribution Sources of evidence (documentation) in the production cycle may consist of sales forecasts, purchase documents, production schedules, material requisitions, job or product costing records, variance analyses, inventory records, and asset amortization schedules. Sources of evidence in the payroll cycle usually include hiring authorizations, time cards, union agreements, payroll summaries, employee deduction records, labour analyses, and statutory reports (such as T-4 summaries). General control considerations in these cycles include o adequate segregation of duties o proper authorization procedures o appropriate records and documents o preparation of reconciliations o management review of summary documents Summarize the control objectives and tests of controls procedures for the production and payroll cycles Control objectives for these cycles include the following: o Recorded production and payroll transactions are valid and documented. o All production and payroll transactions are recorded. o Production and payroll transactions are authorized. o Production job cost records and payroll transactions are accurately calculated. o Labour and material costs are correctly classified as direct or indirect costs. o Production and payroll accounting are complete. o Production and payroll transactions are recorded in the proper period. The auditor should identify the key control procedures established by management to ensure that the control objectives for the production and payroll cycles are achieved. The auditor should assess the extent to which the designed control procedures, if operating effectively, could be relied upon to reduce the risk of material misstatement at the assertion level. The auditor must design test of controls procedures to evaluate the operating effectiveness of those key controls which the auditor proposes to rely upon in the assessment of the risk of material misstatement at the assertion level. Explain the knowledge of the entity’s business that is relevant to the audit of payroll, and describe the analytical and substantive procedures used to support the most significant assertions The auditor should have information about the following items related to payroll: o number of employees and dollar value of payroll o frequency and method of payment o compensation structure, including bonuses, commissions, and so on o extent of use of casual labour o existence of a collective agreement and its terms o use of an outside payroll service Payroll costs should be compared to budgets and prior periods. Fluctuations from month to month should be investigated and verified. The methods of calculating accruals should be reviewed, and the accrued amounts compared to those of the previous year. The auditor is most concerned with validity, completeness, and valuation. Validity is established by tracing employees to personnel records and verifying hours worked from approved time-cards, for example. Completeness is verified by testing the cut-off and accruals. Valuation must be tested by tracing rates of pay to collective agreements or approved wage/salary listings. Identify the activities and accounts, segregation of functional responsibilities, and sources of evidence for the finance and investment cycle The main activities in the finance and investment cycle are financial planning, investing, borrowing, and repayment. The accounts affected are short-term and long-term investments, short-term and long-term debts, investment income accounts, interest expenses, accrued interest, and accrued cash. The functional responsibilities that should be separated are o authorization of investments and borrowing o custody of investments o recordkeeping for investments o periodic reconciliation activities A board of directors independent of management should approve major financing and investing decisions. Sources of evidence for this cycle include o cashflow forecasts o capital budgets o contracts and agreements o shareholder records and share certificate registers o bonds and notes outstanding o joint venture and partnership agreements o investment certificates o registration documents for intangibles, such as patents and trademarks o minutes of the board of directors, authorizing activities within this cycle Describe the control objectives and tests of controls procedures for the finance and investment cycle The control objectives for this cycle are as follows o Recorded investment and financing transactions are valid and documented. o All finance and investment transactions are recorded. o o o o o Finance Finance Finance Finance Finance and and and and and investment investment investment investment investment transactions are authorized. transactions are accurately calculated. transactions are correctly classified. transaction accounting is complete. transactions are recorded in the proper period. The auditor should identify the key control procedures established by management to ensure that the control objectives for the finance and investment cycle are achieved. The auditor should assess the extent to which the designed control procedures, if operating effectively, could be relied upon to reduce the risk of material misstatement at the assertion level. The auditor must design test of controls procedures to evaluate the operating effectiveness of those key controls which the auditor proposes to rely upon in the assessment of the risk of material misstatement at the assertion level. Module 10 summary Describe the key substantive procedures in the audit of long-term investments The auditor usually obtains a schedule of investments and inspects or confirms the details of the securities with the holder. o The cost of new investments should be verified by referring to the transaction documents. o Disposals should be vouched to supporting documentation and gains/losses verified. o The auditor should also verify related investment income. The auditor must verify the underlying value of the investments held at the date of the balance sheet by referring to market quotations, audited financial statements, or other reliable evidence. Summarize the key substantive procedures in the audit of long-term debt The auditor obtains a schedule of notes payable and long-term debt and confirms the liabilities and terms with the lender. The auditor should verify that interest and other expenses have been correctly accounted for and that the current portion of long-term debt has been calculated accurately. The auditor must also consider if any leases should be capitalized. Summarize the key substantive procedures in the audit of shareholders’ equity The auditor should obtain a schedule of any transactions affecting shareholders’ equity. o All transactions should be traced to appropriate authorization, usually by the board of directors. o Shares outstanding should be confirmed with the registrar or, if the company maintains its own registry, agreed with the share certificates and stubs. Stock options, and so on, which might affect earnings per share, should be documented. Identify the assertions and the type of analysis relevant to revenue and expenses audit, and explain how net income is indirectly audited through the balance sheet approach The assertions relevant to revenue and expenses are o Revenue accounts represent all the valid transactions, recorded correctly in the proper account, amount, and period. o The accounting for consignment and goods sold with rights of return conforms with accounting principles. o Expense accounts represent all the valid expense transactions recorded correctly in the proper account, amount, and period. o Revenues, expenses, cost of goods sold, and extraordinary, unusual, or infrequent transactions are adequately classified and disclosed. Because assets minus liabilities equals equity, establishing the validity of the asset and liability amounts will establish the validity of the ending equity balance. Transactions other than net income that affect equity can be verified relatively easily. This combination serves to prove (albeit indirectly) the net income or loss for the period. In addition, audit work on balance sheet accounts provides the auditor with assurance about the related income statement accounts. Analysis can be used to compare the revenue accounts and amounts to prior-year data and/or to multiple-year trends to attempt to identify any unusual fluctuations. Comparisons can also be made with budgets and forecasts. Management should be asked to explain fluctuations. The auditor should obtain reasonable assurance that the explanations are valid and adequately explain the direction and amount of change. Explain audit procedures for identifying and auditing contingencies The auditor’s main sources of evidence concerning contingencies are derived from o correspondence with the client’s lawyers o review of the bank confirmation o review of contracts and agreements o review of tax assessments and correspondence o client representation letters Describe the content of an enquiry letter to the client’s law firm and the possible outcomes from replies to the letter The enquiry letter should o list all entities to which the enquiry is related o list outstanding claims or possible claims o describe the nature, status, and client’s evaluation of the likely outcome of each claim and possible claim The letter should also request that the law firm send a reply directly to the auditor that o advises if the claims and possible claims are properly described o advises if the client’s evaluations of the claims and possible claims are reasonable o lists any claims or possible claims omitted from the enquiry letter When there is an omission, the auditor should ask the client to evaluate the likely outcome and obtain the law firm’s agreement to the evaluation. If the law firm does not agree with any evaluation, a meeting should be held with the client, the law firm, and the auditor to discuss the matter. Describe the importance of client representations The client or management representation letter includes management’s acknowledgment of primary responsibility for the financial statements, its confirmation that the auditor has been provided with all financial records and related data, and its confirmation that all minutes have been provided to the auditor. The letter usually also confirms management’s belief that the financial statements are accurate and complete and the valuations used are appropriate. In most cases, the representation letter cannot serve as a substitute for adequate audit work by the auditor. In other cases, management representation is the only evidence available (for example, for the company’s future plans). CAS 580 provides guidance on the use of management representations as audit evidence, the requirement to obtain written confirmation of significant representations, and the implication of management’s refusal to provide written representations. Explain the significance of auditing related-party transactions If one party controls another party, or if they are both under common control, they are considered related parties (this includes the company’s management and immediate family members). The CICA Handbook includes recommendations for measurement and disclosure of related party transactions, because these transactions may not reflect what would be done in an "arms length" transaction. Identifying related parties can be difficult. To do so, use knowledge of the business, enquire of management, read meeting minutes, and examine unusual transactions. Identify the extent of the auditor’s responsibilities in relation to subsequent events, explain different types of events and their audit implications, and identify sources of information The extent of the auditor’s responsibilities for subsequent events can be summarized as follows: o The auditor must perform review and enquiry procedures to ensure that events subsequent to the balance sheet date for which adjustments and disclosures may be required are identified. o For identified subsequent events, the auditor must examine evidence to determine if those events have been appropriately reflected in the financial statements. o The procedures used to identify subsequent events should extend as close to the date of the auditor’s report as possible. Type I events are those in which a pre-existing condition necessitates an adjustment to the financial statements. Type II events are those in which no adjustments to the financial statements are necessary, but additional note disclosures are required. If the auditor identified a Type I event, the auditor must verify that appropriate adjustments were made to the financial statements. If the auditor identifies a Type II event, the auditor must verify that the additional note disclosures are adequate. Sources of information about subsequent events include o enquiries of management o correspondence with the client’s law firm o review of internal financial statements o transactions subsequent to the year end o minutes of directors’ meetings held subsequent to the year end Identify the tasks involved in evaluating the results of the audit at the completion stage The tasks include 1. evaluating the sufficiency and appropriateness of the evidence collected 2. reviewing the disclosures in the financial statements 3. performing an overall financial statement analysis 4. assessing whether the evidence collected supports the conclusions of the auditor’s report 5. reviewing the content of the working paper file Describe the main objectives of independent reviews The main objectives of independent review are to ensure the following: 1. The fieldwork provides proper support for the auditor’s report and no procedures were omitted or important conclusions overlooked. 2. The working papers have been prepared in accordance with the firm’s policies, contain adequate documentation of work performed, support the conclusions, and provide evidence of compliance with generally accepted auditing standards. 3. The work has been conducted and the report prepared in accordance with the policies of the firm and all applicable external requirements. 4. Important matters have been or are being reported to the client. Summarize current CICA Handbook recommendations regarding communication with the client The CICA Handbook requires that certain matters be communicated to management while other, potentially more serious, matters are to be communicated to those having oversight responsibility for the financial reporting process (usually the audit committee). CAS 260, CAS 265, CAS 450, and CAS 240 require the auditor to advise management of issues related to o fraud and error o illegal acts o risks of material misstatement, the entity, and its environment o procedures in response to assessed risk o weaknesses in internal control Matters are usually communicated with management through a management letter. Any communication of matters identified during the audit must clearly indicate that the communication is derived from work done during the audit, but that the audit would not necessarily identify all matters that are of interest to management or the audit committee. The communication must indicate that it is not intended for the use of third parties, and should be in writing whenever possible. Describe current CICA Handbook recommendations regarding communication with the audit committee CAS 260 requires the auditor to advise the audit committee (or those having oversight responsibility for the financial reporting process) of issues related to o fraud and error o illegal acts o significant weaknesses in internal control o related party transactions not in the normal course of business o items having a significant effect on the understandability, relevance, reliability, and comparability of the financial statements o relationships that may impact the auditor’s independence, and o any other important and relevant matters.