Audit Evidence - CCH Testing Center
advertisement
1 MODULE 1 — CHAPTER 1 Audit Evidence LEARNING OBJECTIVES At the completion of this chapter, the reader should: Understand the new definition of audit evidence, as well as the concepts of sufficiency and appropriateness of audit evidence. Understand the concept of relevant assertions. Be able to use relevant assertions in planning an audit. Be able to design audit procedures for obtaining audit evidence. INTRODUCTIION Statement on Auditing Standards No. 106, Audit Evidence, (SAS 106) significantly expands and recategorizes the assertions for account balances, transaction classes and disclosures that are used in audits, and requires a closer correlation between those assertions and the audit procedures used in gathering audit evidence. It provides new definitions of several terms including audit evidence and the sufficiency and appropriateness of that evidence. It also creates significant new guidance for using relevant assertions to assess risk and design audit procedures; assessing the reliability of various types of audit evidence; risk assessment’s place in the body of audit evidence; and uses and limitations of inquiry. Finally, it describes the risk assessment procedures of inquiry, analytical procedures, observation, and inspection. SAS 106 supersedes SAS 31, Evidential Matter. UNCONDITIONAL AND PRESUMPTIVELY MANDATORY REQUIREMENTS SAS 106 contains numerous unconditional and presumptively mandatory requirements. These requirements are summarized below for convenience, in order to present them in the same order that they are discussed within the original text of SAS 106, to highlight their importance, and to assist readers in focusing on their application in practice. For clarity and purposes of analysis, this Course groups them into four unconditional requirements and 24 presumptively mandatory requirements. Discussion of each requirement appears throughout the text under various headings in topical format, rather than in the order that they appear in the original pronouncement. Top_Aud_08_book.indb 1 8/30/2007 3:14:42 PM 2 TOP AUDITING ISSUES FOR 2008 CPE COURSE Unconditional Requirements These requirements are identified in the Standards by the word “must,” and are required to be performed in all circumstances where they are applicable. 1. The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for the audit opinion. 2. The auditor must not be satisfied with evidence that is less than persuasive. 3. The auditor must perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. 4. Risk assessment procedures must be supplemented by further audit procedures in the form of substantive procedures and, when relevant or necessary, tests of controls. Presumptively Mandatory Requirements These requirements are identified in the Standards by the words “should” or “should consider.” Following is a recap of the “should” statements. They are required to be performed in all applicable circumstances unless the auditor can justify in the audit documentation a reason for not doing so, and demonstrate how other audit procedures have met their objectives. SAS 106 states that the auditor should: 1. Obtain audit evidence by testing the accounting records. 2. Obtain other audit evidence because accounting records alone do not provide sufficient appropriate audit evidence on which to base an opinion. 3. Consider the sufficiency and appropriateness of audit evidence to be obtained when assessing risks and designing further audit procedures. 4. Consider the reliability the information to be used as audit evidence. 5. Obtain audit evidence about the accuracy and completeness of clientprepared information when using that information to perform further audit procedures. 6. Consider the accuracy of price information and the completeness and accuracy of sales volume data when standard prices are applied to records of sales volume for purposes of auditing revenue. 7. Determine what additional audit procedures are necessary to resolve inconsistencies in audit evidence obtained from different sources. 8. Use professional judgment in evaluating the quantity and quality of audit evidence. Top_Aud_08_book.indb 2 8/30/2007 3:14:42 PM MODULE 1 — CHAPTER 1 — Audit Evidence 3 9. Exercise professional skepticism in evaluating the quantity and quality of audit evidence. 10. Use relevant assertions for classes of transactions, account balances and presentation and disclosure in sufficient detail to form a basis for assessing the risk of material misstatement and designing and performing further audit procedures 11. Use relevant assertions in assessing risks by considering the types of misstatements that might arise and designing further audit procedures to respond to those risks. 12. Determine the relevance of each of the financial statement assertions for each significant class of transactions, account balance, and presentation and disclosure. 13. Determine the source of likely potential misstatements in each significant class of transactions, account balance, and presentation and disclosure, in order to identify relevant assertions. 14. Evaluate the nature of the assertion, volume of transactions or data, and the nature and complexity of systems in determining whether particular assertions are relevant to a significant account balance or disclosure. 15. Obtain evidence upon which to base an opinion by performing certain specified audit procedures. 16. Test controls when the risk assessment includes an expectation of their operating effectiveness. 17. Perform tests of controls to obtain audit evidence about their effectiveness when substantive procedures alone do not provide sufficient appropriate audit evidence. 18. Plan and perform substantive procedures to be responsive to related planned levels of detection risk. 19. Design and perform substantive procedures for all relevant assertions related to each significant class of transactions, account balance, and disclosure, regardless of the risk of material misstatement. 20. Use one or more of the types of audit procedures, such as inspection of documents, records or tangible assets, observation, inquiry, etc., as described in this Statement. 21. Perform procedures to establish the continuing relevance of evidence obtained in previous audits, where that evidence is to be used in the current audit. Top_Aud_08_book.indb 3 8/30/2007 3:14:42 PM 4 TOP AUDITING ISSUES FOR 2008 CPE COURSE 22. Obtain replies to inquiries in the form of written management representations. 23. Perform additional audit procedures to resolve significant inconsistencies in the information obtained. 24. Perform audit procedures in addition to the use of inquiry to obtain sufficient appropriate evidence. STUDY QUESTIONS 1. Which of the following is an unconditional requirement of SAS 106? a The auditor must perform additional audit procedures to resolve significant inconsistencies in the information obtained. b. The auditor must perform tests of internal controls. c. The auditor must perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. d. The auditor must perform substantive procedures for all relevant assertions related to each class of transactions, account balance, and disclosure, regardless of their significance. 2. All of the following are presumptively mandatory requirements of SAS 106 except: a. The auditor should perform additional audit procedures to resolve significant inconsistencies in the information obtained. b. The auditor should perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. c. The auditor should consider the sufficiency and appropriateness of audit evidence to be obtained when assessing risks and designing further audit procedures. d. The auditor should determine the source of likely potential misstatements in each significant class of transactions, account balance, and presentation and disclosure, in order to identify relevant assertions. NEW DEFINITIONS SAS 106 introduces or re-defines four key terms in auditing literature. Audit Evidence SAS 106 defines audit evidence as “all the information used by the auditor in arriving at the conclusions on which the audit opinion is based and includes the information contained in the accounting records underlying the Top_Aud_08_book.indb 4 8/30/2007 3:14:42 PM MODULE 1 — CHAPTER 1 — Audit Evidence 5 financial statements and other information.” Previous Standards contained no definition of this term. Sufficient, Appropriate Audit Evidence SAS 106 use two key terms to describe audit evidence: sufficient and appropriate. The term appropriate replaces competent in previous Standards. Its meaning is essentially the same. The change was made to move U.S. terminology into closer conformity with International Standards of Auditing. Sufficient refers to the quantity of the evidence, while appropriate refers to its quality. It is difficult to define sufficient audit evidence because the term refers simply to the amount of evidence collected. Nevertheless, the auditor must exercise considerable judgment when determining whether audit evidence is sufficient. SAS 106 offers the following guidance: An auditor can never reduce audit risk to zero. Therefore, the accumulation of evidence should be persuasive rather than conclusive. An auditor must work within economic limits but cost cannot be the sole basis for the quantity or quality of audit procedures. The difficulty or expense of a test is not a valid reason for omitting it. An auditor should not form an opinion on the entity’s financial statements until he or she has obtained sufficient appropriate audit evidence to remove any substantial doubt about a material assertion. Otherwise, the auditor should express a qualified opinion or a disclaimer of opinion on the financial statements. SAS 106 states that audit evidence is appropriate when it is both reliable and relevant but it does not define either term. It does, however, indicate that evidence is more reliable when it is: Obtained from an independent knowledgeable source outside the entity. Created under more effective internal controls. Obtained directly by the auditor rather than indirectly or by inference. In documentary form. In the form of original documents rather than photocopies or facsimiles. Audit evidence should be capable of proving or disproving an assertion made by the client in its financial records. Therefore, evidence must pertain to or be relevant to the audit objective or the assertion the auditor is testing before it can be persuasive. Relevance can be considered only in terms of specific audit objectives or assertions and evidence may be relevant to one specific audit objective or assertion but not to another. Top_Aud_08_book.indb 5 8/30/2007 3:14:42 PM 6 TOP AUDITING ISSUES FOR 2008 CPE COURSE EXAMPLE Assume that an auditor is concerned with whether all shipments made to customers are being billed by the client (completeness assertion). Selecting a sample of duplicate sales invoices, using the sales invoices as the population and tracing them to the related shipping documents, does not provide relevant evidence for the completeness assertion. Selecting a sample of shipping documents, using the shipping documents as the population and comparing them to the related duplicate sales invoices to determine if the customers had been billed, does. In this example, tracing from the duplicate sales invoices to the related shipping documents provides relevant evidence for the existence or occurrence assertion, but not the completeness assertion. Relevant Assertions SAS 106 defines relevant assertions as those which have a meaningful bearing on whether an account is fairly stated. This is a new term in the auditing lexicon, and is used frequently throughout SAS 106. This term draws attention to the need, as discussed in the example immediately above, for audit procedures to be relevant to a particular assertion in order to be appropriate. Risk Assessment Procedures Risk assessment procedures are defined as procedures performed on all audits to: Obtain an understanding of: The entity Its environment Its internal controls Assess the risk of material misstatement at: The financial statement level The relevant assertion level Risk assessment procedures, according to SAS 106, are necessary to provide a basis for assessing the risk of material misstatement. Their results, combined with the results of further audit procedures, provide audit evidence that ultimately supports the auditor’s opinion on the financial statements taken as a whole. STUDY QUESTIONS 3. Audit evidence does not include the information contained in the accounting records underlying the financial statements. True or False? Top_Aud_08_book.indb 6 8/30/2007 3:14:42 PM MODULE 1 — CHAPTER 1 — Audit Evidence 7 4. All of the following statements apply to audit evidence except: a. The results of risk assessment procedures, combined with the results of further audit procedures, provide audit evidence that ultimately supports the auditor’s opinion. b. Audit evidence should be capable of proving or disproving an assertion made by the client in its financial records. c. In order to express an unqualified opinion on financial statements, the accumulation of evidence must be conclusive. d. Sufficiency refers to the quantity of the evidence, while appropriateness refers to its quality. 5. Which of the following statements best applies to the reliability of audit evidence as discussed in SAS 106? a. Audit evidence in the form of an oral representation is equally reliable as documentary evidence. b. The reliability of audit evidence is independent of the effectiveness the internal controls. c. Audit evidence obtained indirectly or by inference generally is equally reliable as evidence obtained directly by the auditor. d. Audit evidence is more reliable if it is obtained from an independent knowledgeable source outside the entity. 6. Which of the following auditing procedures is likely to be most effective in providing relevant audit evidence to prove or disprove the client’s completeness assertion that all shipments to customers have been billed? a. Selecting a sample of shipping documents, using the shipping documents as the population and comparing them to the related duplicate sales invoices to determine if the customers had been billed. b. Selecting a sample of duplicate sales invoices, using the sales invoices as the population and confirming them with the customer. c. Selecting a sample of duplicate sales invoices, using the sales invoices as the population and tracing them to the related shipping documents. d. Comparing the number of shipping documents over a period of time with the number of invoices for the same period. RELEVANT ASSERTIONS Assertions are implied or expressed representations by management about the recognition, measurement, presentation, and disclosure of information in the financial statements and related disclosures. One of the first steps in the audit process is to identify management’s assertions regarding each material component of the financial statements. Auditors must test these assertions by gathering evidence to support or refute them. Professional literature Top_Aud_08_book.indb 7 8/30/2007 3:14:42 PM 8 TOP AUDITING ISSUES FOR 2008 CPE COURSE previously identified five assertions: completeness, occurrence, rights and obligations, valuation/allocation, and presentation and disclosure. SAS 106 identifies 13 assertions which it sorts into three broad categories. Some of these assertions, such as accuracy and cutoff, are really different ways of viewing previously existing assertions. The new category for presentation and disclosure reflects increased emphasis on the importance of this area to the users of financial statements, and highlights the necessity for auditors to seriously address the content of the financial statements. Auditors are now required to determine the relevance of each of the assertions and the source of likely potential misstatements for each significant class of transactions, account balance, and presentation and disclosure, and to use the assertions in assessing risks by considering the types of misstatements that might arise and designing further audit procedures to respond to those risks. The term linkage appears often in current professional literature. This term refers to the connection between assessed risks and the nature and extent of audit procedures. The increased emphasis on the concept of “linkage” is a new philosophical direction in auditing that will significantly re-direct audit practice in the future. OBSERVATION The Public Company Accounting Oversight Board (PCAOB) conducts inspections of all firms that audit SEC issuers. These inspections have cited recurring failures to correlate the nature and extent of audit procedures to the degree of assessed risk. This often resulted, it says, in overauditing of areas of lower risk, and underauditing of some high risk areas. Such an approach is inefficient at best. At worst, it may cause the audit to be ineffective. Anecdotal observations of the AICPA’s practice monitoring programs suggest that this problem is not confined to audits of SEC issuers. SAS 106 compels auditors to think more critically about the relationship between audit risk and audit procedures. Doing so should lead the profession to audit more efficiently by applying greater effort and more intensive procedures to areas of greater risk, while spending fewer audit resources in low risk areas. Classes of Transactions and Events Assertions about classes of transactions and events for the period under audit address whether recorded transactions and events: Have in fact occurred and relate to the entity (occurrence). Include all transactions and events that should have been recorded (completeness). Have been properly recorded based on appropriate amounts and other data (accuracy). Have been recorded in the correct accounting period (cutoff). Have been recorded in the proper accounts (classification). Top_Aud_08_book.indb 8 8/30/2007 3:14:43 PM MODULE 1 — CHAPTER 1 — Audit Evidence 9 Previous auditing Standards did not have explicit assertions for accuracy or cutoff, although these matters have always been addressed in financial statement audits. Accuracy was addressed through a combination of considerations related to all five of the previously existing assertions. Cutoff was addressed through considerations of completeness and occurrence. The new cutoff assertion is a logical outgrowth of the increased emphasis in SAS 99 on fraudulent revenue recognition, and reflects the need for auditors to give explicit consideration to the risk of cutoff errors or manipulations giving rise to improper revenue recognition. Account Balances Assertions about account balances at the period end address whether: Assets, liabilities, and equity interests exist (existence). The entity holds or controls the rights to assets and liabilities are the obligations of the entity (rights and obligations). All assets, liabilities, and equity interests that should have been recorded have been recorded (completeness). Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded (valuation and allocation). This category of assertions has not changed, and thus will not likely cause significant changes to existing audit practices. Presentation and Disclosure Assertions about presentation and disclosure address whether: Disclosed events and transactions have occurred and relate to the entity (occurrence and rights and obligations). All disclosures that should have been included in the financial statements have been included (completeness). Financial information is appropriately presented and described and disclosures are clearly expressed (classification and understandability). Financial and other information is disclosed fairly and at appropriate amounts (accuracy and valuation). Consistent with the philosophical direction of the new risk assessment model, which increases emphasis on the accuracy and clarity of disclosures, it is significant that SAS 106 has carved out a separate category for financial statement presentation and disclosure. This has several important practical implications for the ways in which auditors view their responsibilities relating to financial statement disclosures. Disclosure checklists will continue to be important tools in assuring the completeness of disclosures. Auditors will increasingly need to look past their disclosure checklists to the quality and substance of the disclosures. Checklists, when properly Top_Aud_08_book.indb 9 8/30/2007 3:14:43 PM 10 TOP AUDITING ISSUES FOR 2008 CPE COURSE designed and used, are an effective tool for determining the presence or absence of a particular disclosure. However, this determination may, when not thoughtfully made, be a binary decision in which the mere presence of a footnote captioned, say, “Inventory” may lead to a facile conclusion that all of the necessary disclosures about inventory are present and are clearly expressed. Auditors will need to carefully read and evaluate each disclosure to determine if it is truly adequate. This will be especially critical in areas that require management to make quantitative or qualitative judgments affecting the content of particular disclosures. Disclosure omissions or inadequacies often arise when a client experiences a significant unusual event or transaction, or has significant changes in its business, such as entering or discontinuing a line of business. Any such events should cause auditors be increasingly alert to the need for, and content of, new disclosures. Data in the footnotes will need to be closely correlated to the audit documentation. This includes non-financial data. This does not mean that every number in every footnote needs to be cross-referenced to a specific workpaper within the audit documentation, although some firms have adopted this practice as a matter of their own quality control policies. What it does mean is that if a footnote asserts, for example, that a significant operating lease has a five year term, the audit documentation should contain a copy or an abstract of the lease agreement that supports this assertion. OBSERVATION Not every assertion applies to every material component of the financial statements. There are, however, many areas where most of the assertions are relevant. There will be a significant increase in the number of assertions that need to be addressed on each audit. Auditors should be mindful of the increased time this will create for each audit. This has implications for the scheduling of the firm’s personnel, and should also be discussed with clients when scheduling audit engagements. The “Risk Assessment Standards” as a group will likely also create new demands on the time and resources of clients’ accounting staffs. Auditors should also consider discussing fee increases with clients during the transition period, in order to give them a chance to budget for the increase and to avoid the distress of “sticker shock” in the year of implementation. Some firms have estimated that the new Standards, as a whole, might add 20%-25% to audit time. “Learning curve” costs are certain to be a part of this in the initial years of implementation. Firms should begin now to consider how to treat “learning curve” costs for billing purposes; to consider all or part of them as “educational” costs that the firm will absorb, to bill them all out to the client during the year of implementation, or to spread them over current and future years’ billings. Top_Aud_08_book.indb 10 8/30/2007 3:14:43 PM MODULE 1 — CHAPTER 1 — Audit Evidence 11 EXAMPLE If an entity’s financial statements show cash of $50,000, this means that management asserts that cash of $50,000 exists, is owned by the entity, and includes funds at all locations, funds with custodians, and deposits in transit as of the balance-sheet date. Furthermore, unless otherwise disclosed in the financial statements or notes thereto, management also asserts that the cash was unrestricted and available for the entity’s general operating purposes. It is important to note that SAS 106 allows auditors some discretion in how they express these assertions in their work. They may use them as described above, or they may characterize them differently, as long as all of the aspects have been covered. As a practical matter, auditors who choose to express the relevant assertions differently are well-advised to document in explicit fashion how those assertions cover all aspects of those outlined in SAS 106. This can be efficiently done, to some extent, through the use of uniformly structured practice aids that specify the connection between the assertions as used and those presented in the SAS. However, because of the wide variety of situations that may be encountered in real-world auditing, the need to supplement standardized practice aids with narrative comments should be considered on an engagement-by engagement basis. EXAMPLE The cutoff assertion under “classes of transactions and events” is one of the new assertions created by SAS 106. The concept of assuring proper cutoffs has long been addressed by auditors, and is not in itself a new idea. Under previous Standards, a receiving cutoff issue would have been addressed through a combination of the completeness and occurrence assertions. If goods were received in a period but not recorded, the client had a problem with the completeness assertion. If, on the other hand, receipt of goods was recorded in a period but the actual receipt did not occur in that period, there was a problem with the occurrence assertion. This continues to be a valid conceptual approach in this case. SAS 106 explicitly states that there may not be a separate cutoff assertion for transactions and events when the completeness and occurrence assertions include appropriate consideration of recording transactions in the proper accounting period. In this case, it is probably wise for the audit documentation to state that the cutoff assertion for receiving is adequately addressed by the combined consideration of completeness and occurrence. Top_Aud_08_book.indb 11 8/30/2007 3:14:43 PM 12 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTIONS 7. SAS 106 identifies 13 assertions which it groups into which of the following broad categories? a. Classes of transactions and events, account balances, presentation and disclosure. b. Completeness, occurrence, rights and obligations, valuation/ allocation, and presentation and disclosure. c. Completeness, classification and understandability, accuracy and valuation. d. Occurrence, completeness, accuracy, cutoff, and classification. 8. Which of the following statements best applies to the new cutoff assertion discussed by SAS 106? a. This assertion may be adequately addressed through consideration of the completeness assertion alone. b. This assertion may be adequately addressed through consideration of the occurrence assertion alone. c. This assertion reflects the need for auditors to give explicit consideration to the risk of cutoff errors or manipulations giving rise improper revenue recognition. d. This assertion must be expressly characterized as such in the audit documentation. 9. In addressing the assertions about presentation and disclosure, auditors will need to consider all of the following except: a. The clarity and understandability of the disclosures. b. Management’s quantitative or qualitative judgments affecting the content of particular disclosures. c. The need to gather evidence supporting significant non-financial information contained in the disclosures. d. The requirement to cross-reference all numbers within the disclosures to the audit documentation. USING ASSERTIONS IN OBTAINING AUDIT EVIDENCE SAS 106 requires auditors to determine the relevance of each of the financial statement assertions for each significant class of transactions, account balance, and for presentation and disclosure. Auditors should use the relevant assertions to assess the risks of material misstatements in the financial statements and to design audit procedures to respond to the assessed risks. To determine whether a particular assertion is relevant, they should evaluate: The nature of the assertion. The volume of transactions or data related to the assertion. Top_Aud_08_book.indb 12 8/30/2007 3:14:43 PM MODULE 1 — CHAPTER 1 — Audit Evidence 13 The nature and complexity of the systems the entity uses to process and control information supporting the assertion. Developing Audit Tests and Procedures To determine what type of evidence to collect, auditors develop specific objectives related to each relevant assertion. Auditors should evaluate each relevant assertion as it relates to the particular account balance, class of transactions, or presentation and disclosure when determining audit objectives. Having identified specific audit objectives, they should then develop methods to achieve them. Deciding upon the nature, timing, and extent of procedures to achieve the audit objectives involves the following types of procedures: Risk assessment procedures. These are performed to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and relevant assertion levels. Risk assessment procedures must be performed in all audits. Tests of controls (when relevant or necessary). These are performed to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level. Auditors should perform tests of controls when the risk assessment includes an expectation of the operating effectiveness of controls, or when substantive procedures alone do not provide sufficient appropriate audit evidence. EXAMPLE Substantive procedures alone often do not provide sufficient appropriate evidence for businesses that conduct a large volume of transactions in electronic form, for which a paper trail is not generated. These transactions are typically of a similar, repetitive nature and can be effectively controlled by a single system of internal control. When this is the case, testing the operating effectiveness of the controls over the transactions is often both effective and necessary to provide sufficient appropriate evidence. Substantive procedures. These are performed to detect material misstatements at the relevant assertion level and include tests of details of classes of transactions, account balances, and disclosures, and substantive analytical procedures. Regardless of the assessed risk of material misstatement, substantive procedures should be performed in all audits for all relevant assertions related to each material class of transactions, account balance, and disclosure. Top_Aud_08_book.indb 13 8/30/2007 3:14:43 PM 14 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTIONS 10. To determine whether a particular assertion is relevant for purposes of assessing the risks of material misstatements in financial statements and designing responsive audit procedures, auditors should evaluate all of the following except: a. The nature and complexity of the systems the entity uses to process and control information supporting the assertion. b. The nature of the assertion. c. The materiality of the assertion. d. The volume of transactions or data related to the assertion. 11. Tests of the operating effectiveness of internal controls would most likely be necessary in which of the following circumstances? a. For a single, large real estate transaction occurring outside of the normal course of the entity’s business. b. For occupancy costs such as rent, utilities and property taxes in a stable business entity. c. For developing an understanding of the entity and its environment, including its internal control. d. For large volumes of repetitive electronic transactions. 12. Which of the following statements best describes the requirements of SAS 106 related to substantive procedures? a. Substantive procedures should be performed in all audits for all relevant assertions related to each class of transactions, account balance, and disclosure regardless of materiality. b. Substantive procedures should be performed in all audits for all relevant assertions related to each material class of transactions, account balance, and disclosure regardless of the assessed risk of material misstatement. c. Substantive procedures performed on each material class of transactions, account balance, and disclosure must include tests of details and substantive analytical procedures. d. Substantive procedures are performed to detect material misstatements down to the transaction class, account balance and disclosure level. Types of Audit Procedures The auditor should use one or more types of the audit procedures described below when performing risk assessment procedures, tests of controls, or substantive procedures: Inspection of records and documents. This is usually applied to documents such as lease agreements, debt agreements, contracts, and minutes of meetings of the board of directors. Inspection addresses all Top_Aud_08_book.indb 14 8/30/2007 3:14:43 PM MODULE 1 — CHAPTER 1 — Audit Evidence 15 of the financial statement assertions because of the variety of documents the auditor may inspect. Inspection of tangible assets. This is most often associated with cash, securities, inventory, and property and equipment. The primary audit assertion tested by physical inspection is existence; however, it can also provide evidence about the valuation or allocation and rights and obligations assertions. Observation. Observation focuses on client activities to understand who performs them or how or when they are performed. It satisfies all financial statement assertions but it is rarely sufficient by itself. Other kinds of corroborative evidence are usually necessary. Inquiry. Inquiries are useful in testing all of the financial statement assertions. Although considerable evidence is obtained from client inquiries, they usually cannot be regarded as sufficient to detect material misstatements at the relevant assertion level. Normally it is necessary for the auditor to obtain further corroborating evidence through other procedures. In some cases, the auditor should obtain replies to inquiries in the form of written representations from management. Confirmation. Confirmation procedures include primarily written, and sometimes oral, responses from third parties regarding particular items affecting the financial statements. The primary assertions tested by confirmation are existence and rights and obligations, although confirmation can also provide evidence about the other financial statement assertions. To be considered reliable, confirmations must be controlled by the auditor from the time of their preparation until they are returned to the auditor. Recalculation. Recalculation involves testing the mechanical accuracy and rechecking of computations and transfers of information made by the client. Reperformance. Reperformance is the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. Analytical procedures. Analytical procedures use comparisons and relationships to determine whether account balances appear reasonable. Analytical procedures satisfy all assertions and are so important that they are required on all audits, in the planning and final evaluation stages. For certain audit objectives or small account balances, analytical tests alone may be sufficient evidence. In most cases, however, additional evidence beyond analytical procedures is necessary to satisfy the requirement for sufficient appropriate evidence. Top_Aud_08_book.indb 15 8/30/2007 3:14:43 PM 16 TOP AUDITING ISSUES FOR 2008 CPE COURSE Additional Considerations for Audit Evidence and Procedures SAS 106 contains several additional requirements and considerations concerning audit evidence and audit procedures. Most have to do with sufficiency and appropriateness of evidence. Some of these requirements seem so obvious as to beg the question of why they need to have been stated. The fact that the Auditing Standards Board chose to codify them in so explicit a fashion presumably signals a perception that they are important and are under-observed in practice. SAS 106 states a presumptively mandatory requirement to obtain evidence by testing the accounting records. This seems an obvious course of action for any audit. It goes on, however, to make the point that accounting records do not, by themselves, provide sufficient appropriate evidence on which to base an opinion. This is because accounting records are internally prepared, and thus provide no external corroboration. For this reason, SAS 106 also imposes a presumptively mandatory requirement to obtain other audit evidence, from sources outside the accounting records. Another set of requirements that seem obvious are the requirements to use professional judgment and professional skepticism in evaluating the quantity and quality of audit evidence. These requirements speak to the need to critically evaluate audit evidence for both sufficiency and appropriateness. A set of requirements deals with client-prepared information. These requirements essentially codify and expand the existing practice of “footing the PBCs”. They state that auditors should obtain audit evidence about the accuracy and completeness of client-prepared information when using that information to perform further audit procedures, and, especially where electronic documentation is involved, should consider its reliability, including the controls over its preparation and maintenance. There is also a specific requirement, which is presented in the form of an example, that auditors should consider the accuracy of price information and the completeness and accuracy of sales volume data when applying standard prices to records of sales volume to audit revenue. Yet another set of requirements deals with audit responses to inconsistencies in audit evidence. Auditors should determine what additional audit procedures are necessary to resolve inconsistencies in audit evidence obtained from different sources. Especially when inconsistencies involve evidence obtained through inquiry, additional audit procedures should be performed to resolve the inconsistencies. Finally, a newly-explicit requirement deals with the long-established practice of “rolling forward” audit evidence from one period to the next. Auditors are now required to perform procedures to establish the continuing relevance of such evidence when it is used in the current audit. Top_Aud_08_book.indb 16 8/30/2007 3:14:43 PM MODULE 1 — CHAPTER 1 — Audit Evidence 17 ILLUSTRATION 1-1 Relationship Of Audit Procedures To Relevant Assertions, Account Balances, Transaction Classes, Disclosures, and The Financial Statements As A Whole This illustration demonstrates four levels of consideration in a financial statement audit, and how the individual procedures provide evidence to support each of the relevant assertions for a particular balance, in this case for property and equipment. The accumulation and proper evaluation of sufficient appropriate audit evidence for the relevant assertions attaching to each material balance, transaction class and disclosure provide the building blocks for assurance at the financial statement level. For the sake of brevity, the illustration is truncated after property and equipment, and is expanded down to the relevant assertion and audit procedures level only for property and equipment. In an actual engagement, all balance sheet captions (i.e., account balances) and income statement captions (transaction classes) along with significant disclosures, would be listed in the second column, and expanded in the third and fourth columns. Financial Statement Level Balance/Transaction Class/Disclosure Level Relevant Assertion Level Audit Procedures Cash Accounts Receivable Inventory Property & Equipment Existence Inspection of assets Completeness Inspection of assets Completeness Analytical procedures Completeness Valuation Inspection of records and documents Inspection of documents of title, debt instruments Inspection of purchase invoices Recalculation of depreciation Valuation Analytical procedures Rights/ obligations Valuation One way to think of this illustration is to visualize the planning process as going from left to right on the matrix, and the actual gathering and evaluation of audit evidence as going from right back to left. The planning starts at the financial statement level, identifies the significant account balances, transactions classes, and presentation and disclosure aspects of the statements. It then considers the assertions relevant to each of those, and the attendant risks, and designs and performs audit procedures to address those risks and to Top_Aud_08_book.indb 17 8/30/2007 3:14:43 PM 18 TOP AUDITING ISSUES FOR 2008 CPE COURSE support—or disprove—the assertions. Performing further audit procedures starts to build back up from right to left. Each procedure provides support for one or more assertion, which in turn leads to the ability to conclude whether the balance, transaction class or disclosure has sufficient support, and whether the financial statements as a whole are fairly presented. ILLUSTRATION 1-2 Risk Assessment Matrix This illustration demonstrates the application of the concepts discussed above in a practical situation. Like Illustration 1-1, it is truncated to show detail only for property and equipment. Separate worksheets for the transactions classes and presentation and disclosure would list across the top their own relevant assertions, e.g., for transaction classes; occurrence, completeness, accuracy, cutoff and classification, rather than the assertions for account balances shown in this worksheet. Some auditors have suggested that it will be efficient to combine risk assessment with preliminary analytical review in the planning process. This worksheet demonstrates one possible format for documenting these processes. Column 1 lists the account balance, transaction class or disclosure Column 2 shows the auditor’s determination of whether the line item is significant or not by indicating a “Y” for yes, or “N” for no. Columns 3-5 give the current and prior years’ balances and the change, for preliminary analytical review purposes. Columns 6-10 list the relevant assertions for inherent risk. High risk is designated by “H”, moderate by “M” and low by “L.” Columns 11-15 list the relevant assertions for control risk, similarly to columns 6-10 Column 16 shows the risk of material misstatement. Column 17 shows whether tests of controls are contemplated or not. Column 18 provides space for narrative comment for the preliminary analytical review Column 19 lists audit responses for each of the relevant assertions. XYZ Company is a small manufacturer that has experienced an increase in sales due to acquisition of new and more productive machinery. Top_Aud_08_book.indb 18 8/30/2007 3:14:44 PM Top_Aud_08_book.indb 19 25,000 L 250,000 225,000 10,000 11,000 500,000 475,000 Inventory y Prepaids n Prpty/ Equip y Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip Prpty/ Equip 25,000 M (1,000) 150,000 120,000 y 90,000 A/R 100,000 y Cash 6 7 8 9 10 11 12 13 14 15 16 17 18 19 30,000 M 10,000 L M H M L M H M L L H H L L M L L L M M L M M M L M H M L L H H L L M L L M H M L no yes no yes Planned additions Increase consistent w/sales Increase consistent w/sales Disclosure checklist Inspection of assets & docs, analytical Insp of purchase invoices, recalc depr, analytical Inspection of assets Inspection of documents Disclosure checklist Inspection of assets Inspection of documents Inspection of assets & docs, analytical Insp of purchase invoices, recalc depr, analytical Further audit prcdrs not listed to reduce size of illus. Further audit prcdrs not listed to reduce size of illus. See I/C section of planning docs. Further audit prcdrs not listed to reduce size of illus. Inherent Risk Control Risk Val/ Risk of Material Cntrl Analyt Review Further Audit Rights/ Val/ Rights/ Tests? Comments Procedures Change Exist Oblig Complete Alloc Discl Exist Oblig Complete Alloc Discl Misstatemt 5 Signif? Current Prior 4 Acct Balance 3 2 1 XYZ Company Combined Preliminary Analytical Review and Risk Assessment FYE 12/31/07 MODULE 1 — CHAPTER 1 — Audit Evidence 19 8/30/2007 3:14:44 PM 20 TOP AUDITING ISSUES FOR 2008 CPE COURSE Not all of the audit procedures listed in this illustration would necessarily have to be applied. For example, column 19 shows “inspection of assets” as a procedure that could be used to support the existence assertion for property and equipment. Inherent and control risk for existence, however, are both assessed at low risk. Under these circumstances, an auditor might decide that an inspection of documents, specifically purchase invoices, which is contemplated to obtain support for the valuation assertion anyway, would also be sufficient to support existence. STUDY QUESTIONS 13. Which of the following audit procedures would be likely to provide the most persuasive evidence in support of the existence assertion related to inventory? a. b. c. d. Inquiry. Inspection of tangible assets. Analytical procedures. Recalculation. 14. Substantive analytical procedures are required on all audits. True or False? 15. The primary assertions tested by confirmation are: a. b. c. d. Top_Aud_08_book.indb 20 Existence and rights and obligations. Valuation. Classification and understandability. Accuracy. 8/30/2007 3:14:44 PM 21 MODULE 1 — CHAPTER 2 Audit Risk and Materiality in Conducting an Audit LEARNING OBJECTIVES At the completion of this chapter the reader should: Understand the concepts of audit risk and materiality. Be able to determine materiality and apply it in conducting an audit. Be able to evaluate audit findings in light of assessed risks and materiality. Be able to communicate audit findings to appropriate levels of management. INTRODUCTION Statement on Auditing Standards No. 107, Audit Risk and Materiality in Conducting an Audit (SAS 107) supersedes SAS 47 (AU Section 312), of the same title. Among the most sweeping changes that it makes to current auditing practice are: The introduction of the concept of considering risk of misstatement not only at the level of the financial statements taken as a whole, and at the level of individual account balance or class of transactions, but also at the disclosure level The requirement for the auditor to have an appropriate basis for all risk assessments and elimination of the concept of assessing risk “at the maximum” without support This Statement is effective for audits of financial statements with periods beginning on or after December 15, 2006. Thus, for full-year audits, December 31, 2007 year ends will be the first round of audits in which application is required. Earlier implementation is permitted. UNCONDITIONAL AND PRESUMPTIVELY MANDATORY REQUIREMENTS SAS 107’s seventy-one paragraphs are densely packed with requirements. These requirements are summarized below, for convenience, to segregate them out into one place in the same order that they are presented within the original text of SAS 107, to highlight their importance, and to assist readers in focusing on their application in practice. For clarity and purposes of Top_Aud_08_book.indb 21 8/30/2007 3:14:44 PM 22 TOP AUDITING ISSUES FOR 2008 CPE COURSE analysis, this Course groups them into eight unconditional requirements and 50 presumptively mandatory requirements. Some of these are groupings of related requirements. Discussion of each appears throughout the text under various headings in topical format, rather than in the order that they appear in the original pronouncement. Unconditional Requirements These requirements are identified in the Standards by the word “must,” and are required to be performed in all circumstances where they are applicable. SAS 107 states that the auditor must: 1. Consider audit risk and materiality. 2. Determine a materiality level for the financial statements taken as a whole for four specific purposes listed in the Standard. 3. Perform the audit to obtain reasonable assurance of detecting misstatements that could be large enough either individually or in the aggregate, in the auditor’s judgment, to be quantitatively material to the financial statements. 4. Accumulate all known and likely misstatements identified in the audit, other than trivial amounts, and communicate them to the appropriate level of management. 5. Consider the effects, both individually and in the aggregate, of known and likely misstatements that are not corrected in evaluating whether the financial statements are fairly presented. 6. Evaluate whether the financial statements taken as a whole are free of material misstatement. 7. Determine the implications for the auditor’s report if management refuses to make necessary corrections. 8. Determine the implications for the auditor’s report if he or she concludes that, or is unable to conclude whether, the financial statements are materially misstated. Presumptively Mandatory Requirements These requirements are identified in the Standards by the words “should” or “should consider.” They are required to be performed in all applicable circumstances unless the auditor can justify in the audit documentation a reason for not doing so, and demonstrate how other audit procedures have met their objectives. They state that the auditor should: Top_Aud_08_book.indb 22 8/30/2007 3:14:44 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 23 1. Consider the implications for the integrity of management or employees and the possible effects on other aspects of the audit, when he or she encounters evidence of potential fraud, even if immaterial. 2. Consider audit risk in relation to the relevant assertions at both the financial statement and account balance, transaction class and disclosure levels. 3. Perform risk assessment procedures at both the financial statement and relevant assertion levels. 4. Perform the audit to reduce audit risk to an appropriately low level for expressing an opinion. 5. Consider the risks of material misstatement that relate pervasively to the financial statements as a whole and that potentially affect many relevant assertions, when considering audit risk at the overall financial statement level. 6. Consider the knowledge, skill and abilities of personnel assigned significant engagement responsibilities, the need for specialists, and the appropriate level of supervision for assistants when developing responses to the risk of material misstatement at the financial statement level. 7. Consider the extent to which it is necessary to perform procedures at selected locations or components of an entity with multiple locations or components, based on several factors including judgments about risk and materiality. 8. Design audit procedures to obtain reasonable assurance of detecting material misstatements. 9. Consider audit risk at the individual account balance, transaction class and disclosure level. 10. Seek to reduce audit risk at the individual account balance, transaction class and disclosure level so as to enable the auditor to express an opinion on the financial statements as a whole at an appropriately low level of audit risk. 11. Assess the risk of material misstatement at the relevant assertion level as a basis for further audit procedures. 12. Have an appropriate basis for that assessment. 13. Perform substantive tests for all relevant assertions related to material account balances, transaction classes and disclosures. 14. Determine a materiality level for the financial statements taken as a whole when establishing an overall strategy for the audit. Top_Aud_08_book.indb 23 8/30/2007 3:14:44 PM 24 TOP AUDITING ISSUES FOR 2008 CPE COURSE 15. Consider the following factors when determining materiality: a. Prior periods’ financial statements. b. Current period’s budgets or forecasts. c. Significant changes in the client’s circumstances. d. Relevant changes of conditions in the client’s industry or the general economy. 16. Consider materiality the same way regardless of the client’s inherent business characteristics. 17. Consider whether misstatements of particular items that are less than materiality level for the statements as a whole could reasonably be expected to influence users’ decisions, in light of several specific factors. 18. Allow for the possibility that misstatements lower than the materiality levels could result in a material misstatement when aggregated. 19. Determine one or more levels of tolerable misstatement lower than the materiality level. 20. Be alert for misstatements that could be qualitatively material, even though it is not usually practical to design audit procedures to detect them. 21. Reconsider tolerable levels of misstatement and the appropriateness of the nature, timing and extent of further audit procedures when a materiality level lower than initially determined is appropriate. 22. Consider whether, in the face of identified misstatements, the overall audit strategy and audit plan need to be revised. 23. Not assume that a misstatement is an isolated occurrence. 24. Consider whether the risk of undetected misstatements is unacceptably high, if the aggregate known and likely misstatements approach the materiality level. 25. Reconsider the nature and extent of further audit procedures if the aggregate known and likely misstatements approach the materiality level. 26. Communicate all known and likely misstatements to the appropriate level of management on a timely basis. (Communication is an unconditional requirement. Timeliness of the communication is presumptively mandatory.) 27. Distinguish between known and likely misstatements in communicating the details of misstatements. 28. Request management to correct all known misstatements, including the effects of prior misstatements. Top_Aud_08_book.indb 24 8/30/2007 3:14:44 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 25 29. Request management to examine an account balance, transaction class or disclosure to identify and correct misstatements therein when a likely material misstatement is identified in a sample. 30. Request management to review the assumptions and methods used in developing accounting estimates, when likely misstatements are identified involving differences in estimates. 31. Reevaluate the amount of likely misstatement after management has examined an account balance, transaction class or disclosure, or reviewed the assumptions and methods used in developing accounting estimates, and corrected misstatements therein. This includes performing further audit procedures if necessary. 32. Obtain an understanding of management’s reasoning for not correcting some or all of the known or likely misstatements identified by the audit, and take that into account when considering qualitative aspects of the client’s accounting practices, and implications for the audit report. 33. Consider the size and nature of uncorrected misstatements and the particular circumstances of their occurrence and determine their effects on the financial statements as a whole. 34. Consider and aggregate both likely and known misstatements. 35. Aggregate misstatements in a way that facilitates assessment of their effects on individual amounts, subtotals or totals within the financial statements in relation to the financial statements as a whole. 36. Consider and evaluate each uncorrected misstatement separately, before considering the aggregate effects of all uncorrected misstatements. 37. Consider the effects of prior period misstatements on current period financial statements. 38. Consider the aggregate effects of uncorrected misstatements in determining whether the financial statements are free of material misstatement. 39. Request that management investigate and if necessary expand audit procedures when substantive analytical procedures indicate that a misstatement might exist, but not its approximate amount. 40. Project the amount of known misstatement identified in sampling to the balance or class from which the sample was taken. 41. Treat the difference between estimated amounts in the financial statements and the closest reasonable estimate that is supported by audit evidence as a likely misstatement. Top_Aud_08_book.indb 25 8/30/2007 3:14:44 PM 26 TOP AUDITING ISSUES FOR 2008 CPE COURSE 42. Consider whether the difference between estimates that are best supported by audit evidence and individually reasonable estimates in the financial statements indicate a possible management bias. 43. Consider whether apparent use of estimates to “smooth over” earnings or otherwise manipulate financial statements should be communicated to those charged with governance. 44. Consider the implication of misstatements that may be the result of fraud in relation to other aspects of the audit, even if the fraud is immaterial. 45. Consider, in evaluating whether the statements as a whole are free of material misstatement, the evaluation of known and likely misstatements and certain qualitative factors. 46. Consider, when evaluating whether the misstatements are material individually or in the aggregate, the nature and amount of the misstatements in relation to the nature and amount of items in the financial statements. 47. Request that management make the necessary corrections when the auditor believes that the statements as a whole are materially misstated. 48. Consider the effects of undetected misstatements in concluding whether the financial statements are materially misstated. 49. Perform additional audit procedures or satisfy himself or herself that the statements have been adjusted to reduce audit risk to an appropriately low level. 50. Document the following: a. Levels of materiality, including any changes made during the audit. b. All known and likely misstatements that have been corrected by the client, other than those deemed to be trivial. c. With respect to uncorrected misstatements: i. A conclusion as to whether the uncorrected misstatements, individually or in the aggregate, cause a material misstatement, and the basis for that conclusion. ii. A summary of uncorrected misstatements that allows the auditor to consider the effects of known and likely misstatements, both separately and in aggregate, as well as the qualitative aspects of misstatements. Top_Aud_08_book.indb 26 8/30/2007 3:14:44 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 27 STUDY QUESTIONS 1. SAS 107 lists which of the following as an unconditional requirement? a. Performing risk assessment procedures at both the financial statement and account balance, transaction class and disclosure levels. b. Evaluating whether the financial statements taken as a whole are free of material misstatement. c. Having an appropriate basis for the assessment of the risk of material misstatement at the relevant assertion level. d. Determining a materiality level for the financial statements taken as a whole. 2. SAS 107 lists which of the following as a presumptively mandatory requirement? a. Accumulating all known misstatements. b. Communicating all known and likely misstatements, other than trivial amounts, to the appropriate level of management. c. Determining one or more levels of tolerable misstatement lower than the materiality level. d. Considering the effects, individually and in the aggregate, of known and likely misstatements that are not corrected. 3. Auditors should consider all of the following factors when determining materiality except: a. b. c. d. Prior period’s budgets or forecasts. Significant changes in the client’s circumstances Prior periods’ financial statements. Changes of conditions in the client’s industry. 4. Auditors should consider audit risk in relation to the relevant assertions at: a. Both the financial statement level and the account balance, transaction class and disclosure level. b. Both the financial statement materiality level and the tolerable misstatement level. c. Only the account balance, transaction class and disclosure level. d. Only the tolerable misstatement level. Top_Aud_08_book.indb 27 8/30/2007 3:14:44 PM 28 TOP AUDITING ISSUES FOR 2008 CPE COURSE DEFINITIONS Audit Risk SAS 107 defines audit risk as “the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated” and, therefore, the risk that financial statements will include material misstatements. The auditor addresses both materiality and audit risk at an overall financial statement level to develop an audit strategy that will provide sufficient evidence to enable him or her to reasonably evaluate whether the financial statements are materially misstated. At the individual account balance, class of transactions, relevant assertion, or disclosure level, audit risk is made up of inherent risk, control risk, and detection risk. The concept of audit risk recognizes that auditors are able to obtain reasonable, but not absolute, assurance that material misstatements are detected. Inherent risk. This is the susceptibility of a relevant financial statement as- sertion to a material misstatement, either individually or when aggregated with other misstatements, assuming there are no related controls. Control risk. This is the risk that a material misstatement that could occur in a relevant financial statement assertion, either individually or when aggregated with other misstatements, will not be prevented or detected on a timely basis by the entity’s internal control. OBSERVATION One way to think of inherent risk and control risk is to think of dynamite. Dynamite is an inherently risky substance, due to its physical properties. Those properties do not change, no matter who has control of it. This is dynamite’s inherent risk. It is a constant. Control risk is a variable, depending on possession. When the hazardous materials squad of the fire department has the dynamite, the control risk, that is the risk that it will do damage, is low because of their special training and equipment, and their intention to protect public safety. When a group of terrorists has the dynamite, the control risk is high because of their intention to do harm, and their possible lack of proper training and equipment. Detection risk. This is the risk that the auditor will not detect a material misstatement that exists in a relevant financial statement assertion, either individually or when aggregated with other misstatements. Detection risk can be disaggregated into additional components of tests of details risk and substantive analytical procedures risk. Inherent and control risk are always the client’s risks. They exist independently of the audit. Detection risk is the auditor’s risk. Top_Aud_08_book.indb 28 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 29 The combined assessment of inherent risk and control risk is termed the “risk of material misstatement.” The new model for describing audit risk is: AR = RMM x DR where AR is audit risk, RMM is risk of material misstatement and DR is detection risk. It is a matter of professional judgment as to how these components are expressed. Some auditors express them in quantitative terms such as percentages. Many others use qualitative terms such as high, moderate or low. OBSERVATION Risk assessment is not an exact science. Like materiality, it does not lend itself to strict formulaic calculation. It is more like building a board fence, in which one could possibly allow differences of several inches, as compared to an engineering tolerance for an aircraft part, in which machining a part to within fractions of a millimeter is required. For this reason, broader qualitative terms, or percentages expressed in fairly wide ranges, are often the most useful approach to expressing levels of risk assessment. Precise quantitative expressions, such as pinpoint percentage calculations, may imply a greater degree of precision than this process actually intends or is capable of providing. In addition, by “putting too fine a point on it” at this stage of the engagement, the auditor may be setting a standard so high as to make it impossible to conduct the engagement efficiently or economically. Materiality SAS 107 does not change the basic definition of materiality. It cites the definition that is set forth in Financial Accounting Standards Board (FASB) Statement of Financial Accounting Concepts No. 2, Qualitative Characteristics of Accounting Information. This pronouncement defines materiality as “the magnitude of an omission or misstatement of accounting information that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.” Trivial Misstatement A footnote to SAS 107 defines “trivial” as “amounts designated by the auditor below which misstatements need not be accumulated. This amount is set so that any such misstatements, individually or when aggregated with other such misstatements, would not be material to the financial statements, after the possibility of further undetected misstatements is considered.” Top_Aud_08_book.indb 29 8/30/2007 3:14:45 PM 30 TOP AUDITING ISSUES FOR 2008 CPE COURSE OBSERVATION Auditors are required to summarize uncorrected misstatements and to communicate them to management. In most cases management agrees, in the representation letter, that they are not material. Trivial misstatements as designated by the auditor would not be posted to this summary. This is done for convenience or economy, otherwise auditors would have to communicate every misstatement, no matter how small, to management. Auditors should be careful, however, in determining this threshold, so that the concept of “trivial misstatement” does not become an expedient for disposing of misstatements that may have individual or collective significance on a qualitative basis. STUDY QUESTIONS 5. Which of the following risks is the auditor’s risk, as opposed to the client’s risk? a. b. c. d. The risk of material misstatement. Control risk. Inherent risk. Detection risk. 6. A trivial misstatement as defined by SAS 107 is best described as: a. An amount determined by the auditor such as makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the misstatement. b. An amount designated by management such that any such misstatements, individually or in the aggregate, would not be material to the financial statements. c. An amount designated by the auditor below which misstatements need not be accumulated. d. An amount agreed upon by management and the auditor such that any such misstatements, individually or in the aggregate, would not be material to the financial statements. CONSIDERING AUDIT RISK AND MATERIALITY Audit risk and materiality are considered both at the financial statement level, and in more detailed fashion at the individual account balance, transaction class or disclosure level. Assessing the risk of material misstatement is treated in greater detail in SAS 109, Understanding the Entity and Its Environment, and Assessing the Risks of Material Misstatement, which is discussed later in this Course. Top_Aud_08_book.indb 30 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 31 Considerations at the Financial Statement Level SAS 107 requires auditors to consider audit risk and to determine a materiality level for the financial statements taken as a whole. This assists them in: Determining the extent and nature of risk assessment procedures. Identifying and assessing the risks of material misstatement. Determining the nature, timing and extent of further audit procedures. Evaluating whether the financial statements are fairly presented. Considering audit risk is a matter of professional judgment. It can be assessed in quantitative or nonquantitative terms. At the financial statement level, this consideration includes general planning decisions such as staffing, extent of review, and degree of professional skepticism. The auditor is required to perform the audit to reduce audit risk to a low level that is appropriate for expressing an opinion on the entity’s financial statements. At this level, the auditor is concerned with risks of material misstatement that cut across many relevant assertions, and relate pervasively to the statements as a whole. These risks often attach to the overall control environment, and may not be linked to a particular relevant assertion at the account balance, transaction class or disclosure level. Identifying these risks is particularly important in terms of assessing the risk of fraud as a result of management override of controls. OBSERVATION Almost every audit has at least one significant risk. Most have only a few, one of which may stand out as the most significant. A mental exercise to help identify that risk is called “the one hour audit.” In this exercise, there are as many hours available as are reasonably necessary to plan the audit, including performing necessary risk assessment procedures and developing an understanding of controls, and to draft and review the financial statements and do other necessary “wrap-up” work. But the substantive test work in the field is limited to only a very short time; say an hour for a small audit, or a day for a large audit. Consider what the first thing to be tested would be. Then, if there is time left over, or if another hour was allotted, consider what would be tested next. This will usually identify the one or two most significant risks in the audit. This exercise works well in the brainstorming session that is required as a part of all audit planning. Give every participant a slip of paper, and ask them to write down how they would spend their hour. Collect all the responses and read them aloud, anonymously. Let the discussion begin. Top_Aud_08_book.indb 31 8/30/2007 3:14:45 PM 32 TOP AUDITING ISSUES FOR 2008 CPE COURSE Considerations at the Account Balance, Transaction Class, or Disclosure Level SAS 107 requires the auditor to consider audit risk at the individual account balance, class of transactions, or disclosure level. At this level, the auditor’s objectives are to: Determine the nature, timing, and extent of further audit procedures. Reduce audit risk at the individual balance, class, or disclosure level so that the auditor can express an opinion on the statements as a whole at an appropriately low level of audit risk. In determining the nature, timing, and extent of audit procedures to be applied to a specific account balance, class of transactions, or disclosure, the auditor should design audit procedures to obtain reasonable assurance of detecting misstatements that could be material, when aggregated with misstatements in other balances, classes, or disclosures, to the financial statements taken as a whole. Regardless of the audit approach or methodology, SAS 107 requires the auditor to assess the risk of material misstatement at the relevant assertion level as a basis for further audit procedures. OBSERVATION The requirement to assess the risk of material misstatement at the relevant assertion level as a basis for further audit procedures effectively eliminates the auditor’s ability to default to “maximum control risk” without having a basis for that assessment. This is a significant departure from existing practice. This does not mean that controls must always be tested. It does, however, mean that the auditor must have understanding of controls sufficient to support an assessment of maximum control risk. The intended result of this shift in audit thinking is that audit effort will be more effectively concentrated in areas of highest risk; in other words, that audit procedures will be more closely correlated to assessed risks. OBSERVATION The requirement to assess the risk of material misstatement at the disclosure level is new as an explicit requirement in the auditing literature. This is important because it underscores the fact that disclosures are more than just a mass of fine print appended to the basic financial statements. They are an integral part of those statements, and share equal importance to users, and thus are of equal concern to the auditor. Top_Aud_08_book.indb 32 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 33 STUDY QUESTION 7. The requirement of SAS 107 to assess the risk of material misstatement at the relevant assertion level as a basis for further audit procedures: a. Intends that audit procedures be performed in all areas without regard to assessed risks. b. Effectively eliminates the auditor’s ability to default to “maximum control risk” without having a basis for that assessment. c. Means that the auditor need not develop an understanding of controls sufficient to support an assessment of maximum control risk. d. Requires that controls always be tested. DETERMINING AND USING MATERIALITY Some matters are more important for the fair presentation of financial statements than others. Auditors are concerned with matters that either by themselves or combined with others, could be important, or material, to the financial statements. Auditors are responsible for planning and performing the audit to obtain reasonable, but not absolute, assurance that material misstatements, whether they are caused by error or by fraud, are detected. SAS 107 discusses materiality at three levels: The financial statements as a whole. Tolerable misstatement at the account balance, transaction class or disclosure level. Other particular items that are less than the materiality amount for the financial statements as a whole. Once materiality is established, it should be considered the same way— although not necessarily in the same amounts—in planning and evaluating, regardless of the client’s inherent business characteristics. EXAMPLE User expectations may differ depending on the degree of inherent uncertainty associated with particular financial statement items. The Standard cites as examples the provision for insurance claims in an insurance company, or for legal claims in the course of any entity’s business. The fact that these statement items are based on estimates that may contain a high degree of uncertainty may influence users’ assessments of materiality. This does not, however, cause the auditor to use different procedures for planning, or for evaluating misstatements in these areas. Top_Aud_08_book.indb 33 8/30/2007 3:14:45 PM 34 TOP AUDITING ISSUES FOR 2008 CPE COURSE Considering the Needs of Users Financial statement users are a diverse group that may include management, owners, employees, and creditors, among many others. Auditors consider the needs and perceptions of intended users of the financial statements in making judgments about materiality. SAS 107 make two important comments about financial statement users. The first is that auditors consider the needs of users as a group, rather than individually, when considering the possible effects of a misstatement. Because the needs of individual users may vary greatly, it is not feasible for the auditor to consider, or to try to anticipate the individual needs of every user. The second is that financial statement users need to take responsibility for intelligent use of the financial statements. SAS 107 states that users are assumed to: Have appropriate knowledge of business and economic activities and accounting. Have a willingness to study the information in the statements with an appropriate degree of diligence. Understand that financial statements are prepared and audited to levels of materiality. Recognize that there are uncertainties inherent in the accounting estimates and judgments used in preparing the financial statements, and in future events. Make appropriate economic decisions based on the financial statement information. OBSERVATION One of the major philosophical thrusts of the new Risk Assessment Standards as a whole is to differentiate the auditor’s responsibilities from those of management and other financial statement users. This is part of a comprehensive campaign to educate the public as to who is responsible for what in the process. Stories abound in which an auditor is sued by a financial statement user who failed to read or understand the statements, and made a decision that they would not have made if they had actually read the statements, or for something that the auditor could not reasonably have foreseen as a need. This Standard puts forth clear language that aims to head off these types of claims by making users responsible for putting forth reasonable effort to understand the statements and making reasonable judgments based upon them. Nature and Causes of Misstatements Known and likely misstatements. SAS 107 defines two types of misstatements: known and likely. The concept of known misstatements is unchanged from previous literature. They are simply the “hard differences” identified in Top_Aud_08_book.indb 34 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 35 the audit process. The concept of likely misstatements is not new, but it has taken on more importance. Likely misstatements are those that are identified either by projecting the results of a sampling application to an entire population, or by quantifying a difference between a recorded estimate and the auditor’s best judgment. These are often referred to in practice as “soft differences.” Previous Standards did not seem to take them as seriously as does SAS 107. Under the new Standard, likely misstatements need to be considered and evaluated, aggregated, and when not corrected by the client, carried forward to the summary of uncorrected misstatements. EXAMPLE The most common example of determining likely misstatements is in audit sampling. If the auditor sampled 20% of the accounts receivable balance and found total misstatements of $2,000 (the known misstatements), the auditor could project this misstatement to the account balance as $10,000 (the likely misstatements)—$2,000 divided by 20%. The likely misstatements of $10,000 include the known misstatements of $2,000 because the known misstatements are projected to the total accounts receivable balance. However, if the client corrects the known misstatements of $2,000, then the likely misstatements would be only $8,000 ($10,000 - $2,000). EXAMPLE Another example of determining likely misstatements is in accounting estimates. When the client records depreciation expense at $ 25,000, but the auditor determines that a more reasonable range for this estimate should be $28,000 to $30,000, the likely misstatement is $3,000 ($28,000-$25,000) which is the difference between the recorded amount and the closest amount in the reasonable range calculated by the auditor. OBSERVATION SAS 107 seems to place more responsibility on the auditor to critically evaluate what have been thought of as “soft differences.” In the past, these misstatements were often given slight consideration, and dismissed as acceptable differences in judgment, or in the case of sampling differences as abstract statistics that the auditor “can’t really prove.” Implicit in this philosophical shift is a perception that auditors, in the past, might have allowed significant misstatements to pass without comment, simply for lack of giving them full consideration. SAS 107 aims to plug this gap by requiring that “likely misstatements” be considered both individually and in the aggregate, and qualitatively as well as quantitatively. Top_Aud_08_book.indb 35 8/30/2007 3:14:45 PM 36 TOP AUDITING ISSUES FOR 2008 CPE COURSE Misstatements may consist of: Inaccuracies in gathering or processing the data from which the statements are prepared. Differences between recorded amounts, classifications, or presentations and those that should reported under GAAP. Omissions of: Financial statement elements, accounts or items. Information required to be disclosed under GAAP. Disclosures that are not prepared in conformity with GAAP. Incorrect accounting estimates arising from oversight or misinterpretation of facts. Judgments by management in the selection or application of accounting policies or in accounting estimates that the auditor may consider inappropriate or unreasonable. Causes of misstatements. Misstatements arise either unintentionally, that is, by error, or intentionally by fraud. Misstatements caused by fraud come in two categories: fraudulent financial reporting and misappropriation of assets. These are discussed in detail in SAS 99, Consideration of Fraud in a Financial Statement Audit: Qualitative Aspects of Materiality SAS 107 discusses both quantitative and qualitative aspects of materiality. Some misstatements are more important than others, regardless of their amount. One of the most important qualitative aspects to be considered is the possibility of fraud. When an auditor uncovers evidence that suggests fraud, the implications for the integrity of management or employees and effects on other aspects of the audit should be considered regardless of the quantitative materiality of the misstatement. This often implies that further audit procedures will need to be performed. Other qualitative aspects of misstatements that can make them material even though they do not meet the quantitative threshold are those that cause a change in a key measure within the financial statements, such as small misstatement that changes net income to a net loss, or that changes a key ratio such that the client is in violation of a loan covenant. While auditors have no responsibility to design or perform audits to detect immaterial misstatements, they do have a responsibility to evaluate detected misstatements for qualitative as well as quantitative aspects. Qualitative aspects of materiality cannot be evaluated until a misstatement is detected. This is because of the wide range of possible qualitative implications for any misstatement, depending not only upon the misstatement itself, but upon circumstances and user perceptions. For this reason, while auditors always consider the qualitative aspects of detected misstatements, it is not usually feasible to design procedures specifically to detect misstatements that are qualitatively material. Top_Aud_08_book.indb 36 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 37 Methods of Determining Materiality Like previous Standards, SAS 107 avoids prescribing any particular formula or method for determining materiality. It discusses the quantitative determination as a process that usually involves applying a percentage to a chosen benchmark within the financial statements. It offers as examples of benchmarks: Total revenues. Gross profit. Pre-tax profit from continuing operations. Net assets. Selection of an appropriate benchmark or percentage involves a great degree of professional judgment, taking into account such factors as: The elements of the particular financial statements, and the financial statement measures defined in GAAP. Particular financial statement items that may be the focus of users’ interest. The client’s industry and environment. The client’s size, nature of ownership and the way it is financed. EXAMPLES In most profit-making businesses, some measure related to revenue is usually an appropriate benchmark for the materiality determination, because users of the financial statements are most concerned with revenue and profitability. However, an auditor of a company that is running near breakeven or at a loss would not usually choose a measure like pre-tax profit for the materiality benchmark because it would create an artificially low materiality level. This would cause an inefficient audit because audit tests would be scoped at a very low dollar amount and therefore would likely take in many more test items than necessary. A more appropriate benchmark in this case might be gross revenues or total assets. In privately-held corporations, it is common practice for owners to draw out significant amounts of profit in salary. Using pre-tax profit as a materiality benchmark would, in this case, create the same problems as in a break-even corporation. In this case, it might be better to add owners’ compensation back to the pre-tax profit to arrive at a benchmark. Some businesses are in volatile industries or economic environments, and may routinely experience marked swings in profitability. Using a benchmark based on current year’s profits may lead to a materiality level that is either so low as to create an inefficient audit, or so high that it fails to reduce the auditor’s detection risk to an acceptably low level, and thus renders the audit ineffective. In this case, an auditor might decide that a benchmark based upon an average profit over several years is more representative of the client’s true activity levels. Top_Aud_08_book.indb 37 8/30/2007 3:14:45 PM 38 TOP AUDITING ISSUES FOR 2008 CPE COURSE Some business entities, such as real estate investment companies or mutual funds are more concerned with total assets or net assets than with revenue. An asset-based materiality benchmark may work better for these businesses. In non-business entities, such as governments or nonprofit organizations, generating a profit is not the entity’s objective. Auditors of these types of entities often choose gross revenues or total assets as a benchmark. Materiality for the Financial Statements as a Whole Materiality for the financial statements as a whole is the maximum amount that the financial statements could be misstated and still fairly present the overall financial statements. The auditor’s estimate of materiality requires professional judgment, based on the understanding of the client’s business and the specific circumstances of the engagement. When establishing the overall audit strategy, the auditor should determine materiality for the financial statements taken as a whole. OBSERVATION The subjectivity that surrounds materiality determination has led some to draw parallels between it and pornography: It is impossible to codify a definition or standard that covers all possible circumstances. Well-intentioned people may have widely differing opinions of what it is or is not in any particular circumstance. Individuals immediately recognize what it is or is not according to their own standards in any particular circumstance. This observation is not offered gratuitously. As a part of the Risk Assessment Standards’ general philosophical thrust, SAS 107 attempts to carve out distinctions between the responsibilities of auditors and financial statement users. One point, discussed earlier in this Course, is that users need to understand that financial statements are prepared and audited to levels of materiality. The author has found that this comparison, however frivolous it may initially sound, often helps de-mystify the concept of materiality for non-accountants. Common misconceptions. One prevalent misconception under SAS 47 has been that establishing a materiality level in the planning stages of the audit sets a threshold below which misstatements are always considered to be immaterial. This is was not the case under that previous Standard and is not the case under SAS 107. As discussed in “Qualitative Aspects of Materiality” Top_Aud_08_book.indb 38 8/30/2007 3:14:45 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 39 above, some identified misstatements may be deemed to be material even when they are below established thresholds. Another common misconception under SAS 47 was that once an auditor sets materiality levels in the planning phase, they must be used in evaluating the audit results at the end of the engagement. This was not true under SAS 47 and is not true under SAS 107. Because auditing is a process of discovery, an auditor’s judgment about what is material may well change in light of unanticipated circumstances between the planning and final stages of an engagement. If a lower level of materiality than that envisioned in audit planning is deemed appropriate by the end of the audit, the auditor should reconsider the related levels of tolerable misstatement and the adequacy of the nature, timing and extent of the audit procedures performed. Tolerable Misstatement Tolerable misstatement (sometimes called tolerable error) is the maximum monetary misstatement the auditor can accept at the account balance or class of transactions level without causing the financial statements to be materially misstated. Tolerable misstatement is the next level of materiality below the financial-statement-as-a-whole level. The underlying theory is that misstatements less than the materiality amount determined at the financial statement level could possibly exist, and could lead, in the aggregate to material misstatement at the financial statement level. For this reason, auditors set one or more levels of tolerable misstatement, lower than the materiality level for the statements as a whole. Many auditors calculate these as percentages of materiality, and may apply different percentages for significant classes of transactions, account balances, disclosures or other components of financial statements. The objective of “fragmenting” the overall materiality amount is to set the precision levels for the significant financial statement components low enough that the risk that the total of undetected misstatements, detected misstatements, and judgmental differences from all audit areas will exceed materiality is acceptably low. EXAMPLE An auditor may set materiality for the financial statements as a whole at $100,000. Seeing that sales and costs of sales are the largest items in the statements, and considering them to be at a relatively high risk of misstatement, the auditor might set tolerable misstatement for these transaction classes at $25,000, based upon his or her judgment about the level of risk and possible nature of misstatements. Tolerable misstatement for other significant financial statement areas might be set at different levels. Top_Aud_08_book.indb 39 8/30/2007 3:14:46 PM 40 TOP AUDITING ISSUES FOR 2008 CPE COURSE Materiality for Other Lesser Amounts Auditors should also consider whether misstatements of particular items of lesser amounts than the materiality level determined for the financial statements as a whole could reasonably be expected to influence users’ decisions about the financial statements. These amounts represent lower materiality levels to be considered in relation to those particular items. The views of management or those charged with governance may be taken into account in making this determination. Other factors to consider include: Accounting Standards, laws and regulations, and the effect they might have on users’ expectations about the measurement or disclosure of particular items. SAS 107 cites related party transactions and management compensation as examples. Key industry-related disclosures, such as research and development costs for a pharmaceutical company. Whether the financial performance of a particular segment of the business, such as a subsidiary or division that is separately disclosed, is of special concern to users. STUDY QUESTIONS 8. SAS 107 makes all of the following assumptions relating to financial statement users except: a. Financial statement users are willing to study the statements with appropriate diligence. b. They have appropriate knowledge of business and economic activities and accounting. c. The individual needs of all financial statement users have been considered by the auditor. d. Financial statement users recognize that there are uncertainties inherent in the accounting estimates and judgments used in preparing the financial statements. 9. The materiality levels that the auditor sets in the planning phase of the audit must also be used in evaluating the audit results. True or False? 10. Which of the following benchmarks would likely be the most appropriate to use in determining materiality for a consistently profitable, closely-held corporation in which the owners draw out substantial amounts of compensation? a. b. c. d. Top_Aud_08_book.indb 40 Pre-tax income before owners’ compensation. Pre-tax income. Average net income over the past three years. Total assets. 8/30/2007 3:14:46 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 41 COMMUNICATING MISSTATEMENTS TO MANAGEMENT SAS 107 places increased emphasis on auditor-client communication about misstatements. The best way to understand this emphasis is to look at the list of requirements that it imposes. Auditors have an unconditional requirement under SAS 107 to communicate all known and likely misstatements to the appropriate level of management, other than those that are trivial. While this requirement is not new, it adds emphasis to the concept of communicating likely as well as known misstatements. This Standard also imposes a host of presumptively mandatory requirements which, when taken together, signify the importance that the Auditing Standards Board places on auditor-client communication. Communication should take place on a timely basis. This communication should distinguish between known and likely misstatements. The auditor should request that management correct all known misstatements, including the effects of prior period misstatements. The auditor should request that management examine a class of transactions, balance or disclosure to identify misstatement when the audit identifies material likely misstatements from a sample. The auditor should request that management reevaluate the assumptions and methods used in developing an accounting estimate when the audit identifies a likely misstatement involving estimates. Once management has examined transaction classes, balances or disclosure, and challenged the assumptions and methods used in developing estimates, as required in the two previous points, the auditor should reevaluate the amount of likely misstatement and, if necessary, perform further audit procedures. The auditor should obtain an understanding of management’s reasons for not correcting known and likely misstatements, and should take that understanding into account when considering the qualitative aspects of the client’s accounting practices, and the implications for his or her report. Top_Aud_08_book.indb 41 8/30/2007 3:14:46 PM 42 TOP AUDITING ISSUES FOR 2008 CPE COURSE OBSERVATION SAS 107 places emphasis on more comprehensive and in-depth communication between the auditor and management on the subject of misstatements. Part of the reason for this is to educate or inform clients more thoroughly, so that they can take responsibility for the misstatements, and for correcting them. Note, for example, that the Standard requires the auditor to request management to examine and reevaluate, rather than simply to calculate an audit adjustment and give it to the client. Clearly, under the new Standard, it would not be acceptable, except perhaps in audits of very small entities with very few adjustments, to do nothing more about misstatements than to hand the client a sheet of adjusting entries at the end of the audit. This fosters the notion that it is the auditor, and not the client who “owns” the adjustments, which is contrary to the philosophical direction that the Risk Assessment Standards as a whole are taking. STUDY QUESTION 11. SAS 107 requires auditors to communicate only “hard differences” or known misstatements to management. True or False? EVALUATING AUDIT FINDINGS Audit findings are evaluated at the level of individual findings, adjustments and differences, which generally takes place at the “workpaper” level, and at the level of the financial statements taken as a whole. Evaluating Audit Findings, Adjustments, and Differences Evaluating the findings of the audit procedures and documenting conclusions are important aspects of the audit process. A major step in this process is summarizing the misstatements and judgmental differences uncovered in the audit. Misstatements should be summarized in a way that enables the auditor to consider their effects on individual amounts, subtotals, or totals in the statements, in order to help the auditor consider whether their effects, either individually or in the aggregate, materially misstate the financial statements. This is a two-step process. Before considering the misstatements in the aggregate, the auditor considers them individually to evaluate: Their effect on individual balances, transaction classes or disclosures. Whether it is appropriate to offset misstatements. The effects of prior period uncorrected misstatements. Top_Aud_08_book.indb 42 8/30/2007 3:14:46 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 43 OBSERVATION Considering the effects of prior period misstatements is important because they can affect current period income or can accumulate on the balance sheet over time. There are three acceptable methods of doing this for nonSEC issuer clients: Considering the effect of all current and prior period misstatements that flow through the current period’s income statement. Considering the cumulative effect on the ending balance sheet. Applying both approaches and recording adjustments if either indicates the need to do so. Auditors of SEC issuers should be aware, however, that the SEC requires the use of the third method. During evaluation, the auditor’s judgment about whether misstatements are material may be influenced by two factors. Types of misstatements. Misstatements can result from errors or fraud and may consist of differences in amounts, classifications or presentation, omissions, improper estimates or accounting policies, or inaccurate data. Auditors should consider not only the nature and amounts of the misstatements corrected by management but also the uncorrected misstatements and misstatements in accounting estimates. SAS 107 cautions auditors to be alert for patterns in the types of misstatements discovered and the circumstances of their occurrence, and to consider whether other material misstatements might exist. Material misstatements do not usually occur in a vacuum, and auditors should avoid drawing facile conclusions that detected misstatements are isolated occurrences. Qualitative characteristics. The auditor should not rely exclusively on quantitative benchmarks to determine whether an item is material. A numerical threshold may provide the basis for a preliminary assumption that an amount is unlikely to be material; however, it is not a substitute for a full analysis. Certain misstatements may have significance even though the dollar amount may not be as large as the auditor typically would assume to be material. Therefore, the nature of the misstatement will help the auditor determine the potential for additional misstatements of a similar type and the need for changes in audit procedures. Some of these qualitative factors may include errors versus fraud, considerations of contractual obligations, and effects on earnings trends. An illegal payment of an otherwise immaterial amount may take on significance if there is a reasonable possibility that it Top_Aud_08_book.indb 43 8/30/2007 3:14:46 PM 44 TOP AUDITING ISSUES FOR 2008 CPE COURSE could lead to a material contingent liability or loss of revenue. It also may have implications for management’s integrity. The sheer volume of qualitative considerations that SAS 107 lists, 16 in all, is a clear indication that they are important in evaluating audit findings. Those factors are: 1. The potential effect of a misstatement on trends such as profitability. 2. A misstatement that changes a net income to a net loss or vice versa. 3. The potential effect of the misstatement on contractual compliance, such as loan covenants, or regulatory provisions. 4. Regulatory or statutory reporting requirements that affect materiality thresholds. 5. A misstatement that masks a change in important trends such as earnings, especially in the context of industry or general economic conditions. 6. A misstatement that affects management’s compensation, such as bonuses. 7. Misstatements involving sensitive circumstances such as fraud or illegal acts, violations of contracts or conflicts of interest. 8. The significance of the financial statement element that is misstated. 9. The effects of misclassifications, such as between operating and nonoperating income, or current and non-current assets or liabilities. 10. The significance of the misstatement to a reasonable user, such as earnings to an investor or equity to a creditor. 11. The definitive character of the misstatement, such as an error that is objectively determinable versus a misstatement that involves uncertainty or subjective judgment. 12. Management’s motivations with respect to misstatements, such as a pattern of bias, unwillingness to correct weaknesses in the accounting process or intentional decisions not to follow GAAP. 13. The existence of material, but different, offsetting misstatements. 14. The likelihood of a currently immaterial misstatement becoming material over time through cumulative effects, such as deferred rent over several periods. 15. The cost-benefit considerations in making the correction. 16. The risk that further undetected misstatements exist that might influence the auditor’s evaluation. Top_Aud_08_book.indb 44 8/30/2007 3:14:46 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 45 As noted earlier in this Course, judgment about materiality for planning purposes may differ from the judgment used in evaluating the audit findings. As the audit progresses, the auditor may find it necessary to reconsider the levels of materiality initially established to set the overall scope of the audit. This may be particularly important when significant misstatements are discovered. Evaluating the Financial Statements as a Whole SAS 107 requires the auditor to evaluate whether the financial statements as a whole are free of material misstatement. This involves both quantitative and qualitative considerations and requires the use of professional judgment. As the aggregate effect of uncorrected misstatements approaches materiality, the auditor should consider whether further undetected misstatements exist. If this risk is unacceptably high, the auditor should perform additional procedures to support the audit opinion or should satisfy himself or herself that the entity has adjusted the financial statements to reduce audit risk to an appropriately low level. If the auditor believes that the financial statements taken as a whole are materially misstated, the auditor should request that management make the necessary corrections. If management refuses to make the corrections, the auditor must determine the implications for the auditor’s report. STUDY QUESTIONS 12. Which of the following statements best applies, under SAS 107, to the auditor’s consideration of the effects of prior period misstatements in audits of non-SEC issuers? a. Auditors must consider the effect of all current and prior period misstatements that flow through the current period’s income statement. b. Auditors consider primarily the cumulative effect on the ending balance sheet. c. Auditors must consider both the income statement and ending balance sheet effects of prior period misstatements. d. Auditors may consider either the income statement or the ending balance sheet effects of prior period misstatements, or may take both into account. Top_Aud_08_book.indb 45 8/30/2007 3:14:46 PM 46 TOP AUDITING ISSUES FOR 2008 CPE COURSE 13. Which of the following statements best applies, under SAS 107, to the auditor’s consideration of the qualitative characteristics of misstatements? a. Auditors may rely solely on quantitative benchmarks to assess whether an item is material. b. Certain misstatements may have significance even though they do not exceed quantitative thresholds for materiality. c. The likelihood of a currently immaterial misstatement becoming material to future periods through cumulative effects should not be considered. d. A misclassification between current and non-current assets is not a qualitatively significant misstatement. DOCUMENTATION The performance requirements of SAS 107 carry with them both explicit and implicit documentation requirements. These requirements have significant implications both for audit efficiency and for systems of quality control for audit engagements. Materiality and Tolerable Misstatement Auditors should document the levels of materiality and tolerable misstatement used in the audit, the basis on which these levels were determined, and any changes that they make to them during the audit. Simply recording numbers for materiality and tolerable misstatement does not meet this requirement because it does not show the basis for determining those numbers. As a practical matter, many firms will find that the easiest way to satisfy this requirement is to use structured audit practice aids such as those offered by CCH or by other reputable publishers. Summary of Uncorrected Misstatements Auditors should summarize uncorrected misstatements, other than those that are trivial. This summary should facilitate: Separate consideration of the effects of known and likely misstatements, including uncorrected misstatements from prior periods. Consideration of the aggregate effects of misstatements. Consideration of qualitative aspects of misstatements that are relevant to the consideration of whether they are material. The documentation should contain a conclusion as to whether the uncorrected misstatements are material individually or in the aggregate, and a basis for that conclusion. Top_Aud_08_book.indb 46 8/30/2007 3:14:46 PM MODULE 1 — CHAPTER 2 — Audit Risk and Materiality in Conducting an Audit 47 The summary of uncorrected misstatements is also important as a client communication device. Auditors are required to obtain management’s written representation that uncorrected misstatements are immaterial individually and in the aggregate. Auditors are also required to communicate these items to those charged with governance. Many find that attaching this summary from the audit workpapers, and referencing it in the management representation letter or the written communication to those charged with governance, is an efficient way to communicate these items. OBSERVATION A likely effect of this new emphasis on uncorrected misstatements is that auditors, particularly when working with smaller entities, may be “passing” fewer adjustments, and urging clients to correct all known misstatements other than trivial ones. Known and Likely Misstatements Audit documentation should record all known and likely misstatements identified by the auditor that have been corrected by management, other than those considered to be trivial. SAS 107 introduces of the concept of “trivial” misstatements both in the context of corrected and uncorrected misstatements. This implies documentation requirements that are not explicitly stated. This suggests that a threshold for triviality should be documented, and that a basis for that determination should be stated. Some auditors set this threshold with reference to their planning materiality documentation, usually by stating some percentage of tolerable misstatement below which misstatements need not be aggregated. OBSERVATION Some documentation requirements, such as documenting levels of materiality and tolerable misstatement, are “fixed costs” in the sense that it takes an audit firm about the same amount of time to fill out its materiality worksheet no matter the size of the client. Like all fixed costs, they weigh the heaviest at the lowest levels of activity. This poses a challenge for all auditors, but especially those of smaller entities, to become more efficient in producing audit documentation. To meet this challenge, many are finding that their quality control systems need to move toward two goals: Increased standardization, often in the form of More reliance on published practice aids. Standardized indexing and workpaper set-up. Top_Aud_08_book.indb 47 8/30/2007 3:14:46 PM 48 TOP AUDITING ISSUES FOR 2008 CPE COURSE Increased use of electronic aids and documentation, which may for example, Automatically link specific accounts workpapers to adjusted trial balances to financial statements. Facilitate the standardization of documentation and production of repetitive types of documents. STUDY QUESTIONS 14. Which of the following statements best applies to the documentation requirements of SAS 107? a. Auditors should document the basis on which materiality was determined. b. Auditors should not document materiality at levels below the financial statements taken as a whole. c. Auditors should avoid documenting changes made to materiality levels during the audit. d. Audit documentation may exclude uncorrected misstatements from prior periods. 15. According to SAS 107, the summary of uncorrected misstatements should: a. Include consideration only of known misstatements. b. Exclude separate consideration of known and likely misstatements. c. Include consideration of their aggregate effects. d. Exclude a conclusion as to their materiality. Top_Aud_08_book.indb 48 8/30/2007 3:14:46 PM 49 MODULE 1 — CHAPTER 3 Planning and Supervision LEARNING OBJECTIVES At the conclusion of this chapter, the reader should: Understand the requirements of SAS 108 for planning an audit. Understand the requirements of SAS 108 for supervising an audit. Be able to properly execute and document the planning and supervision of an audit. INTRODUCTION Statement on Auditing Standards No.108, Planning and Supervision, (SAS 108) supersedes SAS 22 of the same title, and “Appointment of the Independent Auditor” of SAS 1. The guidance included in these Standards has been combined into SAS 108. This Statement is primarily a codification of existing best practices. It changes little in terms of the actual conduct of audit engagements. Like many of the provisions of the Risk Assessment Standards, it takes existing practices that were intuitive or at least informal, and gives them conceptual structure. This Statement is effective for audits of financial statements with periods beginning on or after December 15, 2006. Thus, for full-year audits, December 31, 2007 year ends will be the first round of audits in which application is required. Earlier implementation is permitted. UNCONDITIONAL AND PRESUMPTIVELY MANDATORY REQUIREMENTS SAS 108’s requirements are summarized below, for convenience, to segregate them out into one place in the same order that they are presented within the original text of SAS 108, to highlight their importance, and to assist readers in focusing on their application in practice. For clarity and purposes of analysis, this Course gr oups them into four unconditional requirements and 18 presumptively mandatory requirements. Some of these are groupings of related requirements. Discussion of each appears throughout the text under various headings in topical format, rather than in the order that they appear in the original pronouncement. Unconditional Requirements These requirements are identified in the Standards by the word “must,” and are required to be performed in all circumstances where they are applicable. Top_Aud_08_book.indb 49 8/30/2007 3:14:46 PM 50 TOP AUDITING ISSUES FOR 2008 CPE COURSE SAS 108 states that the auditor must: 1. Adequately plan the audit. 2. Properly supervise any assistants. 3. Plan the audit so that it is responsive to the assessment of the risk of material misstatement, based on the auditor’s understanding of the client and its environment, including its internal control. 4. Develop an audit plan which documents the audit procedures that are expected to reduce audit risk to an acceptably low level. Presumptively Mandatory Requirements These requirements are identified in the Standards by the words “should” or “should consider.” They are required to be performed in all applicable circumstances unless the auditor can justify in the audit documentation a reason for not doing so, and demonstrate how other audit procedures have met their objectives. They state that the auditor should: 1. When accepting an audit engagement at or near the close of the fiscal year: a. Ascertain whether circumstances are likely to permit an adequate audit and the expression of an unqualified opinion. b. If an unqualified opinion is not likely, then discuss with the client the possibility of a qualified opinion or disclaimer. 2. Evaluate, as the successor in a change of auditors, certain communications. 3. Establish and document in a written engagement letter an understanding with the client for each engagement, which should include: a. The objectives of the engagement. b. Management’s responsibilities. c. The auditor’s responsibilities. d. The limitations of the engagement. 4. Perform procedures on both client continuance and the auditor’s ethical requirements, including independence, before performing other significant audit activities. 5. In establishing the overall audit strategy: a. Determine the characteristics of the engagement that define its scope, such as basis of reporting, industry reporting requirements, and locations. b. Ascertain reporting objectives such as deadlines. Top_Aud_08_book.indb 50 8/30/2007 3:14:46 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 51 c. Consider factors that will focus the audit effort, such as materiality, areas of high risk, the need to test internal control, and industryspecific requirements. d. Consider the results of preliminary engagement activities and experience gained on other engagements with the client. 6. Update and document specific revisions to the audit strategy to respond to changes in circumstances. 7. Include in the audit plan descriptions of: a. The nature, timing and extent of planned risk assessment procedures. b. The nature, timing and extent of planned further audit procedures at the relevant assertion level for each material account balance, transaction class or disclosure. c. Other audit procedures to be performed, for example, direct communication with the organization’s legal counsel. 8. Document changes to the original audit plan. 9. Consider whether specialized skills are needed to perform the audit and, if so: a. Seek assistance from a professional with those skills. b. Determine whether that professional will function effectively as a part of the audit team. c. Have sufficient knowledge to communicate the objectives and evaluate the results of the specialist’s work. d. Consider a number of specific factors relative to the need to engage an information technology (IT) specialist. 10. Take care not to compromise the effectiveness of the audit in discussing the audit strategy or plan with those charged with governance, such as by disclosing details about the nature, timing or extent of planned audit procedures. 11. Before starting an initial audit, perform certain client and engagement acceptance procedures, and communicate with the predecessor auditor, if there has been a change. 12. Consider a number of specific factors in planning an initial audit. 13. Communicate to audit team members the susceptibility of the financial statements to material misstatement due to fraud or error. 14. Emphasize to audit team members the need for professional skepticism and a questioning mind. Top_Aud_08_book.indb 51 8/30/2007 3:14:47 PM 52 TOP AUDITING ISSUES FOR 2008 CPE COURSE 15. Inform assistants about: a. Their responsibilities. b. The objectives of the audit procedures they are to perform. c. Matters that may affect the nature, extent and timing of the audit procedures they are to perform. 16. Direct assistants to: a. Bring significant accounting or auditing issues to the engagement partner’s attention. b. Bring difficulties encountered in performing the audit to the attention of appropriate individuals in the firm. 17. Review the work performed by each assistant to determine that it was adequately performed and documented and to evaluate its results. 18. Be aware of the firm’s procedures for addressing differences of professional opinion among the audit team, including documenting those disagreements and their resolution. STUDY QUESTIONS 1. One of SAS 108’s unconditional requirements is that the auditor must: a. Update and document specific revisions to the audit strategy to respond to changes in circumstances. b. Review the work performed by each assistant to determine that it was adequately performed and documented and to evaluate its results. c. Develop an audit plan which documents the audit procedures that are expected to reduce audit risk to an acceptably low level. d. Consider whether specialized skills are needed to perform the audit 2. SAS 108 contains a presumptively mandatory requirement stating that the auditor should: a. Properly supervise any assistants. b. Plan the audit so that it is responsive to the assessment of the risk of material misstatement, based on the auditor’s understanding of the client and its environment, including its internal control. c. Establish and document in a written engagement letter an understanding with the client for each audit. d. Refrain from accepting an audit engagement at or near the close of the fiscal year. Top_Aud_08_book.indb 52 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 53 PLANNING SAS 108 places significant importance on audit planning, such that all four of its unconditional requirements apply to this function. Audit planning entails developing an overall audit strategy for the engagement. Audit strategies will vary according to the client’s size and complexity, and the auditor’s experience and understanding of the client and its environment, including its internal control. The auditor with final responsibility for the audit (hereinafter referred to as the “audit partner”) may delegate portions of the planning process to other firm personnel. Planning is an ongoing process throughout the engagement. Because auditing is a process of discovery, it is not always possible to anticipate a full range of appropriate audit procedures. Therefore, the audit strategy, and the more detailed audit plan should change to respond to changed circumstances in the audit. Appointment of the Independent Auditor SAS 108 requires the auditor to obtain an understanding of the client, its environment, and its internal control in connection with planning the audit. However, before accepting an audit engagement the auditor should: Determine whether circumstances are likely to allow an adequate audit and the expression of an unqualified opinion on the financial statements, and If not, discuss with the client that it might be necessary to issue a qualified opinion or a disclaimer on the financial statements. SAS 108 voices a strong preference for early appointment of the auditor, because it allows for audit planning before the balance sheet date. This creates a wider range of possibilities for the nature, timing and extent of audit procedures. SAS 84, Communication Between Predecessor and Successor Auditors, describes communications that a successor auditor should evaluate before accepting a new audit. Establishing an Understanding with the Client SAS 108 requires the auditor to establish a written understanding with the client regarding the services to be performed. It lists four required elements for an engagement letter, and numerous others that are either “generally included” or that “may also be included.” Required elements. The four presumptively mandatory elements of an audit engagement letter are: The objectives of the engagement. Management’s responsibilities. The auditor’s responsibilities. Limitations of the engagement. Top_Aud_08_book.indb 53 8/30/2007 3:14:47 PM 54 TOP AUDITING ISSUES FOR 2008 CPE COURSE SAS 108 notes that the objectives of some engagements may differ, and that the understandings for these engagements should reflect the effects of those objectives on the responsibilities of both management and the auditor, and on the limitations of the engagement. EXAMPLE SAS 108 cites as examples of engagements with differing objectives: Audits of recipients of governmental financial assistance. Application of agreed upon procedures to specified elements, accounts or items of a financial statement. Engagements to examine the effectiveness of internal control over financial reporting. OBSERVATION SAS 108 does not indicate a specific person with whom the auditor is required to establish an understanding. Generally, it is best to have one or two members of senior management sign the engagement letter to confirm that an understanding has been established. If there is reason to believe that an understanding has not been established, the auditor should decline to accept or to perform the engagement. The following elements are not required content, but they may reduce the risk that either the client or the auditor might misinterpret the other’s needs or expectations in the audit. Consistent with one of the Risk Assessment Standards’ general philosophical objectives, they also help to define a brighter line between client responsibility and auditor responsibility. Management is responsible for: The financial statements and the selection and application of accounting policies. Establishing and maintaining effective internal control over financial reporting. Designing and implementing programs and controls to prevent and detect fraud. Identifying and assuring compliance with applicable laws and regulations. Making all financial records and related information available to the auditor. Providing a written representation letter at the end of the audit. Adjusting the financial statements to correct material misstatements. Affirming in the representation letter that uncorrected misstatements are immaterial. Generally included elements. Top_Aud_08_book.indb 54 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 55 The auditor is responsible for: Expressing an opinion on the financial statements. Conducting the audit in accordance with generally accepted auditing standards (GAAS), including the facts that: Those standards require that the auditor obtain reasonable but not absolute assurance about whether the statements are free of material misstatement due either to fraud or error. Material misstatements may remain undetected. The audit is not designed to detect immaterial errors or fraud, or to detect significant deficiencies in internal control or to provide assurance on internal control. The auditor may decline to express an opinion or issue a report if for any reason the audit cannot be concluded or an opinion formed. Obtaining an understanding of the client and its environment sufficient to assess the risk of material misstatement and plan the audit. Communicating significant deficiencies in internal control to those charged with governance. Other elements. In addition to the required and “generally included” element, the understanding with the client also may include, among other matters: The overall audit strategy. The involvement of specialists, internal auditors or a predecessor auditor. Fee and billing arrangements. Limitations on liability or indemnification for liability arising from knowing misrepresentations by management. Conditions under which others may be allowed access to audit documentation. Additional services related to regulatory requirements. Additional services such as non-attest services for accounting assistance or tax preparation, subject to the limitations of Ethics Interpretation No. 101-3, “Performance of Nonattest Services.” OBSERVATION The placement of the “fees and billing” provision within this hierarchy seems odd. The author cannot imagine an engagement letter in which fees and billing arrangements (or the lack of fees or billings, in the case of pro bono services) is not discussed. One would think that a misunderstanding about fees and billings would be as fatal to the engagement as would misunderstandings about many of the other matters that SAS 108 delineates. Top_Aud_08_book.indb 55 8/30/2007 3:14:47 PM 56 TOP AUDITING ISSUES FOR 2008 CPE COURSE OBSERVATION Many auditors include a provision about record retention in their engagement letters, stating the firm’s policy as to the retention period (which is usually either the five years specified by SAS 103, or a longer period if required by statute or regulation) and its policy for the disposition of the audit documentation after the expiration of the retention period. STUDY QUESTION 3. The audit engagement letter, according to SAS 108, generally includes which of the following elements as a responsibility of the auditor? a. Communicating significant deficiencies in internal control to those charged with governance. b. Adjusting the financial statements to correct material misstatements. c. Establishing and maintaining effective internal control over financial reporting. d. Designing and implementing programs and controls to prevent and detect fraud. Preliminary Engagement Activities At the beginning of the audit engagement, the auditor should perform procedures relating to the continuance of the client relationship and the specific audit engagement, and should evaluate the auditor’s compliance with ethical requirements. These procedures include consideration of: Independence. Management integrity. Whether an understanding about the terms of the engagement has been reached. Ordinarily these initial procedures should be performed before other significant audit activities. As conditions and circumstances change during the course of the audit, the auditor should continue to consider the client continuance and ethical requirements. Overall Audit Strategy and the Audit Plan The overall audit strategy is the broad approach regarding how the audit will be conducted. The audit plan is a more detailed map that describes the nature, timing, and extent of audit procedures to be performed. The overall audit strategy and developing the audit plan are not necessarily separate activities. Changes in one may result in changes to the other. Top_Aud_08_book.indb 56 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 57 OBSERVATION Overall audit strategy and audit plan are new terms in professional literature. Previous Standards referred to them as the audit approach and the audit program. Their meaning is unchanged. Overall audit strategy. Developing an audit strategy helps the auditor determine audit staffing, including the timing and management of audit activities. In connection with establishing the overall audit strategy for the audit, SAS 108 requires the auditor to address: Characteristics of the engagement, including: The basis of reporting. Industry-specific reporting requirements. Client locations. Reporting objectives of the engagement, including: Deadlines. Dates for expected communications with management and those charged with governance. Significant factors affecting the audit team’s efforts, including: Materiality levels. Audit areas with higher risks of material misstatement. Material locations. Material account balances. Evaluation of the planned extent of internal control tests, if any. Recent significant entity-specific, industry, financial reporting, or other relevant developments. Results of preliminary engagement activities, such as: Issues with management integrity. Ethical and independence requirements. Changes in circumstances that could require significant revisions to the overall audit strategy. OBSERVATION SAS 108 notes that small audits do not require a complex strategizing exercise or document, and states that a brief narrative memorandum is sufficient. The appendix to SAS 108 contains useful examples of matters that an auditor may consider in establishing an audit strategy, including those affecting the scope of the audit, reporting objectives, timing and communication. Top_Aud_08_book.indb 57 8/30/2007 3:14:47 PM 58 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTION 4. The overall audit strategy is the detailed map that describes the nature, timing, and extent of audit procedures to be performed. True or False? Audit plan. After establishing an audit strategy, the auditor is ready to develop a more detailed audit plan to address the matters identified in the audit strategy and to achieve audit objectives. SAS 108 requires the audit plan to include descriptions of: The nature, timing, and extent of planned risk assessment procedures sufficient to assess the risks of material misstatement, as discussed in SAS 109. The nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and disclosure, as discussed in SAS 110. The auditor should provide a clear linkage between the understanding of the entity, the risk assessments, and the design of further audit procedures. Other audit procedures to be performed to comply with GAAS, such as direct communication with the company’s attorney. The auditor should update and document any significant revisions to the original audit plan to respond to changes in circumstances. STUDY QUESTION 5. Which of the following statements best applies to SAS 108’s requirements for the audit plan? a. The original audit plan must not be altered or revised once it has been established. b. The audit plan should include a description of the nature, timing, and extent of planned risk assessment procedures. c. The audit plan should not discuss linkage between the understanding of the entity, the risk assessments, and the design of further audit procedures. d. The audit plan should include a description of the nature, timing, and extent of planned further audit procedures to be applied only at the level of the financial statements taken as a whole. Involvement of Specialists It may be necessary to consult a specialist in situations requiring specialized knowledge. Examples include using a diamond expert when evaluating the replacement cost of diamonds and an actuary for determining the appropriateness of the recorded value of insurance loss reserves. Top_Aud_08_book.indb 58 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 59 Specialists in general. The auditor should have a sufficient understanding of the client’s business to recognize the need for a specialist. Proper planning is necessary to make sure that a competent, and preferably an independent specialist is available when needed. SAS No. 73, Using the Work of a Specialist, establishes the requirements for selecting specialists and reviewing their work. SAS 108 requires the auditor to consider whether specialized skills are needed in performing the audit. If a specialist is to be used, the auditor should determine whether the specialist will effectively function as a member of the audit team. The auditor should supervise specialists that are part of the audit team consistently with the auditor’s responsibilities for supervising other audit assistants. In addition, in such circumstances, the auditor should: Have sufficient knowledge and understanding of the scope and objectives of the specialist’s work. Evaluate whether the specified audit procedures will meet the audit objectives. Evaluate the results of the audit procedures performed as they relate to the nature, timing, and extent of further planned audit procedures. Information technology specialists. A client’s use of information technology (IT) may affect any of the five components of internal control relevant to the achievement of the entity’s financial reporting, operations, or compliance objectives, and its operating units or business functions. The auditor should consider whether specialized skills are needed to determine the effect of IT on the audit, to understand the IT controls, or to design and perform tests of IT controls or substantive tests. Considerations in determining whether to engage an IT specialist include: The complexity of the client’s systems and IT controls and how they are used in the business. Whether changes are made to existing systems and the significance of such changes. Whether new systems have been implemented. The nature and extent of data shared among systems. The nature and extent of the client’s participation in electronic commerce. Whether the client uses emerging technologies. The significance of audit evidence that is available only in electronic form. Examples of audit procedures that might be assigned to an IT specialist include: Making inquiries about how data and transactions are initiated, authorized, recorded, processed and reported. Making inquiries about how IT controls are designed. Inspecting system documentation. Observing the operation of IT controls. Planning and performing tests of IT controls. Top_Aud_08_book.indb 59 8/30/2007 3:14:47 PM 60 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTION 6. The responsibility for supervision of specialists that are part of the audit team is consistent with the responsibility for supervising other audit assistants. True or False? Discussions with Management and Those Charged with Governance SAS 108 permits and encourages the auditor to discuss certain elements of audit planning with the client’s management and with those charged with governance. These discussions generally include the overall audit strategy, timeline for performing the audit and issuing the audit report, coordination of certain procedures (e.g., inventory observation) with the client’s personnel, and preparation of audit schedules by the client. While this communication facilitates the conduct of the audit, SAS 108 cautions the auditor to not divulge sensitive detailed audit procedures that might jeopardize audit effectiveness by making audit procedures too predictable. Additional Procedures for Initial Audits Because the auditor generally lacks any previous experience with the client, management, and those charged with governance, new audits require additional procedures. Before starting an initial audit SAS 108 requires the auditor to: Perform procedures regarding the acceptance of the client relationship and the specific audit engagement. Establish controls for deciding whether to accept a client relationship and perform a specific engagement, in order to: Minimize the likelihood of association with a client whose management lacks integrity. Provide reasonable assurance that the firm undertakes only those engagements that can be completed with professional competence. Assure that the auditor considers the risks associated with providing professional services in the particular circumstances. Communicate with the previous auditor, where applicable. In evaluating a potential client that has been audited previously, the predecessor auditor is a primary source of information about the client. SAS No. 84, Communications Between Predecessor and Successor Auditors, requires the successor auditor to communicate with the predecessor auditor. If the successor auditor cannot obtain required information from the predecessor auditor because of client restrictions, the successor auditor should consider the implications of such restrictions in evaluating whether to accept the engagement. Top_Aud_08_book.indb 60 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 61 In developing the overall audit strategy and audit plan for an initial audit, the auditor should consider additional matters including: Arrangements to be made with the predecessor auditor. Any major issues discussed with management or those charged with governance involving the initial selection as auditors and how these issues affect the overall audit strategy and audit plan. The planned procedures to obtain audit evidence regarding opening balances. The assignment of personnel possessing the appropriate characteristics and qualifications to enable them to perform competently and to successfully execute the engagement. Other procedures required by the firm’s quality control system for initial audit engagements. EXAMPLE Although not specifically dictated by SAS 108, the following are examples of audit procedures that the auditor typically performs for initial audit engagements: Prepare or obtain a summary of shareholders’ equity or proprietary accounts, from inception if practicable, with particular attention to prior reorganizations, revaluations of assets, issuance of stock for other than cash, and other unusual equity transactions. Establish the reasonableness of beginning balances for significant balance sheet accounts. For example, the auditor determines the basis of the property accounts (both book and tax) and examines evidence of title to at least the principal real estate. The auditor also determines the propriety of the classifications used, the reasonableness of the accumulated allowances for depreciation and amortization, and whether any significant amounts of properties are not used in operations. Determine the origin of other continuing accounts, such as intangibles and deferrals. Review income tax returns and revenue agents’ reports for several years to determine the adequacy of the recorded liability for taxes. Review the articles of incorporation or partnership agreements and related amendments. Review the minutes of meetings of shareholders and directors for prior years (e.g., the previous three years, and prior years, if it is considered necessary). Top_Aud_08_book.indb 61 8/30/2007 3:14:47 PM 62 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTION 7. Before starting an initial audit, SAS 108 requires the auditor to do all of the following except: a. Communicate with the previous auditor, where applicable. b. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement. c. Consider the implications of client restrictions on communication with the predecessor auditor. d. Inspect the predecessor auditor’s audit documentation. SUPERVISION Assigning the appropriate staff to the engagement and directing the efforts of assistants are important to meet GAAS and to promote audit efficiency. Supervision also involves reviewing the audit effort and related audit judgments made by assistants to determine whether they are appropriate. SAS 108 indicates that elements of supervision include: Instructing assistants. Staying abreast of significant issues encountered during the audit. Reviewing the work performed by assistants to determine that it is adequate and that the results are consistent with the conclusions to be presented in the auditor’s report. Dealing with differences of opinion among firm personnel. The timing and nature of supervision provided to assistants will vary greatly depending upon the assistants’ experience and training, and the characteristics of the engagement. Discussions and Communications with Assistants SAS 108 requires certain communications with assistants in every audit. The engagement partner should communicate to members of the audit team: The susceptibility of the entity’s financial statements to material misstatement due to error or fraud, with special emphasis on fraud. The need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence throughout the audit. The need to bring to the attention of the engagement partner accounting and auditing issues raised during the audit that the assistant believes are significant to the financial statements or auditor’s report. The need to bring to the attention of appropriate individuals in the firm difficulties encountered in performing the audit, for example: Missing documents. Limits on access to information sought by the audit team. Client refusal to respond to auditor inquiries, or similar clientimposed restrictions. Top_Aud_08_book.indb 62 8/30/2007 3:14:47 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 63 Their responsibilities and the objectives of audit procedures to be performed. Matters that may affect the nature, timing, and extent of audit procedures to be performed, such as the nature of the entity’s business and possible accounting and auditing issues. OBSERVATION Reviews of audit documentation and financial statements are indispensable supervisory procedures. It is difficult, however, to supervise effectively without the engagement partner’s involvement in all phases of the audit. This involvement keeps the audit team focused on the big picture and significant audit issues, helps avoid inefficient or ineffective auditing procedures, and compensates for overauditing or underauditing tendencies on the part of the assistants. Reviewing the Work of Assistants SAS 108 requires the work performed by each assistant, including the audit documentation, to be reviewed to determine whether it was adequately performed and documented and to evaluate the results relative to the conclusions that will be presented in the auditor’s report. SAS 108 provides only general guidance on this subject. Therefore, practices for reviewing engagements will vary depending on the size of the firm and the complexity of the engagement. The review of work performed by assistants is ordinarily conducted by the engagement partner. However, SAS 108 indicates that parts of the review may be delegated to other assistants. The primary objectives of the review are to determine whether: The audit has been appropriately planned. The scope of the audit is sufficient to support the auditor’s opinion on the financial statements. The audit has been conducted in accordance with firm and professional standards. Technical differences of opinion are addressed and documented in accordance with professional standards. The accounting and auditing issues have been evaluated properly and the financial statements meet accepted standards of presentation and disclosure. The firm’s audit report is appropriate. SAS No. 103, Audit Documentation (SAS 103) provides additional guidance on documenting the review of audit documentation. Top_Aud_08_book.indb 63 8/30/2007 3:14:47 PM 64 TOP AUDITING ISSUES FOR 2008 CPE COURSE OBSERVATION Supervisory auditors often ask whether they need to initial every workpaper in the file as evidence of their review. Neither SAS 108 nor SAS 103 make this specific requirement. However, the documentation should specify which workpapers were reviewed and by whom. There are many methods of doing this. The documentation might take the form of a narrative memorandum stating for example, that, the detail workpapers for assets were reviewed by senior auditor George Waterman, and the detail workpapers for liabilities and equity by senior auditor Annette Proffitt. Audit Manager Edward Forrest reviewed the lead sheets and adjustments for the balance sheet as a whole, including the documentation of a significant matter concerning inventory valuation. Another efficient method of documenting supervisory review would be a sign-off on the workpaper index, indicating which sections were reviewed by whom. STUDY QUESTIONS 8. Which of the following matters should the engagement partner communicate to audit assistants under the requirements of SAS 108? a. The assistant’s responsibility to bring to management’s attention accounting issues raised during the audit that the assistant believes are significant to the financial statements. b. The need to bring to the engagement partner’s attention client-imposed restrictions on access to information necessary to perform the audit. c. The need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence throughout the audit. d. The time budget for performing assigned audit procedures. 9. Which of the following statements best applies to the engagement partner’s responsibility for reviewing the work of audit assistants? a. The firm’s practice for reviewing engagements will vary depending on the size of the firm and the complexity of the engagement. b. The review of work performed by each assistant must be conducted by the engagement partner. c. Each workpaper in the audit documentation file should contain a sign-off indicating that it has been reviewed. d. Audit assistants should not review each other’s work. Top_Aud_08_book.indb 64 8/30/2007 3:14:48 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 65 Differences of Opinion During an audit, differences of opinion may occur regarding the significance or implications of accounting and auditing issues. These differences may surface during the course of the audit, including the supervision phase of the engagement. Each assistant has a professional responsibility to voice concerns about, and bring to the attention of appropriate individuals in the firm, any disagreements or concerns the assistant might have with respect to accounting and auditing issues he or she believes are significant to the financial statements or auditor’s report. Both the engagement partner and assistants should be aware of the procedures to be followed when such differences of opinion exist. SAS 108 specifically states that procedures should allow assistants to document their positions if they disagree with the way a particular accounting or auditing issue was resolved. When such differences of opinion remain and an assistant decides to disassociate from the resolution, SAS 108 requires that the basis for the final resolution be documented. Once this is done, an assistant who disagrees with the resolution of a particular accounting or auditing issue has met the requirements of professional standards and, therefore, has no further responsibility for related decisions made by supervisory personnel. The ability to dissociate is a key protection that professional standards provide for professionals who have unresolved differences of opinion. OBSERVATION In the wake of the well-publicized audit failures of the last decade, methods of handling differences of professional opinion within an audit team have come to the forefront as a serious concern from a personnel management as well as an engagement performance standpoint in an audit firm’s quality control system. In the past, some audit firms maintained an informal culture, often at odds with the formal statements in their quality control policies and procedures, that actively discouraged divergent opinions within an audit team, and even informally sanctioned dissenters. It is now more important than ever that firms maintain a positive “tone at the top,” which holds as honorable the expression of differences of professional opinion, and which protects those who express such differences from reprisal. Many firms, particularly larger ones, have gone so far as to establish special communication channels outside their normal “chains of command,” similar to some of the federal whistleblower hotlines, to enable audit assistants who believe that their differences of opinion have not been satisfactorily resolved to communicate their concerns directly to senior firm management. Top_Aud_08_book.indb 65 8/30/2007 3:14:48 PM 66 TOP AUDITING ISSUES FOR 2008 CPE COURSE STUDY QUESTION 10. All of the following statements apply to the resolution of differences of professional opinion under SAS 108 except: a. Audit firms should have procedures to allow assistants to document their positions if they disagree with the resolution of a particular accounting or auditing issue. b. Audit assistants have a professional responsibility to bring to the attention of appropriate individuals in the firm any disagreements or concerns they might have with respect to significant accounting and auditing issues. c. Assistants who dissent from the final resolution of disagreement continue to have professional responsibility for the related decisions made by supervisory personnel. d. Both the engagement partner and assistants should be aware of the procedures to be followed when differences of professional opinion exist in an audit. DOCUMENTATION REQUIREMENTS Unlike some of the other Risk Assessment Standards, SAS 108 does not gather all of its documentation requirements into a single section. For the sake of convenience and clarity those requirements, although discussed in individual detail earlier in this chapter, are summarized below. SAS 108 requires: A written engagement letter. Documentation of significant revisions to the overall audit strategy to respond to changes in circumstances. A written audit plan. Documentation of changes to the original audit plan. Documentation of significant disagreements among the audit team, if any, and their resolution. OBSERVATION Just because this Standard, or any other, does not state an explicit requirement that a particular procedure or matter be documented does not mean that documentation is not necessary. SAS 103, Audit Documentation, contains detailed requirements and guidance on this subject. One of its general presumptions is that audit documentation should “stand on its own.” This is to say that another experienced auditor, without previous involvement in the engagement, should be able to understand the audit methodology, procedures and conclusions by reading the audit documentation, without additional oral explanations. Top_Aud_08_book.indb 66 8/30/2007 3:14:48 PM MODULE 1 — CHAPTER 3 — Planning and Supervision 67 The implication of this is clear: that all matters necessary for a complete understanding of the engagement need to be presented in documentary form. As a result, audit documentation in the future will likely contain a great deal more narrative comments and memoranda. CPE NOTE: When you have completed your study and review of chapters 1-3, which comprise this Module, you may wish to take the Quizzer for the Module. For your convenience, you can also take this Quizzer online at www. cchtestingcenter.com. Top_Aud_08_book.indb 67 8/30/2007 3:14:48 PM 171 TOP AUDITING ISSUES FOR 2008 CPE COURSE Answers to Study Questions MODULE 1 — CHAPTER 1 1. c. Correct. SAS 106 imposes an unconditional requirement to perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. a. Incorrect. SAS 106 creates a presumptively mandatory, but not an unconditional requirement for the auditor to perform additional audit procedures to resolve significant inconsistencies in the information obtained. b. Incorrect. SAS 106 does not create an unconditional requirement for the auditor to perform tests of internal controls. It does, however create presumptively mandatory requirements to test internal control in two circumstances: when the risk assessment includes an expectation of their operating effectiveness, and when substantive procedures alone do not provide sufficient appropriate audit evidence. d. Incorrect. SAS 106 creates a presumptively mandatory, but not an unconditional requirement for the auditor to perform substantive procedures for all relevant assertions related to each significant class of transactions, account balance, and disclosure. There is no requirement to perform substantive procedures on insignificant classes of transactions, account balances, or disclosures. 2. b. Correct. SAS 106 creates an unconditional requirement, rather than a presumptively mandatory requirement, that the auditor perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. a. Incorrect. Performing additional audit procedures to resolve significant inconsistencies in the information obtained is a presumptively mandatory requirement of SAS 106. c. Incorrect. Consideration of the sufficiency and appropriateness of audit evidence to be obtained when assessing risks and designing further audit procedures is a presumptively mandatory requirement of SAS 106. d. Incorrect. Determining the source of likely potential misstatements in each significant class of transactions, account balance, and presentation and disclosure, in order to identify relevant assertions is a presumptively mandatory requirement of SAS 106. Top_Aud_08_book.indb 171 8/30/2007 3:14:56 PM 172 TOP AUDITING ISSUES FOR 2008 CPE COURSE 3. False. Correct. The information contained in underlying accounting records is not in itself sufficient to support an opinion on the financial statements, but it nonetheless is included in as a component of audit evidence. True. Incorrect. SAS 106 states that audit evidence includes the information contained in the accounting records underlying the financial statements. In order to express an unqualified opinion on financial statements, SAS 106 requires only that the accumulation of evidence be persuasive, not conclusive. A requirement to provide conclusive evidence for an audit opinion would in most cases be unattainable and uneconomical because it would require reducing audit risk to zero, and would ignore economic limits. a. Incorrect. While risk assessment procedures by themselves are not sufficient evidence to support an opinion, SAS 106 states that when combined with the results of further audit procedures, they provide audit evidence that ultimately supports an opinion. b. Incorrect. SAS 106 states that audit evidence should be capable of proving or disproving an assertion that the client makes in its financial records. Evidence that was capable of neither would not be relevant. d. Incorrect. SAS 106 correlates the term “sufficient” with the quantity of the evidence, and “appropriate” with its quality. 4. c. Correct. 5. d. Correct. Audit evidence obtained from an independent knowledgeable source outside the entity, such as a confirmation from an independent third party, is usually considered more reliable than evidence obtained from within the entity. a. Incorrect. Audit evidence in that exists in documentary form is usually considered to be more reliable that an oral representation. b. Incorrect. Audit evidence that is developed under effective internal controls is usually considered to be more reliable than evidence developed under ineffective internal controls. c. Incorrect. Audit evidence obtained indirectly or by inference generally is considered less reliable than evidence obtained directly by the auditor. 6. a. Correct. Selecting a sample of shipping documents, using the shipping documents as the population and comparing them to the related duplicate sales invoices to determine if the customers had been billed provides relevant evidence about the completeness assertion because it directly correlates shipping to invoicing. b. Incorrect. Depending on how the sample was selected and how the confirmation was designed, selecting a sample of duplicate sales invoices, using the sales invoices as the population and confirming them with the customer might or might not be effective in proving or disproving the Top_Aud_08_book.indb 172 8/30/2007 3:14:56 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 1 173 completeness of invoicing. A random sample by invoice number, for example, would be ineffective for this purpose because it would not give the customer a complete list of invoices, and would not effectively address the question of whether the customer had received shipments that had not been invoiced. On the other hand, confirmations based on a sample of invoices by customer, listing all invoices for a period, and asking the customer to verify that no uninvoiced shipment had occurred could be effective. In either case, however, other procedures would likely be more effective for this purpose. c. Incorrect. Selecting a sample of duplicate sales invoices, using the sales invoices as the population, and tracing them to the related shipping documents is ineffective for this purpose because it asks the wrong question. This procedure asks whether sales that have been invoiced were in fact shipped, and would be appropriate for addressing the cutoff assertion. Since it starts with sales that the auditor already knows have been invoiced, it does nothing to prove or disprove that all shipments have been invoiced. d. Incorrect. Comparing the number of shipping documents over a period of time with the number of invoices for the same period would be unlikely to provide relevant evidence in this case for two reasons: first, shipping and invoicing may not necessarily occur within the same period, and second, multiple shipments may be invoiced on the same invoice. 7. a. Correct. SAS 106 groups the 13 assertions into three broad categories: classes of transactions and events, account balances, presentation and disclosure. b. Incorrect. Completeness, occurrence, rights and obligations, valuation/ allocation, and presentation and disclosure are the relevant assertions that were identified in previous auditing Standards. All of these assertions reappear in SAS 106 under one or more of three broad categories. c. Incorrect. Completeness, classification and understandability, accuracy and valuation are the relevant assertions listed by SAS 106 under the broad category of account balances. d. Incorrect. Occurrence, completeness, accuracy, cutoff, and classification are the relevant assertions listed by SAS 106 under the broad category of classes of transactions and events. 8. c. Correct. Consistent with the emphasis placed on the consideration of revenue recognition by SAS 99, the cutoff assertion reflects the need for auditors to pay close attention to the risk of cutoff errors or manipulations giving rise improper revenue recognition. a. Incorrect. Consideration of completeness will not effectively address the cutoff assertion unless it is paired with consideration of occurrence. Top_Aud_08_book.indb 173 8/30/2007 3:14:56 PM 174 TOP AUDITING ISSUES FOR 2008 CPE COURSE Consideration of occurrence will not effectively address the cutoff assertion unless it is paired with consideration of completeness. d. Incorrect. SAS 106 give auditors some discretion in how they characterize the relevant assertions in their audit documentation. It does not require that any of the assertions be expressly characterized in particular terms, as long as all of their aspects have been covered. b. Incorrect. 9. d. Correct. While all material numbers contained in the disclosures should have support within the audit documentation, there is no specific requirement to cross-reference each of them to the audit documentation. a. Incorrect. SAS 106 places renewed emphasis on the importance of clarity and understandability in financial statement disclosures. Auditors will therefore be required to consider these matters in connection with evaluating financial statement presentation and disclosures. b. Incorrect. Because management’s quantitative or qualitative judgments affecting the content of particular disclosures are particularly sensitive areas, auditors will need to give them increased consideration. c. Incorrect. Non-financial information contained in the disclosures may be important to the users of those statements. The auditor therefore needs to gather evidence supporting significant non-financial information contained in the disclosures. 10. c. Correct. Auditors evaluate materiality in connection with account balances, transaction classes, and issues of presentation and disclosure, as well as at the financial statement level. An assertion can be either relevant or irrelevant regardless of the materiality of the particular account balance, transaction class, or disclosure. For this reason, determining whether an assertion is relevant is independent of whether the related balance, transaction class or disclosure is material. a. Incorrect. In determining whether a particular assertion is relevant, SAS 106 requires the auditor to evaluate the nature and complexity of the systems used to process and control information supporting the assertion. b. Incorrect. SAS 106 requires the auditor to evaluate the nature of an assertion in determining whether it is relevant. d. Incorrect. SAS 106 states that an auditor should evaluate the volume of transactions or data related to the assertion in determining if the assertion is relevant. 11. d. Correct. Large volumes of repetitive electronic transactions lend themselves to processing under a uniform set of IT controls. Thus, testing of these controls would likely be an effective audit procedure. In addition, this type of transaction may not always generate a paper trial that would lend itself to detail testing. Under this circumstance, testing of controls would be necessary to provide sufficient audit evidence. Top_Aud_08_book.indb 174 8/30/2007 3:14:56 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 1 175 Large real estate transactions typically generate a great deal of documentation. When there are few such transactions, substantive tests of details, in the form of inspection of those documents, would usually be the most effective audit approach. Tests of controls would thus not usually be necessary. b. Incorrect. Occupancy costs such as rent, utilities and property taxes are usually predictable between periods within a stable business entity. These transactions would most likely lend themselves to testing with substantive analytical procedures such as trend analyses. For this reason, it would not usually be necessary to test internal controls over these transactions. c. Incorrect. Developing an understanding of the entity and its environment, including its internal control is a risk assessment procedure. Testing of internal controls, if necessary, would ordinarily occur after an understanding of the controls had been developed. a. Incorrect. 12. b. Correct. SAS 106 states as a presumptively mandatory requirement that substantive procedures should be performed in all audits for all relevant assertions related to each material class of transactions, account balance, and disclosure regardless of the assessed risk of material misstatement. a. Incorrect. There is no requirement to apply substantive procedures to immaterial classes of transactions, account balances or disclosures. c. Incorrect. Substantive procedures performed on each material class of transactions, account balance, and disclosure may include tests of details and substantive analytical procedures. There is no requirement, however, that both be performed when only one is necessary to provide sufficient appropriate evidence. d. Incorrect. Substantive procedures are performed to detect material misstatements down to the relevant assertion level, which is below the transaction class, account balance and disclosure level. 13. b. Correct. Inspection of actual items of physical inventory provides persuasive evidence as to the existence of those items. a. Incorrect. Absent other corroborative evidence, inquiry does not by itself provide persuasive evidence about any of the financial statement assertions. c. Incorrect. Analytical procedures might, in combination with other audit procedures, provide useful evidence about valuation or completeness of inventory. They would not likely provide evidence about its existence. d. Incorrect. Recalculation would normally be used to provide evidence about such assertions as accuracy or valuation. It would not usually provide support for the existence assertion. Top_Aud_08_book.indb 175 8/30/2007 3:14:57 PM 176 TOP AUDITING ISSUES FOR 2008 CPE COURSE 14. False. Correct. There is no requirement to use substantive analytical procedures in audits. True. Incorrect. Analytical procedures must be used in the planning and final evaluation stages of all audits. These analytical procedures, however, should not be confused with substantive analytical procedures, which may be used in combination with tests of details or tests of controls to provide audit evidence about balances, transactions or disclosures. Because confirmations involve obtaining statements from third parties, they are most effective in providing information about assertions that those parties are likely to have knowledge about, such as the existence of a receivable or a quantity of consigned inventory, and rights and obligations of that party. b. Incorrect. Third party vendors or customers would likely have good information about the cost of an item or the face amount of a receivable or payable, but this is not the same as its valuation. Questions of valuation usually require information from within the entity, thus, confirmations would not ordinarily be used as evidence for this assertion. c. Incorrect. Confirmations may provide information that helps auditors evaluate classification and understandability. However, this assertion would more often be addressed through gathering and evaluating information from with the entity. d. Incorrect. While confirmations may contain information that helps auditors evaluate accuracy, this assertion would more often be tested primarily by such procedures as recalculation or inspection of documents. 15. a. Correct. MODULE 1 — CHAPTER 2 1. b. Correct. Evaluating whether the financial statements taken as a whole are free of material misstatement is the most important aspect of any audit, and is listed in SAS 107 as an unconditional requirement. a. Incorrect. Performing risk assessment procedures at both the financial statement and account balance, transaction class and disclosure levels is listed in SAS 107 as a presumptively mandatory requirement rather than as an unconditional requirement. c. Incorrect. Having an appropriate basis for the assessment of the risk of material misstatement at the relevant assertion level is listed in SAS 107 as a presumptively mandatory requirement rather than as an unconditional requirement. d. Incorrect. Determining a materiality level for the financial statements taken as a whole is listed in SAS 107 as a presumptively mandatory requirement rather than as an unconditional requirement. Top_Aud_08_book.indb 176 8/30/2007 3:14:57 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 2 177 Determining one or more levels of tolerable misstatement lower than the materiality level is a presumptively mandatory requirement of SAS 107. a. Incorrect. SAS 107 does not require the auditor to accumulate all known misstatements, because this could lead to an aggregation of many trivial misstatements that would have no practical significance to the audit. It does, however, state an unconditional requirement to accumulate all known and likely misstatements other than trivial amounts. b. Incorrect. Communicating all known and likely misstatements, other than trivial amounts, to the appropriate level of management is an unconditional requirement of SAS 107. d. Incorrect. Considering the effects, individually and in the aggregate, of known and likely misstatements that are not corrected is an unconditional requirement of SAS 107. 2. c. Correct. 3. a. Correct. Prior period’s budgets or forecasts would not likely be relevant to the current audit for purposes of determining materiality, and therefore would not ordinarily be considered. b. Incorrect. Significant changes in the client’s circumstances can affect perceptions of materiality. SAS 107 lists this as a factor that should be considered when determining materiality. c. Incorrect. Prior periods’ financial statements may contain benchmarks that are useful in determining materiality. SAS 107 lists this as a factor that should be considered. d. Incorrect. Changes of conditions in the client’s industry may provide information that influences perceptions about materiality. SAS 107 lists this as a factor that should be considered. SAS 107 states a presumptively mandatory requirement to consider audit risk in relation to the relevant assertions at both the financial statement level and the account balance, transaction class and disclosure level. b. Incorrect. The financial statement materiality level and the tolerable misstatement level relate to the determination of materiality rather than to the consideration of audit risk. c. Incorrect. SAS 107 requires consideration of audit risk in relation to the relevant assertions at the financial statement level as well as at the account balance, transaction class and disclosure level. d. Incorrect. The tolerable misstatement level relates to the determination of materiality, not the assessment of risk. 4. a. Correct. Top_Aud_08_book.indb 177 8/30/2007 3:14:57 PM 178 TOP AUDITING ISSUES FOR 2008 CPE COURSE 5. d. Correct. Detection risk is the auditor’s risk because it is the auditor’s responsibility to detect material misstatements. a. Incorrect. The risk of material misstatement is the combined assessment of inherent and control risk. Both inherent and control risks are client risks, therefore the risk of material misstatement is also a client risk. b. Incorrect. It is the client’s responsibility to implement and maintain systems of internal control. Control risk therefore is the client’s risk. c. Incorrect. Inherent risk is a product of many factors that influence the client’s business, such as its industry, and general economic conditions. The property of inherent risk attaches to the client’s financial statements and components of the financial statements regardless of control risk. It is the client’s risk, not the auditor’s. 6. c. Correct. SAS 107 states that a trivial misstatement is an amount designated by the auditor below which misstatements need not be accumulated. If it is probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the misstatement, it is a material misstatement. b. Incorrect. It is the auditor’s role, not management’s, to designate an amount below which such misstatements, individually or in the aggregate, would not be material to the financial statements. d. Incorrect. It is the auditor’s role, not management’s, to designate an amount below which such misstatements, individually or in the aggregate, would not be material to the financial statements. Auditors are required to summarize uncorrected misstatements and to communicate them to management. In most cases management agrees, in the representation letter, that they are not material, however, trivial misstatements as designated by the auditor would not be posted to this summary. a. Incorrect. 7. b. Correct. Even when planning not to rely on a control, and to assess control risk at maximum, the auditor must have sufficient understanding of the control to have a basis for that assessment. a. Incorrect. SAS 107 intends that audit procedures to be performed be specifically linked to assessed risks. c. Incorrect. Regardless of the auditor’s intention to rely or not to rely on controls, the auditor should develop an understanding of controls sufficient to support an assessment of maximum control risk. d. Incorrect. Controls need not be tested unless the auditor plans to rely on them. 8. c. Correct. SAS 107 states that it is not ordinarily feasible for the auditor to consider the individual needs of all financial statement users, because their needs may vary so greatly. Top_Aud_08_book.indb 178 8/30/2007 3:14:57 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 2 179 a. Incorrect. SAS 107 makes a number of assumptions about the competence and diligence of financial statement users, one of which is their willingness to study the statements with appropriate diligence. b. Incorrect. SAS 107 assumes that financial statement users have appropriate knowledge of business and economic activities and accounting. d. Incorrect. Under SAS 107, financial statement users are assumed to recognize that there are uncertainties inherent in the accounting estimates and judgments used in preparing the financial statements. 9. False. Correct. Since auditing is a process in which misstatements may be discovered, the benchmarks used for determining materiality in the planning phase may change during the audit. Thus, perceptions of materiality may change, and different levels may be appropriate for evaluating audit results. True. Incorrect. The materiality levels that the auditor sets in the planning phase of the audit need not be used in evaluating the audit results. In profit-making businesses, a benchmark based on results of operations is usually appropriate for determining materiality. However in this case, if that benchmark included the expense for the owners’ compensation, it would likely result in a lower amount than necessary to provide reasonable assurance of detecting material misstatement, and thus cause an inefficient audit. Pre-tax income before owners’ compensation would therefore be a more appropriate benchmark. b. Incorrect. Pre-tax income in such a corporation may be artificially low due to the owners’ compensation. This would cause materiality levels determined based on this benchmark to be artificially low, and could lead to an inefficient audit. c. Incorrect. Using any benchmark of income that includes owners’ compensation expense could lead to artificially low materiality levels and an inefficient audit. Also, in a consistently profitable business, a benchmark based on current year operations would likely be more relevant than one that includes prior years. d. Incorrect. In most cases, a benchmark based on results of operations, rather than on assets, is the most useful for determining materiality in a profitmaking business. This is because results of operations are usually the most important financial statement component to the users of the statements. 10. a. Correct. 11. False. Correct. SAS 107 requires auditors to communicate both known and likely misstatements to management. True. Incorrect. Communicating only known misstatements to management would frustrate one of the purposes of the Risk Assessment Standards, which is to create more responsibility on management’s part for evaluating and correcting misstatements. Top_Aud_08_book.indb 179 8/30/2007 3:14:57 PM 180 TOP AUDITING ISSUES FOR 2008 CPE COURSE 12. d. Correct. SAS 107 allows auditors to consider either the income statement or the ending balance sheet effects of prior period misstatements, or to take both into account. a. Incorrect. SAS 107 contains no unconditional requirement for auditors to consider the effect of all current and prior period misstatements that flow through the current period’s income statement. b. Incorrect. It is true that auditors may consider the cumulative effect on the ending balance sheet. However, SAS 107 also states that the income statement approach or a combined consideration of both balance sheet and income statement effects are acceptable methods. Therefore, it is not correct to say that the cumulative effect on the ending balance sheet is the auditor’s primary focus. c. Incorrect. Under SEC requirements, auditors must consider both the income statement and ending balance sheet effects of prior period misstatements. This is not true under SAS 107. Certain misstatements may have significance even though they do not exceed quantitative thresholds for materiality. This is particularly true of misstatements that involve potential fraud or illegal acts, or that cause misstatement of items that are known to be of particular concern to financial statement users. a. Incorrect. SAS 107 states that auditors may not rely solely on quantitative benchmarks to assess whether an item is material. While quantitative thresholds may provide a basis for a preliminary assumption about whether an item is material, they are not a substitute for full analysis. c. Incorrect. SAS 107 requires auditors to consider the likelihood of a currently immaterial misstatement, such as an accrual or deferral, becoming material to future periods through cumulative effects. d. Incorrect. Misclassifications between current and non-current assets are potentially significant misstatements, from a qualitative standpoint, even when they are lower than quantitative materiality thresholds, because they may affect working capital and the related ratios. This information is often significant if, for example, it causes a violation of a loan covenant. 13. b. Correct. SAS 107 contains a requirement for auditors to document the basis on which materiality, as well as tolerable misstatement, were determined. b. Incorrect. Auditors are required to document materiality at the tolerable misstatement level, which applies to account balances, transactions classes and disclosures. c. Incorrect. Auditors are required to document changes made to materiality levels during the audit. 14. a. Correct. Top_Aud_08_book.indb 180 8/30/2007 3:14:57 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 3 181 d. Incorrect. Audit documentation should include consideration of the effects of uncorrected misstatements from prior periods on the current period’s financial statements. 15. c. Correct. The summary of uncorrected misstatements should include consideration of their aggregate effects, including impact on significant financial statement totals or subtotals, such as current assets and liabilities, working capital, gross sales or gross margin. a. Incorrect. Auditors are required under SAS 107 to consider both known and likely uncorrected misstatements. b. Incorrect. Auditors are required under SAS 107 to summarize uncorrected misstatements in a way that facilitates separate consideration of known and likely misstatements. d. Incorrect. Auditors are required under SAS 107 to document a conclusion as to the materiality of uncorrected misstatements, both individually and in the aggregate. MODULE 1 — CHAPTER 3 1. c. Correct. SAS 108 states as an unconditional requirement that the auditor must develop an audit plan which documents the audit procedures that are expected to reduce audit risk to an acceptably low level. a. Incorrect. SAS 108’s requirement for the auditor to update and document specific revisions to the audit strategy to respond to changes in circumstances is a presumptively mandatory, rather than an unconditional requirement. b. Incorrect. The requirement to review the work performed by each assistant to determine that it was adequately performed and documented and to evaluate its results is presumptively mandatory, not unconditional. d. Incorrect. The requirement to consider whether specialized skills are needed to perform the audit is presumptively mandatory, not unconditional. SAS 108 states as a presumptively mandatory requirement that the auditor must establish and document in a written engagement letter an understanding with the client for each audit. a. Incorrect. The requirement to properly supervise any assistants is an unconditional requirement. b. Incorrect. SAS 108’s requirement for the auditor to plan the audit so that it is responsive to the assessment of the risk of material misstatement based on the auditor’s understanding of the client and its environment, including its internal control is an unconditional, rather than a presumptively mandatory requirement. 2. c. Correct. Top_Aud_08_book.indb 181 8/30/2007 3:14:57 PM 182 TOP AUDITING ISSUES FOR 2008 CPE COURSE SAS 108 does not require the auditor to refrain from accepting an audit engagement at or near the close of the fiscal year. It does state, however, that the auditor should perform certain procedures before accepting an audit engagement at or near the close of the fiscal year. d. Incorrect. 3. a. Correct. Communicating significant deficiencies in internal control to those charged with governance is one of the auditor responsibilities that is generally included in an engagement letter. b. Incorrect. Adjusting the financial statements to correct material misstatements is management’s responsibility. The auditor, however, is required to communicate to management known and likely misstatements discovered in the audit. c. Incorrect. Establishing and maintaining effective internal control over financial reporting is management’s responsibility. The auditor, however, is required to gain an understanding of the client’s internal control over financial reporting. d. Incorrect. Designing and implementing programs and controls to prevent and detect fraud is a management responsibility. However, as a part of gaining an understanding of the client’s environment and controls, the auditor considers programs and controls to prevent and detect fraud. 4. False. Correct. A detailed map describing the nature, timing, and extent of audit procedures to be performed is the definition of the audit plan, rather than the overall audit strategy. True. Incorrect. The overall audit strategy is the broad approach regarding how the audit will be conducted. SAS 108 requires the audit plan to include a description of the nature, timing, and extent of planned risk assessment procedures. a. Incorrect. SAS 108 actually requires the opposite; that the original audit plan be revised to respond to changes in circumstances. c. Incorrect. The audit plan should provide a clear linkage between the understanding of the entity, the risk assessments, and the design of further audit procedures. d. Incorrect. The audit plan should include a description of the nature, timing, and extent of planned further audit procedures to be applied down to the relevant assertion level. 5. b. Correct. SAS 108 requires that specialists on an audit team be supervised in a manner consistent with other audit assistants. False. Incorrect. SAS 108 does not make a distinction between specialists and other members of the audit team in terms of their need for supervision. 6. True. Correct. Top_Aud_08_book.indb 182 8/30/2007 3:14:57 PM ANSWERS TO STUDY QUESTIONS — Module 1 — Chapter 3 183 There is no specific requirement in SAS 108 or elsewhere in professional Standards to inspect the predecessor auditor’s audit documentation. Many successor auditors, however, request to view or make copies or abstracts of certain pieces of the predecessor’s workpapers, to facilitate the performance of the audit. a. Incorrect. Communication with the previous auditor, where applicable, is a specific requirement of SAS 108. b. Incorrect. SAS 108 requires the auditor to perform procedures regarding the acceptance of a new client relationship and the specific audit engagement. c. Incorrect. When a prospective audit client places restrictions on communication between predecessor and successor auditors, the successor should consider the implications in evaluating whether to accept the engagement. 7. d. Correct. 8. c. Correct. The engagement partner should emphasize to audit assistants the need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence throughout the audit, both in the planning stage and throughout the engagement. a. Incorrect. Audit assistants should bring accounting issues raised during the audit that the assistant believes are significant to the financial statements to the attention of the engagement partner. Significant accounting issues impacting the financial statements should also be communicated to management, although the channel for this communication is a matter of firm policy. Ordinarily, assistants would be expected to bring the matter to the engagement partner’s attention before it is communicated to the client. b. Incorrect. Audit assistants should be reminded of the need to bring client-imposed restrictions on access to information necessary to perform the audit to the attention of appropriate persons within the firm. Ordinarily this would be a person on the level of a field supervisor. Such matters would not ordinarily be brought directly to the engagement partner’s attention as a first resort except in small engagements. d. Incorrect. Although it would be unusual for the engagement partner not to communicate the time budget for performing an engagement to assistants, there is no requirement in professional Standards to do so. The firm’s practice for reviewing engagements will vary depending on the size of the firm and the complexity of the engagement. For complex engagements, large firms ordinarily have three tiers of review, at the senior audit staff, audit manager and engagement partner level. In smaller firms, the engagement partner may work one-on-one with an assistant, or may have no assistants. 9. a. Correct. Top_Aud_08_book.indb 183 8/30/2007 3:14:57 PM 184 TOP AUDITING ISSUES FOR 2008 CPE COURSE b. Incorrect. SAS 108 permits the engagement partner to delegate the review of portions of the work of assistants. The engagement partner nonetheless has final responsibility to see that the work of assistants has been properly reviewed. c. Incorrect. There is no specific requirement in SAS 108 for each workpaper in the audit documentation file to be signed-off as an indication that it has been reviewed. d. Incorrect. Since SAS 108 permits the engagement partner to delegate the review of portions of the work of assistants, it is incorrect that audit assistants should not review each other’s work. 10. c. Correct. Assistants who dissent from the final resolution of a disagreement have no further responsibility for related decisions made by supervisory personnel once their dissent is documented. a. Incorrect. Audit firms are required under SAS 108 to have procedures that allow assistants to document their positions if they disagree with the resolution of accounting or auditing issues in an engagement. b. Incorrect. Audit assistants are responsible under SAS 108 to make known to appropriate individuals in the firm any disagreements or concerns they might have concerning significant accounting and auditing issues. d. Incorrect. The engagement partner and assistants should all be aware of the firm’s procedures for resolving differences of professional opinion in an audit. MODULE 2 — CHAPTER 4 Consistent with the overall philosophical goals of the Risk Assessment Standards as a whole, auditors are required under SAS 109 to use the results of their risk assessment in determining the nature, timing and extent of further audit procedures. a. Incorrect. Auditors need to perform tests of controls only when the risk assessment is based on an expectation that they are operating effectively. b. Incorrect. Analytical procedures are more often used as part of the auditor’s risk assessment process itself in the planning stages of an audit. Their results, as a part of that process, might be used in designing substantive analytical procedures to be used as further audit procedures. d. Incorrect. Inquiry about business risks that management has identified is ordinarily included as a part of the risk assessment procedures themselves. 1. c. Correct. Ordinarily an audit concerns itself primarily with those internal controls that are relevant to the financial reporting process. Internal controls over production scheduling, according to SAS 109, do not normally fall into this category. Auditors would not usually obtain an understanding of these controls unless they were deemed relevant to the financial reporting or auditing process. 2. b. Correct. Top_Aud_08_book.indb 184 8/30/2007 3:14:57 PM 219 TOP AUDITING ISSUES FOR 2008 CPE COURSE Quizzer Questions: Module 1 Answer the True/False questions by marking a “T” or “F” on the Quizzer Answer Sheet. Answer Multiple Choice questions by indicating the appropriate letter on the Answer Sheet. 1. Which of the following is an unconditional requirement of SAS 106? The auditor must determine the relevance of each of the financial statement assertions for each significant class of transactions, account balance, and presentation and disclosure. b. Risk assessment procedures must be supplemented by further audit procedures in the form of substantive procedures and, when relevant or necessary, tests of controls. c. Relevant assertions must be used in assessing risks by considering the types of misstatements that might arise and designing further audit procedures to respond to those risks. d. The auditor must determine the source of likely potential misstatements in each significant class of transactions, account balance, and presentation and disclosure, in order to identify relevant assertions. a. 2. Which of the following is a presumptively mandatory requirement of SAS 106? The auditor should evaluate the nature of the assertion, volume of transactions or data, and the nature and complexity of systems in determining whether particular assertions are relevant to a significant account balance or disclosure. b. The auditor should obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for the audit opinion. c. The auditor should perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion levels. d. The auditor should not be satisfied with evidence that is less than persuasive. a. Top_Aud_08_book.indb 219 8/30/2007 3:15:00 PM 220 TOP AUDITING ISSUES FOR 2007 CPE COURSE 3. All of the following statements apply to audit evidence except: Audit evidence includes the information contained in the accounting records underlying the financial statements. b. Audit evidence should be capable of proving or disproving an assertion made by the client in its financial records. c. In order to express an unqualified opinion on financial statements, the accumulation of evidence must be persuasive. d. Sufficiency refers to the quality of audit evidence. a. 4. The results of risk assessment procedures provide audit evidence that supports the auditor’s opinion, without the need for further auditing procedures. True or False? 5. Which of the following statements best applies to the reliability of audit evidence as discussed in SAS 106? Audit evidence obtained by inquiry is equally reliable as evidence obtained by the auditor’s direct observation. b. The reliability of audit evidence is independent of the internal controls under which it developed. c. Original documents are more reliable than photocopies. d. Controls over the preparation and maintenance of electronic documentation do not affect its reliability. a. 6. Which of the following audit procedures is likely to be most effective in providing relevant audit evidence to prove or disprove the client’s rights and obligations assertions concerning a lease agreement? a. b. c. d. 7. Inspection of the leased premises Substantive analytical procedures Inspection of the lease agreement Inquiry of management All of the following assertions fall under the “presentation and disclosure” category of assertions except: a. b. c. d. Top_Aud_08_book.indb 220 Completeness Occurrence and rights and obligations Existence Classification and understandability 8/30/2007 3:15:00 PM QUIZZER — Module 1 8. 221 Which of the following statements best applies to the auditor’s use of the relevant assertions described in SAS 106? The assertions should be used exactly as described in SAS 106. Auditors may substitute other assertions at their discretion. Auditors may express relevant assertions differently provided that all the aspects described by SAS 106 are covered. d. The assertions should be combined when feasible. a. b. c. 9. Which of the following assertions falls under the “classes of transactions and events” category? a. b. c. d. 10. To determine whether a particular assertion is relevant for purposes of assessing the risks of material misstatements in financial statements, auditors should evaluate which of the following factors? a. b. c. d. 11. Cutoff Existence Valuation and allocation Clarity and understandability The susceptibility of the assertion to fraud. The likelihood that the assertion is misstated. The materiality of the assertion. The volume of transactions or data related to the assertion. Tests of the operating effectiveness of internal controls would likely be unnecessary in which of the following circumstances? For large volumes of repetitive electronic transactions that leave no paper trail. b. For occupancy costs such as rent, utilities and property taxes in a stable business entity. c. When the risk assessment includes an expectation of the operating effectiveness of controls. d. When substantive procedures alone do not provide sufficient appropriate audit evidence. a. Top_Aud_08_book.indb 221 8/30/2007 3:15:00 PM 222 TOP AUDITING ISSUES FOR 2007 CPE COURSE 12. According to SAS 106, substantive procedures must be performed in all audits for all relevant assertions related to: Each material class of transactions, account balance, and disclosure. All classes of transactions, account balances, and disclosures. All classes of transactions, account balances, and disclosures where controls are not tested. d. Each material class of transactions, account balance, and disclosure that is assessed at more than moderate risk of material misstatement. a. b. c. 13. Which of the following audit procedures would be likely to provide the most persuasive evidence in support of the existence assertion made by the client in the mortgage debt disclosure to the financial statements? a. b. c. d. Inspection of the mortgage note Inquiries of management Written confirmation with the creditor Completion of a comprehensive disclosure checklist 14. Analytical procedures alone may provide sufficient evidence to support small account balances. True or False? 15. Which of the following statements best applies to the use of inquiry as an audit procedure? Inquiries are not useful in testing presentation and disclosure assertions. b. Client inquiries usually cannot be regarded as conclusive evidence. c. Replies to client inquiries in the form of written management representations are no more reliable than representations made orally. d. All inconsistencies in information obtained through inquiry should be resolved. a. 16. SAS 107 lists which of the following as an unconditional requirement? Performing the audit to obtain absolute assurance that the financial statements taken as whole are free of material misstatement. b. Having an appropriate basis for the assessment of the risk of material misstatement at the relevant assertion level. c. Performing substantive tests for all relevant assertions related to material account balances, transaction classes, and disclosures. d. Determining the implications for the audit report when the auditor is unable to conclude whether the financial statements are materially misstated. a. Top_Aud_08_book.indb 222 8/30/2007 3:15:00 PM QUIZZER — Module 1 17. 223 SAS 107 lists which of the following as a presumptively mandatory requirement? Requesting that management correct all known misstatements, including the effects of prior misstatements. b. Requesting that management correct all likely misstatements, including the effects of prior misstatements. c. Requesting that management correct all known misstatements, excluding the effects of prior misstatements. d. Requesting that management correct all known and likely misstatements, excluding the effects of prior misstatements. a. 18. All of the following statements apply, under SAS 107, to the auditor’s consideration and determination of materiality except: Consideration of the possibility that misstatements lower than materiality levels could aggregate to a material amount is not necessary. b. Consideration of matters that might be material to every individual group of users is not necessary. c. Prior periods’ financial statements should be considered. d. Materiality should be considered by the same method regardless of the client’s inherent business characteristics. a. 19. Auditors should perform risk assessment procedures at: Both the financial statement level and the tolerable misstatement level. b. Both the financial statement level and the account balance, transaction class and disclosure level. c. Only the account balance, transaction class and disclosure level. d. Only the tolerable misstatement level. a. 20. Inherent and control risks are the client’s risks, and exist independently of the audit or the auditor. True or False? Top_Aud_08_book.indb 223 8/30/2007 3:15:01 PM 224 TOP AUDITING ISSUES FOR 2007 CPE COURSE 21. Which of the following statements best matches the definition of materiality found in SAS 107? Materiality is an amount agreed upon by users of the financial statements, above which misstatements, individually or in the aggregate, would change or influence their judgment. b. Materiality is an amount designated by the auditor, below which misstatements need not be accumulated. c. Materiality is an amount of an omission or misstatement such as makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement. d. Materiality is an amount agreed upon by management and the auditor, above which misstatements, individually or in the aggregate, would change or influence their judgment. a. 22. SAS 107 adds to the auditing literature the new concept of considering the risk of misstatement: a. b. c. d. 23. At the level of the financial statements taken as a whole At individual account balance or class of transactions level At the disclosure level At the individual user level The requirement of SAS 107 to assess the risk of material misstatement at the relevant assertion level as a basis for further audit procedures: Intends that audit procedures be more effectively concentrated in areas of highest risk. b. Means that the auditor need not develop an understanding of controls sufficient to support an assessment of maximum control risk. c. Requires that controls always be tested. d. Intends that substantive tests be performed in all areas without regard to assessed risks. a. Top_Aud_08_book.indb 224 8/30/2007 3:15:01 PM QUIZZER — Module 1 24. 225 Which of the following statements best applies to the auditor’s use of materiality in an audit? Establishing a materiality level in the planning stages sets a threshold below which misstatements are always considered immaterial. b. Materiality levels set by the auditor in the planning stage of the audit must also be used in evaluating audit results. c. If a lower level of materiality than the one set in audit planning is considered appropriate at the end of the audit, the auditor should reconsider related levels of tolerable misstatement. d. Some misstatements may be deemed immaterial even when they are above established thresholds. a. 25. Which of the following would likely be the most appropriate benchmark to use in setting materiality for a small, service oriented nonprofit organization? a. b. c. d. 26. In considering a likely misstatement of depreciation expense, which is stated at $150,000 in the financial statements, the auditor’s best estimate of an acceptable range of depreciation expense is from $149,000 to $154,000. The likely misstatement is: a. b. c. d. 27. Gross revenues Pre-tax income Gross profit Net income $4,000 understatement Zero $1,000 overstatement Not material to the financial statements taken as a whole When a non-public client is in a lease agreement with significant scheduled escalations over its term, and the client has not recorded deferred rent in the previous year: The auditor should consider only the cumulative effect of the uncorrected rent deferral on the ending balance sheet. b. The auditor should consider only the current and prior period rent expense that flows through the current period’s income statement. c. The auditor may consider both the income statement and ending balance sheet effects of the prior period misstatements. d. The auditor must consider both the income statement and ending balance sheet effects of the prior period misstatements. a. Top_Aud_08_book.indb 225 8/30/2007 3:15:01 PM 226 TOP AUDITING ISSUES FOR 2007 CPE COURSE 28. Which of the following statements best applies, under SAS 107, to the auditor’s consideration of the qualitative characteristics of misstatements? Indications of possible fraud on the part of management or key employees may be considered qualitatively immaterial if they fall beneath quantitative tolerable misstatement levels. b. Misstatements affecting management’s compensation may have qualitative significance even though they do not exceed quantitative thresholds for materiality. c. A misclassification between current and non-current liabilities is not considered a qualitatively significant misstatement. d. Previous years’ earnings trends are not qualitatively relevant to misstatements in the current year’s financial statements. a. 29. Audit documentation should contain a basis for the conclusion as to whether uncorrected misstatements are material individually but not in the aggregate. True or False? 30. According to SAS 107, audit documentation should record all of the following except: All known and likely misstatements that have been identified by the auditor and corrected by management, except for trivial amounts. b. Separate consideration of known and likely uncorrected misstatements. c. Consideration of the aggregate effects of misstatements. d. A statement as to basis for determining that certain misstatements are trivial. a. 31. All of the following are unconditional requirements in SAS 108 except: Properly supervise any assistants. Communicate to audit team members the susceptibility of the financial statements to material misstatement due to fraud or error. c. Adequately plan the audit. d. Develop an audit plan which documents the audit procedures that are expected to reduce audit risk to an acceptably low level. a. b. Top_Aud_08_book.indb 226 8/30/2007 3:15:01 PM QUIZZER — Module 1 32. 227 SAS 108 contains a presumptively mandatory requirement which states that the auditor should: Plan the audit so that it is responsive to the assessment of the risk of material misstatement, based on the auditor’s understanding of the client and its environment, including its internal control. b. Document in a written engagement letter an understanding with the client for each engagement, which should include fee arrangements. c. Refrain from accepting an audit engagement after the close of the fiscal year. d. Consider whether specialized skills are needed to perform the audit. a. 33. The audit engagement letter, according to SAS 108, generally includes all of the following elements as responsibilities of management except: Establishing and maintaining effective internal control over financial reporting. b. The selection and application of accounting policies. c. Providing reasonable assurance that the statements are free of material misstatement. d. Identifying and assuring compliance with applicable laws and regulations. a. 34. The audit plan is the detailed map that describes the nature, timing, and extent of audit procedures to be performed. True or False? 35. Which of the following elements is required by SAS 108 to be contained in the audit plan? Other audit procedures to be performed to comply with GAAS. The nature, timing, and extent of planned further audit procedures at the financial statement level for all classes of transactions, account balances, and disclosures. c. Linkage between the results of internal control tests, the understanding of the entity, and the determination of materiality. d. Reporting deadlines and recent industry-specific accounting developments. a. b. 36. The auditor need not evaluate the results of audit procedures performed by specialists as long as those specialists are both competent and independent. True or False? Top_Aud_08_book.indb 227 8/30/2007 3:15:01 PM 228 TOP AUDITING ISSUES FOR 2007 CPE COURSE 37. Before starting an initial audit, SAS 108 indicates that the auditor should: Perform preliminary analytical procedures. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement. c. Inspect the predecessor auditor’s audit documentation. d. Review the articles of incorporation. a. b. 38. Under the requirements of SAS 108, the engagement partner is required to communicate to audit assistants all of the following matters except: Their responsibilities and the objectives of audit procedures to be performed. b. The assistant’s responsibility to bring to the attention of the client’s management accounting issues raised during the audit that the assistant believes are significant to the financial statements. c. Matters that may affect the nature, timing, and extent of audit procedures to be performed, such as the nature of the entity's business and possible accounting and auditing issues. d. The susceptibility of the entity’s financial statements to material misstatement due to error or fraud, with special emphasis on fraud. a. 39. Which of the following requirements applies to the review of work performed by audit assistants? The review of work performed by assistants should be delegated to others by the engagement partner. b. Each workpaper in the audit documentation file must be signed off by a supervisor to indicate that it has been reviewed. c. The firm’s practice for reviewing the work of assistants should be the same regardless of the characteristics of the engagement. d. The work performed by each assistant, including the audit documentation, should be reviewed to determine whether it was adequately performed and documented. a. Top_Aud_08_book.indb 228 8/30/2007 3:15:01 PM QUIZZER — Module 1 40. 229 Which of the following statements applies to the resolution of differences of professional opinion under SAS 108? Assistants who dissent from the final resolution of disagreement continue to have professional responsibility for the related decisions made by supervisory personnel. b. Audit firms should not retain documentation of disagreements of professional opinion among the engagement team over particular accounting or auditing issues once was resolution is reached. c. Both the engagement partner and assistants should be aware of the procedures to be followed when differences of professional opinion exist in an audit engagement. d. Audit assistants have a professional responsibility to bring to the attention of appropriate individuals in the client’s management disagreements concerning significant accounting and auditing issues. a. Top_Aud_08_book.indb 229 8/30/2007 3:15:01 PM
