Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Overview of Auditing

advertisement 
-4-
2. Auditing
2.1. Objective and Structure
The objective of this chapter is to introduce the background information on
auditing. In section 2.2, definitions of essential terms as well as main objectives and
tasks of auditing profession are covered. Four principal audit procedures are discussed
in section 2.3. Audit approaches including test of controls and substantive tests are
discussed in greater details in section 2.4. Finally, section 2.5 provides a brief summary
of auditing perspective.
Notice that dominant content covered in this chapter are based on the notable
textbook “Auditing: An Integrated Approach” (Arens & Loebbecke, 2000) and my own
experiences.
2.2. What Is Auditing?
Auditing is the accumulation and evaluation of evidence about information to
determine and report on the degree of correspondence between the information and
established criteria (Arens & Loebbecke, 2000, 16). Normally, independent auditors,
also known as certified public accountants (CPAs), conduct audit work to ascertain
whether the overall financial statements of a company are, in all material respects, in
conformity with the generally accepted accounting principles (GAAP). Financial
statements include Balance Sheets, Profit and Loss Statements, Statements of Cash
Flow and Statements of Retained Earning. Generally speaking, what auditors do is to
apply relevant audit procedures, in accordance with GAAP, in the examination of the
underlying records of a business, in order to provide a basis for issuing a report as an
attestation of that company’s financial statements. Such written report is called auditor’s
opinion or auditor’s report.
Auditor’s report expresses the opinion of an independent expert regarding the
degree of reliability upon of the information presented in the financial statements. In
other words, auditor’s report assures the financial statements users, which normally are
external parities such as shareholders, investors, creditors and financial institutions, of
the reliability of financial statements, which are prepared by the management of the
company.
-5-
Due to the time and cost constraints, auditors cannot examine every detail
records behind the financial statements. The concept of materiality and fairly stated
financial statements were introduced to solve this problem. Materiality is the magnitude
of an omission or misstatement of information that misleads the financial statement
users.
The materiality standard applied to each account balance is varied and is
depended on auditors’ judgement. It is the responsibility of the auditors to ensure that
all material misstatements are indicated in the auditors’ opinion.
In business practice, it is more common to find an auditor as a staff of an
auditing firm. Generally, several CPAs join together to practice as partners of the
auditing firm, offering auditing and other related services including auditing and other
reviews to interested parties. The partners normally hire professional staffs and form an
audit team to assist them in the audit engagement. In this thesis, auditors, auditing firm
and audit team are synonyms.
2.3. Audit Engagement Processes
The audit engagement processes of each auditing firm may be different.
However, they generally involve the four major steps: client acceptance or client
continuance, planning, execution and documentation, and completion.
2.3.1. Client Acceptance or Client Continuance
Client acceptance, or client continuance in case of a continued
engagement, is a process through which the auditing firm decides whether or not the
firm should be engaged by this client. Major considerations are:
-
Assessment of engagement risks: Each client presents different level
of risk to the firm. The important risk that an auditing firm must evaluate carefully in
accepting an audit client are: accepting a company with a bad reputation or questionable
ethics that involves in illegal business activities or material misrepresentation of
business and accounting records. Some auditing firms have basic requirements of
favorable clients.
On the other hand, some have a list of criteria to identify the
unfavorable ones. Unfavorable clients, for example, are in dubious businesses or have
too complex a financial structure.
-6-
-
Relationship conflicts: Independence is a key requirement of the
audit profession, of equal importance is the auditor’s objectivity and integrity. These
factors help to ensure a quality audit and to earn people’s trust in the audit report.
-
Requirements of the clients: The requirements include, for example,
the qualification of the auditor, time constraint, extra reports and estimated budget.
-
Sufficient competent personnel available
-
Cost-Benefit Analysis: It is to compare the potential costs of the
engagement with the audit fee offered from the client. The major portion of the cost of
audit engagement is professional staff charge.
If the client is accepted, a written confirmation, generally on an annual
basis, of the terms of engagement is established between the client and the firm.
2.3.2. Planning
The objective of the planning step is to develop an audit plan. It includes
team mobilization, client’s information gathering, risk assessment and audit program
preparation.
2.3.2.1. Team Mobilization
This step is to form the engagement team and to communicate
among team members. First, key team members have to be identified. Team members
include engagement partner or partners who will sign the audit report, staff auditors
who will conduct most of the necessary audit work and any specialists that are deemed
necessary for the engagement. The mobilization meeting, or pre-planning meeting,
should be conducted to communicate all engagement matters including client
requirements and deliverables, level of involvement, tentative roles and responsibilities
of each team member and other relevant substances. The meeting should also cover the
determination of the most efficient and effective process of information gathering.
In case of client continuance, a review of the prior year audit to
assess scope for improving efficiency or effectiveness should be identified.
-7-
2.3.2.2. Client’s Information Gathering
In order to perform this step, the most important thing is the
cooperation between the client and the audit team. A meeting is arranged to update the
client’s needs and expectations as well as management’s perception of their business
and the control environment.
Next, the audit team members need to perform the preliminary
analytical procedures which could involve the following tasks:
- Obtaining
background
information:
It
includes
the
understanding of client’s business and industry, the business objectives, legal
obligations and related risks.
- Understanding system structures: System structures include the
system and computer environments, operating procedures and the controls embedded in
those procedures.
- Control assessment: Based upon information about controls
identified from the meeting with the client and the understanding of system structures
and processes, all internal controls are updated, assessed and documented. The subjects
include control environment, general computerized (or system) controls, monitoring
controls and application controls.
More details about internal control, such as
definitions, nature, purpose and means of achieving effective internal control, can be
found in “Internal Control – Integrated Framework” (COSO, 1992).
Audit team members’ knowledge, expertise and experiences are
considered as the most valuable tools in performing this step.
2.3.2.3. Risk Assessment
Risk, in this case, is some level of uncertainty in performing audit
work. Risks identified in the first two steps are gathered and assessed. The level of
risks assessed in this step is directly lead to the audit strategy to be used. In short, the
level of task is based on the level of risks. Therefore, the auditor must be careful not to
understate or overstate the level of these risks.
-8-
Level of risks is different from one auditing area to another. In
planning the extent of audit evidences of each auditing area, auditors primarily use an
audit risk model such as the one shown below:
Planned Detection Risk =
Acceptable Audit Risk
Inherent Risk * Control Risk
- Planned detection risk: Planned detection risk is the highest
level of misstatement risk that the audit evidence cannot detect in each audit area. The
auditors need to accumulate audit evidences until the level of misstatement risk is
reduced to planned detection risk level. For example, if the planned detection risk is
0.05, then audit testing needs to be expanded until audit evidence obtained supports the
assessment that there is only five percent misstatement risk left.
- Acceptable audit risk: Audit risk is the probability that auditor
will unintentionally render inappropriate opinion on client’s financial statements.
Acceptable audit risk, therefore, is a measure of how willing the auditor is to accept that
the financial statements may be materially misstated after the audit is completed (Arens
& Loebbecke, 2000, 261).
- Inherent risk: Inherent risk is the probability that there are
material misstatements in financial statements. There are many risk factors that affect
inherent risk including errors, fraud, business risk, industry risk, and change risk. The
first two are preventable and detectable but others are not. Auditors have to ensure that
all risks are taken into account when considering the probability of inherent risk.
- Control risk: Control risk is the probability that a client’s
control system cannot prevent or detect errors. Normally, after defining inherent risks,
controls that are able to detect or prevent such risks are identified. Then, auditors will
assess whether the client’s system has such controls and, if it has, how much they can
rely on those controls. The more reliable controls, the lower the control risk. In other
words, control risk represents auditor’s reliance on client’s control structure.
It is the responsibility of the auditors to ensure that no risk factors
of each audit area are left unaddressed and the evidence obtained is sufficient to reduce
all risks to an acceptable audit risk level. More information about audit risk can be
-9-
found in Statement of Auditing Standard (SAS) No. 47: Audit Risk and Materiality in
Conducting an Audit (AICPA, 1983).
2.3.2.4. Audit Program Preparation
The purpose of this step is to determine the most appropriate audit
strategy and tasks for each audit objective within each audit area based on client’s
background information about related audit risks and controls identified from the
previous steps.
Firstly, the audit objectives, both transaction-related and balancerelated, of each audit area have to be identified. These two types of objectives share
one thing in common -- that they must be met before auditors can conclude that the
information presented in the financial statements are fairly stated. The difference is that
while transaction-related audit objectives are to ensure the correctness of the total
transactions for any given class, balance-related audit objectives are to ensure the
correctness of any given account balance. A primary purpose of audit strategy and task
is to ensure that those objectives are materially met.
Such objectives include the
following.
Transaction-Related and Balance-Related Audit Objectives
- Existence or occurrence: To ensure that all balances in the
balance sheet have really existed and the transactions in the
income statement have really occurred.
- Completeness: To ensure that all balances and transactions are
included in the financial statements.
- Accuracy: To ensure that the balances and transactions are
recorded accurately.
- Classification: To ensure that all transactions are classified in
the suitable categories.
- Cut-off (timing): To ensure that the transactions are recorded in
the proper period.
- 10 -
Others Balance-Related Audit Objectives
- Valuation: To ensure that the balances and transactions are
stated at the appropriate value.
- Right and obligation: To ensure that the assets are belonged to
and the liabilities are the obligation of the company.
- Presentation and disclosure: To ensure that the presentation of
the financial statements does not mislead the users and the
disclosures are enough for users to understand the financial
statements clearly.
After addressing audit objectives, it is time to develop an overall audit
plan. The audit plan should cover audit strategy of each area and all details related to
the engagement including the client’s needs and expectations, reporting requirements,
timetable. Then, the planning at the detail level has to be performed. This detailed plan
is known as a tailored audit program. It should cover tasks identification and schedule,
types of tests to be used, materiality thresholds, acceptable audit risk and person
responsible. Notice that related risks and controls of each area are taken into account
for prescribing audit strategy and tasks.
The finalized general plan should be communicated to the client in order
to agree upon significant matters such as deliverables and timetable. Both overall audit
plan and detailed audit programs need to be clarified to the team as well.
2.3.3. Execution and Documentation
In short, this step is to perform the audit examinations by following the
audit program. It includes audit tests execution, which will be described in more detail
in the next subsection, and documentation. Documentation includes summarizing the
results of audit tests, level of satisfaction, matters found during the tests and
recommendations. If there is an involvement of specialists, the process performed and
the outcome have to be documented as well.
Communication practices are considered as the most important skill to
perform this step. Not only with the client or the staff working for the client, it is also
- 11 -
crucial to communicate among the team. Normally, it is a responsibility of the more
senior auditor to coach the less senior ones. Techniques used are briefing, coaching,
discussing, and reviewing.
A meeting with client in order to discuss the issues found during the
execution process and the recommendations of those findings can be arranged either
formally or informally. It is a good idea to inform and resolve those issues with the
responsible client personnel such as the accounting manager before the completion step
and leave only the critical matters to the top management.
2.3.4. Completion
This step is similar to the final step of every other kind of projects. The
results of aforementioned steps are summarized, recorded, assessed and reported.
Normally, the assistant auditors report their work results to the senior, or in-charge,
auditors. The auditor-in-charge should perform the final review to ensure that all
necessary tasks are performed and that the audit evidence gathered for each audit area is
sufficient. Also, the critical matters left from the execution process have to be resolved.
The resolution of those matters might be either solved by client’s management
(adjusting their financial statements or adequately disclosing them in their financial
statement) or by auditors (disclosing them in the auditor’s opinion).
The last field work for auditors is review of subsequent events.
Subsequent events are events occurred subsequent to the balance sheet date but before
the auditor’s report date that require recognition in the financial statements.
Based on accumulated audit evidences and audit findings, the auditor’s
opinion can be issued. Types of auditor’s opinion are unqualified, unqualified with
explanatory paragraph or modified wording, qualified, adverse and disclaimer.
After everything is done, it is time to arrange the clearance meeting with
the client. Generally, auditors are required to report results and all conditions to the
audit committee or senior management. Although not required, auditors often make
suggestions to management to improve their business performance through the
Management Letter. On the other hand, auditors can get feedback from the client
according to their needs and expectations as well.
- 12 -
Also, auditors should consider evaluating their own performances in
order to improve their efficiency and effectiveness.
The evaluation includes
summarizing client’s comments, bottom-up evaluation (more senior auditors evaluate
the work of assistant auditors) and top-down evaluation (get feedback from field work
auditors).
2.4. Audit Approaches
In order to determine whether financial statements are fairly stated, auditors
have to perform audit tests to obtain competent evidence. The audit approaches used in
each audit area as well as the level of test depended on auditors’ professional
judgement. Generally, audit approaches fall into one of these two categories:
2.4.1. Tests of Controls
There are as many control objectives as many textbooks about system
security nowadays. However, generally, control objectives can be categorized into four
broad categories -- validity, completeness, accuracy and restricted access. With these
objectives in mind, auditors can distinguish control activities from the normal operating
ones.
When assessing controls during planning phase, auditors are able to
identify the level of control reliance -- the level of controls that help reducing risks. The
effectiveness of such controls during the period can be assessed by performing testing
of controls. However, only key controls will be tested and the level of tests depends
solely on the control reliance level. The higher control reliance is, the more tests are
performed.
The scope of tests should be sufficiently thorough to allow the auditor to
draw a conclusion as to whether controls have operated effectively in a consistent
manner and by the proper authorized person. In other words, the level of test should be
adequate enough to bring assurance of the relevant control objectives. The assurance
evidence can be obtained from observation, inquiry, inspection of supporting
documents, re-performance or the combination of these.
- 13 -
2.4.2. Substantive Tests
Substantive test is an approach designed to test for monetary
misstatements or irregularities directly affecting the correctness of the financial
statement balances. Normally, the level of tests depends on the level of assurance from
the tests of controls. When the tests of controls could not be performed either because
there is no or low control reliance or because the amount and extensiveness of the
evidence obtained is not sufficient, substantive tests are performed. Substantive tests
include analytical procedures, detailed tests of transactions as well as detailed tests of
balances. Details of each test are as follows:
2.4.2.1. Analytical Procedures
The objective of this approach is to ensure that overall audit results,
account balances or other data presented in the financial statements are stated
reasonably. Statement of Auditing Standard (SAS) No. 56 also requires auditors to use
analytical procedures during planning and final reporting phases of audit engagement
(AICPA, 1988).
Analytical procedures can be performed in many different ways.
Generally, the most accepted one is to develop the expectation of each account balance
and the acceptable variation or threshold. Then, this threshold is compared with the
actual figure. Further investigation is required only when the difference between actual
and expectation balances falls out of the acceptable variation range prescribed. Further
investigation includes extending analytical procedures, detail examination of supporting
documents, conducting additional inquiries and performing other substantive tests.
Notice that the reliabilities of data, the predictive method and the
size of the balance or transactions can strongly affect the reliability of assurance.
Moreover, this type of test requires significant professional judgement and experience.
2.4.2.2. Detailed Tests of Transactions
The purpose of detailed tests of transactions (also known as
substantive testing of transactions) is to ensure that the transaction-related audit
objectives are met in each accounting transaction. The confidence on transactions will
- 14 -
lead to the confidence on the account total in the general ledger. Testing techniques
include examination of relevant documents and re-performance.
The extent of tests remains a matter of professional judgement. It
can be varied from a sufficient amount of samples to all transactions depending on the
level of assurance that auditors want to obtain. Generally, samples are drawn either
from the items with particular characteristics or randomly sampled or a combination of
both. Examples of the particular characteristics are size (materiality consideration) and
unusualness (risk consideration).
This approach is time-consuming. Therefore, it is a good idea to
reduce the sampling size by considering whether analytical procedures or tests of
controls can be performed to obtain assurance in relation to the items not tested.
2.4.2.3. Detailed Tests of Balances
Detailed tests of balances (also called substantive tests of balances)
focuses on the ending balances of each general ledger account. They are performed
after the balance sheet date to gather sufficient competent evidence as a reasonable basis
for expressing an opinion on fair presentation of financial statements (Rezaee, Elam &
Sharbatoghlie, 2001, 155). The extent of tests depends on the results of tests of control,
analytical procedures and detailed tests of transactions relating to each account. Like
detailed tests of transactions, the sample size can be varied and remains a matter of
professional judgement.
Techniques to be applied for this kind of tests include account
reconciliation, third party confirmation, observation of the items comprising an account
balance and agreement of account details to supporting documents.
2.5. Summary
Auditing is the accumulation and evaluation of evidence about information to
determine and report on the degree of correspondence between the information and
established criteria. As seen in figure 2.1, the main audit engagement processes are
client acceptance, planning, execution and completion.
Client
Acceptance
- 15 -
Gather Information
Evaluate client
Mobilize
Planning
Gather information in details
Perform preliminary analytical procedures
Assess risk and control
Set materiality
Execution & Documentation
Develop audit plan and detailed audit program
Perform Tests of Controls
trol
Low
Con ance
i
High
Rel
Perform Substantive Tests
- Detailed Tests of Transactions
- Analytical Procedures
- Detailed Tests of Balances
Analytical Review
- Develop expectations
- Compare expectations
with actual figures
- Further investigate for
major differences
- Evaluate Results
Document testing results
Gather audit evidence and audit findings
Completion
Tests of Controls
- Identify controls
- Assess control reliance
- Select samples
- Test controls
- Further investigate for
unusual items
- Evaluate Results
Review subsequent events
Evaluate overall results
Detailed Tests
- Select samples
- Test samples
- Further investigate for
unusual items
- Evaluate results
Issue auditor’s report
Arrange clearance meeting with client
Evaluate team performance
Figure 2.1: Summary of audit engagement processes
Planning includes mobilization, information gathering, risk assessment and
audit program preparation. Two basic types of audit approaches the auditors can use
during execution phase are tests of controls and substantive tests. Substantive tests
include analytical procedures, detailed tests of transactions and detailed tests of
- 16 -
balances. The extent of test is based on the professional judgement of auditors.
However, materiality, control reliance and risks are also major concerns.
The final output of audit work is auditor’s report. The type of audit report -unqualified, unqualified with explanatory paragraph or modified wording, qualified,
adverse or disclaimer -- depends on the combination of evidences obtained from the
field works and the audit findings.
At the end of each working period, the accumulated evidence and performance
evaluation should be reviewed to assess scope for improving efficiency or effectiveness
for the next auditing period.
It is accepted that auditing business is not a profitable area of auditing firms.
Instead, the value-added services, also known as assurance services, such as consulting
and legal service are more profitable. The reason is that while cost of all services are
relatively the same, clients are willing to pay a limited amount for auditing service
comparing to other services. However, auditing has to be trustworthy and standardized
and all above-mentioned auditing tasks are, more or less, time-consuming and require
professional staff involvement. Thus, the main cost of auditing engagement is the
salary of professional staffs and it is considerably high. This cost pressure is a major
problem the auditing profession is facing nowadays.
To improve profitability of auditing business, the efficient utilization of
professional staff seems to be the only practical method. The question is how. Some
computerized tools and techniques are introduced into auditing profession in order to
assist and enhance auditing tasks.
However, the level of automation is still
questionable. As long as they still require professional staff involvement, auditing cost
is unavoidable high.
- 17 -
3. Current Auditing Computerized Tools
3.1. Objective and Structure
The objective of this chapter is to provide information about technological
tools and techniques currently used by auditors. Section 3.2 discusses why computer
assisted auditing tools (CAATs) are more than requisite in auditing profession at
present. In section 3.3, general audit software (GAS) is reviewed in detail. The topic
focuses on the most popular software, Audit Command Language (ACL). Other
computerized tools and techniques are briefly identified in section 3.4. Finally, a brief
summary of some currently used CAATs is provided in section 3.5.
Before proceeding, it is worth noting that this chapter was mainly based on two
textbooks and one journal, which are “Accounting Information Systems” (Bonar &
Hopwood, 2001), “Core Concept of Accounting Information System” (Moscove,
Simkin & Bagranoff, 2000) and “Audit Tools” (Needleman, 2001).
3.2. Why Computer Assisted Auditing Tools?
It is accepted that advances in technology have affected the audit process.
With the ever increasing system complexity, especially the computer-based accounting
information systems, including enterprise resource planning (ERP), and the vast amount
of transactions, it is impractical for auditors to conduct the overall audit manually. It is
even more impossible in an e-commerce intensive environment because all accounting
data auditors need to access are computerized.
In the past ten years, auditors frequently outsource technical assistance in some
auditing areas from information system (IS) auditor, also called electronic data
processing (EDP) auditor. However, when the computer-based accounting information
systems become commonplace, such technical skill is even more important. The rate of
growth of the information system practices within the big audit firms (known as “the
Big Five”) was estimated at between 40 to 100 percent during 1990 and 2005
(Bagranoff & Vendrzyk, 2000, 35).
Nowadays, the term “auditing with the computer” is extensively used.
It
describes the employment of the technologies by auditors to perform some audit work
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Green Impact Auditor
Green Impact Auditor
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Case
Case
Getting to Know Internal Auditing - The Institute of Internal Auditors
Getting to Know Internal Auditing - The Institute of Internal Auditors
Accounting 241 Outline
Accounting 241 Outline
COVER LETTER SAMPLE
COVER LETTER SAMPLE
grp-2
grp-2
Download
advertisement