Becker CPA Review – Auditing 5 Class Notes
AUDITING 5 CLASS NOTES
Auditing 5 covers statistical sampling, information technology, internal control communications,
government auditing, communication with those charged with governance, and management
representations.
I.
AUDITING 5
A.
AUDIT SAMPLING
1.
Audit sampling occurs when the auditor tests less than 100% of the items in a
population and tries to draw conclusions about the population based on the sample.
2.
Sampling risk is the risk that the sample is not representative of the population, and
therefore the auditor's conclusion will be incorrect.
3.
Sampling can be either statistical or nonstatistical.
4.
B.
a.
Either method is acceptable.
b.
Statistical methods rely on mathematical concepts.
c.
Both methods involve the use of judgment.
Be familiar with the advantages of statistical sampling.
TYPES OF SAMPLING AND SAMPLING RISK
1.
Attribute Sampling – used to estimate a rate of occurrence.
Attribute sampling is used in tests of controls. Sampling risk associated with
attribute sampling includes:
a.
b.
2.
Risk of assessing control risk too low
(1)
The sample indicates the control is working when in fact, it is not.
(2)
The auditor will erroneously rely on the control.
(3)
This is an effectiveness problem.
Risk of assessing control risk too high
(1)
The sample indicates the control is not working when in fact, it is.
(2)
The auditor will erroneously extend audit work.
(3)
This is an efficiency problem – the auditor will do more work than is
necessary.
Variables Sampling – used to estimate a numerical quantity.
Variables sampling is used in substantive testing. Sampling risk associated with
variables sampling includes:
a.
Risk of incorrect acceptance
(1)
The sample indicates the balance is fairly stated when in fact, it is not.
(2)
The auditor will erroneously fail to modify his/her opinion.
(3)
This is an effectiveness problem.
1
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
b.
C.
Risk of incorrect rejection
(1)
The sample indicates the balance is not fairly stated when in fact, it is
fairly stated.
(2)
The auditor will erroneously modify his/her opinion.
(3)
This is an efficiency problem – the auditor will do more work than is
necessary.
3.
The same sample may be used to perform both tests of controls and tests of details.
This is called a "dual-purpose sample."
4.
Qualitative aspects of deviations and errors should be considered – fraud is of
greater concern than an honest error.
ATTRIBUTE SAMPLING (INTERNAL CONTROL)
1.
Know the definitions of the following terms:
a.
Sample deviation rate – error rate in the sample
b.
Tolerable deviation rate – rate the auditor can accept
c.
Expected deviation rate – the auditor's estimated error rate (before sampling)
d.
Upper deviation rate – high end of range for auditor's estimate of error rate
(after sampling)
e.
Allowance for sampling risk – adjusts sample rate to get to upper deviation
rate:
Sample deviation rate + Allowance for sampling risk
= Upper deviation rate
2.
3.
D.
Know which factors affect sample size.
a.
Risk of assessing control risk too low – inverse relationship
b.
Tolerable deviation rate – inverse relationship
c.
Expected deviation rate – direct relationship
Know that the auditor draws conclusions by comparing the tolerable deviation rate to
the upper deviation rate.
a.
Tolerable deviation rate >= upper deviation rate = rely on control
b.
Tolerable deviation rate < upper deviation rate = do not rely on control
4.
The auditor's conclusions about the control will determine the nature, extent, and
timing of substantive procedures to be performed.
5.
Discovery sampling and stop-or-go sampling are types of attribute sampling methods
that may be used when few or no deviations are expected.
VARIABLES SAMPLING (SUBSTANTIVE TESTING)
1.
Know the definitions of the following terms:
a.
Tolerable misstatement – maximum monetary misstatement the auditor can
accept
b.
Projected misstatement – the auditor's estimated misstatement, based on the
sample
c.
Expected misstatement – the auditor's estimate of misstatement (before
sampling)
2
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
2.
E.
Know which factors affect sample size.
a.
Expected misstatement – direct relationship
b.
Population variability (standard deviation) – direct relationship
c.
Assessed level of risk – direct relationship
d.
Tolerable misstatement – inverse relationship
e.
Acceptable level of risk – inverse relationship
3.
Be familiar with the three commonly used classical variables sampling plans (MPU,
ratio estimation, and difference estimation).
4.
The auditor's conclusions about the balance are based on whether the recorded book
value falls within the range defined by the point estimate +/- an allowance for
sampling risk.
5.
Know what PPS is, the advantages and disadvantages of using it, and how to work
simple problems involving PPS.
a.
Know the formula for sampling interval and sample size.
b.
Know how to calculate the projected error of the sample.
c.
Remember that recorded amounts that exceed the interval are automatically
selected for testing.
INFORMATION TECHNOLOGY
1.
Information technology involves automated means of originating, processing, storing,
and communicating information.
2.
An entity's use of information technology affects both the evaluation of internal
control and the procedures used to gather evidence, but it does not affect the
auditor's objectives.
3.
Be familiar with some of the differences between a manual and a computerized
environment (e.g., uniform processing improves consistency, reduces paper audit
trails, and increases the risk of unauthorized access).
4.
An IT professional may be needed, and should be guided by the CPA.
5.
Be familiar with the types of computer assisted audit techniques (CAATs) that may be
used.
a.
Transaction tagging – electronically marks specific transactions.
b.
Embedded audit modules – sections of program code collect data for the
auditor.
c.
Test data – use of the client's system to process the auditor's data, off-line.
d.
Integrated test facility – use of the client's system to process the auditor's data,
on-line.
e.
Parallel simulation – use of the auditor's system to process client data.
6.
Know what a Generalized Audit Software Package is, tasks that might be performed
with it, and the benefits of using it.
7.
Be familiar with some of the advantages and the disadvantage of using a computer in
performing an audit.
3
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
F.
NONISSUERS: INTERNAL CONTROL MATTERS NOTED DURING AN AUDIT
1.
Know the definitions of control deficiency, significant deficiency, and material
weakness.
a.
Control deficiency – controls do not prevent or detect misstatements on a
timely basis.
b.
Significant deficiency – a control deficiency that creates more than a remote
likelihood that a non-inconsequential financial statement misstatement will not
be prevented or detected.
c.
Material weakness – a significant deficiency that creates more than a remote
likelihood that a material financial statement misstatement will not be
prevented or detected.
2.
It is management's responsibility to evaluate and address control deficiencies.
3.
The auditor's responsibility is to evaluate control deficiencies of which he/she
becomes aware (not to search for such deficiencies), and to report those that rise to
the level of significant deficiency or material weakness.
a.
The report should be in writing, and should be addressed to management and
those charged with governance.
b.
The report should indicate that the purpose of the engagement was to perform
an audit, not to express an opinion on internal control. A disclaimer regarding
internal control should be included.
c.
The report should be restricted as to use.
d.
The report should include the definition of significant deficiency and a list of
significant deficiencies found.
e.
If there are material weaknesses, the report should also include the definition
of material weaknesses and a list of material weaknesses found.
f.
The report should be issued no later than 60 days after the report release date.
g.
Previously communicated significant deficiencies and material weaknesses
that have not been corrected should be included in the current report.
h.
The auditor may not report the absence of significant deficiencies, but reporting
that no material weaknesses were identified is okay.
4.
Be familiar with the indicators and examples of control deficiencies and significant
weaknesses.
5.
Audits of nonissuers are not subject to PCAOB rules.
a.
Language may be inserted into the auditor's report clarifying that no opinion is
being expressed on internal control.
b.
An auditor of a nonissuer may choose to conduct the audit in accordance with
GAAS and PCAOB standards. Language may be inserted into the report
clarifying that, for a nonissuer, no audit of internal control is required, and no
opinion is being expressed on internal control.
4
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
G.
NONISSUERS: REPORTING ON AN ENTITY'S INTERNAL CONTROL
1.
An accountant may be engaged to examine and report on management's written
assertion about the operating effectiveness of internal control over financial reporting.
a.
This is an attest engagement.
b.
Generally, management must provide:
c.
2.
3.
4.
H.
(1)
A written representation acknowledging its responsibility for internal
control.
(2)
A written assertion on the effectiveness of internal control.
The accountant must obtain an understanding of internal control, evaluate its
design, and test and evaluate its operating effectiveness.
The accountant's report includes:
a.
Positive assurance (an opinion) on management's assertion, or on the
operating effectiveness of internal control.
b.
A paragraph describing the inherent limitations of any internal control, and
warning the reader not to project the evaluation into the future.
Control Deficiencies
a.
Significant deficiencies and material weaknesses should be communicated, in
writing, to management and those charged with governance.
b.
A material weakness in internal control also results in a qualified or adverse
opinion.
Scope limitations may result in withdrawal from the engagement, or in a qualified or
disclaimer of opinion.
ISSUERS: INTERNAL CONTROL REQUIREMENTS
1.
2.
PCAOB standards, which apply to issuers, require an integrated audit, whereby the
auditor audits both the financial statements and internal control.
a.
The audit of the FS and the audit of internal control must be performed
together.
b.
The auditor may combine the opinion on internal control with the opinion on the
FS, or may issue two separate reports.
c.
An adverse opinion on internal control must be expressed when there are
material weaknesses.
The definitions for significant deficiency and material weakness are different for
issuers:
a.
Significant deficiency: A significant deficiency is a deficiency, or a
combination of deficiencies, in internal control over financial reporting that is
less severe than a material weakness, yet important enough to merit attention
by those responsible for oversight of the company's financial reporting.
b.
Material weakness: A material weakness is a deficiency, or a combination of
deficiencies, in internal control over financial reporting, such that there is a
reasonable possibility that a material misstatement of the company's annual or
interim financial statements will not be prevented or detected on a timely basis.
5
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
I.
3.
A top-down, risk-based approach is required.
4.
Control deficiencies should be communicated to management; significant
deficiencies and material weaknesses should be communicated to the audit
committee.
5.
The auditor may also be engaged to report on whether a previously reported material
weakness continues to exist.
GOVERNMENT AUDITING
1.
Government auditing on the CPA exam focuses on the differences between
Generally Accepted Government Auditing Standards (GAGAS) and Generally
Accepted Auditing Standards (GAAS).
2.
Audit requirements become increasingly restrictive as the engagement requirements
escalate from GAAS, to GAGAS, to the Single Audit.
3.
Audits of government entities often focus on compliance with laws, rules, and
regulations that have a direct and material effect on financial statement
presentation.
a.
Compliance is important in determining whether government assistance has
indeed been earned or whether it is owed back to the grantor.
b.
Management is responsible for identifying the appropriate laws, rules, and
regulations, and for obtaining an audit that satisfies the appropriate
requirements.
c.
Auditors are responsible for determining whether management has properly
identified laws, rules, and regulations, for understanding the implications of
noncompliance on the financial statements, and for ensuring that the scope of
the audit addresses the appropriate requirements.
4.
Government engagements may be financial audits, attestation engagements
(e.g., compliance with specific laws), or performance audits (e.g., evaluations of
effectiveness, economy, and efficiency).
5.
Sources of government auditing standards:
6.
a.
GAAS, applicable to all audits
b.
GAGAS (the Yellow Book), applicable to most government audits, including
attestation engagements and performance audits.
c.
Single Audit (OMB Circular A-133), applicable to audits of entities that spend
in excess of $500,000 of federal financial assistance.
Other government auditing requirements:
a.
Government auditors need a peer review every three years.
b.
Internal control documentation must specifically identify controls applicable
to compliance.
c.
The representation letter should include specific assertions regarding
compliance with laws, rules, and regulations.
d.
GAGAS always requires a written report on internal control.
6
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
7.
8.
J.
GAAS audits require a report on financial statements, GAGAS audits include
GAAS reporting requirements plus a report on internal control over financial
reporting, and the Single Audit includes all GAGAS requirements plus a
report on compliance and internal control over compliance for each
major program and a schedule of findings and questioned costs.
f.
Reporting illegal acts is required.
Single Audit Act: OMB Circular A-133
a.
Single Audit Act engagements contemplate both entity-wide and program –
specific audits.
b.
Materiality evaluations in a single audit include a separate evaluation of
materiality for each major program, not simply an evaluation in relation to the
financial statements taken as a whole.
c.
Generally major programs are those that spend more than $300,000 in
federal financial assistance; however, auditors use a risk-based approach to
determine major programs.
Familiarize yourself with the outlines of the audit reports in Appendix 3. The CPA
exam often includes questions regarding the content of the reports, particularly the
GAGAS report on internal control over financial reporting and compliance and
other matters based on an audit of financial statements.
COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE
1.
K.
e.
Audit Committees
a.
Know what an audit committee is (subset of the board; outside directors) and
its main functions/responsibilities within the corporation.
b.
Sarbanes-Oxley requires auditors to report to and be overseen by the audit
committee.
2.
Know the various items that must be communicated by the auditor to those charged
with governance.
3.
Know that the form of communication may be oral or written.
a.
Oral communication may be inadequate for significant audit findings.
b.
Written communications should be limited in use.
c.
Oral communications should be documented.
MANAGEMENT REPRESENTATIONS
1.
At the conclusion of fieldwork, the independent auditor is required to obtain a
management representation letter. This serves as the final piece of evidential matter.
2.
Know the three primary purposes for obtaining this letter:
a.
To confirm representations given to the auditor.
b.
To document the continuing appropriateness of such representations.
c.
To reduce the possibility of misunderstanding.
7
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review – Auditing 5 Class Notes
3.
Know the content of the letter:
a.
The letter is dated on the same date as the audit report.
b.
The letter is signed by the CEO and CFO.
c.
In the representation letter, management provides information about:
(1)
The financial statements
(2)
The completeness of information
(3)
Recognition, measurement, and disclosure
(4)
Subsequent events.
d.
You should also be able to recognize the specific items that would be included
in the representation letter.
e.
Representations may be limited to items that management and the auditor
agree are material.
8
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.