Auditing & Assurance Services Solutions_Chapter_1-20
January 29, 2017 | Author: Jimmy Chan | Category: N/A
Short Description
Download Auditing & Assurance Services Solutions_Chapter_1-20...
Description
CHAPTER 1 AN INTRODUCTION TO ASSURANCE AND FINANCIAL STATEMENT AUDITING Answers to Review Questions 1-1 The study of auditing is more conceptual in nature compared to other accounting courses. Rather than focusing on learning the rules, techniques, and computations required to prepare financial statements, auditing emphasizes learning a framework of analytical and logical skills to evaluate the relevance and reliability of the systems and processes responsible for financial information, as well as the information itself. To be successful, students must learn the framework and then learn to use logic and common sense in applying auditing concepts to various circumstances and situations. Understanding auditing can improve the decision making ability of consultants, business managers, and accountants by providing a framework for evaluating the usefulness and reliability of information. 1-2 There is a demand for auditing in a free-market economy because the agency relationship between an absentee owner and a manager produces a natural conflict of interest due to the information asymmetry that exists between the owner and manager. As a result, the agent agrees to be monitored as part of his/her employment contract. Auditing appears to be a cost-effective form of monitoring. The empirical evidence suggests auditing was demanded prior to government regulation such as statutory audit requirements. Additionally, many private companies and other entities not subject to government auditing regulations also demand auditing. 1-3 The agency relationship between an owner and manager produces a natural conflict of interest because of differences in the two parties’ goals and because of information asymmetry that exists between them. That is, the manager generally has more information about the ‘true’ financial position and results of operations of the entity than the absentee owner does. If both parties seek to maximize their own self-interest, it is likely that the manager will not act in the best interest of the owner and may manipulate the information provided to the owner accordingly. 1-4 Independence is an important standard for auditors. If an auditor is not independent of the client, users may lose confidence in the auditor’s ability to report truthfully on the financial statements, and the auditor’s work loses its value. From an agency perspective, if the principal (owner) knows that the auditor is not independent, the owner will not trust the auditor’s work. Thus, the agent will not hire the auditor because the auditor’s report will not be effective in reducing information risk from the perspective of the owner. 1-5 Auditing (broadly defined) is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. Assurance is engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. Examples of assurance services are assurance (audit) of financial statements, assurance of prospective financial information, assurance of reporting on internal control, assurance of sustainability reporting, and assurance of electronic commerce. 1
1-6 The phrase systematic process implies that there should be a well-planned, logical approach for conducting an audit that involves objectively obtaining and evaluating evidence. 1-7 Materiality: "Omissions or misstatements of items are material if they could, individually or collectively, influence the economic decisions of users taken on the basis of the financial statements. Materiality depends on the size and nature of the omission or misstatement judged in the surrounding circumstances. The size or nature of the item, or a combination of both, could be the determining factor." (IASB). Audit risk is defined as the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated (ISA 200). The audit report states that the auditor obtains “reasonable assurance” whether the financial statements are free from “material” misstatement. The term reasonable assurance informs the reader that there is some level of risk that the audit did not detect all material misstatements. In addition, the auditor’s opinion commonly uses the wording that the financial statements present fairly, “in all material respects.” These phrases communicate to third parties that the audit report is limited to material information. 1-8 On most audits, it is not feasible or cost-effective to audit all transactions. For example, in a small business, the auditor might be able to examine all transactions that occurred during the period. However, it is unlikely that the owner of the business could afford to pay for such an extensive audit. For a large organization, the sheer volume of transactions prevents the auditor from examining every transaction. Thus, there is a trade-off between the exactness or precision of the audit and its cost. 1-9
The major phases of the audit are: • Client acceptance/continuance and establishing engagement terms • Preplanning • Assess risks and establish materiality • Plan the audit • Consider internal control • Audit business processes and related accounts • Complete the audit • Evaluate results and issue audit report
1-10 The auditor’s understanding of the entity and its environment includes knowledge about: (1) the nature of the entity, (2) its objectives and strategies, (3) its industry, regulatory, and other external factors, (4) its management, (5) its governance, (6) its measurement and performance process, and (7) its business processes. 1-11 Sometimes auditors will face situations where no standard audit procedure exists, such as the example from the text of verifying the inventory of reindeer. Such circumstances require that the auditor possess creativity and innovation when planning and administering audit procedures where little or no precedent exists. Every client is different, and applying auditing concepts in different situations requires logic and common sense, and frequently creativity and innovation. Solutions to Problems 1-12
The memo should cite the following facts: • There is a historical relationship between accounting and auditing. 2
•
•
•
When parties to the agency relationship (contract) do not possess the same amount of information (information asymmetry) there is a natural conflict of interest between the parties. For example, when an owner and manager are negotiating an employment contract, the owner may assume that the manager likely will use organizational funds for personal uses. Auditing plays an important role in such relationships. The owner and manager will consummate an employment contract only if the manager agrees to be monitored. Auditing can be used to monitor the contract agreed to by the two parties. (P.S. As a lawyer, Lee should be well versed on contract law.) Auditing is also used to monitor other types of contracts for which no laws or regulations require an audit, for example, contracts between management and debt holders. There is historical evidence of forms of auditing in the early Greek states and in the United Kingdom during the industrial revolution. Additional evidence for the demand for auditing is also provided by the fact that many private companies and other entities not subject to a statutory audit requirement contract for audits.
1-13 There are two major factors that may make an audit necessary for Greenbloom Garden Centers. First, the company may require long-term financing for its expansion into other cities. Entities such as banks or insurance companies are likely to be the sources of the company’s debt financing. These entities may require audited financial statements before lending significant funds and require audited financial statements during the time period the debt is outstanding. There is information asymmetry between the lender of funds and the owner of the business, and this asymmetry results in information risk to the lender. Even if the business could get funding without an audit, a standard audit report with an unmodified opinion by a reputable auditor might very well reduce the lender’s information risk and make the terms of the loan more favorable to the owner. Second, as the company grows, the family will lose control over the day-to-day operations of the stores. An audit can provide an additional monitoring activity for the family in controlling the expanded operations of the company. 1-14 a. Evidence supporting the financial statements consists of the underlying accounting data and all corroborating information available to the auditor. b. Management makes assertions about components of the financial statements. For example, an entity's financial statements may contain a line item that accounts receivable are €1,750,000. In this instance, management is asserting, among other things, that the entity owns the receivable and that the receivables are properly valued (i.e., net realizable value). Audit evidence helps the auditor determine whether management’s assertions are being met. If the auditor is comfortable that he or she can provide reasonable assurance that all assertions are met for all accounts, he or she can issue an audit report with an unmodified opinion. c. In searching for and evaluating evidence, the auditor should be concerned with the relevance and reliability of evidence. If the auditor relies on evidence that relates to a different assertion from the one being tested, an incorrect conclusion may be reached about the management assertion. Reliability refers to the ability of evidence to signal the true state of the assertion. 1-15 The auditor’s understanding is obtained during the first two boxes shown in Figure 1-3— Client Acceptance/Continuance and Pre-Planning. The intervening steps include: Assess Risks and Establish Materiality In order to properly plan the audit, the audit team must make a preliminary assessment of the client’s business risks and establish a preliminary 3
judgment about materiality. The audit team relies on these assessments to then assess risk relating to the likelihood of material misstatements in the financial statements. The auditor’s risk assessments and materiality judgment are used to define the scope for the audit. Plan the Audit In developing the audit plan, the auditor should be guided by (1) the procedures performed to gain and document an understanding of the entity and (2) the results of the risk assessment process. The auditor may conduct preliminary analytical procedures to identify specific transactions or account balances that should receive special attention due to an increased risk of material misstatement. The auditor should prepare a written audit plan that sets forth, in reasonable detail, the nature, extent, and timing of the audit work. The audit partner or manager should discuss with other members of the audit team the susceptibility of the entity to material misstatements due to error or fraud. Consider Internal Control When obtaining an understanding of the entity and its environment, the auditor should gain an understanding of internal control sufficient to assess the risk of material misstatement, plan the audit by performing procedures to understand the design of controls relevant to the audit, and determine whether they have been implemented. The auditor then evaluates the internal controls in order to assess the risk that they will not prevent or detect a material misstatement in the financial statements. (Note that Chapter 7 covers the audit of internal control for public companies in the U.S.) Audit Business Processes and Related Accounts Based on the knowledge of the entity and its environment, the auditor determines the audit procedures that are necessary to reduce the risk of material misstatement to a low level for the financial statement accounts affected by a particular business process. The individual audit procedures are then directed toward specific assertions in the account balance that are likely to be misstated. Complete the Audit After the auditor has completed testing the account balances, the sufficiency of the evidence gathered needs to be evaluated. The auditor must obtain sufficient appropriate evidence in order to reach and justify a conclusion on the fairness of the financial statements. The auditor also assesses the possibility of contingencies, and searches for any events subsequent to the balance sheet date that may impact the financial statements. Chapter 17 covers each of these issues in detail. 1-16 a. The major phases of the audit and their descriptions are (also see solution to 115, above): 1. Client acceptance/continuance and establish the terms of the engagement. The auditor decides to accept a new client or to retain an existing client. The auditor establishes an understanding with the client regarding the services to be performed. 2. Preplanning. This phase involves (1) determining the audit engagement team requirements and (2) ensuring the independence of the audit team and audit firm. 3. Establish materiality and assess risks. The auditor establishes the preliminary judgment about materiality and makes a preliminary assessment of the client’s business risks. 4. Plan the audit. During this phase of the audit, the auditor uses the knowledge of the client to plan the audit and perform preliminary analytical procedures. The purpose is of this phase to plan an effective and efficient audit. 5. Consider internal control. The auditor understands and evaluates the client’s internal controls in order to assess the risk that they will not prevent or detect a material misstatement.
4
6. Audit business processes and related accounts. The auditor conducts substantive tests, including analytical procedures and the details of the account balances searching for material misstatements. 7. Complete the audit. The auditor searches for contingencies and subsequent events, and performs a final review of the evidence gathered. 8. Issue the audit report. Based on the collection and evaluation of evidence, the auditor issues a report on the fair presentation of the financial statements. b. While audit procedures may be designed to test a specific assertion, they may simultaneously provide evidence on another account or assertion. An example would be when an auditor obtains evidence about a client’s transactions affecting the inventory account and whether sales of inventory were included in the proper period. Such evidence may also be relevant to the client’s assertions regarding whether accounts receivable balances were correct at the end of the period. c. Auditors develop an understanding of an entity's internal control in order to establish the scope of the audit. However, during the course of this work, the auditor may become aware of material weaknesses in the entity's accounting systems. The auditor is required to communicate this information to management or those charged with governance (e.g., the board of directors). The auditor may also make suggestions on how to correct the weaknesses. The auditor's work on internal control may also have a preventive effect on the entity's employees. If the employees know that their work will be audited, they are less likely to commit errors or fraud. Solutions to Discussion Case 1-17 a. In the discussion case the Office of Auditor General (OAG) has examined banks in financial difficulties. In most countries such Office or other regulatory bodies (e.g., a Financial Supervisory Authority) have supervision and examination responsibilities for banks. These bodies normally exercise their regulatory supervision and examination duties through on-site and off-site evaluations of banks’ financial condition and safety and soundness practices. On-site evaluations typically involve inquiries of bank management personnel, reviews of bank financial accounting records, and a review of bank operating policies and procedures. Off-site monitoring involves review and analysis of reports such as quarterly reports and other information requested by the regulator. In the discussion case OAG reviewed the 7 banks with financial difficulties by obtaining and reviewing key documents. This included recent reports and audited financial statements prepared by bank management, and reports of examination and reviews prepared by the regulators. Each of the reports was reviewed, their contents were summarized and analyzed, and the reports were compared to determine if they provided adequate and timely disclosure of the true nature of the banks' financial condition prior to the financial difficulties. The OAG did not review the specific application of auditing standards used by the independent auditors in reaching their opinion on these banks. The criteria used by OAG to evaluate the adequacy and degree of compliance with the requirements were relevant laws and regulations, as well as the financial reporting framework. Some of the key findings by the OAG were: • Reports had failed to provide early warnings of impaired asset values. This occurred because existing financial reporting framework had allowed too much latitude in determining the carrying amounts for problem loans and repossessed collateral.
5
•
Pervasive internal control weaknesses had contributed to the financial difficulties. There had been serious breakdowns in corporate governance, including inadequacies in board of director activities. The OAG also noted that there had been weaknesses in operating management and loan portfolio management.
b. Independent audits are a critical component of corporate governance and can enhance the effectiveness of the examination and supervision process. Audits of quarterly reports will improve the timeliness of reliable financial reports and help identify internal control weaknesses. Thus, such audits can benefit bank examiners in enhancing the safety and soundness of financial institutions.
Solutions to Internet Assignments 1-18 There are numerous Internet sites that contain accounting and auditing information. Following are some suggested sites: • The International Federation of Accountants (www.ifac.org) web site provides detailed information on the organization, its boards and committees, and its pronouncements, including the IFAC Code of Ethics for Professional Accountants and the International Auditing and Assurance Standards Board’s (IAASB) International Standards on Auditing (ISAs). The IFAC site also includes links to its more than 160 member organizations. • The International Accounting Standards Board’s (IASB) home page (www.iasb.org/) contains information on the organization, its standards, and its publications. • The International Organization of Securities Commissions (IOSCO) home site (www.iosco.org/) contains information about IOSCO, its publications, and links to its member bodies and other relevant organizations. • The International Organization of Supreme Audit Institutions (INTOSAI) web site (www.intosai.org/) contains information about INTOSAI, its committees, standards, and links to its member bodies. • The Institute of Internal Auditors home page (www.theiia.org) contains detailed information on internal auditing. • The Association of Certified Fraud Examiners home page (www.cfenet.com) contains extensive information on the Association’s certification as Certified Fraud Examiners (CFE). • The European Commission Internal Market DG home site (europa.eu.int/comm/internal_market/financial-reporting/index_en) contains information on accounting and auditing in the Internal Market in the European Union. • Fédération des Experts Comptables Européens (FEE) web site (www.fee.be/) contains information about FEE, its publication, and numerous European and international links. • The European Accounting Association’s (EAA) home site (www.eaaonline.org/associations/eaa/index.asp) contains information on accounting scholars and research activities in Europe. • The American Institute of Certified Public Accountant’s (AICPA) home page (www.aicpa.org) contains extensive information on the organization's activities. • The American Accounting Association’s home page (www.aaahq.org) contains information on accounting scholar and research activities in the U.S. and numerous links, including to professional organizations, accounting journals, and education sites. • The U.S. Securities and Exchange Commission’s (SEC) Edgar Web site (www.sec.gov) contains all filings by public companies with the U.S. Securities and Exchange Commission (SEC). It also contains information on other activities by the SEC.
6
The Public Company Accounting Oversight Board’s (PCAOB) web site (www.pcaobus.org/) offers detailed information about the PCAOB and its standards. • The major public accounting firms and many smaller firms also maintain web sites. •
1-19 A search of the Internet will identify a number of potential sources for information on the mail order industry. Some suggestions are: • Pegasus Research International, LLC (www.mindbranch.com/) maintains a home page that contains statistics on E-commerce and the state of the Internet. • MarketResearch.Com’s home site (www.marketresearch.com/) provides information on e-commerce and the mail order industry. • The International Society for Strategic Marketing (www.issm.org) maintains a site that contains information and statistics on international direct marketing. • Retail Net’s home page (www.retailnet.com/) provides information on the retail marketplace industry, including the catalogue and mail order industry. • Lastly, a number of the major public accounting firms have industry specialization in retail. The sites of the firms contain information on the retail industry.
7
CHAPTER 2 THE FINANCIAL STATEMENT AUDITING ENVIRONMENT Answers to Review Questions 2-1 During the late 1990s and early 2000s, firms aggressively sought opportunities to expand their operations in non-audit services such as consulting. This expansion from their core audit practice, combined with allegations of auditors refusing to challenge management’s actions (including widespread earnings management), resulted in tension between regulators and the accounting profession. Auditors’ independence issues gained renewed focus. Major audit firms started reorganizing their portfolio of non-audit services offered. IFAC as well as regulators issued new rules on auditor independence. However, subsequent financial fiascos such as those at Ahold, Enron, Parmalat, WorldCom, Tyco, and many others, caused investors to doubt the fundamental integrity of the financial reporting system. Under pressure to restore the public’s confidence, both the auditors and their professional organizations (e.g. IFAC and IAASB), and regulators took action, resulting in more public oversight of the profession and stricter regulations. The responsiveness of the profession to the needs of the public, investors and regulators will be crucial for future regulatory measures. 2-2 The accounting profession’s expansion into new areas, combined with changes in the overall business environment, resulted in new regulations and guidelines. The scandals of the late 1990s and early 2000s brought into the question the profession’s ability to self-regulate, resulting in more public oversight of the profession and new regulations. While these changes have caused pain and turmoil, they highlight the essential importance of auditing in our economic system. Ultimately, the “back to basics” emphasis, along with auditing firms’ renewed focus on thorough and effective financial statement audits, will likely prove healthy for the financial reporting systems and for the profession. 2-3 The essential components of the high-level model of business offered in the chapter are: corporate governance, objectives, strategies, processes, controls, transactions, and financial statements. Corporate governance is carried out by management and the board of directors (supervisory board) in order to ensure that business objectives are carried out and that company assets are safeguarded. To achieve its objectives, management must formulate strategies and implement various processes which are in turn carried out through business transactions. The entity’s information and internal control systems must be designed to ensure that these transactions are properly executed, captured, and processed in order to produce accurate financial statements. It is important that the auditor obtain a firm understanding of these components in order to plan the nature, timing, and extent of the audit so that it is efficient and effective. 2-4 The information system must maintain a record of all businesses transactions. It should be capable of producing accurate financial reports to summarize the effects of the entity’s transactions. Internal control is required to ensure that transactions are appropriately conducted and recorded by the information system and company employees. They provide safeguards to ensure the 1) reliability of financial reporting, 2) compliance with laws and regulations, and 3) the effectiveness and efficiency of operations. Auditing standards require that the auditor obtain an understanding of internal control in planning the nature, timing, and extent of testing. 2-5 The three categories of management assertions cover every aspect of what is needed for a transaction to be handled properly, for a financial statement account to be fairly stated, and 1
for the financial statements to be presented appropriately and to contain adequate disclosures. The management assertions form the basis for planning and evaluating the evidence that the auditor must obtain about the fairness of the client’s financial statements. 2-6 The five IAASB categories of standards are: International Standards on Quality Control (ISQCs), International Standards on Auditing (ISAs), International Standards on Review Engagements (ISREs), International Standards on Assurance Engagements (ISAEs), and International Standards on Related Services (ISRSs). ISAs are grouped into categories: Introductory Matters (currently no standards), General Principles and Responsibilities, Risk Assessment and Response to Assessed Risks, Audit Evidence, Using Work of Others, Audit Conclusions and Reporting, and Specialized Areas. 2-7 Independence is an important standard for auditors. If an auditor is not independent of the client, users may lose confidence in the auditor’s ability to report truthfully on the financial statements, and the auditor’s work loses its value. From an agency perspective, if the principal (owner) knows that the auditor is not independent, the owner will not trust the auditor’s work. Thus, the agent will not hire the auditor because the auditor’s report will not be effective in reducing information risk from the perspective of the owner. 2-8 Management is responsible to prepare financial statements, in accordance with the applicable financial reporting framework, that fairly present the company’s financial condition and operations. The auditor is responsible to issue an opinion in regards to the financial statements prepared by management. In order to issue this opinion, the auditor must plan and perform the audit in accordance with established standards to obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud. However, it is important to note that an auditor’s unmodified opinion does not mean that errors or fraud do not exist but rather that there is reasonable assurance that they do not exist in material amounts. 2-9 There are nine elements of the auditor's standard report with an unmodified opinion on the financial statements: (1) the title, (2) the addressee, (3) the introductory paragraph, (4) management’s responsibility, (5) auditor’s responsibility, (6) auditor’s opinion, (7) auditor’s signature, (8) the date of the report, and (9) auditor’s address. In some jurisdictions the auditor has additional responsibilities to report on other matters that are supplementary to expressing an opinion on the financial statements. Such reporting is addressed in a separate section after the auditor’s opinion on the financial statements. An unqualified audit report for a public company also contains an explanatory paragraph referring to the audit of internal control, as illustrated in this chapt 2-10 Examples of compliance assurance (audits) include (1) internal auditors determining whether corporate rules and policies are being followed by departments within the organization, and (2) an examination of tax returns of individuals and companies by the tax authorities for compliance with the tax laws. Examples of operational assurance (audits) include (1) assurance (an audit) by the Medicines Control Agency to determine the efficiency and effectiveness of procedures for introducing new medicine to the market, (2) internal auditors examining the effectiveness and efficiency of funds being spent on the entity’s computer resources, and (3) a university hiring an external auditor to examine the effectiveness and efficiency of student advisory services. Examples of forensic assurance (audits) include (1) an examination by an external auditor of cash disbursements for payments to unauthorized vendors, (2) assistance by an auditor to a law 2
enforcement body in tracing laundered monies by organized criminals, and (3) an independent auditor helping identify hidden assets as part of a divorce settlement. 2-11 Auditors can be classified under four types: (1) external auditors, (2) internal auditors, (3) government auditors, and (4) forensic auditors. 2-12 The Public Interest Oversight Board (PIOB) is an independent body charged with the oversight of the public interest activities of IFAC. The IFAC Council is responsible for deciding constitutional questions and electing the IFAC Board. The IFAC Board is responsible for setting policy and overseeing IFAC operations, the implementation of programs, and the work of IFAC committees and task forces. The Compliance Advisory Panel (CAP) is the IFAC administration’s instrument to oversee the implementation and operation of the Member Body Compliance Program. The Forum of Firms (FOF) is an organization of international audit firms that perform audits of financial statements that are used across national borders. The Transnational Auditors Committee (TAC) is the executive committee of FOF. The International Auditing and Assurance Standards Board (IAASB) develops and issues the international standards on auditing, assurance, quality control, and related services, as well as practice statements. The Ethics Committee issues ethics standards. The Education Committee develops guidelines related to the education of accountants. The International Public Sector Accounting Standards Board (IPSASB) issues International Public Sector Accounting Standards. The Professional Accountants in Business (PAIB) develops good practice guidelines on issues affecting professional accountants in business, including guidelines on corporate code of ethical conduct. Statements on Standards for Tax Services 2-13 The International Accounting Standards Board (IASB) publishes the International Financial Reporting Standards (IFRSs) and has adopted the International Accounting Standards (IASs). IFAC and IAASB strongly support the work of IASB in the setting and promotion of the international accounting standards. When a particular financial reporting framework or specific accounting rules are referred to in an ISA, the reference is to IASs/IFRSs. The International Organization of Securities Commissions (IOSCO) organizes national securities commissions. IOSCO cooperate closely with IFAC. (For example, IOSCO participates in the IAASB Consultative Advisory Group (CAG) and in the selection of the members of IFAC Public Interest Oversight Board (PIOB).) IFAC has sought IOSCO’s endorsement of the IAASB standards for use in all the capital markets regulated by IOSCO members. The International Organization of Supreme Audit Institutions (INTOSAI) assembles national Supreme Audit Institutions. INTOSAI cooperates closely with IAASB in projects relevant for public sector auditing. INTOSAI has issued Auditing Standards to financial audits in the public sector. In its goal of developing guidelines for financial audits for application of the Standards, IOSCO has resolved that the guidelines should, as far as possible, draw upon the ISAs.
3
Solutions to Problems 2-14 Brief References to IFAC Code of Ethics and International Standards on Auditing
Sally Jones’ Actions Resulting in Failure to Comply with IFAC Code of Ethics and International Standards on Auditing
IFAC Code of Ethics: 1. The IFAC Code of Ethics requires that the accountant performs his or her professional responsibilities with competence. A professional accountant should also take steps to ensure that those working under his or her authority in a professional capacity have appropriate training and supervision.
1. It was inappropriate for Jones to hire the two students to conduct the audit. The examination must be conducted by persons with proper education and experience in the field of auditing. Although a junior assistant has not completed his formal education, he may help in the conduct of the examination as long as there is proper supervision and review.
2. The IFAC Code of Ethics requires that practitioners should be both independent of mind and in appearance for audits. Independence is related to the basic principles of integrity and objectivity as well as professional scepticism. Contingent fees for audit engagements create unacceptable selfinterest and advocacy threats.
2. To satisfy the IFAC Code, Jones must be without bias with respect to the client under audit. Jones has an obligation for fairness to the owners, management, and creditors who may rely on the report. Because of the financial interest in whether the bank loan is granted to Boucher, Jones is not independent in either fact or appearance with respect to the assignment undertaken.
3. The IFAC Code of Ethics requires that the accountant performs his or her professional responsibilities with diligence. Diligent means that the professional accountant and those working under his or her authority should observe technical and professional standards.
IFAC Code requires Jones to perform the audit with diligence, which imposes on Jones and everyone in Jones's organization a responsibility to observe the auditing standards.
International Standards on Auditing: 1. Auditing standards requires that the engagement partner is satisfied that the engagement team has the appropriate capabilities and competence to perform the audit (ISA 220). The 4
1. Jones accepted the engagement without considering the availability of competent staff. In addition, Jones failed to supervise the assistants. The work performed was not adequately
engagement partner shall also take responsibility for direction, supervision and performance of the audit (ISA 220). The auditor shall plan the audit so that the engagement will be performed in an effective manner (ISA 300).
planned.
2. The auditor shall obtain an understanding of internal control relevant to the audit (ISA 315).
2. Jones did not study internal control, nor did the assistants. There appears to have been no audit examination at all. The work performed was more an accounting service than it was an auditing service.
3. The auditor shall obtain sufficient appropriate evidence to be able to draw reasonable conclusions on which to base the audit opinion (ISA 500).
3. Jones acquired little evidence that would support the fairness of the financial statements. Jones merely checked the mathematical accuracy of the records and summarized the accounts. Standard audit procedures and techniques were not performed.
4. The report shall state that the audit was conducted in accordance with the ISAs or relevant national standards (ISA 700).
4. Jones’s report made no reference to the ISAs. Because Jones did not conduct a proper examination, the report should state that no opinion can be expressed as to the fair presentation of the financial statements in accordance with the financial reporting framework.
5. The report shall state that the audit includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements (ISA 700).
5. Jones’s improper examination would not enable her to determine whether accounting principles have been consistently applied.
76. The report shall contain either an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefore should be stated. In all cases where an auditor's name is associated with financial statements, the
. Although the Jones report contains an expression of opinion, such opinion is not based on the results of a proper audit examination. Jones should disclaim an opinion because she failed to conduct an examination in accordance with ISAs.
5
report should contain a clear-cut indication of the character of the auditor’s work, if any (ISA 700). 2-29
2-15 Circumstance
Type of Opinion
1. The financial statements are affected by a departure from the financial reporting framework.
1. The auditor should express a qualified or adverse opinion.
2. The auditor has a scope limitation due to a lack of evidence.
2. The auditor should express a qualified opinion or disclaim an opinion.
2-16 Item Number
Type of Audit
Type of Auditor
a.
Operational
Government
b.
Financial statement
External
c. d.
Compliance or operational Forensic
Internal or external Internal, external or forensic
e.
Operational
Government, external, or internal
f.
Operational
Internal or external
g.
Compliance
Government
h.
Compliance or forensic
Government, external or forensic
Solutions to Discussion Case 2-17
Part I.
There are arguments both for and against having formal standards for independent auditors who consult. Advantages include potential increase in public trust, some assurance that a minimal level of service quality would be attained, and perhaps more guidance for consultants (to allow them to perform more effective consulting engagements). The primary disadvantage 6
would result from the fact that auditors who consult compete with consulting firms comprised of non-auditors. If standards were not thought out carefully, perhaps the standards would put auditors at a disadvantage relative to non-auditors in the sense that auditors would be subject to standards that constrain their activities or perhaps result in their not being able to compete with non-auditors in the area of fees. Note that Part A of the IFAC Code of Ethics applies to all professional accountants. (A professional accountant is an individual who is a member of an IFAC body.) Part B of IFAC Code of Ethics applies to all professional accountants in public practice. (A professional accountant in public practice is a professional accountant, irrespective of functional classification (e.g. audit, tax or consulting) in a firm that provides professional services.) Part B of the Code includes certain restrictions in providing consulting services to audit clients. These restrictions and IFAC Code of Ethics are covered in a later chapter. 2-18
Part II.
a. In one sense, E&Y acted unethically. That is, they should have disclosed the nature of these relationships to MGR. In another sense, it is difficult to ascertain whether these relationships caused E&Y to act unethically. Specifically, was E&Y’s advice affected by their relationship with the landlord? Is this relationship the reason that E&Y’s cost-cutting suggestions did not go farther? These questions point out the importance of independence in fact and appearance, even when acting in a consulting capacity. Even if E&Y acted ethically, this relationship creates the appearance of impropriety. b. As mentioned in Part a, the relationship with Rouse could have caused E&Y to hesitate to suggest that the stores for which Rouse was the landlord be closed for fear of losing business from Rouse. Their relationship with Swidler could have made E&Y feel that they could not lose the engagement under any circumstances, thereby explaining their apparently lackadaisical attitude towards the engagement. Solutions to Internet Assignments 2-19 The IFAC’s homepage contains links to IFAC members via ‘About IFAC’. Members are typical a national professional organization that has its own homepage, containing information about the organization, its mission and activities. All IAASB exposure drafts are accessible using the link ‘Exposure Drafts’. By using the link ‘Standards and Guidance’ IFAC Handbook of International Auditing, Assurance, and Ethics Pronouncements can be downloaded after registration. Detailed information about IAASB and the Ethics Committee are found using the link ‘IFAC Boards and Committees’. 2-20 A search of the homepage of many companies will include links to their latest financial information. Examining the independent auditor’s report and financial statements will allow the student have a better idea as to how the chapter’s information is applied in real companies.
7
CHAPTER 3 RISK ASSESSMENT AND MATERIALITY Answers to Review Questions 3-1 Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Auditor’s business risk is the auditor’s exposure to loss or injury to professional practice from litigation, adverse publicity, or other events arising in connection with financial statements audited and reported on. In simple terms, audit risk is the risk that an auditor will issue an unmodified opinion on materially misstated financial statements, while auditor’s business risk relates to the auditor's exposure to financial loss and damage to his or her professional reputation. 3-2 Inherent risk and control risk differ from detection risk in that inherent risk and control risk exist independently of the audit. The levels of inherent risk and control risk are functions of the client and its environment, and the auditor has little control over these risks. The auditor can control detection risk through the scope (nature, timing and extent) of the audit procedures performed. Thus, detection risk has an inverse relationship with inherent risk and control risk. 3-3 Sampling risk refers to the fact that, in many instances, the auditor does not examine 100 percent of the account balance or class of transactions. Since only a subset of the population is examined, it is possible that the sample drawn is not representative of the population and a wrong conclusion may be made on the fairness of the account balance. Nonsampling risk occurs because an auditor may use an inappropriate audit procedure, fail to detect a misstatement when applying an appropriate audit procedure, or misinterpret an audit result. 3-4 In understanding of the entity and its environment, the auditor gathers knowledge about: (1) industry, regulatory, and other external factors; (2) the nature of the entity; (3) its objectives and strategies, and related business risks; (4) measurement and review of the entity’s financial performance; (5) internal control. 3-5 Some examples of conditions and events that may indicate the existence of business risks are: • Significant changes in the entity such as large acquisitions, reorganizations or other unusual events. • Significant changes in the industry in which the entity operates. • Significant new products or services or significant new lines of business. • New locations. • Significant changes in the IT environment. • Operations in areas with unstable economies. • High degree of complex regulation. 3-6 Auditing standards define errors as unintentional misstatements or omissions of amounts or disclosures in financial statements. Fraud is defined as intentional misstatements that can be classified into two types: (1) misstatements arising from fraudulent financial reporting and (2) misstatements arising from misappropriation of assets. Examples of errors include mistakes in gathering or processing from which financial statements are prepared, unreasonable accounting estimates arising from oversight or misinterpretation of facts, and mistakes in the application of accounting principles. Fraud includes intentional manipulation, 1
falsification, or alteration of accounting records or supporting documents from which the financial statements are prepared; misrepresentation in, or intentional omission from, the financial statements of events, transactions, or other significant information; intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure; and theft of assets such as cash or inventory. 3-7 The audit risk model has a number of limitations. First, the model assumes that its components are independent of one another while they are likely to be dependent in the real world. Second, since the auditor assesses inherent risk and control risk, such assessments may be higher or lower than the actual inherent risk and control risk that exist for the client. Third, the model does not separately take into account fraud risk. Last, the audit risk model does not consider the possibility of non-sampling risk. 3-8 Professional standards provide very little specific guidance on how to assess what is material to a reasonable user. As a result, auditing firms should develop policies and procedures to assist their auditors in establishing materiality judgments for clients in order to minimize the variability of such judgments by firm personnel. In other words, firms would prefer to have their auditors establish similar materiality judgments for clients with similar circumstances. 3-9
The three major steps in applying materiality are:
Step 1: Plan a preliminary judgment about materiality. The auditor establishes a preliminary judgment about materiality by choosing a base, or bases, which is multiplied by a percentage factor to determine the initial quantitative judgment about materiality. This amount can be adjusted for qualitative factors that may be relevant for the engagement. Step 2: Determine tolerable misstatement. This step involves determining tolerable misstatement based on planning materiality. Tolerable misstatement is the amount of planning materiality that is allocated to the account balances or classes of transactions so that the auditor can plan the scope of audit procedures for the individual account balance or class of transactions. Step 3: Estimate likely misstatements and compare the totals to the preliminary judgment about materiality. The auditor estimates likely misstatements and compares the aggregate misstatements (i.e. likely misstatements and known misstatements) to the preliminary judgment about materiality. When the aggregate misstatements are less than the preliminary judgment about materiality, the auditor concludes that the financial statements are fairly presented. Conversely, when the aggregate misstatements are greater than the planned judgment about materiality, the auditor should request that the client adjust the financial statements. 3-10 Total assets or total revenues are better bases for determining materiality for many entities because these factors are more stable and less variable from year to year than is net income (profit). Difficulties arise when using net income, or a variant of net income, as a base when the entity is close to breaking even or experiencing a loss. 3-11 Qualitative factors that may affect the establishment of the preliminary judgment about materiality (step 1) are shown in Table 3-12. Many of these qualitative factors are cited in ISA 320 ‘Materiality in the Identification and Evaluation of Misstatements’ (exposure draft). SEC Staff Accounting Bulleting No. 99, “Materiality” 2
3-12 Qualitative factors that may affect the establishment of the evaluation of materiality (step 3) are shown in Table 3-12. Many of these qualitative factors are cited in ISA 320 ‘Materiality in the Identification and Evaluation of Misstatements’ (exposure draft). Solutions to Problems 3-13 a. 1. is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated 2. Inherent risk is the susceptibility of an assertion to material misstatement, assuming no related internal controls. Control risk is the risk that material misstatements that could occur will not be prevented or detected by the internal controls. Detection risk is the risk that the auditor will not detect a material misstatement that exists in the financial statements. 3. Inherent risk and control risk differ from detection risk in that they exist independently of the audit of financial statements, whereas detection risk relates to the auditor's procedures and can be changed at the auditor's discretion. Detection risk has an inverse relationship to inherent and control risk. b. 1.
Omissions or misstatements of items are material if they could, individually or collectively, influence the economic decisions of users taken on the basis of the financial statements. Materiality depends on the size and nature of the omission or misstatement judged in the surrounding circumstances. The size or nature of the item, or a combination of both, could be the determining factor.
2.
Materiality is affected by the nature and amount of an item in relation to the nature and amount of items in the financial statements under examination, and the auditor's judgment as influenced by the auditor's perception of the needs of a reasonable person who will rely on the financial statements. A number of qualitative factors also affect materiality.
3.
The auditor's judgment about materiality for planning purposes may be different from materiality for evaluation purposes because the auditor, when planning an audit, cannot anticipate all of the circumstances that may ultimately influence judgment about materiality in evaluating the audit findings at the completion of the audit. If significantly lower materiality levels become appropriate in evaluating the audit findings, the auditor should reevaluate the sufficiency of the audit procedures already performed.
3-14
3
Client No.
Detection Risk
1
25%
2
10%
3
80%
4
25%
Client No.
Detection Risk
1
Moderate
2
High
3
Low
4
Low
3-15
3-16
1. 2. 3. 4. 5.
B D C B B
6. 7. 8. 9. 10.
C D D A D
3-17 a. Two factors are particularly important in assessing the risk of material misstatement for Johnson. First, one individual, who also has majority control of the stock, dominates the decision making in the company. This factor should lead to a higher assessment for the risk of material misstatement because there is no review of important decisions and actions may be taken that are not in the best interest of the company or its stockholders. Second, Johnson is expanding rapidly throughout the southeast. Such expansion may result in material misstatements since decision making may become decentralized without adequate internal control. The increase in the risk of material misstatement due to these two factors will result in a lower determination of detection risk and an increase in the scope of the auditor's work. b. A number of the risk factors are present for Close-Moor stores. First, the company is experiencing a slowdown in sales. Second, there has been turnover in two financial positions within the company. Third, the president of the company is aggressive and places undue emphasis on meeting earnings expectations. These factors lead to an increased assessment for the risk of material misstatement, resulting in a lower assessment of detection risk and more substantive testing. c. The factors affecting the assessment of the risk of material misstatement for MaxiWrite all relate to industry characteristics. First, the industry is very competitive, which can lead to price-cutting and its related effects on revenues. Second, the industry is affected by changes in technology, and MaxiWrite is not one of the industry leaders in technology. Its products usually are not competitive with the industry leaders in terms of performance. Third, the company is not as profitable or financially strong as the major companies in the industry. The industry factors result in an increased assessment of the risk of material misstatement for MaxiWrite, leading to a lower determination of detection risk and more substantive tests. 4
d. The risk of material misstatement should be increased for the Focus Bank for the following reasons. First, the audit firm has been the bank's auditors for only two years. Second, there has been contentious accounting issues related to loan loss reserves and the value of collateral. Third, prior audits have indicated the presence of misstatements in the loan loss reserve. Based on these risk factors, detection risk should be set lower and increased substantive tests performed. 3-18 a. Pitts has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud. If Pitts's risk factor assessment indicates that fraud may be present, she might respond as follow: • Increase professional scepticism by questioning and critically assessing audit evidence. • Assign more experienced auditors who have the knowledge, skill, and ability to commensurate with the increased risk of the engagement. • Consider management's selection and application of significant accounting policies, particularly those related to revenue recognition, asset valuation, or capitalizing versus expensing. • Modify the nature, timing and extent of audit procedures to obtain more reliable evidence and use increased samples sizes or more extensive analytical procedures. Pitts should document the risk of material misstatement for all material accounts and classes of transactions. The auditor’s documentation includes the following: • The nature and results of the communication among engagement personnel that occurred in planning the audit regarding the risks of material misstatement due to fraud. • The steps performed in obtaining and supporting knowledge about the entity’s business and its environment. The documentation should include: the risks identified, an evaluation of management’s response to such risks, and the auditor's assessment of the risk of fraud after considering the entity’s response. • The nature, timing, and extent of the procedures performed in response to the risks of material misstatement due to fraud and the results of that work. • Fraud risks or other conditions that caused the auditor to believe that additional audit procedures or other responses were required to address such risks or other conditions. • The nature of the communications about fraud made to management, those in charge with governance, and others. b. If Pitts had evidence that suggested that fraud might exist, the matter should be brought to the attention of an appropriate level of management. If the fraud involved senior management or the fraud causes a material misstatement of the financial statements, Pitts should report it directly to those in charge with governance ( e.g. the board of directors or the audit committee). In addition, Pitts should reach an understanding with those in charge with governance regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees. Pitts has no responsibility to disclose the fraud to parties other than the client's senior management and those in charge with governance because of ethical or legal obligations of confidentiality. However, the auditor’s legal responsibilities vary by country and in certain circumstances the duty of confidentiality may be overridden by statute, the law or courts of law. The IFAC Code of Ethics for Professional Accountants provides guidance on circumstances 5
where auditors should disclose confidential information or when such disclosure may be appropriate. (Chapter 19 discusses the IFAC Code of Ethics.) To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive governmental financial assistance. 3-19 Client No. 1 2 3 4
PJM (rounded) $€54,800 $3€10,000 $€2,835,000 $€38,700,000
Solution to Discussion Cases 3-20 a. Materiality and audit risk both would likely be set at very low levels. Investors and creditors to assess their investments in light of MGR’s difficulties probably will use the financial statements quite extensively. In addition, the auditors likely would set audit risk quite low because there is a high risk of litigation against the auditor should MGR declare bankruptcy. The auditor would set audit risk low to minimize the risk of rendering an inappropriate audit opinion. b. Inventory is the account that most likely is misstated. Inventory already has been written down, and MGR’s trouble generating sales suggests that further inventory write-downs are likely. This explanation represents an inherent risk factor because it involves business factors that affect valuation. There also are motivations to overvalue inventory (to inflate financial position), which also represents an inherent risk factor. c. MGR’s motivations to misstate its financial position to mask its difficulties certainly create a motivation to commit fraud; this represents a high likelihood of fraudulent financial reporting. Misappropriation of assets (theft) also is a possibility because MGR’s inventory likely is attractive to its employees. However, fraudulent financial reporting would be of greater concern to the auditors. d. Auditor’s business risk would be very high because of the likelihood that the client will go out of business as well as the likelihood that the client will commit fraud. e. The entity’s business risk also is high because of its continuing financial difficulties. 3-21 a. First, it is important to understand that the fraud at Cendant involved fraudulent financial reporting as opposed to misappropriation of assets. All three aspects of the fraud triangle are present in this situation. Incentives include pressure to meet analysts’ expectations. A weak control system, a lax auditor, and the presence of many accounting estimates present opportunities for fraud. Rationalization is created by an ‘everybody does it’ attitude and a weak commitment by management to accurate financial reporting. b. Signals that fraud may have been occurring include the fact that Cendant always met analysts’ expectations, top management implemented inadequate controls, the growth of large favourable adjustments, constant revisions of reserves, and inadequate justification for the large transfer from a reserve.
6
Solutions to Internet Assignments 3-22 a. Jones would use the total assets of €29,611,000 as the base in Exhibit 3-4. Using this amount, the preliminary judgment of materiality is €176,000 (rounded). This amount is determined by using the planning materiality of €85,500 (the amount over €10 million but not over €30 million) and adding €90,400 to it. The €90,400 was determined by using the excess over €10 million and multiplying it by .00461 (€19.611 million x .00461). b. There are a number of sites on the Internet that contain information on the paging (telecommunications) industry. Unfortunately, many of these sites sell their data at relatively high prices. Two sites that contained such information are: Info Edge (www.info-edge.com), and The Strategis Group (www.strategisgroup.com). The Personal Communications Industry Association (PCIA) (www.pcia.com) and the Canadian Wireless Telecommunications Association (CWTA) (www.cwta.ca) have homepages that contain information on the industry. Another source of information is the homepages of other companies that operate in the paging industry. c. The memo describing Calabro Paging Services’ client business risk should include the following factors: • Highly competitive industry, with price being the primary means of differentiation among service providers. • There are many licensed companies with the industry undergoing consolidation through merger and acquisition. • The industry requires substantial funds to finance the maintenance and growth of operations and customer base. • Many smaller companies in the industry are losing money. • There are significant risks to changing technology. • Many of Calabro’s competitors are larger and better financed. • The industry is subject to regulation. 3-23 The answers to this Internet assignment will be a function of the company assigned by the instructor. However, the responses to the questions will be found in the sources cited in the problem and will be similar to those in the questionnaire provided by your instructor or downloaded from the book’s website. For example, we have used companies in the pharmaceutical industry for this assignment.
7
CHAPTER 4 AUDIT EVIDENCE AND AUDIT DOCUMENTATION Answers to Review Questions 4-1 Auditors typically divide the financial statements into components or segments in order to make the audit more manageable. A component can be a financial statement account or a transaction process. This approach allows the auditor to gather evidence by examining the processing of related transactions through the accounting system from their origin to their ultimate disposition in the accounting journals and ledgers. Thus, the auditor can examine an accounting transaction from the time it is initiated by the entity until its final recording in the financial statement accounts. 4-2 There is a top-down relationship from the financial statements to the audit procedures. The financial statements contain management's assertions about the various financial statement components. The auditor tests each relevant management assertion and then conducts audit procedures to gather evidence to test whether the assertions are being met. The results from applying audit procedures provide the evidence that supports the fair presentation of management’s assertions and the auditor's report (see Figure 4-1). 4-3 Assertions about classes of transactions and events for the period under audit: Assertion Definition Occurrence Transactions and events that have been recorded have occurred and pertain to the entity (sometime referred to as validity). Completeness All transactions and events that should have been recorded have been recorded. Authorization All transactions and events have been properly authorized. Accuracy Amounts and other data relating to recorded transactions and events have been recorded appropriately. Cutoff Transactions and events have been recorded in the correct accounting period. Classification Transactions and events have been recorded in the proper accounts.
1
4-4 Assertions about account balances at the period end: Assertion Definition Existence Assets, liabilities, and equity interests exist. Rights and The entity holds or controls the rights to assets, and liabilities Obligations are the obligations of the entity. Completeness All assets, liabilities and equity interests that should have been recorded have been recorded. Valuation and Assets, liabilities, and equity interests are included in the Allocation financial statements at appropriate amounts, and any resulting valuation or allocation adjustments are appropriately recorded. 4-5 Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based, and includes the information contained in the accounting records underlying the financial statements and other information. Corroborating or other evidence includes both written and electronic information such as cheques, records of electronic transfers, invoices, contracts, minutes, confirmations, and written representations. It also includes information obtained by the auditor through inquiry, observation, inspection, and physical examination. 4-6 Audit evidence is usually persuasive rather than convincing for two reasons. First, since an audit must be completed in a reasonable amount of time and at a reasonable cost, the auditor examines only a sample of the transactions that compose the class of transactions or account balance. Second, due to the nature of evidence, auditors must often rely on evidence that is not perfectly reliable. The types of audit evidence examined by the auditor have different degrees of reliability, and even highly reliable evidence has weaknesses. Therefore, the evidence obtained by the auditor seldom provides absolutely convincing about an audit objective. 4-7 The types of audit procedures and their definitions are: (1) Inspection of records or documents consists of examining internal and external records or documents that are in paper form, electronic form, or other media. (2) Inspection of physical assets consists of physical examination of assets. (3) Reperformance is the auditor's independent execution of procedures or controls that were originally performed as part of the entity’s internal control, either manually or through the use of CAATs. (4) Recalculation consists of checking the mathematical accuracy of documents and records. (5) Scanning is the review of accounting data to identify significant or unusual items. (6) Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, throughout the entity and outside the entity. (7) Observation consists of looking at a process or procedure being performed by others. (8) Confirmation is the process of obtaining a representation of information or of an existing condition directly from a third party. (9) Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data (ISA 520). 4-8 Vouching refers to first selecting an item for testing from the accounting journals or ledgers and then examining the underlying source document. Thus, the direction of testing is from the journals or ledgers back to the source documents. Vouching provides evidence that items included in the accounting journals or ledgers have occurred (are valid). Tracing refers to 2
first selecting an accounting transaction (a source document) and then following it into the journal or ledger. The direction of testing in this case is from the source documents to the journals or ledgers and tests whether transactions that occurred are recorded (completeness) in the accounting records. 4-9 Corroborating evidence is obtained for inquiry and for observation because these audit procedures typically are not from independent sources and therefore are not considered to be highly reliable. For example, the auditor might follow up the client's responses concerning the internal controls over the raw-material storeroom by conducting tests of the control procedures to verify their existence and effectiveness. 4-10 Inspection of tangible assets, reperformance, and recalculation are generally considered of high reliability because the auditor has direct knowledge about them. Inspection of records and documents, scanning, confirmation, and analytical procedures are generally considered to be of medium reliability. The reliability of inspection of records and documents depends primarily on whether a document is internal or external. Scanning depends on the auditor’s ability to identify anomalous items using judgment or CAATs. The reliability of confirmations is affected by the form of the confirmation, prior experience with the entity, the nature of the information being confirmed, and the intended respondent. The reliability of analytical procedures may be affected by the quality of the client's internal control system. Finally, inquiry and observation are generally low-reliability types of evidence since both require further corroboration by the auditor. It should be understood, however, that levels of reliability for the types of evidence should be considered as general guidelines. The reliability of the types of evidence may vary considerably across entities, and it is subject to a number of exceptions. 4-11 It is important that the audit documentation or working papers be organized or indexed in such a way that members of the audit team or firm can find relevant audit evidence. When the auditor performs audit work on one working paper and supporting information is obtained from another working paper, the auditor cross-references the information on each working paper. This process of indexing and cross-referencing provides a trail from the financial statements to the individual working papers that can be easily followed members of the audit team or firm. Today, much of this cross-referencing is facilitated by the use of electronic working paper programs. Solutions to Problems 4-12 a. b. c. d. e.
5 4 1 2 3
4-13 a. b. c. d. e. f. 3
8 1 3 6 9 2
g. h. i. j. k.
7 3 8 1/3 5
4-14 a. b. c. d. e. f. g. h. i.
Category of Assertion Assertions about account balances Assertions about transactions and events Assertions about account balances Assertions about account balances Assertions about account balances Assertions about account balances Assertions about account balances Assertions about account balances Assertions about account balances
j. k.
Assertions about transactions and events Assertions about account balances
Assertion existence cutoff completeness valuation and allocation valuation and allocation existence completeness/existence valuation and allocation Valuation and allocation/ completeness accuracy valuation and allocation
4-15 a. The audit plan converts the overall audit strategy into a more detailed plan and contains the planned audit procedures. It serves as an outline of the evidence-gathering procedures that the auditor will follow during the audit. An audit plan serves as a record of the work performed during the audit. It represents evidence that the audit was conducted in accordance with auditing standards. Since an audit plan typically includes specific steps to gain corroborative evidence, it serves as a list of procedures necessary to test actual transactions and resulting balances. b. Examples of the types of audit procedures that would be used by the auditor during an audit of financial statements are the following (note that each procedure listed relates to one of the types of procedures listed in the chapter): • Observation of activities and conditions. • Physical examination and counts. • Confirmation. • Inspection of authoritative documents. • Recalculation. • Tracing or Retracing (e.g., tracing bookkeeping procedures, walking through the system, checking data processing flow, agreeing evidence to accounting records, flow-charting, checking audit trail, vouching, etc.). • Scanning. • Inquiry of client personnel and management. • Examination and corroboration of subsidiary records. • Analytical procedures. • Review of documents relating to subsequent events (including cutoff examination of cash receipts and disbursements in subsequent events period). • Requesting confirmation of information from outside experts. • Examination of legal letters. 4-16 a. The bank confirmation would be considered more reliable than the observation of segregation of duties because an independent external party provided the information. 4
Observation is not as reliable because the individuals performing the functions may act differently when someone is observing them. b. The auditor's recalculation of depreciation is more reliable than the examination of the raw material requisitions because the auditor has direct personal knowledge of the outcome. c. The bank statement would be considered more reliable than shipping documents because the bank statement was prepared by an entity that is external to the client. d. The physical examination of the common stock certificates would generally be considered more reliable than a physical examination of inventory components for a personal computer because the stock certificates are prepared by an entity external to the client. Additionally, the auditor may not be able to easily determine the quality or value of the computer components. 4-17 a. Type
b. Reliability
1. Internal
1.
High if internal control is excellent, moderate to low otherwise.
2. Internal
2.
High if internal control is excellent, moderate to low otherwise.
3. External
3.
High because it comes from an external party.
4. External
4. High to moderate because the document has been circulated to a party outside the entity.
5. External
5.
High because it comes from an external party.
6. Internal
6.
High if internal control is excellent, moderate to low otherwise.
7. Internal
7.
High if internal control is excellent, moderate to low otherwise.
8. Internal
8.
High if internal control is excellent, moderate to low otherwise.
9. External
9. High to moderate because the document has been circulated to a party outside the entity.
10.External
10.
High because it comes from an external party.
4-18 a. The reliability of evidence obtained through confirmations is directly affected by factors such as: • The form of the confirmation. • Prior experience with the entity. • The nature of the information being confirmed. • The intended respondent. There are two types of confirmation requests: the positive form and the negative form. Positive confirmations are generally considered more reliable because the respondent must reply to the 5
requested information. A non-response to a negative confirmation is assumed to be correct. Prior experience with the client in terms of confirmation response rates, misstatements identified, and the accuracy of returned confirmations should be considered when assessing the reliability of confirmations. If response rates were low in prior audits, the auditor might consider obtaining evidence using alternative procedures. The nature and availability of the information being confirmed may directly affect the appropriateness of the evidence obtained. The intended respondent to confirmations may vary from individuals with little accounting knowledge to highly qualified accounting personnel in large companies. The auditor should consider the respondent's competence, knowledge, ability, and objectivity when assessing the reliability of confirmation requests. b. The following amounts or information included in EarthWear’s financial statements could be confirmed. The source of the confirmation is also included. Amounts or Information Confirmed
Source of Confirmation
Cash balances
Banks
Accounts receivable
Individual customers
Lines of credit
Banks
Accounts payable
Individual vendors
Lease assets
Leaseholders
Common stock outstanding
Registrar/Transfer agent
Insurance coverage
Insurance company
4-19 a. Auditing standards (ISA 230), stipulates that audit documentation (working papers) should: (1) provide a record of the basis for the auditor’s report and (2) provide evidence that the audit was performed in accordance with auditing standards and applicable legal and regulatory requirements. b. The more common types of working papers include the overall audit strategy and audit plan, working trial balance, adjusting and reclassification entries, account analysis and listings, and audit memoranda. c. Factors affecting the auditor's judgment about the nature and extent of audit documentation include (1) matters that give rise to significant risks; (2) results of audit procedures indicating that the financial information could be materially misstated, or a need to revise the auditor’s previous assessment of the risks of material misstatement and the auditor’s responses to those risks; (3) circumstances that cause the auditor significant difficulty in applying necessary audit procedures; (4) findings that could result in a modification of the auditor’s opinion (ISA 230). Solution to Discussion Case 6
4-20
Part I
a.
Because of the large increase in sales, both in general and abroad, the auditor primarily would be concerned with occurrence of sales transactions.
b.
For the same reason given in part a, the auditor would be concerned with the existence of the accounts receivable. In addition, because there is some evidence that the increase in accounts receivable seemed to be greater than the increase in sales (e.g., greater percentage increase in accounts receivable than for sales, increase in average days outstanding), the auditor also would be concerned with valuation or allocation (i.e. to what extent are the receivables collectible).
c.
The auditor could vouch sales and receivables. Specifically, to examine the occurrence and existence assertions, auditors could choose a sample sales transactions and examine supporting documents, perhaps paying particular attention to the existence of a valid sales order as well as evidence that the products were shipped (i.e. shipping documents). The auditor also could confirm a sample of accounts receivable with customers, perhaps asking the customers to fill in the monetary amount that they owe as of the balance sheet date. This procedure would help verify existence or occurrence, rights and obligations, and valuation or allocation. The auditor also could prepare an aging schedule to check for the existence of a significant amount of old receivables. This procedure would be useful primarily for valuation or allocation. Part II a.
The auditors could have examined documentation for sales transactions, particularly searching for valid sales orders and evidence that the products sold were shipped. The auditor also could have considered sending additional confirmations to a larger number of customers, perhaps asking the customer to fill in the dollar amounts because there is so much doubt about the accuracy of L&H’s figures.
b.
The confirmation responses suggest that management integrity likely is low, especially those that stated they were not a customer of L&H’s. Therefore, the auditor would be unlikely to use inquiry of the client as an audit procedure.
4-21 a. The auditor can assess the reliability of the client's records for developing the allowance for return of unsold books by testing the number of books sold and the number of books returned. Taking a sample of sales by individual title and tracing them into the client’s internal records could accomplish this. This would verify the sales portion of the internal records. The book return portion of the client’s records can be tested by examining a sample of receiving documents used to record the books returned by individual titles from the retail stores. If these tests indicated that the client's records were accurate, the auditor could rely on the client's records for establishing the allowance for return of unsold books. b. The return rate could be estimated for relatively new titles in a number of ways. One possibility is to use the average historical ‘first-year’ return rate for all new titles. Another 7
possibility is to estimate the first-year return rate by individual author. Thus, if a new title was from an author who had previously published with Bentley Bros., the author's average first-year rate could be tested and used. c. Other than average industry data, there is not likely to be much external evidence that can be gathered on returned books. It might be possible to send a confirmation to the major retail stores and ask for information on current sales activity. Some evidence might also be gathered from the ‘best-selling’ book lists. Solution to Internet Assignment 4-22 A general search for each term using an Internet browser resulted in a long list of ’hits;’ most of which did not apply to the material covered in the text. One site (www.accountingstudents.com) provided a glossary of auditing terms that contained EDI and image processing systems. The Institute of Internal Auditors' home page (www.theiia.org) contained some information related to EDI and image processing systems. EDI refers to the electronic exchange of data, for example, the electronic exchange of data regarding inventory requirements between a customer and a vendor. Image processing systems capture and store electronic images, usually reproductions of documents. For example, many banks now make electronic images of cancelled cheques available to their customers online. These technologies have fundamental implications for auditing, especially in terms of the quality of the electronic evidence involved in both. If important audit evidence is stored only in electronic form and controls over the integrity of the electronic records are not adequate, the auditor may not be able to gather sufficient appropriate evidence to express an unmodified opinion on the client’s financial statements.
8
CHAPTER 5 AUDIT PLANNING AND TYPES OF AUDIT TESTS Answers to Review Questions 5-1 The auditor should inquire of the prospective client’s bankers and lawyers, credit agencies, and other members of the business community who may have knowledge about the integrity of the prospective client and its management. 5-2 The legal and regulatory responsibilities for communication between the successor and predecessor auditor differ among countries. Auditing standards (ISA 300) requires that the successor auditor communicates with the predecessor auditor, in compliance with relevant legal and ethical responsibilities. Subject to any legal constraints the successor auditor is responsible for initiating the communication with the predecessor auditor. However, the successor auditor should request permission of the prospective client before contacting the predecessor auditor. The successor auditor’s communication with the predecessor auditor should include questions related to the integrity of management, disagreements with management over accounting and auditing issues, and the predecessor auditor’s understanding of the change in auditors. 5-3 An engagement letter is used to formalize the arrangement reached between the auditor and client. It serves as a contract that outlines the responsibilities of both parties and is intended to prevent misunderstandings between the two parties. The letter states the responsibilities of the auditor and management, that the audit will be conducted in accordance with auditing standards, that certain types of audit procedures will be conducted and written representations will be obtained from management, and that the audit may not detect all material errors and fraud. Exhibit 5-1 in the text contains a sample engagement letter. In addition, the engagement letter might include: Arrangements involving the use of experts or internal auditors. laws and other regulations may restrict or prohibit such liability limiting arrangements.) Additional services to be provided relating to regulatory requirements. Arrangements regarding other services (e.g. assurance, tax or consulting services). 5-4 5-5
The following factors can be used to judge the competence of the internal auditors: Educational level and professional experience. Professional certification and continuing education. Audit policies, procedures, and checklists. Practices regarding their assignments. The supervision and review of their audit activities. The quality of their working paper documentation, reports, and recommendations. Evaluation of their performance.
The objectivity of the internal auditors can be determined by assessing the following factors: The organizational status of the internal auditor responsible for the internal audit function. Policies to maintain internal auditors’ objectivity about the areas audited. 5-5
Those charged with governance is defined as the person(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting and disclosure process. The 1
structures of corporate governance vary from country to country. Thus, the supervisory, board of directors and/or audit committee may be the focus. Note that in an increasing number of countries audit committees are mandatory requirements for listed companies. Companies also establish audit committees on voluntary basis. The audit committee may be directly responsible for the appointment, compensation, and oversight of the work of any audit firm employed by the company. Further, all audit and non-audit services provided by its auditor may require pre-approval by the audit committee. 5-6
The overall audit strategy sets the scope, timing, and direction of the audit. In developing the overall audit strategy, the auditor considers the results of the other planning steps (i.e. assessment of a preliminary level for control risk by account and assertion, considerations of the possibility of non-compliance with laws and regulations, identification of related parties, and performance of preliminary analytical procedures) and the results of the risk assessment procedures performed to gain an understanding of the entity (including client’s business objectives and strategies, business risks, audit risks, and risk management). The auditor finalizes the overall audit strategy by documenting the effects of the identified risks and controls on the planned audit procedures.
Develop an overall audit strategy and prepare audit programs. Circumstances that may indicate a possible illegal act include the following: Unauthorized transactions, improperly recorded transactions, or transactions not recorded in a complete or timely manner. Investigation by a government department, enforcement proceeding, or payment of unusual fines or penalties. Violations of laws or regulations cited in reports of examinations by regulatory authorities. Large payments for unspecified services to consultants, affiliates, or employees. Sales commissions or agents' fees that appear excessive. Large payments in cash or bank cashiers’ cheques. Unexplained payments to government officials. Failure to file tax returns or pay government duties.
• • • • • • • •
5-8 The auditor can identify related parties by (1) evaluating the client’s procedures for identifying related parties, and (2) requesting a list of related parties from management. Some additional audit procedures that may identify transactions with related parties include: • Review significant contracts and agreements not in the ordinary course of business, including those involving management and those charged with governance. • Review bank and legal confirmations. • Review invoices and correspondence from law firms. • Review minutes of meetings of shareholders, management, and those charged with governance. • Review the entity’s income tax returns. • Perform auditor procedures designed to identify significant and unusual transactions and determine whether related parties are involved. 5-9 The three general types of audit tests are risk assessment procedures, tests of controls and substantive tests. Risk assessment procedures are used by the auditor to obtain an
2
understanding of the entity and its environment, including internal control. Examples include inquiries of management and others, analytical procedures, and observation and inspection. obtaining audit evidence about the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Examples of tests of controls include inquiries of appropriate client personnel, inspection of documents and reports, observation of the application of a specific internal control, and reperformance of the application of the control by the auditor. Substantive tests are performed to detect material misstatements (i.e. monetary errors) in an account balance, transaction classes, and disclosure components of the financial statements. Examples of substantive tests are substantive tests of transactions, analytical procedures, and tests of account balances. 5-10 The purposes for using analytical procedures at the planning stage of an audit are (1) to enhance the auditor’s understanding of the client’s business and the transactions and events that have occurred since the last audit and (2) to identify areas that may represent risks relevant to the audit. 5-11 The quality of an expectation is referred to as the precision of the expectation. Precision is a measure of the potential effectiveness of an analytical procedure; it represents the degree of reliance that can be placed on the procedure. Precision is a measure of how closely the expectation approximates the unknown ‘correct’ amount. The degree of desired precision will differ with the specific purpose of the analytical procedure. The precision of the expectation is a function of the materiality and required detection risk for the assertion being tested. If the assertion being tested requires a low level of detection risk, the expectation needs to be very precise. However, the more precise the expectation, the more extensive and expensive are the audit procedures used to develop the expectation, resulting in a cost/benefit trade-off. The second step in the substantive analytical procedures decision process is to define or calculate a tolerable difference. Since the expectation developed by the auditor will rarely be identical to the client's recorded amount, the auditor must decide the amount of difference that would require further investigation. The size of the tolerable difference depends on the significance of the account, the desired degree of reliance on the analytical procedure, the level of disaggregation in the amount being tested, and the precision of the expectation. Auditors often use rules of thumb such as, ‘tolerable difference is 10% of the predicted amount and/or a difference less than €75,000.’ 5-12 Explanations for significant differences observed for substantive analytical procedures must be followed up and resolved through quantification, corroboration, and evaluation. Quantification: Quantification involves determining whether the explanation or error can explain the observed difference. This may require the recalculation of the expectation after considering the additional information. For example, a client may offer the explanation that the inventory account increased by a certain percentage as compared to the prior year due to a 12 percent increase in raw materials prices. The auditor should compute the effects of the raw materials price increase and determine the extent to which the price increase explains (or does not explain) the increase in the inventory account. Corroboration: Auditors must corroborate explanations for unexpected differences by obtaining sufficient appropriate audit evidence linking the explanation to the difference and substantiating that the information supporting the explanation is reliable. This evidence should be of the same quality as the evidence obtained to support tests of details. Common corroborating procedures include examination of supporting evidence, inquiries of independent persons, and evaluating evidence obtained from other auditing procedures.
3
Evaluation: Evaluation involves the effective use of professional scepticism, combined with the desire to obtain sufficient appropriate audit evidence, similar to other auditing procedures. The auditor should evaluate the results of the substantive analytical procedures to conclude whether the desired level of assurance has been achieved. If the auditor obtains evidence that a misstatement exists and can be sufficiently quantified, the auditor makes note of his or her proposed adjustment to the client’s financial statements. 5-13 The Audit Testing Hierarchy starts with tests of controls and substantive analytical procedures because they are generally both more effective and more efficient than starting with tests of details (i.e. substantive tests of transactions and substantive tests of account balances and disclosures). 5-14 Some of the buckets are larger than others because certain assertions will be more important or present bigger risks for some accounts than for others. For instance, existence (or validity) is typically more important for accounts receivable than it is for accounts payable. After the auditor has determined the risks associated with the assertions for an account balance, she can determine the size of the assurance buckets (i.e. how much assurance is needed) and then begin filling the buckets by applying the audit testing hierarchy. 5-15 There are four categories of financial ratios discussed in the text: short-term liquidity ratios, activity ratios, profitability ratios, and coverage ratios. Short-term liquidity ratios are indicators of the entity’s ability to meet its current obligations when they become due. Activity ratios indicate how effectively the entity's assets are managed. Profitability ratios are indicators of the entity’s success or failure for a given period. Coverage ratios provide information on the long-term solvency of the entity, including the ability of the entity to continue as a going concern. Solutions to Problems 5-16 a. The procedures (if not restricted by law) Hall should perform before accepting the engagement include the following: 1. Hall should explain to Adams the need to make an inquiry of Dodd and should request permission to do so. 2. Hall should ask Adams to authorize Dodd to respond fully to Hall’s inquiries. 3. If Adams refuses to permit Dodd to respond or limits Dodd’s response, Hall should inquire as to the reasons and consider the implications in deciding whether to accept the engagement. 4. Hall should make specific and reasonable inquiries of Dodd regarding matters Hall believes will assist in determining whether to accept the engagement, including specific questions regarding: • Facts that might bear on the integrity of management. • Disagreements with management as to accounting principles, auditing procedures, or other similarly significant matters. • Dodd's Dodd’s understanding as to the reasons for the change of auditors. 5. If Hall receives a limited response, Hall should consider its implications in deciding whether to accept the engagement. b. The additional procedures Hall should consider performing during the planning phase of this audit that would not be performed during the audit of a continuing client may include the following: 4
1. Hall may apply appropriate auditing procedures to the account balances at the beginning of the audit period and, possibly, to transactions in prior periods. 2. Hall may make specific inquiries of Dodd regarding matters Hall believes may affect the conduct of the audit, such as • Audit areas that have required an inordinate amount of time. • Audit problems that arose from the condition of the accounting system and records. 3. Hall may request Adams to authorize Dodd to allow a review of Dodd’s working papers. 4. Hall should document compliance with firm policy regarding acceptance of a new client. 5. Hall should start obtaining the documentation needed to create a permanent working paper file. 5-17 a. Prior to acceptance of the engagement, Tish & Field should have communicated with the predecessor auditor regarding: • Facts that might bear on the integrity of management. • Disagreements with management concerning accounting principles, auditing procedures, or other significant matters. • The predecessor’s understanding about the reason for the change. • Any other information that may be of assistance in determining whether to accept the engagement. b. The form and content of engagement letters may vary, but they would generally contain information regarding: • The objective of the audit. • The estimated completion date. • Management's Management’s responsibility for the financial statements. • The scope of the audit. • Other communication of the results of the engagement. • The fact that because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any system of internal control, there is an unavoidable risk that even some material misstatement may remain undiscovered. • Access to whatever records, documentation, and other information may be requested in connection with the audit. • Arrangements with respect to client assistance in the performance of the audit engagement. • Expectation of receiving from management written confirmation concerning representations made in connection with the audit. • Notification of any changes in the original arrangements that might be necessitated by unknown or unforeseen factors. • A request for the client to confirm the terms of the engagement by acknowledging receipt of the engagement letter. • The basis on which fees are computed and any billing arrangements. 5-18 5. 6. 7. 8. 9. 10.
Additional procedures to be performed prior to the beginning of field work are: Reading the current year’s interim financial statements. Discussing the scope of the examination with management of the client. Establishing the timing of the audit work. Arranging with the client for adequate working space. Coordinating the assistance of client personnel in data preparation. Establishing and coordinating staffing requirements, including time budget.
5
11. Holding a planning conference with assistants assigned to the engagement and discuss possible fraud-related issues. 12. Determining the extent of involvement, if any, of consultants, experts, and internal auditors. 13. Considering the effects of applicable accounting and auditing pronouncements, particularly recent ones. 14. Considering the need for an appropriate engagement letter. 15. Preparing documentation setting forth the preliminary audit plan. 16. Making a preliminary judgment about materiality. 17. Making a preliminary judgment about control risk. 18. Updating the prior year's written audit plan. 5-19 a.
The typical engagement letter generally includes the following:
1. The name and address of the person or persons who retained the auditor to perform the auditing services. 2. An opening paragraph that confirms the understandings of the auditor and the client. 3. A summary of significant events that led to the retention of the services of the auditor. 4. A general description of the audit firm that will conduct the examination. 5. A statement that the examination will be performed in accordance with relevant auditing standards. 6. A description of the scope of the services to be rendered, which should establish the nature of the engagement. 7. Any scope restrictions or special limitations and their effect on the auditor's report. 8. A statement regarding the auditor’s responsibility for the detection of fraud. 9. An indication of the possible use of client personnel in connection with the audit work to be performed. 10. A statement that the auditor will provide a management letter if required in the circumstances. 11. The form of any report or other communication of the engagement. 12. The method and timing of billings as well as billing rates and fee arrangements. 13. Space for the client representative’s signature, which indicates acceptance of the letter and the understandings therein. b. The benefits of preparing an engagement letter include the avoidance of possible problems between the independent auditor and the client concerning (1) the scope of the work, (2) the service to be rendered, and (3) the audit fee. In addition, the ‘in-charge’ auditor conducting the examination can avoid misunderstanding the nature and scope of the engagement if the engagement letter is included in the permanent section of the audit working papers. The letter should eliminate misunderstandings and confusion about the type of financial statements to be examined, the estimated report date, and the type of opinion expected. In addition to avoiding possible misunderstandings, any legal problems relating to the auditor's failure to perform certain procedures can be reviewed with reference to the contractual commitment assumed. For example, if scope limitations prevent the auditor from performing normal audit procedures, the auditor cannot be legally responsible if a fraud is not detected when clearly it would have been detected if such procedures were performed. The engagement letter is also useful as a reference document when preparing for future engagements. 5-20 a. An audit committee is an important part of a company’s organizational structure. It is ordinarily a special committee formed by the board of directors. It is typically a group of 6
outside directors who have no active day-to-day operational role and who are a liaison between the independent auditor and the board of directors. The audit committee assists and advises the full board of directors and in doing so aids the board in fulfilling its responsibility for financial reporting. b. Audit committees are formed to satisfy the shareholders’ need for assurance that directors are exercising due care in the performance of their duties. For listed companies they are often mandated. Audit committees may also be formed on voluntary basis so that a company can be more responsive to the needs of those interested in financial reporting. Their formation itself is recognition of the responsibilities of both the entity and its auditor to investors and creditors. Also, they may be formed to reinforce auditor’s independence, particularly the appearance of independence, from the management of a company whose financial statements are being examined by the auditor. c.
The functions of an audit committee may include the following: Selection of the independent auditor, discussion of audit fee with the auditor, and review of the auditor’s engagement letter. Review of the independent auditor’s overall audit plan (scope, purpose, and general audit procedures). Review of the annual financial statements before submission to the full board of directors for approval. Review of the results of the auditor’s examination including experiences, restrictions, cooperation received, findings, and recommendations. Matters that the auditor believes should be brought to the attention of the directors or shareholders should be considered. Review of the independent auditor’s evaluation of the company’s internal control systems. Review of the company’s accounting, financial, and operating controls. Review of the reports of internal audit staff. Review of interim financial reports to shareholders before the board of directors approves them. Review of company policies concerning contributions to external parties (e.g. political parties), conflicts of interest, and compliance with laws and regulations, and investigation of compliance with those policies. Review of financial statements that are part of prospectuses or offering circulars; review of reports before they are submitted to regulatory authorities. Review of the independent auditor’s observations of financial and accounting personnel. Participation in the selection and establishment of accounting policies; review the accounting for specific items or transactions as well as alternative accounting treatments and their effects. Review of the impact of new or proposed pronouncements by the accounting profession or regulatory authorities. Review of the company’s insurance program. Review and discussion of the independent auditor’s management letter.
• • • •
• • • • •
• • •
• • •
5-21 a. If Post discovers that General’s financial statements may be materially misstated due to fraud, Post should consider the implications for other aspects of the audit and discuss the matter and approach to further investigation with an appropriate level of management and those charged with governance. Post should also attempt to obtain sufficient appropriate evidence to determine whether, in fact, material fraud exist and, if so, its effect. Post may suggest that General consult with its legal counsel on matters concerning questions of law. 7
b. If Post is precluded from applying necessary procedures, Post should disclaim or qualify an opinion on the financial statements and communicate these findings to General’s audit committee or its board of directors. c. If Post concludes that General’s financial statements are materially affected by fraud, Post should insist that the financial statements be revised and, if they are not, express a qualified or an adverse opinion on the financial statements, disclosing all the substantive reasons for such an opinion. Additionally, Post should adequately inform General’s audit committee or its board of directors about the fraud. d. Post may have a duty to disclose fraud to third parties outside General’s management and its audit committee, e.g. to supervisory authorities. Legal duties to report fraud to third parties vary by country. 5-22
5-23 a. •
Audit Procedure
Assertion
1
Accuracy
2
Existence
3
Cutoff
4
Valuation and allocation
Analytical procedures are used for three broad purposes: To assist the auditor in planning the nature, timing, and extent of other auditing procedures. As a substantive test to obtain evidential matter about particular assertions related to account balances or classes of transactions. As an overall review of the financial information in the final review stage of the audit.
• •
b. An auditor’s expectations (types of analytical procedures) are developed from the following sources of information: • Financial and operating data. • Budgets and forecasts. • Industry publications. • Competitor information. c. The factors that influence an auditor’s consideration of the reliability of data for purposes of achieving audit objectives are whether the • Independence of the source of the evidence. • The effectiveness of internal controls. • The auditor’s direct personal knowledge. • Documentary evidence. • Original documents. 5-24 8
a. The calculation of the expectation for the reserve for returns account can be made as follows:
Months July August September October November December
Monthly Sales (in 000s) $€ 73,300,000 82,800,000 93,500,000 110,200,000 158,200,000 202,500,000
Historical Return Rate
Estimated Returns
0.004 0.006 0.01 0.015 0.025 0.032
293,200 496,800 935,000 1653,000 3,955,000 6,480,000 13,813,000 x 0.425 $€5,870,525
Gross Margin % Auditor expectation b.
We can establish a tolerable difference by applying a percentage (50-75%) to the planning materiality set for EarthWear of €1,769,000. This results in a tolerable difference of €885,000.
c. The expectation of €5,870,525 is approximately €20,000 less the book value of €5,890,000. Since this amount is less than the tolerable difference of €885,000, the analytical procedure supports the fair presentation of the reserve for returns account. d. If the difference between the auditor’s expectation and the book value is greater than the tolerable misstatement, the auditor should consider performing the following audit procedures: • Review the general journal and general ledger for any unusual entries. • Re-evaluate the historical return rates. • Re-evaluate the gross profit margin. • Ask the client to adjust the books. 5-25 Accounts receivable
2005
2004
Accounts receivable turnover 18.1 times 25 times (sales divided by accounts receivable) The accounts receivable turnover is slower for 2005, which implies that the average collection period has increased. Arthur should first satisfy himself that RCT’s credit terms remained unchanged over those years. If the credit terms have been liberalized, this increase in collection period may be appropriate. Arthur should also satisfy himself that these computations do, in fact, represent the year’s activity. An accounts receivable aging schedule can indicate whether the longer collection period is due to a major delinquent customer or is representative of RCT’s annual activity. Assuming Arthur is satisfied that RCT’s credit terms have not changed and that annual activity is fairly represented, he should include more extensive audit procedures for sales and accounts receivable. The indicated trend may be due to understated sales or overstated accounts 9
receivable. Arthur should carefully review the year-end cutoff for sales to verify that sales are not understated. He should also satisfy himself that there are no unrecorded sales. Arthur should verify that the accounts receivable are fairly stated at year-end. He should check that lapping has not occurred. Furthermore, he may wish to expand his normal confirmations to cover a larger proportion of the receivables. In addition, Arthur should satisfy himself that the accounts receivable balance includes only bona fide trade receivables. The changed ratio does not automatically imply that an account is misstated. It merely highlights an area for further inquiry. It is possible that the changed ratio is perfectly valid and that the related accounts are fairly stated. If this is so, the auditor should satisfy himself as to the cause of the changed ratio. For example, RCT may have increased sales by being less ‘selective’ of its customers. Furthermore, tighter economic conditions may have caused customers to pay their bills more slowly. By inquiry of sales managers, Arthur may find out if there has been a change in the sales mix of products with varying credit terms.
Current Ratio
200 5
Current ratio (current assets divided by current liabilities)
200 4
2.6 8 to 1
2.49 to 1
The increased current ratio was due to an increase in current assets greater than the increase in current liabilities. Increases in both current assets and current liabilities are warranted because activity has increased from 2004 to 2005, but the major increase in current liabilities has been income taxes. The income taxes each year are directly proportional to that year’s income before income taxes; therefore, the amount of income taxes is logical, assuming that Arthur is satisfied that each year’s income before taxes is fairly stated. The accounts payable, however, have declined. Arthur should satisfy himself that the accounts payable are fairly stated. He should consider the use of confirmation requests and check that the cutoff of payables was handled properly. He should carefully search for unrecorded payables. He should investigate substantial decreases in long-term liabilities and should ascertain that current maturities of long-term liabilities are properly reported in the balance sheet. A ratio that is inconsistent from one year to the next does not necessarily imply misstatements. The objective of ratio analysis is to point out areas where further investigation is warranted. The auditor must satisfy himself that the accounts are fairly stated and that the change is justified. Solutions to Discussion Cases 5-26 a. The current-year audit discovered that Forestcrest Woolen Mills had not completed any construction work on the water treatment facility that must be built to comply with the consent decree from the Environmental Protection Agency. Failure to complete this facility on time can result in fines and possible plant closure under the consent decree. This situation represents a material uncertainty that is likely to be remote at this point in time. However, the auditor should determine if the client will continue work on the facility and if it can be completed within the remaining three years. If the client provides some assurance that work will start on the facility and that construction can be completed on time, the auditor will likely issue a standard unqualified audit report. The completion information can be obtained from the company’s president and its construction company. If the client will not provide assurance on 10
the future work on the facility and/or the construction cannot be completed on time, the auditor will have to consider what the potential effects of failure to comply with the consent decree might be. At this point, it is probably too early to consider issuing an audit report emphasizing a going concern uncertainty. The auditor might require that client to provide more detailed disclosure of the issue in the notes to the financial statements. b. If these facts were noted at the end of the seventh year of the consent decree, the auditor would again need information on the possible timely completion of the facility. If the facility can be completed, the auditor would most likely issue a standard report with an unmodified opinion. If, however, the facility cannot be completed on time and the penalties under the consent decree are significant enough to raise doubts about the company's continued existence, the auditor would likely issue an audit report emphasizing a going concern uncertainty.
11
5-27
1. Development of Auditor’s Expectation Four regular games 24,000 Allocation 0.7 0.2 0.1
Total attendance Total Fans 16,800 4,800 2,400 24,000
Less free 16,300 4,800 2,400 23,500
Price per Ticket 12 8 5
Four regular games UniversityAtlantic
(30% higher attendance, 20% higher ticket price)
31,200
Total attendance
Allocation 0.7 0.2 0.1
Total Fans 21,840 6,240 3,120 31,200
Norwalk UniversityUnited
Less free 21,340 6,240 3,120 30,700
Price per Ticket 14.40 9.60 6.00
Total Revenue 307,296 59,904 18,720 385,920
(20% more fans, 75% box seats, 25% upper deck)
Extra fans 3,600 1,200 4,800
Box Upper Extra fans -total Regular game revenue
Price per Ticket 12 5
Total Revenue 43,200 6,000 246,000 295,200
Palace (late evening game)
(10% higher ticket prices, 5% lower attendance)
Allocation
Less free seats and 5%
Price per Ticket
Total Revenue
15,485
13.20
204,402
0.7 12
Total Revenue 195,600 38,400 12,000 246,000 x4 984,000
Base attendance 16,800
0.2 0.1
4,800 2,400 24,000
Total estimated revenue for Oct.Dec.
4,560 2,280 22,325
8.80 5.50
40,128 12,540 257,070 $€1,922,190
2. Reported ticket revenue differs from the expectation by approximately 14.5 percent ((2,200,000 – 1,922,190)/1,922,190); this difference is material and should be investigated. One explanation for the larger than expected reported ticket revenue could be that the football team performed better than expected. In addition, perhaps the weather also was better than expected. Auditors can verify ticket sales, perhaps by comparing deposits of ticket revenue with reported attendance. The auditors also could check weather conditions on game days to ascertain whether favourable weather conditions are a plausible explanation for the higher attendance. 3. In a problem such as this, analytical procedures will be most effective when accurate expectations can be developed. From this information provided in this problem, it appears that the auditor’s knowledge of City’s ticket sales is sufficient to allow them to develop a reasonable expectation. Solutions to Internet Assignments 5-28 The Institute of Internal Auditors (IIA) home page (www.theiia.org) contains detailed information about various activities of the IIA. This includes information on the profession, certification, conferences, products, etc. A search of the Web site identified information about independence and objectivity. 5-29 A search of the Internet identified a number of potential sources for information on the mail order industry: Pegasus Research International, LLC (www.mindbranch.com/) maintains a home page that contains statistics on E-commerce and the state of the Internet. • MarketResearch.Com’s home site (www.marketresearch.com/) provides information on e-commerce and the mail order industry. • The International Society for Strategic Marketing (www.issm.org) maintains a site that contains information and statistics on international direct marketing. • Retail Net’s home page (www.retailnet.com/) provides information on the retail marketplace industry, including the catalogue and mail order industry. • Lastly, a number of the major public accounting firms have industry specialization in retail. The sites of the firms contain information on the retail industry. 5-30 The memo should include information in the text about EarthWear. The information gathered in Internet assignment 5-29 should provide additional information on the mail order industry. Chapter 3 discusses materiality for EarthWear and the various risk factors that would affect the auditor’s risk assessments. EarthWear has a strong control environment and strong internal controls over its various accounting applications (for example, revenue and purchases processes). There is a relatively low possibility for errors, fraud, or non-compliance acts. Comparison of EarthWear’s ratios to industry data indicates that EarthWear’s financial position, profitability, and solvency are excellent. 13
CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT Answers to Review Questions 6-1 From management’s perspective, the internal control provides a way to meet its stewardship or agency responsibilities. Management also needs a control system that generates reliable information for decision-making purposes. The controls that are relevant to the entity’s ability to initiate, record, process, and report financial data consistent with management’s assertions are the auditor’s main concern. The auditor needs assurances about the reliability of the data generated within the entity’s internal control system in terms of how it affects the fairness of the financial statements and how well the assets and records of the entity are safeguarded. 6-2
Internal control structure is composed of five components:
1. Control environment: The control environment sets the tone of the organization, influencing the control consciousness of its people. It is the foundation of all other components of internal control, providing discipline and structure. 2. The entity’s risk assessment process: The process for identifying and responding to business risks and the results thereof. For financial reporting purposes, the entity’s risk assessment process includes how management identifies risks relevant to the preparation of financial statements that are fairly presented in accordance with the applicable financial reporting framework, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them. 3. The Entity’s Information System and Related Business Processes Relevant to Financial Reporting, and Communication: The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting. 4. Control Activities: Control activities are the policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks to achievement of the entity’s objectives. Control activities, whether automated or manual, have various objectives and are applied at various organizational and functional levels. 5. Monitoring of Controls: It is a process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions. 6-3 Factors that affect the control environment include: Communication and enforcement of integrity and ethical values. A commitment to competence.
• •
1
Participation of those charged with governance (e.g. the board of directors or audit committee). Management’s philosophy and operating style. Organizational structure. Assignment of authority and responsibility. Human resource policies and practices.
• • • • •
6-4 The potential benefits and risks to an entity’s internal control from information technology include: Benefits: • • • • • •
Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data. Enhancement of the timeliness, availability, and accuracy of information. Facilitation of additional analysis of information. Enhancement of the ability to monitor the performance of the entity’s activities and its policies and procedures. Reduction in the risk that controls will be circumvented. Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems.
Risks: • •
• • • • •
Reliance on systems or programs that are inaccurately process data, process inaccurate data, or both. Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions. Unauthorized changes to data in master files. Unauthorized changes to systems or programs. Failure to make necessary changes to systems or programs. Inappropriate manual intervention. Potential loss of data.
6-5 A substantive audit strategy means that the auditor has made a decision not to rely on the entity’s controls and to audit the related financial statement accounts directly. Control risk is set at the maximum when a substantive audit strategy is followed. With a reliance strategy, the auditor relies on the entity’s controls and sets control risk below the maximum. The reliance strategy requires a more detailed understanding and documentation of internal control than does the substantive strategy. The auditor also plans and performs tests of controls to support the lower assessed level of control risk. 6-6 In addition to planning the audit of the financial statements, the auditors understanding of the entity’s internal control is used to (1) identify the types of potential misstatements, (2) consider factors that affect the risk of material misstatement, (3) design tests of controls, and (4) design of substantive tests. 6-7 The concept of reasonable assurance recognizes that the cost of an entity’s internal control system should not exceed the benefits that are expected to be derived. Thus, an internal control system will not detect every error that might occur because it would be too costly to design such a system. Management override of internal control, personnel errors or mistakes, and collusion are inherent limitations of internal control.
2
6-8 A numbers of tools are available to the auditor for documenting the understanding of the internal control, including copies of the entity’s procedures manuals and organizational charts, narrative descriptions, internal control questionnaires, and flowcharts. 6-9 The auditor might consider conducting substantive tests at an interim date for a number of reasons. For example, the client may want the auditor to confirm accounts receivable before year-end because of demands on the client’s staff at year-end. Alternatively, the auditor may wish to conduct substantive tests at an interim date to minimize staff overtime at year-end. The auditor should consider the following factors when substantive tests are to be completed at an interim date: • The control environment. • Relevant controls. • The objective of the substantive procedure. • The assessed risk of misstatement. • The nature of the class of transactions or account balances and related assertions. • The ability of the auditor to reduce the risk that misstatements existing at the period end are not detected by performing appropriate substantive procedures combined with tests of controls to cover the remaining period. When the auditor conducts substantive tests of an account at an interim date, additional substantive tests might include comparing the year-end account balance with the interim account balance, conducting some analytical procedures, and/or reviewing related journals and ledgers for large or unusual transactions during the remaining period. 6-10 The auditor’s responsibility is to report to those charged with governance or the appropriate level of management of material weaknesses in the design or implementation of internal control. A material weakness in internal control is one that could have a material effect on the financial statements. Solutions to Problems 6-11 a. Internal control is design and affected by those charged with governance (e.g. an entity’s board of directors), management, and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations. b. In planning an audit, the auditor should obtain an understanding of each of the components of internal control sufficient to plan the audit by performing procedures to understand the design of controls relevant to the preparation of financial statements and whether they have been placed in operation. c. An auditor may set control risk at the maximum level for some or all assertions because the auditor believes controls are unlikely to pertain to an assertion, or are unlikely to be effective, or because evaluating their effectiveness would be inefficient. d. An auditor should document the understanding of the internal control components obtained to plan the audit. The auditor should document the identified and assessed risks of material misstatements related to internal controls. When the auditor has tested the controls, the auditor documents the linkage of the tests with the assessed risks at the assertion level.
3
The manner in which these matters are documented is based on the auditor’s professional judgment. 6-12 The control environment factors (in addition to integrity and ethical values) that establish, enhance, or mitigate the effectiveness of specific controls, and their components, are: A Commitment to Competence Management must specify the competence level for a particular job and translate it into the required level of knowledge and skill. Management must then hire employees who have the appropriate competence for a job. Participation by Those Charged with Governance Those charged with governance (e.g. the board of directors, supervisory board and audit committee) significantly influence the control consciousness of the entity. Factors that affect the effectiveness of those charged with governance include the following: its independence from management, the experience and stature of its members, the extent of its involvement with and scrutiny of the entity’s activities, the appropriateness of its actions, the degree to which difficult questions are raised and pursued with management, and its interaction with the internal and external auditors. Managements’ Philosophy and Operating Style Management’s philosophy and operating style can significantly affect the quality of internal control. Characteristics that may indicate important information to the auditor about management’s philosophy and operating style include: (1) management’s approach to taking and monitoring risks, (2) management’s attitudes and actions towards financial reporting, and (3) management’s attitudes toward information processing and accounting functions and personnel. Organizational Structure The organizational structure defines how authority and responsibility are delegated and monitored. Establishing a relevant organizational structure includes considering key areas of authority and responsibility and appropriate lines of reporting. It provides a framework for planning, executing, and monitoring operations. An entity develops an organizational structure that depends on its size and the nature of its business. Assignment of Authority and Responsibility This factor includes how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. This includes policies regarding acceptable business practices, the knowledge and experience of key personnel, and the resources provided for carrying out duties. It also includes policies and communications directed toward ensuring that all personnel understand the entity’s objectives, know how their individual actions interrelate and contribute to those objectives, and recognize how and for what they will be held accountable. Human Resource Policies and Procedures The quality of internal control is a direct function of the quality of the personnel operating the system. The entity should have personnel policies for hiring, training, evaluating, counselling, promoting, compensating, and taking remedial action. 6-13
4
a. The auditor should consider a reliance strategy if evidence is available only in electronic form. However, after developing an understanding of the new system, the auditor would need to test the system to determine whether it is working as intended. If the system is working effectively, the auditor is more likely to use a reliance strategy. The auditor should also consider whether the firm’s knowledge of IT systems is sufficient to allow it to use a reliance strategy; if not, a substantive strategy may be more appropriate. The auditor should, however, be aware that it may be risks involved for which substantive procedures alone do not provide sufficient appropriate audit evidence. b. When deciding whether to hire a specialist, the auditor in this case should consider factors such as the complexity of the new system, whether the implementation of the system allows the company to engage in electronic commerce and the extent to which audit evidence is available only in electronic form. The auditor should ask the IT specialist to communicate information including how IT controls are designed and how data and transactions are initiated, recorded, processed, and reported. c. The control environment likely is not affected to a great extent by the switch to an automated system except inasmuch as the switch might signal management’s commitment to competence and willingness to improve its controls. The entity’s risk assessment is affected because the existence of an automated system creates a new set of risks, such as risks involving the design of the control system. In terms of information system and communication, the auditor will have to verify that the new system identifies and records all valid transactions and provides information sufficient for preparing accurate and complete financial statements. Control activities are important because new controls regarding the information system will have to be designed and implemented. Monitoring of controls is important because the monitors (including the internal and external auditors) will have to have sufficient knowledge of the system to be able to effectively monitor the use of the system and its outputs. 6-14 a. The strength of a narrative description is that it provides a simple, written memorandum that documents the understanding of internal control. However, this may be a weakness because it may be difficult to describe internal control in sufficient detail using words for effective analysis of internal controls and the assessment of control risk. The strength of an internal control questionnaire is that it provides a systematic and comprehensive way to evaluate internal control. A weakness of using an internal control questionnaire is that the auditor evaluates the various parts of the internal control system without an overall view of the system. A strength of using a flowchart is that it provides a diagrammatic representation of the entity’s internal control system. This facilitates the auditor’s analysis of the system’s controls. A weakness of the use of a flowchart is that it may take a considerable amount of time to complete. b. The complexity of an entity’s internal control system can affect the use of the various tools. For example, when the client’s system is very complex, it is difficult to provide adequate documentation of the system using a simple narrative description. Conversely, when the entity has a simple internal control system, completion of a detailed internal control questionnaire will result in a large number of answers being ‘no’ or ‘not applicable.’ On most audits, the auditor uses a combination of these tools.
5
6-15 a. Before applying principal substantive procedures to balance sheet accounts at 30 April, 2005, the interim date, Cook should assess the difficulty in controlling incremental audit risk. Cook should consider whether • Cook’s experience with the reliability of the accounting records and management’s integrity has been good. • Rapidly changing business conditions or circumstances may predispose General’s management to misstate the financial statements in the remaining period. • The year-end balances of accounts selected for interim testing will be predictable. • General’s procedures for analyzing and adjusting its interim balances and for establishing proper accounting cutoffs will be appropriate. • General’s accounting system will provide sufficient information about year-end balances and transactions in the final two months of the year to permit investigation of unusual transactions, significant fluctuations, and changes in balance compositions that may occur between the interim and balance sheet dates. • The cost of the substantive tests necessary to cover the final two months of the year and provide the appropriate audit assurance at year-end is substantial. • Assessing control risk at below the maximum would not be required to extend the audit conclusions from the interim date to year-end. However, if Cook assesses control risk at the maximum during the final two months, Cook should consider whether the effectiveness of the substantive tests to cover that period will be impaired. b. Cook should design the substantive procedures so that the assurance from those tests and the tests to be applied as of the interim date, and any assurance provided from the assessed level of control risk, will achieve the audit objectives at year-end. Such tests should include the comparison of year-end information with comparable interim information to identify and investigate unusual amounts. Other analytical procedures and/or substantive procedures should be performed to extend Cook’s conclusions relative to the assertions tested at the interim date to the balance sheet date. Solution to Discussion Case 6-16 a.
Preview Company’s control environment has the following strengths: Corporate management has high integrity. Preview has a code of conduct. Preview hires competent people. Management is conservative in its use of accounting principles and practices. The external auditors review controls at each division.
• • • • •
The control environment has the following weaknesses: • Divisions operate autonomously with limited monitoring (management intervenes only when planned results are not obtained). • The board of directors is not very active. • There is limited monitoring of employee compliance with the corporate code of conduct. • Employee compensation is dependent on performance. This in and of itself is not a weakness. However, with the presence of the other weaknesses, it represents a source of concern for the auditor. • Preview does not have an internal audit department.
6
b.
The following factors lead to and facilitate Harris’s manipulation of inventory: As a general manager, Harris has a high incentive to ‘look good.’ His division has had seven years of increasing profits, and his salary and bonus depend on the division’s performance. Competition in the industry is fierce, and sales prices are declining. Inventory represents a large portion of the balance sheet, and controls over inventory are weak. There is limited monitoring by corporate management, and there is no internal audit department.
•
• • •
Solution to Internet Assignments 6-17
Solution is posted on the Instructor’s web page.
6-18
Solution is posted on the Instructor’s web page
7
CHAPTER 7 AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS Answers to Review Questions 7-1 Following are management’s and the auditor’s responsibilities under Section 404 of the Sarbanes-Oxley Act of 2002: Managements Responsibilities • Accept responsibility for the effectiveness of the entity’s internal control over financial reporting. • Evaluate the effectiveness of the entity’s internal control over financial reporting using suitable control criteria. • Support its evaluation with sufficient evidence, including documentation. • Present a written assessment of the effectiveness of the entity’s internal control over financial reporting as of the end of the entity’s most recent fiscal year. Auditor’s Responsibilities • The auditor must audit and report on management’s assertion about the effectiveness of internal control. • The audit of internal control should be ‘integrated’ with the financial statement audit, and should express an opinion on management’s assertions of internal control over financial reporting. • The auditor must plan and perform the audit to obtain reasonable assurance about whether the entity maintained, in all material respects, effective internal control as of the date specified in management’s assessment. 7-2 ‘Likelihood’ refers to the probability that a misstatement will not be prevented or detected. For a significant deficiency or a material weakness to exist, the likelihood of such an occurrence must be more than remote (e.g. either ‘reasonably possible’ or ‘probable’). ‘Magnitude’ refers to the significance that the control deficiency could have on the financial statements according to the judgment of a reasonable person who considers the possibility of further undetected misstatements. If likelihood is more than remote and if the magnitude of the deficiency is more than inconsequential, then either a significant deficiency or material weakness exists depending on the magnitude of the potential effects of the deficiency on the entity’s financial statements.
1
7-3
All of the following controls would typically be tested: Controls over initiating, authorizing, recording, processing, and reporting significant accounts and disclosures and related assertions embodied in the financial statements. Controls over the selection and application of accounting policies that are in conformity with generally accepted accounting principles. Antifraud programs and controls. Controls, including IT general controls, on which other controls are dependent. Controls over significant non-routine and non-systematic transactions, such as accounts involving judgments and estimates. Company level controls, including (1) the control environment and (2) controls over the period-end financial reporting process (e.g. controls over procedures used to enter transaction totals into the general ledger; to initiate, authorize, record, and process journal entries in the general ledger; and to record recurring and nonrecurring adjustments to the financial statements).
• • • • • •
7-4 Management should document the design of controls over all relevant assertions related to all significant accounts and disclosures in the financial statements. Documentation should include a description of each control in place, the business processes to which each control relates, and the assertions addressed by each control. Finally, the results of management’s testing and evaluation should be documented. 7-5 The steps in the auditor’s process for an audit of internal control over financial reporting include: • Plan the engagement. • Evaluate management’s assessment process. • Obtain and document an understanding of internal control. • Evaluate the design effectiveness of internal control. • Test and evaluate the operating effectiveness of internal control. • Form an opinion on the effectiveness of internal control. 7-6 The auditor should classify the significant processes and major classes of transactions by transaction type: routine, non-routine, and estimation. For each significant business process, the auditor should: • Understand the flow of transactions. • Identify the points within the process at which a misstatement related to each relevant financial statement assertion could arise. • Identify the controls that management has implemented to address these potential misstatements. • Identify the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets (AS2, ¶74).
2
7-7 The period-end financial reporting process controls include procedures used to enter transaction totals into the general ledger; initiate, authorize, record, and process journal entries in the general ledger; record recurring and nonrecurring adjustments to the annual and quarterly financial statements; and draft annual and quarterly financial statements and related disclosures. The auditor’s evaluation of the period-end financial reporting process includes the inputs, procedures performed, and outputs of the processes the company uses to produce its annual and quarterly financial statements. The auditor should also consider the extent of IT involvement in each period-end financial reporting process element, who participates from management, the number of locations involved, types of adjusting entries, and the nature and extent of the oversight of the process by appropriate parties, including management, the board of directors, and the audit committee. 7-8 Walkthroughs help the auditor to confirm his or her understanding of control design and transaction process flow, to determine whether all points at which misstatements could occur have been identified, to evaluate the effectiveness of the design of controls, and to confirm whether controls have been placed in operation (AS2, ¶79). 7-9 The circumstances that should be regarded as at least significant deficiencies and as strong indicators of a material weakness include: • Restatement of previously issued financial statements to reflect the correction of a misstatement. • Identification by the auditor of a material misstatement in financial statements in the current period that was not initially identified by the company’s internal control over financial reporting. • Oversight of the company’s external financial reporting and internal control over financial reporting by the company’s audit committee is ineffective. • The internal audit function or the risk assessment function is ineffective at a company for which such a function needs to be effective for the company to have an effective monitoring or risk assessment component, such as for very large or highly complex companies. • For complex entities in highly regulated industries, an ineffective regulatory compliance function. This relates solely to those aspects of the ineffective regulatory compliance function in which associated violations of laws and regulations could have a material effect on the reliability of financial reporting. • Identification of fraud of any magnitude on the part of senior management. • Significant deficiencies that have been communicated to management and the audit committee remain uncorrected after some reasonable period of time. • An ineffective control environment. (AS2, ¶140) These circumstances are ‘red flags’ for potential problems in the control environment. Because the nature of the audit report depends on the significance of such weaknesses, the PCAOB does not want them to be overlooked. 7-10 When evaluating the competence and objectivity of others, the auditor should consider the following factors: Competence: • Their educational level and professional experience. • Their professional certification and continuing education. • Practices regarding the assignment of individuals to work areas. 3
Supervision and review of their activities. Quality of the documentation of their work, including any reports or recommendations issued. Evaluation of their performance.
• • •
Objectivity: • The organizational status of the individuals responsible for the work of others in testing controls, including— a. Whether the testing authority reports to an officer of sufficient status to ensure sufficient testing coverage and adequate consideration of, and action on, the findings and recommendations of the individuals performing the testing. b. Whether the testing authority has direct access and reports regularly to the board of directors or the audit committee. c. Whether the board of directors or the audit committee oversees employment decisions related to the testing authority. • Policies to maintain the individuals’ objectivity about the areas being tested, including— a. Policies prohibiting individuals from testing controls in areas in which relatives are employed in important or internal control sensitive positions. b. Policies prohibiting individuals from testing controls in areas to which they were recently assigned or are scheduled to be assigned upon completion of their controls testing responsibilities. (AS2, ¶119-120) 7-11 AS2 requires that the auditor appropriately document the processes, procedures, judgments, and results relating to the audit of internal control. The auditor’s documentation must include the auditor’s understanding and evaluation of the design of each of the components of the entity’s internal control over financial reporting. The auditor also documents the process used to determine, and the points at which misstatements could occur within, significant accounts, disclosures, and major classes of transactions. The auditor must justify and document the extent to which he or she relied upon work performed by others. Finally, the auditor must describe the evaluation of any deficiencies discovered as well as any other findings that could result in a modification to the auditor’s report. (AS2, ¶159) 7-12 The auditor’s report contains opinions on two separate items: (1) management’s assessment of the effectiveness of internal control over financial reporting, and (2) the effectiveness of internal control over financial reporting based on the auditor’s independent audit work. Similar to reports relating to the financial statement audit, the basic options for the opinions are unqualified, qualified, and adverse. The auditor’s opinion relating to management’s assessment simply depends on whether the auditor agrees with management’s conclusion regarding the effectiveness of internal control over financial reporting. If the auditor agrees, the opinion on management’s assessment will be unqualified. If the auditor disagrees, the opinion will be adverse. With respect to the auditor’s opinion on the effectiveness of a client’s internal control, an unqualified opinion signifies that the client’s internal control is designed and operating effectively in all material respects. Significant deficiencies relate to possible financial statement errors that are less than material, and therefore do not require a departure from an unqualified opinion. A qualified opinion is issued under certain circumstances involving limitations on the scope of the auditor’s work; however, serious scope limitations require the auditor to disclaim an opinion. An adverse opinion is required if a material weakness is identified. Figure 7-3 illustrates the types of auditor’s reports and the circumstances leading to each.
4
7-13 The auditor should take into account all of the following items when deciding which locations or business units to test: • The relative financial significance of each location or business unit. • The risk of material misstatement arising from each location or business unit. • The similarity of business operations and internal control over financial reporting at the various locations or business units. • The degree of centralization of processes and financial reporting applications. • The effectiveness of the control environment, particularly management’s direct control over the exercise of authority delegated to others and its ability to effectively supervise activities at the various locations or business units. An ineffective control environment over the locations or business units might constitute a material weakness. • The nature and amount of transactions executed and related assets at the various locations or business units. • The potential for material unrecognized obligations to exist at a location or business unit and the degree to which the location or business unit could create an obligation on the part of the company. • Management’s risk assessment process and analysis for excluding a location or business unit from its assessment of internal control over financial reporting. (AS2, ¶ B10) 7-14 When a significant period of time has elapsed between the time period covered by the tests of controls in the service auditor’s report and the date of management’s assessment, additional procedures should be performed. The auditor should consider the results of relevant procedures performed by management or the auditor, how much time has passed since the service auditor’s report, the significance of the activities of the service organization, whether errors have been identified in the service organization’s processing, and the nature and significance of any changes in the service organization’s controls. As these factors increase in significance, the need for the auditor to obtain additional evidence increases. 7-15 Generalized audit software (GAS) includes programs that allow the auditor to perform tests on computer files and databases. It was developed so that auditors would be able to conduct similar computer-assisted audit techniques in different IT environments. Custom audit software is generally written by auditors for specific audit tasks. Such programs are necessary when the entity’s computer system is not compatible with the auditor’s GAS or when the auditor wants to conduct some testing that may not be possible with the GAS. Some functions that can be performed by GAS are: (1) file or database access, (2) selection of transactions that meet certain criteria, (3) arithmetic functions, (4) statistical analyses, and (5) report generation. Solutions to Problems 7-16 Control 1: Monthly Manual Reconciliation Nature, Timing, and Extent of Procedures. Objective of the Test: To determine whether misstatements in accounts receivable (existence, valuation, and completeness) would be detected on a timely basis. Test the company’s reconciliation control by selecting a sample of reconciliations based upon the number of accounts, the dollar value of the accounts, and the volume of transactions affecting the account. Perform the following tests on the reconciliation process: 5
a. Make inquiries of personnel performing the control. Ask the employee performing the reconciliation the following questions: • What documentation describes the account reconciliation process? • How long have you been performing the reconciliation work? • What is the reconciliation process for resolving reconciling items? • How often are the reconciliations formally reviewed and signed off? • If significant issues or reconciliation problems are noticed, to whose attention do you bring them? • On average, how many reconciling items are there? • How are old reconciling items treated? • If need be, how is the system corrected for reconciling items? • What is the general nature of these reconciling items? b. Observe the employee performing the control. For nonrecurring reconciling items, observe whether each item included a clear explanation as to its nature, the action that had been taken to resolve it, and whether it had been resolved on a timely basis. c. Reperform the control for two months by inspecting the reconciliations and reperforming the reconciliation procedures. Scan through the file of all reconciliations prepared during the year and note that they had been performed on a timely basis. d. Make inquiries of company personnel and determined that the reconciliation procedures have not changed from interim to year-end. Control 2: Daily Manual Preventive Control Nature, Timing, and Extent of Procedures. Objective of the Test: To determine whether misstatements in cash (existence) and accounts payable (existence, valuation, and completeness) would be prevented on a timely basis. Test the control over making a cash disbursement only after matching the invoice with the receiver and purchase. Select 25 disbursements (voucher packages) from the cash disbursement registers from January through September. Performed the following procedures: a. Examine the invoice to see if it includes the signature or initials of the accounts payable clerk, evidencing the clerk’s performance of the matching control. b. Reperformed the matching control corresponding to the signature by examining the invoice to determine that (a) its items matched to the receiver and purchase order and (b) it was mathematically accurate. c. Update the testing through the end of the year by asking the accounts payable clerk whether the control was still in place and operating effectively. Perform a walkthrough of one transaction in December. Control 3: Programmed Preventive Control and Weekly Information TechnologyDependent Manual Detective Control Nature, Timing, and Extent of Procedures.
6
Objective of the Test: To determine whether misstatements in cash (existence) and accounts payable/inventory (existence, valuation, and completeness) would be prevented or detected on a timely basis. Test the programmed application control of matching the receiver, purchase order, and invoice as well as the review and follow-up control over unmatched items. To test the programmed application control, perform the following procedures: a. Identify, through discussion with company personnel, the software used to process receipts and purchase invoices. b. Determine, through further discussion with company personnel, that they do not modify the core functionality of the software, but sometimes make personalized changes to reports to meet the changing needs of the business. c. Establish, through further discussion, that the inventory module operated the receiving functionality, including the matching of receipts to open purchase orders. d. Identify, through discussions with the client and review of the supplier’s documentation, the names, file sizes (in bytes), and locations of the executable files (programs) that operate the functionality under review. e. Identify the objectives of the programs to be tested; i.e. whether appropriate items are received (for example, match a valid purchase order), appropriate purchase invoices are posted (for example, match a valid receipt and purchase order, non-duplicate reference numbers) and unmatched items (for example, receipts, orders or invoices) are listed on the exception report. f. Determine whether the programmed control is operating effectively by performing a walkthrough in the month of July. Test the detect control of review and follow up on the Unmatched Items Report, by performing the following procedures in the month of July for the period January to July: a. Make inquiries of the employee who follows up on the weekly-unmatched items reports and determine why items appear on it. b. Observed the performance of the control. c. Reperformed the control. d. Determine that the company had not made significant changes in their controls from interim to year-end by discussing with company personnel the procedures in place for making such changes. 7-17 a. Based only on these facts, this deficiency represents a significant deficiency for the following reasons: The magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be more than inconsequential, but less than material, because individual sales transactions are not material and the compensating detective controls operating monthly and at the end of each financial reporting period should reduce the likelihood of a material misstatement going undetected. Furthermore, the risk of material misstatement is limited to revenue recognition errors related to shipping terms as opposed to broader sources of error in revenue recognition. However, the compensating detective controls are only designed to detect material misstatements. The controls do not effectively address the detection of misstatements that are more than inconsequential but less than material, as evidenced by situations in which transactions that were not material were improperly recorded. Therefore, there is a more than remote likelihood that a misstatement that is more than inconsequential but less than material could occur. (See AS2, A-138, Example D2 – Scenario A.) 7
b. Based only on these facts, this deficiency represents a material weakness for the following reasons: The magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material, because individual sales transactions are frequently material, and gross margin can vary significantly with each transaction (which would make compensating detective controls based on a reasonableness review ineffective). Additionally, improper revenue recognition has occurred, and the amounts have been material. Therefore, the likelihood of material misstatements occurring is more than remote. Taken together, the magnitude and likelihood of misstatement of the financial statements resulting from this internal control deficiency meet the definition of a material weakness. (See AS2, A-139, Example D2 – Scenario B.) c. Based on only these facts, this deficiency represents a material weakness for the following reasons: The magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material, because the frequency of occurrence allows insignificant amounts to become material in the aggregate. The likelihood of material misstatement of the financial statements resulting from this internal control deficiency is more than remote (even assuming that the amounts were fully reserved for in the company’s allowance for uncollectible accounts) due to the likelihood of material misstatement of the gross accounts receivable balance. Therefore, this internal control deficiency meets the definition of a material weakness. (See AS2, A-139, Example D2 – Scenario C.) 7-18 a. Based only on these facts, the combination of these significant deficiencies represents a material weakness for the following reasons: Individually, these deficiencies were evaluated as representing a more than remote likelihood that a misstatement that is more than inconsequential, but less than material, could occur. However, each of these significant deficiencies affects the same set of accounts. Taken together, these significant deficiencies represent a more than remote likelihood that a material misstatement could occur and not be prevented or detected. Therefore, in combination, these significant deficiencies represent a material weakness. (See AS2, A-140, Example D3 – Scenario A.) b. Based only on these facts, the auditor should determine that the combination of these significant deficiencies represents a material weakness for the following reasons: • The balances of the loan accounts affected by these significant deficiencies have increased over the past year and are expected to increase in the future. • This growth in loan balances, coupled with the combined effect of the significant deficiencies described, results in a more than remote likelihood that a material misstatement of the allowance for credit losses or interest income could occur. Therefore, in combination, these deficiencies meet the definition of a material weakness. (See AS2, A-140-141, Example D2 – Scenario B.) 7-19 a. If the lack of an adequate antifraud program is considered a material deficiency by the auditor because of increased risk, then the auditor should issue an adverse opinion. However, if it is only considered to be a significant deficiency, then an unqualified report can be issued. b.
An unqualified report should be issued as no control deficiencies were identified.
c. Because the auditor identified a material misstatement in the financial statements, an adverse report on Fritz’s internal control over financial reporting must be issued. 8
d. The auditor must determine the magnitude of the possible misstatement of non-routine sales. If it is determined to be material then an adverse opinion should be issued. However, if materiality is not a concern, an unqualified opinion may be given. e. Most likely an adverse opinion would be issued, unless the risk of compliance violations was not material. 7-20 a. The auditor must determine whether the restatements are significant or material deficiencies. If material, an adverse opinion will be issued, otherwise an unqualified report may be given. b. If other controls over financial reporting are present, the auditor may issue an unqualified opinion. However, if the deficiency carries a high risk of material misstatement, then an adverse opinion should be issued. c. The auditor would most likely issue an adverse opinion because of the importance of the audit committee in the control process. d. If the ineffective monitoring component is a material deficiency, then an adverse opinion should be issued. Otherwise, an unqualified opinion may be given. e. The significance of financial fraud by the CFO is a material weakness and an adverse opinion should be issued. f. Depending on the amount of risk of material misstatement due to the ineffective control environment, the auditor will issue an adverse opinion or an unqualified opinion. g. Given the lack of management’s concern for internal control, an adverse opinion should be issued. 7-21 a. The auditor does not agree with Barns Security Systems management assessment and should therefore issue an adverse opinion. b. As long as the auditor agrees with company’s assessment of controls, an unqualified report can be issued. However, AS2 paragraph 166 indicates that controls must operate for a sufficient time period to accommodate management and auditor testing. This does not appear to be possible in the scenario when the changes were made after management’s assessment. c. The auditor should issue an adverse opinion if he or she does not believe sufficient time has passed to gather sufficient, competent evidence that the control deficiencies have been corrected. 7-22 The audit report should include the proper title; introductory, scope, definition, limitations, opinion, and explanatory paragraphs; and should describe the reason for the material weakness. An example can be found in Exhibit 7-5. 7-23 The audit report should include the proper title; introductory, scope, definition, limitations, and opinion paragraphs; and should describe the reason for the material weakness. An example can be found in Exhibit 18-20. 7-24 a. b. c.
2 3 1
7-25 The substantive auditing procedures Brown may consider performing include the following:
9
Using the perpetual inventory file: • Recalculate the beginning and ending balances (prices x quantities), foot, and print out a report to be used to reconcile the totals with the general ledger (or agree beginning balance with the prior year’s working papers). • Calculate the quantity balances as of the physical inventory date for comparison to the physical inventory file. (Alternatively, update the physical inventory file for purchases and sales from 6 January to 31 January, 2005, for comparison to the perpetual inventory at 31 January, 2005.) • Select and print out a sample of items received and shipped for the periods (1) before and after 5 January and 31 January, 2005, for cutoff testing, (2) between 5 January and 31 January, 2005, for vouching or analytical procedures, and (3) prior to 5 January, 2005, for tests of details or analytical procedures. • Compare quantities sold during the year to quantities on hand at year-end. Print out a report of items for which turnover is less than expected. (Alternatively, calculate the number of days’ sales in inventory for selected items.) • Select items noted as possibly unsalable or obsolete during the physical inventory observation and print out information about purchases and sales for further consideration. • Recalculate the prices used to value the year-end FIFO inventory by matching prices and quantities to the most recent purchases. • Select a sample of items for comparison to current sales prices. • Identify and print out unusual transactions. (These are transactions other than purchases or sales for the year, or physical inventory adjustments as of 5 January, 2005.) • Recalculate the ending inventory (or selected items) by taking the beginning balances plus purchases, less sales (quantities and /or amounts), and print out the differences. • Recalculate the cost of sales for selected items sold during the year. Using the physical inventory and test count files: • Account for all inventory tag numbers used and print out a report of missing or duplicate numbers for follow-up. • Search for tag numbers noted during the physical inventory observation as being voided or not used. • Compare the physical inventory file to the file of test counts and print out a report of differences for the auditor follow-up. • Combine the quantities for each item appearing on more than one inventory tag number for comparison to the perpetual file. • Compare the quantities on the file to the calculated quantity balances on the perpetual inventory file as of 5 January, 2005. (Alternatively, compare the physical inventory file updated to year-end to the perpetual inventory file.) • Calculate the quantities and dollar amounts of the book-to-physical adjustments for each item and the total adjustment. Print out a report to reconcile the total adjustment to the adjustment recorded in the general ledger before year-end. • Using the calculated book-to-physical adjustments for each item, compare the quantity and dollar amount of each adjustment to the perpetual inventory file as of 5 January, 2005, and print out a report of differences for follow-up. INTERNET ASSIGNMENTS 7-26 The opinion paragraph of the audit report will indicate whether the report is for both audits. Note that even separate reports on each of the audits (of financial statements and controls) will refer to the conclusion reached on the other audit.
10
7-27 The opinion paragraph of an integrated audit will indicate the auditor’s opinion with respect to the effectiveness of internal control.
11
CHAPTER 8 AUDIT SAMPLING: AN OVERVIEW AND APPLICATION TO TESTS OF CONTROLS Answers to Review Questions 8-1 Audit sampling is the application of an audit procedure to less than 100 per cent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. The justification for accepting some uncertainty from sampling is due to the trade-off between the cost to examine all of the data and the cost of making an incorrect decision based on a sample of the data. 8-2 Type I and Type II errors are the two types of decision errors an auditor can make when deciding that sample evidence supports or does not support a test of controls or a substantive test based on a sampling application. In reference to a test of controls Type I and Type II errors are: • Risk of incorrect rejection (Type I): the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control. Also commonly referred to as the risk of assessing control risk too high or the risk of underreliance. • Risk of incorrect acceptance (Type II): the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control. Also commonly referred as the risk of assessing control risk too low or the risk of overreliance. In reference to substantive tests Type I and Type II errors as follows: • Risk of incorrect rejection (Type I): the risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated. • Risk of incorrect acceptance (Type II): the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when it is materially misstated. The risk of incorrect rejection relates to the efficiency of the audit because such errors can result in the auditor’s conducting more audit work than necessary in order to reach the correct conclusion. The risk of incorrect acceptance relates to the effectiveness of the audit because such errors can result in the auditor failing to detect a material misstatement in the financial statements. This can lead to litigation against the auditor by the parties who relied on the financial statements.
1
8-3 • • • • • • • 8-4
Audit evidence choices that do not involve audit sampling include: Analytical procedures. Scanning. Inquiry. Observation. Procedures applied to every item in the population. Classes of transactions or account balances not tested. Tests of automated information technology controls. Non-statistical sampling is an approach in which the auditor uses a haphazard selection technique or uses judgment in either or both of the following steps: • Determining the sample size • Calculating the computed upper deviation rate
Non-statistical sampling doesn’t require the use of statistical theory to determine sample size or in the evaluation of sampling risk. Statistical sampling, on the other hand, uses the laws of probability to determine sample size, to select, and to evaluate the results of an audit sample. The use of statistical theory permits the auditor to quantify the sampling risk for the purpose of reaching a conclusion about the population. The major advantages of a statistical sampling application are that it helps the auditor (1) design an efficient sample, (2) measure the sufficiency of evidence obtained, and (3) quantify sampling risk. The disadvantages of statistical sampling include the additional costs of (1) training auditors in the proper use of sampling techniques and (2) the added complexity of designing and conducting the sampling application. 8-5 Attribute sampling is used to estimate the proportion of a population that possesses a specified characteristic. For tests of controls, the auditor wants to measure the deviation rate to determine whether the control activity can be relied upon to properly process accounting transactions and therefore support the auditor’s assessed level of control risk. 8-6 Once the population has been defined, the auditor must determine (1) that the physical representation of the population is complete, (2) the period to be covered by the test, and (3) whether to conduct additional tests in the remaining period.
2
8-7
The four factors that enter into the sample size decision and their relationship with sample size are:
Factor
Relationship to Sample Size
The risk of incorrect rejection
Inverse
The tolerable deviation rate
Inverse
The expected population deviation rate
Direct
The population size
Decreases sample size only when population size is small (
View more...
Comments
