Auditing: An International Approach, 7th Canadian Edition - FULL TEXTBOOK PDF
Short Description
Full Textbook...
Description
Auditing A N I N T E R N AT I O N A L A P P R O A C H
Wally J. Smieliauskas, Ph.D., C.P.A., C.F.E. Joseph L. Rotman School of Management University of Toronto
Kathryn Bewley, Ph.D., C.P.A., C.A. Ted Rogers School of Business Management Ryerson University
WWW.TEX-CETERA.COM
Auditing: An International Approach Seventh Edition Copyright © 2016, 2013, 2010, 2007, 2004, 2001, 1998 by McGraw-Hill Ryerson Limited. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, or stored in a data base or retrieval system, without the prior written permission of McGraw-Hill Ryerson Limited, or in the case of photocopying or other reprographic copying, a licence from The Canadian Copyright Licensing Agency (Access Copyright). For an Access Copyright licence, visit www.accesscopyright.ca or call toll free to 1-800-893-5777. The Internet addresses listed in the text were accurate at the time of publication. The inclusion of a website does not indicate an endorsement by the authors or McGraw-Hill Ryerson, and McGraw-Hill Ryerson does not guarantee the accuracy of information presented at these sites. For all CPA Canada exhibits: Reprinted (or adapted) with permission of Chartered Professional Accountants of Canada, Toronto, Canada. Any changes to the original material are the sole responsibility of the author (and/or publisher) and have not been reviewed or endorsed by CPA Canada. ISBN-13: 978-1-25-908746-2 ISBN-10: 1-25-908746-8 1 2 3 4 5 6 7 8 9 0 TCP 1 9 8 7 6 Printed and bound in Canada. Care has been taken to trace ownership of copyright material contained in this text; however, the publisher will welcome any information that enables it to rectify any reference or credit for subsequent editions. Director of Product Management: Rhondda McNabb Product Manager: Keara Emmett Executive Marketing Manager: Joy Armitage Taylor Product Developer: Amy Rydzanicz Photo/Permissions Research: Tracy Leonard Product Team Associate: Stephanie Giles Supervising Editor: Joanne Limebeer Copy Editor: Julia Cochrane Plant Production Coordinator: Michelle Saddler Manufacturing Production Coordinator: Emily Hickey Cover Design: Dave Murphy Cover Image: Jose Luis Pelaez/Getty Images Interior Design: Dave Murphy Page Layout: SPi Global Printer: Transcontinental Printing Group
WWW.TEX-CETERA.COM
Wally Smieliauskas dedicates this book to Reid and Lucas.
Kathryn Bewley dedicates this book to all the auditing students, educators, and practitioners who work so hard to keep auditing essential.
WWW.TEX-CETERA.COM
About the Authors Wally J. Smieliauskas is a professor of accounting at the University of Toronto, where he has been a member of the faculty since 1979. He has published articles on a variety of auditing, accounting, and education issues. At the University of Toronto, Professor Smieliauskas developed the first degree-credit introductory auditing course (in 1981) and the first advanced auditing course (in 1990). In 1988 he was the first director of the MBA Co-op Program in Professional Accounting, a position he held until 1993. The program is designed to facilitate the entry of undergraduates from various fields into the profession and to provide a broader management education as well as specialized training in accounting, auditing, and tax topics. It has evolved to become the Master of Management & Professional Accounting (MMPA) program now offered through the University of Toronto’s Mississauga campus. Kathryn Bewley has been a professor of accounting and auditing at Ryerson University since 2010 and had previously taught at York University since 1991. She is a member of CPA Ontario and began her career in auditing with Clarkson Gordon in Toronto. Professor Bewley received her Ph.D. from the University of Waterloo. Her main research focus is on the impact of regulations, including auditing standards, on the information companies report and how people use that information, with a particular interest in environmental reporting. Her work has been published in several professional and academic journals.
iv
WWW.TEX-CETERA.COM
BRIEF CONTENTS Preface
xvi
PART 1 Introduction to Auditing, Public Practice, and Professional Responsibilities CHAPTER 1
Introduction to Auditing 1
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
CHAPTER 4
Reports on Audited Financial Statements 125
38
75
PART 2 Basic Auditing Concepts and Techniques CHAPTER 5
Preliminary Audit Planning: Understanding the Auditee’s Business 169
CHAPTER 6
Assessing Risks in an Audit Engagement 243
CHAPTER 7
Internal Control over Financial Reporting 315
CHAPTER 8
Audit Evidence and Assurance 361
CHAPTER 9
Control Assessment and Testing 423
CHAPTER 10
Audit Sampling
493
PART 3 Performing the Audit CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance 553
CHAPTER 12
The Purchases, Payables, and Payments Process 630
CHAPTER 13
Payroll and Production Processes 699
CHAPTER 14
The Finance and Investment Process 756
CHAPTER 15
Completing the Audit Work
CHAPTER 16
Applying Professional Judgment to Form the Audit Opinion and Issue the Audit Report 849
809
PART 4 Advanced Issues in Professional Public Accounting Practice (on Connect) CHAPTER 17
Other Public Accounting Services and Reports—Reviews and Compilations 894
CHAPTER 18
Professional Rules of Conduct Details and Auditor Responsibilities
CHAPTER 19, PART I CHAPTER 19, PART II
922
The Audit of Accounting Estimates: Basic Material Relating to Accounting Estimates 946 The Audit of Accounting Estimates: Advanced Issues in the Audit of Accounting Estimates
976
CHAPTER 20
Legal Liability Cases 1015
CHAPTER 21
Other Professional Accounting Services and Reports, Including Fraud Auditing 1052
Key Terms KT-1 Index
IN-1 v
WWW.TEX-CETERA.COM
CONTENTS Preface
xvi
PART 1 Introduction to Auditing, Public Practice, and Professional Responsibilities CHAPTER 1
Introduction to Auditing Learning Objectives
1 1
The Essentials of Auditing, Public Practice, and Professional Responsibilities Introduction: The Concept of Auditing
4
User Demand for Reliable Information
9
Definitions of Auditing
13
Kinds of Audits and Auditors Public Accounting
3
22
27
International Auditing 31 Application Case with Solution & Analysis: The Auditor’s Most Important Quality 32 Summary 32 Key Terms 33 Multiple-Choice Questions for Practice and Review 34 Exercises and Problems 35 Appendix 1A: How to Become a Professional Accountant in Canada (on Connect) Appendix 1B: Alternative Theories of the Role of Auditing in Society (on Connect) CHAPTER 2
Auditors’ Professional Roles and Responsibilities Learning Objectives
38
38
The Essentials of Auditors’ Professional Roles and Responsibilities The Current Environment of Auditing Regulation of Public Accounting
40
42
46
Practice Standards 50 Generally Accepted Auditing Standards
50
Assurance Standards 61 Quality Control Standards 64 Application Case with Solution & Analysis: Which Generally Accepted Auditing Standard Is Most Important? 66 Summary 67 Key Terms 67 Multiple-Choice Questions for Practice and Review 68 Exercises and Problems 70 Appendix 2A: Generally Accepted Auditing Standards of the United States (on Connect) Appendix 2B: Implementation of Quality Control Standards in Canada (on Connect) vi
WWW.TEX-CETERA.COM
Contents
CHAPTER 3
vii
Auditors’ Ethical and Legal Responsibilities Learning Objectives
75
75
The Essentials of Auditors’ Ethical and Legal Responsibilities Introduction
77
79
General Ethics
80
Codes of Professional Ethics Independence and Objectivity
88 94
The Legal Environment and Auditor Legal Responsibilities
102
Liability under Common Law 103 Statutory Law Liability 108 Application Case with Solution & Analysis: Burden of Proof Concept in Law and Auditing 112 Summary 114 Key Terms 115 Multiple-Choice Questions for Practice and Review 116 Exercises and Problems 118 Discussion Cases 121 Appendix 3A: Framework for Critical Thinking (on Connect) CHAPTER 4
Reports on Audited Financial Statements Learning Objectives
125
125
The Essentials of Reports on Audited Financial Statements The Association Framework
127
130
Auditor’s Reports and Variations
136
Audit Report Reservations 145 Application Case with Solution & Analysis: Meaning of the Words “Present Fairly” in the Auditor’s Report 153 Summary 155 Key Terms 156 Multiple-Choice Questions for Practice and Review 156 Exercises and Problems 158 Appendix 4A: The Standard Unmodified Report of the Public Company Accounting Oversight Board/American Institute of CPAs 165 Appendix 4B: The Auditor’s Standard Report for Use before December 15, 2016 166 Appendix 4C: Reporting on the Application of Accounting Principles
167
PART 2 Basic Auditing Concepts and Techniques CHAPTER 5
Preliminary Audit Planning: Understanding the Auditee’s Business Learning Objectives
169
169
Preview of Parts 2 and 3 of the Text: Planning and Performing the Audit 171 The Essentials of Preliminary Audit Planning and Understanding the Auditee’s Business 172
WWW.TEX-CETERA.COM
viii
Contents
The Independent Financial Statement Audit 176 Independent Audit Engagement Characteristics Audit Engagement Acceptance Decision
178
179
Understanding the Auditee’s Business, Environment, and Risks Preliminary Analytical Procedures for Audit Planning Materiality Levels for Audit Planning
187
196
203
Documenting the Overall Audit Strategy and Audit Plan 213 Application Case with Solution & Analysis: Audit Engagement Acceptance Decision 219 Summary 223 Key Terms 224 Multiple-Choice Questions for Practice and Review 224 Exercises and Problems 227 Discussion Cases 230 Appendix 5A: Selected Financial Ratios
237
Appendix 5B: Example of an Audit Engagement Letter CHAPTER 6
238
Assessing Risks in an Audit Engagement Learning Objectives
243
243
The Essentials of Assessing Risks in an Audit Engagement
245
Business Risk and the Risk of Material Misstatement of the Financial Statements 250 Financial Statement Assertions and Audit Objectives The Audit Risk Model and Its Components Working with the Audit Risk Model
257
268
275
Accounting Processes and the Financial Statements 280 Application Case with Solution & Analysis: Business Risk Analysis and Audit Implications 285 Summary 291 Key Terms 291 Multiple-Choice Questions for Practice and Review 292 Exercises and Problems 296 Discussion Cases 297 Appendix 6A: Business Risk Factors Used to Assess the Risk of Material Misstatement 307 Appendix 6B: Corporate Governance (on Connect) CHAPTER 7
Internal Control over Financial Reporting Learning Objectives
315
315
The Essentials of Internal Control over Financial Reporting Understanding Internal Control
317
319
How Internal Control Relates to the Risk of Material Misstatement
327
Fraud Risk Assessment 331 Auditors’ Responsibilities for Detecting Frauds, Errors, and Illegal Acts Conditions that Make Fraud Possible, Even Easy
WWW.TEX-CETERA.COM
341
334
Contents
ix
Application Case with Solution & Analysis: Overstate the Inventory; Understate the Cost of Goods Sold 347 Summary 349 Key Terms 350 Multiple-Choice Questions for Practice and Review 350 Exercises and Problems 354 Discussion Cases 356
Appendix 7A: Risk and Internal Control Frameworks (on Connect) Appendix 7B: Procedures and Documents Auditors use for Fraud Detection (on Connect) CHAPTER 8
Audit Evidence and Assurance Learning Objectives
361
361
The Essentials of Audit Evidence
363
Evidence-Gathering Audit Procedures
365
Business Information Sources and Methods
377
Sufficient Appropriate Evidence in Auditing
381
Audit Plan and Detailed Programs
386
Audit Documentation 391 Application Case with Solution & Analysis: Review of an Audit Plan 399 Summary 408 Key Terms 408 Multiple-Choice Questions for Practice and Review 409 Exercises and Problems 411 Discussion Cases 415 CHAPTER 9
Control Assessment and Testing Learning Objectives
423
423
The Essentials of Control Assessment and Testing 425 Internal Control Assessment for Planning the Audit
428
Management versus Auditor Responsibility for Control Reasons for Control Evaluation
428
430
Phase 1—Understanding Controls
438
Phase 2—Assessing Control Risk 447 Phase 3—Control Testing
458
Auditor’s Responsibility to Report Internal Control Deficiencies and Fraud Risks Application Case with Solution & Analysis: Information Systems and Controls in a Small Business 466 Summary 469 Key Terms 470 Multiple-Choice Questions for Practice and Review 470 Exercises and Problems 473 Discussion Cases 479 Appendix 9A: Internal Control Assessment Aids for Audit Planning
486
Appendix 9B: Understanding Information Systems and Technology for Risk and Control Assessment (on Connect)
WWW.TEX-CETERA.COM
463
x
Contents
CHAPTER 10
Audit Sampling
493
Learning Objectives
493
The Essentials of Audit Sampling Introduction to Audit Sampling
495 503
Test of Controls for Assessing Control Risk 513 Sampling Steps for Tests of Control 513 Substantive Procedures for Auditing Account Balances
527
Sampling Steps for an Account Balance Audit 529 Application Case with Solution & Analysis: Auditors Accused of Not Doing Sufficient Testing 540 Summary 541 Key Terms 541 Multiple-Choice Questions for Practice and Review 542 Exercises and Problems 544 Discussion Cases 547 Critical Thinking 548 Appendix 10A: Statistical Sampling Tables
549
Appendix 10B: More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances (on Connect)
PART 3 Performing the Audit CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance Learning Objectives
553
553
Preview of Part 3: Linking Audit Planning to Performing an Independent Financial Statement Audit 555 The Essentials of Auditing a Business’s Revenues, Receivables, and Receipts Process 559 Understanding the Revenues, Receivables, and Receipts Process Control Risk Assessment
560
567
Example of Linking Risk Assessment to Substantive Audit Procedures for Audit of Cash Account Balance 574 Substantive Audit Programs for the Revenues, Receivables, and Receipts Process Analysis of Financial Statement Relationships
579
582
Misstatement Analysis 582 Special Note: The Existence Assertion Special Note: Using Confirmations
583
584
Special Note: Audit of Bank Reconciliations 593 Application Case with Solution & Analysis: Detecting Misstatements in the Revenues, Receivables, and Receipts Process 597 Summary 604 Key Terms 605 Multiple-Choice Questions for Practice and Review 605 Exercises and Problems 608 Discussion Cases 610
WWW.TEX-CETERA.COM
Contents
xi
Appendix 11A: Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process 623 Appendix 11B: System Documentation Examples for the Revenues, Receivables, and Receipts Process 627 Appendix 11C: Example of an Audit Engagement File Index (on Connect) CHAPTER 12
The Purchases, Payables, and Payments Process Learning Objectives
630
630
The Essentials of Auditing a Business’s Purchases, Payables, and Payments Process 632 Understanding the Purchases, Payables, and Payments Process
634
Control Risk Assessment 640 Substantive Audit Programs for the Purchases, Payables, and Payments Process
646
Special Note: Physical Inventory Observation and Audit of Inventory and Cost of Sales 654 Special Note: Audit of Property, Plant, and Equipment and Intangible Assets
658
Special Note: The Completeness Assertion for Liabilities 663 Application Case with Solution & Analysis: Detecting Misstatements in the Purchases, Payables, and Payments Process 665 Summary 674 Key Terms 674 Multiple-Choice Questions for Practice and Review 675 Exercises and Problems 678 Discussion Cases 682 Appendix 12A: Internal Control Questionnaires for the Purchases, Payables, and Payments Process 694 CHAPTER 13
Payroll and Production Processes Learning Objectives
699
699
The Essentials of Auditing the Payroll Process and the Production Costing Process 701 Risk Assessment for the Payroll and Production Processes Section I: Understanding the Payroll Process
702
705
Control Risk Assessment 711 Substantive Audit Program for Payroll
716
Section II: Understanding the Production Process 718 Control Risk Assessment 724 Substantive Audit Program for the Production Process 729 Application Case with Solution & Analysis: Detecting Misstatements in the Payroll and Production Processes 732 Summary 735 Key Terms 736 Multiple-Choice Questions for Practice and Review 737 Exercises and Problems 738 Discussion Cases 743
WWW.TEX-CETERA.COM
xii
Contents
Appendix 13A: Internal Control Questionnaires for the Payroll and Production Processes 753 CHAPTER 14
The Finance and Investment Process Learning Objectives
756
756
The Essentials of Auditing the Finance and Investment Process Understanding the Finance and Investment Process Control Risk Assessment
758
758
766
Substantive Audit Programs for the Finance and Investment Process 773 Application Case with Solution & Analysis: Detecting Misstatements in the Finance and Investment Process 785 Other Aspects of Clever Accounting and Fraud 790 Summary 794 Key Terms 795 Multiple-Choice Questions for Practice and Review 795 Exercises and Problems 797 Discussion Cases 801 Appendix 14A: Derivative Securities—An Example of Risks That Management and Auditors Face (on Connect) Appendix 14B: Generally Accepted Accounting Principles for Private Enterprises (on Connect) CHAPTER 15
Completing the Audit Work Learning Objectives
809
809
The Essentials of Completing the Audit Work The Completion Stage of the Audit
811
813
Completing the Audit of Revenues and Expenses
814
Overall Analytical Procedures 819 Procedures to Detect Contingencies and Claims Events Subsequent to the Balance Sheet Date Management’s Written Representations
823
827
831
Audit Documentation Working Paper Review 835 Application Case with Solution & Analysis: When in Doubt, Defer! Summary 839 Key Terms 839 Multiple-Choice Questions for Practice and Review 840 Exercises and Problems 841 Discussion Cases 843 CHAPTER 16
837
Applying Professional Judgment to Form the Audit Opinion and Issue the Audit Report 849 Learning Objectives
849
The Essentials of Applying Professional Judgment to Form the Audit Opinion and Issue the Audit Report 851
WWW.TEX-CETERA.COM
Contents
Applying Professional Judgment to Form the Audit Opinion Overall Evaluation of Audit Evidence and Misstatements Writing an Audit Opinion on the Financial Statements
xiii
855
857
866
Significant Matter Paragraphs: Additional Information in the Audit Report
870
Auditor Communications 872 Application Case with Solution & Analysis: Final Overall Analysis Uncovers Unusual Related Party Transactions 876 Summary 878 Key Terms 879 Multiple-Choice Questions for Practice and Review 879 Exercises and Problems 881 Discussion Cases 882 Appendix 16A: Audit Completion Checklist
886
Appendix 16B: The Impact of Subsequent Events on Audit Reports
889
PART 4 Advanced Issues in Professional Public Accounting Practice (on Connect) CHAPTER 17
Other Public Accounting Services and Reports—Reviews and Compilations (on Connect) 894 Learning Objectives
894
Essentials of Other Engagements Involving Financial Statements Unaudited Financial Statements
897
Other Review and Compilation Topics Interim Financial Information
895
902
905
Public and Restricted Reports on Internal Control
908
Audit Reports on Internal Control 912 Summary 916 Key Terms 916 Multiple-Choice Questions for Practice and Review 917 Exercises and Problems 918 Discussion Cases 921 CHAPTER 18
Professional Rules of Conduct Details and Auditor Responsibilities (on Connect) 922 Learning Objectives
922
Essentials of Some Detailed Rules of Professional Conduct Why There Are Detailed Rules of Professional Conduct Codes of Professional Ethics
923
924
Regulation and Quality Control
931
Consequences of Unethical/Illegal Acts 937 Summary 938 Key Terms 938 Multiple-Choice Questions for Practice and Review 938 Exercises and Problems 939 Discussion Cases 941
WWW.TEX-CETERA.COM
923
xiv
Contents
CHAPTER 19, PART I
The Audit of Accounting Estimates: Basic Material Relating to Accounting Estimates (on Connect) 946 Learning Objectives
946
The Essentials of Judgments for Accounting Estimates
947
Introduction 949 Going-Concern Assumption Review of CAS 540
957
960
Discussion of CAS 540 CICA Audit Guideline 41
961 965
Principles-Based Reasoning with Accounting Estimates Using Risk-Based Reasoning 968 Application Case with Solution & Analysis: Illustration of Audit Risk and Accounting Risk Using Point Estimates of CAS 540 969 Summary of Part I 971 Key Terms 972 Multiple-Choice Questions for Practice and Review 972 Exercises and Problems 974 CHAPTER 19, PART II
The Audit of Accounting Estimates: Advanced Issues in the Audit of Accounting Estimates (on Connect) Learning Objectives
976 976
Modelling the Estimation from Reasonable Ranges The Risk-Based Reasoning Matrix
977
982
Importance of Benchmarks (“Risk Adjusted”—Reasonable Ranges) and Key Formulas in Their Derivation: This Is Crucial for Fully Understanding Audits of Accounting Estimates (CAS 540) 985 Summary Comments on the Risk-Based Reasoning Principle for Accounting Estimates 990 Getting Your Ranges Calibrated 993 Application Case with Solution & Analysis: Data Analytics Case Study: Barrick Gold Corp. 2013 995 Summary of Part II 999 Multiple-Choice Questions for Practice and Review 1000 Exercises and Problems 1002 Appendix 19A: A Quantitative Model for Information Risk
1006
Appendix 19B: Detecting Fraudulent Reporting in Accounting Estimates Using the Model of Appendix 19A 1007 CHAPTER 20
Legal Liability Cases (on Connect) Learning Objectives
1015
1015
Essentials of More-Advanced Issues in Legal Liability Liability under Common Law Cases
1016
WWW.TEX-CETERA.COM
1016
Contents
Auditor’s Liability under Statutory Law
1026
Liability under Securities and Exchange Commission (Statutory) Law Summary 1040 Key Terms 1041 Multiple-Choice Questions for Practice and Review 1041 Exercises and Problems 1043 CHAPTER 21
1030
Other Professional Accounting Services and Reports, Including Fraud Auditing (on Connect) 1052 Learning Objectives
1052
The Essentials of Other Professional Accounting Services and Reports, Including Fraud Auditing 1054 Part I: Assurance Engagements
1057
Special Reports and Compliance Reporting
1057
Forecasts and Projections 1060 Financial Statements for Use in Other Countries
1065
The Assurance Framework 1067 Audits of Public Sector and Not-for-Profit Financial Statements Economy, Efficiency, and Effectiveness Audits
1073
1077
Environmental Audits: Another Potential Type of Assurance Engagement 1079 Application Case with Solution & Analysis: Suitable Criteria, Generally Accepted Accounting Principles, and Critical Thinking 1081 Part II: Fraud Awareness Auditing: More on Auditor Fraud Responsibilities and How to Detect Fraud Concerning Predictions of Future Events in Accounting Estimates 1084 Discussion of the Consequences and Significance of the Madoff Event Auditors’ and Investigators’ Responsibilities Fraud Prevention
1084
1085
1089
Application Case with Solution & Analysis 1095
Documents, Sources, and “Extended Procedures” 1100 After Discovering a Fraud
1104
Fraud Audits as Assurance Engagements: A Critical Thinking Issue Bribery and Corruption: A New Global Social Concern 1108 Summary 1111 Key Terms 1111 Multiple-Choice Questions for Practice and Review 1112 Exercises and Problems 1114 Discussion Cases 1122 Appendix 21A: Other Advanced Assurance Topics Key Terms KT-1 Index IN-1
WWW.TEX-CETERA.COM
1123
1106
xv
P R E FAC E T O T H E S E V E N T H E D I T IO N This seventh edition incorporates the many professional developments that have taken place since the sixth edition (2013). We continue our approach of providing in-depth coverage of fundamental auditing concepts and techniques in the context of current developments affecting the audit profession and practice in Canada and internationally. These developments include the roll-out of the new audit report expected to go into effect December 15, 2016; a new emphasis on ethical reporting; a continuing emphasis on risk-based auditing, auditor independence, and engagement quality standards; and the further maturation of public accountability boards and their monitoring activities. Since the sixth edition, the auditing profession in Canada has been transformed by the merger of the three previous accounting bodies, CMA, CGA, and CA, into one new association now called CPA Canada (Chartered Professional Accountants of Canada), with parallel changes taking place at the provincial level. This merger is accompanied by changes to the education and certification requirements for professional accountants (PAs) and auditors. Also, the authoritative material previously published by the CICA (Canadian Institute of Chartered Accountants) is now published by CPA Canada. This seventh edition reflects these changes to the extent they have been implemented or finalized up to the time of writing. Starting in 2011, financial reporting in Canada has been greatly altered by the introduction of two separate sets of Canadian generally accepted accounting principles (GAAP): International Financial Reporting Standards (IFRS) for public companies and Accounting Standards for Private Enterprises (ASPE). The implications of these changes on financial statement audits are reflected in this edition. One important implication is the expanding use of fair value accounting estimates. Further, the increasing complexity and speed of change in business and the economy have greatly increased the need to make many kinds of estimates in financial statements. These changes are placing greater focus on the considerable uncertainty embedded in such accounting numbers, as illustrated in the continuing financial crises that have rippled through the global economy since 2008. This seventh edition provides new, unique coverage of the auditing and assurance issues related to the new audit report, and use of estimates in financial statements, important areas for research and development in current audit practice. The implications for this on risk assessment, evidence gathering, and forming an audit opinion on fair presentation are key challenges we have presented in our discussions of the audit process. Fraud, corporate governance, ethical reporting, independence risk, the role of audit committees, global convergence of audit and accounting standards, and information technology (IT) remain highly relevant to the auditing profession, and information on all of these issues has been updated for the seventh edition. This edition reflects these developments through early 2015, offering our perspective on their significance. In this current audit environment, we see not only radical changes in audit standards and the regulatory environment but also significantly revised expectations of the auditor’s role in corporate governance and capital markets. This environment is characterized by more risks for auditors and their clients than ever before, as well as more restrictions on non-audit services for audit clients. We hope our coverage of these challenging new developments will help students appreciate the dynamic nature of the audit function in our economy, bring up to date the role of auditing in the current financial reporting environment, and provide opportunities to develop the critical thinking skills needed for the next generation of auditors.
WHAT’S NEW IN THE SEVENTH EDITION? This seventh edition has been developed to make the learning experience enjoyable and straightforward for students, while still fostering essential critical thinking skills that challenge students as they learn. Key updates and ongoing approaches are as follows: xvi
WWW.TEX-CETERA.COM
Preface
xvii
• An Essentials section has been added at the beginning of each chapter to summarize the most important
concepts. • Multiple-choice questions have been added to all chapters. • Chapter material has been reorganized to facilitate the study of auditing in those universities, colleges, and
programs that offer one audit course as well as those that offer two or more audit courses. Introductory material on professional ethics and liability is presented in Part 1, with more in-depth coverage later in Part 4. The coverage of risk and control has been reorganized to cover understanding and assessment of risks in Chapter 6, and then internal controls over financial reporting, risk of material misstatement, and fraud risk in Chapter 7. We are confident this approach will provide students and instructors with more choice in how they engage with the material. The organization of the seventh edition is elaborated on in the section below, where we describe the coverage provided in each of the 4 parts and 21 chapters. • The innovative introduction of critical thinking concepts that integrate ethical, accounting, and auditing
theory to help structure professional audit decision making and analysis in financial reporting has been supplemented by the revised Appendix 3A on the ethics and natural-language reasoning that underlie auditor judgments and the justifications of decisions documented in audit work. • A streamlined overview of the audit process has been added to Chapter 5, serving as a road map to the pro-
cedural topics covered in the text. • References to specifics of the Canadian Auditing Standards (CASs), based on International Standards on
Auditing (ISAs), have been retained in the “Standards Check” boxes located at key points of the discussion as a quick link to the specific paragraphs of the CAS that are relevant to applying the concepts. These are an efficient way to introduce students to how they can use the standards as a resource for understanding and implementing generally accepted auditing standards (GAAS) in practice. CPA Canada Assurance Handbook changes through mid-2015 have been incorporated. • Several new exhibits and tables have been added to summarize concepts and techniques and to help stu-
dents understand and apply key auditing practices. • The chapter on auditing accounting estimates (Chapter 19, available on Connect) has been enhanced with an
accounting analytics case study. This chapter explains the concepts of CAS 540 and builds on the accounting risk concept introduced in earlier editions, as a way of helping implement critical thinking in audited financial reporting. • Updated online appendices on the more technical aspects of statistical sampling in auditing, corporate gov-
ernance, IT, internal control, and critical thinking are provided to help integrate auditing, accounting, and ethical reasoning. • Various updated anecdotes, asides, short cases, and Application Cases with suggested solutions and analysis
in each chapter enrich the text material. • Several new critical thinking and Internet assignment questions complement the preceding changes, and a
number of new cases, including some from the professional accounting exams, have been added. • Online assessment is now available on Connect, McGraw-Hill’s teaching and learning platform.
KEY FEATURES CPA Canada Handbook Assurance Recommendation Updates: Canadian Auditing Standards and the Convergence to International Auditing This edition provides complete referencing to CASs. It thus provides essential guidance for auditors in the 21st century. CASs introduce new fundamental concepts, such as ethical reporting frameworks in the form of compliance and fair presentation frameworks. CASs continue the incorporation of international standards started in
WWW.TEX-CETERA.COM
xviii
Preface
earlier editions of this text. The inside front cover provides a complete listing of the CASs and the CPA Canada Handbook assurance sections. Students and practitioners may find this listing useful for quick reference. At the time of writing (July 2015), CPA Canada plans to continue to use the old Handbook sections for other assurance engagements and association rules. References to U.S. auditing standards, issued by the Public Company Accounting Oversight Board (PCAOB) for public companies and the American Institute of CPAs (AICPA) for non-public companies, are also included where these are relevant in the Canadian environment. This brings students to the leading edge of auditing and responds to the increasing focus on international auditing and accounting standards in the real world of business management.
Risk-Based Auditing The approach in this text is risk-based auditing. The risk-based audit approach builds on the idea of the strategic systems approach to auditing, developed in the 1990s, stressing that the auditor needs to understand the auditee’s business as management runs it to conduct an effective audit. By formally placing these business risk assessment requirements into the standards, the CASs link these requirements clearly to GAAS, which outline the required procedures and judgments supporting the auditor’s opinion on whether the financial statements are materially misstated. This edition continues to build on and further develop a unique feature of the previous edition’s concept of accounting risk. Accounting risk extends the risk-based approach to financial reporting issues to estimation uncertainties of accounting estimates, including the fair value accounting of IFRS. This approach clarifies the reasonable range, point estimates, and significant risk concepts introduced in CAS 540 and helps make operational the assessment of estimation uncertainties. This approach also provides a more complete explanation of auditee information risks, a clearer link between audit and accounting theory, and thus an improved basis for making operational the words present fairly and ethical reporting in the audit report. Under our critical thinking approach, auditing and accounting standards are increasingly viewed as an integrated framework. We believe that such or related approaches represent the future of 21st-century audited financial reporting.
Fraud Auditing This text was the first to contain full-chapter coverage of fraud awareness auditing, a crucial topic in the new millennium. With the rapid global growth in white-collar crime, especially that of fraudulent financial reporting, auditors have had to take more responsibility for fraud detection, particularly in the area of premature revenue recognition. We now devote two chapters to this increasingly important topic. Chapter 7 introduces students to the requirements of CAS 240 and CAS 250 as part of basic audit concepts. The purpose of the advanced fraud chapter (Chapter 21, available on Connect) is to create awareness of, and sensitivity to, the signs of potential errors, irregularities, frauds, and corruption. The chapter contains some unique insights into extended auditing, investigation procedures, and detection of fraudulent accounting estimates using the accounting risk concept. In addition, fraud coverage is integrated throughout the text, consistent with the increased need for auditors to detect fraud and other unethical reporting.
Current Audit Environment A continuation from the previous edition, the current audit environment perspective includes the changes to the auditing standards, the regulatory environment, and society’s expectations, as well as an analysis of the significance of these changes. Specific new-millennium topics include the new audit report, increased monitoring of the profession by accountability boards such as the Canadian Public Accountability Board (CPAB), increased emphasis on good corporate governance, the increased importance of audit committees, independence guidance, fraud risk assessments, the risk-based audit approach, increased liability due to statutory law, and increased risks associated with more extensive use of fair value estimates and accounting estimates in general.
WWW.TEX-CETERA.COM
Preface
xix
Critical Thinking for Ethical Reporting The pioneering coverage of skepticism and logical argumentation in auditing has been expanded to the broader concept of critical thinking for ethical reporting. Such an expanded approach to a more formalized skepticism incorporates assessments of the character of individuals with whom the auditor deals, the language used in the reasoning, and the logic of the reasoning. Such an approach to skepticism and ethical reasoning is increasingly important in detecting fraudulent financial reporting. Critical thinking provides an improved framework for tackling issues that require integration of ethical, accounting, and audit reasoning. Critical thinking concepts are first introduced in Chapter 3 and then are found integrated throughout the text where appropriate, as well as in new critical thinking discussion and Application Case questions. The revised Appendix 3A coverage of ethics and natural-language reasoning used by auditors to document justification for their conclusions will help students to better understand accountability for their decisions. The accounting risk concept is a major innovation to help make critical thinking for the detection of unethical reporting more operational in a financial reporting setting. The critical thinking material is intended to better prepare students for the realities of a world in which CPAB, PCAOB, and other regulators are taking a harsher view of auditor performance in today’s auditing environment.
Learning Aids Each chapter and section in Auditing: An International Approach contains a number of pedagogical features that both enhance and support the learning experience. They include the following: • Learning Objectives. Each chapter opens with a list of pertinent learning objectives for the ensuing chap-
ter material. These are repeated throughout the chapters. In addition, all Multiple Choice Questions, Exercises and Problems, and Discussion Cases are cross-referenced to their corresponding Learning Objectives to assist student learning. • Essentials. At the start of each chapter, we provide a concise overview of the entire topic coverage of the
chapter, with a selection of related review questions. The Essentials section can provide a detailed introduction before tackling the details of the chapter, or it might be used for brief coverage of a topic that an instructor may wish to cover at a high level only. • Standards Checks. Excerpts from the CASs are provided to enrich the discussion of key concepts by dem-
onstrating how the standards require them to be applied by auditors in practice. • Professional Standards References. Each chapter references the relevant professional standards for the
chapter topics. • Anecdotes and Asides. Illustrative anecdotes and asides are found throughout the text and have been updated
considerably in this new edition. Some are located within the chapter text, while others stand alone (in boxes) to add realism and interest for students. A continuing fictional case is provided for the EcoPak company, with an episode of the case appearing at the start of each chapter. In each episode, many of the concepts and issues to be presented in the chapter arise in a realistic audit setting. The result is a real-world flavour of the treatment of auditing. • Exhibits. To assist in the learning process, we have included several more exhibits in this edition to visually
illustrate teaching concepts. • Icons for Critical Thinking, Fraud/Ethics, International Standards, and Internet Assignments. For
quick and easy identification purposes, we have included these icons to flag the text material dealing with these major issues.
WWW.TEX-CETERA.COM
xx
Preface
Application Cases with Solution & Analysis Most chapters include an Application Case with Solution & Analysis illustrating the application of concepts introduced in the chapter. The purpose of the Application Cases is to enliven the study of auditing by introducing the professional judgments involved in the practice of auditing. They supplement the exposition of auditing fundamentals with illustrative situations based on real events. The Application Cases in the chapters of Parts 2 and 3 follow the experiences of a new auditor joining a firm of PAs. Many of the Application Cases deal with what might be considered advanced material by many. Nevertheless, they can serve as a useful basis for class discussion. The solutions provided are not the only ones possible; consequently, they provide an opportunity to develop the critical perspectives that are an important element of professional judgment in auditing.
Key Terms Throughout the text, key terms are highlighted in boldface print, with definitions conveniently located at the bottom of the page containing the bolded term. Understanding these terms is crucial to success in auditing. An alphabetical glossary is also provided at the end of the text.
ORGANIZATION Part 1: Introduction to Auditing, Public Practice, and Professional Responsibilities Part 1 consists of four chapters covering the basic orientation to auditing as a profession. Chapter 1 introduces the concept of auditing and the role of the public accounting profession. Chapter 2 introduces GAAS, assurance standards, and quality control standards, providing an overview of the audit process. Chapter 3 introduces professional ethics and professional legal responsibilities, including a technical appendix on critical thinking incorporating the auditor’s social role and social expectations. Chapter 4 covers audit reports with emphasis on the new audit report to go into effect at the end of 2016.
Part 2: Basic Auditing Concepts and Techniques Part 2 is organized to present financial statement audit planning from a business risk perspective. Chapter 5 introduces the most basic concepts of an independent financial statement audit engagement, including the acceptance decision, the auditor’s need to understand an auditee’s business and its risks, preliminary analytical procedures, and materiality. Chapter 6 explains how auditors’ understanding of the business, its environment, and its risks is used to assess the risk that the financial statements are materially misstated. It explains the key concept of financial statement assertions, and the business processes and the related accounting cycles that create the financial statements. Chapter 7 expands on the business understanding and risk assessment by providing an overview of information systems controls used by management to reduce risks of materially misstating this information. Chapter 7 also discusses the auditor’s awareness of fraud risk; it explains the nature and signs of fraud and the procedures used to detect it. Chapter 8 presents the fundamental concepts of audit evidence and the evidence-gathering procedures used to develop the detailed audit plan and programs, as well as describing working paper documentation. Chapter 9 elaborates on internal control consideration in an audit engagement, describing the auditor’s procedures for evaluating the auditee’s internal control, and control risk assessment and control testing in performing the audit. The topics presented in Chapters 5 through 9 provide a basis for developing an appropriate overall strategy for the audit, the detailed audit plan, and specific programs used to perform the audit. Chapter 10 covers the pervasive concept of audit testing, the major categories of risk that arise in a sampling context and how these relate to audit risk, how testing is affected by the audit risk model, and how representative testing can be implemented using the most simple formulas and tables from statistical sampling. An extensive appendix to Chapter 10 (Appendix 10B, available on Connect) provides more details on the technical aspects of statistical sampling. Application Cases are used to provide practical perspectives on the planning issues covered in Part 2.
WWW.TEX-CETERA.COM
Preface
xxi
Part 3: Performing the Audit Part 3 contains four chapters that address performing the work set out in a detailed audit plan for the main business processes that will need to be managed in every organization, a fifth chapter that wraps it all up with audit completion considerations, and a sixth chapter that covers applying professional judgment. The processes covered are as follows: the Revenues, Receivables, and Receipts Process (Chapter 11); the Purchases, Payables, and Payments Process (Chapter 12); the Payroll and Production Processes (Chapter 13); and the Finance and Investment Process (Chapter 14). Each of these chapters provides an overview of the transactions, balances, and risks of misstatement in the business process, the relevant controls, and auditing procedures. Application Cases are used to illustrate the application of concepts and techniques in practice, and examples of audit programs are provided to demonstrate the kinds of audit procedures that can be used. Each of these chapters also provides an overview of the balance sheet approach as a basis for the overall analysis of the financial statements. Chapter 15 presents various activities involved in completing the audit work, such as the audit of the revenue and expense accounts, overall analytical review, lawyer’s letters, management representation letters, and subsequent events. Chapter 16 provides an overview of issues to consider in the opinion formulation process, including accumulation of misstatements discovered in the audit, adjustments to the financial statements, and the auditor’s formation of the opinion to be expressed in the audit report. This chapter includes a summary of the recently issued ISAs that will require expansion of the specific details auditors will report related to their audit opinions.
Part 4: Advanced Issues in Professional Public Accounting Practice The five chapters in Part 4 (all available on Connect) are designed to stand alone or be integrated piecemeal with the preceding chapters as part of a first course in auditing. However, there is enough material in Part 4 that, when combined with some of the earlier chapters and some readings, such as those indicated in the text, can be the basis for a second, advanced, audit course. Such a course could focus, for example, on auditor problems and judgments in evaluating the quality of financial reporting. Chapter 17 deals with other assurance and some non-assurance services offered by public accounting firms. Chapter 18 covers the more detailed aspects of professional ethics. Chapter 19 is a new chapter devoted to the increasingly important topic of the audit of accounting estimates. The chapter has two parts. Part I clarifies the difficult concepts of CAS 540 using the idea of accounting risk that can be associated with the point estimate concept of CAS 540. Part II deals with the more complex issues of estimation uncertainty associated with reasonable ranges of CAS 540. Estimation uncertainty is analyzed and integrated with the IFRS conceptual framework for financial reporting with the help of the accounting risk concept. This integration guides auditor judgments with respect to appropriate financial reporting. New analytical tools in the form of accounting analytics using market information and Monte Carlo simulations to help verify accounting estimates have been added to the discussion. These tools help make operational critical thinking about the ethics of accounting estimates. Chapter 20 covers auditor legal liability issues in more detail, extending the coverage of this topic beyond the introductory level of Chapter 3. Finally, Chapter 21 covers the conceptual framework for assurance engagements and some specialized assurance engagements. The second half of Chapter 21 covers fraud awareness auditing in more detail. It gives students a better understanding of the mindset and specialized procedures needed to more effectively detect frauds. This chapter has benefited from our association with the Association of Certified Fraud Examiners (ACFE).
PROFESSIONAL STANDARDS This text contains numerous references to, and excerpts from, authoritative statements on auditing standards and to standards governing other areas of practice. Even so, it goes beyond the mere repetition of passages from the standards, concentrating on explaining their substance and operational meaning in the context of making auditing decisions. Instructors and students may wish to supplement the text with current editions of pronouncements published by the International Federation of Accountants (IFAC), CPA Canada, and the Institute of Internal Auditors.
WWW.TEX-CETERA.COM
xxii
Preface
MARKET-LEADING TECHNOLOGY
Learn without Limits McGraw-Hill Connect® is an award-winning digital teaching and learning platform that gives students the means to better connect with their coursework, with their instructors, and with the important concepts that they will need to know for success now and in the future. With Connect, instructors can take advantage of McGraw-Hill’s trusted content to seamlessly deliver assignments, quizzes, and tests online. McGraw-Hill Connect is the only learning platform that continuously adapts to each student, delivering precisely what they need, when they need it, so class time is more engaging and effective. Connect makes teaching and learning personal, easy, and proven. Connect Key Features SmartBook® As the first and only adaptive reading experience, SmartBook is changing the way students read and learn. SmartBook creates a personalized reading experience by highlighting the most important concepts a student needs to learn at that moment in time. As a student engages with SmartBook, the reading experience continuously adapts by highlighting content based on what each student knows and doesn’t know. This ensures that he or she is focused on the content needed to close specific knowledge gaps, while it simultaneously promotes long-term learning. Connect Insight® Connect Insight is Connect’s new one-of-a-kind visual analytics dashboard—now available for both instructors and students—that provides at-a-glance information regarding student performance, which is immediately actionable. By presenting assignment, assessment, and topical performance results together with a time metric that is easily visible for aggregate or individual results, Connect Insight gives the user the ability to take a just-in-time approach to teaching and learning, which was never before available. Connect Insight presents data that empower students and help instructors improve class performance efficiently and effectively. Simple Assignment Management With Connect, creating assignments is easier than ever, so instructors can spend more time teaching and less time managing. Instructors can • Assign SmartBook learning modules • Edit existing questions and create their own questions • Draw from a variety of text-specific questions, resources, and test bank material to assign online • Streamline lesson planning, student progress reporting, and assignment grading to make classroom man-
agement more efficient than ever Smart Grading When it comes to studying, time is precious. Connect helps students learn more efficiently by providing feedback and practice material when they need it, where they need it. Instructors can • Automatically score assignments, giving students immediate feedback on their work and comparisons with
correct answers • Access and review each response; manually change grades or leave comments for students to review • Track individual student performance—by question or assignment or in relation to the class overall—with
detailed grade reports • Reinforce classroom concepts with practice tests and instant quizzes • Integrate grade reports easily with Learning Management Systems including Blackboard, D2L, and Moodle
WWW.TEX-CETERA.COM
Preface
xxiii
Instructor Library The Connect Instructor Library is a repository for additional resources to improve student engagement in and out of the class. It provides all the critical resources instructors need to build their course. Instructors can • Access instructor resources • View assignments and resources created for past sections • Post their own resources for students to use
Instructor Resources The instructor area of Connect includes a variety of resources for faculty: • Instructor’s Solutions Manual. The solutions manual, created by the authors, provides the answers to prob-
lem and assignment material that is featured throughout the text. • Computerized Test Bank. The computerized test bank contains numerous multiple-choice, short-answer,
and essay questions. • Microsoft® PowerPoint® Lecture Slides. The PowerPoint slides offer a summary of chapter concepts for
lecture purposes. • Image Library
Superior Learning Solutions and Support The McGraw-Hill Education team is ready to help you assess and integrate any of our products, technology, and services into your course for optimal teaching and learning performance. Whether it’s helping your students improve their grades, or putting your entire course online, the McGraw-Hill Education team is here to help you do it. Contact your Learning Solutions Consultant today to learn how to maximize all of the resources! For more information on the latest technology and Learning Solutions offered by McGraw-Hill Education and its partners, please visit us online: http://www.mheducation.ca/highereducation/educators/ digital-solutions/.
ACKNOWLEDGMENTS IFAC and CPA Canada have generously given permission for liberal quotations from official pronouncements and other publications, all of which lend authoritative sources to the text. In addition, several publishing houses, professional associations, and accounting firms have granted permission to quote and extract from their copyrighted material. Their cooperation is much appreciated because a great amount of significant auditing thought exists in this wide variety of sources. We are also very grateful to the staff at McGraw-Hill Education, who provided their support, management skills, and ideas—especially our editorial team, whose hard work and attention to detail kept us on track and transformed what we wrote into a book. A special acknowledgment is due to Stephen Spector, CGA, Simon Fraser University, who gave very insightful and thorough feedback on early drafts of the sixth and seventh editions. Many of you know Stephen from manning the CGA booth at CAAA conferences over many years. We finally got a chance to work closely with Stephen, and we must say he contributed greatly to improving the textbook and the instructor’s manual. Many thanks, Stephen! Of course, any remaining errors are our responsibility. A special acknowledgment is also due to Joseph T. Wells, former chairman of ACFE. He created the Certified Fraud Examiner (CFE) designation. Mr. Wells is a well-known authority in the field of fraud examination education, and his entrepreneurial spirit has captured the interest of fraud examination professionals throughout North America.
WWW.TEX-CETERA.COM
xxiv
Preface
Special acknowledgment is also due to Steven E. Salterio of Queen’s University. Steven contributed greatly to the strategic systems approach to auditing used in this text. Special thanks go to Enola Stoyle for material that was adapted in various forms in this text. We are grateful to many people involved in the auditing profession in various roles who generously shared their time and ideas with us over the years as the new materials for the book took shape in our minds and on paper, including Keith Bowman, Gary Peall, Rebecca Yosipovich, Dawn McGeachy-Colby, Jim McCarter, Terri McKinnon, Dinh N. Tran, Murad Bhimani, Phil Cowperthwaite, Brian Leader, Susan Cox, participants at the auditing educators’ workshop sessions held at the Ted Rogers School and the CAAA during 2011, Joanne Jones, Martha Tory, Luke Baxter, Borden Rhodes, Zak Bensiddick, Sunmin Groot, Jean Bédard, Janne Chung, Susan McCracken, Steve Fortin, Genviève Turcotte, John Carchrae, James Sylph Alan Willis, Robert Langford, Andre de Haan, Joy Keenan, Sylvia Smith, Dianne Hillier, Jan Munro, Greg Shields and the AASB staff, Karen Duggan, Rand Rowlands, Mark Davies, Mark Lam, and Vaani Maharaj. Thank you very much to Catherine Barrette for providing a number of challenging new end-of-chapter questions for this edition. We would like to acknowledge our appreciation for the great academics and practitioners who influenced us in various ways as we developed this text, including Ron Gage, Al Rosen, Randy Keller, Don Cockburn, Dagmar Rinne (rest in peace, Dagmar), Morley Lemon, Ingrid Splettstoesser-Hogeterp, Don Leslie, Larry Yarmolinsky, Bill Scott, Efrim Boritz, Joel Amernic, Donna Losell, Ulrich Menzefricke, Russell Craig, Kevin Lam, Yoshihide Toba, Takatoshi Hayashi, Ping Zhang, Hung Chan, Len Brooks, Manfred Schneider, and Irene Wiecek. Also, we have been inspired often by Rod Anderson’s 1984 text, The External Audit, which set out a logical, conceptual framework for auditing that still stands the test of time. This text could not have been completed without the cooperation and input of our many auditing students who have shared their perspectives with us over the years. We thank them greatly for their contributions and for encouraging us to make the text ever clearer. And, lastly, our sincere thanks go out to the reviewers of this seventh edition for their careful review and many detailed and candid comments. We are deeply grateful to all the reviewers who have so diligently read our early chapter drafts and taken so much time to share their experience and wonderful, inspiring examples of how they teach auditing concepts. In each edition, we try to incorporate as many of these excellent ideas and suggestions as our publication page constraints allow: Shiraz Charania, Langara College Susan Deakin, Fanshawe College Mohamed Dirira, University of New Brunswick Shelley Donald, University of Waterloo Amanda Flint, Trinity Western University Ernie Kerst, Sheridan Institute of Technology Camillo Lento, Lakehead University Erin Marshall, University of Alberta Jagdish Pathak, University of Windsor Wendy Popowich, Northern Alberta Institute of Technology Linda Robinson, University of Waterloo Alla Volodina, York University Cheryl Wilson, Durham College Brad Witt, Humber College Wally Smieliauskas and Kate Bewley July 2015
WWW.TEX-CETERA.COM
P R E FAC E T O T H E S E V E N T H E D I T IO N This seventh edition incorporates the many professional developments that have taken place since the sixth edition (2013). We continue our approach of providing in-depth coverage of fundamental auditing concepts and techniques in the context of current developments affecting the audit profession and practice in Canada and internationally. These developments include the roll-out of the new audit report expected to go into effect December 15, 2016; a new emphasis on ethical reporting; a continuing emphasis on risk-based auditing, auditor independence, and engagement quality standards; and the further maturation of public accountability boards and their monitoring activities. Since the sixth edition, the auditing profession in Canada has been transformed by the merger of the three previous accounting bodies, CMA, CGA, and CA, into one new association now called CPA Canada (Chartered Professional Accountants of Canada), with parallel changes taking place at the provincial level. This merger is accompanied by changes to the education and certification requirements for professional accountants (PAs) and auditors. Also, the authoritative material previously published by the CICA (Canadian Institute of Chartered Accountants) is now published by CPA Canada. This seventh edition reflects these changes to the extent they have been implemented or finalized up to the time of writing. Starting in 2011, financial reporting in Canada has been greatly altered by the introduction of two separate sets of Canadian generally accepted accounting principles (GAAP): International Financial Reporting Standards (IFRS) for public companies and Accounting Standards for Private Enterprises (ASPE). The implications of these changes on financial statement audits are reflected in this edition. One important implication is the expanding use of fair value accounting estimates. Further, the increasing complexity and speed of change in business and the economy have greatly increased the need to make many kinds of estimates in financial statements. These changes are placing greater focus on the considerable uncertainty embedded in such accounting numbers, as illustrated in the continuing financial crises that have rippled through the global economy since 2008. This seventh edition provides new, unique coverage of the auditing and assurance issues related to the new audit report, and use of estimates in financial statements, important areas for research and development in current audit practice. The implications for this on risk assessment, evidence gathering, and forming an audit opinion on fair presentation are key challenges we have presented in our discussions of the audit process. Fraud, corporate governance, ethical reporting, independence risk, the role of audit committees, global convergence of audit and accounting standards, and information technology (IT) remain highly relevant to the auditing profession, and information on all of these issues has been updated for the seventh edition. This edition reflects these developments through early 2015, offering our perspective on their significance. In this current audit environment, we see not only radical changes in audit standards and the regulatory environment but also significantly revised expectations of the auditor’s role in corporate governance and capital markets. This environment is characterized by more risks for auditors and their clients than ever before, as well as more restrictions on non-audit services for audit clients. We hope our coverage of these challenging new developments will help students appreciate the dynamic nature of the audit function in our economy, bring up to date the role of auditing in the current financial reporting environment, and provide opportunities to develop the critical thinking skills needed for the next generation of auditors.
WHAT’S NEW IN THE SEVENTH EDITION? This seventh edition has been developed to make the learning experience enjoyable and straightforward for students, while still fostering essential critical thinking skills that challenge students as they learn. Key updates and ongoing approaches are as follows: xvi
WWW.TEX-CETERA.COM
Preface
xvii
• An Essentials section has been added at the beginning of each chapter to summarize the most important
concepts. • Multiple-choice questions have been added to all chapters. • Chapter material has been reorganized to facilitate the study of auditing in those universities, colleges, and
programs that offer one audit course as well as those that offer two or more audit courses. Introductory material on professional ethics and liability is presented in Part 1, with more in-depth coverage later in Part 4. The coverage of risk and control has been reorganized to cover understanding and assessment of risks in Chapter 6, and then internal controls over financial reporting, risk of material misstatement, and fraud risk in Chapter 7. We are confident this approach will provide students and instructors with more choice in how they engage with the material. The organization of the seventh edition is elaborated on in the section below, where we describe the coverage provided in each of the 4 parts and 21 chapters. • The innovative introduction of critical thinking concepts that integrate ethical, accounting, and auditing
theory to help structure professional audit decision making and analysis in financial reporting has been supplemented by the revised Appendix 3A on the ethics and natural-language reasoning that underlie auditor judgments and the justifications of decisions documented in audit work. • A streamlined overview of the audit process has been added to Chapter 5, serving as a road map to the pro-
cedural topics covered in the text. • References to specifics of the Canadian Auditing Standards (CASs), based on International Standards on
Auditing (ISAs), have been retained in the “Standards Check” boxes located at key points of the discussion as a quick link to the specific paragraphs of the CAS that are relevant to applying the concepts. These are an efficient way to introduce students to how they can use the standards as a resource for understanding and implementing generally accepted auditing standards (GAAS) in practice. CPA Canada Assurance Handbook changes through mid-2015 have been incorporated. • Several new exhibits and tables have been added to summarize concepts and techniques and to help stu-
dents understand and apply key auditing practices. • The chapter on auditing accounting estimates (Chapter 19, available on Connect) has been enhanced with an
accounting analytics case study. This chapter explains the concepts of CAS 540 and builds on the accounting risk concept introduced in earlier editions, as a way of helping implement critical thinking in audited financial reporting. • Updated online appendices on the more technical aspects of statistical sampling in auditing, corporate gov-
ernance, IT, internal control, and critical thinking are provided to help integrate auditing, accounting, and ethical reasoning. • Various updated anecdotes, asides, short cases, and Application Cases with suggested solutions and analysis
in each chapter enrich the text material. • Several new critical thinking and Internet assignment questions complement the preceding changes, and a
number of new cases, including some from the professional accounting exams, have been added. • Online assessment is now available on Connect, McGraw-Hill’s teaching and learning platform.
KEY FEATURES CPA Canada Handbook Assurance Recommendation Updates: Canadian Auditing Standards and the Convergence to International Auditing This edition provides complete referencing to CASs. It thus provides essential guidance for auditors in the 21st century. CASs introduce new fundamental concepts, such as ethical reporting frameworks in the form of compliance and fair presentation frameworks. CASs continue the incorporation of international standards started in
WWW.TEX-CETERA.COM
xviii
Preface
earlier editions of this text. The inside front cover provides a complete listing of the CASs and the CPA Canada Handbook assurance sections. Students and practitioners may find this listing useful for quick reference. At the time of writing (July 2015), CPA Canada plans to continue to use the old Handbook sections for other assurance engagements and association rules. References to U.S. auditing standards, issued by the Public Company Accounting Oversight Board (PCAOB) for public companies and the American Institute of CPAs (AICPA) for non-public companies, are also included where these are relevant in the Canadian environment. This brings students to the leading edge of auditing and responds to the increasing focus on international auditing and accounting standards in the real world of business management.
Risk-Based Auditing The approach in this text is risk-based auditing. The risk-based audit approach builds on the idea of the strategic systems approach to auditing, developed in the 1990s, stressing that the auditor needs to understand the auditee’s business as management runs it to conduct an effective audit. By formally placing these business risk assessment requirements into the standards, the CASs link these requirements clearly to GAAS, which outline the required procedures and judgments supporting the auditor’s opinion on whether the financial statements are materially misstated. This edition continues to build on and further develop a unique feature of the previous edition’s concept of accounting risk. Accounting risk extends the risk-based approach to financial reporting issues to estimation uncertainties of accounting estimates, including the fair value accounting of IFRS. This approach clarifies the reasonable range, point estimates, and significant risk concepts introduced in CAS 540 and helps make operational the assessment of estimation uncertainties. This approach also provides a more complete explanation of auditee information risks, a clearer link between audit and accounting theory, and thus an improved basis for making operational the words present fairly and ethical reporting in the audit report. Under our critical thinking approach, auditing and accounting standards are increasingly viewed as an integrated framework. We believe that such or related approaches represent the future of 21st-century audited financial reporting.
Fraud Auditing This text was the first to contain full-chapter coverage of fraud awareness auditing, a crucial topic in the new millennium. With the rapid global growth in white-collar crime, especially that of fraudulent financial reporting, auditors have had to take more responsibility for fraud detection, particularly in the area of premature revenue recognition. We now devote two chapters to this increasingly important topic. Chapter 7 introduces students to the requirements of CAS 240 and CAS 250 as part of basic audit concepts. The purpose of the advanced fraud chapter (Chapter 21, available on Connect) is to create awareness of, and sensitivity to, the signs of potential errors, irregularities, frauds, and corruption. The chapter contains some unique insights into extended auditing, investigation procedures, and detection of fraudulent accounting estimates using the accounting risk concept. In addition, fraud coverage is integrated throughout the text, consistent with the increased need for auditors to detect fraud and other unethical reporting.
Current Audit Environment A continuation from the previous edition, the current audit environment perspective includes the changes to the auditing standards, the regulatory environment, and society’s expectations, as well as an analysis of the significance of these changes. Specific new-millennium topics include the new audit report, increased monitoring of the profession by accountability boards such as the Canadian Public Accountability Board (CPAB), increased emphasis on good corporate governance, the increased importance of audit committees, independence guidance, fraud risk assessments, the risk-based audit approach, increased liability due to statutory law, and increased risks associated with more extensive use of fair value estimates and accounting estimates in general.
WWW.TEX-CETERA.COM
Preface
xix
Critical Thinking for Ethical Reporting The pioneering coverage of skepticism and logical argumentation in auditing has been expanded to the broader concept of critical thinking for ethical reporting. Such an expanded approach to a more formalized skepticism incorporates assessments of the character of individuals with whom the auditor deals, the language used in the reasoning, and the logic of the reasoning. Such an approach to skepticism and ethical reasoning is increasingly important in detecting fraudulent financial reporting. Critical thinking provides an improved framework for tackling issues that require integration of ethical, accounting, and audit reasoning. Critical thinking concepts are first introduced in Chapter 3 and then are found integrated throughout the text where appropriate, as well as in new critical thinking discussion and Application Case questions. The revised Appendix 3A coverage of ethics and natural-language reasoning used by auditors to document justification for their conclusions will help students to better understand accountability for their decisions. The accounting risk concept is a major innovation to help make critical thinking for the detection of unethical reporting more operational in a financial reporting setting. The critical thinking material is intended to better prepare students for the realities of a world in which CPAB, PCAOB, and other regulators are taking a harsher view of auditor performance in today’s auditing environment.
Learning Aids Each chapter and section in Auditing: An International Approach contains a number of pedagogical features that both enhance and support the learning experience. They include the following: • Learning Objectives. Each chapter opens with a list of pertinent learning objectives for the ensuing chap-
ter material. These are repeated throughout the chapters. In addition, all Multiple Choice Questions, Exercises and Problems, and Discussion Cases are cross-referenced to their corresponding Learning Objectives to assist student learning. • Essentials. At the start of each chapter, we provide a concise overview of the entire topic coverage of the
chapter, with a selection of related review questions. The Essentials section can provide a detailed introduction before tackling the details of the chapter, or it might be used for brief coverage of a topic that an instructor may wish to cover at a high level only. • Standards Checks. Excerpts from the CASs are provided to enrich the discussion of key concepts by dem-
onstrating how the standards require them to be applied by auditors in practice. • Professional Standards References. Each chapter references the relevant professional standards for the
chapter topics. • Anecdotes and Asides. Illustrative anecdotes and asides are found throughout the text and have been updated
considerably in this new edition. Some are located within the chapter text, while others stand alone (in boxes) to add realism and interest for students. A continuing fictional case is provided for the EcoPak company, with an episode of the case appearing at the start of each chapter. In each episode, many of the concepts and issues to be presented in the chapter arise in a realistic audit setting. The result is a real-world flavour of the treatment of auditing. • Exhibits. To assist in the learning process, we have included several more exhibits in this edition to visually
illustrate teaching concepts. • Icons for Critical Thinking, Fraud/Ethics, International Standards, and Internet Assignments. For
quick and easy identification purposes, we have included these icons to flag the text material dealing with these major issues.
WWW.TEX-CETERA.COM
xx
Preface
Application Cases with Solution & Analysis Most chapters include an Application Case with Solution & Analysis illustrating the application of concepts introduced in the chapter. The purpose of the Application Cases is to enliven the study of auditing by introducing the professional judgments involved in the practice of auditing. They supplement the exposition of auditing fundamentals with illustrative situations based on real events. The Application Cases in the chapters of Parts 2 and 3 follow the experiences of a new auditor joining a firm of PAs. Many of the Application Cases deal with what might be considered advanced material by many. Nevertheless, they can serve as a useful basis for class discussion. The solutions provided are not the only ones possible; consequently, they provide an opportunity to develop the critical perspectives that are an important element of professional judgment in auditing.
Key Terms Throughout the text, key terms are highlighted in boldface print, with definitions conveniently located at the bottom of the page containing the bolded term. Understanding these terms is crucial to success in auditing. An alphabetical glossary is also provided at the end of the text.
ORGANIZATION Part 1: Introduction to Auditing, Public Practice, and Professional Responsibilities Part 1 consists of four chapters covering the basic orientation to auditing as a profession. Chapter 1 introduces the concept of auditing and the role of the public accounting profession. Chapter 2 introduces GAAS, assurance standards, and quality control standards, providing an overview of the audit process. Chapter 3 introduces professional ethics and professional legal responsibilities, including a technical appendix on critical thinking incorporating the auditor’s social role and social expectations. Chapter 4 covers audit reports with emphasis on the new audit report to go into effect at the end of 2016.
Part 2: Basic Auditing Concepts and Techniques Part 2 is organized to present financial statement audit planning from a business risk perspective. Chapter 5 introduces the most basic concepts of an independent financial statement audit engagement, including the acceptance decision, the auditor’s need to understand an auditee’s business and its risks, preliminary analytical procedures, and materiality. Chapter 6 explains how auditors’ understanding of the business, its environment, and its risks is used to assess the risk that the financial statements are materially misstated. It explains the key concept of financial statement assertions, and the business processes and the related accounting cycles that create the financial statements. Chapter 7 expands on the business understanding and risk assessment by providing an overview of information systems controls used by management to reduce risks of materially misstating this information. Chapter 7 also discusses the auditor’s awareness of fraud risk; it explains the nature and signs of fraud and the procedures used to detect it. Chapter 8 presents the fundamental concepts of audit evidence and the evidence-gathering procedures used to develop the detailed audit plan and programs, as well as describing working paper documentation. Chapter 9 elaborates on internal control consideration in an audit engagement, describing the auditor’s procedures for evaluating the auditee’s internal control, and control risk assessment and control testing in performing the audit. The topics presented in Chapters 5 through 9 provide a basis for developing an appropriate overall strategy for the audit, the detailed audit plan, and specific programs used to perform the audit. Chapter 10 covers the pervasive concept of audit testing, the major categories of risk that arise in a sampling context and how these relate to audit risk, how testing is affected by the audit risk model, and how representative testing can be implemented using the most simple formulas and tables from statistical sampling. An extensive appendix to Chapter 10 (Appendix 10B, available on Connect) provides more details on the technical aspects of statistical sampling. Application Cases are used to provide practical perspectives on the planning issues covered in Part 2.
WWW.TEX-CETERA.COM
Preface
xxi
Part 3: Performing the Audit Part 3 contains four chapters that address performing the work set out in a detailed audit plan for the main business processes that will need to be managed in every organization, a fifth chapter that wraps it all up with audit completion considerations, and a sixth chapter that covers applying professional judgment. The processes covered are as follows: the Revenues, Receivables, and Receipts Process (Chapter 11); the Purchases, Payables, and Payments Process (Chapter 12); the Payroll and Production Processes (Chapter 13); and the Finance and Investment Process (Chapter 14). Each of these chapters provides an overview of the transactions, balances, and risks of misstatement in the business process, the relevant controls, and auditing procedures. Application Cases are used to illustrate the application of concepts and techniques in practice, and examples of audit programs are provided to demonstrate the kinds of audit procedures that can be used. Each of these chapters also provides an overview of the balance sheet approach as a basis for the overall analysis of the financial statements. Chapter 15 presents various activities involved in completing the audit work, such as the audit of the revenue and expense accounts, overall analytical review, lawyer’s letters, management representation letters, and subsequent events. Chapter 16 provides an overview of issues to consider in the opinion formulation process, including accumulation of misstatements discovered in the audit, adjustments to the financial statements, and the auditor’s formation of the opinion to be expressed in the audit report. This chapter includes a summary of the recently issued ISAs that will require expansion of the specific details auditors will report related to their audit opinions.
Part 4: Advanced Issues in Professional Public Accounting Practice The five chapters in Part 4 (all available on Connect) are designed to stand alone or be integrated piecemeal with the preceding chapters as part of a first course in auditing. However, there is enough material in Part 4 that, when combined with some of the earlier chapters and some readings, such as those indicated in the text, can be the basis for a second, advanced, audit course. Such a course could focus, for example, on auditor problems and judgments in evaluating the quality of financial reporting. Chapter 17 deals with other assurance and some non-assurance services offered by public accounting firms. Chapter 18 covers the more detailed aspects of professional ethics. Chapter 19 is a new chapter devoted to the increasingly important topic of the audit of accounting estimates. The chapter has two parts. Part I clarifies the difficult concepts of CAS 540 using the idea of accounting risk that can be associated with the point estimate concept of CAS 540. Part II deals with the more complex issues of estimation uncertainty associated with reasonable ranges of CAS 540. Estimation uncertainty is analyzed and integrated with the IFRS conceptual framework for financial reporting with the help of the accounting risk concept. This integration guides auditor judgments with respect to appropriate financial reporting. New analytical tools in the form of accounting analytics using market information and Monte Carlo simulations to help verify accounting estimates have been added to the discussion. These tools help make operational critical thinking about the ethics of accounting estimates. Chapter 20 covers auditor legal liability issues in more detail, extending the coverage of this topic beyond the introductory level of Chapter 3. Finally, Chapter 21 covers the conceptual framework for assurance engagements and some specialized assurance engagements. The second half of Chapter 21 covers fraud awareness auditing in more detail. It gives students a better understanding of the mindset and specialized procedures needed to more effectively detect frauds. This chapter has benefited from our association with the Association of Certified Fraud Examiners (ACFE).
PROFESSIONAL STANDARDS This text contains numerous references to, and excerpts from, authoritative statements on auditing standards and to standards governing other areas of practice. Even so, it goes beyond the mere repetition of passages from the standards, concentrating on explaining their substance and operational meaning in the context of making auditing decisions. Instructors and students may wish to supplement the text with current editions of pronouncements published by the International Federation of Accountants (IFAC), CPA Canada, and the Institute of Internal Auditors.
WWW.TEX-CETERA.COM
xxii
Preface
MARKET-LEADING TECHNOLOGY
Learn without Limits McGraw-Hill Connect® is an award-winning digital teaching and learning platform that gives students the means to better connect with their coursework, with their instructors, and with the important concepts that they will need to know for success now and in the future. With Connect, instructors can take advantage of McGraw-Hill’s trusted content to seamlessly deliver assignments, quizzes, and tests online. McGraw-Hill Connect is the only learning platform that continuously adapts to each student, delivering precisely what they need, when they need it, so class time is more engaging and effective. Connect makes teaching and learning personal, easy, and proven. Connect Key Features SmartBook® As the first and only adaptive reading experience, SmartBook is changing the way students read and learn. SmartBook creates a personalized reading experience by highlighting the most important concepts a student needs to learn at that moment in time. As a student engages with SmartBook, the reading experience continuously adapts by highlighting content based on what each student knows and doesn’t know. This ensures that he or she is focused on the content needed to close specific knowledge gaps, while it simultaneously promotes long-term learning. Connect Insight® Connect Insight is Connect’s new one-of-a-kind visual analytics dashboard—now available for both instructors and students—that provides at-a-glance information regarding student performance, which is immediately actionable. By presenting assignment, assessment, and topical performance results together with a time metric that is easily visible for aggregate or individual results, Connect Insight gives the user the ability to take a just-in-time approach to teaching and learning, which was never before available. Connect Insight presents data that empower students and help instructors improve class performance efficiently and effectively. Simple Assignment Management With Connect, creating assignments is easier than ever, so instructors can spend more time teaching and less time managing. Instructors can • Assign SmartBook learning modules • Edit existing questions and create their own questions • Draw from a variety of text-specific questions, resources, and test bank material to assign online • Streamline lesson planning, student progress reporting, and assignment grading to make classroom man-
agement more efficient than ever Smart Grading When it comes to studying, time is precious. Connect helps students learn more efficiently by providing feedback and practice material when they need it, where they need it. Instructors can • Automatically score assignments, giving students immediate feedback on their work and comparisons with
correct answers • Access and review each response; manually change grades or leave comments for students to review • Track individual student performance—by question or assignment or in relation to the class overall—with
detailed grade reports • Reinforce classroom concepts with practice tests and instant quizzes • Integrate grade reports easily with Learning Management Systems including Blackboard, D2L, and Moodle
WWW.TEX-CETERA.COM
Preface
xxiii
Instructor Library The Connect Instructor Library is a repository for additional resources to improve student engagement in and out of the class. It provides all the critical resources instructors need to build their course. Instructors can • Access instructor resources • View assignments and resources created for past sections • Post their own resources for students to use
Instructor Resources The instructor area of Connect includes a variety of resources for faculty: • Instructor’s Solutions Manual. The solutions manual, created by the authors, provides the answers to prob-
lem and assignment material that is featured throughout the text. • Computerized Test Bank. The computerized test bank contains numerous multiple-choice, short-answer,
and essay questions. • Microsoft® PowerPoint® Lecture Slides. The PowerPoint slides offer a summary of chapter concepts for
lecture purposes. • Image Library
Superior Learning Solutions and Support The McGraw-Hill Education team is ready to help you assess and integrate any of our products, technology, and services into your course for optimal teaching and learning performance. Whether it’s helping your students improve their grades, or putting your entire course online, the McGraw-Hill Education team is here to help you do it. Contact your Learning Solutions Consultant today to learn how to maximize all of the resources! For more information on the latest technology and Learning Solutions offered by McGraw-Hill Education and its partners, please visit us online: http://www.mheducation.ca/highereducation/educators/ digital-solutions/.
ACKNOWLEDGMENTS IFAC and CPA Canada have generously given permission for liberal quotations from official pronouncements and other publications, all of which lend authoritative sources to the text. In addition, several publishing houses, professional associations, and accounting firms have granted permission to quote and extract from their copyrighted material. Their cooperation is much appreciated because a great amount of significant auditing thought exists in this wide variety of sources. We are also very grateful to the staff at McGraw-Hill Education, who provided their support, management skills, and ideas—especially our editorial team, whose hard work and attention to detail kept us on track and transformed what we wrote into a book. A special acknowledgment is due to Stephen Spector, CGA, Simon Fraser University, who gave very insightful and thorough feedback on early drafts of the sixth and seventh editions. Many of you know Stephen from manning the CGA booth at CAAA conferences over many years. We finally got a chance to work closely with Stephen, and we must say he contributed greatly to improving the textbook and the instructor’s manual. Many thanks, Stephen! Of course, any remaining errors are our responsibility. A special acknowledgment is also due to Joseph T. Wells, former chairman of ACFE. He created the Certified Fraud Examiner (CFE) designation. Mr. Wells is a well-known authority in the field of fraud examination education, and his entrepreneurial spirit has captured the interest of fraud examination professionals throughout North America.
WWW.TEX-CETERA.COM
xxiv
Preface
Special acknowledgment is also due to Steven E. Salterio of Queen’s University. Steven contributed greatly to the strategic systems approach to auditing used in this text. Special thanks go to Enola Stoyle for material that was adapted in various forms in this text. We are grateful to many people involved in the auditing profession in various roles who generously shared their time and ideas with us over the years as the new materials for the book took shape in our minds and on paper, including Keith Bowman, Gary Peall, Rebecca Yosipovich, Dawn McGeachy-Colby, Jim McCarter, Terri McKinnon, Dinh N. Tran, Murad Bhimani, Phil Cowperthwaite, Brian Leader, Susan Cox, participants at the auditing educators’ workshop sessions held at the Ted Rogers School and the CAAA during 2011, Joanne Jones, Martha Tory, Luke Baxter, Borden Rhodes, Zak Bensiddick, Sunmin Groot, Jean Bédard, Janne Chung, Susan McCracken, Steve Fortin, Genviève Turcotte, John Carchrae, James Sylph Alan Willis, Robert Langford, Andre de Haan, Joy Keenan, Sylvia Smith, Dianne Hillier, Jan Munro, Greg Shields and the AASB staff, Karen Duggan, Rand Rowlands, Mark Davies, Mark Lam, and Vaani Maharaj. Thank you very much to Catherine Barrette for providing a number of challenging new end-of-chapter questions for this edition. We would like to acknowledge our appreciation for the great academics and practitioners who influenced us in various ways as we developed this text, including Ron Gage, Al Rosen, Randy Keller, Don Cockburn, Dagmar Rinne (rest in peace, Dagmar), Morley Lemon, Ingrid Splettstoesser-Hogeterp, Don Leslie, Larry Yarmolinsky, Bill Scott, Efrim Boritz, Joel Amernic, Donna Losell, Ulrich Menzefricke, Russell Craig, Kevin Lam, Yoshihide Toba, Takatoshi Hayashi, Ping Zhang, Hung Chan, Len Brooks, Manfred Schneider, and Irene Wiecek. Also, we have been inspired often by Rod Anderson’s 1984 text, The External Audit, which set out a logical, conceptual framework for auditing that still stands the test of time. This text could not have been completed without the cooperation and input of our many auditing students who have shared their perspectives with us over the years. We thank them greatly for their contributions and for encouraging us to make the text ever clearer. And, lastly, our sincere thanks go out to the reviewers of this seventh edition for their careful review and many detailed and candid comments. We are deeply grateful to all the reviewers who have so diligently read our early chapter drafts and taken so much time to share their experience and wonderful, inspiring examples of how they teach auditing concepts. In each edition, we try to incorporate as many of these excellent ideas and suggestions as our publication page constraints allow: Shiraz Charania, Langara College Susan Deakin, Fanshawe College Mohamed Dirira, University of New Brunswick Shelley Donald, University of Waterloo Amanda Flint, Trinity Western University Ernie Kerst, Sheridan Institute of Technology Camillo Lento, Lakehead University Erin Marshall, University of Alberta Jagdish Pathak, University of Windsor Wendy Popowich, Northern Alberta Institute of Technology Linda Robinson, University of Waterloo Alla Volodina, York University Cheryl Wilson, Durham College Brad Witt, Humber College Wally Smieliauskas and Kate Bewley July 2015
WWW.TEX-CETERA.COM
PA R T 1 Introduction to Auditing, Public Practice, and Professional Responsibilities
C H A P T E R
1
Introduction to Auditing Chapter 1 is an introduction to auditing, especially financial statement auditing. Other accounting courses helped you learn the principles and methods of accounting, but here you will begin to study the ways and means of auditing—the verification of accounting and other information.
L EAR NING OBJE CT I VE S After completing this chapter, you will be able to do the following: LO1
Explain the importance of auditing.
LO2
Distinguish auditing from accounting.
LO3
Explain the role of auditing in information risk reduction.
LO4
Describe the other major types of audits and auditors.
LO5
Provide an overview of international auditing and its impact on Canadian Auditing Standards.
LO6
(Appendix 1A) Explain how to become a professional accountant in Canada.
LO7
(Appendix 1B) Distinguish alternative theories of the role of auditing in a society.
CHAP T ER APP ENDIC E S APPENDIX 1A
How to Become a Professional Accountant in Canada (on Connect)
APPENDIX 1B
Alternative Theories of the Role of Auditing in Society (on Connect)
1
WWW.TEX-CETERA.COM
2
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EcoPak Inc. Throughout this text, each chapter will open with an episode of the EcoPak Inc. case study. This case study will provide you with a practical context to examine perspectives on how audits are actually performed and to study the important role of the financial statement audit. The EcoPak Inc. case study is a fictional case based on a composite of real events and issues that arise in financial reporting for a growing business. Kam and Mike have been best friends since high school. While at university, Kam studied business, and Mike studied environmental engineering, but they both ended up finding jobs with Waterfalls Inc., a large 100-year-old public company in the paper and packaging industry. After a few years spent working their way up Waterfalls’ corporate ladder, both Kam and Mike are doing quite well. Often, though, when they meet up for lunch, the two of them reminisce about all the ideas they had had years before for businesses they could start up. Kam’s aunt, Zhang, is a very successful entrepreneur in the recycled-paper industry, and Kam had always hoped to follow her path. One day while golfing with Georgina, Waterfalls’ chief financial officer, Kam learns that Waterfalls’ board has decided to sell off the poorly performing manufacturing division, StyreneTech Inc., Waterfalls’ 100%-owned subsidiary producing polystyrene-foam packaging products for the food services industry. According to Georgina, StyreneTech’s poor performance is due to changes in demand for polystyrene-foam packaging; environmental regulations favouring other materials; and a major fraud in which a purchasing manager was diverting shipments of ethylene raw material to another factory, of which he was part owner. Georgina hints to Kam that Waterfalls’ board would favour a management buyout “to avoid having a lot of venture capitalists sniffing around.” Kam tells Mike about this right away, and the wheels start turning. Mike meets with StyreneTech’s operations manager and, from their conversation, sees a huge opportunity to move the StyreneTech packaging business into the 21st century by converting its production over to new biomass-based materials, which are biodegradable and made from renewable resources. This would address the environmental concerns and costs that have been dragging StyreneTech’s performance down. Once Kam gets his Aunt Zhang interested in the investment, things move quickly. Kam and Mike start looking into the financial side of buying out the StyreneTech business. A large investment from Zhang is needed to come up with the amount Waterfalls wants for the StyreneTech shares. Since Waterfalls owns 100% of StyreneTech, it must present its shareholders with audited consolidated financial statements (i.e., statements that include the accounts of StyreneTech). Waterfalls’ auditors, Grand & Quatre, Public Accountants (G&Q), provided an opinion that Waterfalls’ consolidated financial statements were fairly presented at its last fiscal year-end. Georgina gives Kam a copy of StyreneTech’s most recent stand-alone–entity financial statements and tells him that while these financial statements have been “reviewed for accuracy” by Waterfalls’ internal auditor, they are only needed for tax purposes, so Waterfalls does not pay to have G&Q audit them. Zhang, however, demands audited financial statements for StyreneTech before she will invest. Kam took just a couple of accounting courses in business school, and Mike does not know anything about financial statements at all, so they are beginning to feel overwhelmed, not really understanding why Zhang wants audited financial statements or how they would get them. Luckily, Mike’s sister Nina is a professional accountant working for a mid-sized public accounting firm as an audit manager. Nina agrees to come in on weekends to help them with their finance and accounting, in exchange for shares in the company if they ever get it going. They ask Nina about the audited financial statements. Mike knows about Canada Revenue Agency (CRA) tax auditors—if the StyreneTech financial statements were done for tax reasons, wouldn’t that mean they have been audited by a government auditor, someone famous like the Auditor General of Canada, maybe? And what about the internal auditor—why isn’t Zhang satisfied with the internal auditor’s review of the StyreneTech financial statements? Nina explains that the StyreneTech financial statements should be audited by independent public accountants (PAs), such as G&Q, because this will give all the prospective investors assurance that the most reliable information about StyreneTech’s financial condition and performance is presented. Because G&Q will be independent of Waterfalls’
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
3
management, and it will perform an examination of Waterfalls’ records to support their opinion that the financial information is reliable, this can lessen the investors’ concerns that management may be biasing the results upward to get a higher selling price. While Zhang, Kam, and Mike do not have access to StyreneTech’s financial information, nor do they have the expertise to assess its reliability, the auditor will do it on their behalf and thus reduce the risk that they are getting biased or inaccurate information. This makes sense to Kam and Mike—it would be too risky to buy the shares of StyreneTech without getting the audited financial statements. Kam relays this to Georgina, who sighs and says, “Okay, we were going to have to do that eventually anyway, to sell it to venture capitalists, so we will get G&Q to audit the StyreneTech financial statements and get them to you within four weeks.”
The Essentials of Auditing, Public Practice, and Professional Responsibilities Auditing is the verification of information by someone other than the one providing that information. While many types of information can be audited, this text focuses on audits of an entity’s financial statements, which summarize the entity’s transactions and business events over a period. Auditing is important in our society because many economic activities are set up as three-party accountability arrangements. In a three-party accountability structure, one party has to rely on the actions and information provided by another party, who may not share the same interests. For example, if the owner of a business (principal) hires a manager (agent) to operate the business, the owner may have a long-term perspective on the sustainability of the business, and the manager may have much shorter term goals. The owner could have concerns that the manager will provide overstated reports of profit to hide poor performance, or take out higher executive compensation than the business can sustain for the long run. There is a risk, which we call information risk, that financial statement information will not be a full, true, and fair representation of the transactions and events that occurred and hence will not be reliable for economic decision making. Unreliable financial statements mean that the financial statements are so full of errors and omissions that the information risk is sufficiently high to mislead users of the financial statements. In other words, financial statements with high information risk result in unethical reporting. Information risk can be reduced by having another party, the independent auditor, verify how well the information reflects the underlying realities of the entity’s operations. The auditor should have no conflict of interest regarding the financial reporting and should be objective, so that the auditor’s opinion has value in providing assurance to users of financial statements that the information can be relied on. Unfortunately, auditors sometimes fail to reduce information risk because they lack independence or don’t do an effective job of verification, which has resulted in some highly publicized financial calamities, such as Enron, Parmalat, and Sino-Forest. Events such as these have increased the responsibilities of auditors to detect unethical reporting of all kinds—a very big challenge facing auditors today. How exactly does an independent audit reduce information risk? First, note that auditors are professionals who can offer their accounting and auditing services to the public. Professionals are expected to be competent in their area of specialty and to put the interests of public users of their services ahead of their own interests. The accounting/auditing profession issues standards for quality control in accounting firms, education and qualification of members who will provide public accounting services such as audits, and ethical conduct codes. For auditing, the profession issues standards and guidelines for how to perform an examination that will give the auditor reasonable assurance that financial statements are fairly presented (i.e., not materially misstated), and for how to communicate the conclusions drawn to others. The concept of reasonable assurance describes a mental attitude that the auditor gains from the conclusions drawn from audit examination findings. Based on the examination, if
WWW.TEX-CETERA.COM
4
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
the auditor believes the financial statements to be fairly stated, the auditor will communicate this belief to financial statement users as an opinion in the Auditor’s Report. This opinion, in essence, provides a high level of assurance to the user that the auditor believes that the information risk is low and has evidence to support that belief. An important insight from the three-party accountability perspective is that preparing financial accountability information is not the same thing as auditing it. In fact, the person who prepares financial information cannot audit it because they could never really be objective about it. As a result, the use of an auditing function is seen in a wide range of accountability situations besides financial reporting, such as government spending, taxation, operational audits, assessing environmental contamination, and fraud investigations. Many members of the auditing profession are not involved in offering audit or other assurance services to the public, and may work in related areas such as general accounting, tax, and consulting. They are still required to adhere to all the professional standards relevant to their work. Over time, the development of professional standards for accounting and auditing has been shifting toward international bodies, leading to more global convergence in accounting and auditing practices.
Review Checkpoints 1-1 Using the example of a business with an owner, a hired manager, and an independent financial statement auditor, apply the three-party accountability structure: Which party would be the first, the second, and the third party in the model? For what is each party accountable? 1-2 What does the concept “reasonable assurance” refer to? How does it relate to information risk reduction?
Introduction: The Concept of Auditing LO1
Explain the importance of auditing.
Auditing is a field of study that has received considerable media attention lately. In the business press, auditrelated issues are mentioned daily. Headlines such as “The Dozy Watchdogs,” “The Betrayed Investor,” “Dirty Rotten Numbers,” and “Accounting in Crisis” indicate that the attention has not all been positive. This reality arises from the fact that auditing is critical to the proper functioning of capital markets, and if audits are perceived to fail, then capital markets can do the same. Without effective audits, modern capital markets cannot fulfill their role as efficient economic systems leading to high living standards. A European Commission Green Paper1 has concluded that auditors, regulators, and corporate governance are key contributors to financial stability and economic growth. An example of an effective auditor is shown in the box below.
An Effective Auditor Molex Incorporated is a $2.2 billion electronics manufacturer headquartered in Chicago. In late 2004 Molex’s auditor, Deloitte & Touche, complained that CEO J. Joseph King and his CFO had not disclosed that they allowed a bookkeeping error worth 1% of net income into the audited results. When the auditor demanded on November 13 that King be removed from office, the board initially stood behind the CEO with a unanimous vote. Then Deloitte did something unexpected: It quit. Two weeks later the firm wrote a blistering and detailed account of the affair for public disclosure at the U.S. Securities and Exchange Commission (SEC). That virtually assured that no auditor would work for Molex again as long as King was in charge. Within 10 days the directors had eaten crow: They ousted King, promised to hire a new director with financial expertise for their audit committee, and agreed to take training classes in proper financial reporting. Source: “The Boss on the Sidelines,” BusinessWeek, April 25, 2005, p. 94.
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
5
The preceding example illustrates the work of effective auditors in the business environment of the 21st century. In modern business, the role of auditing is so critical that references can be made to audit societies. In audit societies, economic activities (and other politically important ones) are extensively monitored to ensure market efficiency. In these societies, auditors also monitor the effectiveness and efficiency of government. For example, the political uproar surrounding Canada’s Gomery commission inquiry in 2005 was the result of an audit of questionable sponsorship payments that yielded “no value” for taxpayer money spent. As a result of this and similar events, auditing is increasingly recognized as part of a broader process of social control. This expanding role is at the heart of the audit society concept.2 But what is auditing, exactly? Simply put, auditing is the verification of information by someone other than the one providing that information. Since there are many types of information, there are many types of audits. Most of this text focuses on audits of financial statement information, or financial statement auditing for short. Before describing auditing in more detail, we will try to make financial statement auditing more intuitive through a simple illustration.
A Simple Illustration of the Importance of Auditing Assume you have always wanted to run your own business—say, a Thai food restaurant. After some searching, you find an owner who wants to retire and is willing to sell his busy restaurant in a choice location of a major metropolitan area for $3 million. One of the first things you ask yourself is whether the business is worth the $3 million asking price. How can you answer that? You could find out the price of similar properties—comparison shop. But, ultimately, you must decide on the value of this particular business. Accounting information is useful in answering these types of questions: What is the business’s net worth (Assets – Liabilities)? What is its profitability? The owner of the restaurant may claim annual profits of $600,000. First, you want to reach an agreement on how that profit is calculated: on a cash basis? before tax? after tax? under generally accepted accounting principles (GAAP)? These are the criteria you might use in measuring the profitability (earnings) of the business. Having decided on the criteria for measurement, you need to use a decision rule with your measurement. Businesses are frequently valued on some multiple of earnings. For example, if you are willing to pay five times current earnings (calculated using your agreed-upon criteria) and the current owner reports $600,000 in earnings annually, you would be paying five times $600,000 or $3 million for the business. You need accounting information to establish that $600,000 is the current earnings number. But the owner prepares the accounting records. How do you know they are accurate? There may be errors or, worse, the owner might inflate earnings to get a higher price than the business is worth. For example, if the owner is overstating the earnings and they are only $500,000, the most the business is worth to you is five times $500,000, or $2.5 million, rather than $3 million. In other words, you are concerned about the risk of overpaying for your investment. What can you do to minimize this risk and give yourself assurance? Hire an auditor! The auditor can help you by verifying that the $600,000 figure reported by the current owner is accurate. The earnings can be calculated
audit societies: the term coined by Michael Power for societies in which there is extensive examination by auditors of economic and other politically important activities
auditing: the verification of information by someone other than the one providing that information
WWW.TEX-CETERA.COM
6
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
on whatever basis you agree to, usually generally accepted accounting principles (GAAP), such as International Financial Reporting Standards (IFRS) for publicly accountable enterprises and Accounting Standards for Private Enterprises (ASPE) for private enterprises, which you have studied in your financial accounting courses. The auditor can independently and competently verify the earnings so that you will have more confidence (assurance) in the numbers upon which you base your decision. The auditor increases the reliability, or reduces the risk, of using inaccurate information in your decision making (i.e., the auditor reduces information risk). For example, if the auditor finds that earnings are really $400,000, you should be unwilling to pay more than five times $400,000, or $2 million, for the restaurant. The difference between the original asking price ($3 million) and what you should actually pay ($2 million) is the value of the audit—in this case $1 million. If the audit fee is less than $1 million, you are, therefore, better off having an audit. This simplified example illustrates the value of auditing in investment decision making. But it also shows how auditing can provide other, more general, social services. For example, the restaurant owner can retire with a fair price for his business, and you can achieve your dreams of owning a restaurant and being your own boss. These are accomplished by using a fair exchange price based on reliable (accurate, trustworthy) information. The transaction entries that you learn in your accounting courses are part of the raw data auditors deal with. All of the transactions over a period are summarized in financial statements. When auditors verify the reliability of this information, they reduce the information risk associated with financial statements. Now, imagine this illustration extended to all investors contemplating even partial ownership of a business—for example, investors in the stock market—and you will have some idea of how auditing can facilitate efficient economic activities by reducing financial information risk. And when auditors fail to do a proper job of verification (i.e., fail to reduce information risk), the type of headlines noted at the beginning of this section can result. When you make an investment, you agree to enter into a contract to purchase from another party. The auditor can be called the first party and the seller the second party. Notice, however, that there is a third party—you, the investor. The auditor is an independent party hired to verify information provided by the second party. The auditor is hired because you, the third party, do not trust the information provided by the second party. You feel the information risk is too high; therefore, the first party will provide you with independent verification. We refer to this relationship throughout the text as three-party accountability. Note that in the EcoPak Inc. example at the beginning of this chapter, Aunt Zhang is the one demanding the audited financial statements for StyreneTech. She wants reliable, trustworthy information on the prospects for StyreneTech before she is willing to make an investment in it. She wants the information risk on StyreneTech to be sufficiently low (meaning the information has a higher chance of being complete and true) before she is willing to act on that information. Information risk is discussed in more detail later in this chapter. In an audit society, three-party accountability is so institutionalized that regulators require certain second parties to pay for the audit. In particular, companies whose shares are traded on regulated stock exchanges (public companies) are required to hire an independent auditor to verify the annual financial statements. The accountability is still three party because the audit’s purpose is to reduce information risk for the third party, but the public company, the second party, pays the audit fee. It is important to remember that three-party accountability is not determined by who pays the fee. Exhibit 1–1 indicates how three-party accountability applies to the Molex and Thai restaurant examples. In the exhibit, accountability is represented as a triangle with the auditor of the financial information, the
generally accepted accounting principles (GAAP): those accounting methods that have been established in a particular jurisdiction through formal recognition by a standard-setting body, or by authoritative support or precedent, such as the accounting recommendations of the CPA Canada Handbook
three-party accountability: an accountability relationship in which there are three distinct parties (individuals): an asserter, an assurer, and a user of the asserted information
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
7
EXHIBIT 1–1
Three Parties Involved in an Auditing Engagement (Three-Party Accountability) User(s) (e.g., you, as buyer of Thai Restaurant, shareholders of Molex)
Conclusion
Auditor
SUBJECT MATTER
Accountability
Accountable party (management of Molex, seller of Thai Restaurant)
management preparing the financial information, and the users of the financial information at the vertices. The triangle reflects an accountability relationship because management is accountable to the users. However, the users cannot rely on financial statements, as they do not trust management sufficiently; they demand that financial statements be verified by a competent, independent auditor. Thus, the auditor is also accountable to the user. Three-party accountability is an important distinguishing feature of auditing. Note that the concept of three-party accountability means that the auditor is expected to act in the interests of the user of financial statements. If the owner of the Thai restaurant gives you an audited set of financial statements, you are entitled to assume that the auditor has not misled you. This is an important point because if you could not assume the auditor is trustworthy, the relevance of the audit would largely disappear, leaving little, if any, role for the audit in society. Thus, it is extremely important to the audit profession that the auditor be perceived as acting in the interests of the financial statement users (i.e., the third parties), also referred to as acting in the public interest. Later in this text, you will see how the public interest is reflected in the objectives of the audit engagement, in auditors’ legal liability, and in the professional rules of conduct that determine the auditor’s professional role. Three-party accountability is also important because it distinguishes the type of services that only certified or licensed practitioners can provide (depending on the province) from other services, such as tax work and business-advisory services, which anyone can provide. Audits are part of a broader class of services called assurance engagements that are restricted to qualified chartered or licensed accounting professionals (licensed CPAs). This licensing or certification is required to protect the public interest that arises from three-party accountability. Public accounting is the term given to services that give rise to three-party accountability and the requirement to act in the public interest. Examples of third parties to which chartered or certified public accountants are accountable include the reporting firm’s shareholders, lenders, regulators, employees, customers, suppliers, various levels of government, and the general public. Three-party accountability applies to all assurance engagements. We will clarify these important concepts throughout the rest of the text. For now, think
accountability relationship: a relationship in which at least one of the parties needs to be able to justify its actions or claims to another party in the relationship
acting in the public interest: acting in the interests of the users of the financial statements; also, more generally, fulfilling the social role expected of the professional accountant
WWW.TEX-CETERA.COM
8
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
of three-party accountability as reducing the risk on information created by the second party, the preparer of the information, to foreseeable third parties who use the information. Reducing information risk is synonymous with improving the credibility of, or providing assurance on, information produced by the second party.
Agency Theory and Accountability Three-party accountability is a special case of the agency problem of economic theory. Whenever a task is delegated by one party (the principal) to another (the agent), it can create a potential “agency problem.” Agency problems occur when three conditions are present in an agency relationship: (a) the agent has objectives that are different from those of the principal, (b) the agent has more information than the principal does (information asymmetry), and (c) the contract between the two is incomplete in that not every possible contingency can be anticipated. Agency theory is the study of how contracts can be designed to mitigate the agency problem. Various solutions to this problem are discussed in Appendix 1B. The basic relationships are illustrated in Exhibit 1–2. The arrows indicate the direction of accountability in the basic agency relationship between the management (agent) and the shareholder/owner (principal) of a firm. Management is the party accountable to the owners, and one way it satisfies this accountability is by preparing financial statements. Financial statements are one way of monitoring how well management is running the firm. However, there is a potential problem in that management may bias its statements, making financial statements less credible. The auditor comes in as an outside, independent accounting expert to verify the accuracy of financial statements, thereby adding credibility to the statements. The auditor, thus, helps monitor management. EXHIBIT 1–2
Agency Theory and Accountability Agent (management)
Second Party
Management demand for audit to increase credibility of financial statements Accountable to Principals
Agent issues financial statement as part of accountability
Auditor audits financial statements for accuracy
Auditor’s report on financial statement
Principals, capital providers (shareholders, creditors, owners)
First Party
Auditor is accountable for accuracy of audited report
Third Party
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
9
The important thing to note about Exhibit 1–2 is that the auditor is primarily accountable to the principal (owner or capital provider) and not to management, which, acting on behalf of the company, has historically hired and authorized payment for audit services. This fact can create a conflict of interest problem for the auditor that affects the auditor’s independence in verifying the accuracy of management’s statements. The auditor cannot help monitor management if the auditor is not independent of management. This helps explain the importance of auditor independence that is stressed throughout this text, an importance that arises from the objective of meeting thirdparty needs. Auditor independence and third-party needs also greatly shape ethical reasoning in an audit context, as we will see in Chapter 3. Later in this text, you will learn how corporate governance changes have strengthened three-party accountability by separating various functions that used to be centralized in top management. For now, the important point is that third-party capital providers do not have access to the same information as management, something referred to in the next section as the “remoteness” of accounting information to third-party users. We hope you have found the preceding illustrations useful. Next, we further clarify the roles of accounting and auditing in the financial reporting environment.
User Demand for Reliable Information LO2
Distinguish auditing from accounting.
Accounting The following three underlying conditions affect users’ demand for accounting information: 1.
Complexity. A company’s transactions can be numerous and complicated. Users of financial information are not trained to collect and compile it themselves. They need the services of professional accountants.
2.
Remoteness. Users of financial information are usually separated from a company’s accounting records by distance and time, as well as by lack of expertise. They need to employ full-time professional accountants to do the work they cannot do for themselves.
3.
Consequences. Financial decisions are important to the state of investors’ and other users’ wealth. Decisions can involve large dollar amounts and massive efforts. The consequences are so important that good information, obtained through the financial reports prepared by accountants, is an absolute necessity.
Accounting is the process of recording, classifying, and summarizing into financial statements a company’s transactions that create assets, liabilities, equities, revenues, and expenses. It is the means of satisfying users’ demands for financial information that arise from the forces of complexity, remoteness, and consequences. The function of financial reporting is to provide statements of financial position (balance sheets), statements
conflict of interest: a situation faced by a professional accountant in which there may be a divergence between the interests of two (or more) parties (e.g., clients) for whom the professional accountant undertakes a professional activity, or between the interests of the professional accountant and the interests of such parties, that could create a threat to the professional accountant’s objectivity or other fundamental ethical principles
accounting: the process of recording, classifying, and summarizing into financial statements a company’s transactions that create assets, liabilities, equities, revenues, and expenses
financial reporting: the broad-based process of providing statements of financial position (balance sheets), statements of results of operations (income statements), statements of results of changes in financial position (cash flow statements), and accompanying disclosure notes (footnotes) to outside decision makers who have no internal source of information such as the management of the company has
WWW.TEX-CETERA.COM
10
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
of results of operations (income statements), statements of results of changes in financial position (cash flow statements), and accompanying disclosure notes (footnotes) to outside decision makers. A company’s accountants are the producers of such financial reports. In short, accounting tries to record and summarize economic reality for the benefit of economic decision makers (the users). Because of advances in information technology (IT), the form and location in which accounting records are stored has changed dramatically over the past few decades. Although these changes have affected the form of audit evidence, the basic role of verification for users and their decision-making needs has not changed. The goal of GAAP, which you study in your financial accounting courses, is to yield financial statements that represent as faithfully as possible the economic conditions and performance of a company. This is why GAAP are the most common criteria used in preparing financial statements. However, as illustrated in the introduction, auditors are independent financial reporting experts who are frequently asked to verify that these goals are met.
Review Checkpoints 1-3 Explain how the auditor can help you in your investment decision making. 1-4 Why would Aunt Zhang in the EcoPak Inc. case want audited financial statements even if she has to pay extra for them?
More on Auditing Financial decision makers usually obtain their accounting information from companies wanting loans or selling stock. This is a potential conflict of interest, a condition that leads to society’s demand for audit services. Users need more than just information; they need reliable, error-free information. Preparers and issuers (directors, managers, accountants, and others employed in a business) might benefit from giving false, misleading, or overly optimistic information. The potential conflict is real enough to generate a natural skepticism on the part of users. Thus, users depend on external auditors, professional accountants who serve as objective intermediaries and add credibility to financial information. This “adding of credibility” is also known as providing assurance, and external auditing of financial statements is described as an assurance engagement. Auditing does not include financial report production. That function is performed by a company’s accountants under the direction of management. Auditors determine whether the information in the financial statements is reliable, and they communicate this conclusion to the users by reporting that the company’s presentation of financial position, results of operations, and cash flow statement are in accordance with GAAP, or some other disclosed basis of accounting. This is the assurance provided by the assurance function, as it relates to the traditional financial statements. Assurance requires three-party accountability, as discussed previously. To achieve threeparty accountability, auditors must not be involved in producing the information audited. Auditors can provide a range of services in addition to audits, and so they are frequently referred to as public accounting firms.
information technology (IT): the hardware and software needed to process data
external auditors: auditors who are outsiders and independent of the entity being audited
providing assurance: the adding of credibility to financial information by objective intermediaries
assurance engagement: an engagement in which the auditor adds either reasonable (high) or moderate (negative) levels of assurance
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
11
External auditors work for clients. A client is the person (company, board of directors, agency, or some other person or group) who retains the auditor and pays the fee. In financial statement audits, the client and the auditee are usually the same economic entity. The auditee is the company or entity whose financial statements are being audited. Occasionally, the client and the auditee are different entities. For example, if Conglomerate Corporation hires and pays the auditors to audit Newtek Company in connection with a proposed acquisition, Conglomerate is the client and Newtek is the auditee. In practice, these two terms are used interchangeably, possibly because the auditee is usually the one paying the auditor. As explained previously, reliable financial information helps make capital markets efficient and helps people understand the consequences of a wide variety of economic decisions. External auditors practising the assurance function are not, however, the only auditors at work in the economy. Bank examiners, CRA auditors, provincial regulatory agency auditors (e.g., auditors with a province’s Commissioner of Insurance), internal auditors employed by a company, and the Office of the Auditor General of Canada (OAG) (or a provincial equivalent) all practise auditing in one form or another. Many acronyms are associated with various auditing associations and auditors. The acronyms are part of the jargon of the profession. Professional judgment is a widely used concept in accounting and auditing. It is defined in Canadian Auditing Standard (CAS) 200, paragraph 13(k), as “the application of relevant training, knowledge, and experience, within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement.” Professional judgment is a process used to reach a well-reasoned conclusion. Professional judgment is based on the relevant facts and circumstances at the time the audit decision is made. Professional judgment is critical to effectively performing an audit. Auditors use professional judgment to focus on the most important aspects of an audit. These include determining the nature, timing, and extent of audit procedures and evaluating the appropriateness of the application of GAAP by management. Professional judgment also involves identifying reasonable alternatives. Careful and objective consideration of information that may seem contradictory to a conclusion is critical to the appropriate application of professional judgment, which is essential to the appropriate application of accounting and auditing standards. Documentation of professional judgment at the time the judgments are made is also very important. Documentation demonstrates that a sound process was followed and helps the development of a well-reasoned conclusion. This improvement of professional judgment by documentation helps explain why the expression “not documented, not done” is effectively a standard of audit practice. When professional judgment is challenged, contemporaneous documentation shows the analysis of the facts, circumstances, and alternatives considered as well as the basis for conclusions reached. The extent of documentation and effort used in the process will vary with the significance and complexity of an issue. When the professional judgment process is appropriately applied and contemporaneously documented, it is much easier to support and defend the conclusion reached. On the other hand, decisions that appear to be arbitrary; not supported by the facts, evidence, or professional literature; or not well reasoned or well documented are difficult to support.
client: the person or company who retains the auditor and pays the fee
auditee: the entity (company, proprietorship, organization, department, etc.) being audited; usually it refers to the entity whose financial statements are being audited
professional judgment: the application of relevant training, knowledge, and experience, within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the courses of action that are appropriate under the circumstances of the audit engagement
WWW.TEX-CETERA.COM
12
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
All the above attributes of professional judgment require the involvement of individuals with sufficient knowledge and experience. In addition, an attitude of professional skepticism is essential to the professional judgment process. Professional skepticism, a term that appears frequently in auditing literature and speech, is an auditor’s tendency not to believe management assertions but, instead, to find sufficient support for the assertions through appropriate audit evidence. Professional skepticism is an important aspect of professional judgment. Specifically, professional skepticism means recognizing that circumstances causing the financial statements to be materially misstated may exist (CAS 200.15). Note that to implement this concept of skepticism, the auditor first needs to define “misstatement” and “materiality” and then implement them in practice. You will see that doing this appropriately will present its own challenges. The word skepticism is derived from the Greek word skeptesthai, meaning “to reflect, look, or view.” It has evolved from ancient Greek philosophy over 2,300 years old to represent the application of reason and critical analysis in supporting a conclusion. Skepticism as adopted by auditors is an important attitude for fulfilling their duties. A skeptical mindset is the key to detecting fraud or other unethical behaviour. The auditor should always consider whether his or her approach is sufficiently skeptical. Professional skepticism is inherent in applying due care in accordance with professional standards. The business environment that has seen errors and fraud in financial reports dictates this basic level of professional skepticism: A potential conflict of interest always exists between the auditor and the management of the enterprise under audit. This follows from the fact that auditors must add credibility to the financial statements by gathering their own evidence to support their conclusions on the truthfulness and completeness of the financial statements. The belief that the potential for conflict of interest always exists causes auditors to perform procedures in search of misstatements and omissions that would have a material effect on financial statements. This is the primary reason that auditors are demanded and that we have three-party accountability. Professional skepticism tends to make audits more extensive and expensive. The extra work is not needed in the vast majority of audits where there are no material errors, irregularities, frauds, or ethical reporting issues. Still, due audit care does call for a degree of professional skepticism—an inclination to question all material assertions made by management, whether oral, written, or contained in the accounting records. However, this attitude must be balanced by a willingness to respect the integrity of management. Auditors should neither blindly expect that every management is dishonest nor thoughtlessly assume management to be totally honest. The key lies in auditors’ objectivity and in the audit requirement of gathering sufficient appropriate evidence and evaluating financial statement disclosures to reach reasonable and supportable audit decisions. The checklist below summarizes the preceding discussion. Throughout this book you will learn more about how professional judgment, skepticism, and appropriate evidential support for a conclusion all combine to help achieve audits that result in sufficiently low information risk and ethical financial reporting.
Overview of Key Aspects of Professional Judgment in Auditing ✓ Is well reasoned
✓ Determines the nature, timing, and extent of audit procedures ✓ Evaluates the appropriateness of applicable GAAP
✓ Identifies other reasonable alternative accounting treatments
✓ Is performed with a mindset of professional skepticism: an inclination to question management assertions ✓ Is “not documented, not done”: contemporaneous documentation of evidence and reasoning is needed
professional skepticism: an auditor’s tendency to question management representations and look for corroborating evidence before accepting these representations
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
13
Review Checkpoints 1-5 What is auditing? What condition creates demand for audits of financial reports? 1-6 What is the difference between a client and an auditee? What are the three parties in three-party accountability? 1-7 What is the difference between auditing and accounting? 1-8 What conditions create demand for financial reports, and who produces financial reports for external users?
Definitions of Auditing Definitions of Auditing In 1971, the American Accounting Association (AAA) Committee on Basic Auditing Concepts prepared a comprehensive definition of auditing as follows: Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established or suitable criteria and communicating the results to interested users. This definition contains several ideas important in a wide variety of audit practices. The first and most important concept is the perception of auditing as a systematic process that is purposeful, logical, and based on the discipline of a structured approach to decision making. Auditing is not haphazard, unplanned, or unstructured. The audit process, according to this definition, involves obtaining and evaluating evidence consisting of all the influences that ultimately guide auditors’ decisions, and it relates to assertions about economic actions and events. When beginning an audit engagement, an external auditor receives financial statements and other disclosures by management that are management’s assertions about economic actions and events (assets, liabilities, revenues, expenses). Evidence is then gathered to either substantiate or contradict these management assertions. External auditors generally begin work with explicit representations from management—assertions of financial statement numbers and information disclosed in the notes to financial statements. When these assertions are made explicit in writing by the accountable party (the asserter), the resulting audit engagement is referred to as an attest engagement. Financial statements are an example of written assertions, and thus the audit of financial statements is an attest engagement. Not all auditors are provided with such explicit representations. An internal auditor, for example, may be assigned to evaluate the cost-effectiveness of the company’s policy to lease rather than purchase equipment. A government auditor may be assigned to determine whether the goal of creating an environmental protection agency has been met by the agency’s activities. Often, these latter types of auditors must develop the explicit standards of performance for themselves. This type of engagement is called a direct reporting engagement. The purpose of obtaining and evaluating evidence is to determine the degree of correspondence between the assertions and suitable criteria. The findings will ultimately be communicated to interested users. To attest engagement: when a public accountant is hired to perform procedures and issue a report resulting from those procedures that affirms the validity of an assertion; also known as an attestation engagement
direct reporting engagement: a type of assurance engagement in which the assertions are implied and not written down in some form
WWW.TEX-CETERA.COM
14
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EXHIBIT 1–3
Overview of Financial Statement Auditing Footnotes Assertions about Cash flow statement economic actions and events Income statement Balance sheet Objective outsider Independent auditor
Obtains and evaluates evidence
Other communications
Knowledge of client’s business, observation of physical assets, inquiry of managers, confirmations from outsiders, inspection of documents
Ascertains degree of correspondence
Audit report
Generally accepted accounting principles
communicate in an efficient and understandable manner, there must be a common basis, or suitable criteria, for measuring and describing financial information. These suitable criteria appear in a variety of sources. For external auditors, government auditors, and CRA inspectors, the criteria largely consist of GAAP. CRA inspectors also rely heavily on criteria specified in federal tax acts. Government auditors may rely on criteria established in legislation or regulatory agency rules. Bank examiners and provincial insurance board auditors look to definitions and rules of law. Internal and government auditors rely extensively on financial and managerial models of efficiency and economy, as well as on GAAP. All auditors rely to some extent on the elusive criteria of general truth and fairness. Exhibit 1–3 depicts an overview of financial statement auditing.
Audit Objective and the Auditor’s Report The AAA definition of auditing is broad and general enough to encompass external, internal, and governmental auditing. In Canada, the CASs, as issued by Chartered Professional Accountants of Canada (CPA Canada), set forth the main objective of a financial statement audit as follows: The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.3
Chartered Professional Accountants of Canada (CPA Canada): the professional body of chartered professional accountants in Canada
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
15
The CPA Canada statement of objective restricts auditing interest to external auditors’ audit of the traditional financial statements and accompanying notes. However, as the needs of users change, new audit objectives and reports are created to meet them. Thus, the CPA Canada Handbook also offers guidance on such divergent topics as reporting on control procedures at service organizations, solvency issues, and examining a financial forecast in a prospectus. A set of evolving “assurance standards” provides a framework governing a wide range of assurance services, including audit services. These expanding standards indicate a corresponding demand for new types of audits and an expanded social role for auditing. This is consistent with an evolving audit society. Historically, the demand for an expanded role for auditing has grown faster than standard setters’ ability to meet the public’s expectations of audits. As a result, an expectations gap has developed between what the public expects of auditors and what auditors can actually deliver. For example, historically, the public has expected auditors to take on more responsibility for fraud detection and ethical reporting than the standards required. In addition, many people assume that audited financial statements are exact to the nearest penny and that there are no uncertainties associated with financial statements. The expectations gap is discussed further in the context of ethical reporting in Appendix 1B. The auditor’s opinion on financial statements is expressed in the second paragraph of the audit report. This is the culmination of the auditor’s work, and almost everything that you will be studying in this text is geared to supporting this conclusion. Hence it is very important! A standard report is shown in Exhibit 1–4. This is the report that will be required on audits after December 15, 2016. The report to be used before that date is given in Exhibit 1–5. Chapter 4 explains this and other audit reports in more detail. For now, we highlight some key features of it, beginning with the second paragraph. The key words in the second paragraph, the opinion paragraph of the opinion section, are “financial statements present fairly, in all material respects. . . .” This is the auditor’s conclusion, and it is intended for the users of financial statements. The third paragraph, the one that ends with “We believe . . . ,” tells the user on what basis the auditor reached the conclusion. It tells the user of financial statements that there is a link between the opinion and the audit evidence, something that you will be covering in most of this book. The link supports the conclusion, and it explains why you gather audit evidence. What do you think “independent” means in the third paragraph? See the discussion in the Application Case at the end of the chapter. The fourth paragraph describes key audit matters that were considered significant in a particular audit. The fifth, sixth, and seventh paragraphs summarize the responsibilities of management and corporate governance. The eighth paragraph summarizes auditor responsibilities. There is a reference to additional description of responsibilities, which are discussed in Chapter 4. All this is made public to the user of the report so that the issuing auditor should be willing to stand by the claims in the report. To prove that the auditor is not lying about these claims, audit standards require the auditor to document their work during the audit engagement and to demonstrate the basis of their conclusions. In this book, we refer to one of the Canadian Auditing Standards (CASs) as a CAS. Unless otherwise indicated, the equivalent International Standard on Auditing (ISA) is the same number as the CAS number. For example, CAS 700 and ISA 700 refer to the same standard, except for some minor variations, explained later. We refer to each CAS by the number associated with it, such as CAS 700. Exhibit 1–5 is the standard audit report that can be used before December 15, 2016. It is provided here for completeness. In this text we will focus on the report given in Exhibit 1–4.
expectations gap: the difference that can arise between what the public expects of the auditor’s social role and what the professional standards and practices deliver
Canadian Auditing Standards (CASs): the auditing standards in Canada using the equivalent International Standards on Auditing (ISAs) and the same numbering system as the ISAs; the subset of assurance standards dealing with “high” or “reasonable” levels of assurance in assurance engagements
WWW.TEX-CETERA.COM
16
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EXHIBIT 1–4
Independent Auditor’s Report (for audits beginning after December 15, 2016—see Exhibit 1–5 for a standard audit report before this date) INDEPENDENT AUDITOR’S REPORT To the Shareholders of ABC Company (or Other Appropriate Addressee) Report on the Audit of the Financial Statements Opinion We have audited the financial statements of ABC Company (the Company), which comprise the statement of financial position as at December 31, 20X1, and the statement of comprehensive income, statement of changes in equity, and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies. In our opinion, the accompanying financial statements present fairly, in all material respects (or give a true and fair view of), the financial position of the Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS). Basis for Opinion We conducted our audit in accordance with Canadian Auditing Standards (CASs). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Company in accordance with the Provincial Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants together with the ethical requirements that are relevant to our audit of the financial statements in [jurisdiction], and we have fulfilled our other ethical responsibilities in accordance with these requirements and the Code. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Key Audit Matters Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion, thereon, and we do not provide a separate opinion on these matters. [Description of each key audit matter in accordance with CAS 701] Responsibilities of Management and Those Charged with Governance for the Financial Statements* Management is responsible for the preparation and fair presentation of the financial statements in accordance with IFRS,** and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, management is responsible for assessing the Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going-concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so. Those charged with governance are responsible for overseeing the Company’s financial reporting process. Auditor’s Responsibilities for the Audit of the Financial Statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but it is not a guarantee that an audit conducted in accordance with CASs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. [Additional description of auditor responsibilities is required here, or referenced to an appendix to the report, or reference can be made to a website of an appropriate authority that contains the description of the auditor’s responsibilities—the additional description of responsibilities is discussed in Chapter 4 of this textbook.] The engagement partner on the audit resulting in this independent auditor’s report is [name]. [Signature in the name of the audit firm, the personal name of the auditor, or both, as appropriate for the particular jurisdiction] [Auditor Address] [Date] * Throughout these illustrative auditor’s reports, the terms management and those charged with governance may need to be replaced by another term that is appropriate in the context of the legal framework in the particular jurisdiction. ** Where management’s responsibility is to prepare financial statements that give a true and fair view, this may read, “Management is responsible for the preparation of financial statements that give a true and fair view in accordance with IFRS, and for such . . .”
Source: CPA Canada Handbook—Assurance, CAS 700, “Forming an Opinion and Reporting on Financial Statements.”
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
17
EXHIBIT 1–5
Auditor’s Standard Report (until December 15, 2016) To the Shareholders of . . . . . Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity, and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory notes. Management’s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with Canadian generally accepted accounting principles; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s Responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with Canadian generally accepted auditing standards. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statements present fairly, in all material respects, the financial position of ABC Company as of December 31, 20X1, and of its financial performance and its cash flows for the year then ended in accordance with Canadian generally accepted accounting principles. [Auditor’s signature] [Date of auditor’s report] [Auditor’s address] Source: CPA Canada Handbook—Assurance, CAS 700, “Forming an Opinion and Reporting on Financial Statements.”
A Definition of Auditing Relating to “Risk Reduction” LO3
Explain the role of auditing in information risk reduction.
Although it is sometimes difficult to distinguish between a definition and a theory, most statements of theory begin with a definition. The theory that auditing is a “risk reduction activity” is gaining popularity, and the following definition supports this view: Auditing in financial reporting is a process of reducing (to a socially acceptable level) the information risk to users of financial statements.
WWW.TEX-CETERA.COM
18
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Economic activity takes place in an atmosphere of business risk. Business risks result from significant conditions, events, circumstances, or actions that might adversely affect the entity’s ability to achieve its objectives and execute its strategies (CPA Canada Handbook—Assurance, CAS 700, “Forming an Opinion and Reporting on Financial Statements”). Auditors do not directly influence a company’s business risk, but they are responsible for ensuring proper disclosure of these risks by the auditee in the financial statements. As the business world becomes more complex, auditors are finding that they must increasingly focus on understanding the client’s business risks in order to judge whether the financial statements reflect them properly. It is emphasized in auditing that risk is an important part of economic substance that should be reflected in financial reporting. A good illustration of the effects of business risks related to the economic crisis that began in 2008 is given in the “Accounting Blamed for Global Credit Crisis” box below.
Accounting Blamed for Global Credit Crisis Wall Street executives and lobbyists say they know what helped push the nation’s largest financial institutions over the edge in recent months. The culprit, they say, is accounting. Companies including American International Group Inc., the insurer that accepted $85 billion in a U.S. takeover, have said the rule by the U.S. Financial Accounting Standards Board requires them to record losses they don’t expect to incur. Financial service companies have reported more than $520 billion in write-downs and credit losses since last year [2007]. Supporters of the rule say companies seeking the exemption are citing fair value as a way to cover their poor performance. Fair value “is an accounting issue that’s too important to be left just to accountants,” former SEC Chairman Harvey Pitt said in an interview today. Economists, academics and regulators from outside FASB, in addition to accountants, should be involved in considering a new approach to fair value, he said. “What the banks are telling everyone is that the accounting has caused the problem,” former SEC chief accountant Lynn Turner said. “The only thing fair-value accounting did is force you to tell investors you made a bunch of very bad loans.” “. . . The banking lobby is also confusing the role of accounts. These should simply be a true and fair record of management’s stewardship of the business. How the owners, regulators, and tax authorities that read accounts choose to interpret them is their choice. Complaining about what the accounts show, when we’re talking about a system supported by such users of accounts as investors and regulators, is akin to blaming a torch for shining a light on the mess in your cupboard.” As an example of recent accounting challenges, analysts cite Merrill Lynch’s sale of $30.6 billion of collateralized debt obligations, or pools of mortgage-linked assets, to the investment company Lone Star Funds for only 22 cents on the dollar in July [2008]. Jessica Oppenheim, a spokeswoman for Merrill, which this month [September 2008] agreed to be purchased by Bank of America, declined to comment. Advocates for leading financial institutions, including the Financial Services Roundtable and the American Bankers Association, have been raising the issue with government officials in Washington and New York for months. Arizona Sen. John McCain, the GOP presidential candidate, mentioned fair-value accounting as a problem in a recent stump speech. Lobbyists have been seeking temporary relief from the accounting measure, which they say establishes bargainbasement prices for assets that would be valued far higher during more normal trading conditions. The events of last week raised fresh concerns among industry executives who fear that investments sold to the government as part of the $700 billion bailout plan will set a bargain-basement precedent for the rest of the market. Banks also have been fighting their auditors, some of which have reasoned that downmarket conditions have persisted for so long that assets are no longer “temporarily impaired” but now require write-downs and capital infusions. Banking trade association officials are scheduled to meet with SEC regulators this week to discuss the issue, which could prompt some banks to attract new capital to meet regulatory requirements. “The accounting rules and their implications have made this crisis much, much worse than it needed to be,” said Ed Yingling, president of the bankers’ association. “Instead of measuring the flame, they’re pouring fuel on the fire.” Sources: Excerpts from Washington Post, Sept. 23, 2008: D01 (Carrie Johnson); Bloomberg.com, Ian Katz, Sept. 23, 2008; and jennifer.hughes@ ft.com, www.ft.com/accountancy, The Financial Times Limited, 2008.
business risk: the probability that significant conditions, events, circumstances, or actions might arise that will adversely affect the entity’s ability to achieve its objectives and execute its strategies
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
19
Information risk refers to the possible failure of financial statements to appropriately reflect the economic substance of business activities and related risks and uncertainties. It thus includes failure to properly disclose business risk. For example, if a company fails to disclose that it plans to file for bankruptcy, the risk of bankruptcy is a business risk, and failure to disclose it is an information risk. Note that information risk is influenced by the evidence of bankruptcy gathered by the auditor and by the accounting principles and rules (i.e., GAAP) for appropriately disclosing the bankruptcy risk. It is useful to remind yourself at this point that information risk arises from the agency relationship described above as part of the three-party accountability concept. Specifically, information risk arises from the information asymmetry and the conflicts of interest inherent in the agency relationship. Note that it is management (the agent) that must produce the information that is audited by the auditor. Thus it is management, not the auditor, that must accept responsibility for the kind of information provided. The auditor in turn accepts the responsibility for performing an appropriate audit of the information provided by management. Information risk gives rise to the misstatements and omissions in information that auditors are hired to detect and suggest that management correct. That way, auditors reduce information risk, providing assurance that the information is more accurate with the auditor’s involvement. This is why you, investing in the Thai restaurant scenario described earlier, or Aunt Zhang, in the EcoPak Inc. case study, may find it worthwhile to have management-prepared financial statements audited by an external auditor independent of management. The “Accounting Blamed for Global Credit Crisis” box illustrates the consequences of having too much information risk in financial reporting due to changes in accounting measurement concepts such as fair value accounting. Information risk from the auditor’s perspective is the risk (probability) that the financial statements distributed by a company will be materially false or misleading. Materiality, as used in auditing, means the same thing as it does in your accounting courses. Basically, a material misstatement is one that would affect user decision making. For example, in the Thai restaurant illustration, we saw that an investor might invest much less without an audit because the risk of material misstatement in the unaudited financial statements was very high. Financial analysts and investors depend on financial reports for stock purchase and sale decisions; creditors (suppliers, banks, and so on) use them to decide whether to give trade credit and bank loans; labour organizations use them to help determine a company’s ability to pay wages; and government agencies and Parliament use them in preparing analyses of the economy and making laws concerning taxes, subsidies, and the like. All these users cannot determine whether financial reports are reliable and, therefore, low on the information risk scale. They do not have the expertise, resources, or time to enter thousands of companies to satisfy themselves about the veracity of financial reports. Auditors assume the social role of attesting to published financial information, offering users the valuable service of assurance that the information risk is low. This role of auditors has been institutionalized through laws and regulations. It is important to be aware that, from the auditor’s perspective, there are two major categories of information risk. One is the risk of insufficient evidence being gathered on the facts concerning the client’s (auditee’s) economic circumstances. This is referred to as audit risk (account level). The other category is the risk that errors associated with forecasts used in GAAP accounting estimates are not properly disclosed. We refer to this
information risk: the possible failure of financial statements to appropriately reflect the economic substance of business activities
materiality: an audit concept related to an auditor’s judgment about matters, such as errors or omissions in the preparation and presentation of financial statements, that could reasonably be expected to influence economic decisions of people using those financial statements, i.e., matters that would be material to those decisions
audit risk (account level): the probability that an auditor will fail to find a material misstatement that exists in an account balance
WWW.TEX-CETERA.COM
20
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
second category of information risk as accounting risk (account level). Forecasts are the distinguishing feature of GAAP that separates GAAP accounting from cash basis accounting. Accounting risk is primarily the responsibility of accounting standards. Accounting risk is becoming more important with the increasing use of fair value accounting and the adoption of IFRS. You can see the challenges for auditors in deciding whether fair value accounting “presents fairly” in particular circumstances from the box “Accounting Blamed for Global Credit Crisis”! However, while the term audit risk is a key part of auditing standards, accounting risk is dealt with only indirectly in accounting standards. You likely did not encounter the accounting risk concept in your financial accounting courses because accounting theory is not as risk oriented as auditing theory is. This makes controlling information risk in financial reporting a major challenge for auditors. The accounting risk concept used in the more advanced parts of this text, especially Chapter 19, Part II (available on Connect), dealing with the audit of accounting estimates, helps address this key challenge of professional judgment in auditing. The risk reduction definition may appear very general. As your study of auditing continues, you will find that the primary objective of many auditing tasks is reducing the risk of giving an inappropriate opinion on financial statements. Auditors are careful to work for trustworthy clients, to gather and analyze evidence about the data in financial statements, and to take steps to ensure audit personnel report properly on the statements when adverse information is known. Subsequent chapters will have more to say about these activities. We begin the process with the Application Case discussion at the end of this chapter. The table below summarizes the different aspects of information risk discussed in this chapter. DIFFERENT DIMENSIONS OF INFORMATION RISK CONTRIBUTING FACTORS
TYPES OF MISSTATEMENT
Remoteness
Misstatement arising from audit risk
Complexity Three-party accountability
Misstatement arising from accounting risk
Conflict of interest Information asymmetry
For now, consider the following box for a current illustration of a call for an audit that may have global repercussions.
Is There Any Gold Inside Fort Knox? An Example of a Burgeoning Demand for an Independent External Audit Protected by a 109,000-acre [44,000-hectare] U.S. Army post in Kentucky sits one of the Federal Reserve’s most secure assets and its only gold depository: the 73-year-old Fort Knox vault. Its glittering gold bricks, totalling 147.3 million ounces [4.176 million kilograms] (that’s about US$265 billion as of August 10, 2011), are stacked inside massive granite walls topped with a bombproof roof. Or are they? For several prominent investors and at least one senior U.S. congressman it is not the security of the facility in Kentucky that is a cause of concern: it is the matter of how much gold remains stored there—and who owns it. They are worried that no independent auditors appear to have had access to the reported US$265 billion stockpile of brick-shaped gold bars in Fort Knox since the era of President Eisenhower. After the risky trading activities at supposedly (continued)
accounting risk (account level): the part of information risk due to incorrectly predicting events, especially in accounting estimates
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
21
safe institutions such as AIG, they want to be reassured that the gold reserves are still the exclusive property of the United States. and have not been used to fund risky transactions. “It has been several decades since the gold in Fort Knox was independently audited or properly accounted for,” said Ron Paul, the Texas congressman and former Republican presidential candidate, in an email interview with The Times. “The American people deserve to know the truth.” “We’re taking the President at his word,” said Chris Powell, of the Gold Anti-Trust Action Committee (GATA). “If you go online you can find out how to build a nuclear weapon but you won’t find any detailed records on central gold reserves.” A month after President Nixon resigned over the Watergate affair, Congress demanded to inspect the contents of Fort Knox but the trip to Kentucky was dismissed by critics as a photo opportunity. Three years earlier Mr. Nixon brought an end to the gold standard when France and Switzerland demanded to redeem their dollar holdings for gold amid the soaring cost of the Vietnam War. Many gold investors suspect that the United States has periodically attempted to flood the market with Fort Knox gold to keep prices low and the dollar high—perhaps through international swap agreements with other central banks—but facts remain scarce and the U.S. Treasury denies that any such meddling has gone on for at least the past decade. Pressure for more openness is mounting after the collapse of the global banking system and renewed interest in a return to the simpler era of the gold standard—a subject that is likely to be raised at the G20 summit next week [April 2009]. China and Russia are calling for the creation of a new world reserve currency amid fears that the Federal Reserve’s quantitative easing policy—essentially printing money—might cause hyperinflation, then collapse. Sources: Excerpts from Chris Ayres in Los Angeles, from The Times, March 28, 2009, http://www.timesonline.co.uk/tol/news/world/us_and_ americas/article5989271.ece, reprinted at http://www.gata.org/node/7309; and Constance Gustke, January 20, 2010, cbsnews.com/news/ is-there-gold-in-fort-knox/#ixzz1RqjMgxrG.
The preceding box illustrates how demand for an audit can arise. Basically, people stop believing the reporting by the report preparer, in this case a government’s assertions about the quantity of gold at Fort Knox. So an independent audit is demanded to add credibility. On the other hand, the Royal Canadian Mint announced in June 2009 that 17,500 ounces of Mint gold had been lost or stolen. This disappearance was confirmed during an audit of the Mint by Deloitte & Touche, CAs, under the direction of the Auditor General of Canada. The question asked by U.S. commentators is, if Canada audits its gold, why doesn’t the United States? This lack of an independent audit, especially over lengthy periods of time, can raise credibility questions, as you can see from the box. A related issue to consider at this point is how might you audit something like the quantity of gold? The obvious answer is to go see if it exists! That means actually going to Fort Knox and counting the gold bars. In fact, in auditing, the existence assertion that you will learn about later in this text specifies the need to verify the accuracy of the actual count. Not exactly rocket science! Somebody has to do it, and that somebody is the independent external auditor. What other things would you need to do? Think of the questions being raised by the doubters of the contents of Fort Knox. It is important for you as an auditor to be aware of the concerns that users of your report may have. First, you would need to count the gold bars and check the accuracy of what is recorded at Fort Knox. Further tests could include checking serial numbers against records for accuracy, determining who owns the gold, and perhaps randomly testing the gold bars for purity. (One conspiracy theory is that the gold in Fort Knox is fake. Search “Is the gold in Fort Knox fake?” on Google to see what we mean.) While some of the conspiracy theories are far-fetched, an independent external audit would likely end much of the speculation. This is an example of how the demand for audits can grow spontaneously and why we are evolving toward an audit society.
Review Checkpoints 1-9 What would you say if asked by an anthropology major, “What do auditors do?” 1-10 What is the essence of the risk reduction definition of auditing?
WWW.TEX-CETERA.COM
22
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Kinds of Audits and Auditors LO4
Describe the other major types of audits and auditors.
The AAA, CPA Canada, and the risk reduction definitions apply to the financial statement audit practice of independent external auditors who practise in public accounting firms. The word audit, however, is used in other contexts to describe broader kinds of work. The variety of audit work performed by different kinds of auditors causes problems with terminology. Hereafter in this text, the terms independent auditor, external auditor, Chartered Professional Accountant (CPA), and public accountant (PA) refer to people doing audit work with public accounting firms. In governmental and internal contexts, auditors are identified as governmental auditors, operational auditors, and internal auditors. While many of these are chartered accountants or certified general accountants, in this text, the initials PA will refer to CPAs in public practice.
Internal and Operational Auditing The Institute of Internal Auditors (IIA) defines internal auditing and its purpose as follows: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.4 Internal auditing is practised by auditors employed by organizations such as banks, hospitals, city governments, and industrial companies. Some internal auditing activity is known as operational auditing. Operational auditing (performance auditing or management auditing) is the study of business operations in order to make recommendations about the economic and efficient use of resources, effective achievement of business objectives, and compliance with company policies. The goal of operational auditing is to help managers discharge their management responsibilities and improve profitability. Internal and operational auditors also perform audits of financial reports for internal use, much as external auditors audit financial statements distributed to outside users. Thus, some internal auditing work is similar to the auditing described elsewhere in this text. In addition, the expanded-scope services provided by internal auditors include (1) reviews of control systems for ensuring compliance with company policies, plans, procedures, and laws and regulations; (2) appraisals of the economy and efficiency of operations; and (3) reviews of program results in comparison with their objectives and goals. Internal auditors need to be independent of the organization’s line managers, much like the external auditors need to be independent of the company management. Independence helps internal auditors be objective and achieve three-party accountability. As noted earlier, you, as a user of audited information, expect the auditor to be unbiased and impartial, as well as competent, in verifying the accuracy of the information you rely on in
public accountant (PA): an individual doing audit work with a public accounting firm; includes Chartered Professional Accountants (CPAs)
internal auditing: verification work performed by company employees who are trained in auditing procedures; mainly used for internal control purposes, but external auditors can rely on internal audit work if certain criteria are met
operational auditing (performance auditing or management auditing): auditors’ study of business operations for the purpose of making recommendations about economic and efficient use of resources, effective achievement of business objectives, and compliance with company policies
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
23
making your decision. Internal auditors can recommend correction of poor business decisions and practices, and they can praise good decisions and practices. If they were responsible for making the decisions or carrying out the practices themselves, they would hardly be credible in the eyes of the upper-management officers they report to. Consequently, the ideal arrangement is to have internal auditors whose only responsibilities are to audit and report to a higher level in the organization, such as a financial vice-president and the audit committee of the board of directors. This arrangement offers an independence that enhances the appraisal function (internal audit) within a company. Internal audit can be an important aspect of auditee internal controls, as they monitor auditee operations year round. When such internal independence exists, external auditors may also be able to rely quite a bit on internal audit work as a valuable source of evidence. In the environment of the influential Sarbanes-Oxley Act (SOX) legislation passed in the United States, internal auditor reports to independent audit committees are increasingly viewed as indispensable for good corporate governance. In addition, in the SOX world, if an external auditor performs internal audit functions, he or she is deemed to be insufficiently independent and prohibited from auditing for external reporting. Again, this helps preserve external auditor independence.
Public Sector (Governmental) Auditing The Office of the Auditor General of Canada (OAG) is an accounting, auditing, and investigating agency of Parliament, headed by the Auditor General. In one sense, OAG auditors are the highest level of internal auditors for the federal government. Many provinces have audit agencies similar to the OAG, answering to provincial legislatures and performing the same types of work as we describe in this section. In another sense, the OAG and equivalent provincial auditors are really external auditors with respect to government agencies they audit, because they are organizationally independent. Many government agencies have their own internal auditors and inspectors, for example, federal ministries such as the Department of National Defence or CRA and provincial education, welfare, and controller agencies. Well-managed local governments (cities, regions, townships) also have internal audit staff. Activities of all levels of government are frequently referred to as the public sector. Internal and public sector auditors have much in common. The OAG and internal auditors share elements of expanded-scope services. The OAG, however, emphasizes the accountability of public officials for the efficient, economical, and effective use of public funds and other resources. CPA Canada sets accounting and auditing standards for all public sector audit engagements, including those of the federal, provincial, and local levels of government. In the public sector, you can see the audit function applied to financial reports, and a compliance audit function applied to laws and regulations. All government organizations, programs, activities, and functions were created by law and are surrounded by regulations governing the things they can and cannot do. For example, in some provinces, there are serious problems of health card fraud by ineligible persons. A hospital cannot simply provide free services to anyone due to regulations about eligibility of tourists and visitors from other countries. A compliance audit of services involves a study of the hospital’s procedures and performance in determining eligibility and treatment of patients. Nationwide, such programs involve millions of people and billions of taxpayers’ dollars. Also, in the public sector you see value-for-money (VFM) audits, a category that includes economy, efficiency, and effectiveness audits. Government is always concerned about accountability for taxpayers’ resources,
public sector: activities of all levels of government
value-for-money (VFM) audit: an audit concept from the public sector that incorporates audits of economy, efficiency, and effectiveness
WWW.TEX-CETERA.COM
24
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
and VFM audits are a means of improving accountability for the efficient and economical use of resources and the achievement of program goals. VFM audits, like internal auditors’ operational audits, involve studies of the management of government organizations, programs, activities, and functions. The following box indicates the range of activities that VFM audits can cover.
Some Examples of Recommendations Based on Value-for-Money Audits Conducted by the Ontario Office of the Provincial Auditor Health care. Stronger efforts are needed in using available data to identify pharmacies overcharging the Ontario Drug Benefit Plan. Ontario is unprepared for a flu pandemic despite 44 deaths from the 2003 SARS crisis. Archives. Hundreds of historically significant items, including a valuable Group of Seven painting, have gone missing. Inventory control practices need to be strengthened. Education. Ontario university buildings are in need of $1.6 billion in repairs. Capital asset management systems need to be enforced. Environment. Monitoring of hazardous waste shipment has been lax. Hundreds of tonnes of hazardous waste have gone missing. The ministry’s own standards need to be better enforced. Transportation. New drivers are more likely to be involved in collisions if they take the province’s beginning driver education course than if they do not. Inappropriate handling of driver education certificates by unscrupulous driving schools is suspected. Systems and procedures for assuring the public’s money is properly spent are inadequate. Criminal law. Several hundred names are missing from the sex offender registry. Amendments to legislation are needed. Source: 2007 annual report by the Office of the Provincial Auditor of Ontario, as summarized by the authors. More recent reports have similar content but not as varied.
The above list of audits illustrates the huge range of activities that can be audited and important areas of society that are affected. Audits can go well beyond financial statement reporting. Comprehensive governmental auditing involves financial statement auditing, compliance auditing, and VFM auditing. It goes beyond an audit of financial reports and compliance with laws and regulations to include economy, efficiency, and effectiveness audits. The public sector standard on the elements of comprehensive auditing is similar to the internal auditors’ view. Public sector standards do not require all engagements to include all types of audits. The scope of the work is supposed to be determined by the needs of those who use the audit results. Auditors’ reputations are highest when they meet these needs. Judging by the favourable media attention they receive, Canadian public sector auditors probably have the best reputation of any auditors in the world. For example, Christina Blizzard, a columnist for The Toronto Sun, stated in a 2002 column discussing a provincial auditor’s report, “How come this province is run by politicians, and not by people who can add, subtract, and oh yes, negotiate a deal with the private sector that doesn’t rip off taxpayers? What a pity politicians aren’t better auditors—and auditors don’t run the province.”5 Also, see below for an interview with former Auditor General of Canada Sheila Fraser. Awareness of the value of public sector audits has now spread to countries such as China, where the National Audit Office of the People’s Republic of China has become increasingly active in monitoring China’s financial system and exposing bribery, corruption,
comprehensive governmental auditing: auditing that goes beyond an audit of financial reports to include economy, efficiency, and effectiveness audits
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
25
fraud, capital embezzlement, and inappropriate accounting in state-owned or state-controlled enterprises. Public sector auditors are helping make state capitalism a viable option in China. These public sector auditor roles are outstanding examples of evolving audit societies.
Sheila Fraser: Patron Saint of Auditors? Auditor General Sheila Fraser laughs heartily when asked what it’s like to be a celebrity. “I’ve never really thought of myself as a celebrity, quite honestly. I mean, I’m an accountant. So accountants don’t expect to get a lot of public recognition.” Still, she adds, as her voice quietly trails off, “It has been an amazing time.” Indeed, it has. In a decade during which Canadians have had three prime ministers—Jean Chrétien, Paul Martin and Stephen Harper— one thing in Ottawa has always been constant. Fraser, the country’s top spending watchdog, was there to keep an eye on the politicians and their bureaucrats. To keep them honest. She has been—odd as it may sound for an auditor general—a rock star to the Canadian people. Her non-partisan credibility is unimpeachable. Her audits have been fair but uncompromising. The media love her. The bureaucrats respect and fear her. The politicians don’t dare criticize her. And now she is leaving. Her 10-year term is up. Monday is her last day on the job. In a wide-ranging and candid interview with Postmedia News, Fraser discussed her tenure and whether bureaucrats trembled when they heard she was headed their way. “Quite frankly, no one likes to be audited. None of us. It’s like when Revenue Canada phones you and says they’re going to audit your tax return. None of us jump up with joy. I’m sure there is a bit of apprehension, but I would hope that they recognize that we are fair and we have a very rigorous process that we go through to ensure that our audits’ conclusions are balanced and based on fact.” Fraser’s office has conducted hundreds of audits—some routine, others headline-grabbing. She put a spotlight on the cost of the firearms registry, questionable spending by privacy commissioner George Radwanski and prisons ombudsman Ron Stewart, rebate cheques sent to thousands of dead people for home heating costs, shoddy background checks for passport applications, inadequate national emergency response plans, and the shortcomings of public sector integrity commissioner Christiane Ouimet. But the two audits for which she will be remembered relate to the Quebec sponsorship program. The first was released in May of 2002. She reviewed $1.6 million in contracts awarded by Public Works to a Montreal-based firm, Groupaction, and found the government “did not obtain all of the services for which it paid.” Then came the quote for which she is famous. Fraser blasted senior public servants for breaking “just about every rule in the book.” There was an “appalling lack of documentation” and a violation of rules and policies on financial transactions. “This is a completely unacceptable way for government to do business,” she said at the time. “Canadian taxpayers deserve better.” Strong words for an auditor general. The Mounties began an investigation for possible criminal violations. It didn’t end there. Fraser’s instincts were razor sharp. She began a broader audit of all government advertising and sponsorship programs. In February 2004, that audit was released. It was a bombshell. She found Liberal-friendly communications firms collected millions of dollars in commissions for little, if any, work. “This is such a blatant misuse of public funds,” said Fraser. “It is shocking.” It was the catalyst for a string of events that would change Canadian history. It led to the Gomery commission of inquiry into political kickbacks and, eventually, criminal convictions against some involved in the sponsorship scheme. Ultimately, it contributed to a souring of public support for the governing Liberals and their defeat in the 2006 election by Stephen Harper’s Conservatives. Auditor General Sheila Fraser is leaving her post with a blunt warning for the federal government: Canadians need to be told much more about the looming costs of the aging population, climate change and this country’s deteriorating infrastructure. . . . On Wednesday, she acknowledged that the sponsorship audit was the most heavily covered by media and perhaps the most “sensational of the audits that we did.” She said it led to an increase in her office’s independence and an expansion of its mandate. The Quebec-born accountant is considered one of the most trustworthy and respected public officials— elected or otherwise—in Ottawa. Fraser was the third “most trusted Canadian” in a Reader’s Digest poll published this month (behind environmentalist David Suzuki and building contractor Mike Holmes). Sources: Excerpts from Mark Kennedy (Natioanl Post, May 25, 2011, news.nationalpost.com/news/canada/outgoing-ag-sheila-fraser-calls-forfocus-on-climate-health-care); Bruce Cheadle (Canadian Press, May 25, 2011); HuffPost Canada Politics, “Sheila Fraser as Auditor General: Her Greatest Hits and Reports,” August 9, 2011, huffingtonpost.ca/2011/06/09/sheila-fraser-the-auditor-general_n_871980.html.
WWW.TEX-CETERA.COM
26
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Regulatory Auditors For the sake of clarity, other kinds of auditors deserve separate mention. You are probably aware of tax auditors employed by CRA. These auditors take the “economic assertions” of taxable income made by taxpayers in their tax returns and audit these returns to determine their correspondence to the standards found in the Income Tax Act. They also audit for fraud and tax evasion. Their reports can either clear a taxpayer’s return or claim that additional taxes are due. Federal and provincial bank examiners audit banks, trust companies, and other financial institutions for evidence of solvency and compliance with banking and other related laws and regulations. In 1985, these examiners as well as external auditors made news with the failures of two Alberta banks—the first Canadian bank failures in over 60 years.
Fraud Auditing and Forensic Accounting Fraud is an attempt by one party (the fraudster) to deceive someone (the victim) for gain. Fraud falls under the Criminal Code and includes deception based on manipulation of accounting records and financial statements. Recently, auditor responsibilities to detect fraud have significantly increased. Financial statement auditors are now responsible for detecting material financial reporting fraud. They can no longer presume that management is honest. The PA needs to look for fraud risk factors. Some firms are beginning to screen clients before any wrongdoing is even suspected. The screening is done by specialist auditors who may do sensitive interviews or review unusual transactions and suspicious circumstances. In a normal audit, the procedures are diagnostic, not investigative. This is a distinction we will make clear later in the text. Fraud auditing is a separate engagement that might be done on behalf of the audit committee—a special in-depth investigation of suspected fraud by those with specialized training, and often involving a specialist auditor. It is a proactive approach to detecting financial statement deception using accounting records and information, analytical relations, and awareness of fraud perpetration and concealment in developing investigative procedures. Fraud auditing and forensic accounting are huge growth areas for public accounting firms in today’s world. The main reason for this is that white-collar crime is one of the fastest-growing areas of crime, and police and regulators need the expertise of auditors to carry out these investigations. But there are other factors, and these relate to the broader category of forensic accounting. Forensic accounting includes fraud auditing and uses accounting and/or auditing skills in investigations involving legal issues. The legal issues might be criminal (e.g., fraud) or civil (e.g., commercial disputes). Common examples of civil legal disputes are insurance claims for business losses of various types and valuation of spousal business assets in a divorce proceeding. Two specialist designations are available for investigative engagements. One for CPAs is referred to as CPAIFA, for investigative and forensic accounting. See the website at difa.utoronto.ca for details. There is also an Association of Certified Fraud Examiners (ACFE), providing training for an internationally recognized designation that does not require any other accounting designation. See its website at acfe.com for details. fraud: in financial statement auditing, an intentional act by one or more individuals (the fraudsters) among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage over someone (the victim)
fraud auditing: a proactive approach to detect financial frauds using accounting records and information, analytical relationships, and an awareness of fraud perpetration and concealment efforts
forensic accounting: the application of accounting and auditing skills to legal problems, both civil and criminal
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
27
Some people feel all PAs should take more responsibility for detecting fraud, especially financial statement fraud, and that this may be the main reason for the existence of the profession. The controversies generated by the economic crisis of 2008/2009 may strengthen this perspective. Appendix 1B on Connect discusses this increasingly influential view in more detail. Chapter 21 (available on Connect) also gives more details on forensic accounting and fraud auditing.
Review Checkpoints 1-11 Distinguish between forensic accounting and fraud auditing. 1-12 What is fraud? 1-13 What is operational auditing? 1-14 What are the elements of comprehensive auditing? 1-15 What is compliance auditing? 1-16 Name some other types of auditors in addition to external, internal, and governmental auditors. 1-17 Are financial statement audits intended to detect fraud?
Public Accounting The Accounting Profession By 2015 all of Canada’s professional accounting bodies representing Chartered Accountants (CAs), Certified General Accountants (CGAs) and Certified Management Accountants (CMAs) at the national and provincial levels were unified to create a single designation for professional accountants, the Chartered Professional Accountant (CPA) designation. CPA Canada is now the national umbrella organization, and there are CPA provincial counterpart organizations (e.g., CPA Ontario) for all the provinces. The vision of the new CPA designation is to be “the pre-eminent internationally recognized Canadian accounting and business credential that best protects and serves the public interest.” CPA Canada aims to create professional accounting education requirements that meet or exceed the requirements of the leading global accounting bodies to facilitate a CPA’s ability to practise anywhere in the world. See cpacanada.ca for more information. The CPA education program is developed nationally but delivered provincially. Since regulation of professionals is a provincial matter, each province must pass its own legislation regulating who is allowed to practise public accounting. For example, the Public Accounting Act of Saskatchewan, passed in April 2014, united the three accounting bodies in that province. Detailed requirements for becoming a CPA are given at the CPA certification program website at cpacanada. ca/en/become-a-cpa/why-become-a-cpa/the-cpa-certification-program. The following is a brief outline of the requirements. All CPAs must have a university degree and meet the prerequisites for the various modules (courses). The CPA Prerequisite Program (CPA PREP) is designed for those who do not have an undergraduate degree in accounting. The PREP consists of two modules in the six technical competency areas of financial reporting, strategy-governance, management accounting, audit and assurance, finance, and tax. The CPA Professional Education Program (CPA PEP) is a graduate-level program that builds on the knowledge of PREP material. The PEP involves two core modules that everyone must take and two elective modules. Public accounting candidates must take the assurance and tax modules as electives. In addition, there are two capstone integrated modules to prepare students for the final professional-level exam. Practical experience requirements must also be satisfied.
WWW.TEX-CETERA.COM
28
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
The CPA program offers considerable flexibility to pursue various areas of interest and careers. Candidates with a primary interest in public accounting will be required to follow a specific path within CPA certification with a focus on assurance and tax. This textbook gives you most of what you will need to know for assurance. The goal is to give CPAs a professional credential that is a competitive advantage to accountants on the job market and in their careers. The CPA requires lifelong learning, adherence to a code of conduct, and uniform standards of exit or entry to the profession. Indeed, what distinguishes a CPA from a business degree is that it is a professional credential similar to that of a doctor or lawyer. However, CPA Canada also recognizes that there are accounting careers that do not require qualified CPAs, so they are also offering the Advanced Certificate in Accounting and Finance as an intermediate-level certificate for accountants. At least one auditing course will be required for all of these credentials, and in-depth knowledge of auditing and assurance must be demonstrated on the Common Final Exam for all public accounting candidates.
Public Accounting Firms Many people think of public accounting in terms of the “big” accounting firms. There are four such firms, often referred to as the “Big Four”: Ernst & Young, Deloitte & Touche, KPMG, and PricewaterhouseCoopers. Notwithstanding this perception, public accounting is carried out in hundreds of practice units ranging in size from sole proprietorships (individuals who “hang out a shingle”) to international firms employing thousands of professionals. Many students look upon public accounting as the place to begin a career; they gain intimate knowledge of many different business enterprises for the first three to ten years, and then they select an industry segment in which to pursue their interests. Public accounting experience is an excellent background to almost any business career. Public accountants do business in a competitive environment. They perform audit services in the public interest, but they also need to make a living at it, so they have a profit motive just like other professionals. This duality—profit motive and professional responsibility—creates tensions in their work. As a result of increased litigation against them in the 1990s, the profession lobbied for legislation making it harder to sue professional accounting firms. In 1995, in the United States, legislation was passed allowing public accounting firms to take on the limited liability partnership (LLP) form of organization. The LLP structure, which will be covered in Chapter 3, is now common in Canada and around the world. Throughout the last few decades the non-audit services provided by CPA firms have grown enormously. This growth has led to concerns about the independence of audit services provided by accounting firms that also engaged in extensive, possibly conflicting non-audit services for the same client, or even different clients. Many cite this lack of independence as the primary cause of the profession’s problems in today’s world. Public accounting services involve many PAs employed in assurance, tax, and consulting work. Although structures will differ, Exhibit 1–6 shows the organization of a typical larger public accounting firm. Some firms include additional departments, such as small-business advisory or compensation consulting departments, while others might have different names for their staff and management positions. In Exhibit 1–6, you see the various staffing levels within a public accounting firm. A recent graduate will most likely start work as a staff accountant. This typical entry-level position involves working under the supervision of more-senior people. As auditors need to verify virtually everything the auditee claims in its financial reporting, there is much mundane work to be done in verifying the math and the extensions of financial data and reconciling the physical amounts with recorded amounts. How does a user know the balance sheet balances? Someone needs to verify the seemingly obvious, and that someone is the auditor. You should look upon this experience as a form of apprenticeship. In most firms, your responsibilities will increase quickly once you demonstrate your reliability.
limited liability partnership (LLP): a company whose partners’ liability is limited to the capital they have invested in the business
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
29
EXHIBIT 1–6
Typical Organization of a Public Accounting Firm Executive Committee Managing Partner Practice Offices Partners-in-Charge
Taxation Department
Accounting and Assurance Department
Partner
Partner
Manager
Manager
Business Advisory Department
Manager
Senior (in-charge) Accountants Staff Accountants
Manager
Manager
Manager
Senior (in-charge) Accountants Staff Accountants
Depending on the firm, there may be several levels of staff accountants. Individuals who have just passed the professional exams are usually the most senior staff accountants and are ready to be promoted to manager once they have had a few years of experience and demonstrated leadership potential. Leadership means having people-management skills that are successful with both clients and staff accountants. Technical skills alone are usually not sufficient for a manager. The ability to expand the firm’s practice becomes increasingly important. Getting along comfortably with client personnel is a high priority because otherwise it is difficult to get the information an auditor needs. These personal dynamics become more important at the higher levels in a public accounting firm. Keep this context in mind as you read descriptions of the various procedures in subsequent chapters. Managers supervise most of the details of the audit engagement, as explained throughout this text. They are the backbone of the audit at the technical level. Partners, working closely with managers, take overall responsibility for the audit and lead meetings with auditees’ management and audit committee. Partners usually have at least 10 years’ experience and are the only permanent employees in a public accounting firm. About 5% of those with a PA designation become partners, while the rest go into industry or other public accounting firms. For more information on these positions, career opportunities, and the latest salary trends for PAs in North America, see the websites at mcintyre-smith.com and roberthalf.com/finance.
Assurance Services Audits of traditional financial statements are the most frequent type of assurance services for public companies and for most large and medium-size non-public companies. Auditing amounts to 20–40% of the business of larger public accounting firms. Audit fees make up about 10% of revenues for smaller public accounting firms, and the reporting standards tend to be based on either private entity GAAP or public sector GAAP. Most of this text is about the audit of traditional financial statements using some form of GAAP. Accounting and review services are the “non-audit” or other services performed frequently for medium-size and small businesses and not-for-profit organizations. A great deal of non-audit work is done by small public accounting practice units. PAs can be associated with clients’ financial statements without giving the standard audit report. They can perform compilations, which consist of writing up the financial statements from a client’s
WWW.TEX-CETERA.COM
30
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
books and records, without performing any evidence-gathering work. They can perform reviews, which are lesser in scope than audits but include some evidence-gathering work. (Compilation and review standards are explained in more detail in Chapter 17, available on Connect.) Assurance services are also performed on information in presentations other than traditional financial statements. Since assurance is the adding of credibility by an independent party (assurer, auditor) to representations made by one person or organization to another, demand for a greater variety of PA engagements has grown. PAs provide assurance to vote counts (e.g., for the Academy Awards), to dollar amounts of prizes claimed to have been given in lottery advertisements, to investment performance statistics, and to claims made about the capabilities of computer software programs. These non-traditional services are governed by professional standards. In this text, we reference three sets of professional standards—Canadian; international; and, to a lesser extent, American—which all influence each other. For example, CPA Canada’s Auditing and Assurance Standards Board influences international standards by providing commentary on exposure drafts of new international standards. Once a new international standard is adopted, CPA Canada issues an exposure draft of any unique-to-Canada modifications that must be made before they can be incorporated into CPA Canada standards. Other countries follow similar processes, and, increasingly, the trend is convergence to a common set of standards. For example, CPA Canada adopted international standards with minor modifications in 2011. The CASs are the main professional standards we refer to in this text. Convergence is a defining characteristic of today’s auditing and makes it more important to be aware of the similarities as well as the differences among the standards. International standards reference the International Federation of Accountants’ (IFAC’s) International Standards on Auditing (ISAs). U.S. Public Company Accounting Oversight Board (PCAOB) standards are referenced to the PCAOB’s auditing standards. There are also separate audit standards in the United States for non-public companies promulgated by the American Institute of CPAs (AICPA).
Taxation Services Local, provincial, national, and international tax laws are often called “full-employment acts” for accountants and lawyers; they are complex, and PAs perform tax planning and tax return preparation services in the areas of income, sales, property, and other taxation. A large proportion of small accounting firm work is tax practice. Tax laws change frequently, and tax practitioners have to spend considerable time in continuing education and self-study to keep current.
Consulting or Management Advisory Services All accounting firms handle a great deal of consulting and management advisory services (some firms refer to these as management ancillary services). These are the great “open end” of public accounting practice that puts accountants in direct competition with the non-public accounting consulting firms. The field is virtually limitless, and no list of consulting activities could possibly include all of them. Indeed, accounting firms have created consulting units with professionals from other fields—lawyers, actuaries, engineers, and advertising executives, to name a few. Until the Enron scandal in 2001/2002, many of the large accounting firms had tried to become one-stop shopping centres for clients’ auditing, taxation, and business advice needs. However, through the chilling effect of corporate scandals at the beginning of the century, these activities have been greatly restricted whenever the engagement includes assurance services.
International Standards on Auditing (ISAs): the auditing standards of the International Federation of Accountants
auditing standards: the subset of assurance standards dealing with “high” or “reasonable” levels of assurance in assurance engagements
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
31
Nevertheless, consulting work for non-audit clients may continue to expand to new non-conflicting areas such as eldercare, where PAs provide a package of services ranging from assurance to consulting, bill paying, and financial planning for the elderly. In large public accounting firms, the consulting department is quite often independent from the auditing and accounting departments, performing engagements that do not directly interact with the audits. Public accounting firms are greatly restricted in the types of consulting or business advisory services they can provide to audit clients, particularly for publicly listed companies, but there are no such restrictions for non-audit clients.
International Auditing LO5
Provide an overview of international auditing and its impact on Canadian Auditing Standards.
Many of the large public accounting firms are worldwide organizations that have grown rapidly in the last few decades, in parallel with the increased economic integration of their global clientele. Developments such as the North American Free Trade Agreement (NAFTA), the evolution of the European Economic Union and other free trade zones, and the pervasive effects of technological change are all contributing to increased global harmonization of auditing and accounting standards. Following this trend, the International Federation of Accountants (IFAC), formed in 1977, is creating, through its independent standard setting board, the International Auditing and Assurance Standards Board (IAASB), international standards by publishing its own handbook on auditing standards that recommends ISAs. ISAs cover basic principles of auditing, auditor’s reports, professional independence, reliance on other auditors abroad, and professional qualifications. ISAs are becoming the dominant standards worldwide. CPA Canada’s policy is to adopt ISAs as is, unless Canadian conditions require a different standard. The sources of auditing standards in Canada are the CPA Canada Handbook, whose standards were traditionally referred to as Handbook Recommendations, and the Audit Guidelines (AuGs), which provide additional guidance on implementing the standards. CPA Canada adopted the revised and redrafted ISAs as well as the International Standard on Quality Control on December 15, 2009, effective for fiscal periods after December 14, 2010. In 2011, CPA Canada adopted IFRS. It will decide at a future date what, if any, other international standards it will adopt. We provide more details in later chapters. The goal of convergence, or international harmonization as it is frequently called, is a key focus of Canadian standard setters in the 21st century. As discussed above, a major reason for the creation of the CPA designation in Canada was to bring Canadian PAs to the forefront of the evolving global CPA profession. As the world becomes more interdependent, many concepts and terms used in other countries will become increasingly accepted in Canadian practice. Indeed, many large firms already use manuals and training materials reflecting international practice. This text makes use of those terms and concepts and does not restrict itself to those used in the CPA Canada Handbook or CASs.
Review Checkpoint 1-18 What is the IAASB, and how do its standards affect auditing standards in Canada?
International Federation of Accountants (IFAC): an organization dedicated to developing international auditing standards
international harmonization: international convergence of national accounting and auditing standards with IFRS and ISAs, including going concern, fraud, and the audit risk model
WWW.TEX-CETERA.COM
32
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
A P P L I C AT I O N C A S E W I T H S O L U T I O N & A N A LY S I S The Auditor’s Most Important Quality DISCUSSION CASE Review the box titled “Is There Any Gold Inside Fort Knox?” This box illustrates the fundamental social role of the auditor and how it arises. Based on this box, what do you think is the most important personal characteristic of the auditor? SOLUTION & ANALYSIS You might think that the most important characteristics of the auditor are to be able to count and to perform other audit procedures. But it should be clear in this case that virtually anybody could figure out the most basic procedures that need to be performed. In fact, let us assume that the U.S. government has performed these and all necessary procedures to keep an accurate record of the gold at Fort Knox, and yet there is still a demand for an independent external audit. So there must be something even more important than just having the knowledge and skill to perform audit procedures competently. The issue here is one of who effectively performs the audit procedures; it is not a government audit that is being demanded, it is an independent external audit that is independent of the government. The key words are independent and external. The external auditor is expected to be more objective than the government auditor, and the independence criterion is necessary to ensure that there is no conflict of interest—in this case, a bias toward the government. There should not be the appearance of a conflict of interest, but neither should there be in the auditor’s actual thought processes. If the external auditor were not independent, or perceived to not be independent, then the purpose of having an external auditor would be defeated. The auditor’s lack of independence from the government would not result in the assurance that users expect. Lack of independence prevents the auditor from being effective to third-party users— users are no better off than if there had been no audit. The need for independence arises from third-party accountability. If the third-party users are to trust the auditor’s work, then the auditor must preserve independence. A further complication for the auditor is that this preservation of independence needs to be toward parties who do not pay the auditor. The party who pays the auditor is the auditee (in this case, the U.S. government). The auditor must be especially concerned about independence from the auditee since it is the auditee who is demanding the audit (see Appendix 1B). This importance of independence extends to managing the image of the auditor so that there is not even the appearance of lack of independence. The significance of independence, essentially an aspect of the auditor’s character, is reflected in its extensive coverage in the rules of professional ethics for auditors (Chapter 3) and in the quality control practices of the auditing firms (i.e., public accounting firms) (Chapter 2).
SUMMARY �� This chapter began by illustrating and defining auditing, distinguishing it from accounting. Account-
ing is the recording and summarizing of information about an entity, whereas auditing is the verification of the accuracy of the accounting by an independent expert, the external auditor. In modern capital markets where the owner is far removed from the management hired to run the company for the benefit of the owners, independent external auditors are crucial to the functioning of the markets.
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
The practice of public accounting is rooted in the history of auditing. The accounting profession has been undergoing radical changes since the bankruptcy of Enron in December 2001. These changes are being accompanied by broad corporate governance and regulatory reforms. LO1, 2 �� Auditors contribute to well-functioning capital markets by reducing information risk associated with
the financial statements prepared by management. In order to achieve the objective of providing assurance (= reducing information risk), auditors need to use professional judgment and to have a skeptical mindset. Skepticism is required because of the potential conflict of interest that exists between management and the owners, and the accountability that management needs to provide to owners and other capital providers. The addition of the independent external auditor to verify the accuracy of the financial statements creates the three-party accountability concept introduced in the chapter. LO3 �Ì Auditing is practised in numerous forms by various practice units, including public accounting firms,
the Canada Revenue Agency (CRA), the Office of the Auditor General of Canada (OAG), companies’ internal audit departments, and several types of regulatory auditors. Fraud examiners, many of whom are internal auditors and inspectors, have found a niche in auditing-related activities. LO4 �Ì Many auditors aspire to become Chartered Professional Accountants (CPAs), Certified Internal Audi-
tors (CIAs), or certified fraud examiners (CFEs); this involves passing rigorous examinations, obtaining practical experience, and maintaining competence through continuing professional education. Each of these groups has a large professional organization that governs the professional standards and quality of practice of its members. LO4 �� Auditors in Canada use International Standards on Auditing (ISAs) modified for Canadian laws and regu-
lations. These are referred to as Canadian Auditing Standards (CASs). Auditors must be CPAs, registered or licensed in their province, to practise auditing and related services. LO5 This chapter has given you a broad overview of auditing. Being aware of the bigger picture of the context of auditing is increasingly important for effective auditing. This is the main reason the concept of critical thinking in professional judgment is being introduced in this text. We end this introduction with a brief overview of what you can expect from this text. Part I, consisting of the first four chapters, introduces you to the most fundamental concepts you will need to consider as an auditor. Part II introduces you to evidence-based concepts of auditing and refines the important concept of internal control. In Part III, you will learn to apply the concepts studied thus far to the various accounts in the financial statements. This part concludes with the opinion that ends the audit report and reflects an evaluation of financial statements as a whole. Part IV covers other assurance engagements and specialized types of auditors and auditing. LO3, 5 When you begin the study of auditing, you may be eager to attack the nitty-gritty of financial statement audit work. Although this text will enable you to learn about auditing, instructors are seldom able to duplicate a practice environment in a classroom setting. You may feel frustrated about not knowing “how to do it.” This frustration is natural, because auditing is done in the field under pressure of time limits and in the surroundings of client personnel, paperwork, and accounting information systems. Part IV covers at a more-advanced level professional ethics, legal liability, audit of accounting estimates, and specialized assurance and related services. LO3, 5
KEY TERMS accountability relationship
acting in the public interest
audit risk (account level)
accounting
assurance engagement
audit societies
accounting risk (account level)
attest engagement
auditee
WWW.TEX-CETERA.COM
33
34
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
limited liability partnership
auditing
forensic accounting
auditing standards
fraud
business risk
fraud auditing
materiality
Canadian Auditing Standard (CAS)
generally accepted accounting
operational auditing (performance
Chartered Professional Accountants of
principles (GAAP) information risk
Canada (CPA Canada)
(LLP)
auditing or management auditing)
client
information technology (IT)
professional judgment
comprehensive governmental auditing
internal auditing
professional skepticism
conflict of interest
International Federation of
providing assurance
direct reporting engagement
Accountants (IFAC)
public accountant (PA)
expectations gap
international harmonization
public sector
external auditors
International Standards on Auditing
three-party accountability
(ISAs)
financial reporting
value-for-money (VFM) audit
M U LT I P L E - C H O I C E Q U E S T I O N S F O R P R A C T I C E AND REVIEW MC 1-1 a. b. c. d.
LO1
When people speak of the assurance function, they are referring to the work of auditors in
lending credibility to a client’s financial statements. detecting fraud and embezzlement in a company. lending credibility to an auditee’s financial statements. performing a program-results audit in a government agency.
MC 1-2
LO1 Company A hired Sampson & Delila, CPAs, to audit the financial statements of Company B and deliver the audit report to Megabank. Which is the client?
a. Megabank b. Sampson & Delila MC 1-3
LO1
c. Company A d. Company B
According to CPA Canada, the objective of an audit of financial statements is
a. an expression of opinion on the fairness with which they present financial position, results of operations, and cash flows in conformity with GAAP. b. an expression of opinion on the fairness with which they present financial position, results of operations, and cash flows in conformity with accounting standards promulgated by the Financial Accounting Standards Board. c. an expression of opinion on the fairness with which they present financial position, results of operations, and cash flows in conformity with accounting standards promulgated by the CPA Canada Accounting Standards Committee. d. to obtain systematic and objective evidence about financial assertions and report the results to interested users. MC 1-4
LO1 Bankers who are processing loan applications from companies seeking large loans will probably ask for financial statements audited by an independent PA because
a. financial statements are too complex for them to analyze themselves. b. they are too far away from company headquarters to perform accounting and auditing themselves. c. the consequences of making a bad loan are very undesirable.
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
d. they generally see a potential conflict of interest between company managers who want to get loans and their needs for reliable financial statements. MC 1-5 a. b. c. d.
Financial statement auditors The company’s internal auditors Tax auditors employed by the federal government Fraud auditors
MC 1-6 a. b. c. d.
LO3
Independent auditors of financial statements perform audits that reduce and control
the business risks faced by investors. the information risk faced by investors. the complexity of financial statements. quality reviews performed by other public accounting firms.
MC 1-7 a. b. c. d.
LO4 Operational audits of a company’s efficiency and economy of managing projects and of the results of programs are conducted by whom?
LO4 The primary objective of compliance auditing is to
give an opinion on financial statements. develop a basis for a report on internal control. perform a study of effective and efficient use of resources. determine whether auditee personnel are following laws, rules, regulations, and policies.
EXERCISES AND PROBLEMS EP 1-1 Controller as Auditor. LO2 The chair of the board of Hughes Corporation proposed that the board hire as controller a PA who had been the manager on the corporation’s audit performed by a firm of independent accountants. The chair thought that hiring this person would make the annual audit unnecessary and consequently save the company the fee paid to the auditors. The chair proposed giving this new controller a full staff to conduct such investigations of accounting and operating data as necessary. Evaluate this proposal. EP 1-2 Controller as Auditor. LO2 Put yourself in the position of the person hired as controller in the above situation. Suppose the chair of the board moves to discontinue the annual audit because Hughes Corporation now has your services on a full-time basis. You are invited to express your views to the board. Explain how you would discuss the nature of your job as controller and your views on the discontinuance of the annual audit. EP 1-3 Logic and Method. LO3 Identify four major factors affecting information risk that make the need for independent audits important in today’s business world. Give two examples for each. EP 1-4 Logic and Method. LO3 Auditors must have a thorough knowledge of GAAP if they are to properly perform an audit of the financial statements of a company. Explain why this is so. Use capital leases as an example of the need for this knowledge. EP 1-5 Operational Auditing. LO4 Bigdeal Corporation manufactures paper and paper products and is trying to decide whether to purchase and merge Smalltek Company. Smalltek has developed a process for manufacturing boxes that can replace other containers, which use fluorocarbons for
WWW.TEX-CETERA.COM
35
36
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
expelling a liquid product. The price may be as high as $45 million. Bigdeal prefers to buy Smalltek and integrate its products, while leaving the Smalltek management in charge of day-to-day operations. A major consideration is the efficiency and effectiveness of the Smalltek management. Bigdeal wants to obtain a report on the operational efficiency and effectiveness of the Smalltek sales, production, and research and development departments. Required: Whom can Bigdeal engage to produce this operational audit report? Several possibilities exist. Are there any particular advantages or disadvantages in choosing among them? EP 1-6 Auditor as Guarantor. LO1 Your neighbour invited you to lunch yesterday. Sure enough, it was no “free lunch,” because he wanted to discuss the annual report of the Dodge Corporation. He owns Dodge shares and has just received the report. He says, “PricewaterhouseCoopers prepared the audited financial statements and gave an unqualified opinion, so my investment must be safe.” Required: What misconceptions does your neighbour seem to have about the auditor’s role with respect to Dodge Corporation? EP 1-7 Identification of Audits and Auditors. LO4 Audits may be characterized as (a) financial statement audits, (b) compliance audits—audits of compliance with control policies and procedures and with laws and regulations, (c) economy and efficiency audits, or (d) program results audits. The work can be done by independent (external) auditors, internal auditors, or governmental auditors. Below is a list of the purposes or products of various audit engagements. 1. Render a public report on the assumptions and compilation of a revenue forecast by a sports stadium/racetrack complex. 2. Determine the fair presentation in conformity with GAAP of an advertising agency’s financial statements. 3. Report on how better care and disposal of vehicles confiscated by drug enforcement agents might save money and benefit law enforcement. 4. Determine the costs of municipal garbage pickup services compared with the same service subcontracted to a private business. 5. Audit tax shelter partnership financing terms. 6. Study a private aircraft manufacturer’s test pilot performance in reporting on the results of test flights. 7. Conduct periodic examination of a bank for solvency. 8. Evaluate the promptness of materials inspection in a manufacturer’s receiving department. Required: Prepare a three-column schedule showing (1) each of the engagements listed above, (2) the type of audit (financial statement, compliance, economy and efficiency, or program results), and (3) the kind of auditors you would expect to be involved. EP 1-8 Analysis and Judgment. LO3 As part of your regular year-end audit of a publicly held client, you must estimate the probability of success of its proposed new product line. The client has experienced financial difficulty during the last few years and, in your judgment, a successful introduction of the new product line is necessary for the client to remain a going concern.
WWW.TEX-CETERA.COM
CHAPTER 1
Introduction to Auditing
There are five steps, all of which are necessary for successful introduction of the product: (1) successful labour negotiations between the building trades unions and the construction firms contracted to build the necessary addition to the present plant, (2) successful defence of patent rights, (3) product approval by the Health Branch, (4) successful negotiation of a long-term raw material contract with a foreign supplier, and (5) successful conclusion of distribution contract talks with a large national retail distributor. In view of the circumstances, you contact experts who have provided your firm with reliable estimates in the past. The labour relations expert estimates that there is an 80% chance of successfully concluding labour negotiations before the strike deadline. Legal counsel advises that there is a 90% chance of successfully defending patent rights. The expert on Health Branch product approvals estimates a 95% chance of approval. The experts in the remaining two areas estimate the probability of successfully resolving the raw materials contract and the distribution contract talks to be 90% in each case. Assume these estimates are reliable. Required: What is your assessment of the probability of successful product introduction? (Hint: You can assume the five steps are independent of each other.) EP 1-9
Information Risk Questions. LO3 Give several examples of misstatements that contribute to audit risk. Give several examples of misstatements that contribute to accounting risk. How can you distinguish between the two types of misstatements? Discuss in class.
EP 1-10 The Audit Society. LO3 Identify a major finding from the auditor general of your province in 2014 or later. How extensively was it reported in the news media? Identify the three-party accountability in these engagements. Do you think that the media reports reflect well on the auditor? Discuss in class. EP 1-11 The Audit Society. LO3 Identify a report on a major investigation of the Auditor General of Canada in 2012 that led to a major embarrassment for the federal government. How extensively was this reported in the media? Identify the three-party accountability in these engagements. Do you think that the media reports reflect well on the auditor? Discuss in class. Appendix 1A: How to Become a Professional Accountant in Canada (on Connect) Appendix 1B: Alternative Theories of the Role of Auditing in Society (on Connect)
ENDNOTES 1
European Commission, “Green Paper: Audit Policy: Lessons from the Crisis,” October 2010, p. 3, eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0561:FIN:EN:PDF.
2
M.P. Power, The Audit Society (New York: Oxford University Press, 1997).
3
Canadian Auditing Standard (CAS) 200.03, “General Objective of the Independent Auditor.” The Canadian Auditing Standards of the CPA Canada Handbook are the authoritative CPA Canada pronouncements on auditing theory and practice.
4
See theiia.org.
5
Christina Blizzard, The Toronto Sun, December 4, 2002.
WWW.TEX-CETERA.COM
37
A P P E N D I X
1 A
How to Become a Professional Accountant in Canada Professional Accounting Designations Available in Canada LO6
Explain how to become a professional accountant in Canada.
Following is a list of Canadian professional accounting designations as discussed in the chapter. The designations are organized by primary orientation. Refer to the websites for additional guidance on how to obtain each designation or certification.
Public Accounting Chartered Professional Accountant (CPA): cpacanada.ca
Internal Auditing Certified Internal Auditor (CIA): theiia.org Chartered Professional Accountant (CPA)
Management Accounting Chartered Professional Accountant (CPA)
Forensic Accounting and Fraud Auditing Certified Fraud Examiner (CFE): acfe.com Chartered Professional Accountant (CPA)
Other Specialist Designations CPA Canada now allows a variety of specializations within public accounting for CPAs who choose to become specialists because of a personal interest, experience, or expertise in a particular area of work. CPA Canada recognizes specialty designations in investigative and forensic accounting, business valuation, information systems audit and control, and insolvency and restructuring. Specialist designations require both academic and work experience. The academic requirement is normally met by taking designated program courses offered through universities, mostly through distance learning. Once the academic and other requirements are met, a CPA is allowed to identify the specialty along with the CPA designation. For example, CPA-IFA stands for a CPA specializing in investigative and forensic accounting. 1A-1
WWW.TEX-CETERA.COM
A P P E N D I X
1 B
Alternative Theories of the Role of Auditing in Society LO7
Distinguish alternative theories of the role of auditing in a society.
The collapse of Enron and other major corporate scandals of the first decade of this century are a prominent milestone, indicating failure of governance, accounting, auditing, and regulation. The aftermath of these scandals continues to influence 21st-century organizations, including accounting standard setters.1 Important new regulators (such as the Public Company Accounting Oversight Board and regulations (arising from the influence of the Sarbanes-Oxley Act [SOX], 2002) have been created to deal with the many grey areas that characterize corporate activities. Consistent with this concern, accounting standard setters have been urged to take stronger account of how accounting standards can provide relevant information yet not be conducive to fraudulent and unethical reporting.2 Rules-based, compliance-based accounting standards seemingly have strong potential to foster misleading reporting in many contexts, including where corporate leadership is dysfunctional and/or criminal. As a consequence, there is an increasing trend to emphasize ethical reporting, which will have a major impact on the audit function and auditors in the future. In the chapter, we defined auditing as an activity that reduces information risk. This definition follows from the information hypothesis that is used to explain the demand for external audits. Under the information hypothesis, audit services are demanded to reduce the information risk to users of financial statements. Information risk is the risk that user decisions may be based on incorrect information. Thus, using information risk reduction, auditors must reduce losses due to faulty decisions resulting from errors or irregularities in the financial statements. Losses to investors may also arise because of failure by company management to disclose all the facts about a firm. Auditors help assess whether this information asymmetry is alleviated through proper disclosure. Less-accurate information may also deter investment, so auditing may also alleviate underinvestment in the capital markets and result in better resource allocation in the economy. Another hypothesis has been proposed to explain the sources of demand for audits. The monitoring hypothesis is based on the principal-agent framework of economic theory. Agency theory predicts that
information hypothesis: holds that audit services are demanded to reduce the information risk to users of financial statements
information risk reduction: means of reducing losses to users due to faulty decisions resulting from errors or irregularities in the financial statements
monitoring hypothesis: based on the principal-agent framework of economic theory, holds that utility-maximizing agents (the managers) have the incentive to contract for mechanisms to monitor their opportunistic behaviour and will demand audits (monitoring) whenever the cost of monitoring is less than the agents’ loss without the monitoring 1B-1
WWW.TEX-CETERA.COM
APPENDIX 1B
Alternative Theories of the Role of Auditing in Society
1B-2
utility-maximizing agents (the managers), if unchecked, will consume more resources than optimal. However, investors with rational expectations will take such behaviour into account in pricing a firm’s securities. As a result, the agents have the incentive to contract for mechanisms to monitor their opportunistic behaviour. The hiring of an external auditor is one such mechanism. This theory predicts that management will demand audits whenever the cost of monitoring their activities is less than the wage loss that management suffers without the monitoring. The presumption here is that the owners of the firm will pay managers more with monitoring of their activities than without monitoring. The insurance hypothesis predicts that auditors are demanded so that they may be sued in case there is a business failure or investors incur losses from inaccuracies in the financial statements. Auditing thus provides investors a form of insurance. If an investor purchases securities on the basis of audited financial statements and subsequently sustains losses, the law provides some degree of recourse against the auditor. In this way, the auditor can, depending on how the court’s reasoning works, function as an indemnifier against investment losses. The degree of recourse depends on the legal system in force. Under a negligence-based concept, some form of audit failure needs to be proved. Moreover, for registration statements under U.S. Securities and Exchange Commission (SEC) laws (covered in Chapter 20, available on Connect), the burden of proof is on the auditor to demonstrate that due care was observed in the audit task. Recent court cases in the United States seem to abandon the negligence concept in favour of an implied warranty concept. Under the implied warranty concept, the issue of whether the auditor is negligent is irrelevant. The auditor is responsible once it can be proved that the audited financial statement is wrong. This concept is concerned with accident (audit failure) prevention, compensating the injured, and a better distribution of losses. Under implied warranty, the audit fee may be little more than a fee for insurance against otherwise uninsurable business risk (e.g., due to management incompetence). We say “may” because it all depends on how courts interpret “wrong” financial statements. If wrong financial statements mean failure to anticipate any adverse business event, then auditors are responsible for insuring business losses. If, on the other hand, wrong financial statements mean failure to disclose only those adverse events for which there is information at the time of the audit, then auditors are effectively liable only for information risk. So, much depends on court interpretation and the amount of damages awarded to the plaintiffs. The punitive damage award system in the United States—with its high multiples of actual damages—is close to the kind of system that would make auditors insurers of business risk. It is assumed that any auditor-insured business risk is then passed on in the form of fee increases to all clients. Clients, in turn, pass these costs on to society via increased prices for their products. In this way, risks faced by investors are passed on to society—that is, business risk is socialized. Each of these theories helps explain some aspect of the audit environment and some of the reasons audits are demanded. These theories are best viewed as complementary rather than mutually exclusive. They also appear to apply to varying degrees in different countries and different legal systems. For example, in the United States the risk of an auditor being sued has traditionally been about 10 times that in
insurance hypothesis: predicts that auditors are demanded so that they may be sued if there is a business failure or investor losses due to inaccuracies in the financial statements
negligence-based concept: holds that auditor negligence needs to be proved in court to support claims against auditors
implied warranty concept: holds that the auditor is responsible once it can be proved that the audited financial statement is wrong, so the issue of whether the auditor is negligent is irrelevant
WWW.TEX-CETERA.COM
1B-3
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Canada. This suggests that the insurance hypothesis may be a more important explanation of the demand for audits in the U.S. business environment than in the Canadian business environment. Each of these theories can justify reduced information risk. Clearly, under the monitoring and information hypotheses, information risk is to be reduced for the principals and other users, respectively. Under the insurance hypothesis, it may be less obvious why information risk should be reduced. Under a negligence-based liability system, if the auditor can prove due care in reducing information risk, then the auditor will reduce the possibility of legal liability. Even under the implied warranty concept of insurance, reduced information risk will reduce the risk of legal liability, because there is a lower chance of an audit failure or “accident” to cause the liability. Thus, despite the different explanations these hypotheses provide, they all have in common the auditor’s need to reduce information risk. Some estimate that information risk is a significant component of cost of capital for many firms. A reduction in information risk, thus, has the tangible effect of reducing a firm’s cost of capital. Another noteworthy feature of these theories is that from the perspective of corporate governance, all of them can be used to explain audits as a complement for such corporate governance elements as boards of directors, audit committees, and the internal audit. One effect of SOX (discussed in Chapter 2) is to institutionalize this complementary role by requiring strong corporate governance mechanisms in addition to effective, independent external audit function. A pervasive concern that has become more evident in today’s world is that of management deception in the form of unethical reporting and outright fraud. There is increasing expectation that auditors will detect deceptive or unethical reporting. Note that this is a natural consequence of three-party accountability. We will refer to this increasing expectation by the public as the ethical reporting principle. Whether auditors and the accounting profession can meet the public’s expectations about the role of auditors and accounting in society has been a controversial issue for at least 30 years. Part of the problem is that society’s expectations change, and professional standards have not kept up with changes in expectations of the social role of the auditor. For example, implicit in the definitions below is that auditors know what information and risks are relevant to society in financial statements. This in turn determines what kind of opportunistic behaviours are relevant for auditors to detect. These are deep issues and may require auditors to go beyond explicit professional standards in order to successfully fulfill their social role. We discuss examples throughout the text. Most involve the acceptability of risks of various types, including the acceptability of information risks. A recent objective in audit standards is to detect and deter fraudulent financial reporting. Such deceit is increasingly viewed as a form of corruption that undermines the public interest.3 An extension of this might be to detect any unethical financial reporting, including fraud by management incompetence. Fraud by management incompetence includes any false claim by management of its capabilities. An example of fraud by incompetence in a university is cheating by students on an exam that earns them a higher mark than deserved and, as a result, perhaps a better job than qualified for. If such deception were uncontrollably rampant it could undermine the credibility of university degrees and the broader economy, as incompetent people, including incompetent auditors, influence key sectors of the economy. This is why deception is viewed as a form of corruption. Fraud by incompetence is one of increasingly many types of deception clever imposters think up to exploit institutional weaknesses in all types of economies. Similarly, detection and deterrence of all types of deception by capital users against capital providers may be crucial for preserving trust, and thus the functioning, of capital markets.4 Fraud by management
ethical reporting principle: a principle proposed to represent the main concerns of third-party users of financial statements
fraud by management incompetence: a false claim by management of its capabilities used to conceal deceptive financial reporting by making it look unintended
WWW.TEX-CETERA.COM
APPENDIX 1B
Alternative Theories of the Role of Auditing in Society
1B-4
incompetence includes such common problems as inability to prepare fairly presented financial statements. Misstatements might be unintentional yet arise because of management incompetence or inability to deal with financial reporting issues. The auditor’s traditional role has been to detect such incompetence, but it has not been treated as a form of deception. However, if the concept of corruption were defined to include fraud by management incompetence, then corruption would incorporate poor economic performance due to mismanagement and misleading reporting, including all reporting that fails to reflect the economic substance of an entity’s activities. Thus, detection of corruption via financial reporting can help address the goal of reflecting economic substance of principles-based standards5 as well as detection of fraudulent financial reporting. Savage and Van Allen6 give good illustrations of how corruption can arise through conformity with traditional generally accepted accounting principles. None of the above theories are inconsistent with the ethical reporting principle; however, they lack the emphasis on detecting various forms of corruption that the ethical reporting principle implies. Thus, under the information hypothesis, the ethical reporting concern is not so much about the risk of unintentional misstatements as it is about intentional misstatements by management. Under the monitoring hypothesis, the goal is not so much to protect management from being underpaid as from being overpaid. And under the insurance hypothesis, the emphasis switches to insurance for management corruption as opposed to insurance for broader reasons for business failures. Ethical reporting thus becomes the common theme underlying all the theories, and it may thus become the most basic principle of auditing. Evidence of this is indicated by trends in today’s corporate world, such as making management more accountable through certification of financial statements, beefing up audit standards to increasingly require forensic-type audit procedures on every engagement, and increasing skepticism on the part of auditors. These changes are further explained throughout the text. One issue not covered by any of the above theories, and one that is becoming increasingly important in today’s world, is the degree to which the profession should be self-regulated. It is evident from the chapter coverage that some politicians and regulators do not trust the profession to act in the public’s best interests. One important reason for this lack of trust is that the product of auditing—audited financial statements—has the attributes of what economists call a public good. A public good has two properties: non-rival consumption and non-excludability. Non-rival consumption is the property that allows one person’s consumption of a good to prevent another person from consuming it. Non-excludability is the property by which the auditor is unable to prevent any user from consuming the good. Markets break down under non-excludability because the seller, for example, an auditor, would be unable to assume that only those who paid for the good could obtain it. When consumption of a good is non-rival, the provision of the good through a market will not enable the best or optimal level of output to be produced. These economic concepts indicate that at best market forces work imperfectly for audit services. As a consequence, like many public goods, regulations may need to complement the market mechanism. The problem then becomes a political one with regulators attempting to identify true demand and prices for audit services through a political process, rather than relying on market forces. In conclusion, the market mechanism for controlling the audit service profession has a high risk of failure since audits are a type of public good, and some regulatory or semi-regulatory systems need to be considered.
public good: a good that has the properties of non-rival consumption and non-excludability
non-rival consumption: a product of audited financial statements by which one person’s consumption of a good does not prevent another person from consuming it
non-excludability: a product of audited financial statements by which the auditor is unable to prevent any user from consuming the good
WWW.TEX-CETERA.COM
1B-5
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Although it was used throughout the 20th century, self-regulation appears to be a failure. What worked for much of the 20th century may need to be updated for the conditions and social expectations of the 21st century. It is wrong to conclude that auditing would not exist without regulation. We know from the history of the profession that there was a demand for audit services before the passage of key securities and corporation law legislation. However, the market for audit services is imperfect due to the public good attributes of audit services, which means more state intervention appears likely as the audit function becomes more critical to proper functioning of capital markets. This trend has become more evident since the global financial crisis of 2008/2009. Government intervention started with the passage of Corporation Acts in the 1800s and 1900s and the SEC laws in the 1930s, and it continues to the present day through SOX and the increased regulation of the auditing function it helped to create. Interestingly, consistent with the ethical reporting principle, audits have always been viewed as fraud detectors either informally in terms of expectations gaps or more formally as indicated in the earliest textbooks on auditing from the 1800s or in securities legislation. Virtually all legislation affecting auditors is concerned with protecting investors. But protection from what? Implicit has been protection from cheating, that is, intentional deception by management or corporate promoters. There is hardly any concern expressed in legislation for unintentional misstatements. The issue is increasingly one of trusting the second party in three-party accountability. Corruption and other economic rent-seeking behaviours may also be a significant factor in recent debates about the increasing economic inequality in advanced economies such as Canada’s over the past 35 years. All this evidence suggests that ethical reporting may be increasingly important in the evolving “audit society” with stringent oversight of securities markets and the related financial reporting system.
Review Checkpoints 1B-1 Do you think that the auditor’s primary responsibility should be to detect deceptive reporting (e.g., earnings manipulation by management)? Yes or no? Discuss in class. 1B-2 What is information risk? List reasons it is important to society to reduce this risk. 1B-3 Name and describe three theories that explain how audits reduce information risk.
KEY TERMS ethical reporting principle
information risk reduction
non-excludability
fraud by management incompetence
insurance hypothesis
non-rival consumption
implied warranty concept
monitoring hypothesis
public good
information hypothesis
negligence-based concept
ENDNOTES 1
W. H. Bishop, “The role of ethics in 21st century organizations,” Journal of Business Ethics, December 2013, pp. 635–637.
2
J. H. Amernic and R. J. Craig, “Accounting as a facilitator of extreme narcissism,” Journal of Business Ethics, September 2010, pp. 70–93.
WWW.TEX-CETERA.COM
APPENDIX 1B
Alternative Theories of the Role of Auditing in Society
1B-6
3
P. Fleming and S. C. Zyglidopoulos, “The escalation of deception in organizations,” Journal of Business Ethics, September 2008, pp. 837–850.
4
See W. Smieliauskas, “CAP Forum on Forensic Accounting in the Post-Enron World: Introduction and commentary,” Canadian Accounting Perspectives, November 2006, pp. 239–256.
5
International Federation of Accountants [IFAC] 2011 Discussion Paper, The Evolving Nature of Financial Reporting: Disclosure and Its Audit Implications (New York: IFAC, January 2011).
6
S. Savage and M. Van Allen, “Accounting for uncertainty,” Journal of Portfolio Management, Fall 2002, pp. 31–39.
WWW.TEX-CETERA.COM
C H A P T E R
2
Auditors’ Professional Roles and Responsibilities Chapter 2 describes the audit environment, layers of standardization, and professional self-regulation that have evolved to uphold the quality of audits. These layers of control over auditors’ work can be viewed as a reflection of the importance of auditing to society and our economy, and of auditors’ responsibility in protecting the public interest. It is important to understand that all these layers of control ultimately relate to controlling information risk for users of financial statements.
L EAR NING O BJE CT IVE S After completing this chapter, you will be able to do the following: LO1
Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants in Canada.
LO2
List the various practice standards for independent audits of financial statements.
LO3
Summarize the ethical, examination, and reporting standards that make up generally accepted auditing standards as set out in CPA Canada’s Canadian Auditing Standards.
LO4
Explain the importance of general assurance standards using examples of assurance matters.
LO5
Explain how requirements of quality control standards are monitored for public accounting firms.
LO6
(Appendix 2A) List the generally accepted auditing standards of the United States.
LO7
(Appendix 2B) Summarize audit quality control monitoring in Canada.
CH APT ER APP ENDICE S APPENDIX 2A Generally Accepted Auditing Standards of the United States (on Connect) APPENDIX 2B Implementation of Quality Control Standards in Canada (on Connect) 38
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
EcoPak Inc. While they are waiting for StyreneTech’s audited financial statements, Kam and Mike start looking over Waterfalls Inc.’s consolidated financial statements with Nina. The statements are in a big, glossy document titled “The Annual Report,” which also includes the auditor’s report, a report on internal control effectiveness and corporate governance, a managements’ discussion and analysis report (MD&A), and a corporate environmental and social responsibility report. Nina explains that Waterfalls Inc. is a large public company, so it has to provide a lot more details about its management and governance than a smaller entity like StyreneTech does. When the audited StyreneTech financial statements are received, Kam and Mike note the auditor’s report has exactly the same wording as the Waterfalls one, which makes them a bit suspicious. Both reports say the audits were done in accordance with “standards” and that they provide reasonable assurance. How do they know the PAs at Grand & Quatre LLP (G&Q) did good-quality work? Nina tells them that as PAs, the auditors at G&Q must follow generally accepted auditing standards (GAAS) to ensure that their work is of high quality. As an auditor of public companies, G&Q is also subject to securities regulations and inspections of the quality of their audit work, so Kam and Mike can expect the same quality level for the StyreneTech audit. When they pass the audited StyreneTech financial statements along to Zhang, who has looked over hundreds of audited financial statements, she is, initially, satisfied with the auditor’s report because it is “unmodified.” Then, however, her eyes zoom right to the disclosures in the notes, where she finds a note about a contingent liability to some former employees who have developed serious health problems. These former employees have launched a lawsuit against StyreneTech claiming that StyreneTech did not provide adequate protection from the fumes in the factory, which led to their illness. This contingency did not appear in the unaudited financial statements, and in Waterfalls’ notes it was combined with some other legal claims but not specifically identified. Based on these audited statements, Zhang tells Kam and Mike that she is not willing to invest in the StyreneTech shares because of that contingent liability. She is only willing to invest in shares of a new corporation that will buy the operating assets of StyreneTech rather than its shares. When Nina hears about Zhang’s decision, she tells Kam and Mike, “Now you see why Zhang wanted those audited statements—they are much more complete because the auditors look for things like contingent liabilities and make sure that all the requirements of generally accepted accounting principles (GAAP) are followed. Zhang is very wise!” Kam and Mike are very impressed, and they continue to consider things. They have heard that StyreneTech’s petroleum-based polystyrene-foam production process releases pollutants that are controlled substances, meaning that the emissions volumes need to be measured and reported to a government agency. They ask Nina if it is possible to have G&Q audit StyreneTech’s pollution emissions to see if they comply with the government’s limits. Nina says it is possible, since big accounting firms such as G&Q often have environmental auditors on staff, or there are other consulting firms that provide assurance on information other than financial statements, such as pollution volumes. But it could be costly, and it’s unlikely that Waterfalls would pay for it, so Kam and Mike would need to really think about why they want that information audited and how much they are willing to pay for it. Kam and Mike decide to take the plunge and become packaging entrepreneurs. When they tell Nina, she responds by saying, “Congratulations! I know you will both succeed brilliantly! But for now, you really need to get a lawyer to help you start up the new corporation and get you going on acquiring StyreneTech’s assets. I can recommend a few good ones.”
WWW.TEX-CETERA.COM
39
40
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
The Essentials of Auditors’ Professional Roles and Responsibilities Since auditing is a critical function in the economy, it is extensively regulated to ensure it remains effective. In Canada, the regulation of professional accountants and auditors is a provincial responsibility, varying somewhat depending on the legislation in different provinces. The profession also has a national umbrella organization that all provincial organizations are associated with. The collapse of Enron and the failure of Arthur Andersen, the largest accounting firm at the time, some 15 years ago was a major turning point for the accounting profession, and it has repercussions to this day. At the time of writing, the profession is being streamlined at both the national and provincial levels by uniting three formerly separate accounting designations (CA, CGA, CMA) into a single designation for Canadian professional accountants, the CPA (Chartered Professional Accountant). The national umbrella organization is now CPA Canada, and there are counterpart CPA associations in each province (e.g., CPA Saskatchewan). CPA Canada is authorized by legislation to set all accounting and auditing practice standards for Canada, and it also sets the education and examination requirements for students interested in obtaining the CPA designation. The provincial associations deliver the CPA Canada educational program and also set a code of ethical conduct that members must follow (e.g., CPA Ontario’s “Rules of Professional Conduct”). They are responsible for the admission of members, as well as inspection of accountants’ practices and disciplinary actions to enforce the professional ethics code. The regulation of an individual accountant will depend on what kind of work the person is engaged in. A lot of accounting-related work, such as bookkeeping and financial statement and tax preparation for individuals or private companies, can be done by people who don’t have a CPA designation. The CPA designation requires specific higher education and experience, so it can allow accountants to do more complex professional work, and this can be as employees of businesses, as entrepreneurs operating their own consulting service business, or as associates of professional accounting firms. An important distinction arises when an accountant wants to provide auditing and assurance services for use by the general public; this is referred to as public accounting. Since the general public may not be able to assess whether an accountant is properly qualified and regulated to act in their best interest, the intent of the CPA regulations is to protect the interests of the public. Generally, to practise public accounting a person must have a CPA designation, and in many (most) provinces (e.g., Ontario, Alberta, Quebec, Saskatchewan) must obtain further qualification and licensing (e.g., from the Public Accountants Council for the Province of Ontario, PAC). CPA members in public practice will have their work and office procedures inspected periodically by the provincial association to ensure they are in compliance. Further, if a public accounting firm wants to be engaged to audit publicly traded companies, this falls under securities laws, adding an extra layer of regulation. The firm must register with the Canadian Public Accountability Board (CPAB). CPAB will inspect their financial statement audit work on public companies annually to provide the highest level of public protection, since the companies audited can sell their securities directly to the public. In addition to being highly regulated, financial statement audits themselves are used as an instrument of regulation on corporate reporting. Corporation laws require companies to produce audited annual financial statements (though private and smaller companies can sometimes waive this requirement), and securities laws require public companies to file audited financial statements within 90 days of their year-end. What do all these regulations require of professional accountants, specifically? To summarize, members of a CPA association are required to comply with the professional ethics code of their provincial association. Every ethics code has five similar components, requiring the member to act with integrity, to remain objective, to maintain the professional competencies their work requires and to do their work with appropriate due care, to keep confidential all information they acquire through their professional work, and to behave professionally in a way that befits a well-respected profession. These requirements apply to CPAs in private employment or in public accounting practice, though there are more rigorous requirements for CPAs in public accounting engagements. They must also demonstrate they can
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
41
be objective by remaining independent of any potentially conflicting interests, and must maintain independence in fact and also independence in appearance to outsiders. While independence in fact is absolutely essential, it is not sufficient unless outsiders can also see evidence that the CPA has no financial or other interest that would cause him or her to act in a biased way rather than in the outside user’s best interest. For further guidance, the ethics codes identify five situations that can arise in a three-party accountability relationship and, if they exist, can threaten an auditor’s independence: self-review, self-interest, advocacy, familiarity, and intimidation. CPA members meet the requirement of professional competency and due care in performing their work by complying with requirements of the CPA Canada standards for accounting (GAAP—Accounting Standards for Private Enterprises (ASPE) or International Financial Reporting Standards (IFRS)) and auditing (GAAS— Canadian Auditing Standards (CASs)). Thus, the professional ethics code incorporates the professional accounting and auditing standards, making compliance with them the bottom-line professional responsibility of professional accountants. For auditing, GAAS are set out in the CASs in the CPA Canada Assurance Handbook. CAS 200 is entitled “Overall Objective of the Independent Auditor, and the Conduct of the Audit in Accordance with Canadian Auditing Standards.” It states the financial statement auditors’ overall objectives as follows: (a) To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and (b) To report on the financial statements, and communicate as required by the International Standards on Auditing (ISAs), in accordance with the auditor’s findings. CAS 200 also provides principles and fundamental concepts that underlie the auditing function. The other CASs relate to different aspects of an audit, such as planning and assessing risks of misstatements. Each CAS states its objectives and sets out the requirements an auditor must meet to achieve them. To claim to comply with GAAS, an auditor must comply with every CAS that is relevant in the audit. If a relevant CAS objective cannot be achieved, the auditor has to consider whether an audit conclusion can be reached at all and may have to withdraw from the engagement if not. Any financial statement auditor who does not follow all the relevant CASs has not used due care as required by the ethical code and can be judged as having performed a deficient audit.
Review Checkpoints 2-1 How is the accounting profession in Canada regulated? 2-2 What distinguishes public accounting from other types of work professional accountants might perform, such as bookkeeping, financial statement preparation, or tax return preparation? 2-3 Describe the five essential components of a professional ethics code for accountants. 2-4 For what types of work does a professional accountant require independence? 2-5 How does independence in fact differ from independence in appearance? Why, and to whom, does the distinction matter? 2-6 What are five situations that can threaten an auditor’s independence? Explain each situation in terms of the three-party accountability model. 2-7 Explain the mechanism by which financial statement audits serve as an instrument of financial regulation. 2-8 Why are professional accountants required to comply with GAAP and GAAS? 2-9 What are the overall objectives of a financial statement audit?
WWW.TEX-CETERA.COM
42
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
The Current Environment of Auditing LO1
Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants in Canada.
The audit environment has undergone profound changes as a result of corporate failures such as Enron and WorldCom, starting in 2001. Until 2002, the accounting profession was largely self-regulating. By self-regulation we mean that the profession itself established the rules governing audit practice and monitored compliance with them. This reliance on self-regulation changed with the perceived failure of the profession to detect the problems leading to the corporate scandals of 2002/2003. The crucial role of auditing in well-functioning capital markets became clear as never before. This process of rapid change continued with the economic crisis of 2008/2009 as the integrity of capital markets was being questioned all over the world. These developments highlight the importance of controlling information risk and agency problems introduced in Chapter 1. One important mechanism for controlling information risk is through GAAS, which apply to financial statement audits, and the broader assurance standards, which apply to all audits. These audit standards are formal requirements auditors must meet in carrying out an audit. These standards can be summarized via the five categories in Exhibit 2–1, which we discuss in more detail later. Another way of controlling information risk is through quality control standards of audit practice. To help ensure that all these standards are actually implemented in practice, the accounting profession is monitored externally by CPAB in Canada and through selfregulation. Appendix 2B discusses in more detail the implementation of quality control standards. The next section briefly summarizes the recent changes in the current audit environment. Later chapters explain the significance of these changes in more detail.
The Sarbanes-Oxley Act “The greed and corruption of top executives at Enron, WorldCom, Global Crossing, Adelphia and numerous other major companies has jeopardized the retirement savings of a generation and unleashed a crisis of confidence that continues to drain values from America’s markets. “There is no question in my mind that trusted executives who betray their workers and shareholders are capable of doing far greater and more lasting damage to our nation, our economy and our way of life than any external attacker” (quote by Walter Shorenstein in “Crackdown on business fraud urged at conference,” Jim Christie, November 1, 2002, San Francisco). The above quote indicates the depths to which the accounting profession’s esteem and that of business in general had sunk by the end of 2002. The period roughly from October 2001 through November 2002 had seen the most dramatic changes in the accounting profession since at least the 1930s. There had been more stories on the profession in the mainstream and business media than ever before. Enron, Arthur Andersen, and WorldCom had become household names. The reputation of North American businesses and their auditors had sunk to new lows. For example, in 2002 Tyco International executives were accused of “looting” their company to the tune of US$600 million and treating its assets as their piggy bank. Similar accusations had been made about executives at Adelphia Communications, Global Crossing, WorldCom, Enron and many other companies. This dramatic shift in attitudes toward capitalism in general and auditors in particular can be assigned to a specific watershed event—the bankruptcy of the energy company Enron on December 2, 2001. The changes
self-regulation: a situation where the government gives a professional group the power to monitor and discipline its members
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
43
since then have been so substantial that the term post-Enron world has been used to signify the completely altered corporate landscape that has developed since then. One of the reasons Enron had such a shock effect was that it was considered a “new-economy” company that pointed the way for the rest of the energy industry as it headed into the 21st century. Enron was the poster child of the new-economy company. It had been considered a highly innovative energy company that had branched out into exotic areas of financial engineering related to energy usage, such as weather derivatives. Some of these innovations were successful and have continued. But the majority appeared to have been little more in substance than manipulation of energy prices (leading to widespread blackouts in California in 2000), or shell games with related parties that deceptively hid liabilities and losses on speculation in the direction of energy prices. Rather than an innovative energy company or new-age hedge fund, Enron turned out to be more like a classic Ponzi scheme, relying on attracting ever more investors to continue bidding up the price of the company’s shares. The aspect of Enron that appeared to enrage the public most was that lower-level employees and others were strongly encouraged, even forced, to invest their retirement savings in Enron stock while top management were selling their shares based on insider knowledge of the disastrous state of affairs. Total losses to shareholders amounted to over US$60 billion, and over 6,000 Enron employees lost their jobs along with their retirement savings. As a result of Enron’s bankruptcy, numerous lawsuits have been filed by the shareholders and creditors against Enron’s management; its board of directors; its auditor, Arthur Andersen; and numerous financial institutions, including America’s biggest banks, which were suspected of arranging the sham transactions. In addition to the U.S. Securities and Exchange Commission (SEC), various state regulators launched investigative probes against these same institutions. Another casualty of Enron has been the accounting profession itself. Of course, the most immediate impact fell on Arthur Andersen, one of the Big Five accounting firms at the time. Right after Enron’s bankruptcy, questions were raised about the effectiveness of its auditor, Arthur Andersen, since there were no official indications of serious problems at Enron until mid-October 2001, when it had to restate previously reported earnings. (Another characteristic of the post-Enron world is that the number of such restatements skyrocketed across North America soon after the failure of Enron.) Joe Berardino, managing partner of Arthur Andersen, tried to explain the apparent audit failure by attributing the problems to the vagueness of accounting standards and the complexity of Andersen’s financial statements. This explanation might have been more plausible had not Andersen been involved in designing these very same transactions as part of their consulting work for Enron. The real problem seems to have been that Arthur Andersen lacked independence because it was auditing its own work. The accounting profession and the public were shocked by revelations in January 2002 that Andersen was engaged in the shredding of many of its Enron audit documents. This shredding began soon after the SEC announced its investigation of Enron’s accounting in October 2001, soon after Enron’s first announcement of its restatements. Early in January 2002, the shredding practice was made public, and on January 15, 2002, the partner in charge of the Enron audit, David Duncan, was fired by Arthur Andersen. He was later found guilty of obstruction of justice and testified against his former firm. On June 15, 2002, Arthur Andersen itself was convicted of obstruction of justice as a result of what the jury felt was a systematic effort within the firm to destroy relevant evidence about the true condition of Enron. This conviction of a prominent auditing firm and its subsequent demise was unprecedented in the history of the profession. The entire profession was tarnished by this fiasco involving one of its most reputable firms. Arthur Andersen was fined $500,000 and placed on a five-year probation. By then it was already destroyed as an auditing firm. Its clients left, concerned that they would be tainted by Arthur Andersen’s falling reputation. In a matter of months Arthur Andersen was reduced to a shell of its former self. A firm that at the beginning of 2002 employed 85,000 people worldwide and had built an 89-year-old reputation of high integrity and excellence was essentially destroyed by the time of its sentencing on October 26, 2002. Even though the U.S. Supreme Court later overturned Andersen’s conviction, Arthur Anderson was no longer a viable business. There are now only the “Big Four” instead of the “Big Five” accounting firms, and these “Final Four” are now redefining their roles in the post-Enron world.
WWW.TEX-CETERA.COM
44
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Unfortunately, it was not only Enron that reshaped the auditing world. Enron was the United States’ seventh-largest firm when it went bankrupt. It was the biggest bankruptcy ever at the time. But it was soon followed by yet another, even bigger bankruptcy—that of WorldCom on June 25, 2002. WorldCom was the backbone of the Internet, until its bankruptcy carrying about half of all Internet traffic, and was the United States’ fifth-largest firm at the time of its bankruptcy. Total estimated losses to shareholders were US$180 billion, and 17,000 employees lost their jobs. Arthur Andersen was WorldCom’s auditor as well. Enron and WorldCom were not Arthur Andersen’s only problem audits. Throughout 2002 every week seemed to reveal a new corporate scandal involving deceptions in audited financial reporting. Although Arthur Andersen was not the only one involved, it accounted for a disproportionate number of these companies, including Global Crossing, Waste Management, Sunbeam, and the Baptist Foundation of North America (the largest non-profit bankruptcy ever—US$570 million in losses). As result of these and other corporate scandals, there was a worldwide questioning of the integrity of North American capital markets. The WorldCom failure was the most dramatic illustration of this. WorldCom acted as the final straw in prompting the passage of the most drastic legislation affecting the accounting profession since 1933—the Sarbanes-Oxley Act (SOX) in 2002. Key features of SOX include the following: �Ì Increased oversight of auditors, including audit standard setting by the newly created Public Company �Ì� �Ì �Ì �Ì
Accounting Oversight Board (PCAOB) Increased penalties for corporate wrongdoers More timely and extensive financial disclosures More timely and extensive disclosure of the way the firm is governed New options of recourse for aggrieved shareholders, including increased legal liability for auditors
For auditors of public companies, SOX created a five-member Public Company Accounting Oversight Board (PCAOB) with the authority to tighten quality control of audit practices and report on inspections of audit firm practices. Canadian companies listed on U.S. stock exchanges, as well as their auditors, are subject to these SOX rules. SOX and the financial disasters that preceded it have had a huge impact on corporate governance and the regulation of accounting and auditing around the world. For example, in Canada, a predecessor of CPA Canada, the Canadian Institute of Chartered Accountants (CICA), helped organize the creation of its own Canadian Public Accountability Board (CPAB) to oversee the auditors of public companies. The CPAB also tightened quality control of audit practice and reports on inspections of audit firm practices. In addition, several of Canada’s largest pension and mutual funds banded together in 2002 to form the Canadian Coalition for Good Governance. This organization controls hundreds of billions of dollars in assets and monitors executives, audit committees, auditors, and boards of directors in corporate Canada for compliance with what they consider good corporate governance and financial reporting practices. Finally, CPA education and practice are monitored by outside agencies in some provinces. For example, the Public Accountants Council (PAC) was created in 2006, and it determined that only licensed CPAs would be allowed to practise public accounting
Public Company Accounting Oversight Board (PCAOB): a five-member board created through the Sarbanes-Oxley Act (SOX) to oversee the auditors of public companies in the United States
Canadian Public Accountability Board (CPAB): the board organized to monitor the auditors of public companies in Canada
Canadian Coalition for Good Governance: a group of the largest pension and mutual funds, whose purpose is to monitor executives and boards of directors to see whether they comply with good corporate governance and financial reporting practices
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
45
in Ontario. See pacont.org for PAC’s standards, regulations, and handbook regarding education and licensing of CPAs in Ontario. A similar system exists in Quebec. Despite these changes, the accounting profession in Canada is still largely self-regulating. For example, CPAB does not create audit standards. CPAB’s monitoring of auditors is described in more detail in Appendix 2B. The corporate failures, the fall of Arthur Andersen, and the resulting passage of SOX dramatically changed the corporate environment not only in the United States but also in Canada and the rest of the world. CPAB’s and PCAOB’s activities reflect the increased regulation of the profession. The Canadian, U.S., and other accountability boards around the world will likely make increased second-guessing of professional judgment a fixture of the post-Enron world. That world is now more complicated for auditors and the profession, and the implications will become clearer over time. However, auditing will likely become more important to accounting firms and to society. The use of more ethical reasoning in reporting will also likely be the result of this increased importance. Specific effects evident through 2015 are included in this text. The increasing importance of auditing has come at a price; the extensive impact on the markets of the profession’s perceived failures means it is no longer acceptable to leave monitoring of the profession to the professionals themselves. The monitoring process now involves groups representing the broader public interest as well as government, but the exact mix of monitors depends on the country. Since most of the corporate failures prompting the changes took place in the United States, the PCAOB has so far led the way in promoting new ways of providing oversight of auditors, and the main instrument of change has been the powers delegated to PCAOB by SOX. SOX’s impact on auditors can be seen throughout the world, but it also had consequences for broader areas of corporate activities. Following is a quick overview of its main impact on auditors: �Ì� Management certification of all its publicly issued financial statements �Ì� Evaluation of internal control in statements made by management �Ì� Closer regulation of the profession, including regular monitoring of its activities �Ì� Greater responsibilities assigned to client audit committees �Ì� Increased importance of the role of the internal auditor
Internal control statements deal with the reliability of the system or process that creates the financial statements.1 Audit committees monitor management’s financial reporting responsibilities, including meeting with the external auditors and dealing with various audit and accounting matters that may arise during an audit. In Canada, we have weaker and less costly requirements regarding disclosures, which some have dubbed SOX North. Under SOX North, client firms disclose as part of management discussion and analysis (MD&A) only any weaknesses in the design of internal control systems. There is no requirement that the internal controls be tested for effectiveness. There is also no requirement that these disclosures be certified by management, or that the disclosures be audited. Nevertheless, there is some evidence that these less-costly, self-reported disclosures are credible in capital markets.2 We will discuss audit committees and the evolving concept of internal control in much greater detail throughout the rest of this text. Perhaps the most important result of SOX for the auditor has been the increased monitoring of the profession, in the form of accountability boards. The board in Canada has authority and responsibilities that are different from those of its U.S. counterpart, as the legal systems and political institutions of the two countries are different.
internal control: the system of policies and procedures needed to maintain adherence to a company’s objectives; especially, the accuracy of recordkeeping and safeguarding of assets
audit committees: groups that monitor management’s financial reporting responsibilities, including meeting with the external auditors and dealing with various audit and accounting matters that may arise
WWW.TEX-CETERA.COM
46
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
CPAB was created in July 2002 to monitor the auditors of public companies in Canada. However, CPAB is directly funded by the audit firms, leading to questions about its independence from the profession itself. In contrast, the PCAOB is directly funded by the SEC. Another difference is that CPAB uses the profession’s auditing, ethics, independence, and quality control standards in performing its monitoring, whereas PCAOB uses its own standards. CPAB, like PCAOB, issues reports on its monitoring that are made public at cpab-ccrc.ca. The first two consequences of SOX identified above relate to management’s increased responsibility for financial reporting and the requirement of an external audit of management’s internal control statement. Management’s certification of financial reporting means that it must state in writing that it is not aware of any factual errors or omissions of facts that would make the financial and internal control statements misleading. These are best summarized as attempts to strengthen the system of corporate governance. Corporate governance describes how well a company is run in the interests of shareholders and other stakeholders. Corporate governance principles are covered in Chapter 6, Appendix 6B (available on Connect). Audit committees and internal auditing are also covered in more detail later. Other Canadian regulations, especially those in Ontario, have been influenced by the SOX requirements. There is now greater emphasis on more timely disclosures of material information and more disclosure of corporate governance practices. Management is now required to disclose its conclusions about the effectiveness of internal control in the MD&A section of the annual report. In Canada, it is not required that this disclosure on internal control be audited. In contrast, the SEC requires audits of internal control disclosures by registrant companies. In Ontario, the Toronto Stock Exchange (TSX) companies do not need to follow best corporate governance practices, but failure to do so by the largest companies must be disclosed. The Ontario Securities Commission (OSC) specifies the duties and authority of audit committees, including providing a definition of independence of its members.
Review Checkpoints 2-10 What is meant by self-regulation? What are the effects of self-regulation on the profession in the post-Enron environment? 2-11 What are the differences between Canadian and U.S. accountability boards? Compare the differences in their monitoring reports. Which ones do you think are better?
Regulation of Public Accounting Regulation of public accounting in Canada, as with most professional groups, is a provincial matter. Most provinces have laws, public accountancy acts, that specify who is allowed to practise public accounting in the province. For example, Ontario’s Public Accounting Act licenses only CPAs who meet the PAC’s educational and experience standards to perform what they describe as public accounting functions that meet the public interest. (See their website at pacont.org for more details on their activities and requirements.) For PAC, the public interest is effectively represented by the third-party users of the financial statements. These reforms were linked to the creation of CPAB, incorporated under the Canada Corporations Act, which provides oversight of all PAs auditing public companies in Canada.
corporate governance: the ways in which the suppliers of capital to corporations assure themselves of getting a return on their investment; more generally, under the corporate social responsibility view, corporate governance is the system set up to hold a corporation accountable to employees, communities, the environment, and similar broader social concerns, in addition to being accountable to the capital providers
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
47
CPAs who meet provincial requirements are allowed to practise public accounting in their provinces. Public interests, particularly those of vulnerable third parties, must be protected. Quality control standards, and CPAB monitoring implemented in recent years, helps to ensure this protection, as further explained in Appendix 2B. In addition to the system of regulation outlined previously, other factors greatly influence the profession. These include the legal system the profession operates under (discussed in Chapter 3) and the impact of regulators on practising auditors. Regulators include, at the federal level, the Superintendent of Financial Institutions, whose prime responsibility is regulating the financial services industry under the jurisdiction of the Federal Bank Act. At the provincial level, there are the securities commissions with responsibility for investor protection and for ensuring the fairness and efficiency of the province’s capital markets. There are securities commissions in every province and territory, but because of the division of powers between the provinces and the federal government, there is no national-level securities commission in Canada comparable with the SEC in the United States. However, since 1999, the Joint Forum of Financial Market Regulators, consisting of provincial securities commissioners and various national regulators, has coordinated and streamlined the regulation of services in Canadian financial markets through voluntary agreement between participants. The OSC is responsible for the biggest and most-developed capital markets in Canada. We will use it here to illustrate the impact a regulator can have on public accounting. Three principal activities of the OSC ensure the orderly functioning of capital markets within its jurisdiction, such as the TSX: 1.
Registering issuers, dealers, and advisers trading in securities and commodity futures contracts
2.
Monitoring the full extent of reporting requirements, including those related to prospectuses, takeovers, and continuous disclosure of material information
3.
Enforcing the provisions of the Securities Act and the Commodity Futures Act
A prospectus is the information, usually including financial information, about a firm that accompanies any new issuance of shares in a regulated securities market. The staff of the OSC includes a chief accountant and a chief forensic accountant, who work under the director of enforcement. The Office of the Chief Accountant is responsible for formulating financial reporting policy and for monitoring the application of accounting principles and auditing standards by report issuers and their auditors. Financial statements are reviewed on a selective basis, and up to one-quarter of companies reviewed receive comment letters relating to inadequacies in their financial reports. The companies’ auditors are also informed of problems. If the financial reporting problems are severe enough, the Enforcement Branch is notified. In 2001, the OSC found revenue recognition to be a significant problem area for high-tech firms. An example of an Enforcement Branch action affecting an auditor who will testify as a witness is given in the following box. This OSC action followed an investigation of Nortel’s accounting launched in April 2004 by the SEC and the OSC. Nortel, then one of Canada’s premier high-tech companies in the telecommunications industry, had to restate its financial results for quarterly periods going back through 2003, 2002, and 2001. The restated 2003 results reduced earnings by 41%. By January 2005, Nortel’s stock price had dropped to the $4 range from a July 2000 high of $124. Over 90,000 Nortel employees lost their jobs during this period. The earlier 2003 earnings had triggered millions of dollars of bonus payments to management. Twelve senior executives agreed to return $10.4 million of these bonuses, but Nortel filed for bankruptcy in 2009 and the trustees in bankruptcy are still seeking repayment of 2003 bonuses from managers fired in April 2004. In an attempt to demonstrate that Canada was serious in prosecuting white-collar crime, the RCMP began a criminal investigation into Nortel’s accounting on August 16, 2004. The trial did not begin until 2012 and ended early in 2013, as indicated in the next box.
prospectus: set of financial statements and disclosures distributed to all purchasers in an offering registered under Securities Law
WWW.TEX-CETERA.COM
48
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Nortel Fraud Trial Launches with Not-Guilty Pleas, Allegations of a Cookie Jar Culture The fraud trial of former Nortel Networks Corp. executives began Monday with the prosecution alleging a “cookie jar” culture in which accounting reserves were repeatedly manipulated to meet thresholds and trigger bonus payouts. “They set their targets,” chief prosecutor Robert Hubbard said in his opening remarks before Superior Court Justice Frank Marrocco. “Then they went about doing whatever needed to be done to meet those targets.” The accused, former Nortel chief executive Frank Dunn, former chief financial officer Douglas Beatty, and ex-Nortel corporate controller Michael Gollogly, were fired by Nortel for cause in 2004 amid allegations of financial mismanagement. The RCMP laid fraud charges against the three men in 2008. They are accused of manipulating Nortel’s financial reporting to trigger multi-million-dollar bonus payouts linked to the networking company’s return to profitability. All three men entered pleas of not guilty at the start of the trial that a spokesman for the Ontario Ministry of the Attorney General said could last more than six months. The trial ended on January 15, 2013, with the acquittal of all three executives. This acquittal was viewed by some accountants as a disaster for ethical financial reporting in Canada: “The acquittal of Nortel senior executives, many will argue, has all but granted a free legal pass to any company that wants to massage its financial reports to present better numbers to an unknowing public. . . . With the Nortel verdict as precedent, an awful lot of accounting games may now have a stamp of legal legitimacy.” Source: Excerpts from Michael Lewis, “Nortel fraud trial launches with not guilty pleas, allegations of a cookie jar culture,” The Toronto Star, January 16, 2012, reprinted with permission of Torstar Syndication Services; D. Parkinson, “Nortel judgment won’t discourage accounting games,” The Globe and Mail, Report on Business, January 15, 2013, B5; and Janet McFarland and Richard Blackwell, “Three former Nortel executives found not guilty of fraud,” The Globe and Mail, January 14, 2013.
What Nortel perhaps best illustrates is the distinction between fraudulent and unethical reporting, and that auditors and regulators should be concerned with both. An independent review by Nortel’s audit committee concluded that the corporate culture encouraged financial manipulation through weak internal controls. In January 2005, the board of directors went through a major reorganization, with half of the board members leaving. In addition, a high-profile ethics watchdog and compliance officer was hired to help change the corporate culture. This example illustrates why good corporate governance principles need to be followed. (Corporate governance principles are explored in more detail in Appendix 6B.) Nevertheless, the ultimate failure of Nortel suggests that more can be done by auditors and using accounting standards to deter unethical reporting before it leads to fraud or the failure of a company, or both. Nortel-type reporting issues and their significance for auditors are covered in more detail in subsequent chapters. It’s through questionable reporting like Nortel’s that the audit report is being modified to encourage auditors to publicize the difficult areas of the audit engagement in their reports. Getting back to the OSC, it also monitors the setting of auditing and accounting standards by CPA Canada, and it provides input on emerging issues as well as commentary on proposed standards. In addition, since 1989, the OSC has issued Staff Accounting Communiqués (SACs) intended to explain the OSC staff’s views on specific reporting issues. Although the SACs have no official OSC approval, OSC staff are likely to challenge any treatment that is inconsistent with an SAC. By publishing the results of its monitoring program, by filing complaints to provincial disciplinary committees, and through its representation on CPA Canada standard-setting boards, in recent years the OSC has had a significant, ongoing impact on the profession. Other regulators also affect the profession. For example, the Canadian Investor Protection Fund— sponsored by the Toronto and the Montreal stock exchanges, the Canadian Venture Exchange, the Toronto Futures Exchange, and the Investment Dealers Association of Canada—is a trust established to protect customers from the financial failure of a member firm (any member of a sponsoring organization and some U.S. bond dealers that trade in Canada). In recent years, Fund staff have taken a more active supervisory role by overseeing regular monthly, quarterly, and annual reporting; paying surprise visits to offices of member
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
49
firms; and conducting at least one financial questionnaire per year. The Fund can fine or set sanctions against a member firm that violates capital, reporting, or other requirements. It develops policy statements that address standards for internal control within member firms. Auditors must be aware of these standards when auditing member firms. Internal control reports are discussed in more detail in Chapter 21 (available on Connect). Another regulator, the Securities and Exchange Commission (SEC), affects Canadian auditors whose client firms have dealings with U.S. securities markets. In recent years, many Canadian companies have gone to U.S. and other international markets to raise cash through an initial public offering (IPO). Because they need to file regulatory documents in each province, which increases the cost of financing, many Canadian companies are finding it cheaper to raise money through public markets in other countries. Canada’s Department of Finance has for a number of years explored the idea of creating a national securities regulator (such as the SEC in the United States) or some national coordinator of provincial securities commissions, to improve the quality and competitiveness of Canadian securities markets.3 The impact of the SEC on auditors is discussed in more detail in Chapter 20 (available on Connect). An important development in the regulation of the Canadian accounting profession was the creation of the CPAB on July 17, 2002. The Board represents the public interest through being dominated by non-CPA members (seven of the eleven Board members are to be non-CPAs). The Board monitors audit practice and conducts annual inspections of accounting firms to assess their ability to protect the public interest. It has the power to sanction any auditor that fails to protect the public interest, and it is viewed as the first in a series of major structural reforms to protect the integrity of Canada’s financial accounting systems. However, CPAB does not create audit standards. That is left to CPA Canada, which as a matter of policy has adopted the international standards that we cover in this text. Other steps include the CPA Canada evolving standard for auditor independence and the creation of provincial boards to oversee the professional conduct and peer-review systems at the provincial level. These activities are discussed in more detail in Appendix 2B. Finally, regulators, such as provincial ministries of the environment and natural resources, indirectly affect the profession by restricting which activities the clients themselves may need to disclose as part of the clients’ business risk. It should be clear from this brief review that the profession is facing an increasingly complex regulatory environment and that auditors must be sensitized to regulatory concerns in order to do a proper audit. Auditors also need to be concerned with meeting the demands of regulators in different countries. One part of the solution is using worldwide standards whenever feasible.
Review Checkpoints 2-12 Identify several types of professional accountants and their organizations. 2-13 What are some examples of assurance services rendered on representations other than traditional financial statements? 2-14 What are the three major areas of public accounting services? 2-15 Locate Nortel’s audit committee report on the Internet. Is the OSC or the SEC website more user-friendly for investors?
Securities and Exchange Commission (SEC): the main U.S. government agency regulating the securities markets in the United States
initial public offering (IPO): first-time offering of a corporation’s shares to the public
WWW.TEX-CETERA.COM
50
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Practice Standards LO2
List the various practice standards for independent audits of financial statements.
Practice standards are general guides for the quality of professional work, and the accounting and auditing profession has many sets of standards to choose from. The remainder of this chapter deals directly with four sets: (1) generally accepted auditing standards (GAAS), issued by CPA Canada’s Auditing and Assurance Standards Board (in the CPA Canada Handbook); (2) assurance standards, as promulgated by section 5025 of the CPA Canada Handbook; (3) CPA Canada’s General Standards of Quality Control for Firms Performing Assurance Engagements (CSQC-1); and (4) quality control standards as reflected in firm peer reviews and provincial institutes’ practice inspection manuals (covered in Appendix 2B). Several countries have created accountability boards in the post-Enron world. These boards can influence standards through monitoring public company audits and identifying weaknesses in them. In most countries, public companies are those listed on stock exchanges. The rules of professional ethics are also briefly introduced in this chapter and covered in more depth in Chapters 3 and 18 (available on Connect). The CPA Canada Recommendations for compilation and review services are explained in Chapter 17 (available on Connect). In the rest of this text, we may refer to CPA Canada Recommendations as CPA Canada Handbook Standards on Assurance or, most commonly, Canadian Auditing Standards (CASs). You will find relatively few references to the accounting recommendations in this text. CPA Canada issues accounting standards, but this text concentrates on auditing and the practice of accounting, not on the accounting rules themselves. An overview of GAAS is provided in the next section.
Generally Accepted Auditing Standards LO3
Summarize the ethical, examination, and reporting standards that make up generally accepted auditing standards as set out in CPA Canada’s Canadian Auditing Standards.
CPA Canada’s generally accepted auditing standards (GAAS) were first written as a short statement of eight standards. Since 1975, these eight have been augmented by additional explanations and requirements in the assurance Recommendations of the CPA Canada Handbook. Beginning in 2010, Handbook section 5100 was largely replaced by CAS 200 (5100, 5021, 5090, and 5095), and professional ethical requirements of the relevant professional accounting organizations were added. These changes are in line with convergence to international standards. CAS 200 is titled “Overall Objective of the Independent Auditor, and the Conduct of the Audit in Accordance with Canadian Auditing Standards.” CAS 200 establishes auditors’ overall responsibilities when conducting an audit in accordance with CASs. It lists the objectives of the audit and a series of principles and concepts fundamental to financial statement auditing, as shown in Exhibit 2–1. The importance of GAAS is that they identify the objectives and key principles of the financial statement audit. Every CAS is written so that it identifies the subject and objectives of the standard, provides new definitions wherever applicable, states the requirements for meeting the objective, and provides further explanation for carrying out these requirements. This may include examples of procedures that are appropriate in specific contexts. As we will see in Chapter 3, organizing the standards in this way more closely parallels the concepts of critical thinking within professional judgment. The goal is to have a more logically organized set of standards and to communicate the reasoning behind these standards to the auditor.
generally accepted auditing standards (GAAS): those auditing recommendations that have been established in a particular jurisdiction by formal recognition by a standardsetting body, or by authoritative support or precedent such as the auditing and assurance recommendations of the CPA Canada Handbook
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
51
If a relevant CAS objective cannot be achieved in an audit, the auditor has to consider whether the overall objectives of the audit, as stated in CAS 200, can be met. The CASs are issued from time to time, and the objective of each is consistent with the overall objective of CAS 200. You should view CAS 200 as the conceptual framework of financial statement auditing that provides the fundamental principles and objectives of the financial statement audit. For all practical purposes, this consistency of objectives makes all CASs part of GAAS. Any financial statement auditor who does not follow CPA Canada Handbook CASs can be judged as performing a deficient audit. The auditing standards literature also includes a series of Canadian Audit Practice Notes (CAPNs) and Audit Guidelines (AuGs). For the most part, the guidelines give technical help. Appendix 2A (available on Connect) lists the GAAS used in the United States. Note the similarities to GAAS of Exhibit 2–1. Canadian Auditing Standards (CASs) are audit-quality recommendations that remain the same over time and for all audits. Auditing procedures, on the other hand, are quite different and include the particular and specialized actions auditors take to obtain evidence in a specific audit engagement. Audit procedures may vary, depending on the complexity of an accounting system (whether
EXHIBIT 2–1
Generally Accepted Auditing Standards (Summary of CAS 200, 300, and 315) Objective of an Audit of Financial Statements The overall objective of the audit is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, within an applicable (acceptable) financial reporting framework. Most of this text deals with fair presentation frameworks. General Standard The auditor should comply with relevant professional ethical requirements relating to audit engagements. Examination Standards 1. 2. 3. 4.
The auditor should conduct an audit in accordance with Canadian Auditing Standards (CASs). In determining the audit procedures to perform in accord with CASs’ “scope of an audit,” the auditor should comply with each CAS relevant to the audit. The auditor should obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. The auditor should plan and perform an audit to reduce audit risk to an acceptably low level that is consistent with the objective of an audit.
Reporting Standards 1. 2. 3.
The report should identify the financial statements and distinguish between the responsibilities of management and the responsibilities of the auditor. The auditor should determine whether the financial reporting framework adopted by management in preparing the financial statements is acceptable. The auditor should refer to CAS 700, 701, 705, and 706 when expressing an opinion on a complete set of general purpose financial statements prepared in accordance with a financial reporting framework that is designed to achieve fair presentation.
Skepticism The auditor should plan and perform an audit with an attitude of professional skepticism, recognizing that circumstances may exist that cause the financial statements to be materially misstated or misleading to third parties. Source: Adapted from the CPA Canada Handbook—Assurance, CAS 200, 300, and 315.
Audit Guidelines (AuGs): the part of the CPA Canada Handbook that provides procedural guidance on implementing generally accepted auditing standards
WWW.TEX-CETERA.COM
52
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
manual or computerized), the type of company, and other situation-specific factors. These differences explain why audit reports refer to an audit “conducted in accordance with generally accepted auditing standards,” rather than “in accordance with auditing procedures.” As such, considerable judgment is required to apply audit procedures in specific situations.
Generally Accepted Auditing Standards: Objectives of the Audit of Financial Statements The overall objective of a financial statement audit is to enable the auditor to express an opinion as to whether the financial statements are prepared, in all material respects, in conformity with an applicable framework. Note how this objective implies three-party accountability. Statements are prepared, and an auditor expresses an opinion on whether the statements conform to an applicable, also known as acceptable, framework. CPA Canada and international standards view the terms “applicable” and “acceptable” as equivalent, but “acceptable” better reflects both the need for the reporting to be appropriate to third parties and the evaluative component in auditor professional judgment. CAS 200 offers a very broad financial reporting framework. In this book, we focus primarily on Canadian GAAP as the reporting framework. This reporting includes a balance sheet, income statement, cash flow statement, statement of retained earnings, and notes made up of a summary of significant accounting policies as well as any other explanations.
Generally Accepted Auditing Standards: Ethical Requirements Relating to an Audit of Financial Statements The ethical requirements section of GAAS relates to the personal integrity and professional qualifications of auditors. Until 2009, section 5100 included what was called a general standard. This general standard has been replaced by the rules of professional ethics that are covered in Chapter 3. For now, we will summarize these under three headings.
Competence The rules of professional ethics require competence—adequate technical training and proficiency—in auditors. This competence begins with an education in accounting, since auditors hold themselves out as experts in accounting standards and financial reporting. It continues with on-the-job training in developing and applying professional judgment in real-world audit situations. This stage provides practice in performing the assurance function, in which auditors learn to (1) recognize the underlying assertions being made by management in each element (account) in the financial statements, (2) decide which evidence is relevant for supporting or refuting the assertions, (3) select and perform procedures for obtaining the evidence, and (4) evaluate the evidence and decide whether management assertions correspond to reality and GAAP. Auditors must be thoughtfully prepared to encounter a wide range of judgments on the part of management accountants—judgments varying from the truly objective to the subjective, and occasional deliberate misstatement within either extreme.
Objectivity and Independence The ethics rules also require that auditors have an objective state of mind—that is, intellectual honesty and impartiality. Auditors must be unbiased with respect to the financial statements and other information they audit. They are expected to be fair not only to the companies and executives who issue financial information, but also to the outside persons who use it. This type of objectivity in assurance services is achieved by maintaining professional independence, in appearance as well as in fact. The appearance of independence—avoiding financial and managerial relationships with auditees—is important because this is what public users of audit reports can
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
53
see. They cannot see an auditor’s state of mind or attitude. Independence must be carefully guarded because the public will only recognize the professional status of auditors if they perceive them to be independent. Note that this emphasis on independence arises primarily from the need to get the trust of the third-party users of the financial statements. Independence in appearance is addressed in more detail in Chapters 3 and 18. Some critics of the public accounting profession find it undesirable that auditors are paid by their auditees. They argue that it is impossible to be independent from the party paying the fee. The alternative would be some form of public or government control of accounting fees, and very few PAs want government involvement. Auditing is unique in that, although a company pays the auditor, the real clients are the third-party users of financial statements. This concept of public interest increasingly guides standard setting and regulators in all aspects of the audit environment. An auditor, therefore, needs to differentiate between responsibilities to the company and responsibilities to third parties. Addressing such ethical conflicts in a competent manner is part of what makes public accounting a profession (see Chapter 3 for more details).
Due Professional Care The exercise of due professional care requires observance of the rules of professional ethics and GAAS. Auditors must be competent and independent, exercising proper care in planning and supervising the audit, in understanding the auditee’s control structure, and in obtaining sufficient appropriate evidence. Their training should include computer auditing techniques because of the importance and pervasiveness of computers in the business world. Many social science theories incorporate the idea of a prudent professional practitioner, for example, the “economic person” of economic theory and the “reasonable person” in law. The qualities of a “prudent auditor,” as summarized by Mautz and Sharaf, might be used to demonstrate the concept of due care in an audit: A prudent practitioner [auditor] is assumed to have a knowledge of the philosophy and practice of auditing, to have the degree of training, experience, and skill common to the average independent auditor, to have the ability to recognize indications of irregularities, and to keep abreast of developments in the perpetration and detection of irregularities. Due audit care requires the auditor to acquaint himself with the company under examination, the accounting and financial problems of the company . . . to be responsive to unusual events and unfamiliar circumstances, to persist until he has eliminated from his own mind any reasonable doubts he may have about the existence of material irregularities, and to exercise caution in instructing his assistants and reviewing their work.4 Due professional care is a matter of what auditors do and how well they do it. A determination of proper care must be reached based on all facts and circumstances in a particular case. When an audit firm’s work becomes the subject of a lawsuit, the question of due audit care is frequently at issue (as you will see in Chapter 3).
Review Checkpoints 2-16 What is the difference between auditing standards and auditing procedures? 2-17 By what standard would a judge determine the quality of due professional care? Explain.
Generally Accepted Auditing Standards: Examination Standards The examination standards are covered by CAS 315 and CAS 300, as well as by CAS 200. These standards set general quality criteria for conducting an audit and also relate to the sufficiency and appropriateness of evidence gathered to support the audit opinion. Auditors cannot effectively satisfy the general standard requiring due professional care if they have not also satisfied the examination standards.
WWW.TEX-CETERA.COM
54
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
The CAS 200 concepts and principles that influence the examination standards include conduct of an audit, scope of an audit, reasonable assurance, audit risk and materiality, planning and supervision, internal control assessment, and sufficient appropriate evidential matter. All of these are extensively covered in later chapters. Here we will only provide an overview.
Conduct of an Audit of Financial Statements In order to meet the overall objective of the audit of financial statements, the auditor in Canada must comply with the CASs and the CAPNs. While this might seem to state the obvious, it serves to make the requirement explicit so that there are no excuses for failing to comply.
Scope of an Audit of Financial Statements The principle of scope in auditing financial statements refers to exercising professional judgment when deciding, based on CASs, on the type and extent of audit procedures to perform under the particular circumstances. The procedures performed must be documented during the audit engagement.
Reasonable Assurance The evidence gathered during the audit procedures should allow the auditor to have reasonable assurance that the financial statements as a whole are free of material misstatements, whether due to fraud or error. Reasonable assurance means the same as high assurance; that is, assurance should not be too low for an audit engagement. On the other hand, it does not mean certainty or absolute assurance. If assurance were represented as the degree of confidence in the audit opinion, then a range of 90–99% confidence, with 95% being the most common, would be normal. Reasonable assurance is closely related to the concepts of audit risk and materiality.
Audit Risk and Materiality The risk that an auditor expresses an inappropriate audit opinion when the financial statements are materially misstated is audit risk. As introduced in Chapter 1, this risk relates to evidence gathering. The most serious form of audit risk is failing to detect a material misstatement. These misstatements affect the decisions of thirdparty users of the financial statements. Reasonable or high audit assurance can only be obtained when audit risk is acceptably low. Thus, the objective of the audit is only achieved when audit risk is reduced to an acceptably low level. This is done through performing effective audit procedures—the means auditors use to obtain evidence for their opinion. The audit opinion must be supported by sufficient appropriate evidence. This is the only acceptable way to meet the overall audit objective. An important means of controlling audit risk is through proper training, planning, and supervision. As noted in Chapter 1, the focus of audit standards is controlling audit risk, whereas how the accounting standards are applied affects the accounting risk.
Planning and Supervision CAS 300 of the CPA Canada Handbook contains several considerations for planning and supervising an audit. They are all concerned with (1) preparing an audit plan and supervising the audit work, (2) obtaining knowledge of the auditee’s business, and (3) dealing with differences of opinion among the audit firm’s own personnel. Written audit programs are required. An audit program lists the audit procedures the auditors will perform to produce the evidence needed for good audit decisions. The procedures in an audit program should include audit plan: a document containing all the detailed audit programs listing the procedures to be performed in response to the assessed risk of material misstatement on an audit, guided by the decisions made in the overall audit strategy
audit program: a document listing the specific detailed audit procedures to be performed in each accounting process to gather sufficient appropriate evidence through control tests, analytical procedures, and other tests of balances to address the audit objectives set out in the program; includes the risk assessment program, the internal control program, and the balance audit program
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
55
enough detail to instruct the assistants about the work to be done. (You will see detailed audit programs later in this text.) An understanding of the auditee’s business is an absolute necessity. An auditor must be able to understand the events, transactions, and practices that are characteristic of the business and its management and that may have a significant effect on the financial statements. This knowledge helps auditors identify areas for special attention (the places where errors, irregularities, or frauds might exist), evaluate the reasonableness of accounting estimates made by management, evaluate management’s representations and answers to inquiries, and make judgments about the appropriateness of the accounting principles chosen. Where does an auditor get this understanding of a business? By being there; working in other companies in the same industry; conducting interviews with management and other auditee personnel; reading extensively— accounting and audit guides of various accounting bodies, the practice manuals of the various accounting organizations, industry publications, other companies’ financial statements, business periodicals, and textbooks; getting a thorough familiarization presentation from the partner in charge of the audit before beginning the engagement; and being observant and letting on-the-job experience sink into long-term memory. Auditors are increasingly building their understanding of the auditee’s business through knowledge-acquisition frameworks from strategic management. These frameworks (covered in more detail in Chapters 5 and 6) provide a structured approach to gaining deep knowledge of the auditee’s business and industry. There is no guarantee that the auditors on an audit team will always agree among themselves on audit decisions, which range from inclusion or omission of procedures to conclusions about the fair presentation of an account or the financial statements as a whole. When differences of opinion arise, audit personnel should consult with each other and with experts in the firm to try to resolve the disagreement. If resolution is not achieved, the audit firm should have procedures allowing an audit team member to document the disagreement and to dissociate himself or herself from the matter. Particularly where there are disagreements, the basis for the final audit decision on the matter should be documented in the working papers for later reference. Each audit should have a complete audit file of working papers documenting the evidence obtained that supports the audit opinion. Without such evidential support, the audit opinion is not valid. As noted in Chapter 1, “not documented, not done.” For example, if you were the auditor in the Fort Knox illustration of Chapter 1, then your opinion is meaningless unless you have an audit file documenting when you visited Fort Knox, what you did on your visit, and what the results of the evidence you obtained shows about the amount of gold in Fort Knox. Your conclusion in your audit file must be consistent with what you say in your audit report. Otherwise, you are lying when issuing your audit report. To see why, check what the audit report says in Exhibit 1–4 and especially note what the last sentence under Basis for Opinion says. If you do not have an audit file supporting the truthfulness of these statements, then you cannot issue an audit opinion. The details and planning of the various procedures to document in an audit file are discussed throughout the rest of this book. Timing is important for audit planning. To have time to plan an audit, auditors should be engaged before the auditee’s fiscal year-end. An early appointment benefits both auditor and auditee. The audit team may be able to perform part of the audit at an interim date, a date some weeks or months before the fiscal year-end, and thereby make the rest of the audit work more efficient. It could include preliminary analytical procedures, preliminary assessment of internal control risk, testing the controls, and auditing some account balances. Advance knowledge of problems can enable auditors to alter the audit program so that year-end work (performed on and after the fiscal year-end date) can be more efficient. Planning for the observation of physical inventory and for the confirmation of accounts receivable is particularly important. interim date: a date before the end of the period under audit when some of the audit procedures might be performed, such as control evaluation and testing
WWW.TEX-CETERA.COM
56
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Too Late FastTrak Corporation was angry with its auditor because the partner in charge of the engagement would not agree to let management use the operating lease accounting treatment for some heavy equipment whose leases met the criteria for capitalization. FastTrak fired the auditors 10 weeks after the company’s balance sheet date and then began contacting other audit firms to restart the audit. However, the audit report was due at the OSC in six weeks. Every other audit firm contacted by FastTrak refused the audit because it could not be planned and performed properly with such a tight deadline.
Internal Control Assessment The examination standard CAS 315, paragraphs 12–23, requires an understanding of the auditee’s internal control. This consists of a company’s control environment, accounting system, and control procedures. The existence of a satisfactory internal control system reduces the probability of errors and irregularities in the accounts. Auditors need to know enough about the auditee’s control system to assess the control risk. Control risk is the probability that a material misstatement (error or irregularity) could occur and not be prevented or detected on a timely basis by the internal control structure, as is discussed in CAS 200. The primary purpose of control risk assessment is to help the auditors develop the audit program. This standard presumes two necessary relationships: (1) good internal control reduces the control risk, minimizing the extent of subsequent audit procedures; (2) conversely, poor internal control produces greater control risk, increasing the necessary extent of subsequent audit procedures. If auditors saw no relationship between the quality of controls and the accuracy of output, then an assessment of control risk would be pointless. Audit efficiency would be lost in many cases. (Chapters 6 and 9 explain the work involved in control risk assessment.)
Control Lapse Contributes to Duplicate Payments All Points Trucking processed insurance claims on damages to shipments in transit on its trucks, paying them through a self-insurance plan. After payment, the claim documents were not marked “paid.” Later, the same documents were processed again for duplicate payments to customers, who kicked back 50% to a dishonest All Points employee. When the auditors learned that the claims were not marked as paid, they concluded that the specific control risk of duplicate payments was high and extended their procedures to include a search for duplicate payments in the damage expense account. They found the fraudulent claims and traced the problem to the dishonest employee. Embezzlements of $35,000 per year were stopped.
Sufficient Appropriate Evidential Matter Examination standard CAS 200 recognizes that evidence is the heart of audits of financial statements, and it requires auditors to obtain enough to justify opinions on those statements. Evidence is the influence on auditors that ultimately guides their decisions. It includes the underlying accounting data and all available corroborating information, as discussed in CAS 330 and CAS 500. Appropriate—that is, reliable and relevant—evidence may take many forms: quantitative or qualitative, objective or subjective, absolutely compelling or mildly persuasive. The audit team’s task is to collect and evaluate sufficient appropriate evidence in order to afford a reasonable and logical basis for audit decisions. The standard refers to sufficient rather than absolute evidence. In most cases, not all of a company’s transactions and events are audited, and audit decisions are made by inference based on data samples. The standard gives broad outlines for procedures for gathering evidence—inspection, observation, inquiry, and confirmation. Chapter 8 gives a more thorough explanation of audit objectives and procedures.
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
57
Review Checkpoints 2-18 What three elements of planning and supervision are considered essential in audit practice? 2-19 Why does the timing of an auditor’s appointment matter in the conduct of a financial statement audit? 2-20 Why does an auditor obtain an understanding of the internal control system? 2-21 Define audit evidence.
Generally Accepted Auditing Standards: Reporting Standards The ultimate objective of independent auditors—the report on the audit—is guided by the GAAS reporting standards. The three that are identified in CAS 200 deal with acceptability of the financial reporting framework, auditor and management responsibilities, and report content. Auditing standards dictate the use of a “standard report” when the auditor is expressing an opinion on a complete set of general purpose financial statements prepared to achieve fair presentation. Detailed guidance on these reports is given in CAS 700 and CAS 705. These standards cover audit reports using a fair presentation reporting framework, as well as audit reports using a compliance financial reporting framework. Special considerations for reporting on special purpose financial statements, or financial information other than a full set of financial statements, are covered in CAS 800 and CAS 805. In this chapter, we provide an overview of the CAS 700 audit report on fair presentation for a set of general purpose financial statements. Chapter 4 gives more in-depth coverage. An unmodified opinion report, or a report without reservation, means that the auditors are not calling attention to anything wrong with the audit work or the financial statements. The standard unmodified opinion audit report is shown in Exhibit 2–2, which you should review in relation to the discussion that follows. A modified opinion report means that either the financial statements contain a departure from GAAP or the scope of the audit work was limited. (You will study modified opinion audit reports in Chapter 4.) All standard unmodified opinion reports contain the following features: 1.
Title. The title should refer to the independent auditor, thus indicating that the report is based on an audit examination and not on some other types of engagement.
2.
Address. The report is normally addressed to those it is prepared for; this may be the shareholders or those charged with governance of the auditee organization.
3.
Introductory paragraph in opinion section. The introductory paragraph should identify the financial statements and declare that they were audited.
4.
Opinion paragraph in the opinion section. The report’s second paragraph should contain an opinion (opinion paragraph), stating whether the financial statements present fairly, in all material respects, . . . in accordance with GAAP.
5.
Key audit matters. Auditors must identify the most significant issues during the audit, called the key audit matters. This is the biggest change from the audit report before December 15, 2016, and represents a potentially huge extension of auditor responsibilities in financial statement auditing.
unmodified opinion report: an audit report in which the auditor is not calling attention to anything wrong with the audit work or the financial statements
modified opinion report: an audit report that contains an opinion paragraph that does not give the positive assurance that everything in the financial statements conforms with GAAP; includes qualified opinion, adverse opinion, and disclaimer of opinion reports
WWW.TEX-CETERA.COM
58
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EXHIBIT 2–2
Independent Auditor’s Report To the Shareholders of . . . . . Report on the Audit of the Financial Statements Opinion We have audited the financial statements of ABC Company (the Company), which comprise the statement of financial position as at December 31, 20X1, and the statement of comprehensive income, statement of changes in equity, and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies. In our opinion, the accompanying financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of the Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS). Basis for Opinion We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Company in accordance with the Provincial Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants together with the ethical requirements that are relevant to our audit of the financial statements in [jurisdiction], and we have fulfilled our other ethical responsibilities in accordance with these requirements and the Code. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Key Audit Matters Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion, thereon, and we do not provide a separate opinion on these matters. [Description of each key audit matter in accordance with CAS 701.] Responsibilities of Management and Those Charged with Governance for the Financial Statements* Management is responsible for the preparation and fair presentation of the financial statements in accordance with IFRS,** and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, management is responsible for assessing the Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going-concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so. Those charged with governance are responsible for overseeing the Company’s financial reporting process. Auditor’s Responsibilities for the Audit of the Financial Statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with CASs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. [Additional description of auditor responsibilities is required here, or referenced to an appendix to the report, or reference can be made to a website of an appropriate authority that contains the description of the auditor’s responsibilities—the additional description of responsibilities is discussed in Chapter 4 of this textbook.] The engagement partner on the audit resulting in this independent auditor’s report is [name]. [Signature in the name of the audit firm, the personal name of the auditor, or both, as appropriate for the particular jurisdiction] [Auditor Address] [Date]
* Throughout these illustrative auditor’s reports, the terms management and those charged with governance may need to be replaced by another term that is appropriate in the context of the legal framework in the particular jurisdiction. ** Where management’s responsibility is to prepare financial statements that give a true and fair view, this may read: “Management is responsible for the preparation of financial statements that give a true and fair view in accordance with International Financial Reporting Standards, and for such. . . .” Source: Copyright © CPA Canada Handbook—Assurance, CAS 700.
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
59
6. Management and corporate governance responsibilities. The fifth, sixth, and seventh paragraphs of the report state management’s responsibilities to prepare the financial statements, and corporate governance responsibilities to oversee financial reporting. 7. Description of the audit. The eighth (and possibly additional) paragraph covers auditor responsibilities. This covers what is traditionally referred to as the scope of the audit. The principal characteristics of an audit can be added in the report itself, as an appendix to the report, or by reference to the website of an appropriate authority. We discuss these responsibilities in more detail throughout this book and especially in Chapter 4. 8. Signature. The auditor should sign the report, manually or otherwise. 9. Date. The report should be dated no earlier than the date when the auditor obtained sufficient appropriate audit evidence supporting the auditor’s opinion on the financial statements; this will be after those with recognized authority (e.g., board of directors) have taken responsibility for (i.e., approved) the financial statements. The engagement quality control review, discussed later in this chapter (CSCQ-1, CAS 220), also needs to be completed before the date of the auditor’s report. 10. Auditor’s address. The report should name the auditor and the location in the country or jurisdiction where the auditor practises.
Generally Accepted Accounting Principles In the audit report, the opinion sentence shows that the GAAP standard has been met: “In our opinion, the financial statements . . . present fairly, in all material respects, the financial position . . . and statement of cash flows . . . in accordance with” an acceptable reporting framework such as IFRS or other Canadian GAAP. Here, the auditors make a statement about their belief based on their evidence (opinion). In other words, an opinion requires evidence that is documented in the audit file for the engagement. Determining the appropriate GAAP in a company’s circumstances is not always easy. Students often think of the CPA Canada Handbook Recommendations on accounting standards as the complete body of GAAP. This is not so. The Handbook Recommendations cover many accounting issues and problems, and the standards for these are generally compelling. However, the Handbook does not cover all conceivable accounting matters. When a conclusion about GAAP cannot be found in the Handbook Recommendations, auditors follow a hierarchy to find the next highest source of support for an entity’s accounting solution to a financial reporting problem. Reference can be made to positions taken by provincial securities commissions, international standards, authoritative pronouncements by other countries’ standards boards, industry audit and accounting guides, consensus positions of the CPA Canada Emerging Issues Committee, and other accounting literature. The unmodified opinion sentence contains implicit messages: (a) the accounting principles in the financial statements have general acceptance—that is, authoritative support; (b) the accounting principles used by the company are appropriate under the circumstances; (c) the financial statements and notes are informative of matters that may affect their use, understanding, and interpretation—that is, disclosures are complete; this last feature refers to both materiality and accuracy; (d) the classification and summary in the financial statements is neither too detailed nor too condensed for users; and (e) the financial statements are accurate within practical materiality limits covered in CAS 320. Auditors and users do not expect financial account balances to be absolutely accurate, as accounting is too complicated and includes too many estimates to expect this. After all, many financial reports use numbers rounded to the thousands, even millions, of dollars! Financial figures are “fair” as long as they are not materially misstated—that is, misstated enough to make a difference in users’ decisions. All of these issues in applying GAAP involve professional judgment, which can be defined very generally as making a decision using professional standards and other
WWW.TEX-CETERA.COM
60
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
criteria while maintaining professional ethics responsibilities. (Chapter 3 covers auditors’ professional ethics responsibilities.)
Consistency The reporting standards call for explicit reporting in accordance with GAAP, except under special circumstances. Prior to 1991, all audit reports contained a sentence confirming that GAAP had been “consistently applied” when no changes in the application of accounting principles had been made. This sentence referred to a company’s use of the same accounting procedures and methods from year to year. However, the CPA Canada Handbook (Accounting Part II), section 1506, governs the accounting and disclosure of a company’s change of accounting principles. In 1991 the reporting standards were changed to allow the audit report to be silent—that is, implicit—about consistency when no accounting changes had been made or when any changes that were made were properly disclosed in the financial statements.
Adequate Disclosure The reporting standards include a second implicit element. They require auditors to use professional judgment in deciding whether the financial statements and related disclosures contain all the important accounting information users need. It may be necessary to disclose information not specified in authoritative support sources, for instance, if there is an unusual fact situation not encountered before. Using this standard, auditors have latitude to determine what is important and what is not. Likewise, users of financial statements also have the right to claim that certain information is necessary for adequate disclosure. In fact, many lawsuits are brought forward on this issue, and auditors must show reasons for the lack of disclosure. As noted in Chapter 1, disclosures are an important means of dealing with accounting risk and a significant aspect of auditor professional judgment, as many aspects of implementing accounting and auditing standards are not covered by them. When auditors believe that certain information is necessary for adequate disclosure but the company refuses to disclose it, a departure from GAAP exists. Usually, a qualified opinion is written, and the reason for the departure (missing disclosure) is described in the audit report. Sometimes the missing disclosure is added to the audit report itself.
Report Content The reporting standard of CAS 700 and CAS 705 states the requirements for an opinion. Two types of modifications to the report are relevant: those that affect the audit opinion and those that do not. In this section, we provide an overview of matters that affect the audit opinion. Chapter 4 provides more details on these and other modifications. CAS 700 provides guidance for the standard audit report, while CAS 705 provides guidance on modifications to the auditor’s report and requires that the report contain either the opinion on the financial statements or an assertion that an opinion cannot be given. This means that there are two classes of opinion statements: all opinions on statements (i.e., unmodified, adverse, and qualified opinions) and the disclaimer of opinion. An adverse opinion is the opposite of an unmodified opinion. It states that the financial statements are not
adverse opinion: an auditor’s declaration that financial statements are not in accordance with GAAP
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
61
in accordance with GAAP. A disclaimer of opinion is an auditor’s declaration that no opinion is given. The standard applies to financial statements as a whole; that is, the standard applies equally to the set of financial statements and footnotes and to each individual financial statement and footnote. According to CAS 705, an explanation is required whenever there is a report reservation. Thus, when an adverse opinion, qualified opinion, or disclaimer of opinion is rendered, all the substantive reasons for doing so must be given in an additional paragraph or paragraphs. Other reporting standards relate to auditor responsibilities and identifying the financial statements covered by the opinion. Every time PAs (even when acting as accountants associated with unaudited financial statements) are associated by name or by action with financial statements, they must report on their work and responsibility. The character of the work is usually described by the standard reference to an audit in accordance with GAAS. But if an audit has been restricted in some way or if the statements are simply unaudited, the auditor must say so. The “degree of responsibility” is indicated by the form of the opinion. Auditors take full responsibility for their opinion about conformity with GAAP when they give either an unmodified or an adverse opinion. They take no responsibility whatsoever when they give a disclaimer of opinion. When they give qualified opinions, they take responsibility for all matters except those that are the reasons for the qualification. (Qualified and adverse opinions and disclaimers of opinion are discussed more fully in Chapter 4.) These are part of the association rules that cover information the PA is associated with. The association rules will be covered in Chapter 4, after you have been introduced to other types of public accounting engagements.
Review Checkpoints 2-22 What are the nine important features of a standard unmodified audit report? 2-23 Identify various authoritative supports for GAAP, with an indication of their ranking. 2-24 Do auditors take any responsibility for auditees’ choices of accounting principles? 2-25 What four kinds of audit opinion statements are identified in this chapter? What is the message of each one? 2-26 What messages are usually implicit in a standard audit report?
Assurance Standards LO4
Explain the importance of general assurance standards, using examples of assurance matters.
A special framework in the International Federation of Accountants (IFAC) Handbook covers the international standards for assurance engagements. It was issued in 2005 and was heavily influenced by the CPA Canada Handbook, section 5025. However, the International Standards on Auditing (ISA) for some assurance engagements have not yet been integrated with its framework. As a consequence, CPA Canada continues to use its original assurance standard. Thus, the CPA Canada Handbook assurance standard section 5025 is not part of CASs.5 In March 1997, the CICA (now CPA Canada) issued section 5025, “Standards for Assurance Engagements.” This standard, the first of its kind in the world, is significant because it is intended to provide an umbrella for all disclaimer of opinion: an auditor’s declaration that no opinion is given on financial statements and the reasons this is so, usually due to a scope limitation; also called a denial of opinion
WWW.TEX-CETERA.COM
62
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
existing and future audit-type engagements, including many that do not involve financial statements. Section 5025 also contemplates different levels of assurance. An assurance engagement is defined in paragraphs 5025.03–5025.04 as follows: An engagement where, pursuant to an accountability relationship between two or more parties, a practitioner is engaged to issue a written communication expressing a conclusion concerning a subject matter for which the accountable party is responsible. An accountability relationship is a prerequisite for an assurance engagement. An accountability relationship exists when one party (the “accountable party”) is answerable to and/or is responsible to another party (the “user”) for a subject matter, or voluntarily chooses to report to another party on a subject matter. The accountability relationship may arise either as a result of an agreement or legislation, or because a user can be expected to have an interest in how the accountable party has discharged its responsibility for a subject matter. The assurance standard does not supersede audit and review standards, but it is influencing changes to other assurance standards. It is designed to provide guidance for expanding assurance services to subject matters not currently covered in the Handbook. For example, it is the assurance standard that introduced the three-party accountability concept. The general relationships in assurance engagements are given in Exhibit 2–3. An assertion is a statement about some aspect of a subject matter—for example, that a building exists as of a certain point in time. The assurance standards in section 5025 are quite broad in that they can be applied to assertions that are only implied—a direct reporting engagement—as well as to written
EXHIBIT 2–3
Universe of Chartered Professional Accountant Engagements Assurance Engagements Audits*
Reviews*
Financial statements
Financial statements
Internal controls statement
Forecasts
Direct Reporting Engagements Effectiveness of health care
Forecasts
Non-assurance Engagements Tax planning Consulting engagements *Audits and reviews are attest engagements.
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
63
assertions—an attest (or attestation) engagement. CPA Canada Handbook paragraphs 5025.05–5025.06 state the following: In an attest engagement, the practitioner’s conclusion will be on a written assertion prepared by the accountable party. The assertion evaluates, using suitable criteria, the subject matter for which the accountable party is responsible. In a direct reporting engagement, the practitioner’s conclusion will evaluate directly using suitable criteria, the subject matter for which the accountable party is responsible. . . . In these standards, the accountable party is referred to as management. Depending on the circumstance, the user could include a variety of stakeholders such as shareholders, creditors, customers, the board of directors, the audit committee, legislators, or regulators. The practitioner is the person who has overall responsibility for the assurance engagement. These relationships are illustrated in Exhibit 2–4. For example, the practitioner in paragraph 5025.07 of the exhibit has traditionally been referred to as an external auditor in a financial statement assurance engagement. Since most of this text deals with financial statement audits, we will continue using this terminology. After we have become familiar with other assurance services in Chapter 21 (available on Connect), we will explain the assurance standards in more detail. Reporting is different because assurance engagements on non-financial information do not depend upon GAAP. The assurance standards speak of “evaluation against suitable criteria” and “accordance with generally accepted criteria,” and they leave the door open for assurance engagements on a wide variety of assertions. An illustration of how far assurance engagements can go is provided in an article in The Wall Street Journal titled “Fore!” (summarized in the box below). Many people appreciate the value of auditors’ assurance to historical financial statements, and they have found other representations for PAs to assure, as illustrated in the box “Other Examples of Assurance Engagements.”
Fore! An interesting example of an assurance engagement subject matter is the distance a particular brand of golf balls can be hit on a driving range. This type of assurance engagement was requested by Wilson Sporting Goods Company to prove that amateur golfers could drive Wilson golf balls farther than competing brands of golf balls. The assurance engagement required PAs to measure the average distance of golf drives at 30 driving ranges. The PAs reported that Wilson’s brand of golf balls could be hit farther by an average of 5.7 yards per drive. In addition to walking off the distances of the golf drive, the PAs verified that all participants were amateurs, that the participants were not paid by Wilson, and that Wilson’s records of the results were accurate.
EXHIBIT 2–4
Three Parties Involved in an Assurance Engagement (Three-Party Accountability) User(s)
Conclusion
Practitioner
SUBJECT MATTER
Accountability
Accountable party (management)
Source: Copyright © CPA Canada Handbook—Assurance, paragraph 5025.07.
WWW.TEX-CETERA.COM
64
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Other Examples of Assurance Engagements `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼ `¼
&II>M¼;H>¼2?LPC=?M¼3;R¼�&23��¼';LGIHCT?>¼2;F?M¼3;R¼�'23��¼;H>¼L?;F¼?MN;N?¼N;R¼CNOL?M %CH;H=C;F¼@?;MC¼NL;HMCN¼MSMN?G "IMN¼DOMNC@C=;NCIH¼@IL¼;¼ONCFCNS¼L;N?¼CH=L?;M? 1?AOF;NILsM¼KO?MNCIHH;CL?¼IH¼¼=IH>O=N 1?FC;LCHECHA¼Q;N?L¼MOLP?CFF;H=?¼JLIAL;G 0O;FCNS¼I@¼HOLMCHA¼BIG?¼=;L? $@@?=NCP?H?MM¼I@¼MNO>?HN¼FI;H¼JLIAL;GM¼CH¼G??NCHA¼H??>M¼I@¼MNO>?HNM $@@?=NCP?H?MM¼I@¼L?M?;L=B¼;H>¼>?P?FIJG?HN¼;=NCPCNC?M +;;N;¼@IL¼OHCIH¼=IHNL;=N¼H?AINC;NCIH -?QMJ;J?L¼;H>¼G;A;TCH?¼;O>C?H=?¼;H>¼=CL=OF;NCIH¼>;N; (HN?ALCNS¼;H>¼M?=OLCNS¼I@¼;¼=IGJON?L¼H?NQILE (HP?MNG?HN¼J?L@ILG;H=?¼MN;NCMNC=M (HMOL;H=?¼=F;CGM¼>;N; /IFFONCIH¼?GCMMCIHM¼>;N;¼�? A �¼AL??HBIOM?¼A;M¼?GCMMCIHM�
An important assurance engagement now required by SOX in the United States is the audit of internal control statements prepared by management. Like audits of financial statements, these internal control audits verify the accuracy of management’s internal control statement; the difference is the subject matter. A main objective in developing the assurance standards is to provide a general framework for, and set reasonable boundaries around, the assurance services offered by PAs. Whether these standards actually set boundaries remains to be seen. After all, before the assurance standards were published, CPAs were using the GAAS as a point of departure for other assurance engagements. Now they must use the assurance standards as the point of departure. Assurance standards are explained in more detail in Chapter 21.
Review Checkpoints 2-27 What are the major differences between assurance standards and GAAS? 2-28 Define assurance engagements. 2-29 What is the theoretical essence of an assurance service? 2-30 CRITICAL THINKING QUESTION: In the “Fore!” feature, identify the assertion, the three parties to the engagement, and the criteria being used. Is a high level of assurance being provided? Explain.
Quality Control Standards LO5
Explain how requirements of quality control standards are monitored for public accounting firms.
GAAS must be observed in each audit engagement conducted by a public accounting firm. Thus, public accounting firms need to observe GAAS in their entire audit practice. While GAAS relate to the conduct of each audit engagement, quality control standards govern the quality of a public accounting firm’s audit practice as a whole. Quality control can be defined as actions taken by a public accounting firm to evaluate compliance with professional standards. And a “system of quality control” is designed to provide reasonable assurance of conforming
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
65
to professional standards. Professional standards include GAAS, as covered in the CPA Canada Handbook, as well as provincial rules of ethical conduct.
Elements of Quality Control IFAC has identified at least four basic elements of quality control. These are listed and explained briefly in Exhibit 2–5. Various ways the control of the quality of audits have been implemented in practice are discussed in Appendix 2B. The key thing to remember is that the ultimate purpose of all aspects of quality control monitoring and standards is to control the information risk associated with financial statement reporting. Both the 1978 Adams Report (Report of the Special Committee to Examine the Role of the Auditor) and the 1988 Macdonald Commission Report (Report of the Commission to Study the Public’s Expectations of Audits) recommended the development of quality control standards to guide public accounting firms. More recently, several regulatory agencies initiated discipline for substandard performance by professional staff in public accounting firms and criticized the individual-level focus of the provincial disciplinary process. In response, provincial institutes are amending their bylaws to bring firms, as well as individuals, within the disciplinary process. This expanded disciplinary process will require new guidelines for evaluating systems of quality control. Increasing litigation is also putting pressure on firms to develop good systems of quality control so that they can demonstrate compliance with professional standards and thus minimize the loss from litigation. In summary, quality control standards exist to increase audit quality. And the purpose of increasing audit quality is to reduce information risk, as discussed in Chapter 1. It is also useful to view the other standards discussed in this chapter as different mechanisms to help reduce information risk. These are summarized in the checklist that follows: ✓ Objectivity and independence ✓ Due care
✓ Competence
✓ Examination standards ✓ Reporting standards
✓ Professional skepticism
✓ Quality control standards ✓ Regulator requirements
EXHIBIT 2–5
Elements of Quality Control 1. 2. 3. 4.
Quality control policies and procedures should be implemented both at the level of the audit firm and on individual audits. The audit firm should implement quality control policies and procedures designed to ensure that all audits are conducted in accordance with ISAs or relevant national standards of practice. The firm’s general quality control policies and procedures should be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood and implemented. The auditor should implement those quality control procedures that are, in the context of the policies and procedures of the firm, appropriate to the individual audit. In particular, delegated work should be properly directed, supervised, and reviewed.
Source: Summary of International Standard on Quality Control 1 (ISQC 1) of the International Auditing and Assurance Standards Board, published by the International Federation of Accountants (IFAC), July 17, 2014.
WWW.TEX-CETERA.COM
66
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
A P P L I C AT I O N C A S E W I T H S O L U T I O N & A N A LY S I S Which Generally Accepted Auditing Standard Is Most Important? DISCUSSION CASE This chapter introduced you to GAAS. If you had to pick the one standard that is most important to the profession, which would it be? SOLUTION & ANALYSIS A hint to the response for this question was provided to you in the Application Case for Chapter 1. At its most fundamental level, the answer is the need for independence. Let us review the independence concept now, using the objective of the audit of financial statements, that is, “to enable the auditor to express an opinion as to whether the financial statements are prepared, in all material respects, in conformity with an applicable framework.” Note how this objective implies three-party accountability. When the standard says “to express an opinion,” it does not mean any opinion. It means an opinion that is truthful and, based on the evidence and the evaluation of the evidence, reflects the economic facts of the entity as portrayed by the acceptable framework. By “acceptable” we mean acceptable to the third-party users of financial statements. The second party, the auditee and its management, presumably knows that the framework is acceptable because they take responsibility for having the financial statements prepared. The auditor determines whether the financial statements are acceptable through the gathering of audit evidence and his or her own knowledge of what is acceptable according to the reporting framework. This knowledge is what supports and justifies the audit opinion. But how does the third-party user know whether the financial reporting is acceptable? The third party is the least knowledgeable and thus relies on the auditor to verify acceptability of the financial reporting. But the auditor cannot just be anybody who is competent. Management, after all, can be very competent in preparing the financial statements and does, in fact, accept responsibility for them. Thus, competence is a necessary condition, but it does not explain why there is a need for an auditor. As explained in the Application Case and Analysis in Chapter 1, an indispensable characteristic of the auditor is independence. Without independence, the auditor cannot provide the trustworthy opinion that third parties need in order to rely on the financial statements. Thus, to meet the overall objective of generally accepted auditing standards (GAAS), the auditor must be independent. Independence is also what makes the rest of the GAAS relevant, because only with independence will third parties rely sufficiently on the financial reporting by the auditee. The less the third-party financial statement user trusts the first-party financial statement preparer, the more important auditor independence becomes. The importance of independence extends to the entire accounting firm. Many of the accounting firm quality control standards discussed in this chapter relate to independence. The concept of skepticism requires independence and minimization of conflicts of interest. Some current issues affecting conflicts of interest for accounting firms include mandatory rotation of audit firms every few years and further limits on the type of non-audit services that an audit firm can provide to the auditee.6 Note that these constraints on audit firm activities all relate to improving at least the appearance of the audit firm’s independence from the auditee. The only way auditors can meet the unique ethical demands of putting the priority of third-party users over the priority of the party who pays for the audit is to be independent of the auditee. This is quite a challenge from the ethical perspective, and is for auditors an ethical issue that is not faced by other professionals. These unique audit challenges are further discussed in Chapter 3, but they are fundamentally based on society’s expectations that the auditors need to be independent in fulfilling their social role.
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
SUMMARY �� The profession is becoming increasingly regulated by outside bodies as a result of perceived audit fail-
ures and questionable accounting in the first decade of this century.
LO1
�� Financial statement auditors are most concerned with generally accepted auditing standards (GAAS)
because they are the direct guides for the quality of everyday audit practice. The goal of the audit is to provide high assurance that the financial statements present fairly. Or, put another way, the goal of the audit is to reduce information risk associated with the financial statements. The general standard consists of the code of professional ethics, and it sets requirements for auditors’ competence, objectivity, and due professional care. The examination standards set requirements for planning and supervising each audit, obtaining an understanding of the auditee’s internal controls, and obtaining sufficient appropriate evidence to serve as a basis for an audit report. The reporting standards cover the requirements for an acceptable framework of financial reporting (usually generally accepted accounting principles [GAAP]), auditor and management responsibilities, adequate disclosure, and report content. We briefly reviewed the financial statement audit process to show how GAAS concepts relate to this process. LO2, 3 �Ì� In all matters relating to financial statement audits, auditors are advised to have a sense of
professional skepticism. This attitude is reflected in a “prove it with evidence” response to management representations, to answers for inquiries, and to financial statement assertions themselves. Critical thinking is a broader idea, covered in Chapter 3, that considers not only the evidence, but also related ethical issues and the effects of the reporting framework that should be applied. Critical thinking and skepticism consider how management’s reporting may not meet legitimate user needs. Critical thinking helps lead to more ethical reporting. LO3 �Ì� The assurance standard is the general framework for applying assurance engagements to a wide range
of subjects. The standard comprises the quality guides for general assurance work. Theoretically, it could serve as quality guides for independent audits of financial statements. However, it was created long after GAAS for audits of financial statements, and, therefore, GAAS remains the predominant framework for most engagements. LO4 �� As an auditor, you must have a thorough understanding of these practice standards, especially GAAS.
All practical problems can be approached by beginning with a consideration of the practice standards in question. Auditing standards do not exist in a vacuum. They are put to work in numerous practical applications. Practical applications of the standards will be shown in subsequent chapters on audit program planning, execution of auditing procedures, gathering evidence, and auditing decisions. But don’t lose sight of the forest for the trees: the ultimate goal of professional standards is to reduce information risk associated with the financial statements. LO4 �Ì� While assurance standards and GAAS govern the quality of work on each individual engagement, the
quality control elements guide a public accounting firm’s audit practice as a whole. Quality control is the foundation of the self-regulatory system of peer review, practice inspection, and quality inspection. It also serves as the basis for monitoring by accountability boards. LO5
KEY TERMS adverse opinion audit committees Audit Guidelines (AuGs) audit plan audit program
Canadian Coalition for Good Governance Canadian Public Accountability Board (CPAB) corporate governance
WWW.TEX-CETERA.COM
disclaimer of opinion generally accepted auditing standards (GAAS) initial public offering (IPO) interim date
67
68
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
internal control
Public Company Accounting Oversight
modified opinion report prospectus
Board (PCAOB)
self-regulation unmodified opinion report
Securities and Exchange Commission (SEC)
M U LT I P L E - C H O I C E Q U E S T I O N S F O R P R A C T I C E AND REVIEW MC 2-1
LO3 It is always a good idea for auditors to begin an audit with a professional skepticism characterized by the assumption that
a. a potential conflict of interest always exists between the auditor and the management of the enterprise under audit. b. in audits of financial statements, the auditor acts exclusively in the capacity of an auditor. c. the professional status of the independent auditor imposes commensurate professional obligations. d. financial statements and financial data are verifiable. MC 2-2 a. b. c. d.
reporting independence. investigative independence. auditors’ training and proficiency. audit planning and supervision.
MC 2-3
a. b. c. d.
LO3 When Auditee Company prohibits auditors from visiting selected branch offices of the business, this is an example of interference with
LO4 After the auditors learned of Auditee Company’s failure to record an expense for obsolete inventory, they agreed to a small adjustment to the financial statements because the Auditee president told them the company would violate its debt agreements if the full amount were recorded. This is an example of a lack of
auditors’ training and proficiency. planning and supervision. audit investigative independence. audit reporting independence.
MC 2-4
LO3 The primary purpose for obtaining an understanding of the company’s internal controls in a financial statement audit is to
a. determine the nature, timing, and extent of auditing procedures to be performed. b. make consulting suggestions to management. c. obtain direct, sufficient, and appropriate evidential matter to afford a reasonable basis for an opinion on the financial statements. d. determine whether the company has changed any accounting principles. MC 2-5
LO4 Auditors’ activities about which of these generally accepted auditing standards (GAAS) are not affected by the auditee’s utilization of a computerized accounting system?
a. The audit report shall state whether the financial statements are presented in accordance with GAAP. b. The work is to be adequately planned, and assistants, if any, are to be properly supervised.
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
c. Sufficient appropriate evidential matter is to be obtained . . . to afford a reasonable basis for an opinion regarding the financial statements under audit. d. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. MC 2-6 a. b. c. d.
Which of the following is not found in the standard unqualified audit report on financial statements? LO2
An identification of the financial statements that were audited A general description of an audit An opinion that the financial statements present financial position in conformity with GAAP An emphasis paragraph commenting on the effect of economic conditions on the company
MC 2-7 a. b. c. d.
adequate knowledge in the subject matter of the assertions being examined. an understanding of the auditee’s internal control structure. sufficient evidence for the conclusions expressed in an attestation report. independence in mental attitude.
MC 2-8
a. b. c. d.
LO4 The assurance standards do not contain a requirement that auditors obtain
LO3 Auditor Jones is studying a company’s accounting treatment of a series of complicated transactions in exotic financial instruments. She should look for the highest level of authoritative support for proper accounting in
provincial securities commissions’ staff position statements. CPA Canada industry audit and accounting guides. CPA Canada recommendations in the Handbook. Emerging Issues Committee consensus statements.
MC 2-9
LO5 Which of the following is not an example of a quality control procedure likely to be used by a public accounting firm to meet its professional responsibilities to auditees?
a. Completion of independence questionnaires by all partners and employees b. Review and approval of audit plan by the partner in charge of the engagement just prior to signing the auditor’s report c. Evaluating professional staff after the conclusion of each engagement d. Evaluating the integrity of management for each new audit client MC 2-10 a. b. c. d.
Management’s responsibility for the financial statements Auditor’s responsibility to assess significant estimates made by management Extent of auditor’s reliance on the auditee’s internal controls Examination of evidence on a test basis
MC 2-11 a. b. c. d.
LO3 Which of the following concepts is not included in the wording of the auditor’s standard report?
LO3 Which of the following is not mandatory when performing an audit in accordance with GAAS?
Proper supervision of assistants Efficient performance of audit procedures Understanding the auditee’s system of internal controls Adequate planning of work to be performed
WWW.TEX-CETERA.COM
69
70
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EXERCISES AND PROBLEMS EP 2-1 Audit Independence and Planning. LO5 You are meeting with executives of Cooper Cosmetics Corporation to arrange your firm’s engagement to audit the corporation’s financial statements for the year ending December 31. One executive suggests the audit work be divided among three staff members to minimize audit time, avoid duplication of staff effort, and curtail interference with company operations. One person would examine asset accounts, a second would examine liability accounts, and the third would examine income and expense accounts. Advertising is the corporation’s largest expense, and the advertising manager suggests that a staff member of your firm, whose uncle owns the advertising agency handling the corporation’s advertising, be assigned to examine the Advertising Expense account. The staff member has a thorough knowledge of the rather complex contract between Cooper Cosmetics and the advertising agency. Required: a. To what extent should a PA follow the auditee management’s suggestions for the conduct of an audit? Discuss. b. List and discuss the reasons why audit work should not be assigned solely according to asset, liability, and income and expense categories. c. Should the staff member of your public accounting firm whose uncle owns the advertising agency be assigned to examine advertising costs? Discuss. EP 2-2 Time of Appointment and Planning. LO3 Your public accounting practice is located in a town of 15,000 people. Your work, conducted by you and two assistants, consists of compiling clients’ monthly statements and preparing income tax returns for individuals from cash data and partnership returns from books and records. You have a few corporate clients; however, service to them is limited to preparation of income tax returns and assistance in year-end closings where bookkeeping is deficient. One of your corporate clients is a retail hardware store. Your work for this company has been limited to preparing the corporation income tax return from a trial balance submitted by the bookkeeper. On December 26, you receive an e-mail from the president of the corporation with the following request: We have made arrangements with the First National Bank to borrow $500,000 to finance the purchase of a complete line of appliances. The bank has asked us to furnish our auditor’s certified statement as of December 31, which is the closing date of our accounting year. The trial balance of the general ledger should be ready by January 10, which should allow ample time to prepare your report for submission to the bank by January 20. In view of the importance of this certified report to our financing program, we trust you will arrange to comply with the foregoing schedule. Required: From a theoretical viewpoint, discuss the difficulties that are caused by such a short-notice audit request. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) EP 2-3 Reporting Standards. LO3 PA Musgrave and his associates audited the financial statements of North Company, a computer equipment retailer. Musgrave conducted the audit in accordance with the general and field work standards of GAAS and therefore wrote a standard audit description in
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
his audit report. Then he received an emergency call to fill in as a substitute tenor in his barbershop quartet. No one else was in the office that Saturday afternoon, so he handed you the complete financial statements and footnotes, saying, “Make sure it’s OK to write an unmodified opinion on these statements. The working papers are on the table. I’ll check with you on Monday morning.” Required: In general terms, what must you determine in order to write an unmodified opinion paragraph for Musgrave’s signature? EP 2-4 Generally Accepted Auditing Standards in a Computer Environment. LO2 The Lovett Corporation uses an IBM mainframe computer system with peripheral optical reader and highspeed laser printer equipment. Transaction information is initially recorded on paper documents (e.g., sales invoices) and then read by optical equipment that produces a disk containing the data. These data file disks are processed by a computer program, and printed listings, journals, and general ledger balances are produced on the high-speed printer equipment. Required: Explain how the audit standard requiring “adequate technical training and proficiency” is important for satisfying the general and field work standards in the audit of Lovett Corporation’s financial statements. EP 2-5 Audit Report Language. LO3 The standard unmodified report contains several important sentences and phrases. Explain why each of the following phrases is used instead of the alternative language indicated. 1. Address: “To the Board of Directors and Shareholders” instead of “To Whom It May Concern.” 2. “We have audited the balance sheet of Anycompany as of December 31, 20X2, and the related statements of income, retained earnings, and cash flows for the year then ended” instead of “We have audited the attached financial statements.” 3. “We conducted our audit in accordance with generally accepted auditing standards” instead of “Our audit was conducted with due audit care appropriate in the circumstances.” 4. “In our opinion, the financial statements referred to above present fairly . . . in conformity with generally accepted accounting principles” instead of “The financial statements are true and correct.” EP 2-6 Public Oversight of the Accountancy Profession. LO7 The CPAB and the PCAOB in the United States provide oversight for PAs who audit public companies. What are the objectives of these boards? What factors should these boards consider in assessing PAs’ work? EP 2-7 Scope of an Audit, Requirement for Specialist Expertise. situations:
LO3 Consider the following two
1. The auditor discovers during the audit that the auditee company has entered a complex legal contract that involves transferring assets to another company if that company performs certain future services by obtaining supplies from a foreign country. The auditor is unable to establish whether the contract imposes any financial liability or has any other financial impact on the auditee company. 2. The auditor learns that the auditee company must comply with environmental standards requiring it to monitor various emissions using complex scientific techniques. The amounts of the financial penalties that can be imposed by the government are determined by the nature and extent of non-compliance with these scientific standards.
WWW.TEX-CETERA.COM
71
72
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Required: Contrast these two situations in terms of the auditor’s responsibility to perform audit procedures and issue a report. Include a recommendation on which form of report would be issued in each case, based on your analysis. EP 2-8 Assurance Engagements, General Assurance Standards. LO4 A radio advertisement for a new software management product included the following statement: “According to ITR, Knovel’s new software product will pay back in three months.” ITR is an information technology (IT) research firm that is hired by various companies in the IT industry to provide reports on IT usage and sales in the IT market. As soon as ITR’s president heard the ad on his car radio, he immediately phoned Knovel and told them to stop using the ad. Required: Discuss whether the ad’s statement is the result of an assurance engagement. Consider the parties involved, the subject matter, the accountability relationships, the nature of the report, and any other relevant aspects of the situation. Why do you think ITR’s president wanted the ad stopped? EP 2-9 Fair Presentation in Accordance with Generally Accepted Accounting Principles. LO3 The third reporting standard of GAAS states that the auditor’s opinion on the financial statements should indicate whether they present fairly the financial position, results of operations, and changes in financial position in accordance with GAAP. The CPA Canada Handbook Recommendations are an important source of GAAP. However, the Recommendations may allow for different interpretations and choices in how they are applied, or they may be silent. Required: a. How does the auditor assess whether financial statements are in accordance with GAAP when a conclusion on GAAP is not found in the CPA Canada Handbook Recommendations? Give an example of an accounting issue that may not be covered in the Recommendations. b. How does the auditor assess whether financial statements are in accordance with GAAP when the CPA Canada Handbook Recommendations allow for different accounting methods to be acceptable? Give an example of an accounting issue for which alternative acceptable accounting treatments are provided in the Recommendations. EP 2-10 Missing Disclosure Described in Auditor’s Report. LO3 Bunting Technology Corporation is a large public company that manufactures the IXQ, a telecommunications component that speeds up Internet transmission over fibre-optic cable. Subsequent to its current year-end, but before the audited financial statements are issued, a competitor of Bunting launches a new product that increases transmission speed to one hundred times that of Bunting’s IXQ and sells for one-tenth the price. Bunting has approximately 11 months of inventory of the IXQ in inventory, based on the current year’s sales levels. Bunting’s auditors, Ditesmoi & Quail (DQ), have determined that this subsequent event warrants a write-down of Bunting’s year-end inventory to reflect technological obsolescence. Given that the IXQ is Bunting’s main product, the write-down will be highly material. DQ argues that this development will result in a permanent change in Bunting’s earnings potential and future cash flows, and it would be misleading users if it is not included in the current-year financial statements. Bunting’s management refuses to record the inventory write-down, arguing that the event occurred after the year-end and therefore does not relate to the current year’s results. Also, since
WWW.TEX-CETERA.COM
CHAPTER 2
Auditors’ Professional Roles and Responsibilities
the competitor’s product is brand new, management argues that there is significant uncertainty about whether it will perform as well in actual use as the competitor claims. Thus, it is premature to assume it will have an impact on IXQ sales, and it is impossible to estimate a dollar amount for the impact. Management is also concerned that, by publicly reporting information about the competing product in Bunting’s annual report, DQ will jeopardize several large sales contracts that Bunting is currently negotiating, and this may lower sales even more than if the information were withheld. DQ issues a qualified audit report that spells out its estimate of the material impact of the technological obsolescence on Bunting’s assets, net income, and retained earnings. Required: Discuss the issues raised by DQ’s decision to issue a qualified report in this situation. Consider the impact of DQ’s audit report qualification on Bunting, on users of the audited financial statements, and on DQ as Bunting’s auditor. EP 2-11 Auditors’ Professional Skepticism. LO2 Auditors are required to have professional skepticism, but auditors must also rely on management representations in order to complete the audit. Discuss the inherent conflicts in these two requirements and how they may be resolved. EP 2-12 Assurance Engagement Other Than Audit or Review. LO4 During 2002 and 2003, United Nations weapon inspectors entered Iraq to search for “weapons of mass destruction.” These include chemical, biological, and nuclear weapons. It had been reported that these weapons and equipment for manufacturing them may have been concealed in public buildings such as schools, hospitals, or apartment buildings. Required: Identify the subject matter and design an approach for assessing risks and probabilities of weapons existing, and for implementing the inspection. Use basic audit definitions and approaches from financial statement auditing. For example, compare the weapons inspectors’ objectives to the approach to looking for a material understatement of a financial statement liability. EP 2-13 Audit Weaknesses Found in Canadian Public Accountability Board Inspections. LO1, 7 Access the CPAB website at cpab-ccrc.ca and find the most common weaknesses in Canadian audit practice as identified in their reports. EP 2-14 Audit Expectations Gap. LO1 Some have proposed the idea of an “audit expectations gap,” which is the difference between what the auditor accomplishes using GAAS and what third-party users expect from audited financial statements. Do you think there is an expectations gap? Discuss and identify potential sources of the gap. EP 2-15 Private Sector versus Public Sector Auditing. LO4 Is there more of an audit expectations gap in private sector auditing or public sector auditing? Discuss. Explain any difference in terms of the independence characteristic. In particular, are public sector auditors more independent than private sector auditors? Discuss.
EP 2-16 Audit Expectations Gap. LO1, 2 Ask a relative or friend what they think auditors do. Are auditors expected to find all errors? Find all intentional errors? Find all unintentional errors (no
WWW.TEX-CETERA.COM
73
74
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
matter how small)? Ask them to read the auditor’s report in Exhibit 2–1. Then ask whether this report meets their expectations of the auditor’s role. Does the auditor’s report meet your expectations if you were investing in the Thai restaurant illustration at the beginning of Chapter 1? Appendix 2A: Generally Accepted Auditing Standards of the United States (on Connect) Appendix 2B: Implementation of Quality Control Standards in Canada (on Connect)
ENDNOTES 1
We clarify official terminology by always referring to “reports” as auditor-prepared and “statements” as management-prepared communications.
2
H. Lu, G. Richardson, and S. Salterio. “Direct and indirect effects of internal control weaknesses on accrual quality: Evidence from a unique Canadian regulatory setting,” Contemporary Accounting Research, CAAA, Summer 2011, pp. 675–707.
3
A. Freeman and K. Hawlett, “Keep IPO’s at home: Martin,” The Globe and Mail, March 8, 1996, B1.
4
R. Mautz and H. Sharaf, The Philosophy of Auditing (American Accounting Association, 1961), p. 140.
5
Section 5025 is included in the CPA Canada Assurance Handbook as an “Other Canadian Standard” or OCS.
6
Tim Kiladze, “Auditors rethink industry rules post-crisis,” The Globe and Mail, March 9, 2012.
WWW.TEX-CETERA.COM
A P P E N D I X
2 A
Generally Accepted Auditing Standards of the United States LO6
List the generally accepted auditing standards of the United States.
AU Section 150 Auditing Standards .02 The general, field work, and reporting standards (the 10 standards) approved and adopted by the membership of the American Institute of Certified Public Accountants (AICPA), as amended by the AICPA Auditing Standards Board, are as follows: General Standards 1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. 2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or auditors. 3. Due professional care is to be exercised in the performance of the audit and the preparation of the report. Standards of Field Work 1. The work is to be adequately planned and assistants, if any, are to be properly supervised. 2. A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed. 3. Sufficient competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under audit. Standards of Reporting 1. The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles. 2. The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period. 3. Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report. 4. The report shall contain either an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated. In all cases where an auditor’s name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor’s work, if any, and the degree of responsibility the auditor is taking. Source: pcaobus.org/Standards/Auditing/Pages/AU150.aspx#ps-pcaob_2e7a4ae3-6a64-4651-b9ce-8ee3ab53b136. 2A-1
WWW.TEX-CETERA.COM
A P P E N D I X
2 B
Implementation of Quality Control Standards in Canada LO7
Summarize audit quality control monitoring in Canada.
CPA Canada’s Guide for Developing Quality Control Systems in Public Accounting was a study that proposed detailed guidance based on five key components or areas: clients, personnel, engagement procedures, practice administration, and a quality control review program. Exhibit 2B–1 illustrates the implementation of a quality control system using the five key components included in CPA Canada’s study. The study proposed that the areas of client relationships (including independence from the clients) and engagement procedures be given top priority when implementing a system in stages. The right-hand columns in Exhibit 2B–1 suggest priority in setting up a firm-wide quality control system. Note in Exhibit 2B–1 that the five areas have each been subdivided into a series of elements that allow firms to better articulate all the different aspects of quality control. While the exhibit framework is not a standard, it indicates where Canadian guidance may be headed. Note that tax and management advisory services could be included in the framework, but the extent to which they should be considered in the quality control system is controversial. The International Federation of Accountants (IFAC) issued a standard on quality control, ISQC-1. As a result, CPA Canada added to its Handbook the section, “Canadian Standard on Quality Control, CSQC-1 (was CGSF-QC),” for firms performing assurance engagements. This standard is outlined in Exhibit 2B–2. There are only minor differences between CSQC-1 and the international equivalent ISQC-1. Firms can use the evolving quality control standards to develop their own policies and procedures, along with the related documentation. When peer or quality reviews are conducted, the reviewers “audit” the public accounting firm’s policies and procedures designed to ensure compliance with the elements of CSQC-1, and perhaps additional criteria. The statements of policy and procedures may vary in length and complexity, depending on the size of the public accounting firm and the regulatory system affecting it. (Students who wish to know these policies and procedures in detail when interviewing for a job should ask for a copy of the firm’s quality control document.)
Accountability Boards Quality Control Accountability boards have been created in Canada and the United States to help preserve the integrity of the financial reporting system. Most countries in the European Union were supposed to have equivalents of a Canadian Public Accountability Board (CPAB) by 2009, but many did not meet this deadline. The boards have been pressing for new rules in the monitoring of quality control and audit practice, most of these geared to improving auditor independence. These rules include five-year rotations of partners and strict limits on consulting services that have the potential to create conflicts of interest with the auditing role. 2B-1
WWW.TEX-CETERA.COM
2B-2
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EXHIBIT 2B–1
Implementing a Quality Control System QUALITY CONTROL AREA/ELEMENTS
FIRST PRIORITY
SECOND PRIORITY
A. Clients 1. Independence and Objectivity 2. Prohibited Investments 3. Conflicts of Interest 4. Confidentiality 5. Acceptance and Continuance 6. New Client Proposals B. Personnel 1. Hiring 2. Assignment 3. Performance Evaluation 4. Advancement 5. Continuing Professional Education 6. Restriction of Professional Staff Activities C. Engagement Procedures 1. Engagement Letters 2. Planning and Execution 3. Documentation 4. Supervision and Review 5. Resolution of Differences of Opinion 6. Consultation with Peers 7. Independent Review 8. Management Letters D. Practice Administration 1. Use of Firm Name 2. Access to Client Files 3. Security of Confidential Information 4. Retention of Files 5. Software Usage and Security 6. Technical Reference Materials 7. Litigation and Professional Conduct 8. Advertising and Promotion 9. Solicitation of Clients E. Quality Control Review Program 1. Internal Review 2. Monitoring Client Services 3. Monitoring Quality Control 4. Premerger Review Total Elements
17
Source: Copyright © Exhibit 4–2 in CPA Canada’s Guide for Developing Quality Control Systems in Public Accounting, p. 35.
WWW.TEX-CETERA.COM
16
APPENDIX 2B
Implementation of Quality Control Standards in Canada
2B-3
EXHIBIT 2B–2
CPA Canada Canadian Standards on Quality Control for Firms (CSQC-1) CSQC/ISQC 1, 16-17 Elements of a System of Quality Control 16. The firm shall establish and maintain a system of quality control that includes policies and procedures that address each of the following elements: (a) Leadership responsibilities for quality within the firm. (b) Relevant ethical requirements. (c) Acceptance and continuance of client relationships and specific engagements. (d) Human resources. (e) Engagement performance. (f)
Monitoring.
17. The firm shall document its policies and procedures and communicate them to the firm’s personnel. (Ref: Para. A2–A3) Source: CPA Canada Handbook—Assurance, 2014.
The list of conflicting services would include valuation services, legal services, information technology systems design, and internal audits for auditees with more than $10 million in assets or market capitalization. In addition, the Public Company Accounting Oversight Board (PCAOB) is studying the requirements of audit firm rotation and the potential conflict created when audit firm personnel leave to work for auditees. These are primarily issues of professional ethics and are covered in more detail in Chapter 3. In monitoring public accounting firm quality control practices, the boards would need to consider implementation controls. The quality control elements listed in Exhibits 2–5 (in Chapter 2 of the text), 2B–1, and especially 2B–2 are examples of criteria that could be used to implement the monitoring. In the future, the accountability boards may issue their own standards for accounting firms’ quality controls, including monitoring of ethics and independence, internal and external consulting on audit issues, audit supervision, hiring, development and advancement of audit personnel, client acceptance and continuance, and internal inspections. The PCAOB has indicated that it will set future auditing independence and quality control standards. In contrast, the CPAB has indicated that it will let the profession decide on these standards. Hence, CPAB uses CSQC-1 as outlined in Exhibit 2B–2 as its primary criterion.
Monitoring of Quality Control: Practice Inspection, Peer Reviews, and Quality Inspections Practice inspections, peer reviews, and quality inspections are “audits of the auditors.” Practice inspection is the system of reviewing and evaluating practice units’ audit files and other documentation by an independent external party. The main objective of practice inspection is to evaluate conformity of the work with the CPA Canada Handbook and with the professional ethical principles and rules of conduct (covered in Chapter 3). The practice unit can be an individual or an entire office, in which case the individual members of the office are evaluated relative to their level of responsibility. Provincial practice inspection programs apply to all members of the relevant institutes, orders, or associations and consist of several steps: 1. Selection of practice unit for inspection (can be a public accounting firm, an office of a firm, or a sole
practitioner) practice inspection: the system of reviewing and evaluating practice units’ audit files and other documentation by an independent external party
WWW.TEX-CETERA.COM
2B-4
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
2. Completion of questionnaires to gather general information about the practice and quality control sys-
tems of the practice unit 3. Assignment of inspector 4. Inspection of a sample of engagement files 5. Report of inspection—each report focuses on an individual in a practice unit 6. Follow-up review of corrective actions, if applicable 7. A report to the professional conduct committee, if necessary1
There are some minor variations among provincial practice inspection programs relating to types of engagements reviewed and the way the inspection reports are prepared. The overall focus is on individual members’ performance, and the orientation is more educational than disciplinary, although serious deficiencies could lead to a complaint with a professional conduct committee, as is further explained in Chapter 18. Practice inspections are a useful complement to a firm’s system of quality control. Their success is reflected in the fact that many countries have followed the Canadian model, including Ireland, Norway, China, and Australia. A peer review is a practice inspection usually done as a special engagement by another audit firm hired for the task by the firm reviewed. The reviewers issue a report on the firm’s compliance with quality control standards and make recommendations for improvements to the audit practice. A quality inspection is an examination and evaluation of the quality of the overall practice. It is thus aimed at the firm level rather than at individuals. A quality inspection involves an extensive study of a firm’s quality control document and includes interviews with audit personnel as well as detailed study of quality of work, adherence to generally accepted auditing standards (GAAS), and quality control standards on a selection of audit engagements. A quality inspection has the same objective as a peer review but is less extensive. It is usually requested by smaller public accounting firms. The accountability boards have taken on the job of regulating inspections of firms’ audit operations to ensure compliance with the various quality control criteria outlined in the preceding section. The inspection reports for CPAB and PCAOB can be found at their websites, cpab-ccrc.org and pcaobus.org, respectively. The PCAOB has been given the authority to create auditing standards; however, CPAB has not. CPAB monitors and enforces the application of the Canadian Auditing Standards (CASs), which are based on international auditing standards. The first CPAB report dealt with inspections of the Big Four firms in Canada (issued October 6, 2004). The most common problems cited were lack of documentation for work said to have been done and independence violations. But the CPAB indicated that these problems did not represent negligent work. More recent reports have indicated that audit deficiencies in Canada have been reduced and that public accountants are exercising greater skepticism in the conduct of audits. The concerns are improving auditor communications with audit committees and others charged with corporate governance, focusing on the quality of audits of accounting estimates, and tracing the extent to which firms that use sampling adhere to the new CAS 530 sampling requirements.2 These emerging issues are covered in this text. The U.S. Securities and Exchange Commission (SEC) requires that any litigation alleging audit deficiencies and involving public companies or regulated financial institutions or their personnel be reported
peer review: a study of a firm’s quality control policies and procedures, followed by a report on a firm’s quality of audit practice; usually done as a special engagement by another audit firm hired for the task by the firm reviewed
quality inspection: an examination and evaluation of the quality of the overall practice
WWW.TEX-CETERA.COM
APPENDIX 2B
Implementation of Quality Control Standards in Canada
2B-5
to them by the auditors. The SEC obtains documents related to the litigation in order to determine whether the case has any bearing on quality control deficiencies in the public accounting firm. In Canada, sometimes a regulator, such as the Ontario Securities Commission, will ask that a public accounting firm or individual be reviewed by the CPAB and a provincial institute reviewer. This is usually in response to a complaint, but it sometimes arises from regular monitoring of annual reports and filings submitted to the regulator. The extent of work involved in practice inspections, peer reviews, and quality inspections is greatly influenced by the quality of documentation concerning the quality control system. Generally, if the quality control documentation is good and the reviewer can rely on extensive internal monitoring of quality control, less work is required than if documentation is poor and the reviewer must rely more on his or her own detailed inspection of files.
Review Checkpoints 2B-1 Consider the following quality control policy and identify the quality control element it relates to: “Designate individuals as specialists to serve as authoritative sources; provide procedures for resolving differences of opinion between audit personnel and specialists.” 2B-2 What is a practice inspection, and what roles does it play in the quality control self-regulation of the profession? 2B-3 Compare the quality inspection reports of the CPAB and PCAOB. Do the public accounting firms in the United States and Canada have similar quality control problems? 2B-4 What is the meaning of quality control as it relates to a public accounting firm?
KEY TERMS peer review
practice inspection
quality inspection
ENDNOTES 1
Guide for Developing Quality Control Systems in Public Accounting (CICA, 1993), p. 17.
2
Presentation by Brian Hunt, CEO of CPAB, on June 13, 2011, at the International Symposium on Audit Research, Quebec City.
WWW.TEX-CETERA.COM
C H A P T E R
3
Auditors’ Ethical and Legal Responsibilities Chapter 3 describes the moral, professional, and legal responsibilities that the public expects auditors to meet, further demonstrating the importance society attaches to the auditor’s role in protecting the public interest.
L EAR NING OBJE CT I VE S After completing this chapter, you will be able to do the following: Outline the concept of auditor responsibilities. Explain the importance of the study of ethics in helping define auditor responsibilities. Outline the characteristics of critical thinking. Describe the purpose and contents of the codes of professional ethics established by the various professional accounting bodies. Explain the importance of an independence framework for auditors. Outline auditor legal responsibilities. Outline the various types of common law liability for public accountants, citing specific case precedents. (Appendix 3A) Explain how professional judgment, critical thinking, and principles-based reasoning are related.
CHAP T ER APP ENDIX APPENDIX 3A Framework for Critical Thinking (on Connect)
75
WWW.TEX-CETERA.COM
76
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
EcoPak Inc. Two years ago, Kam and Mike started up a corporation called EcoPak Inc. to purchase the operating assets of the former StyreneTech company. They each own 45% of the EcoPak common shares, and Nina was given 10% of the common shares in return for her help in starting up the company. Zhang has invested in convertible preferred shares that can be converted to a 50% common share interest at any time. Kam and Mike kept the styrene-foam production business going to generate cash flows and developed the materials and production processes for their new biomass product line. Kam has also been very busy in his role as head of business development, and EcoPak has obtained a big contract to supply hot-food containers to a national restaurant chain. If the food containers perform well, the chain will consider having EcoPak also provide all its coffee cups. Kam has several other large contracts very close to signing, and it is now necessary for EcoPak to expand its production capacity significantly. Kam has attracted a lot of business media coverage. EcoPak’s highly innovative production process, which makes use of agricultural waste by-products, produces zero pollutant emissions and results in a completely biodegradable product. Consequently, an ethical investment management firm has approached Kam about investing in EcoPak to help finance the expansion of its biomass production. This firm has asked EcoPak to provide an environmental report on its operations; it is their policy to invest based on an audited environmental report or by doing its own audit of the company’s operations to assess its environmental sustainability and performance. But Kam and Mike are thinking of doing an environmental report solely on the new biomass business, leaving out any mention of the styrene-foam business. They are pretty sure a report on that pollution-emitting, petroleum-based process would send the ethical investors running! But how can they get it audited? Time to call Nina; she’s a senior audit manager now, so maybe she can do it. When Nina hears what Kam and Mike have in mind, she is upset: “First, since I own shares in EcoPak I cannot audit the company—I am not independent! But even if I could, your plan to report on just one-half of your operations is misleading. I am a professional public accountant, and I can’t associate myself with information that I know could be misleading to someone making an important decision based on it. And, even if you do an environmental report presenting all of your operations, I am not an environmental expert so I have no competence to provide assurance on the report. Remember those professional standards we talked about when you were looking at StyreneTech’s audited financial statements? I need to comply with those or my work won’t have the quality the public expects. So, basically, what you are asking me to do is totally unethical! And maybe it’s time you two started thinking about the ethics of your own situation at EcoPak—taking a lot of credit for being so ‘environmentally responsible’ when half of your operations and most of your cash flows come from a really toxic process and a product that ends up littering the environment.” Kam and Mike fall over themselves apologizing to Nina. They realize they had not thought things through very well, and what she is saying makes a lot of sense. But they are also in a real bind because without new financing and without the cash flow from the styrene-foam business, they cannot expand the biomass business! Nina suggests they work with the ethical investment firm; Kam should try to sell them on the idea that their investment in EcoPak will allow the company not only to expand the biomass material line but also to shut down the styrene-foam line very soon. They will be getting twice the bang for their ethical buck. Kam and Mike decide to engage an engineering firm to do an environmental audit of EcoPak’s operations. A big surprise is uncovered during the audit—all the land behind the factory has been contaminated by a large spill of a toxic material, benzene, that had occurred a couple of years before they took over StyreneTech’s operations! The Ministry of the Environment had issued a cleanup order against StyreneTech, and the company had done the first phase of cleanup to prevent the pollutant from spreading, but then the operating assets were sold to EcoPak. Since this is the land that will be used to expand their factory, EcoPak will need to complete the second cleanup phase— removal of the contaminated soil—before the expansion can occur. The cost of the cleanup is very high.
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
77
When Nina hears about this, she realizes that Grand & Quatre (G&Q) missed a huge issue in their audit, since this problem existed at the time of their audit work. She advises Kam and Mike to see a lawyer about suing G&Q for the cost of the cleanup, since it was a known liability of an estimable amount that should have been accrued in the StyreneTech financial statements: “At best, if G&Q was just sloppy and didn’t ask the right questions, you should be able to show that their negligence resulted in your loss. But if G&Q knew about it, and let the Waterfalls Inc. management intimidate them into leaving it off the books because StyreneTech was being sold, that is a much more serious issue that will kill G&Q’s reputation should it become public!”
The Essentials of Auditors’ Ethical and Legal Responsibilities Audits cannot be effective unless they are performed ethically. The essence of information risk is the possibility that reporting will be done unethically, for example, to conceal fraud or provide a deceptive and misleading impression of the financial performance and condition of a company. The essential role and responsibility of an auditor are to establish and communicate assurance to users that financial statements are fairly presented, implying that unethical reporting has not occurred. In this role an auditor cannot have any conflict of interest. This requirement is explicitly stated in the accountants’ professional ethics code. When you start to read the actual wording of the professional ethics code, you will probably find it all very general and vague, and it may not be easy to imagine how anyone could actually apply it. Professional practice in a three-party accountability situation gives rise to many conflicts and dilemmas. It is usually fairly easy to do the right thing, but it is often very difficult indeed to know what the right thing is. Personal biases can arise for anyone, including auditors, and are, by definition, hard to see from the inside. As an example, say you are auditing a company’s financial statements and find that you really like the company’s controller because he has a great sense of humour, finds hilarious videos on the Internet, and always brings you a coffee in the morning. Your audit analysis work suggests that the company’s travel expenses look much too high, but the controller explains that it is because some new salespeople hired in the past year had to travel more frequently to establish relations with new customers. Will the fact that you feel positively toward the controller personally make you inclined to take his word for it, even though with a bit of extra effort you could easily corroborate his story? You could do this by asking some other people in the company management (e.g., the sales manager) and by checking the payroll records to see if new sales department employees were added during the year. Say you did look for this corroborating evidence and it showed that there were actually far fewer sales employees during the year, and rather than travelling, they mainly contacted customers by phone and email. Then what would you do? If you put yourself in this situation, you will start to feel what it is like to be responsible for gathering evidence that gives reasonable assurance about whether financial information is misstated or not. To address the challenges of dealing with potential biases like this, and other conflicts of interest and ethical dilemmas in auditing practice, two crucial interrelated concepts have been developed and incorporated into the auditing standards: professional skepticism and professional judgment. Professional skepticism means that an auditor always wants to question the claims made by the management of the enterprise under audit and to look for corroborating evidence. This is not the same as automatically suspecting that everything management says is false; it simply reflects that the auditor has a duty to corroborate management’s claims and assertions—this is what the ethics code refers to as using due care. A practical approach to being skeptical is to always be thinking about what could go wrong. Since a potential conflict of interest always exists between the auditor and management, it follows that auditors must gather their own evidence on the financial statements and disclosures to reach a reasonable and supportable decision to provide
WWW.TEX-CETERA.COM
78
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
assurance on the truthfulness of the financial statements. How does an auditor know the decision is reasonable and supportable? The auditor must use a critical thinking process of reasoning to assess logically whether the evidence obtained provides reliable reasons that are relevant to supporting the conclusion. Professional judgment refers to an auditor applying relevant training, knowledge, and experience, in the context provided by auditing, accounting, and ethical standards, to make informed decisions about the most appropriate action to take in the circumstances of an audit engagement. Professional judgment in financial statement auditing requires critical thinking on accounting issues and the evidence related to them. A critical thinking framework can be used to decide when an audit conclusion is sufficiently justified, considering possible conflicts of interest. In auditing, the goal is often to determine the best (most truthful, fairest) position when there are conflicting positions (e.g., the inventory should be $X, or should be $X less a write-down of $Y). A critical thinking process that can be used in auditing to determine the most truthful claim involves the following steps: 1.
As the auditor, define your role in an engagement, and identify the needs and responsibilities of the other parties in the three-party accountability relationship, including any potential conflicts of interest.
2.
Identify contentious issues that need to be resolved in the engagement, such as controversial financial reporting issues. For example, the auditor might believe that the company has a large quantity of inventory items that are obsolete and their costs should be written off. Management states that it expects to succeed in selling these items for more than their costs by finding new marketing channels. Is the inventory valuation accounting estimate that management is claiming “reasonable” and “presented fairly”?
3.
Explain the reasons and motivations for competing positions to be sure you understand others’ positions. For example, what are the consequences for management if a large inventory write-down expense has to be recorded? Will debt covenants be affected, etc.?
4.
Evaluate the arguments (assumptions, evidence) that relate to the competing positions and assess whether they are plausible and how strongly they link logically to a conclusion that each alternative position is true or not true. Applying logic essentially means identifying reasons that support a claim or conclusion. Sources of reasons include accounting and auditing concepts, assumptions, and principles. These concepts, along with the words used to state them (rhetoric), will affect the persuasiveness of your reasons as an auditor.
5.
Form a conclusion on which position is most likely to be true. The conclusion is based on two conditions: the validity of the reasons and how strongly they support the conclusion.
Note that experience is an essential ingredient of skepticism and good professional judgment, so auditing work is typically organized so that more-junior auditors work under the supervision of more-experienced ones. Still, being independent and objective, taking a skeptical attitude, and thinking carefully and critically are ultimately an individual responsibility. If an individual’s own critical reasoning leads to the conclusion that some action or decision is unethical, it is still unethical even if more-experienced people support it, or if “everyone is doing it.” If an audit fails to detect unethical reporting, and the third party believes that auditors have not met their professional responsibilities, auditors can face legal liability. Third-party beliefs may be based on what is referred to in auditing as the expectations gap. The gap exists between what users of audit reports expect—that auditors will always detect errors, fraud, theft, and illegal acts and report them publicly—and what auditors take responsibility for—detecting material misstatements. This gap can lead to lawsuits, particularly if a business fails, because even if auditors have performed well, the users may expect them to have done more to warn of the future business failure. Historically, auditors’ liability in Canada has been based on common law liability. Under common law, an auditor can be sued successfully if the plaintiff can prove four elements of negligence: 1.
There was a legal duty of care to the plaintiff.
2.
There was a breach of that duty.
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
3.
There is proof that damages to the plaintiff resulted from the breach.
4.
There is a reasonable connection between the breach and the damages.
79
The auditors’ defence in a liability lawsuit is to show that any of the elements is not proven. Controversies about audit effectiveness in recent years have also expanded the statutory liability of auditors who audit public companies. This type of liability is written into law statutes that specify when auditors can be found liable and the ranges of penalties auditors can be charged if they are liable. The Sarbanes-Oxley Act (SOX) in the United States is a well-known example of a law that can affect auditor liability. The development of statute-based regulation of auditors reflects the fact that governments no longer rely on the audit profession to self-regulate, as historically was the case.
Review Checkpoints 3-1
What is a financial statement auditor’s responsibility in relation to unethical financial reporting?
3-2
What is the meaning of an auditor’s opinion that a set of financial statements is “fairly presented”?
3-3
Give examples of conflicts that could arise between the following parties in a three-party accountability situation: (a) the management and the shareholders of a company, (b) the auditor and the management of a company, (c) the shareholders and the auditor of a company.
3-4
How can an auditor’s objectivity be affected by his or her own personal biases?
3-5
What is professional skepticism? How does it relate to an auditor’s objectivity? How does it relate to the professional accountant’s ethical requirement to use due care?
3-6
What is critical thinking? How is it useful to an auditor?
3-7
What is the relation between professional judgment and critical thinking?
3-8
Why is experience important in using good professional judgment?
3-9
Does professional experience guarantee that auditors will reach ethical decisions in auditing conflict situations? Explain your position.
3-10 What is the expectations gap in auditing? How does it relate to auditor liability? 3-11 What are the elements of negligence that apply in establishing auditor liability under common law? 3-12 What is the difference between common law and statutory laws in relation to determining auditor legal liability?
Introduction LO1
Outline the concept of auditor responsibilities.
As part of a privileged profession, auditors are responsible to society. This responsibility can be divided into three categories: moral, professional, and legal. Morality deals with character and “doing the right thing,” as is determined largely by social norms. Morality deals with distinctions between right and wrong actions or behaviour. Auditors have a responsibility to conform to social norms. Auditors’ moral responsibilities can be summarized as “public accountants should be upright, not kept upright.” Ethics relates to proper conduct in life, and a study of ethics helps the auditor develop a set of principles by which to live. moral responsibilities: the rules and principles conforming to broad social norms of behaviour
WWW.TEX-CETERA.COM
80
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Professional responsibilities refer to the more formal ethical responsibilities of auditors. Ethics is the philosophical study of morality. The emphasis on philosophy means that ethics is a more formal study and analysis of morality. These responsibilities (or professional ethics) are the rules and principles for the proper conduct of an auditor in his or her work. Professional ethics are necessary for a number of reasons: to obtain the respect and confidence of the public, to distinguish the professional from the general public, to achieve order within the profession, and to provide a means of self-policing the profession. All of these are meant to help meet the expectations of society as to the auditor’s role. However, social norms and social expectations of auditors change, and a study of ethics is helpful in preparing for lifelong adaptation. For example, auditors are increasingly viewed as a key component of well-functioning capital markets. The first half of this chapter will focus on ethics that are particular to accountants and auditors in relation to their professional responsibilities. Legal responsibilities are the risks auditors accept in a court of law while practising public accounting. The legal system is a chief means of regulating the social and professional responsibilities of auditors. These include the risks that arise from failing to use due care in the conduct of the audit. There is an interaction between legal and professional responsibilities, and they both relate to significant violations of society’s expectations of the social role of the auditor.
General Ethics LO2
Explain the importance of the study of ethics in helping define auditor responsibilities.
A pervasive sense of proper ethical conduct is critical for professional accountants. Two aspects of ethics operate in the professional environment: general ethics (the spirit or principles) and professional ethics (the rules). Mautz and Sharaf have contributed the following thoughts to the link between general and professional ethics: The theory of ethics has been a subject of interest to philosophers since the beginnings of recorded thought. Because philosophers are concerned with the good of all mankind, their discussions have been concerned with what we may call general ethics rather than the ethics of small groups such as the members of a given profession. We cannot look, therefore, to their philosophical theories for direct solutions to our special problems. Nevertheless, their work with general ethics is of primary importance to the development of an appropriate concept in any special field. Ethical behaviour in auditing or in any other activity is no more than a special application of the general notion of ethical conduct devised by philosophy. Ethical conduct in auditing draws its justification and basic nature from the general theory of ethics. Thus, we are well advised to give some attention to the ideas and reasoning of some of the great philosophers on this subject.1
Overview What is ethics? Wheelwright gives a more complete definition of ethics as “that branch of philosophy which is the systematic study of reflective choice, of the standards of right and wrong by which it is to be guided, and of the goods toward which it may ultimately be directed.”2 In this definition, you can detect three key elements professional responsibilities: the rules and principles for the proper conduct of an auditor in his or her work; necessary to obtain the respect and confidence of the public, achieve order within the profession, and provide a means of self-policing the profession; also known as professional ethics
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
81
of ethics: (1) it involves questions requiring reflective choice (decision problems), (2) it involves guides to distinguish right from wrong (moral principles), and (3) it is concerned with the consequences of decisions. What is an ethical problem? A problem exists when you must choose among alternative actions and the right choice is not absolutely clear. It is an ethical problem because the alternative actions affect the wellbeing of other people. An ethical dilemma is a problem that arises when a reason to act in a certain way is offset by a reason to not act in that way. The way to resolve such dilemmas is to rely on the primary ethical principle underlying the action. This can be influenced by the context of the dilemma. The process of identifying the primary ethical principle is a major reason we introduce critical thinking in this chapter. The process of identifying the primary accounting, auditing, and ethical principles to be relied upon in a particular situation, with all the principles being consistent, is one way to characterize critical thinking in professional judgment. What is ethical behaviour? There are two standard philosophical answers to this question: (1) it is behaviour that produces the greatest good, and (2) it is behaviour that conforms to moral rules and principles. Problem situations arise when two or more rules conflict or when a rule and the criterion of “greatest good” conflict. Some examples of these are given later in this chapter. Why does an individual or group need a code of ethical conduct? While it has been said that a person should be upright and not kept upright, a code serves as a useful reference or benchmark and specifies the criteria for the conduct of a profession. Society changes, and this creates challenges in adhering to general principles. For example, it is not always obvious what constitutes proper professional conduct in social networking sites. Thus, codes of professional ethics provide some solutions that may not be available in general ethics theories, it allows individuals to know what the profession expects, and it publicly declares the profession’s principles of conduct so these standards can be enforced.
A Variety of Roles and Conflicts The decision-maker role does not fully describe a professional person’s entire ethical obligation. Each person acts as an individual, a member of a profession, and a member of society. Hence, accountants and auditors are also spectators (observing the decisions of colleagues), advisers (counselling co-workers), instructors (teaching accounting students or new employees on the job), judges (serving on disciplinary committees of provincial associations), and critics (commenting on the ethical decisions of others). All of these roles are important in the practice of professional ethics. In addition, public accountants (PAs) work as consultants, tax advisers, and auditors, and there can be conflicts of interest in serving these professional roles. Also, within the auditing role, there can be conflicts between the preparers and users of financial information. Finally, there can be conflicts between the different users of financial information, and auditors must be ready to act as a type of accounting referee.
An Ethical Decision Process Your primary goal in considering general ethics is arriving at a set of acceptable methods for making ethical decisions. Consequently, you will only behave according to the rules of professional conduct if you understand the general principles of ethics. Essentially, ethics is principles based.
ethical dilemma: a problem that arises when a reason to act in a certain way is offset by a reason to not act in that way
critical thinking: the process of justifying one’s conclusion or decision by providing good or acceptable reasons
WWW.TEX-CETERA.COM
82
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
In the previous definition of ethics, one of the key elements was reflective choice. This involves an important sequence of events, beginning with recognizing decision problems. Collecting evidence, in the ethics context, refers to thinking about rules of behaviour and outcomes of alternative actions. The process ends with analyzing the situation and taking an action. Ethical decision problems almost always involve projecting yourself into the future to live with your decisions. Professional ethical decisions usually turn on two questions: What written and unwritten rules govern my behaviour? What are the possible consequences of my choices? Principles of ethics can help you think about these two questions in real situations.
To Tell or Not to Tell? In your work as an auditor, you discover that the cashier, who has custody over the petty cash fund, has forged several payment records in order to cover innocent mistakes and make the fund balance each month when it is replenished. Your investigation reveals that the amount involved during the year is $240. The cashier is a woman, age 55, and the president of the company is a man who tolerates no mistakes, intentional or otherwise, in the accounting records. In fact, he is unyielding in this respect. He asks you about the results of your audit. Not doubting that the cashier would be fired if the forgeries were known, should you remain silent or tell the truth?
Philosophical Principles in Ethics A discussion of ethical theories would be unnecessary if we accepted a simple rule: “Let your conscience be your guide.” Such a rule is appealing because it calls on an individual’s own judgment, which may be based on wisdom, insight, or adherence to custom or an authoritative code. However, it might also be based on self-interest, caprice, immaturity, ignorance, stubbornness, or misunderstanding. In a similar manner, relying on the opinions of others or a social group is not always enough, as they may perpetuate a custom or habit that is wrong (e.g., prejudice). Adhering blindly to custom or group habits is abdicating individual responsibility. Titus and Keeton summarized this point succinctly: “Each person capable of making moral decisions is responsible for making his own decisions. The ultimate locus of moral responsibility is in the individual.”3 Ethical principles provide some guidelines for taking individual decisions and actions. The earlier illustration (To Tell or Not to Tell?) and the one that follows (Conflicting Duties) demonstrate some ethical problems that, for most people, would present difficult choices. Consider them in light of the ethical principles discussed following the box.
Conflicting Duties Because of your fine reputation as a PA, you were invited to become a director of a local bank and were pleased to accept the position. While serving on the board, you learned that a bank director is under a duty to use care and prudence in administering the affairs of the bank, and that failure to do so in such a way that the bank suffers a financial loss means that the director(s) may be held liable for damages. This month, in the course of an audit, you discover a seriously weakened financial position in a client who has a large loan from your bank. Prompt disclosure to the other bank directors would minimize the bank’s loss, but since the audit report cannot be completed for another three weeks, such disclosure would amount to divulging confidential information gained in the course of an audit engagement (prohibited by confidentiality principles). You can remain silent and honour confidentiality principles (and fail to honour your duty as a bank director), or you can speak up to the other directors (thus violating confidentiality principles). Which should you choose?
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
83
Ethical theories can be subdivided into two types: monistic and pluralistic. Monistic theories assume that universal principles apply regardless of the specific facts. Pluralistic theories, on the other hand, assume that there are no universal principles and that the best approach is to use the principles that are most relevant in a particular case. There are a number of monistic theories. The most important are deontological (or duty-based) theories dominated by the ideas of Immanuel Kant and utilitarianism. Deontological (Kantian) ethics assumes that there are universal principles (imperatives) such as the biblical Ten Commandments that must always be followed regardless of the consequences. Kant maintained that motive and duty alone define a moral act, not the consequences of the act. Some object to the imperative principle because so-called universal rules always turn out to have exceptions. Others respond that if the rule is stated properly to include the exceptional cases, then the principle is still valid. But the human experience is complicated, and the rules would be very complex if they had to cover all possible cases.4 This problem is not unique to ethics, as identifying the universal or primary principles and concepts of anything is a challenge for anyone trying to justify some action or conclusion. Universal principles are generally easier to identify in mathematics and the physical sciences than they are in social sciences such as accounting and auditing. Nevertheless, auditors must try to give the best reasons they can for their professional judgments and conclusions (claims). These reasons must also be based on the audit evidence. Another major problem with duty-based ethics is that duties can conflict; one then needs to sort out which duty is most important, depending on the specific context. The professional rules of conduct for accountants have been greatly influenced by duty-based Kantian ethics and can be viewed as duties. But there is also a potential conflict of professional rules, most notably the rules of confidentiality and of not being associated with misleading information. This ethical dilemma was illustrated in the preceding box (Conflicting Duties), and the related rules are discussed later in this chapter and in Chapter 18 (available on Connect). Another monistic theory is consequentialism, that is, basing the decision on the consequences of an action. Utilitarianism indicates that when we have a choice, we pick the one that results in the best outcome (that is, has the highest utility). Utilitarianism is a specialized case of consequentialism that chooses the action that maximizes the greatest good for the greatest number of people. A minority, however, might suffer as a consequence of this. Related difficulties with utilitarianism include deciding what is “good” and what is a “fair” distribution of the good. In other words, who decides how to measure utility in the particular circumstances? Addressing such complications requires more refined concepts, and these may be influenced by culture and ideology. These monistic theories are not sufficient on their own to handle the complexities of most real-life ethical problems, including those of professional accounting ethics. Nevertheless, they can be important principles
monistic theories: ethical theories that assume universal principles apply regardless of the specific facts of a situation
pluralistic theories: ethical theories that assume that there are no universal principles and that the best approach is to use the principles that are most relevant in a particular case
deontological (Kantian) ethics: the moral theory that an action is right if it is based on a sense of duty or obligation
imperatives: universal principles assumed by monistic moral theories
consequentialism: a moral theory that the choice of action is made based solely on the consequences, that is, that it maximizes utility; note that economics and business are based on this theory
utilitarianism: a moral theory that the right choice is the one that results in the greatest good for the greatest number of people
WWW.TEX-CETERA.COM
84
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
when providing reasons for a claim or decision. For example, standard economic theory is based on utilitarianism, the same theory used in cost-benefit analysis. However, exclusive reliance on one principle in all situations can lead to problems. The cost-benefit analysis approach was used by many public accounting firms in the 1990s when they decided to put more emphasis on developing the management consulting side of their practices rather than on auditing. In some cases, auditing was viewed as a “loss leader” in creating more lucrative consulting practices. At the time, the big public accounting firms were also the largest consulting firms in the world.5 The resulting increase in consulting revenues was so large that the appearance of independence was affected. Many feel that overreliance on consulting led to Arthur Andersen’s demise. This focus on utilitarianism thus caused the profession a great deal of grief. With the passage of SOX and other reforms, the pendulum is now swinging the other way—the focus on quality control emphasizes auditors’ duties toward the public interest. Ethical reasoning is different from other types of reasoning because it considers the perspective of others. A problem is that there can be different dimensions to an ethical dilemma, and monistic theories are usually insufficient to deal with every aspect. Specifically, ethics is very context specific. You will especially note this in the rules for independence discussed later in this chapter. But this should already be evident to you from your study of accounting. The way we account and the disclosure language used in financial reporting are also very context specific (for example, whether or not the going-concern assumption is satisfied). One of the key assumptions of accounting is the going-concern assumption mentioned above. If this assumption is not true, then you cannot use the accounting standards that rely on it. But the auditor can rarely be certain that a business will continue with certainty. Then the question becomes how certain you must be as an auditor. This illustrates the importance of context in an appropriate accounting for a given situation, and the difficult duty of the auditor to assess the appropriateness of the reporting in words and numbers. It is also common to need to consider several issues at once. Thus, for example, the dimension relating to the duties of an auditor reflects Kantian theories, whereas the dimension of the dilemma relating to outcomes of auditor decisions reflects consequentialist reasoning. There are other ethical theories, such as virtue ethics, that relate to the personal character of the decision maker. Yet other ethical theories focus on the need for justice in a decision, or the need to preserve certain rights of individuals, or other aspects of the social impact of a decision. More recent ethical theories critically evaluate the social origins of ethical theories and the societies in which the ethical theories evolve. These are referred to as critical theory and post-modernity. Many post-moderns subscribe to the view of Zygmunt Bauman that “Human reality is messy and ambiguous, and so moral decisions, unlike abstract ethical principles, are ambivalent.”6 Nevertheless, by being synthesized to differences in the way people might view things through differences in the way to deal with these complexities, auditors are better prepared to reach an appropriate conclusion. This is now recognized in the Canadian Auditing Standards CAS 200.13 definition of professional judgment as given in Chapter 1, which in part states “. . .uses the application of ethical standards in making informed decisions. . . .” Note that CAS 200 says nothing about ethical theories, but implicit is that somehow the auditor will manage to do the right thing. We thus introduce the concept of critical thinking to look more deeply at professional judgment beyond that given in auditing standards. You can view this as part of the education and experience needed in fulfilling professional judgment expectations of auditors. Going beyond the standards is especially important when the standards do not cover all of society’s expectations of auditors. This is illustrated in the next box. The consequences of a decision for others and the ability to imagine their feelings about these must be part of ethical reasoning. This ability to imagine is frequently referred to as moral imagination. For example, a moral imagination helps in the understanding of user needs in financial reporting. This may be an important way of avoiding litigation, as discussed in the box below. Had the CEO at Molex (the company described at the beginning of Chapter 1) used his moral imagination, he might not have been fired. moral imagination: the part of ethical reasoning where one has the ability to imagine others’ feelings about the consequences of a decision
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
85
The Significance of United States V. Simon (Popularly Known as the Continental Vending Case), 1969 The circumstances were judged to be evidence of willful violation of Section 32 of the Exchange Act. Generally accepted accounting principles (GAAP) were viewed by the judge as persuasive but not necessarily conclusive criteria for financial reporting. Section 32 states the criminal penalties for violation of the Exchange Act. Like Section 24 of the Securities Act, the critical test is whether the violator acted “willfully and knowingly.” In affirming the conviction, the appeals court stated that it should be the auditor’s responsibility to report factually whenever corporate activities are carried out for the benefit of the president of the company and when “looting” has occurred. The significance of this case is that while the auditor was able to prove that the financial statements were in conformity with GAAP at the time, the auditor was nevertheless found guilty of committing fraud! This is because the accounting standards at the time did not require disclosure of material related party transactions. While the auditor knew that the related party transactions were material and presented in a misleading way, the auditor relied on technical conformity with GAAP to support his opinion. The courts disagreed. The courts concluded that when the auditor uses the words “present fairly” in his report, it means more than mere conformity with GAAP. A higher-level principle comes into play that can be interpreted as meeting the needs of third parties. These needs include being understandable and not misleading to non-accountants. In essence, the courts said that auditors should use more “common sense” in deciding on user needs. An auditor cannot “hide behind GAAP” to avoid making informative disclosures and meeting third-party needs. Technical conformity with GAAP can be irrelevant in meeting user needs because the assumptions of an applicable reporting framework may not apply in particular circumstances. An auditor must look to broader-level principles and objectives of financial reporting in order to decide if the financial statements result in being “presented fairly.” Put another way, “present fairly” is more principles based, whereas “in conformity with GAAP” or “in accordance with GAAP” is more rules-based accounting.7 The issue of principles-based accounting is becoming even more important with the distinctions made by CAS 200.13 between a “compliance” reporting framework and a “fair presentation framework.” The words “present fairly” now mean something. The auditor can use the words “present fairly” in the opinion paragraph only if a fair presentation reporting framework is used, as defined in CAS 200.13. A fair presentation framework is one that is more principles based, allowing disclosures beyond and departures from more-specific reporting requirements. This focus on broader principles, understanding user needs, and related concepts is a major reason for introducing the critical thinking concept in this chapter. Postscript: The auditors of Continental Vending were found guilty of criminal fraud in misleading investors despite the auditee’s compliance (in accordance) with GAAP. The auditors were sentenced to jail but were pardoned by President Nixon. This case set the legal precedent for the importance of principles-based accounting.
More on Critical Thinking LO3
Outline the characteristics of critical thinking.
With the adoption of international standards and their greater emphasis on the most basic principles of accounting and auditing, the role of critical thinking in professional judgment has become more important. For example, auditors now need to distinguish between “compliance” and “fairness of presentation” with an appropriate financial reporting framework. In addition, critical thinking and skepticism become more important when the auditor takes on more responsibility for detecting fraud and other types of unethical reporting. Critical thinking considers how the financial statements will be used in a particular engagement. This is necessary in evaluating the appropriateness of how the assertions are presented to third parties and how courts might view a situation in litigation. Critical thinking is especially important in evaluating the application of accounting principles using accounting estimates, as covered in Chapter 19 (available on Connect). As noted in Chapter 1, the economic crisis of 2008/2009 created new concerns about the limits of the audit process and the financial reporting that it verifies. When combined with new concepts like accounting risk, critical thinking can be used to help address these concerns. A framework for critical thinking is outlined in this section and more thoroughly discussed in Appendix 3A (available on Connect). Applications of different parts of this framework are illustrated in the exercises throughout the text.
WWW.TEX-CETERA.COM
86
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
Auditors cannot rely on standards for detailed rules in all possible situations. The international code of professional ethics of the International Federation of Accountants (IFAC) recognizes that every engagement is unique, and, consequently, auditors must tailor their moral imaginations to the specific circumstances of the engagement. This is part of being a professional rather than just a technician mechanically following standards and rules of conduct. It does not work to rely too much on one broad principle of morality, such as utilitarianism, to resolve all ethical conflicts. By the same token, it is not sufficient to merely follow detailed rules of GAAP and generally accepted auditing standards (GAAS) and rules of ethics on an engagement in order to meet audit objectives. The social and moral world is complicated and messy. People will disagree on how to measure utility and how to prioritize rights and duties. Critical thinking is an increasingly important skill for auditors wishing to meet ethical reporting expectations of users of financial statements. A framework for structured thinking will better prepare you to deal with the ethical and other issues of professional judgment in the 21st-century audit environment. A critical thinking framework is one that consists of principles, concepts, and their application, and ethics is an important concept within the framework. In the end, the auditor must have good reasons other than that “it feels right” to support a position. As illustrated in the “Continental Vending” box, reliance on detailed rules of GAAS and GAAP may not be enough for good professional judgment. Standards should not be seen as a recipe to memorize, and true professionalism means being aware of how and why the standards have evolved the way they have. Basic principles underlie all the standards and the standard-setting process. Some of these principles are more obvious than others, and critical thinking helps identify the less obvious ones. For example, Appendix 1B discusses theories related to the important concept of meeting the public interest. Ultimately, the auditor relies on fundamental principles, such as fairness of presentation in the circumstances, meeting the public interest, and maintaining the reputation of the profession. There are no universal rules for achieving these in all situations, and the auditor must think through each case in a systematic way. A critical thinking framework is a guide to helping achieve a well-supported conclusion. A key step in critical thinking is applying logic to your reasoning. Applying logic essentially means identifying reasons supporting a claim or conclusion. There must be a link between reasons and a conclusion, and on an audit engagement, we want that link to be strong. A second condition, that of truth or substantial truth of the reasons, should be met before we can say that an audit conclusion is justified by the reasons given. If both these conditions are satisfied, then we can say that our conclusion is justified by the reasons. The term sound reasoning, the essence of being objective on an issue, can be used when our conclusions are justified this way. Thus, for example, CAS 200, A6–A7, requires the auditor to identify the broad principles and concepts serving as a basis for applying accounting policies to meet the general reporting objectives of a framework, such as the International Financial Reporting Standards (IFRS) conceptual framework. These broad principles and concepts are the basis for sound reasoning regarding fairness of presentation and ethical reporting in particular circumstances. If sound reasoning is sufficiently documented, then it also provides evidence of how objective and competent the auditor is on a particular engagement. This is why the Canadian Public Accountability Board (CPAB), the regulators, and the courts like to look at audit documentation and why the documentation standards of audit work are important. Critical thinking involves questioning the application of a standard, the concepts and principles underlying it, and the consistency of standards with one another. Questioning of standards may go back to questions about the goals of financial reporting, as is becoming evident with the CASs’ new classification of financial reporting frameworks as general purpose versus special purpose, and fairness of presentation versus compliance
critical thinking framework: principles and concepts to help structure your thinking for more ethical reporting so that your conclusions will be better justified
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
87
objectives. These are difficult tasks! But logical consideration of the differences is what makes the auditor a true professional (instead of merely one who uses the rules-following mentality or “checklist mentality” of a nonprofessional—the type of drudge work that is increasingly being outsourced by accounting firms to countries with cheaper labour costs). Whereas logic is concerned with the link between reasons and conclusion, the truthfulness of reasons is determined by the source of the reasons. Sources of reasons include accounting and auditing theory and their underlying concepts, assumptions, and principles. These concepts, along with the words used to state them, affect the persuasiveness of your reasons as an auditor. A critical thinker uses language to clarify, not cloud or bias, the reasoning. For example, an auditor uses the words “present fairly” to persuade the user of the acceptability of the audited financial statements. But these words should have some meaning if they are to go beyond just sounding nice. CAS 200.13 now explicitly distinguishes between “compliance” and “fair presentation” financial reporting frameworks, and we will get into these distinctions later in the text. For now, note from the Continental Vending case that had the auditors used better judgment, including more “common sense,” rather than trying to “hide behind GAAP,” they might not have been found guilty of committing fraud for issuing a report that they should have known would be misleading or unethical. Professional judgment in auditing is essentially critical thinking on accounting issues and the evidence related to them. The critical thinking framework can be used to decide when an audit conclusion is sufficiently justified. When this reasoning is documented in an audit, there is no basis for questioning the sufficiency of audit documentation. The continuing problems found by the CPAB in auditor documentation suggest insufficient critical thinking in professional judgment on the part of practising auditors. These CPAB findings are reviewed later in the advanced chapter on auditor responsibilities (Chapter 18). For a more complete discussion of the critical thinking framework, along with illustrations of its application, see Appendix 3A. This brief review of the principles of ethics and critical thinking provides some background on the way people approach difficult decision problems. The greatest task is to take general ethical principles and apply them to a real decision. Applying them through codes of professional ethics is a challenge. In this book, we suggest that the minimal critical thinking issues auditors should consider are the following. It is important to supply good reasons for conclusions (claims). The most important reasons relate to how to apply ethical, accounting, and auditing principles underlying the professional standards to the particular circumstances of a client’s reporting. The reasons should be acceptable to third parties, especially capital providers. And the reasons should ultimately be based on materiality and the various risk concepts introduced in this book. In true critical thinking, however, the auditor should also consider alternative reasons that might support a different conclusion. The type of skepticism that the auditor applies to his or her own reasoning is a key part of critical thinking. It is the type of reflective thinking required in good ethical reasoning combined with the principles of argumentation and logic discussed in Appendix 3A. We thus apply the term critical thinking to professional judgment that uses concepts and principles beyond those found in existing professional standards. Professional judgment in its most basic form involves several key steps: 1.
Identifying the crucial issues
2.
Gathering information on all the significant assertions
3.
Identifying possible alternative courses of action
4.
Evaluating the alternative courses of actions
5.
Deciding on the best course of action
Note that step 1 especially involves consideration of the broader context of the audit-task environment, such as the type of accountability needed and who is the accountable party. In addition, there are professional judgments on primarily auditing issues (gathering and evaluating the evidence) and professional judgments in evaluating the application of the accounting. Combining these judgments requires yet more judgment, with the critical thinking elements discussed above and in Appendix 3A. To avoid confusion, in the rest of this book we
WWW.TEX-CETERA.COM
88
PART 1
Introduction to Auditing, Public Practice, and Professional Responsibilities
use the term professional judgment as defined in CAS 200, and the deeper and more integrative structures of these judgments we refer to as critical thinking. Critical thinking is more of an advanced audit topic. Later chapters illustrate applying professional judgment and the critical thinking framework to specific audit and accounting issues. The rest of this chapter is devoted to the more practical rules of professional ethics, related concepts and principles, and their application in relevant situations. These professional rules and principles rely on the various ethical theories discussed in this section, especially duty-based theories, for their justification.
Review Checkpoints 3-13 Why should auditors act as though there is always a potential conflict of interest between the auditor and the management of the enterprise under audit? 3-14 Can the auditor detect deception without being skeptical? Explain. 3-15 What is a professional accountant’s role with regard to ethical decision problems? 3-16 When might the rule “Let conscience be your guide” not be a sufficient basis for your personal ethical decisions? for your professional ethical decisions? 3-17 Assume that you accept the following ethical rule: “Failure to tell the whole truth is wrong.” In the illustrations about (a) your position as a bank director and (b) your knowledge of the cashier’s forgeries, what would this rule require you to do? Why is an unalterable rule, such as this one, considered an element of duty-based ethical theory? 3-18 How do utilitarian ethics differ from duty-based ethics? 3-19 Why are simplified monistic theories of ethics not sufficient for professional decision making? 3-20 Why is critical thinking becoming more important in the CAS and IFRS audit environment?
Codes of Professional Ethics LO4
Describe the purpose and contents of the codes of professional ethics established by the various professional accounting bodies.
All the Chartered Professional Accountant (CPA) provincial bodies and the IFAC have their own rules of professional conduct for their members and students, either provincially or nationally. Generally, these rules are published as part of a member’s handbook identifying the various activities and regulations of the public accounting associations and include a section on professional conduct. Codes of conduct need to develop a balance between detailed rules and more general principles. They also need to be practical, and, as a result, they tend to have similar frameworks, as indicated in the box below. The codes of professional conduct are usually organized hierarchically, moving from general principles at the beginning, to rules, and then on to specific interpretations of the rules. The general principles are sometimes referred to as “ideal standards” and the more specific rules and related interpretations as “minimum standards.” An example of a code is the CPA Ontario Member’s Handbook, which identifies the various activities and regulations of CPA Ontario, including a section on professional conduct that is divided into three parts: the Foreword, the Rules of Professional Conduct, and the Interpretation of the Rules. Many people consider the Foreword the most important part of the professional conduct regulations, because it contains principles that provide guidance in the absence of specific rules.8 See the following link for the website: cpaontario.ca/ Resources/Membershandbook/1011page2635.pdf.
WWW.TEX-CETERA.COM
CHAPTER 3
Auditors’ Ethical and Legal Responsibilities
89
International Federation of Accountants Framework for a Code of Ethics for Professional Accountants (as Adapted for This Book) ¼`¼ .¼LOF?MoNBCM¼>?>Ccation to serve is more like a state of mind). ¼`¼ /LCH=CJF?M¼H?=?MM;LS¼NI¼;NN;CH¼I?M¼?R;GJF?M�¼¼ JIFC=C?M¼ ;H>¼ ;MMCAH?>¼ L?MJIHMC?HNC@S¼ LCME¼ ;H>¼ ?HMOL?¼ ?RJIMOL?¼ NI¼ MO=B¼ risks is minimized? Risks include – changes in business and regulatory operating environment – new personnel – changes in information systems – rapid change in operations – new technology – new business models, products, or activities, including financial instruments/derivatives – organizational restructuring – foreign expansion – new accounting standards ¼`¼ #I?M¼ G;H;A?G?HN¼ CH>?J?H>?HNFS¼ ?P;FO;N?¼ NB?¼ ILA;HCT;NCIHsM¼ CHN?LH;F¼ =IHNLIF¼ ?HPCLIHG?HN¼ NI¼ assess its effectiveness? INFORMATION AND COMMUNICATIONS High-quality management information is an essential component of internal control. Creating and communicating information is relevant to operating decisions and to financial reporting objectives. The auditor is concerned mainly with the financial reporting information system, consisting of the procedures and records established to initiate, record, process, and report transactions, events, and conditions and to maintain accountability for the related assets, liabilities, and equity. Consider the following aspects: ¼`¼ #I?M¼ G;H;A?G?HN¼ B;P?¼ >I=OG?HN?>¼ JIFC=C?M¼ ;H>¼ JLI=?>OL?M¼ NI¼ >?P?FIJ�¼ IJ?L;N?�¼ ;H>¼ maintain information systems, related business processes, and accounting cycles that produce reliable and timely financial information? ¼`¼ ';M¼ G;H;A?G?HN¼ CGJF?G?HN?>¼ ;H¼ CH@ILG;NCIH¼ MSMN?G¼ NB;N¼ CM¼ Q?FF¼ >?MCAH?>¼ NI¼ ;=BC?P?¼ NB?¼ following financial reporting objectives? – Identify and record all valid transactions related to the organization in their proper reporting period. – Capture sufficient detail to permit proper classification, measurement, and presentation of transactions in the financial statements and note disclosures in accordance with GAAP or other appropriate basis of accounting. ¼`¼ L?¼ ;JJLIJLC;N?¼ FCH?M¼ I@¼ ;ONBILCNS¼ ;H>¼ L?JILNCHA¼ =F?;LFS¼ ?MN;� ¼`¼ #I?M¼ G;H;A?G?HN¼ A;NB?L¼ CH@ILG;NCIH¼ @LIG¼ ;H>¼ =IGGOHC=;N?¼ CH@ILG;NCIH¼ NI¼ ;JJLIJLC;N?¼ people on a timely basis? ¼`¼ (M¼ NB?L?¼ ;¼ =IGGOHC=;NCIH¼ JLI=?MM¼ ;P;CF;¼ CGJLIJLC?NC?M�¼ For example, has management established an effective whistle-blower program as it relates to financial reporting? ¼`¼ (M¼ NB?L?¼ ;¼ >CM;MN?L¼ L?=IP?LS¼ JF;H¼ CH¼ JF;=?¼ NI¼ ?HMOL?¼ GCHCGOG¼ >CMLOJNCIH¼ MBIOF>¼ G;H;A?G?HN¼ information, accounting records, or other important data be destroyed, damaged, or stolen? MONITORING Consider the following aspects: ¼`¼ ';M¼ G;H;A?G?HN¼ ?MN;¼ ?@@?=NCP?¼ GIHCNILCHA¼ JLI=?>OL?M� ¼`¼ #I?M¼ G;H;A?G?HN¼ B;P?¼ ;¼ ¼ ;A;CHMN¼ ;=NO;F¼ L?MOFNM� ¼`¼ #I?M¼ G;H;A?G?HN¼ GIHCNIL¼ =IGJFC;H=?¼ QCNB¼ CHN?LH;F¼ =IHNLIF¼ JIFC=C?M¼ ;H>¼ JLI=?>OL?M� ¼`¼ #I?M¼ G;H;A?G?HN¼ CHP?MNCA;N?¼ P;LC;H=?M¼ ;H>¼ N;E?¼ JLIJ?L¼ ;H>¼ NCG?FS¼ =ILL?=NCP?¼ ;=NCIH� Control activities are the policies and procedures that ensure actions are taken to address risks that threaten the achievement of the entity’s objectives. Control activities are part of the information system, can be manual or IT based, are directed toward the control objectives, and are applied at various organizational and functional levels. This questionnaire divides control activities questions into general controls and application controls. General controls tend to affect many or all of the underlying accounting processes, while application controls relate to each specific accounting process.
WWW.TEX-CETERA.COM
(continued)
CHAPTER 9
Control Assessment and Testing
EXHIBIT 9A–1
Internal Control Questionnaire for Company-Level Controls and Control Activities (continued) Auditor Responses
COMPANY-LEVEL CONTROLS
Audit File References
General Controls General controls are pervasive policies and procedures that tend to affect to most or all processes in the information system and most or all organizational levels. Consider the following: ¼`¼ L?¼ NB?L?¼ JIFC=C?M¼ ;H>¼ JLI=?>OL?M¼ CH¼ JF;=?¼ NI – prevent unauthorized access or changes to programs and data? – ensure the security and privacy of data? – control and maintain key systems? – protect assets susceptible to misappropriation? ¼`¼ (M¼ G;H;A?G?HNsM¼ ;JJLI;=B¼ NI¼ (3¼ JF;HHCHA¼ ;H>¼ H?Q¼ MSMN?GM¼ >?P?FIJG?HN¼ ;>?KO;N?¼ NI¼ ensure new systems and systems changes protect the integrity of data and processing? In particular, note procedures that ensure the following: completeness, accuracy, and authorization of data and processing; the existence of adequate management trails; and the protection of the continuity of IT operations by backup procedures and a formal disaster plan. ¼`¼ L?¼ ;JJLIJLC;N?¼ JLI=?>OL?M¼ CH¼ JF;=?¼ @IL¼ MI@NQ;L?¼ ;H>¼ B;L>Q;L?¼ OJAL;>?M¼ ;H>¼ INB?L¼ systems maintenance? ¼`¼ L?¼ >;S NI >;S¼ IJ?L;NCIHM¼ ;>?KO;N?FS¼ =IHNLIFF?>¼ ;N;¼ integrity? ¼`¼ L?¼ ;==?MM¼ =IHNLIFM¼ ;>?KO;N?�¼ "IHMC>?L¼ QB?NB?L¼ CHN?LH;F¼ ;==?MM¼ CM¼ GIHCNIL?>¼ ;=LIMM¼ NB?¼ information system such that appropriate personnel have access only to files they need to do their jobs, and unauthorized access is prohibited. ¼`¼ %IL¼ (3¼ MSMN?GM¼ ;H>¼ ;JJFC=;NCIHM¼ LOH¼ IP?L¼ NB?¼ (HN?LH?N¼ IL¼ INB?L¼ N?F?=IGGOHC=;NCIHM¼ systems, is external access security adequately protected by firewalls, virus protection software, or other IT security features? Auditor’s conclusion on the company-level and general controls:
Prepared by
Date
_____________________________________________________________________________________
____________
____________
_____________________________________________________________________________________
____________
Application Controls Application controls relate to recording, processing, and reporting information. They will be specific to the business processes and related accounting cycles that generate financial information. Recording includes identifying and capturing the relevant information for transactions or events. Processing includes calculation, measurement, valuation, and summarization, whether performed by IT-based or manual procedures. Reporting relates to the preparation of financial reports, electronic or printed, that management uses to measure and review the entity’s financial performance and reporting to stakeholders. For each accounting cycle, a separate detailed questionnaire should be completed that assesses the following aspects of information processing: ¼`¼ L?¼ >;N;¼ CHN?ALCNS¼ =IHNLIFM¼ ;>?KO;N?�¼ (>?HNC@S¼ ;H>¼ ;MM?MM¼ =IHNLIFM¼ IP?L¼ >;N;¼ CHJON¼ NI¼ ;H>¼ processed in the accounting cycle that ensure data and processing are valid, complete, and accurate. Consider functions such as edit and validation checks, programmed reasonability checks, dollar limits, sequence numbering, internal confirmation of transaction data transferred from database files to the application, reconciliation, and other relevant control features. ¼`¼ L?¼ ;==?MM¼ ;H>¼ ;ONBILCT;NCIH¼ =IHNLIFM¼ ;>?KO;N?�¼ ? A �¼ ;L?¼ ;==?MM¼ JICHNM¼ @IL¼ >;N;¼ ?HNLS¼ ;H>¼ inquiry (terminal, desktop, laptop, hand-held device, etc.) set up to allow only designated functions to be performed and only authorized personnel to access data, processing, and output? Based on the application control assessment, the auditor will develop a detailed plan setting out the planned audit approach, including decisions on whether to test controls as a component of audit evidence in addition to substantive evidence. Refer to the detailed internal control questionnaires for each business process/accounting cycle provided in Chapters 11–14. This is where the auditor will document control assessments and their conclusion on whether to test controls in the overall audit approach.
WWW.TEX-CETERA.COM
(continued)
489
490
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 9A–2
Standard Flowchart Symbols Basic
Input/output
Process
Flowline
Annotation
Additional
Start/Stop In-connector (entrance) (program terminator)
Out-connector (exit)
Specialized for Media
Document (report) Magnetic tape
Card (mark sense, punch)
Paper tape
Specialized for Equipment
Display
Manual input online Telecommunication (keyboard, barcode reader) link
Magnetic disk
Online storage
Offline storage (manually maintained data file)
Specialized for Processing
Decision
Preparation
Predefined process Manual offline (subroutine) operation
WWW.TEX-CETERA.COM
Auxiliary offline operation
Control Assessment and Testing
CHAPTER 9
491
In Exhibit 9A–3, you can see some characteristics of both flowchart construction and this accounting system.7 Minimizing the number of flow lines that cross each other is helpful for following the chart. Reading down each department’s column shows that initiation authority for transactions (both credit approval and sales invoice preparation) and custody of assets are separated. All documents have an intermediate or final resting place in a file (some of these files are in the flowcharts connected to A and B), thus giving auditors information about where to find audit evidence later. EXHIBIT 9A–3
Example of a Flowchart for the Revenue Process: Credit Approval and Revenue Processing, Shipment and Delivery Marketing Department Sales Clerks
Controller’s Office
Treasurer’s Office Credit Manager
Billing Department
START S-2
Operations Department
Accounts Receivable
Inventory Authority to move goods to shipping
Authorized price list
Customer order
Credit approval S-1 No
Signed by customer, except telephone and Internet orders
Customer asked to pay in advance. Order held. Released when payment is made.
Sales order (2)
Sales order
W-1
Prepare prenumbered sales invoice. (3)
Yes Credit manager signs the sales order
S.I. S.I S.I. Sales invoice
B Inventory records
4
Check for proper quantities. Alter invoice copies 3 and 4, if necessary. 3
S.I.
3 2 1
4
S.I.
Numerical “Pending Release” file
Customer order
Credit files
Prepare sales order. Estimate $ amount. (1)
Shipping
Customer order Sales order S.I. 2 Sales invoice
S-3
Customer signs for direct pickup
1
Numerical “Pending Shipment” file
(1) Sales order documents are not prenumbered and are kept in busy sales clerks’ area. A (2) Customer order is attached if written one was received. (3) Sales invoice blanks are prenumbered, kept in locked closet, and removed only for billing clerk use. Note: In the flowchart, (S-1), (S-2), (S-3) (in circles) indicate points of control strength, and (W-1) indicates a control weakness. The role of these points in control evaluation is explained in the chapter.
4
S.I.
Prepare prenumbered bill of lading. B.L. Bill of lading
2 1
To customer with shipment
APPENDIX 9B Understanding Information Systems and Technology for Risk and Control Assessment (on Connect)
WWW.TEX-CETERA.COM
492
PART 2
Basic Auditing Concepts and Techniques
ENDNOTES 1
CAS 315.
2
See Exhibit 9–5 for the related control objectives.
3
See the internal control framework presented in Chapter 7, Exhibit 7–1.
4
Other detailed examples of flowcharts and processing tables (an alternative system documentation format) are provided in Appendix 11B for the revenues/receivables/receipts accounting process.
5
CAS 260 and CAS 265.
6
CAS 260, paragraph 9; CAS 265, paragraphs 9–10.
7
Accounting firms have various methods for constructing flowcharts. The illustrations in this book take the approach of describing an accounting subsystem completely. Some accounting firms use more efficient methods of charting only the documents, information flows, and controls considered important for the audit.
WWW.TEX-CETERA.COM
A P P E N D I X
9 B
Understanding Information Systems and Technology for Risk and Control Assessment This appendix expands on the auditor’s internal control work by discussing control issues related to the auditee’s information systems and use of technology to generate financial statements. It provides further detail on how the auditor’s understanding of the auditee’s business, information systems, technology, and controls plays a role in control evaluation and audit planning.
L EA RNING OBJEC T IV E S LO10 Explain why an auditor must understand the organization’s information systems and technology to plan a financial statement audit.
LO11
Describe the characteristics and control risks in basic information technology–based accounting information systems.
LO12 Describe the following approaches to auditing information systems: auditing around the computer, auditing through the computer with computer-assisted audit techniques, and auditing with the computer using generalized audit software.
Internal Control, Information Systems, and the Audit Plan LO10
Explain why an auditor must understand the organization’s information systems and technology to plan a financial statement audit.
All aspects of the business world and management have been affected by the rapid evolution of the Internet and information technology (IT). Auditors are mainly concerned with IT processing, especially as it relates to the accuracy and reliability of the accounting processes and financial reporting. At an overview level, it is useful to look at IT in terms of its (a) Business processes—operations of the business in which IT is used (b) Applications—application software used by the IT 9B-1
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-2
(c) Infrastructure—all the technical resources necessary for the operation of the IT system, for example, hardware, operating system software, and communications facilities to support internal and external networks One part of the internal control system is the IT control system, which maintains control over how these elements operate together to achieve their objectives, while also reducing risk to a tolerable level. All auditors must be familiar with computer processing and controls so that they can complete the audit of simple systems and work with IT experts. An auditor’s IT experts are members of the audit team who understand computer technology and are aware of basic audit purposes. They are called in when there is a need for their skills, such as when the transaction automation is very complex. Rapid and radical changes in IT can be risk factors to a business in many different ways. They can expose the organization to control risks, such as unauthorized access to proprietary or confidential information. The auditor considers whether the entity has implemented effective general IT controls and application controls that respond adequately to the risks arising from IT. Controls over IT systems are considered effective if they maintain the integrity of information and the security of the data processed (CAS 315). This is another reason for audit teams to include IT experts who are up to date on the latest IT developments. Internal control evaluation and control risk assessment are essential components of every financial statement audit and must be considered in planning the audit work. Internal control and the controls relevant to the audit are emphasized in the generally accepted auditing standards (GAAS). When controls are a source of audit evidence, they should be tested for sufficient appropriate evidence that they corroborate the control assessment. The standards specify the extent of audit work necessary to understand the auditee’s controls related to significant risks and to assess the risk of material misstatement. If the auditor is to lower the assessed risk of material misstatement because relevant controls are in place, and substantive audit procedures alone cannot provide sufficient appropriate audit evidence, the effectiveness of these controls must be tested.
The Accounting Information System and Control An accounting system processes transactions, records them in journals and ledgers (either computerized or manual), and produces financial statements without necessarily guaranteeing their accuracy. Nevertheless, the accounting policies and procedures often contain important elements of control. The accounting instruction “Prepare sales invoices only when shipment has been made” is a control so long as the people performing the work follow the instruction. The control part of this policy could be expressed as, “Prepare sales invoices and record them only when a shipping document is matched.” All accounting systems do, however, whether computerized or manual, consist of four essential functions— data preparation, data entry, transaction processing, and report production and distribution. Data preparation is the analysis of transactions and their “capture” for accounting purposes. Transactions themselves are recorded either manually or automatically by programmed procedures. The capture is the creation of source documents, such as sales invoices, credit memos, cash receipts listings, purchase orders, receiving reports, and negotiable cheques, which provide the information for data entry. In some computerized accounting systems, however, the paper source documents are not produced first, and transactions are instead entered directly on a keyboard or captured by electronic equipment. For example, your smartphone data charges are initially captured by the provider’s information system using your cellphone number and the duration of the data usage.
WWW.TEX-CETERA.COM
9B-3
PART 2
Basic Auditing Concepts and Techniques
Data entry often consists of accounting personnel entering transaction information from source documents into an accounting software program. This process may produce a “book of original entry,” another name for a journal, such as the sales journal, purchases journal, cash receipts journal, cash disbursements journal, or general journal. In advanced paperless systems, electronic equipment may directly enter the accounting information without producing an intermediate journal. For example, your data usage is directly entered into the provider’s revenues and receivables accounts, which later produce your monthly cellphone bill. Transaction processing usually refers to posting the journals to the general ledger accounts, using the debits and credits you learned in other accounting courses. The posting operation updates the account balances, and processing by automated or manual procedures involves editing and validation, calculation, measurement, valuation, summarization, and reconciliation, which support financial statement assertions. When all data are entered and processed, the account balances are ready for placement in reports. Report production and distribution are the object of the accounting system. Internal management reports and external financial statements display account balances and are useful to management for measuring and reviewing the entity’s financial performance and for other functions. The internal reports are management’s feedback for monitoring and for control of operations. The external reports are the financial information for outside investors, creditors, and others. The accounting system produces a trail of accounting operations, from transaction analyses to reports, often called the audit trail. An audit trail refers to the series of accounting operations in a client’s system that goes from transaction analyses to entry to output reports. In auditing work, the trail starts with the source documents and proceeds through the information system processes to the final financial statement amounts. Auditors might follow this trail forward from source documents to reports to determine that everything that happened (transactions) got recorded in the accounts and reported in the financial statements. Or they might follow it backward from the financial reports to the source documents to determine whether everything in the financial reports is supported by appropriate source documents. Accounting controls are entity procedures (both computerized and manual) imposed on the accounting system to prevent, detect, and correct errors and irregularities that might enter and flow through to the financial statements. For example, a control procedure related to the accounting policy cited at the beginning of this section would be, “At the end of each day, the billing supervisor reviews all the sales invoices to see that the file copy has a bill of lading copy attached.” A good control-oriented accounting system will include at minimum a chart of accounts and written definitions and instructions about measuring and classifying transactions. This material is incorporated in computer systems documentation, computer program documentation, systems and procedures manuals, flowcharts of transaction processing, and various paper forms in most organizations. A company’s internal auditors and systems staff often review and evaluate this documentation, and independent auditors may review and study that work instead of doing the same tasks over again. The objective of accounting is to produce fairly presented statements of existence or occurrence, completeness, valuation, rights and obligations, and presentation and disclosure. The overriding objective of an entity’s accounting system, therefore, is to produce financial statement assertions that are faithful representations of the entity’s underlying economic reality. An accounting system cannot accomplish this objective without an integrated set of control procedures. Statements of objectives, policies, and procedures to that end should be given in the accounting manuals. Management should approve statements of specific accounting and control objectives and ensure that appropriate procedures are used to accomplish them.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-4
Review Checkpoints 9B-1 Where can an auditor find an auditee’s documentation of the accounting system? 9B-2 How do managers monitor control effectiveness? Why are controls monitored? 9B-3 What are the key functions of the accounting system? 9B-4 What is the audit trail? What is its use in the audit?
Understanding the Role of Systems in Control Assessment This section explains how the auditor’s understanding of the auditee’s business, information systems, technology, and controls plays a role in control evaluation and audit planning. When planning an audit of financial statements, auditors apply their knowledge of the auditee’s business, risks, systems, and controls to understand the impact of how the financial information is produced by the organization. The information systems and IT used influence the nature, timing, and extent of audit procedures in significant accounting processes. Significant accounting processes are those that can materially affect the financial statements. The extent, complexity, and organizational structure of IT use, availability of data, use of computer-assisted audit techniques (CAATs), and need for specialized skills are all important matters to consider. These issues are explained in detail in the following sections.
Extent of Information Technology Use Many types of integrated IT systems are available to enterprises ranging from small, local businesses to global, multi-divisional corporations. The extent of IT use in each of a company’s significant accounting processes needs to be considered in planning the nature, timing, and extent of audit procedures. Significant IT use in the accounting applications means that the audit team needs IT skills to understand the flow of these transactions. The level of computer use may also affect the nature, timing, and extent of audit procedures. Historically, accounting applications such as payroll, accounts receivable, accounts payable, and inventory were the first processes to be computerized. Now, virtually every business transaction is automated, and, in fact, the accounting applications may be a relatively small component of the enterprise’s overall information system.
Complexity of Information Technology Operations The auditor should consider his or her training and experience with the information processing methods used by the auditee when assessing the complexity of computer processing. The complexity of the auditee’s IT operations refers to things such as the hardware configuration in place and the degree to which various systems share common files or are otherwise integrated. Another consideration is the availability of transaction trails, as these may only cover short periods and be available only in a very complex or computer-readable form. It may be necessary to coordinate audit procedures with service organization auditors if significant accounting applications are processed at outside service centres. CAS 402, “Audit Considerations Relating to an Entity Using a Service Organization,” provides the relevant audit requirements when services provided by a service organization are relevant to the audit of a user entity’s financial statements. Audit-relevant controls at the service organization relate mainly to financial reporting but may also include controls over the safeguarding of assets. These factors affect the type and timing of audit evidence-gathering activities and need to be considered in audit planning. When the auditee uses the services of a service organization, the auditor must determine whether these services are relevant to the audit. If they are relevant, the auditor must obtain a sufficient understanding of the nature and significance of the services provided and their effect on the
WWW.TEX-CETERA.COM
9B-5
PART 2
Basic Auditing Concepts and Techniques
Standards Check CAS 402 Audit Considerations Relating to an Entity Using a Service Organization 3.
Services provided by a service organization are relevant to the audit of a user entity’s financial statements when those services, and the controls over them, are part of the user entity’s information system, including related business processes, relevant to financial reporting. Although most controls at the service organization are likely to relate to financial reporting, there may be other controls that may also be relevant to the audit, such as controls over the safeguarding of assets. A service organization’s services are part of a user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following: (a) The classes of transactions in the user entity’s operations that are significant to the user entity’s financial statements; (b) The procedures, within both information technology (IT) and manual systems, by which the user entity’s transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger, and reported in the financial statements; (c) The related accounting records, either in electronic or manual form, supporting information and specific accounts in the user entity’s financial statements that are used to initiate, record, process, and report the user entity’s transactions; this includes the correction of incorrect information and how information is transferred to the general ledger; (d) How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements; (e) The financial reporting process used to prepare the user entity’s financial statements, including significant accounting estimates and disclosures; and (f) Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments.
Source: CPA Canada Handbook—Assurance, 2014.
auditee’s internal control relevant to the audit, to identify and assess the risks of material misstatement. The auditor must then plan the audit to respond appropriately to these assessed risks.
Organizational Structure of Information Technology Organizations can differ greatly in the design of their information systems. The main variable might be the degree of centralization within organizational structures. In a highly centralized organizational structure, all significant computer processing activities are controlled and supervised at a central location. The control environment, hardware, and operating systems are uniform throughout the company. Visiting the central location will give auditors most of the necessary knowledge about information systems and processing. At the other extreme, a highly decentralized organizational structure will allow departments, divisions, subsidiaries, or geographical locations to develop, control, and supervise information systems autonomously. Auditors will need to visit many locations to obtain the necessary audit information. Within an organization, the number of people involved in operating the information systems and their level of relevant IT knowledge are both important audit considerations for assessing segregation of functions and control risk.
Availability of Data Input data, system-generated files, and other data required by the audit team may exist only for short periods or only in computer-readable form. In some systems, hard-copy input documents may not exist at all because information is entered directly. The data retention policies adopted by an auditee may require auditors to arrange for certain information to be retained for audit purposes. Also, auditors may need to plan to perform certain audit procedures at an interim date while the information is still available. Certain information generated by the computer system for management’s internal purposes may allow the auditors to perform analytical procedures. For example, the information system may report sales information
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-6
by month, by product, and by salesperson. These details can be analyzed to determine whether the income statement amounts are reasonable and to identify risk areas in the business operations. These procedures can be included in the audit program and provide audit evidence if the reliability of the details can be verified.
Use of Computer-Assisted Audit Techniques CAATs may be used to increase the efficiency of certain audit procedures and also to enable auditors to apply certain procedures to an entire population of accounts or transactions. There are two main categories of CAATs: (1) audit software and (2) test data. The use of these techniques requires advance planning and may require individuals with specialized IT skills as members of the audit team. These techniques are explained further later in this appendix.
Need for Specialized Skills To determine the need for specialized IT skills, all aspects of an auditee’s computer processing should be considered. In planning the engagement, the audit manager may conclude that certain specialized skills are needed to determine the effect of computer processing on the audit, to understand the flow of transactions, or to design and perform audit procedures. For example, specialized skills relating to various methods of data processing, programming languages, software packages, or CAATs may be needed. Audit team members should possess sufficient IT knowledge in order to know when to call on IT experts, and to understand and supervise their work to ensure it provides relevant evidence to meet the audit objectives.
Review Checkpoints 9B-5 How does the extent to which information systems are computerized affect audit planning? 9B-6 What impact does it have on the audit if the transaction trails in an auditee’s system are only available in machine-readable form for a limited period? 9B-7 How does the auditee’s use of an outside service organization to process accounting information affect planned audit procedures? 9B-8 List several aspects of the auditee’s information systems and IT that indicate the need for an IT specialist on the audit team. 9B-9 If an auditee has organized its information systems in a decentralized structure, what impact will this have on performing the audit? 9B-10 What factors in the auditee’s systems indicate audit work may need to be performed at an interim date?
Basic Information Technology–Based Accounting Information Systems: Characteristics and Control Considerations LO11
Describe the characteristics and control risks in basic information technology–based accounting information systems.
As a basis for developing your understanding of information systems in general and the risks presented by IT use, this section describes the characteristics of simple accounting information systems and their
WWW.TEX-CETERA.COM
9B-7
PART 2
Basic Auditing Concepts and Techniques
controls. One example of a simple type of system is a local area network (LAN). A second one might use a stand-alone PC, for example, a small business computer, laptop, or intelligent terminal. These small computers can have any or all of the characteristics of advanced systems.
Characteristics of a Simple Information Technology–Based Information System In a simple LAN-based system, processing occurs at a central network server computer, and several other PCs at that location are connected to the network, which, in turn, is connected to the Internet. The business system connections are usually cable, but wireless networks are also common. Several LANs at different office locations can be combined to make a wide area network. Simple LAN system operations usually involve a small number of people. A system’s central processing facility may use batch processing (also called serial or sequential processing), which means that all records to be processed are collected into groups (batches) of like transactions. Each group can then be processed using the same programs and master files. For example, all payroll records are run at one time, from input in the form of employees’ identification numbers and hours worked to employee master file data for pay rate and deduction information. The programs edit and validate the input and then process it to compute the payroll, print cheques, update year-to-date records, and summarize payroll information for management. After the run is finished, the programs and data files are saved to storage media, and checking and report output is distributed. Batches can be collected either at a central computer or at other locations. Input transactions may be entered via online terminals and stored for processing. Many systems now have online processing capability that was traditionally associated with advanced systems. Data processing is considered online (direct access or random) if users can access data and programs directly from terminal devices, such as PCs, or wirelessly, using devices like smartphones. Regardless of location, batch processing is done using the same programs. The master data files take the place of subsidiary and general ledgers in manual systems, and the batches of transactions are similar to journals in a manual system. All transactions in a batch may be listed in printed output, but the transaction detail is usually not printed and, rather than the familiar journal, summary entries are prepared for updating general ledger master files. Master files contain records with two types of fields: static fields, such as employee number and pay rate, and dynamic fields, such as year-to-date gross pay and account balances. Most computer processing of accounting data involves changing these fields in the master file records. The dynamic fields are changed in update processing, as was described for batch processing of payroll. The static fields are changed by file maintenance processing, which will add or delete entire records (e.g., new employee) or change fields (e.g., new pay rate). Both types of changes, and their authorization and control, are things that auditors are concerned with.
Information Technology Controls Control procedures in an IT-based accounting system may be classified into two types: general controls and application controls. General IT controls relate to any computerized accounting activity, such as controls over access to computer programs and data files. Application controls relate to individual accounting applications, for example, programmed validation controls for verifying customers’ account numbers and credit limits. The general controls are usually considered early in the audit, so they will be presented first here.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-8
General Information Technology Controls Organization and Physical Access The proper segregation of functional responsibilities—authority to authorize transactions, custody of assets, recordkeeping, and periodic reconciliation—is as important in computer systems as it is in manual systems. However, computer systems also involve such unique functions as systems analysis, programming, data conversion, library functions, and machine operations. Further separation of duties is, therefore, recommended. The physical security of computer equipment and limited access to both computer program files and data files are as important as segregation of technical responsibilities. Access controls help prevent improper use or manipulation of data files, unauthorized or incorrect use of computer programs, and improper use of the computer equipment. The librarian function, or librarian software, should control access to systems documentation and to program and data files through a checkout log (a record of entry and use) or password that records use. Anyone accessing both documentation and data files will have enough information to alter data and programs for his or her own purposes. Locked doors, security passes, passwords, and check-in logs (including those produced by the computer) limit physical access to the system hardware. Scheduled running of computer applications will also detect unauthorized access by comparing the system software reports to the schedule for variations from the plan that might indicate unauthorized use of computer resources. Weakness or absence of organizational and access controls decreases the overall integrity of the computer system. When there are deficiencies, the audit team should evaluate the impact on control risk. Auditors review and document the organization and access control of a computer facility through a series of questions, some of which are shown in the following box.
Organization and Physical Access: Selected Questionnaire Items Preliminary ¼`¼ /L?J;L?¼IL¼B;P?¼NB?¼;O>CN??¼JL?J;L?¼;¼p"IGJON?L¼/LI@CF?�q¼QBC=B¼MBIOF>¼CH=FO>?¼;H¼ILA;HCT;NCIH¼=B;LN�¼B;L>Q;L?¼;H>¼ peripheral equipment, communication network, major application processes (batch or online), significant input and output files, software used, and a layout of the data centre.
Organization ¼`¼ L?¼NB?¼@IFFIQCHA¼@OH=NCIHM¼J?L@ILG?>¼C@@?L?HN¼CH>CPC>O;FM¼MI¼NB;N¼JLIJ?L¼M?AL?A;NCIH¼I@¼>ONC?M¼?RCMNM� (a) Application programming, computer operation, and control of data files (b) Application programming and control and reconciliation of input and output ¼`¼ L?¼=IGJON?L¼IJ?L;NILM¼LIN;N?>¼J?LCI>C=;FFS¼@LIG¼MBC@N¼NI¼MBC@N� ¼`¼ L?¼JLIAL;GG?LM¼;H>¼MSMN?GM¼;H;FSMNM¼LIN;N?>¼J?LCI>C=;FFS¼@LIG¼;JJFC=;NCIH¼NI¼;JJFC=;NCIH�
Data and Procedural Control ¼`¼ (M¼NB?L?¼;¼M?J;L;N?¼ALIOJ¼QCNBCH¼NB?¼=IGJON?L¼>?J;LNG?HN¼NI¼J?L@ILG¼=IHNLIF¼;H>¼¼IONJON� ¼`¼ L?¼NB?L?¼QLCNN?H¼JLI=?>OL?M¼@IL¼M?NNCHA¼OJ¼CHJON¼@IL¼JLI=?MMCHA� ¼`¼ (M¼NB?L?¼;¼@ILG;F¼JLI=?>OL?¼@IL¼>CMNLC?J;LNG?HNM�
Access Control ¼`¼ ¼`¼ ¼`¼ ¼`¼
(M¼;==?MM¼NI¼NB?¼=IGJON?L¼LIIG¼L?MNLC=N?>¼NI¼;ONBILCT?>¼J?LMIHH?F� L?¼IJ?L;NILM¼L?MNLC=N?>¼@LIG¼;==?MM¼NI¼JLIAL;G¼;H>¼;JJFC=;NCIH¼>I=OG?HN;NCIH� #I?M¼;==?MM¼NI¼IHFCH?¼@CF?M¼L?KOCL?¼NB;N¼MJ?=C@C=¼J;MMQIL>M¼¼NI¼C>?HNC@S¼;H>¼P;FC>;N?¼NB?¼N?LGCH;F¼OM?L� .HFCH?¼=IHNLIF¼CMMO?M�¼"IHMC>?L – Viruses – Hackers – Firewalls
WWW.TEX-CETERA.COM
9B-9
PART 2
Basic Auditing Concepts and Techniques
Documentation and Systems Development Documentation communicates the essential elements of the data processing system. It can provide information for the following uses: � � Management review of proposed application systems �� Application systems history and background and guidelines for developing new applications �� Computer application operational data �� Control evaluation �� Operating instructions �� Program revision through details of processing logic �� Audit software planning and implementation, or other auditing techniques
Auditors review the documentation to gain an understanding of the system and to determine if the documentation is adequate and whether systems development and documentation standards have been established by the auditee. This is difficult to do if no written standards exist. Standards should be set down by management in a systems development and documentation standards manual that covers (1) proper user involvement in the systems design and modification process, (2) review of the specifications of the system, (3) approval by user management and data processing management, and (4) controls and auditability. Examples of questionnaire items related to systems development documentation are shown in the following box.
Documentation and Systems Development: Selected Questionnaire Items Development ¼`¼ #I?M¼;¼QLCNN?H¼JLCILCNS¼JF;H¼?RCMN¼@IL¼>?P?FIJG?HN¼I@¼H?Q¼MSMN?GM¼;H>¼=B;HA?M¼NI¼IF>¼MSMN?GM� ¼`¼ #I?M¼NB?¼>?MCAH¼;H>¼>?P?FIJG?HN¼I@¼;¼H?Q¼MSMN?G¼CHPIFP?¼NB?¼OM?LM¼;M¼Q?FF¼;M¼=IGJON?L¼J?LMIHH?F� ¼`¼ (M¼NB?L?¼;¼@ILG;F¼L?PC?Q¼;H>¼;JJLIP;F¼JLI=?MM¼;N¼NB?¼?H>¼I@¼?;=B¼MCAHC@C=;HN¼JB;M?¼CH¼>?P?FIJCHA¼;¼H?Q¼MSMN?G�
Documentation ¼`¼ #I¼QLCNN?H¼MN;H>;L>M¼?RCMN¼@IL¼>I=OG?HN;NCIH¼I@¼H?Q¼MSMN?GM¼;H>¼@IL¼=B;HACHA¼>I=OG?HN;NCIH¼QB?H¼?RCMNCHA¼MSMtems are revised? ¼`¼ #I?M¼NB?¼@IFFIQCHA¼>I=OG?HN;NCIH¼?RCMN¼@IL¼?;=B¼;JJFC=;NCIH� – System flowchart – Record layouts – Program edit routines – Program source listing – Operator instructions – Approval and change record
In many modern, networked information systems, much of the operating system and application software is purchased “off the shelf” from software companies. For example, Microsoft Windows operating systems are used in a majority of organizations, both in network servers and on individual desktops. Systems documentation tends to be online, accessed over the Internet by the network technicians. The general control components provide a framework that can be adapted to the variety of computer operations structures that exist in organizations, each with its own specific system description. Since the development of systems and the documentation of the configurations for each may be ad hoc, it is important for auditors to focus on risks to financial reporting. An auditor needs to consider certain aspects when an auditee uses
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-10
custom-built information systems for applications that are significant to the financial reports and where ITrelated control weaknesses are likely to create a risk of material misstatement of the financial statements. Auditors should review the manuals describing systems development standards to determine whether they are adequate. A review of the documentation will then determine whether the standards are being followed. This review is a test of controls audit of systems development standards (and controls) and it allows auditors to gain an understanding of how a particular system works. This kind of work may require the knowledge and skills of an IT audit specialist. Auditors are interested in the following elements of the documentation of accounting applications: application description, problem definition, program description, acceptance testing records, computer operator instructions, user department manual, change and modification log, and listing of controls. For example, the application description usually contains system flowcharts, descriptions of all inputs and outputs, record formats, lists of computer codes, and control features. The application system flowcharts can frequently be adapted to audit working paper flowcharts where the flow of transactions can be followed and control points noted. Copies of record formats of significant master files can be obtained for use in the CAATs described later. The program description should contain a program flowchart, a listing of the program source code (such as C++ or Java), and a record of all program changes. Auditors should review this documentation to determine whether programmed controls, such as input validations, exist. The acceptance testing records may contain test data that auditors can use to perform their own tests of controls audit procedures. The users’ manual should indicate procedures and controls in the user departments that submit transactions and receive the output. The log of changes and modifications is important to auditors because it should provide assurance that the application systems have been operating as described for the period under review, and that all changes and modifications have been authorized. The controls documentation is also very important because all the computer controls described in other sections are repeated here, along with manual controls affecting the application program. Reviewing this section provides auditors with an overview of both general controls and controls over transaction processing in a particular application. Hardware Modern computer equipment is very reliable, and machine malfunctions that go undetected are relatively rare. While you are not expected to be a computer systems engineer, you should be familiar with some of the hardware controls so that you can converse knowledgeably with computer personnel. The most important hardware control in computers is a parity check. This ensures that the coding of the computer’s internal data does not change when it is moved from one internal storage location to another. Another hardware control, an echo check, involves “echoing back” to the sending location a read after each write so that the results can be compared. Many computers also contain dual circuitry to perform arithmetic operations twice. Auditors (and management) cannot do much about the absence of these controls and should focus on operator procedures when errors do occur. In addition, many companies now rely on back-end database servers to do much of their processing. The server manages application tasks, handles storage and security, and provides scalability—linking up more PCs and expanding the firm’s network. The front-end of the system handles the user interface, such as smartphones and PCs. Servers increase the reliability of IT systems by building in redundancies in memory, disk drives, and power supply. Modern computers are largely self-diagnostic, but written procedures should exist for all computer malfunctions, and the causes and resolutions for all of these should be recorded. Auditors are also interested in preventive maintenance. They should determine if maintenance is scheduled and whether the schedule is followed and documented. Frequently, maintenance is under contract with the computer vendor, and in such cases, auditors should review the contract as well as the
WWW.TEX-CETERA.COM
9B-11
PART 2
Basic Auditing Concepts and Techniques
record of regular maintenance work. Other general evidence on hardware reliability may be obtained from a review of operating reports and downtime logs.
Data File and Program Control and Security Controls over physical access to the computer hardware were described previously as part of organization controls. Control over access, use, and security of the data files and programs is equally important and sensitive. Since magnetic storage media can be erased or written over, controls are necessary to ensure that the proper file is being used and that the files and programs are appropriately backed up. Backup involves a retention system for files, programs, and documentation so that master files can be reconstructed in case of accidental loss and processing can continue at another site if the computer centre is lost somehow. Thus, backup files must be stored offsite, away from the main computer. Some of the more important security and retention control techniques and procedures are covered next. External Labels These are paper labels on the outside of a file (USB memory sticks; external hard drives; or older media, such as magnetic tapes, disks, or cartridges). The label identifies the contents, such as “Accounts Receivable Master File,” so the probability of using the file inappropriately (e.g., in the payroll run) is minimized. Header and Trailer Labels These are special internal records stored on older styles of media, such as magnetic tapes and disks. Instead of containing data, they hold label information similar to the external label. Therefore, the header and trailer labels are sometimes called internal labels. Their function is to prevent use of the wrong file during processing. The header label will contain the name of the file and relevant identification codes. The trailer label gives a signal that the end of the file has been reached. They can also be designed to contain accumulated control totals as a check on loss of data during operation, for example, of the number of accounts and the total balance of an accounts receivable file. File Security Security can be physically enhanced by storage in fireproof vaults; backup in remote locations; or storage in computer-readable, print, or microfilm forms. Recently, “cloud computing” services have emerged that allow data and software to be stored remotely and called up on demand by the local users. The reliability and security of such service providers are important issues for auditors to investigate if key financial data are stored or processed in a cloud type of arrangement. In the majority of cases, the risk of loss warrants insurance on program and data files. File Retention Retention practices are closely related to file security and may provide the first line of defence against relatively minor loss, while security itself consists of all measures taken to safeguard files against total loss. File retention allows reconstruction of damaged records and files through a popular method called the grandparent-parent-child concept. With this method, the current master file can be reconstructed using the current transaction file and the prior master file. Exhibit 9B–1 illustrates the file retention plan. Particularly important files may be retained to the great-grandparent generation if this is considered necessary. Disk files may be difficult to reconstruct because the process of updating old records with new information can be “destructive.” The old or superseded data on a record may be overwritten and no longer retrievable if new data are entered in the same place on a disk. One means of reconstruction is to have a disk file “dumped” onto a different disk periodically (each day or each week). This file copy, along with the related transaction file that is also retained, can serve as the parent to the current disk file (child). Data overwriting capability is reduced if the memory capacity of the storage media is well in excess of the expected data storage requirements; this is referred to as having redundancy in the system.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-12
EXHIBIT 9B–1
Grandparent, Parent, and Child Method for File Retention and Backup Transaction file Parent This processing period
Old master file
Save
Saved from prior processing period
Child New master file
File updating run
Save for current use
Save
Transactions
Grandparent master file Release when new grandparent prepared if not required for other purposes
Information Technology Application Controls Understanding the information system involves reviewing the accounting processes and applications that generate financial information. The designation application controls indicates that they are used in each “application”—sales and billing, purchasing, payroll, and other specific accounting applications. IT application controls are organized under three categories: input controls, processing controls, and output controls. Input Control Procedures These controls provide reasonable assurance that data received for processing by the information system have been authorized properly and converted into machine-readable form, and that data have not been lost, suppressed, added, duplicated, or otherwise improperly changed. These controls also apply to corrected and resubmitted data initially rejected for errors. The following control areas are particularly important: � Ì� Input authorized and approved. Only properly authorized and approved input should be accepted for
processing in the information system. Authorization might involve a signature or stamp on a transaction document. Some may be general (e.g., a management policy of automatic approval for sales under $500), and some can be computer controlled (e.g., automatic production of a purchase order when an inventory item reaches a predetermined reorder point). In many e-commerce applications, customers enter their own order information, and procedures validating their entries and ensuring they cannot repudiate their order after it is shipped are key. �� Check digits. Numbers are often used in computer systems in lieu of customer names, vendor names, and so forth. One common number validation procedure is the calculation of a check digit. A check digit is an extra number, precisely calculated, that is tagged onto the end of a basic identification number, such as an employee number. The basic code with its check digit is sometimes called a selfchecking number. An electronic device can be installed on a data input instrument or the calculation can be programmed to calculate the correct check digit and compare it to the one on the input data.
WWW.TEX-CETERA.COM
9B-13
PART 2
Basic Auditing Concepts and Techniques
When the digits do not match, the device indicates the error or prints out an input error report. Check digits are used only on identification numbers (not quantity or value fields) to detect coding errors or keying errors such as the transposition of digits (e.g., coding 387 as 837). Some typical questionnaire items that could be asked during a review of input controls are shown in the following box. These questions should be asked about each significant accounting application.
Input Control Procedures Selected Questionnaire Items ¼`¼ Note: Input controls are primarily preventive in nature, and with increasingly complex computer systems, auditors ;L?¼JF;=CHA¼CH=L?;MCHA¼CGJILN;H=?¼IH¼NB?¼CHJON¼=IHNLIFM ¼3BCM¼@IFFIQM¼@LIG¼NB?¼pA;LOL?M¼¼NI¼?R?L=CM?¼JLIJ?L¼=IHNLIF¼IP?L¼JLI=?MMCHA¼L?D?=N?>¼NL;HM;=NCIHM�¼CH=FO>CHA (a) Positive identification of rejected records? (b) Review of the cause of rejection? (c) Correction of rejected records? (d) Review and approval of the correction? (e) Prompt re-entry of the correction at a point where it will be subjected to the same input controls as the original data?
Data Conversion Errors may occur when data are converted into machine-readable form. Control procedures include the following: � � Record counts. These are tallies of the number of transaction documents submitted for data conversion.
The known number submitted can be compared to the count of records produced by the data conversion device (e.g., the number of sales transactions or count of records coded). A count mismatch indicates a lost item or one converted twice. Record counts are used as batch control totals, during processing, and at the output stage—whenever the comparison of a known count can be made with a computer-generated count. �Ì� Batch financial totals. These totals are used in the same way as record counts, except the batch total is the sum of some important quantity or amount (e.g., the total sales dollars in a batch of invoices). Batch totals are also useful during processing and at the output stage. �Ì� Batch hash totals. These totals are similar to batch number totals, except the hash total is not meaningful for accounting records (e.g., the sum of all the invoice numbers on invoices submitted to the data input operator).
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-14
Editing or Validation Routines Various computer-programmed editing or validation routines can be used to detect data conversion errors: � � Valid character tests. These tests are used to check input data fields to see if they contain numbers
where there should be numbers and letters where there should be letters. �� Valid sign tests. Sign tests check data fields for appropriate plus or minus signs. �� Missing data tests. These editing tests check whether data fields that must contain data for the record
entry to be correct actually contain data. �� Sequence tests. These test the input data for numerical sequence of documents when sequence is
important for processing, as in batch processing. This validation routine can also check for missing documents in a prenumbered series. �� Limit and reasonableness tests. These tests are computerized checks to see whether data values exceed or fall below some predetermined limit. For example, a payroll application may have a limit test to flag and reject any weekly payroll time record of 50 or more hours. The limit tests are a computerized version of scanning, the general audit procedure of reviewing data for indication of anything unusual that might turn out to be an error. Error Correction and Resubmission Errors should be subject to special controls. Usually, the computer department itself is responsible only for correcting its own errors (data conversion errors, for example). Other kinds of errors, such as those due to improper coding, should be referred to and handled by the user departments. It is a good idea to have a control group log the contents of error reports in order to monitor the nature, disposition, and proper correction of rejected data. Unless properly supervised and monitored, the error correction process itself can become a source of data input errors. Processing Control Procedures These controls are designed to provide reasonable assurance that data processing has been performed as intended, without any omission or double counting of transactions. Many processing controls are the same as input controls, but they are used in the processing phases rather than when input is checked. The following are some important controls in this group: � � Run-to-run totals. Movement of data from one department to another or one processing program to
another can be controlled by run-to-run totals. “Run-to-run” refers to sequential processing operations, runs, on the same data. These totals may be batch record counts, financial totals, and/or hash totals obtained at the end of one processing run. The totals are passed to the next run and compared to corresponding totals produced at the end of the second run. �Ì� Control total reports. Control totals—record counts, financial totals, hash totals, and run-to-run totals—should be produced during processing operations, and someone (the control group, for example) should compare and/or reconcile them to input totals or to totals from earlier processing runs. Loss or duplication of data may thus be detected. For example, the total of the balances in the accounts receivable master file from the last update run, plus the total of the credit sales from the current update transactions, should equal the total of the balances at the end of the current processing. �Ì� File and operator controls. External and internal labels ensure that the proper files are used in applications. The systems software should produce a log identifying instructions entered by the operator and make a record of time and use statistics for application runs. These logs should be reviewed by supervisory personnel. �Ì� Limit and reasonableness tests. These tests should be programmed to ensure that illogical conditions do not occur; for example, an asset is depreciated to below zero or a negative inventory quantity is calculated. These sorts of things, and others considered important, should generate error reports for
WWW.TEX-CETERA.COM
9B-15
PART 2
Basic Auditing Concepts and Techniques
supervisory review. Other logic and validation checks, similar to check digits that are used for input control procedures, can also be used during processing. Some typical processing control questionnaire items are shown in the following box.
Processing Control Procedures Selected Questionnaire Items Note: Processing controls are primarily oriented to detecting misstatements. Processing control procedures inquiries are as follows:
Completeness ¼`¼ L?¼JLIAL;GG?>¼=IHNLIF¼JLI=?>OL?M¼�LOH NI LOH¼NIN;FM�¼CH=FO>?>¼CH¼?;=B¼DIOLCHA¼NB?¼JLI=?MMCHA¼=S=F?� ¼`¼ #I¼;JJFC=;NCIH¼JLIAL;GM¼N?MN¼NB?¼N?LGCH;F¼C>?HNC@C=;NCIH¼IL¼J;MMQIL>�¼IL¼¼IH¼;FF¼@CF?M�¼;H>¼;L?¼NB?M?¼P?LC@C?>¼;N?¼IL¼@CF?¼G;CHN?H;H=?¼;JJFC=;NCIH¼JLIgram each time a file is used in processing?
File Control ¼`¼ #I¼;JJFC=;NCIH¼JLIAL;GM¼=B?=E¼@IL¼CHN?LH;F¼B?;>?L¼;H>¼NL;CF?L¼F;¼NI¼;>?KO;N?¼IHMCN?¼;H>¼I@@MCN?¼;N;¼@CF?M¼>I=OG?HN?>�¼OJ¼NI¼>;N?�¼;H>¼E?JN¼M?J;L;N?¼@LIG¼FCP?¼>;N;¼@CF?M�
Output Control Procedures Output controls are the final check on the accuracy of the results of computer processing. These controls should also ensure that only authorized persons receive reports or have access to files produced by the system. Typical output control procedures are as follows: � � Control totals. Output control totals should be compared and/or reconciled to input and run-to-run
control totals produced during processing. An independent control group should review output control totals and investigate differences. �� Master file changes. Details of these changes should be reported back to the user department that the request for change came from because an error can be pervasive. For example, changing selling prices incorrectly can cause all sales to be priced incorrectly. Computer-generated change reports should be compared to original source documents for assurance that the data are correct. �� Output distribution. Systems output should be distributed only to persons authorized to receive it, and only the number of reports needed should be produced. A distribution list should be maintained and used to deliver report copies. Some typical questionnaire items are shown in the following box.
Output Control Procedures Selected Questionnaire Items ¼`¼ ¼`¼ ¼`¼ ¼`¼
L?¼CHJON¼=IHNLIF¼NIN;FM¼L?=IH=CF?>¼NI¼IONJON¼NIN;FM� L?¼CHJON¼=B;HA?M¼NI¼G;MN?L¼@CF?M¼=IGJ;L?>¼CN?G¼CMNLC?HNC@C?>¼QCNB¼CHN?LH;F¼;H>¼?RN?LH;F¼F;¼@IL�
Computer-Assisted Audit Techniques In the simple information systems described above, the printed output and logs often show adequate evidence of control performance, making auditing around the computer possible. While internal auditors more frequently utilize this technique, external auditors sometimes must also use the computer as an audit tool to test the controls within the application programs of even simple systems. Thus, the following section explains how the computer can be used as an “auditor’s assistant” in testing controls.
Two Approaches for Using the Computer in Control Testing Auditing through the computer to test controls can be done by auditing the programmed processing controls either with simulated data or with live data reprocessed with an audit program. Auditing of programmed control procedures with simulated data is generally referred to as test data, while the reprocessing of live data to test program controls is called parallel simulation.
Test Data The test data concept makes use of the fact that once a computer is programmed to handle transactions in a certain way, it will handle every transaction in exactly that same way. This is sometimes called the uniformity principle. Because of it, the audit team need only prepare a limited number of simulated transactions,
WWW.TEX-CETERA.COM
9B-23
PART 2
Basic Auditing Concepts and Techniques
some with “errors” and some without, to determine whether each control operates as described in the program documentation, the questionnaire responses, and program flowcharts. The simulated test data will most likely be on external storage media, and they may be entered into an online system through computer terminals. Test data consist of a sample of one of each possible combination of data fields that may be processed through the real system. The transactions may consist of abstractions from real transactions and of simulated transactions generated by the auditors’ imagination.1 The auditors must prepare a worksheet listing each transaction along with its predicted output, based on the program documentation. These must be converted to the normal, machine-sensed input form, and arrangements must be made to process the transactions with the actual program that would be used for real transactions. To anticipate all data combinations that might exist as transaction input or that might be generated by processing, auditors must be very familiar with the nature of the business and the logic of the programs. They must be able to assign degrees of audit importance to each error-checking control method. Further, they must ensure that the test data do not affect the actual master files. For example, the objective of the test of sales transactions processing may be to check the controls over accuracy of input data. The set of transactions assembled must include important error conditions to determine whether the input and processing controls can detect them. The audit team could create hypothetical transactions with the following features: 1. Customer code number missing 2. Customer code number invalid (wrong check digit) 3. Bill of lading document number not entered 4. Sales amount greater than $25,000 5. Sales amount equal to zero 6. Sales amount less than zero
The auditors know that transactions with any of these characteristics should produce an error message. Those with valid conditions should not. The auditors arrange to run these simulated transactions on the auditee’s system to find out if the program controls operate as they should. Test data are processed at a single point in time using the auditee program in use during the period under audit. After the analysis of test output, the auditor must still make an inference about processing throughout the entire period. To do so, he or she must also be satisfied, by a review of documentation, that any program changes were authorized and correctly made. Some auditors perform surprise test data procedures during the year. As real-time financial reporting on the Internet becomes more common, continuous auditing techniques will become more important. Exhibit 9B–4 shows the schema of testing controls with test data. (Compare it with Exhibit 9B–3, the example of auditing around the computer.) In this example, the auditors created source document input containing a shipment of fewer units than the customer ordered. The auditors are looking for an error message indicating that the quantity shipped and the quantity billed do not match, perhaps with an accounting entry to charge the customer for the shipped quantity. If this result does not appear from processing these test data, the auditors can conclude that there is a deficiency in the processing control over accurate sales because they are testing the control procedures embedded in the computer program and using the actual processing program for the test. Using test data in this way, the auditors can focus on unusual transactions or error conditions rather than on a large number of similar transactions. The reasoning is that if the program handles one transaction correctly, then it will handle other similar transactions the same way. However, test data provide a control test only at a specific point in time. In order to rely on the program controls for a period of time, the auditor will also need to obtain assurance that general controls, such as controls over program changes, are in place and operating over the same period.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-24
EXHIBIT 9B–4
Example of Auditing Controls with Test Data (through the computer) Auditor invents a source document that includes correct as well as erroneous data
Auditor knows (calculates) the system output
Auditor expects to find Customer’s purchase order for 30 shovels
Client’s computer processing
Shipping document for 28 shovels
Debit to customer’s account receivable $840
Credit to sales revenue $840
Sales invoice 30 shovels at $30 each Error report of quantity mismatch
Parallel Simulation In parallel simulation the audit team prepares a computer program (utilizing GAS, described later in this appendix) designed to process auditee data properly. The result of the auditors’ processing is compared with the result of data processed by the auditee’s program. This method is illustrated in Exhibit 9B–5. To test the computer program controls, auditors can (1) use the auditee’s real programs, (2) have auditee personnel write special programs, or (3) write their own special programs to collect evidence that the controls work. The first option is used in the test data technique described in the previous section. The second option requires close supervision and testing to ensure that the auditee’s personnel have prepared the audit program correctly. The third option is parallel simulation, and it requires significant programming expertise of the audit staff or close liaison with expert independent programmers. The parallel simulation option is more feasible, however, with GAS. GAS programs consist of numerous prepackaged subroutines that can perform most tasks needed in auditing and business applications. The auditor’s programming task consists of writing simple instructions that call up one or more of the subroutines. Thus, there is no need to write complete, complex programs, and a short training course supplies the expertise needed to use the generalized software. (You will get a closer look at these GAS programs and their capabilities later in this appendix.) Using the GAS capabilities, an auditor can construct a system of data processing that will accept the same input as the real program, use the same files, and attempt to produce the same results. This simulated system will contain all the controls the auditor believes appropriate, and the process is in this respect quite similar to that of preparing test data. The simulated-system output is then compared to the real-system output, providing audit evidence, just as using test data with the real program does, to arrive at conclusions about the error-detection capabilities of the real system.
WWW.TEX-CETERA.COM
9B-25
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 9B–5
System Concept of Parallel Simulation Master file
Transactions
Live system
Simulated system
Live output
Simulated output
Simulated system
Exceptions
A parallel system can also be created by conducting a thorough technical audit of the controls in the auditee’s actual program and then securing a copy of it in the auditors’ files. Later this audited copy can be used to process actual auditee data (e.g., at times later in the year under audit or in the following-year audit). This allows comparisons of accounting output from the program the auditee currently uses with the output from the auditors’ controlled copy of the program. This approach, often called controlled reprocessing, is a version of parallel simulation. The first audit application of parallel simulation may be very costly, although it will probably be more efficient than auditing without the computer or than utilizing test data. Real economies are realized, however, in subsequent audits of the same auditee. For the results of the parallel simulation to be valid and relevant to the audit, the audit team must take care to determine that the real transactions selected for processing are “representative.” Thus, some exercises in randomly selecting and identifying important transactions must be done. The example of a parallel simulation in the box below is based on the sales and accounts receivable system.
Parallel Simulation A parallel simulation of Kingston Company’s sales invoice and accounts receivable processing system revealed that invoices showing no bill of lading or shipment reference were processed and charged to customers, with a corresponding credit to sales. Further audit of the exceptions showed that the real-data processing program did not contain a missing-data test and the missing shipping references did not trigger error messages. This finding led to (1) a more extensive test of the sales invoice population and comparison to shipping documents and (2) a more extensive audit of accounts receivable for customers who were charged with such sales.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-26
As the example shows, the ultimate goal of using CAATs to test controls is to reach a conclusion about the actual operation of IT-based controls in an information system. This conclusion allows the audit team to assess the control risk and determine the nature, timing, and extent of substantive audit procedures for auditing the related account balances. Based on this control risk assessment, the auditor decides whether subsequent audit work may be performed using machine-readable files that are produced in the system. The data processing control over these files is important because they are used in computer-assisted work using GAS.
Review Checkpoints 9B-25 What is the difference between auditing through the computer and auditing with the computer? 9B-26 What is the difference between test data and parallel simulation, the two approaches used to audit through the computer using CAATs? 9B-27 What types of control evidence can be provided using CAATs? 9B-28 What role do CAATs play in the overall audit plan? 9B-29 Why does the test-data approach only provide evidence that the control operated at one point in time? 9B-30 Why is it important that data selected for parallel simulation tests are representative? How can the audit team determine if the data are representative?
Generalized Audit Software GAS programs are a set of functions used to read, compute, and operate on machine-readable records. Audit software provides audit evidence that is otherwise unavailable or too costly to be feasible. The controls tests covered in this appendix and the IT concepts and terminology introduced in the text are built on here by covering GAS tools. The tools are those used to test controls and gather substantive evidence about transaction details and account balances. You need to know about GAS because it is used in most audits of accounting records based on computer or database files. There are many different GAS packages in use, and this material does not attempt to prepare you to use any particular one. Instead, it provides you with an understanding of what GAS can accomplish and, most important, where an IT specialist auditor needs to be involved.
Features of Generalized Audit Software The audit challenges in assessing control risk in a computer environment are (a) gaining access to machinereadable detail records, (b) selecting samples of items for manual or computer audit procedures, (c) performing calculations and analyses of entire data files, and (d) producing audit working papers of the work performed. GAS packages were first developed by public accounting firms in the mid-1960s for specific audit engagements, and they have been improved and adapted with the changes in technology. The essential advantages of a GAS package are as follows: � � Original programming is not required. �� Designing tests is easy. Many GAS packages are PC based and menu driven so they operate much like
commonly used spreadsheet programs. �� For special purpose analysis of data files, GAS is more efficient than programs written from scratch
because less time is spent writing instructions for specific appropriate functions of the software.
WWW.TEX-CETERA.COM
9B-27
PART 2
Basic Auditing Concepts and Techniques
�Ì� The same software can be used on various auditees’ computer systems. Control and specific tailoring
are achieved through the auditors’ own ability to program and operate the system.
Audit Procedures Performed by Generalized Audit Software Computer accounting applications capture and generate voluminous amounts of data that are usually available only on machine-readable records. GAS can be used to access the data and organize it into a format useful to the audit team. Audit software can be used to perform the following basic audit techniques:2 1. Recalculation. Verification of calculations can be done by the computer with more speed and accuracy
than by hand. The audit software can be used to test the accuracy of auditee computations and to perform analytical procedures to evaluate the reasonableness of account balances. Examples of this use are to (a) recalculate depreciation expense; (b) recalculate extensions on inventory items; (c) compute file totals; and (d) compare budgeted, standard, and prior-year data with current-year data. 2. Confirmation. Auditors can program statistical or judgmental criteria for selecting customers’ accounts receivables, loans, and other receivables for confirmation. GAS can be used to print the confirmations and prepare them for mailing. It can do everything except carry them to the post office! 3. (a) Inspection. GAS can efficiently compare company records to audit evidence from other sources. The audit evidence must be converted to machine-readable form before it can be compared to the company computer files. Examples are comparing (i) inventory test counts with perpetual records, (ii) adjusted balances on confirmed accounts receivable to the book balances, and (iii) vendor statement amounts to the company’s record of accounts payable. (b) Inspection. Auditors can use GAS to examine records for quality, completeness, consistency, and correctness. This is the computer version of scanning the records for exceptions to the auditors’ criteria. For example, GAS can scan (i) accounts receivable balances for amounts over the credit limit, (ii) inventory quantities for negative or unreasonably large balances, (iii) payroll files for terminated employees, and (iv) loan files for loans with negative balances. 4. (a) Analysis. Comparing data on separate files can be accomplished by GAS to determine whether compatible information agrees. Differences can be printed out, investigated, and reconciled. Examples are comparisons of (i) payroll details with personnel records, (ii) current and prior inventory to details of purchases and sales, (iii) paid supplier invoices to cash disbursements, and (iv) currentand prior-year fixed asset records to identify dispositions. (b) Analysis. GAS can summarize and sort data in a variety of ways, for example, (i) preparing general ledger trial balances, (ii) sorting inventory items by location to facilitate observations, and (iii) summarizing inventory turnover statistics for obsolescence analysis. With enhanced PC processing capabilities, GAS has been further expanded to include expert system modules that incorporate the knowledge of human experts in various domains. Thus, audit expert systems have been developed to provide advice on various technical issues, such as internal control evaluation, risk analysis, materiality assessment, and management fraud.
Using Generalized Audit Software For the most part, the widely used GAS packages are very similar. Regardless of the particular GAS used, five distinct phases are involved in developing a GAS application: (1) define audit objectives, (2) plan the application, (3) design the application, (4) test the application, and (5) process the application and evaluate the results.
WWW.TEX-CETERA.COM
APPENDIX 9B
Understanding Information Systems and Technology for Risk and Control Assessment
9B-28
Defining the Audit Objectives. The first step in applying GAS is determining specific audit objectives. GAS should be viewed as a tool for accomplishing audit objectives, not as an objective in itself. For example, the general audit objectives might be to audit management’s assertions that the accounts receivable balance represents customer accounts that exist, are complete, and are valued correctly. Based on these general objectives, specific procedures may include footing the accounts subsidiary ledger master file, selecting a sample of accounts for confirmation, preparing an aged trial balance, and investigating accounts with overdue balances. Feasibility and Planning. Feasibility should be considered in three ways: (1) Is the use of audit software technically feasible? (2) Are there alternative ways to accomplish the audit task? (3) Which of the alternatives is the most practical and economical? Factors to consider include accessibility to and security of auditee data, availability of technically qualified audit staff, and costs of hardware and software. Audit software may be the most practical way to achieve the audit objective, but it is seldom the only way. Audit resources (qualified people and their time) must be allocated carefully for efficient and effective results. Using GAS requires considerable investment in time and effort and it may be efficient only when repeated use is anticipated on return engagements. Obviously, the data must be available; some files, especially detailed transaction files, are retained only for a short time. The availability of data files and the degree of auditee cooperation are normally determined during the general and application controls review. The auditee’s level of cooperation could be affected by such issues as its concerns over the security of confidential or sensitive data, including the risk of auditors introducing viruses into auditee computers. After determining the feasibility of using GAS, the audit manager should decide specifically how it will be used, establish control procedures for all subsequent steps, and arrange the logistics with the data centre. Specific planning steps are listed in the following box.
&?H?L;FCT?>¼ O>CN¼2I@NQ;L?¼/F;HHCHA¼2N?JM ¼`¼ ¼`¼ ¼`¼ ¼`¼ ¼`¼ ¼`¼ ¼`¼ ¼`¼
2?N¼& 2¼;JJFC=;NCIH¼I¼NI¼;O>CN¼I¼;==?MMCCN??sM¼@CF?M #?N?LGCH?¼B;L>Q;L?¼;H>¼MI@NQ;L?¼H??>M #?@CH?¼NL;HM;=NCIHM¼NI¼N?MN¼JLI=?>OL?M¼;H>¼IONJON¼L?KOCL?G?HNM (>?HNC@S¼;O>CN??¼J?LMIHH?F¼NI¼JLIPC>?¼N?=BHC=;F¼;MMCMN;H=? /L?J;L?¼;JJFC=;NCIH¼A?NM¼;H>¼NCG?N;P;HN;A?M¼I@¼OMCHA¼& 2� ¼ �! ��¼ 6B;N¼;L?¼@CP?¼;O>CN¼JLI=?>OL?M¼NB;N¼=;H¼¼QCNB¼& 2� ¼ �! ��¼ 6B;N¼;L?¼MIG?¼FCGCN;NCIHM¼I@¼OMCHA¼& 2�
WWW.TEX-CETERA.COM
9B-31
PART 2
Basic Auditing Concepts and Techniques
ENDNOTES 1
This is a simplification. IT-based information systems may have multiple controls that create thousands of error combinations and possible test transactions. Computerized test data generators are available to help auditors overcome the magnitude of the test data creation task.
2
Canadian Institute of Chartered Accountants, Application of Computer-Assisted Audit Techniques Using Microcomputers (CICA, 1994), p. 16.
3
G. Trites, Audit of a Small Business (CICA, 1994), pp. 50–51.
4
Ibid., p. 50.
5
CICA, Application of Computer-Assisted Audit Techniques Using Microcomputers (CICA, 1994), p. 17.
WWW.TEX-CETERA.COM
C H A P T E R
1 0
Audit Sampling In this chapter, we review the general topic of audit sampling, which relies heavily on the concepts of materiality and risk—audit risk, inherent risk, control risk, and detection risk. Audit sampling is not an audit procedure in the same class as the procedures explained in previous chapters. Instead, it is a method of organizing the application of audit procedures, as well as a method of organizing the auditor’s decision-making process. Sampling concepts, thus, serve as a useful decision aid for auditors and helps justify the audit opinion. Sampling concepts have taken on a greater importance in auditing standards, as now they are covered in their own Canadian Auditing Standard, CAS 530. This is because audit sampling concepts clarify audit reasoning and introduce more rigour to the audit process. But complications can arise because different accounting firms use different statistical methods, and the different models create their own distinct concepts. In this chapter, we introduce the simplest statistical model, monetary-unit sampling (MUS), which does not have the complications of other models. Statistical sampling is the more rigorous and formal application of sampling. However, only about one in six audits use statistical sampling of one form or another. These audits tend to be concentrated in the larger public accounting firms. Nevertheless, what makes knowledge of statistical auditing valuable is that it clarifies the logic of the audit evidencegathering process by using more-precise concepts. Specifically, statistical auditing makes clearer the meaning of specific types of risks in auditing and some of the materiality concepts introduced in Chapter 5. In addition, auditing uses a different approach in statistics that allows a more straightforward alignment with audit objectives as represented by the concepts of audit assurance and audit risk. This is important, because many view the audit risk concept as the “engine room of the audit.”1 This chapter thus deals with the conceptual foundations of auditing that underlie the audit evidence-gathering process that you have covered in Chapters 5 to 9. In this and later chapters, we make extensive reference to AuG-41, an audit guideline in the CPA Canada Handbook at the time of writing. However, this guideline is described as “temporary.” It is, however, such a valuable learning tool that we rely on it extensively in this text. AuG-41 helps illustrate the evolution of auditor thinking and the understanding of the existing permanent standards. The same applies to other references to “temporary” Handbook sections.
L EAR NING OBJE CT I VE S After completing this chapter, you will be able to do the following: LO1
Explain the role of professional judgment in audit sampling decisions.
LO2
Distinguish audit sampling work from non-sampling work.
LO3
Compare and contrast statistical and non-statistical sampling. 493
WWW.TEX-CETERA.COM
494
PART 2
LO4 LO5
Basic Auditing Concepts and Techniques
Differentiate between effectiveness risk, efficiency risk, sampling risk, and non-sampling risk. Develop a simple audit program to test a client’s internal control procedures. (a) Specify objectives, deviation conditions, populations, and sampling units. (b) Demonstrate some basic audit sampling calculations. (c) Evaluate evidence from control testing.
LO6
Develop a simple audit program for an account balance, considering the influences of risk and tolerable misstatement. (a) Specify objectives and a population of data. (b) Determine sample size and select sample units. (c) Evaluate monetary error evidence from a balance audit sample.
LO7
(Appendix 10A) Demonstrate that you can work with statistical sampling tables.
LO8
(Appendix 10B) Demonstrate that you can apply statistical sampling concepts for tests of controls and tests of balances using the audit risk model.
CH APT ER APP ENDICE S APPENDIX 10A Statistical Sampling Tables APPENDIX 10B More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances (on Connect)
EcoPak Inc. Donna and Caleb have been invited to sit in EcoPak’s boardroom to do their interim field work. They are planning to do the tests up to the end of September now, and to finish up later in February when they come back to do the yearend work. As they are meeting with the accounts receivable manager to coordinate how they will do their testing, Nina pops her head in and says, “Hi Donna. Hi Caleb. How are things going on the audit trail?” Donna explains that they are just starting their systems work and getting set up to test the volume credit notes. “Oh, that is so interesting,” Nina says. “You know, it’s really been fun and challenging to be a CFO in a growing manufacturing business like EcoPak. But sometimes, I really miss the challenges of being an auditor out in the field, visiting different clients all year round, figuring out all their business risks, their systems and processes, and how to get the evidence to form an opinion on the financial statements. I am really interested to know what you are planning to do to test our volume credit notes because, to be honest, though I review the report for reasonability, there are so many variables at play that I find it hard to know what to expect the amount to be from month to month. And after what we just dealt with in purchasing, I realize that these types of non-routine processes are particularly vulnerable to all kinds of errors and fraud!” So, Donna gives a general outline to Nina of the test steps she is planning to use in her volume credit notes testing. Donna plans to use a judgmental sampling approach. Her sample will include the two largest credit notes for each of the six largest customers as key items. Then she will take a random sample from the rest of the population of credit notes issued. She will use the audit software of her audit firm, Meyer & Gustav (M&G), to obtain her
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
495
own list of the credit note transactions from EcoPak’s system and use the list to identify her sample items and to do some other tests, such as verifying the totals, checking the numerical sequencing, and looking for any large or unusual items or patterns. For each volume credit note sample item, Donna will vouch the credit note back to the monthly sales volume reports the clerk has used to determine the eligibility in accordance with the customer contracts, ensure the appropriate level was reached and the discount correctly calculated according to the contract, and then check that each credit issued has been approved by the manager. She will next trace each credit note forward to ensure it is correctly recorded in the sales and accounts receivable accounts in the general ledger. She will also take a small sample of credit notes from the clerk’s file of credit note copies and trace back to customer accounts receivable ledgers to make sure they are recorded completely. If there are any discrepancies or unusual findings, she will follow up by discussions with the audit team and further inquiries and document inspections, if required. “That sounds very comprehensive, Donna! But I guess once you get going, it will go quickly,” Nina says. “Oh yes, our interim testing will go pretty quickly, Nina. We have lots of other things to look at! But you will probably be really interested in the approach Caleb has come up with to assess the reasonability of the year-end sales and volume credit notes. It might be something that will help you with your monitoring.” When Nina hears about Caleb’s analytical procedure, she finds it very powerful and agrees that it is a technique that she can use to make her own monitoring more robust.
The Essentials of Audit Sampling In our coverage of the audit process so far we have looked at a variety of procedures that auditors perform to obtain evidence to obtain the high level of assurance required to support an audit opinion on financial statements. These procedures were explained in Chapter 8 and are summarized for each step of the audit process in Exhibit 10–1. At the risk assessment and conclusion and reporting steps of the audit process, auditors rely mainly on inquiry, analysis, and observation procedures. These procedures provide important input to auditors’ judgments in these steps of the audit. In the response to assessed risk step, auditors perform specific and detailed procedures to gather persuasive evidence regarding whether there are material misstatements in the financial statements. In particular, if auditors plan to rely on internal control effectiveness, they will perform tests of controls. They will also perform substantive tests of the details of balances to gain direct assurance regarding the financial statements numbers. Recall that these two types of tests differ because they have different objectives: tests of control aim to assess control effectiveness, while substantive tests of detail aim to detect monetary misstatements in accounting numbers. For both these types of tests, auditors will use evidence-gathering techniques such as inspection, confirmation, and reperformance/recalculation. In many cases, these types of procedures will involve examining classes of transactions and account balances made up of a large population of items that are similar in nature. For example, the revenue transaction stream will be made up of a large volume of sales invoices that were issued during the year. The inventory balance will be made up of a large volume of goods involved in the business. When auditors do tests of high-volume populations of this kind, they usually use sampling techniques, since it is not feasible to test 100% of a large volume of items. Based on statistical theory, we know that by testing a randomly drawn sample that is representative of the whole population, we can form a conclusion about the whole population with a high degree of confidence. These statistical principles are the basis of audit sampling. In practice, auditors often apply sampling techniques in a judgmental way, given the subjective nature of the audit
WWW.TEX-CETERA.COM
496
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10–1
(Summary from Chapter 8) Types of Evidence Procedures Used in the Steps of the Audit Process STEPS OF THE AUDIT PROCESS AND AUDITOR’S OBJECTIVES
TYPES OF AUDIT EVIDENCE-GATHERING PROCEDURES USED
RISK ASSESSMENT STEP Understanding the auditee and its risks
Inquiries of auditee personnel, including study of prior-audit working paper information Inquiries of external parties, including industry and other research sources
Assessing the risk of material misstatement (inherent and control risks)
Inquiry of auditee personnel Analysis of draft financial statements, including comparisons to prior years Observation, including operation of accounting information system and internal control
RISK RESPONSE STEP Testing control effectiveness: • Obtain indirect assurance regarding risk of material misstatements of monetary amounts in financial statements; assess control risk.
Inquiry of auditee personnel Observation of controls performed by auditee personnel Recalculation/reperformance of controls
Substantive testing of details of transactions and account balances: • Obtain direct evidence regarding material misstatement of monetary amounts in financial statements.
Inspections of documents, records, and assets Observation, including scrutiny External confirmation Recalculation/reperformance
Dual-purpose tests of controls and substantive details of transactions and balances: • Obtain evidence regarding both control effectiveness and material misstatement of monetary amounts in financial statements.
Inquiry of auditee personnel Observation of controls performed by auditee personnel Recalculation/reperformance of controls and recording Inspections of documents and records
Substantive analytical procedures
Analysis of relations to other financial and non-financial information Comparison of actual and expected values
CONCLUDING AND REPORTING STEP Overall analysis of financial statements and disclosures: • Assess reasonability of overall financial statement amounts, presentation, and related disclosures to ensure fair presentation.
Analysis of relations to other financial and non-financial information Analysis of impact of uncorrected misstatements on ratios and key performance indicators
process and the concept of reasonable assurance. In some cases, however, statistical sampling methods can be applied quite rigorously in performing audit tests. CAS 530, Audit Sampling, provides useful guidance for auditors for both judgmental and statistical sampling applications. The most important concepts of CAS 530 are set out in the definitions (in paragraph 5); these are the key concepts of classical sampling: audit sampling, population, sampling risk, non-sampling risk, statistical sampling, and stratification. We will discuss these essential concepts next, and several more advanced concepts from CAS 530 are briefly noted at the end. Audit sampling refers to applying audit procedures to less than 100% of items in a population of audit relevance, such as a class of transactions or an account balance. Every item in the population must have a chance of selection so that the auditor has a reasonable basis for drawing conclusions about the entire population based on the audited sample of items. A population is defined as the entire set of data from which sample items are selected and about which the auditor wants to draw a conclusion.
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
497
In practice, auditors can select items from a population in several ways, e.g., 1.
Selecting all items (100% examination)
2.
Selecting specific items
3.
Audit sampling
Only audit sampling (item 3) allows the auditor to provide evidence on the remainder of a population. Selecting all the items is not really sampling, since everything will be checked. Specific item selection provides evidence only on the items selected, and thus the auditor can logically reach a conclusion only about the selected items. What is unique about audit sampling is that the auditor can use inductive logic to reach a conclusion about items in the part of the population that was not tested. The essence of audit sampling is, first, how auditors can apply this logic, and second, its risks and benefits for auditors. There are several methods of audit sample selection; the choice depends on the auditor’s purpose or objective in selecting the sample. Representative selection is required if the auditor’s goal is to reach a conclusion about all items in a population (selected as well as unselected items). Representative sampling can be achieved by randomly selecting items (e.g., using a random number generator as the basis for picking sample items based on a characteristic such as invoice numbers so that every item has an equal chance of being selected), or systematically selecting items (e.g., choosing every 25th item in a population, such as the cash payment transactions journal), or judgmentally selecting items (e.g., flipping through the pages of a long inventory report and arbitrarily stopping on various pages and pointing to an item on each page without following any particular pattern). Other selection methods may be used that are not considered representative, such as scanning a list of accounts payable balances and picking out the largest numbers or suppliers with the highest volume of purchases, or selecting blocks of data such as 2 weeks out of a 52-week sales journal. Non-representative selection can be used if the auditor’s goal is to reach a conclusion about selected items only. Stratification is a useful technique for selecting samples when the population contains items that vary considerably in value. For example, if the inventory listing contains many low-value items, but also some mediumand a few very high-value items, it may not be representative to base the sample selection on the types of items, since this would tend to pick mostly low-value items. A more representative sampling approach can be achieved by dividing this population into subpopulations, each of which is a group of sampling units that have similar monetary value. The statistical sampling model we use in this book, MUS, automatically accomplishes this with systematic selection. A variation of this approach for a population that contains some individually material items is to divide the population into the material items (which will be subject to 100% examination) and the representative items that will be randomly sampled. MUS automatically accomplishes this as well. Higher-risk items might also be drawn out for 100% examination, for example, very old or disputed outstanding sales invoices. This is a qualitative aspect of sampling and requires professional judgment, as with all sampling methods. While sampling has many benefits for obtaining reasonable assurance on a timely basis, two kinds of risk are created when auditors sample: sampling risk and non-sampling risk. Sampling risk is the possibility that the auditor’s conclusion based on examining a sample of items will be different from the conclusion that would be reached if the entire population were examined. Sampling risk can lead to two types of incorrect conclusions; these are summarized below for tests of control and tests of details.
TYPES OF INCORRECT CONCLUSIONS
TESTS OF CONTROL
TESTS OF DETAILS
Incorrect conclusions that reduce audit effectiveness
Controls are more effective than they actually are.
A material misstatement does not exist when in fact it does.
Incorrect conclusions that reduce audit efficiency
Controls are less effective than they actually are.
A material misstatement exists when in fact it does not.
WWW.TEX-CETERA.COM
498
PART 2
Basic Auditing Concepts and Techniques
As you can see, an auditor is primarily concerned with incorrect conclusions that affect audit effectiveness, because they are likely to lead to an inappropriate audit opinion. Incorrect conclusions that affect audit efficiency arise because these situations often result in doing extra work to determine that the initial conclusions were incorrect. These are not as great a concern as those affecting audit effectiveness, but it is still important to minimize them so valuable time is not wasted. In essence, sampling risk is like bad luck. Even in a carefully performed sampling application, we still might draw a sample that contains only items that were correct even though the rest of the population was loaded with errors, or we might pick a sample that includes every error in the population while the rest is completely correct. In contrast, non-sampling risk can be viewed as “bad auditing.” It is the possibility that the auditor will make an improper assessment of inherent and/or control risk, or fail to apply audit procedures carefully, or use inappropriate/irrelevant procedures, and generally all other risk of making an incorrect audit conclusion other than sampling risk. Non-sampling risk must be addressed by the quality control policies and procedures in an auditing firm, and it relates closely to the concept of due care discussed earlier in the book. Auditors can use statistical or non-statistical sampling methods. When auditors apply rigorous statistical sampling methods, their approach to sampling will have the following characteristics: (i) Random selection of the sample items (ii) The use of probability theory to evaluate sample results, including measurement of sampling risk Any sampling approach that does not have characteristics (i) and (ii) is considered non-statistical sampling, or judgmental sampling. Non-statistical sampling approaches can be enhanced by using random selection techniques, and as long as the selection method is representative, the findings can be extrapolated to aid in forming a conclusion about the whole population. Performing sample-based audit procedures involves planning the procedures, collecting the evidence, and evaluating the results to reach a conclusion, as outlined in the table below for the case of non-statistical sampling. (When statistical sampling is used, sampling risk and extrapolated likely misstatement can be calculated; in non-statistical sampling, these are assessed based on the auditor’s experience and judgment.) TESTS OF CONTROL (NON-STATISTICAL SAMPLING)
TESTS OF DETAILS (NON-STATISTICAL SAMPLING)
Plan the procedures: • Specify the audit objectives (assess control effectiveness in relation to significant control objectives). • Define control deviation conditions. • Define the population. • Choose an audit sampling method.
Plan the procedures: • Specify the audit objectives (obtain evidence in relation to the assessed risk of material misstatement at the assertion level). • Specify the performance materiality. • Define the population. • Choose an audit sampling method.
Evidence collection: • Determine the sample size. • Select the sample. • Perform the test of controls procedures.
Evidence collection: • Determine the sample size. • Select the sample. • Perform substantive tests of details procedures.
Evaluate the evidence and conclude: • Calculate the sample deviation rate (SDR). • Determine the rate of deviations in the sample. • Consider that the actual deviation rate for the population may differ due to sampling risk. Make a judgment as to the acceptability of the level of sampling risk. • Compare the SDR to the tolerable deviation rate (TDR); TDR is based on auditor judgment; controls are not expected to be perfect; some level of deviations can be tolerated as long as it’s too low to lead to material misstatement.
Evaluate the evidence and conclude: • Determine the amount of known misstatement—the total amount of misstatements actually uncovered by the procedures. • Determine the likely misstatement—based on projecting the misstatement found in the sample to the population using, e.g., the average difference method (or the dollar-unit sampling [DUS] projection method for statistical sampling). • Consider sampling risks, using professional judgment and experience. (continued)
WWW.TEX-CETERA.COM
CHAPTER 10
• Follow up on all deviations uncovered in testing— determine whether deviations are pervasive, deliberate, misunderstandings, or related to financial statement balances. • Draw final conclusions—if the control risk appears high, the auditor must decide whether to do additional substantive procedures or extend control procedures in the hopes of determining that the actual risk is lower.
Audit Sampling
499
• Follow up on all differences uncovered to determine any misunderstanding of generally accepted accounting principles (GAAP), simple mistakes, intentional irregularities suggesting fraud, or management override of controls. • Evaluate the misstatement—known misstatements and likely misstatements are combined and compared to materiality. • Sampling risk gives rise to further “possible misstatements”— misstatements that may exist and remain undetected in units not sampled (can be calculated when statistical methods are used).
An example is given in Exhibit 10–2 for stratifying a population in an audit sample for a test of details procedure, and for extrapolating misstatements uncovered in performing the procedure.
Projecting the Known Misstatement to the Population Say the procedures discover a $600 known misstatement in one of the six stratum 1 items, and $900 in total known misstatements in the remaining 90 sample items. To make a conclusion about the population, the known misstatement in the sample is projected to the population. The sample must be representative, because, if it is not, a projection can produce a misleading number. As an extreme example, suppose an auditor takes the stratum 1 group of six accounts as being representative of the population. Projecting the $100 average misstatement ($600/6) to 1,506 accounts ($100 × 1,506) would project a total misstatement of $150,600, compared with the recorded accounts receivable total of $400,000. This projection is neither reasonable nor appropriate. Nothing is wrong with the calculation method. The nonrepresentative “sample” is the culprit in this absurd result. The total known misstatement of $900 in the remaining 90 sample items can be extrapolated to the population; this will be appropriate since the sample is representative. Using the average difference method yields a projected misstatement, or likely misstatement, of $15,000 (i.e., $900/90 × 1,500 = $15,000). Based on the overall material level for the financial statements, auditors would consider whether this size of likely misstatement is significant enough propose a significant adjustment. EXHIBIT 10–2
Stratification Example—Selecting Sample Sizes The stratification below subdivides the population into a first stratum of six individually significant accounts and four other strata, each with approximately one-fourth ($75,000) of the remaining dollar balance. This is a typical situation where there are more accounts of smaller value. The example allocates 90 items to the last four strata. This is referred to as stratified sampling. When each stratum gets one-fourth of the sample size, the sample is skewed toward the higher-value accounts: the second stratum has 23 out of 80 sample items, and the fifth stratum has 23 out of 910 items. STRATUM
BOOK VALUE
NUMBER
AMOUNT
SAMPLE
1
Over $10,000
6
$100,000
6
2
$625–$9,999
80
75,068
23
3
$344–$624
168
75,008
22
4
$165–$343
342
75,412
22
5
$1–$164
910
74,512
23
1,506
$400,000
96
This stratification deals with a typical situation in which the variability of the account balances and errors in them tend to be larger in the high-value accounts than in the low-value accounts. As a consequence, the sample includes a larger proportion of the high-value accounts (23/80) and a smaller proportion of the low-value accounts (23/910). In addition to size or variability, stratification can be based on other qualitative characteristics the auditor considers important, such as individual, location, date, or product.
WWW.TEX-CETERA.COM
500
PART 2
Basic Auditing Concepts and Techniques
Other advanced concepts, which involve considerable auditor judgment, are defined in CAS 530 as tolerable misstatement (closely related to the performance materiality concept), tolerable rate of deviation (like a materiality level for tests of controls, this is the threshold deviation rate—you can think of this as the amount of control deviations that would lead to a material misstatement—the auditor needs to evaluate all deviations quantitatively and qualitatively), and anomaly (a misstatement that is considered so unusual that, in the auditor’s judgment, it should not be projected to the rest of the population; identifying an anomaly is a qualitative judgment auditors make and is somewhat controversial since it essentially provides an excuse for the auditor not to demand an adjustment).
Summary of CAS 530: The Canadian Auditing Standards on Audit Sampling CAS 500 is largely a summary of introductory audit concepts covered in earlier chapters. However, CAS 500 complements CAS 530 by identifying ways of selecting items from a population relevant for auditors (CAS 500.A52): 1.
Selecting all items (100% exam)
2.
Selecting specific items
3.
Audit sampling
CAS 530 (audit sampling) reviews the basic concepts of sampling. It is the first audit standard devoted to sampling topics and indicates the increasing importance of this topic in auditing. The reason for its increasing importance is that it introduces a more rigorous logic to audit judgment and it helps quantify audit risks and uncertainties. In essence, it helps quantify the fundamental concept of information risk to make it more meaningful. Statistical sampling in particular introduces formal models to audit reasoning that can help justify basic decisions on the adequacy of audit testing, and the information risk remaining after completing the audit. See Appendix 10B, Part IV (available on Connect), for a brief history of the audit risk model and how it was influenced by statistical sampling developments in auditing. The audit risk model and related concepts are considered by many to be the most important concepts of auditing from the 20th century. From the above list you should note that only audit sampling (item 3) allows the auditor to provide evidence on the remainder of a population. Specific item selection provides evidence only on the items selected and thus the auditor can logically reach a conclusion only about the selected items. What is unique about sampling is that the auditor can logically reach a conclusion about items in the population that are not tested using inductive logic. In this chapter we thus focus on the characteristics of reasoning with this logic and the risks and rewards it creates for auditors. The most important concepts of CAS 530 are the definition of key classic sampling concepts in paragraph 5: audit sampling, population, sampling risk, non-sampling risk, statistical sampling, and anomaly to identify unusual misstatements. Let’s start with the anomalies concept. Anomalies are a qualitative judgment auditors make about how representative a detected misstatement might be in the population. Specifically, anomalies are misstatements that might be considered so unusual that in the auditor’s judgment they should not be projected to the rest of the population. You should view anomalies as qualitative features of misstatements that allow the auditor to not consider the anomaly in the quantitative calculations discussed in the rest of this chapter. Some consider anomalies to be a controversial concept; nevertheless they are in CAS 530. We review the main reasoning concepts that need to be satisfied to support these types of conclusions. Other concepts covered in CAS 530 are stratification, tolerable misstatements, and tolerable rates of deviation (materiality for tests of controls is called the threshold rate—you can think of this as the amount of control deviations that would lead to a material [tolerable] misstatement). The auditor needs to evaluate all deviations quantitatively and qualitatively.
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
501
There are several methods of selecting samples. In parentheses are indicated the possible goals or objectives an auditor might have with each selection technique. Representative means that the auditor’s goal is to reach a conclusion about all items in a population (selected as well as unselected items), whereas non-representative means the auditor’s goal is to reach a conclusion about selected items only. Note how everything depends on the auditor’s purpose or objective in selecting the sample (testing). The first two selection methods below are suitable for statistical sampling, as we clarify further on: • Random sampling (representative) • Systematic sampling (representative) • Haphazard (judgmental) sampling (representative or non-representative, depending on auditor objectives in
selecting the sample or performing the test) • Block sampling (non-representative) There are two key features of statistical sampling: 1.
Random sampling is selection of items when each item has a predictable chance of selection (this predictable amount is what the formulas are based on and allows prediction of sampling risks). The goal is to obtain a representative sample of the population.
2.
Statistical evaluation of results is based on the sampling probability distribution, which is based on some probability model using a predictable chance of selection. Two types of sampling risk apply to all sampling, statistical and non-statistical:
1.
Effectiveness risk, from CAS 530.05(c), is the risk of concluding from a sample or test that a material misstatement does not exist when in fact it does (this is also frequently referred to as a Type II error risk in your statistics courses).
2.
Efficiency risk, from CAS 530.05(c), is the risk of concluding from a sample or test that a material misstatement exists when in fact it does not (this is also frequently referred to as a Type I error risk in your statistics courses).
By CAS 530.14 and CAS 539.A14, auditors must project sample misstatements to the entire population, but this may not be sufficient for deciding on an adjusting entry (specifically, the effectiveness risk may still be too high even for the adjusted amount because the sample size with the detected number of misstatements has too high an effectiveness risk associated with it). In CAS 530.A3, tolerable misstatement = overall materiality or performance materiality or lower (we show below that with our formulas you can simply use overall materiality as long as that is sufficient to meet user needs for the account or population in question). More specifically, with our formulas below, the planned precision is the tolerable misstatement. Essentially the auditor decides what is tolerable after taking into account materiality. To simplify things in this text we set planned precision to equal materiality, and in Appendix 10B we explain the consequences of this decision. CAS 530.A6 states that the auditor must clearly define what is a misstatement, both qualitative and quantitative. This is a key audit judgment in sampling. CAS 530.A13 allows haphazard selection, but some research has shown that it can cause problems due to judgmental biases (these biases are a form of non-sampling error leading to non-sampling risk). Auditors are supposed to control non-sampling errors with proper training, supervision, and public accounting firm quality controls. By CAS 530.A21–A23 (same as AuG-41), decisions can be based on projected misstatements (this is for nonstatistical evaluation). If the results are not acceptable, then the auditor can test alternative controls in the case of control testing, or modify related substantive procedures (using the audit risk model). More details are given in the rest of this chapter and Appendix 10B.
WWW.TEX-CETERA.COM
502
PART 2
Basic Auditing Concepts and Techniques
CAS 530, Appendix 1, says that stratification introduces efficiencies. One form of stratification is monetary unit sampling (MUS). Dollar unit sampling (DUS) is one type of MUS. In Canada we use dollars as our currency, so we sometimes refer to DUS, but the same formulas can be applied to any monetary units. MUS also results from having a different perspective on an accounting population, thereby illustrating how a different perspective can have an effect on the audit reasoning process. The formulas below are based on the rate of monetary units, however defined. But once you have settled on the currency, you multiply the currency units (such as dollars, yuan, or euros) by the monetary rate to get the valuation in terms of the currency. In this book we work with Canadian dollars. CAS 530, Appendices 2 and 3, list factors that influence sample size, which we will see illustrated with MUS below. CAS 530, Appendix 4, includes the following: 1.
Random selection: The objective is to get a representative sample of the population.
2.
Systematic selection: This is frequently implemented by adding items through a population. You need to subdivide the population into equal-length intervals called sampling intervals and then randomly select (using the random number table or @RAND function in Microsoft Excel) an item from the first sampling interval. Then add the sampling interval amount to the random number selected, adding your way through the population—this process means you will select one item from each sampling interval, guaranteeing uniform coverage of the population. See Appendix 10B for more details on systematic selection.
3.
MUS: MUS, when combined with systematic and random selection, is a very effective way of sampling in continuous online audit environments with electronic evidence. This is one reason MUS dominates in audit practice.
4.
Haphazard sampling (unstructured sampling, also referred to as judgmental sampling—the dangers of this approach are emphasized in some research): This is the most widely used approach in practice. Judgmental sampling can also mean something more than haphazard sampling, like the block sampling described in the next line.
5.
Block sampling: This is a type of convenience testing, but it is usually not very representative. For example, you may select a block or group of transactions of a particular subperiod or in a particular file, such as testing all transactions during a single month. It may be convenient but usually not very representative of all transactions (such as for a year).
Review Checkpoints 10-1 Why do auditors use the sampling concept as part of their testing procedure? 10-2 What is the essential difference between representative and non-representative testing? 10-3 What is the fundamental difference between statistical and non-statistical sampling? 10-4 Which sampling risk is the most important in auditing and why? 10-5 How do auditors control sampling risk? 10-6 What is non-sampling risk? 10-7 How do auditors control non-sampling risk? 10-8 How do sampling risks relate to the overall audit objective of providing assurance on information?
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
503
Introduction to Audit Sampling LO1
Explain the role of professional judgment in audit sampling decisions.
Audit sampling is the application of an audit procedure to less than 100% of the items within an account balance population or class of transactions in order to evaluate some characteristic of the group.2 The goal of audit sampling is to get a representative result for an account population or class of transactions. Testing is synonymous with sampling.3 Sampling was part of the explanation of a control test, which was defined as (1) identifying the data population from which to select a sample of items and (2) describing an action to produce relevant evidence. It is important to understand some sampling theory because it helps explain some of the most important principles of auditing, such as the risk-based approach to auditing. Probability and sampling theory provide the foundations for much of the logic of auditing, including deciding when sufficient evidence has been gathered to support the audit opinion. Sampling theory is the basis of the audit risk model. Just like in your economics course when, for example, you see how the demand equals supply relationship works through equilibrium equations, you can use math to clarify audit and accounting concepts. For example, the basic audit risk model helps clarify the relationship between risk of material misstatement and detection risk. In the more-advanced parts of this book, we probe a little further with math models to deepen your understanding of how risks work in auditing and financial reporting. This chapter begins that process. This is an important chapter for understanding the logic of auditing. For example, the most fundamental risk concepts in auditing are the effectiveness and efficiency risks, and we relate them to the audit risk model. All risks discussed here are a form of either effectiveness risk or efficiency risk. But the differences in the way these risks behave, and their relative importance for the audit, have a carry-over effect to the other risks based on them. Hence, we treat the distinction between effectiveness and efficiency risk as fundamental. We keep the technical details at a minimum. Supporting details are provided in Appendix 10B. To understand the definition of audit sampling, you must keep the following definitions in mind. Audit procedures are the general audit techniques of Chapter 8 (recalculation/reperformance, observation, confirmation, inquiry, inspection, and analysis). An account balance is a control account made up of many constituent items; for example, an accounts receivable control account represents the sum of customers’ accounts. A class of transactions refers to a group of transactions with common characteristics, such as cash receipts or cash disbursements, but not necessarily added together as an account balance in generally accepted accounting principles (GAAP) financial statements. A population is the set of all the elements that
audit sampling: testing less than 100% of a population (items in an account balance or class of transactions) to form a conclusion about some characteristic of the balance or class of transactions
audit procedures: the general audit techniques of recalculation/reperformance, observation, confirmation, inquiry, inspection, and analysis
account balance: a control account made up of many constituent items
class of transactions: groups of accounting entries that have the same source or purpose; credit sales, cash sales, and cash receipts are three different classes
population: the set of all the elements that constitute an account balance or class of transactions
WWW.TEX-CETERA.COM
504
PART 2
Basic Auditing Concepts and Techniques
constitute an account balance or class of transactions; each of the elements within it is a population unit. When an auditor selects a sample of the population, each element selected is called a sampling unit (e.g., a customer’s account, an inventory item, a debt issue, a cash receipt, a cancelled cheque). A sample is a set of such sampling units. Specifically, audit sampling is less than 100% examination of items in a population for the purpose of getting a representative result of the population (CAS 530.05). An important professional judgment is how to define a population or class relative to audit objectives.
How Risk and Materiality Are Used in Audit Sampling Materiality and risk are key concepts in statistical sampling and auditing. This is indicated in CAS 530 by quotations such as the following: The determination of an appropriate sample on a representative basis may be made using either statistical or non-statistical methods. Whether statistical or non-statistical methods are used, their common purpose is to enable the auditor to reach a conclusion about an entire set of data by examining only a part of it. Statistical sampling methods allow the auditor to express in mathematical terms the uncertainty he or she is willing to accept and the conclusions of his or her test. The use of statistical methods does not eliminate the need for the auditor to exercise judgment. For example, the auditor has to determine the degree of audit risk he or she is willing to accept and make a judgment as to materiality. The following box shows how the auditor’s professional judgment is applied when deciding how much audit work is required and how the audit finding will be interpreted.
Professional Judgment and the Extent of Audit Testing Auditing standards have noted that decisions concerning materiality and audit risk are the most significant made in the course of an audit because they form the basis for determining the extent of the auditing procedures to be undertaken (also see CAS 320.06). This illustrates that professional judgment is critical to the appropriate application of audit sampling. To better understand this, imagine that the audit is a purely scientific endeavour in which the management assertions are hypotheses that have to be either supported (verified) or contradicted by the evidence. An analogy, but not one to be taken too literally, is to think of auditor opinions as being similar to a media opinion poll. For example, an opinion poll in The Toronto Star reported that mayoral candidate M. L. led with 51% of the decided vote over candidate B. H., who had 46% support. This poll was the result of surveying 400 Toronto residents. A sample of this size is considered accurate to within 5 percentage points, 19 times out of 20. In other words, because of the uncertainties associated with the representativeness of the sample of 400, the best the statistician can conclude about M. L.’s prospects is that there is a 95% confidence level that his actual support is in the range 51% ± 5% = 46–56%. The width of this band around M. L.’s best point estimate of 51% is referred to as sampling precision, which is related to materiality. The confidence level is most relevant to the auditor when it is related to the assurance level desired from the test. For some statistical models, this alignment with assurance is true only when the statistical test is designed a certain way, as discussed later in this chapter. Conceptually, an auditor would like conclusions on the financial statements similar to those of a pollster on populations of voters. For example, after audit testing, the auditor may like to conclude that a client’s net income number is (continued)
population unit: each element of a population
sampling unit: a unit used for testing a client’s population, for example, a customer’s account, an inventory item, a debt issue, or a cash receipt
sample: a set of sampling units
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
505
$200,000 ± $10,000, 19 times out of 20. The auditor could make this kind of declaration if the appropriate statistical samples were drawn from all the accounting components that make up net income. In this statistical sampling framework, the degree of accuracy or precision of the sample is related to materiality, that is, the ±$10,000 (or ±5% in the Star poll). Audit assurance is the statistical confidence, that is, 19 times out of 20, which is equal to 95%. Thus, if an auditor’s report were interpreted purely statistically, “in all material respects” means that the difference between the audit estimate (audit value, or AV) based on audit testing and the reported amount (book value, or BV) is less than material. The level of audit assurance is captured by the words “in our opinion” in the auditor’s report. Under this view, the standard audit report indicates, therefore, that there is a high level of assurance that there are no material factual misstatements in the financial statements. We can also look at the complement of assurance, audit risk, discussed in CAS 200, and interpret the standard audit report to mean there is a low level of risk that there are material misstatements in the financial statements after the audit. Using a statistical sampling framework, the audit report decision will be based on a sufficient amount of testing so that the confidence interval around the auditor’s best estimate audit value will both include book value and be smaller than materiality; that is, the auditor will have achieved the planned level of assurance from the testing. For example, assume the auditor has done enough testing of a client with a reported net income of $198,000 to conclude with 95% confidence (assurance) that GAAP income is in the interval $198,000 ± $10,000. If materiality is set at 8% of reported income, it equals 0.08 × $198,000 = $15,840. As the achieved precision of $10,000 is less than materiality of $15,840, the auditor can conclude with at least 95% assurance that there is no material error in the reported net income of $198,000. To reach such a conclusion, the auditor will have to plan the testing so that achieved precision is no larger than materiality. If BV − AV is greater than materiality, the auditor has not obtained the 95% assurance from testing and will have to either do more audit work or insist on an adjustment. Both options involve considerable professional judgment. However, statistical sampling has at least clarified the quantitative issues. Hopefully, this illustrates that statistical sampling does not eliminate professional judgment. But it can aid professional judgment and provide quantitative guidance.
Sampling and the Extent of Auditing Three aspects of auditing procedures are important—nature, timing, and extent. Nature of audit procedures refers to the six general techniques (recalculation/reperformance, confirmation, inquiry, inspection, observation, and analysis). Timing considers when procedures are performed. More will be said about timing later in this chapter. Audit sampling is concerned primarily with matters of extent—the amount of work done when the procedures are performed. In the context of auditing standards, nature and timing relate most closely to the appropriateness of the evidence, while extent relates most closely to its sufficiency (sample size). Since client files, such as inventory and accounts receivable, can contain thousands of accounting records, it is uneconomical to test them exhaustively, and auditors consider the concept of testing carefully. Testing is a means of gaining assurance that the amount of error in large files is not material. Statistical sampling is the formal theory supporting the concept of testing, but courts approved it long before statistical theories were introduced to auditing. The majority of testing in auditing was once done on a judgmental basis, but as accounting populations grew, auditors realized that statistical sample sizes could be much smaller than intuition would suggest. For this reason, statistical sampling became increasingly popular in the second half of the 20th century. While both testing methods are equally acceptable by auditing standards, the focus here is on statistics, as the theory underlying it formalizes the reasoning used in pure judgmental (haphazard) testing. Statistical sampling in auditing helps make more precise the key concepts of risk and materiality in auditing. Another advantage of statistical auditing is that it forces auditors to clarify their thinking in planning the audit. For example, statistical auditing forces auditors to define a population more precisely because the statistical
WWW.TEX-CETERA.COM
506
PART 2
Basic Auditing Concepts and Techniques
conclusion applies only to the part of the population that was statistically sampled. This increased rigour can be useful when justifying the audit work in court, to regulators, and to accountability boards. However, statistical sampling tends to be more time-consuming and requires more training. Hence, definite trade-offs must be made. This is another example of why professional judgment is needed. The two types of audit programs introduced in Chapter 8 are summarized below. Note that both of these can be performed on a statistical or non-statistical basis.
Two Kinds of Audit Programs: Two Purposes for Audit Sampling INTERNAL CONTROL PROGRAM
BALANCE AUDIT PROGRAM
Purpose
Purpose
Obtain evidence about client’s control objective compliance, including
Obtain evidence about client’s financial statement assertions, including
Validity
Existence (Occurrence)
Completeness
Completeness
Authorization
Ownership (Rights and obligations)
Accuracy
Valuation
Classification
Presentation and disclosure
Proper period Sample
Sample
Usually from a class of transactions (population), such as
Usually from items in an asset or liability balance (population), such as
Cash receipts
Accounts receivable
Cash disbursements
Loans receivable
Purchases (inventory additions)
Inventory
Inventory issues
Small tool fixed assets
Sales on credit
Depositors’ savings accounts
Expense details
Accounts payable
Welfare payments (eligibility)
Unexpired magazine subscriptions
Review Checkpoints 10-9
Define the following terms: audit sampling, population, population unit, and sample.
10-10 What role does professional judgment play in audit decisions regarding materiality, risk, and sampling? 10-11 How does audit assurance relate to audit risk? 10-12 How does sampling relate to forming an audit opinion on financial statements?
Inclusions and Exclusions Related to Audit Sampling LO2
Distinguish audit sampling work from non-sampling work.
Look again at the audit sampling definition, specifically the statement “to form a conclusion about some characteristic of the balance or class of transactions.” This means that an audit procedure is considered audit sampling only if the auditor’s objective is to reach a conclusion about the entire account balance or transaction
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
507
class (the population) on the basis of the evidence obtained from the sample. If the entire population is audited, or if it is only done to gain general familiarity, the work is not considered audit sampling. Perhaps the distinction between audit sampling and other methods can be seen when considered against the following procedures that are not considered audit sampling: • Complete (100%) audit of all the elements in a balance or class • Analytical procedures that are overall comparisons, ratio calculations, and the like • A walk-through—following one or a few transactions through the accounting and control systems to obtain
a general understanding of the client’s systems • Methods such as inquiry of employees, obtaining written representations, obtaining inquiry responses via
an internal control questionnaire, scanning accounting records for unusual items, and observing personnel and procedures4 • Selecting specific items because of their high or key value or some other characteristic of special interest, such as suspected fraud (CAS 530) Several procedures are typically used in audit sampling applications: recalculation, physical observation of tangible assets, confirmation, and document examination. These procedures are most often applied to the audit of the details of transactions and balances.
Review Checkpoints 10-13 Give examples of auditing procedures that are not sampling applications. 10-14 List audit procedures likely to be applied on a sample basis.
Why Auditors Sample LO3
Compare and contrast statistical and non-statistical sampling.
Auditors use audit sampling when (1) the nature and materiality of the balance or class does not demand a 100% audit, (2) a decision must be made about the balance or class, and (3) the time and cost to audit 100% of the population would be too great. The latter point is based on the concept of diminishing returns to testing that is illustrated in Appendix 10B. The two sampling designs used are statistical and non-statistical sampling. Exhibit 10–3 provides an overview of the different choices auditors can make about the extent of their testing.
Statistical Sampling Statistical sampling uses the laws of probability for selecting and evaluating a sample from a population for the purpose of reaching a conclusion about the population. The essential points of this definition are that (1) a statistical sample is selected at random and (2) statistical calculations are used to measure and express the results. Both conditions are necessary for a method to be considered statistical sampling rather than nonstatistical sampling.
statistical sampling: audit sampling that uses the laws of probability to select and evaluate a sample from a population for the purpose of reaching a conclusion about the population
WWW.TEX-CETERA.COM
508
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10–3
Extent of Audit Testing Extent of Audit Testing 100% Examination – Large items – Unusual items – Looking for fraud
Analytical Procedures
Statistical –Regression
Non-statistical –Inquiries –Informal analysis
Sampling = Testing = Partial Examination Representative
Statistical
Tests of controls
Substantive tests of details of balance
Non-statistical
Tests of controls
Non-representative – Large items – Looking for fraud – Unusual items
Substantive tests of details of balance
A random sample is chosen so that each population item has a predictable probability of being selected in the sample (CAS 530.05). You cannot use statistical calculations with a non-random sample. The mathematical laws of probability don’t apply to non-random samples, and basing such calculations on a non-random sample could be misleading. Any appropriate sample size may be considered statistical sampling. Appropriate in this context means consistent with a statistical sampling model, such as MUS, chosen by the auditor. The model can then be used to calculate the sample size, which indicates the sufficiency of audit work based on risk and materiality objectives. A statistical sampling approach can thus facilitate professional judgments on sufficiency and appropriateness of evidence, as outlined in Exhibit 8–6. A sampling method is statistical by virtue of random selection of the sample coupled with statistical calculation of the results (CAS 530.05).
Use of Statistical Sampling Use statistical sampling when • • • • •
Random numbers can be associated with population items. Objective results that can be defended mathematically are desired. The auditor has insufficient knowledge about the population to justify a non-statistical sample. A representative (random) sample is required. Staff are adequately trained in statistical auditing.
Statistical sampling is advantageous because it • • • • • •
Requires a precise and definite approach to the audit problem. Incorporates evaluation showing a direct relation between the sample results and the entire population under audit. Requires auditors to specify, and even quantify, particular judgments on risk and materiality. Does not eliminate or reduce auditors’ professional judgment. Allows more objective control of audit risks. Results in better planning and documentation when properly implemented (but can be more time-consuming and costly because of the greater formalism required).
random sample: a set of sampling units so chosen that each population item has an equal likelihood of being selected in the sample
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
509
Non-statistical Sampling Non-statistical (judgmental) sampling is audit sampling in which auditors do not use statistical calculations to express the results. Sample selection can be random sampling or some other selection technique. Auditors are fond of saying that non-statistical sampling involves “consideration of sampling risk in evaluating an audit sample without using statistical theory to measure that risk.” In this context, consideration means giving sampling risk some thoughtful attention without directly knowing or measuring its magnitude. Do not confuse sampling and non-sampling risk with statistical and non-statistical sampling. They are not the same, as is further explained in the next learning objective.
Use of Non-statistical Sampling Use non-statistical sampling when • Association of population items with random numbers is difficult and expensive. • Strictly defensible results based on mathematics are not necessary. • The auditor’s knowledge about the population justifies a non-statistical sample with expectation of a reasonable conclusion about the population. • A representative (random) sample is not required, for example, when an efficient non-statistical sample of large items leaves an immaterial amount unaudited. • The population is known to be diverse, with some segments especially error prone.
Non-statistical sampling is advantageous because • • • •
It permits a less rigidly defined approach to unique problems that might not fit into a statistical method. It permits the auditors to reapply evaluation judgments based on factors in addition to the sample evidence. It permits auditors to be less than definite about and omit quantification of particular judgments on risk and materiality. It permits auditors to assert standards of subjective judgment. (Thus, the alternative name is judgment sampling.)
Effectiveness Risk, Efficiency Risk, Sampling Risk, and Non-sampling Risk5 LO4
Differentiate between effectiveness risk, efficiency risk, sampling risk, and non-sampling risk.
Even when procedures are performed on a sample basis and sufficient evidence is obtained, a conclusion about the population characteristic can still be wrong. For example, suppose an auditor selected 100 sales invoices for audit and found no errors or irregularities in any of them. To conclude from this that there is no significant incidence of errors and irregularities in the entire population of sales invoices might be wrong. How, you ask? The sample might not reflect the actual condition of the population. No matter how randomly or carefully the sample was selected, it might not be a good representation of the extent of errors and irregularities actually in the population.
Review Checkpoints 10-15 Give three reasons why auditors may choose to use sampling. 10-16 What three choices are available to the auditor for deciding on the extent of audit procedures? 10-17 Are testing, partial examination, and sampling the same thing? Explain your response.
non-statistical (judgmental) sampling: choosing items in a population for audit testing and evaluating the findings based on the auditor’s own knowledge and experience rather than statistical methods
WWW.TEX-CETERA.COM
510
PART 2
Basic Auditing Concepts and Techniques
10-18 Distinguish between statistical and non-statistical sampling. 10-19 Differentiate between representative and non-representative testing. What client factors determine which is most appropriate in planning audit procedures? 10-20 What is the difference between a statistical representative test and a non-statistical representative test? 10-21 Why can a non-representative test not be done statistically?
Sampling risk is the probability that an auditor’s conclusion based on a sample might be different from a conclusion based on an audit of the entire population. If an auditor with more time went through all the invoices and found multiple errors, your sample-based decision would be proved wrong. Apparently, your sample did not represent the population very well. Sampling risk expresses the probability of a wrong decision based on sample evidence, and it is a fact in both statistical and non-statistical sampling methods. With statistical sampling, you can both measure and control sampling risk by auditing sufficiently large samples. With non-statistical sampling, you can “consider” sampling risk without measuring it, something that requires experience and expertise. Other special aspects of sampling risk are discussed later, in the sections on auditing control compliance and account balances. Two types of sampling risk are efficiency and effectiveness risk. These risks apply to all audit procedures, whether statistical or not, but they are best introduced in a statistical context. Efficiency risk (type I error risk) is the risk that the auditor concludes that the population is worse in terms of errors than it really is. Effectiveness risk (type II error risk) is the risk that the auditor concludes that the population is better than it really is. Now, which risk covers the situation of the auditor’s failing to detect a material misstatement? If you said effectiveness risk you are correct. Effectiveness risk covers the situation where the auditor concludes the population is better (i.e., immaterial misstatements) than it actually is (i.e., material misstatements). Auditors have developed more-specific risk terms for various types of testing, but they are all either efficiencyor effectiveness-type risks. Effectiveness and efficiency risks are the most fundamental risk concepts in auditing. Keep this basic classification in mind to help you better follow the subsequent terminology. Note also that efficiency and effectiveness risks are very general in that they apply to both statistical and non-statistical sampling. The profession has developed a proliferation of risk terms, but most of these relate to different sources of efficiency- and effectiveness-type errors at different stages of the audit process. For example, we have already noted that all the risks of the audit risk model, including risk of material misstatement, relate to effectiveness-type errors. You can see this just by looking at the definition of effectiveness risk and then comparing it with the definition of the other risks in the audit risk model. Thus, the efficiency and effectiveness risk distinction is the most fundamental categorization of risks in auditing. We conclude this section with summaries of statistical versus non-statistical sampling and non-sampling risks. The efficiency and effectiveness risk distinction applies to all of these situations, because the distinction applies to any audit situation where immaterial or material misstatements are possible. Since the auditor does not know which state, material or immaterial misstatement, is the true state (if the auditor did know for sure then he or she
sampling risk: the probability that an auditor’s conclusion based on a sample might be different from the conclusion based on an examination of the entire population
efficiency risk (type I error risk): the risk that the auditor will incorrectly reject an account balance that is not materially misstated; a type of sampling risk
effectiveness risk (type II error risk): the risk that the auditor will incorrectly accept an account balance that is materially misstated; it can result in audit failure and so is considered to be a more serious problem for the audit than incorrect rejection; a type of sampling risk
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
511
would not need to perform audit procedures), these efficiency and effectiveness risk distinctions apply to all of the following summaries. The importance of effectiveness risk for auditing can be seen by noting that an audit deficiency of Chapter 4 can only occur when effectiveness risk is unacceptably high. This occurs when not enough evidence has been gathered (to control effectiveness risk at acceptable levels), or, after gathering the evidence, the risk of undetected material misstatements is too high (because of the small number of errors found in testing). Non-sampling risk includes the possibility of making a wrong decision, which exists in both statistical and non-statistical sampling. Non-sampling risk’s problem is that it cannot be measured. Auditors control it and believe they have reduced it to a negligible level through adequate planning and supervision of the audit, by having policies and procedures for quality control of their auditing practices, and by having internal monitoring and external peer review of their own quality control systems. Auditors are also more open to criticism and fault-finding when erroneous audit decisions result from non-sampling risk. External critics (judges, juries, peer reviewers) have few grounds for criticizing auditors who fall victim to sampling risk, provided that an audit sampling application is planned and executed reasonably well. Non-sampling risk is all risk other than sampling risk. The audit risk (AR) model given in Chapter 6 is necessary to understanding the breadth of this definition: Risk Model: AR = IR × CR × DR Non-sampling risk can arise from any of the following: • Misjudging the inherent risk (IR). An auditor who mistakenly believes that few material errors or irregulari-
ties occur will tend to do less work and, therefore, may fail to detect problems. • Misjudging the control risk (CR). An auditor who is too optimistic about the ability of controls to prevent,
detect, and correct errors and irregularities will tend to do less work, with the same results as misjudging the inherent risk. • Poor choice of procedures and mistakes in execution—related to detection risk (DR). Auditors can select procedures inappropriate for the objective (e.g., confirming recorded accounts receivable when the objective is to find unrecorded accounts receivable), fail to recognize errors or irregularities when vouching supporting documents, or sign off on procedures when the work was not actually done.
Examples of Non-sampling Risk Performing inappropriate procedures: The auditor based the evaluation of inventory obsolescence on forecast sales without adequately evaluating the reasonability of the forecast assumptions. Failure to consider test results appropriately: The auditor did not adequately investigate discrepancies in inventory counts and pricing, failing to note misstatements. Neglecting the importance of analytical review: The auditor might have discovered the client’s failure to eliminate intercompany profits if year-to-year product mix, gross profit, and recorded eliminations had been analyzed. Failure to maintain control over audit procedures: The auditor’s lax attitude permitted client employees to tamper with records selected for confirmation. Lack of professional skepticism: The auditor accepted the client’s unsupported verbal representations instead of gathering independent evidence to support management’s assertions. Accounting risk: These are risks related to forecasting the future (risk of forecast errors), typically affecting the measurement or valuation assertions. Accounting risk cannot be eliminated by gathering more evidence, as it is related to auditee business risks not affected by audit procedures. The accounting risk concept helps in identifying deficiencies of accounting estimates that result in misleading financial reporting. Accounting risk and its control are discussed in Chapter 19, Part II (available on Connect).
non-sampling risk: the possibility of making a wrong decision, which exists in both statistical and non-statistical sampling
WWW.TEX-CETERA.COM
512
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10–4
Summary of Risks in Audit Testing (Categorized by Type of Test) RISK
TESTS OF CONTROLS
SUBSTANTIVE TESTS OF BALANCE
Audit risk (AR)
Control risk (CR) component of AR
Risk of incorrect acceptance (RIA) or analytical procedures risk (APR) component of AR
Sampling risk
Risk of selecting a non-representative sample in tests of controls
Risk of selecting a non-representative sample in substantive tests
Efficiency risk
Controlled indirectly via tests of controls
Controlled indirectly via substantive tests
Effectiveness risk
Controlled directly via value for CR
Controlled directly via values for RIA and APR
Non-sampling risk
All other risks associated with testing of controls
All other risks associated with substantive testing
The various risks in auditing are summarized in Exhibit 10–4 by the two broad categories of audit tests. This is the more traditional way of organizing audit risks, as it is based on the two major categories of audit procedures. Exhibit 10–4 focuses on effectiveness risk, efficiency risk, sampling risk, and non-sampling risk associated with gathering evidence. If the effectiveness risks are at unacceptably high levels, then an audit deficiency occurs. This can result in report reservations, as discussed in Chapter 4. Exhibit 10–5 organizes risk by the primary concepts of efficiency and effectiveness risk. The exhibit thus classifies risks by their relative importance (effectiveness versus efficiency). Note that the importance is reflected by the fact that all risks in the audit risk model fall in the effectiveness risk column. This exhibit summarizes much of the rest of the risk discussion in this chapter.
Sampling Methods and Applications Audit sampling concerns the amount of work performed and the sufficiency of audit evidence obtained. Its terminology includes many new concepts and definitions. The ones presented in earlier chapters, however, are general and apply to all phases of audit sampling. Knowing them allows you to “speak the language.” Auditors design audit samples to (1) evaluate control effectiveness in assessing control risk and (2) audit account balances in gathering direct evidence about financial statement assertions. These two parts will be covered in the next sections of the chapter. Each design is organized in terms of planning, performing, and evaluating audit sampling. EXHIBIT 10–5
Summary of Risks in Audit Testing (Now Categorized by Efficiency and Effectiveness Risk Types) RISK
EFFICIENCY RISK
EFFECTIVENESS RISK
Audit risk (AR)
Not represented in AR model
AR and its control risk (CR), risk of incorrect acceptance (RIA), and analytical procedures risk (APR) components
Sampling risk
Statistical risk of incorrectly rejecting a population or class of transactions
Statistical risk of incorrectly accepting a population or class of transactions
Non-sampling risk
Judgmental risk of incorrectly rejecting a population or class of transactions
Judgmental risk of incorrectly accepting a population or class of transactions
Tests of controls risks
Risk of assessing CR too high (underreliance on controls)
Risk of assessing CR too low (Overreliance on controls)
Substantive procedures risks: Detection risk and its components RIA and APR
Risk of incorrect rejection (RIR)
RIA
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
513
This chapter is presented in general terms, along the same lines as CAS 530, but with some basic formulas to clarify relationships. The chapter also reconciles with CPA Canada Handbook section 5300, the auditing guideline “Applying the Concept of Materiality,” and the American Institute of Certified Public Accountants (AICPA) audit and accounting guide titled “Auditing Sampling.” (5300 and the AuG are replaced by CAS, but retained in the CPA Canada standards collection on a temporary basis for reference.)
Review Checkpoints 10-22 What is non-sampling risk? Give some examples. 10-23 Define sampling risk. 10-24 Does sampling risk always exist in both statistical and non-statistical sampling? Explain your response. 10-25 Can sampling risk be avoided? Explain. 10-26 Can non-sampling risk be avoided? Explain. 10-27 Are auditors more likely to be sued successfully for sampling risk or for non-sampling risk? 10-28 What two types of audit programs are ordinarily used as written plans for audit procedures? 10-29 What are control tests? What purpose do they serve?
Test of Controls for Assessing Control Risk LO5
Develop a simple audit program to test a client’s internal control procedures.
Auditors must assess control risk to determine the nature, timing, and extent of other audit procedures. Final evaluations of internal control are based on evidence obtained in the review and testing phases of an evaluation. It is difficult to describe control risk assessments, as they depend entirely on judgments made under the circumstances of each specific situation. For example, an auditor might learn that a company requires the bookkeeper to match a shipping order with each sales invoice before recording a sale, as a control against the recording of fictitious sales. Now, suppose this control test shows a number of invoices without supporting shipping orders, possibly causing sales to be overstated. More-extensive work on accounts receivable using confirmation, inquiries, and analytical review related to collectability would deal with this control deficiency. This shows how control testing provides only indirect evidence of the monetary accuracy of the accounts. Failure to have a matching shipping order only increases the probability of a monetary misstatement but does not guarantee a misstatement; the shipping orders might have been misplaced and the recorded sales invoice might still be correct. Only further substantive work, such as direct confirmation with the customer, would provide convincing evidence of a misstatement. This example related a specific control (matching sales invoices with shipping orders) to a specific set of audit procedures directed toward a possible problem (overstatement of sales and receivables). Generally, auditors reach judgments about control risk, as shown in Exhibit 10–6. Some situations call for a non-quantitative expression and some for a quantitative expression. The quantitative ranges overlap, communicating that auditors cannot put exact numbers on these kinds of evaluations.
Sampling Steps for Tests of Control LO5a
Specify objectives, deviation conditions, populations, and sampling units.
Audit sampling is a structured, formal approach and plan for conducting control. The seven-step framework helps auditors plan, perform, and evaluate control test results. It also helps auditors accomplish an eighth
WWW.TEX-CETERA.COM
514
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10–6
Auditor’s Assessment of Control Risk JUDGMENT EXPRESSION OF CONTROL RISK EVALUATION OF INTERNAL CONTROL
NON-QUANTITATIVE
QUANTITATIVE
Excellent control, both as specified and in compliance
Low (1)
10%–30%
Good control, but lacks something in specification or compliance
Moderate (2)
20%–70%
Deficient control, either in specification or compliance or both
High (3)
60%–95%
Little or no control
Maximum
100%
If combining inherent and control risk evaluation is easier, then “low,” “moderate,” and “high” mean the following, respectively: 1. Low combined inherent and control risk 2. Moderate combined inherent and control risk 3. High combined inherent and control risk
step—careful documentation of the work and reasoning—by showing each of the seven areas to be described in the working papers. The first seven steps are as follows: 1.
Specify the audit objectives.
2.
Define the deviation conditions.
3.
Define the population.
4.
Determine the sample size.
5.
Select the sample.
6.
Perform the control tests.
7.
Evaluate the evidence.
Plan the Procedures The first three steps are the phase of problem recognition. When a client describes the control system, the implicit assertion is, “These controls work; people comply with the control procedures and achieve the control objectives.” The auditors’ question (problem) is, “Is it so? Are the validity and other control objectives achieved satisfactorily?” Testing of controls is always directed toward producing evidence of the client’s performance of its own control procedures. Thus, auditors’ procedures should produce evidence about the client’s achievement of the seven control objectives.
Specify the Audit Objectives An example of a validity control procedure is the client’s procedure of requiring a shipping order to be matched with a sales invoice before a valid sale is recorded. The specific objective of an auditor’s test of controls audit procedure could be, “Determine whether recorded sales invoices are supported by matched shipping orders.” The audit procedure itself would be, “Select a sample of recorded sales invoices and vouch them to supporting shipping orders.” The matching of sales invoices to shipping orders is a key control and important here. Auditors should identify and audit only the key controls. Incidental controls are not relied on to reduce control risk, and auditing them for compliance just wastes time.
problem recognition: the first three steps of the sampling method
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
515
Define the Deviation Conditions The terms deviation, error, occurrence, and exception are synonyms in test of controls sampling. They all refer to departure from a prescribed internal control procedure; for example, an invoice is recorded with no supporting shipping order (bill of lading). Deviation conditions need to be defined at the outset so that the auditors will know a deviation when they see one. As an assistant accountant, you would prefer to be instructed to “select a sample of recorded sales invoices, vouch them to supporting shipping orders, and document cases where the shipping order is missing,” rather than, “check recorded sales invoices for mistakes.” The latter instruction does not clearly define the deviation conditions and can increase non-sampling risk. This example is oversimplified, but this vouching procedure for compliance evidence might be used to obtain evidence about several control objectives at the same time. The invoice can be compared with the shipping order for evidence of actual shipment (validity) and reviewed for credit approval (authorization); prices can be compared with the price list (authorization and accuracy); and quantity billed can be compared with quantity shipped (accuracy), recalculated (arithmetic accuracy), compared for correspondence of shipment date and record date (proper period), and traced to postings in the general ledger and subsidiary accounts (accounting). Exhibit 10–7 shows some deviation conditions laid out in a working paper designed to record the control testing results for a sample of sales invoices. Test of controls audit sampling is also called attribute sampling—sampling in which auditors look for the presence or absence of a control condition. In response to the audit question, “For each sales invoice in the EXHIBIT 10–7
Test of Controls Audit Documentation No v. 11, 20X2 JC By ______________ Date ______________
m 10.3 Index ______________
F.D. No v. 15, 20X2 Review __________ Date ______________ KINGSTON COMPANY Test of Controls over Recorded Sales December 31, 20X2 Invoice number
Date
Amount
35000 35050 35100 35150 35200 35250
Mar. 30 Mar. 31 Apr. 2 Apr. 3 Apr. 5 Apr. 6
$ 3,000 $ 800 $ 1,200 $ 1,500 $ 400 $ 300
32100 32150
Jan. 3 Jan. 4
$ 1,000 $ 200
34850 34900 34950
Mar. 25 Mar. 26 Mar. 27
Missing $ 100 $ 200
Sample = 200 Uncorrected deviations
Bill of lading
Credit approved
Approved prices
Quantities Arithmetic Dates match accurate match
Posted to customer
X Y Y X
X
Y
X
X
X
X Y
X
X
X
4
9
5
6
3
7
$ 98,000 0
X = Uncorrected deviation. Y = Deviation occurred but was detected and corrected later.
attribute sampling: the type of audit sampling in control testing in which auditors look for the presence or absence of a control condition
WWW.TEX-CETERA.COM
516
PART 2
Basic Auditing Concepts and Techniques
sample, can a matched shipping order be found?” the answer can be only yes or no. With this definition, auditors can count the number of deviations and use the count when evaluating the evidence. Attribute sampling can also be useful in balance auditing; an example is shown in the box below.
A Balance Audit Application of Attribute Sampling Attribute control test samples are usually drawn from a class of transactions in order to obtain evidence about compliance with control objectives. Attribute samples may be used for balance audit purposes. This example suggests an attribute sample to obtain evidence about an ownership (rights) financial statement assertion. Question: A lessor is in the business of leasing autos, large trucks, tractors, and trailers. Is it necessary for the auditors to examine the titles to all the equipment? Answer: It is not necessary, unless some extraordinary situation or circumstance is brought to light, for the auditors to examine titles to all the equipment. Random test verification of title certificates or proper registration of vehicles should be made. Source: AICPA Technical Practice Aids, 8330.02.
Define the Population Specifying the control test (compliance) audit objectives and the deviation conditions usually defines the population, that is, the set of all elements in the balance or class of transactions. In our example, the population consists of all the recorded sales invoices, and each invoice is a population unit. In classical attribute sampling, a sampling unit is the same thing as a population unit.6 Population definition is important because audit conclusions can only be made about the population the sample was selected from. For example, evidence from a sample of recorded sales invoices cannot be used for a conclusion about completeness. Controls related to the completeness objective (in this case, control over failure to record an invoice for goods shipped) can only be audited by sampling from a population representing goods shipped (the shipping order file) and not by sampling from the population of recorded invoices. The timing of the audit work complicates population definition. Control tests should ideally be applied to transactions executed throughout the entire period under audit. However, auditors often perform control tests at an interim date—a date some weeks or months before the client’s year-end date—when the entire population is not available for audit. Doing the work at an interim date is fine, but auditors cannot ignore the period between the interim date and the year-end. Strategies for control in the period after the interim date are explained later. The question of how well the physical representation of the population corresponds to the population itself also complicates the population definition. The physical representation of the population is the auditor’s frame of reference for selecting a sample. It can be a journal listing of recorded sales invoices, a file drawer full of invoice copies, a computer file of invoices, or another physical representation. The sample will actually be selected from the physical representation, so it must be complete and correspond to the actual population. The physical representation of the recorded sales invoices as a list in a journal is fairly easy to visualize. However, an auditor should make sure that periodic listings (e.g., monthly sales journals) are added correctly and posted to the general ledger sales accounts. In our example, a selection of individual sales invoices from the sales journal is known to be from the complete population of recorded sales invoices, but some physical representations are not so easy to assess for the completeness of correspondence to their population. classical attribute sampling: sampling in which a sampling unit is the same thing as an invoice or population unit
physical representation of the population: the auditor’s frame of reference for selecting a sample, for example, a journal listing of recorded sales invoices
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
517
These issues are not changed much whether the records are in electronic or hard-copy form. Electronic records are usually based on the design of an originating hard copy. Hence sampling an electronic population is not that different from sampling a hard-copy population. Of course, it is much easier to read through and summarize an electronic population, so 100% exams are more common in an information technology (IT) audit environment. However, at some point auditors need to reconcile the electronic records with facts in the real world. It is this more time-consuming reconciliation process with other information that largely makes sampling relevant in an IT audit.
The Procedures LO5b
Demonstrate some basic audit sampling calculations.
The next three performance steps represent the phase of evidence collection of the sampling method. These steps are performed to obtain the evidence.
Determine the Sample Size Sample size—the number of population units to audit—should be determined thoughtfully. Some auditors operate on the “magic number theory” (e.g., select 30, because that is what we have always used on this audit). But a magic number may not provide enough evidence or it may be too large a sample. Auditors must consider four influences on sample size: sampling risk, tolerable deviation rate, expected population deviation rate, and population size.
Sampling Risk (CAS 530.05)
Effectiveness risk and efficiency risk are the two major categories of sampling risk. Sampling risk is defined as the probability that a conclusion based on the audit of a sample might be different from a conclusion based on an audit of the entire population. In other words, when using evidence from a sample for testing controls, an auditor might decide that (1) control risk is very low when, in fact, it is not (i.e., an effectiveness risk error), or (2) control risk is very high when, in fact, it is not so bad (i.e., an efficiency risk error). The more you know about a population (from a larger sample), the less likely you are to reach a wrong conclusion, or the lower the sampling risk will be of making either of the two decision errors. More will be said about these risks in the section on evaluation. In terms of our example, the important sampling risk is the probability that the sample will reveal few or no recorded sales invoices without supporting shipping orders when, in fact, the population contains many such deviations. This result would lead to the erroneous conclusion that the control worked well. Auditing a larger sample reduces the probability of finding few deviations when many exist. Thus, sample size varies inversely with the amount of sampling risk an auditor is willing to take. We will illustrate with calculations after covering some more concepts.
Tolerable Deviation Rate (CAS 530.05)
Auditors should have an idea of how rates of deviation in the population correspond to control risk assessments. Perfect control compliance is not necessary, so the question is rather what rate of deviation in the population signals control risk of 10%, 20%, or 30%, and so forth, up to 100%. Suppose an auditor believes that $90,000 of sales invoices could contain control deviations without causing a minimum material misstatement in the sales and accounts receivable balances. If the total gross sales are $8.5 million, this judgment implies a tolerable deviation rate of about 1% ($90,000/$8.5 million). Since this 1% rate marks the minimum material misstatement, it indicates a low control risk (say, 0.05), and it justifies a great deal of reliance on internal control in the audit of the sales and accounts receivable balances. evidence collection: steps 4, 5, and 6 of the sampling method, which are performed to get the evidence
tolerable deviation rate: the rate of deviation that can exist without causing a minimum material misstatement in a test of controls procedure
WWW.TEX-CETERA.COM
518
PART 2
Basic Auditing Concepts and Techniques
However, there can be more than one tolerable deviation rate. Each successively higher rate is associated with a higher control risk. Continuing with our example, higher tolerable deviation rates could be associated with higher control risks as follows:7 DEVIATION RATE (%)
CONTROL RISK
1
0.05
2
0.10
4
0.20
6
0.30
8
0.40
10
0.50
12
0.60
14
0.70
16
0.80
18
0.90
20
1.00
Since sample size varies inversely with the tolerable deviation rate, the auditor who wants to assess control risk at 0.05 (tolerable rate = 1%) will need to audit a larger sample of sales transactions than another auditor who is willing to assess control risk at 0.40 (tolerable rate = 8%). The desired control risk level and its tolerable rate are a matter of auditor choice. The tolerable rate is not a fixed rate until the auditor decides what control risk assessment suits the audit plan, at which point it becomes a decision criterion involved in the sampling application. Some auditors express the tolerable rate as a number (necessary for statistical calculation of sample size), while others do not put a number on it. Appendix 10B contains more explanation about determining various tolerable rates.
Expected Population Deviation Rate (CAS 530, Appendix 2)
Auditors usually know of or suspect some control performance conditions. They could have last year’s audit experience with the client or information from a predecessor auditor, which informs them about the client’s personnel, working conditions, and general control environment. This knowledge contributes to an expectation about the population deviation rate, an estimate of the ratio of the number of expected deviations to population size. If there was a 1% deviation in last year’s audit, this year’s expected rate could be 1% as well. Auditors can also stipulate a zero expected deviation rate, which will produce a minimum sample size for the audit. The reason for using an expected error rate greater than zero is solely for the purpose of reducing efficiency risk over its range. Some accounting firms as a matter of policy use an expected rate of zero errors in budgeting for an audit. The rationale is that auditees should pay extra if the audit is less efficient as a result of finding some errors. From a common-sense perspective, the expected rate of deviation must be less than the tolerable rate, as there would be no reason to perform any test of controls if the auditor expected to find more error than the tolerable amount. Also, the closer the expected rate is to the tolerable rate, the larger is the sample needed to reach a conclusion that deviations do not exceed the tolerable rate. Thus, sample size varies directly with the expected deviation rate. Some auditors will express the expected rate as a number (necessary for statistical calculations of sample size), while others will not put a number on it. expectation about the population deviation rate: an estimate of the ratio of the number of expected deviations to population size
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
519
The simplified approach we use in this chapter to illustrate the calculations does not quantify the expected population deviation—effectively, the expected rate is zero. This expected error rate results in use of the smallest statistical sample sizes possible, consistent with auditor effectiveness risk and materiality objectives. Some auditors use these smallest statistical sample sizes as a guide to the minimal amount of testing even for non-statistical sampling (e.g., see AICPA, “Audit Sampling Guide,” May 1, 2008, edition, p. 34). Statistical sample size calculations can, thus, be an important guide in all audit sampling situations (CAS 530). The application case in Appendix 10B shows that the primary purpose of quantifying the expected deviation rate is to control the efficiency risk. Appendix 10B explains how to work with non-zero expected population deviation rates.
Population Size Common sense probably tells you that samples should be larger for bigger populations (a direct relationship). While your common sense is accurate, practically speaking, the appropriate sample size for a population of 100,000 units may be only two or three sampling units larger than that for a 10,000-unit population. Not much difference! By using the same calculation for both populations, your sample size for the 10,000 population is proportionally bigger, and thus more conservative. The general principle is that if you use the simplified formulas for very large populations, you end up with slightly conservative results. Many practising auditors find this trade-off worthwhile. The four influences on sample size in this section, and summarized in Exhibit 10–8, are applicable to both statistical and non-statistical sampling. Calculating Sample Size
The preceding discussion of sample size determinants gives you a general understanding of the four influences on sample size. Next, we consider a simplified way of calculating sample sizes with a brief overview of basic formulas and tables used in statistical auditing. Some basic formulas provide an overview of the most fundamental mechanics of statistical auditing. Two key points at which the formulas and tables are used in statistical sampling are (1) sample-size planning and (2) sample evaluation. With the commonly used approach of monetary-unit sampling (MUS), the same formula and table can be applied to both tests of controls and substantive tests of balances. MUS is common because it is effective, efficient, and the easiest approach to use. MUS can be used for control tests either with MUS selection or with physical representation of a population of transactions. EXHIBIT 10–8
Sample-Size Relationships: Test of Controls Auditing PREDETERMINED SAMPLE SIZE WILL BE SAMPLE-SIZE INFLUENCE
HIGH RATE OR LARGE POPULATION
LOW RATE OR SMALL POPULATION
SAMPLE-SIZE RELATIONSHIP
1. Acceptable sampling risk
Smaller
Larger
Inverse
2. Tolerable deviation rate
Smaller
Larger
Inverse
3. Expected population deviation rate
Larger**
Smaller
Direct
4. Population
Larger*
Smaller*
Direct
*The effect on sample size is quite small for a population of 1,000 or more. **The effect of this is explained in Appendix 10B. Many auditors do not quantify the expected rate because it relates to the less serious efficiency risk control, not the more serious effectiveness risk, as discussed earlier this chapter.
monetary-unit sampling (MUS): a modified form of attributes sampling that permits auditors to reach conclusions about monetary amounts as well as compliance deviations
WWW.TEX-CETERA.COM
520
PART 2
Basic Auditing Concepts and Techniques
We begin by illustrating the use of MUS formulas in sample-size planning for tests of control. The following discussion is based on the R value table given in Appendix 10A and uses the formula R = nP; R is the value from the table in Appendix 10A; n is the sample size; and P stands for the precision, or accuracy, desired for the statistical test. Note that this table gives a unique R value for each combination of K (number of errors) and confidence level. Since, as explained in Appendix 10B, MUS uses the negative approach, confidence level = one minus effectiveness risk. Therefore, the auditor controls effectiveness risk with MUS by picking the appropriate confidence level. Selection of the K value influences the efficiency risk. Specifically, the higher the K value used, the lower is the efficiency risk over much of the range of possible immaterial misstatements. With a valid MUS sample size the efficiency risk is always controlled at zero when there are no errors. For planning audit sample sizes using the basic equation R = nP and solving for n, we get the equation n = R/P. This equation for n summarizes the key factors affecting the sufficiency of audit evidence: the relationship between confidence level (R value), materiality (P value), and the extent of audit testing (sample size n). That is, the amount of audit work is directly proportional to the confidence level and inversely proportional to the materiality level used. For tests of controls and substantive tests, solve for n (as above) in the formula R = nP, where R = CLRK is a confidence-level (CL) factor that is unique for each combination of CL and K from the table of values for R given in Appendix 10A. P is based on overall materiality or specific materiality, as discussed in CAS 320 and Chapter 5. With non-MUS models, sometimes the overall or specific materiality is adjusted lower in sample planning, thereby creating the performance materiality concept of CAS 320 and the tolerable misstatement concept of CAS 530.A3. For tests of controls, a further complication is created by the need to link control deviation rates to the adjusted materiality, as discussed above. This is likely why CAS 530.05 introduces the tolerable rate of deviation and distinguishes it from tolerable misstatement. The tolerable rate of deviation is represented as a rate or proportion. The auditor must use professional judgment in specifying K, CL, and planned P. The effects of these various decisions on sample size are summarized in Exhibit 10–8. Using these concepts results in the simplified approach described in this section. P is the amount, as a rate, that the auditor considers the tolerable rate of deviation for the population being tested. When being set, it has to take into consideration the additive effect of errors in other accounting populations representing other balances or transaction streams. In this stage of sampling, the planned P might be an amount lower than the tolerable rate of deviation so that the auditor can reduce efficiency risk. Firm practice varies: efficiency risk can be indirectly controlled through the planned K value, the planned P value, or a combination of the two. The most common strategy is to use K = 0 and a planned P in the range of half to full tolerable rate of deviation, whichever the auditor deems more appropriate in the circumstances. We discuss these options further in Appendix 10B. Here, the calculations are simplified by assuming that planned P is set equal to the tolerable rate of deviation. This results in the smallest sample size possible for the stated confidence level and precision. This smallest sample size is used by many firms as a guide to sufficient sample sizes for all representative sampling, whether statistical or non-statistical (e.g., see AICPA, “Audit Sampling Guide,” May 1, 2008, edition, p. 34). These properties are illustrated in the Application Case of Appendix 10B. In the formula CL = 1 − effectiveness risk, effectiveness risk is the risk that the test will fail to detect a tolerable rate of deviation when it exists—the risk of incorrect acceptance (RIA). Efficiency risk is the risk of concluding that there is a material misstatement when, in fact, the misstatements are immaterial—the risk of incorrect rejection (RIR). To illustrate the calculations using the table of R values in Appendix 10A, let us assume the auditor wants a confidence level of 95%; uses K = 0 to make the sample planning as simple as possible (this results in the smallest sample size for the planned confidence level); and sets planned P so that it equals the tolerable deviation rate, which we assume here is 0.05, so planned P = 0.05. Using our formula n = R/P and the table, you should get the following results: n = 3.0/0.05 = 60, so that your planned sample size, given these objectives, is 60. We will use this sample size to evaluate the sample results a little further on. Working with tables based on the above formulas will minimize the use of formulas. For example, the simplified table titled “Table to Determine Sample Sizes for Tests of Control Using the Monetary-Unit Sampling
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
521
Approach” in Appendix 10A is constructed using the calculations with formulas in the preceding paragraph. A table is usually based on some formula or algorithm. When using such a table, the auditor only needs to identify the required effectiveness risk (= 1 − CL) and tolerable deviation rate. In constructing the table, the expected error rate is zero (K = 0), thereby leading to the smallest sample size possible for the stated confidence level and tolerable rate. This table is restricted to the most common effectiveness risk levels of 0.10 and 0.05 and the most commonly used tolerable deviation rates. Thus, the table is quite small. To figure out the sample size, the auditor looks up the number in the table that is at the intersection of the desired effectiveness risk and tolerable rate. Using a desired effectiveness risk of 0.05 (or, equivalently, a desired confidence level of 0.95) and a tolerable rate for tests of controls of 0.05, the table gives 60 as the desired sample size. The same size sample could have been calculated using the formula. Your instructor will indicate to you which approach is to be used in your course.
A Note on Testing of Controls for Audits of Internal Control Statements Section 404 of the U.S. Sarbanes-Oxley Act (SOX) introduced a requirement for management to prepare internal control statements and have them audited. This requirement led to the Public Company Accounting Oversight Board’s (PCAOB’s) Auditing Standard No. 2. What does testing of controls mean in this new context? First, internal control statements focus on company-level control objectives such as “tone at the top,” corporate codes of conduct, and corporate governance in general. Second, the focus is on the design of internal control at a specific point in time. Third, auditors need to utilize an authoritative framework for evaluating the design. For example, the PCAOB requires that the following be considered as part of the framework of suitable internal control criteria for the purpose of reporting on internal control: control environment, risk assessment, control activities, information and communication, and monitoring. This chapter stresses testing of detailed control activities.
Select the Sample Auditing standards express two requirements for samples: (1) Sampling units must be selected from the population an audit conclusion will apply to, ideally from transactions executed throughout the period under audit, and (2) a sample must be representative of the population it is drawn from. Thus, a sample mirrors the characteristics of the population, but auditors cannot guarantee its representativeness. After all, that is what sampling risk is all about—the probability that the sample might not mirror the population well enough. Auditors can try to attain representativeness by selecting random samples—each unit in the population has an equal probability of being included in the sample. Intentionally or accidentally excluding a segment of a population can render a sample non-representative. Random samples are often selected by assigning a number to each population unit (sometimes the units are prenumbered forms) and then choosing a selection of random numbers to make up the sample. A printed random number table (one is provided in Appendix 10A) or a computerized random number generator, such as the @RAND function in Microsoft Excel, will generate a list of random numbers. This method is known as unrestricted random selection. Systematic random selection is another popular method. It is especially popular with MUS. To use it, the population size and a predetermined sample size are needed. A random starting place in the physical representation (list of sales invoices recorded in a sales journal, for example) is chosen, and then every Kth unit is selected, where the value for K is population size divided by sample size. For example, if 10,000 invoices, numbered from 32071 to 42070, were issued and you want a sample of 200, first randomly choose a starting place, say invoice unrestricted random selection: using a printed random number table or computerized random number generator to obtain a list of random numbers
systematic random selection: using a predetermined population and sample size and random starting places
WWW.TEX-CETERA.COM
522
PART 2
Basic Auditing Concepts and Techniques
35000, and then select every Kth = 10,000 ÷ 200 = 50th invoice. So, the next invoice would be 35050, then 35100, then 35150, and so on. If the end of the list is reached before 200 are selected, cycle back to the sequence beginning invoice, 32071, and continue. Most systematic samples are selected using five or more random starts in the population. MUS can use systematic sampling as just described or work with the dollar value of the transactions processed instead. The population size is then the monetary value of the population. For example, assume the 10,000 invoices had a total value of $10,000,000; then the sampling interval would be $50,000; that is, select every 50,000th dollar. This means finding the invoice associated with that dollar and continuing as previously described. With sample selection there is a critical distinction between statistical and non-statistical audit sampling. In statistical sampling evaluation, the sample must be random, while in non-statistical plans, auditors sometimes use sample selection methods where randomness and representativeness cannot easily be evaluated. Haphazard selection refers to any unsystematic way of selecting sample units, for example, closing your eyes and dipping into a file drawer of sales invoices to pick items. You may pick only the crumpled ones that stick out, and they may be different from most of the other invoices in the drawer. Also, your method cannot be described so that someone can replicate it. Some auditors describe haphazard sampling as choosing items without any special reason for including or excluding items, thus obtaining a representative sample. However, because it is hard to document and impossible to replicate, haphazard selection should be considered only as a last resort. Block sampling is the practice of choosing segments of contiguous transactions, for example, choosing the sales invoices processed on randomly chosen days, say February 3, July 17, and September 29. Implicitly, the block-sampling auditor has defined the population unit as a business day (260 to 365 of them in a year) and has selected three—not much of a sample. Block sampling is undesirable because it is hard to get a representative sample of blocks efficiently; having enough blocks means there is a huge number of invoices to audit for compliance. Some auditors try to get the best of both worlds and use statistical sampling formulas to determine the sample size (as explained above), but combine this with haphazard selection, which is commonly used in auditing. Sample sizes determined using the formulas are frequently much smaller than your intuition would suggest. See the Application Case at the end of this chapter. This helps explain the initial popularity of statistical sampling—it greatly reduced audit work! However, these formulas are valid only with random selection or close approximations to random selection. Haphazard sampling is intended to be representative of a population, but rigorous random or systematic selection is not used. Thus, the probability of selecting a particular item becomes unpredictable. Research by Hall and Herron illustrates one source of such unpredictability: bias due to non-sampling errors.8 Specifically, judgmental biases arise from items that stand out or draw attention (brightly coloured items, large items, isolated items of inventory or files) or items that are easier to access. When auditors use haphazard sampling they should be trained in de-biasing procedures if they want this type of evidence to be acceptable in court. Otherwise, the auditor must be prepared to non-statistically sample a very large proportion of the population (30% or more). For example, in many practical situations, the auditor would need to test about 10 times as many items as the sample size formulas with true random selection indicate. That is quite a penalty to pay for not using true random selection! This illustrates another advantage of the more formal statistical sampling—potentially smaller amounts of testing can result, as documented by Hall and Herron’s article. haphazard selection: an unsystematic way of selecting sample units
replicate: reperform a selection procedure and get the same sample units
representative sample: a sample that mirrors the characteristics of the population being studied
block sampling: choosing segments of contiguous transactions; undesirable because it is hard to get a representative sample efficiently
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
523
Another practical reason auditors would want to use statistical sampling is that it allows an objective measure of the sampling risk, specifically, the risk of failing to detect a material misstatement (effectiveness risk). Statistical sampling allows calculation of a measurable risk that an auditor is taking in the testing process. The disadvantage of this is the extra training required to use statistical methods properly. Auditors have been deterred by the training costs associated with using statistics, but the Hall and Herron article shows that it is just as important to get training in correctly applying non-statistical representative sampling! Failure to do so puts the auditor at risk of not properly applying audit procedures.
Perform the Control Tests An internal control program consists of procedures designed to produce evidence about the effectiveness of a client’s internal control performance, and now you are ready to obtain the evidence. The control tests are explained in Chapter 8.
Review Checkpoints 10-30 Why can poor controls over the existence of sales result in an overstated accounts receivable balance at year-end? 10-31 In control testing, why is it necessary to define a compliance deviation in advance? Give seven examples of compliance deviations. 10-32 Which judgments must an auditor make when deciding on a sample size? 10-33 Describe the influence of each judgment on sample size. 10-34 Name and describe four sample selection methods.
The Evidence LO5c
Evaluate evidence from control testing.
The final step is evidence evaluation of the sampling method. First, you determined whether each specified key control procedure worked satisfactorily. Then you gathered relevant compliance evidence. Now you need to evaluate the evidence and make justifiable decisions about the control risk.
Evaluate the Evidence Test of controls audit sampling provides evidence of whether a client’s internal control procedures are being followed satisfactorily. Compliance evidence, therefore, is very important for the conclusion about control risk. When auditors evaluate sample-based compliance evidence, there are two sampling risk decision errors they might make: assessing the control risk too low or assessing it too high. The risk of assessing the control risk too low is the probability that the compliance evidence in the sample indicates low control risk when the actual (but unknown) degree of compliance justifies a higher control risk assessment. This can lead to failure to do the necessary additional work and threatens the effectiveness of the audit. This is the effectiveness risk for tests of
evidence evaluation: the final step of the sampling method; to evaluate the evidence and make justifiable decisions about the control risk
risk of assessing the control risk too low: the probability that the compliance evidence in the sample indicates low control risk when the actual (but unknown) degree of compliance justifies a higher control risk assessment
WWW.TEX-CETERA.COM
524
PART 2
Basic Auditing Concepts and Techniques
controls. On the other hand, the risk of assessing the control risk too high is the probability that the control test evidence in the sample indicates high control risk when the actual (but unknown) degree of compliance justifies a lower control risk assessment. This is the efficiency risk for tests of controls. Assessing the control risk too high triggers more audit work than was planned and threatens the efficiency of the audit. Audit efficiency is important, but audit effectiveness is more important. For this reason, auditing standards require only a low risk of assessing the control risk too low, especially when this decision error could cause an auditor to do significantly less work on the related account balances. These risks and decisions are illustrated in Exhibit 10–9. Keeping these risks in mind, evaluating evidence includes calculating the sample deviation rate, comparing it with the tolerable rate, and following up all the deviations discovered.
Superseded Terminology: Overreliance and Underreliance Several years ago, professional terminology was changed from “reliance on control” to “assessment of control risk.” However, old habits die hard, and you will probably still encounter these uses of control terminology: Overreliance is the result of realizing the risk of assessing control risk too low. If auditors think control risk is low when in fact it is higher, they will over-rely on internal control and restrict other audit procedures when they should actually perform more work. Overreliance is the same as effectiveness risk of tests of controls. Underreliance is the result of realizing the risk of assessing control risk too high. If auditors think control risk is high when in fact it is lower, they will under-rely on internal control and perform more audit work when less work would suffice. Underreliance risk is the same as efficiency risk of tests of controls.
Calculate the Sample Deviation Rate
The first piece of hard evidence is the sample deviation rate. Suppose an auditor selected 60 recorded sales invoices and vouched them to shipping orders (bills of lading), finding one without shipping orders. The sample deviation rate is 1/60 = 1.7%. This is the best single-point estimate of the actual, but unknown, deviation rate in the population. However, you cannot say that the deviation rate in the population is exactly 1.7%. Chances are the sample is not exactly representative; the actual but unknown population deviation rate could be lower or higher.
Judge the Deviation Rate in Relation to the Tolerable Rate and the Risk of Assessing the Control Risk Too Low Suppose the auditor in the example believed the tolerable rate was 5% (same as in planning above), justifying a control risk assessment of CR = 0.40. In a non-statistical sampling case, this auditor is supposed to think of the sample deviation rate (1.7%) in relation to the tolerable rate (5%), and about the EXHIBIT 10–9
The Test of Controls Audit Sampling Decision Matrix SAMPLE POPULATION DEVIATION RATE ACTUAL STATE OF INTERNAL CONTROLS (ACTUAL POPULATION DEVIATION RATE)
LESS THAN TOLERABLE RATE
GREATER THAN TOLERABLE RATE
The deviation rate is less than the tolerable rate, so the control is performed satisfactorily.
Correct decision
Control risk too high decision error (efficiency risk for tests of controls)
The deviation rate is greater than the tolerable rate, so the control is not performed satisfactorily.
Control risk too low decision error (effectiveness risk for tests of controls)
Correct decision
risk of assessing the control risk too high: the probability that the compliance evidence in the sample indicates high control risk when the actual (but unknown) degree of compliance would justify a lower control risk assessment
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
525
risk (of assessing control risk too low) that the actual, but unknown, deviation rate in the population exceeds 8%. The decision in this case depends on the auditor’s experience and expertise. The non-statistical auditor might conclude that the population deviation rate is probably 8% because the sample deviation rate of 1.7% is so much lower. The CPA Canada Handbook guideline AuG-41, paragraph 42, suggests this logic. AuG-41 does not assume that the auditor is using statistical sampling. However, it must assume that the auditor used a minimal sample size as determined by a statistical formula, because the population is always rejected statistically when the sample size is too small (this happens because efficiency risk is larger than planned, and to get it smaller requires a larger sample). If too small a sample size is selected, the statistical formulas always reject, even if no errors are found.
Sample Evaluation Things are more explainable, in text, with a quantitative model, such as statistical sample evaluation, which explains why statistical sampling is more popular. Sample evaluation essentially involves solving for P in the formula R = nP so that P = R/n. When P is calculated in this way it is referred to as achieved P, or the achieved UEL (upper error limit). Achieved P is calculated after the sample has been taken and the results are known. This means that the number of errors (K) detected by the sample is already known, the confidence level (CL = 1 − effectiveness risk) is known, and the sample size taken is already known. Thus, we can solve for achieved UEL = achieved P = R/n, where R = CLRK, CL is the specified confidence level, and K is the number of errors found in the sample (not the number expected, as in sample-size planning). The auditor establishes decision criteria by first assigning a number to the risk of assessing the control risk too low, say 5%, and then assigning a number to the tolerable rate, say 5%. A statistical table is then used to calculate a sampling error–adjusted upper limit, which is the sample deviation rate adjusted upward to allow for the idea that the actual population rate could be higher. In this example, the adjusted limit, the UEL, can be calculated as 5%. This is obtained with the MUS formula and table by solving for achieved precision (achieved P) as follows: achieved P = R/n using K = 1 (number of errors actually found in the sample) to get the R value with K = 1 and 95% CL (effectiveness risk = 0.05), which is R = 4.75. Now calculate the achieved P = R/n = 4.75/60 = 0.08. The statistical decision rule is based on comparing the 0.08 to tolerable (0.05). This finding means “the probability is more than 5% that the actual but unknown population deviation rate is greater than 5%.” The decision criterion was “the actual but unknown population deviation rate needs to be 5% or lower, with 5% risk of assessing the control risk too low.” So, the decision criterion is not satisfied, and the control risk assessment (0.40) associated with the 5% tolerable rate cannot be justified.9 From a critical thinking perspective, this justification step uses statistical theory to support the conclusion. Many would view such a conclusion as better supported than one based on non-statistical sampling. One of the advantages of statistical auditing is that it makes sample evaluation less ambiguous, as is illustrated next. The 0.08 is the maximum error at the specified confidence level (0.95). This is then compared with what is material or tolerable. The basic rule is that, if achieved P, or UEL, is greater than material or tolerable, reject the population—otherwise, accept it. Compare this rule with AuG-41, paragraph 42, and note that this MUS rule is less ambiguous. In the case of tests of controls, rejection of the population is equivalent to assessing control risk as high; that is, there is no (or reduced) reliance on controls. As in sample planning, the use of appropriate tables eliminates the need for the formulas. For example, Appendix 10A has tables titled “Table to Evaluate Sample Results for Tests of Controls.” These tables provide for two widely used confidence levels: 95% and 90%, the equivalent to planned effectiveness risk levels of 5% and 10%, respectively. The table values are the interaction of sample sizes (left-hand column) and number of errors. In our illustration, we use 0.05 effectiveness risk (= 1 − 95% CL) and a sample size of 100 to get a UEL of 7% (rounded up) for this confidence level. This conservative UEL of 7% can be interpreted as the maximum error rate at 95% CL. The decision rule is to accept reliance on the controls (or accept the population) if the UEL is less than tolerable; otherwise, reject or reduce reliance (or reject the population error as unacceptable). This result is more conservative (higher UEL) than in the paragraph above, but done with tables, not formulas. You can get a more accurate value of 6.3% by dividing the R value at the top (6.3) by the sample size (100). Your instructor will tell you which approach to use in your course.
WWW.TEX-CETERA.COM
526
PART 2
Basic Auditing Concepts and Techniques
Achieved P can always be interpreted as the maximum error rate for the specified CL. There are additional complications for substantive testing, but these formulas are the only thing necessary for a conceptual understanding. These formulas or tables of MUS are so simple and so effective that they are now the most widely used in audit practice. MUS is also so widely used because taking an appropriate sample does not require advance knowledge of the recorded amount of the population, as the other statistical approaches do. This makes MUS particularly appropriate for audits involving continuous, online, real-time reporting of sales and purchases as might be demanded in e-commerce audits. This is further explained in Appendix 10B.
Follow Up All Deviations
The evaluation described so far has been mostly quantitative in nature, involving counts of deviations, deviation rates and tolerable rate, and risk judgment criteria. Qualitative evaluation through determining the nature and cause of the deviations is also necessary. A single deviation can be the tip of the iceberg—a sign of pervasive deficiency. Auditors are obligated by the standard of due audit care to investigate known deviations so that nothing important will be overlooked. Qualitative evaluation is sometimes called error analysis because each deviation from a prescribed control procedure is investigated to determine its nature, cause, and probable effect on financial statements. The analysis is essentially judgmental and involves a decision on whether the deviation is (1) a pervasive error in principle affecting all like transactions or just the one, (2) a deliberate control breakdown or unintentional, (3) a result of misunderstood instructions or careless inattention to control duties, or (4) directly or remotely related to a money amount measurement in the financial statements. Clearly, different qualitative perceptions of the seriousness of a deviation result from error analysis findings. When the decision criteria are not satisfied and the preliminary conclusion is that the control risk is high, the auditors need to decide what to do next. The deviation follow-up can lead to more account balance audit work by making changes to the nature, timing, and extent of other audit procedures. If you suspect the sampling results overstate the actual population deviation rate (i.e., that efficiency risk is occurring), you can perform the control tests on more sample units in hopes of deciding that the control risk is actually lower. However, when faced with the preliminary “non-reliance” decision, you should never manipulate the quantitative evaluation by raising the tolerable rate or setting the risk of assessing the control risk too low. Supposedly, these two decision criteria were carefully determined in the planning stage, and only new information is a good basis for easing them.
Timing of Test of Controls Audit Procedures Earlier, you learned that auditors can perform the control testing at an interim date—a date before the client’s year-end. When control testing is early, an audit manager must decide what to do about the remaining period (e.g., the period October through December after doing test of controls auditing in September for a December 31 year-end audit). The decision turns on several factors: (1) the results of the work at interim might, for example, indicate poor control performance and high control risk, (2) inquiries made after interim may show that a particular control procedure has been abandoned or improved, (3) the length of the remaining period may be short enough to forgo additional work or long enough to suggest a need for continuing the test of controls audit, (4) the dollar amounts affected by the control procedure may have been much larger or much smaller than before, (5) evidence obtained about control as a by-product of performing substantive procedures for the remaining period may show enough about control performance that separate work on this is unnecessary, or (6) work performed by the company’s internal auditors may be relied on for the remaining period. error analysis: qualitative evaluation of control risk
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
527
Depending on these circumstances, an auditor can decide to (1) continue the test of controls because knowledge of control performance is necessary to justify restriction of other audit work or (2) stop further test of controls audit work because (a) there is enough evidence derived from other procedures or (b) information shows the control has failed, control risk is high, and other work will not be restricted. Whatever the judgment, audit effectiveness and efficiency should always be uppermost in the auditor’s mind.
Review Checkpoints 10-35 In test of controls auditing, why should auditors be more concerned with the risk of assessing the control risk too low than with that of assessing it too high? 10-36 What important decision must be made when test of controls auditing is performed and control risk is evaluated at an interim date several weeks or months before the client’s fiscal year-end?
Substantive Procedures for Auditing Account Balances LO6
Develop a simple audit program for an account balance, considering the influences of risk and tolerable misstatement.
When audit sampling is used for auditing the assertions in account balances, the monetary amount of the population units is the main interest, not the presence or absence of control deviations, as is the case with attribute sampling. Substantive tests of details auditing are done to obtain direct evidence about the dollar amounts and disclosures in the financial statements. Substantive-purpose procedures include analytical procedures and test (audit) of details of transactions and balances. Analytical procedures involve overall comparisons of account balances with prior balances, financial relationships, non-financial information, budgeted or forecast balances, and balances derived from estimates calculated by auditors (refer to the discussion of analytical procedures in Chapter 8). Analytical procedures are not usually applied on a sample basis. So, substantive procedures for auditing details are the normal procedures used in account balance audit sampling.
Risk Model Expansion Up to now you have worked with a conceptual risk model that included detection risk (DR). Detection risk is actually a combination of two risks: analytical procedures risk (APR) is the probability that analytical procedures will fail to detect material errors, and the risk of incorrect acceptance (RIA) is the probability that testof-detail procedures will fail to detect material errors. The two types of procedures are considered independent, so detection risk is DR = APR × RIA, and the expanded risk model is AR = IR × CR × APR × RIA substantive tests of details auditing: procedures to obtain direct evidence about the dollar amounts and disclosures in the financial statements
analytical procedures risk: the risk that analytical procedures will fail to detect material misstatements (effectiveness risk associated with analytical procedures risk)
risk of incorrect acceptance: the decision to accept a balance as being materially accurate when the balance is materially misstated
WWW.TEX-CETERA.COM
528
PART 2
Basic Auditing Concepts and Techniques
This model is still a conceptual tool. It can now be used to help you understand some elements of sampling for auditing the details of account balances. First, recognize that auditors exercise professional judgment in assessing the inherent risk (IR), control risk (CR), analytical procedures risk (APR), and audit risk (AR). If these four risks are given, you can then manipulate the model to express the risk of incorrect acceptance: AR RIA = _______________ IR × CR × APR With AR, IR, and APR held constant, RIA varies inversely with CR, that is, the higher the assessed CR, the lower the planned RIA, and vice versa. Furthermore, this is also true of the risk of material misstatement (RMM) concept of CAS 530, since RMM = IR × CR.
More about Sampling Risk Substantive-purpose procedures produce the evidence enabling an auditor to decide whether an account balance is materially in conformity with GAAP. Thus, auditors run the sampling risks of making one of two decision errors. The risk of incorrect acceptance represents the decision to accept a balance as being materially accurate when, in fact (unknown to the auditor), the balance is materially misstated. This is the effectiveness risk for a substantive test. The other decision error risk, the risk of incorrect rejection, represents the decision that a balance is materially misstated when, in fact, it is not. This is the efficiency risk for a substantive test. These sampling risk relationships are shown in Exhibit 10–10.
Incorrect Acceptance (Effectiveness Risk) The risk of incorrect acceptance is considered the more important of the two decision error risks. When an auditor decides an account book balance is materially accurate (hence, needs no adjustment), the audit work on that account is considered finished, the decision is documented in the working papers, and the audit team proceeds to work on other accounts. If the account is, in fact, materially misstated, an unmodified opinion on the financial statements is unwarranted and the effectiveness of the audit is damaged.
Incorrect Rejection (Efficiency Risk) When an auditor decides an account book balance is materially misstated, more audit work is performed to determine the adjustment. The risk is that the book balance really is a materially accurate representation of the (unknown) actual value, and the audit manager may recommend an unnecessary adjustment. Incorrect rejection is not as serious as incorrect acceptance. When auditors first begin to think a balance may contain a material misstatement, they try to determine why this occurred. To estimate the amount, more EXHIBIT 10–10
The Account Balance Audit Sampling Decision Matrix AUDIT DECISION ALTERNATIVES (BASED ON SAMPLE EVIDENCE)
UNKNOWN ACTUAL ACCOUNT BALANCE IS Materially* accurate
Materially misstated
The book value of the account is materially accurate.
Correct decision
Incorrect acceptance
The book value of the account is materially misstated.
Incorrect rejection
Correct decision
*“Materially” in this context refers to the “material misstatement” assigned to the account balance. It is either the overall materiality or the specific materiality discussed in Chapter 5.
risk of incorrect rejection: the decision to accept a balance as being materially misstated when it is not
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
529
evidence will be sought. The data will be reviewed for a source of systematic error, and the amounts of errors will be analyzed carefully. Client personnel may do a complete analysis to determine a more accurate account balance. If the initial decision was, in fact, an incorrect rejection, this other work allows the auditors to decide if the recorded amount is really misstated or the sample was not representative. Hence, steps will be taken to determine the amount of error, and there is a chance for the error to be reversed. Incorrect rejection can affect the efficiency of an audit by causing unnecessary work.
Materiality and Tolerable Misstatement Determining a threshold for the materiality of misstatements in financial statements is a tough problem under any circumstances. Audit sampling for substantive audits of particular account balances adds another wrinkle. Auditors must also decide on an amount of material misstatement—a judgment of the amount of monetary misstatement that may exist in an account balance or class of transactions. As discussed in Chapter 4, this materiality may be the overall materiality or the specific materiality of CAS 320 in Chapter 5. In MUS, these are the only materialities needed, as explained in the discussion case of Appendix 10B. Note that both of these materialities relate directly to user needs. In other words, MUS does not need to consider the complications introduced by the performance materiality concept of CAS 320.09 or the related tolerable misstatement concept of 530.A3 based on performance materiality. These concepts are needed by other statistical models, not MUS. The use of these concepts in CAS 530 illustrates the impact of using the variety of quantitative models that are possible in statistical sampling. It all depends on which one is being used for a particular line item in the financial statements that the population represents. When you see the word materiality or material in this book, henceforth, it refers to user-needs materiality. This is a key audit planning judgment. The way we use the term, therefore, is not an artifact of the statistical model. Audit risk, therefore, is the risk that all the audit work on an account balance will not reveal a user-needs material misstatement. This concept is further discussed in Appendix 10B. In this stage of sampling, the planned P might be an amount lower than the overall or specific materiality of Chapter 5, so that the auditor can reduce efficiency risk. Firm practice varies: efficiency risk can be indirectly controlled through the planned K value, the planned P value, or a combination of the two. The most common strategy is to use K = 0 and a planned P in the range of half to full overall or specific materiality, whichever the auditor judges more appropriate in the circumstances. We discuss these options further in Appendix 10B. Here, the calculations are simplified by assuming that planned P is set equal to overall or specific materiality.
Sampling Steps for an Account Balance Audit Sampling for the audit of account balances is similar to the steps of test of controls audit sampling. An example related to auditing receivables illustrates these steps; test of controls sampling was illustrated with the audit of a control procedure for sales invoices. This work can produce independent evidence of sales overstatement resulting from a breakdown of the control or other causes. The seven-step framework helps auditors plan, perform, and evaluate account balance detail audit work. It also helps auditors accomplish an eighth step—careful documentation of the work—by showing each of the seven areas to be described in the working papers. The first seven steps are as follows: 1.
Specify the audit objectives.
2.
Define the population.
3.
Choose an audit sampling method.
4.
Determine the sample size.
WWW.TEX-CETERA.COM
530
PART 2
Basic Auditing Concepts and Techniques
5.
Select the sample.
6.
Perform the substantive-purpose procedures.
7.
Evaluate the evidence.
Plan the Procedures LO6a
Specify objectives and a population of data.
The three planning steps are the problem recognition phase of the sampling method. When a client presents the financial statements, they might make the following assertions: the trade accounts receivable exist (existence) and are bona fide obligations owed to the company (ownership); all the accounts receivable are recorded (completeness); they are stated at net realizable value (valuation); and they are properly classified as current assets, presented, and disclosed in conformity with GAAP (presentation). Each assertion represents a hypothesis (problem) to be tested.
Specify the Audit Objectives When sampling to confirm accounts receivable, the specific objective is to decide whether the client’s assertions about existence, rights (ownership), and valuation are materially accurate. This auditing is hypothesis testing—the auditors hypothesize that the book value is materially accurate about existence, ownership, and valuation. The evidence will enable them to accept or reject the hypothesis. The audit objective is to determine the monetary misstatement by comparing the recorded balances to the balances found through the evidence.
Define the Population CAS 530 says that auditors must ensure that the population is appropriate for the specific objectives of the audit procedure, and that it is complete. A population of the recorded accounts receivable balances suits the objective of obtaining evidence about existence, ownership, and valuation. It also suits the related objective of obtaining evidence about sales overstatement. In the case of accounts receivable, each customer’s account balance is a population unit. If obtaining evidence about completeness and sales understatement were the objectives, the recorded accounts receivable would be the wrong population. Ordinarily, the sampling unit is the same as the population unit. Sometimes, however, it is easier to define the sampling unit as a smaller part of a population unit. For example, an auditor may want to audit samples of individual invoices for customers instead of working with each customer’s balance. Since a sample will be drawn from a physical representation of the population (e.g., a printed trial balance or computer file of customers’ accounts), the auditors must determine whether it is complete. Re-adding the trial balance and reconciling it to the control account total does this. Auditing standards (CAS 530) require auditors to use their judgment in deciding if any population units should be removed from the population and audited separately (not sampled) because sampling risk (risk of incorrect acceptance or incorrect rejection) with respect to them is not justified. Suppose, for example, the accounts receivable amounted to $400,000, but six of the customers had balances of $10,000 or more, for a sum of $100,000. The next-largest account balance is less than $10,000. If materiality is $10,000, the six accounts are considered individually significant items because each exceeds the material misstatement amount, and they should be removed from the population and audited completely.
hypothesis testing: when auditors hypothesize that the book value is materially accurate regarding existence, ownership, and valuation
individually significant items: items in account balances that exceed the material misstatement amount; in audit sampling these should be removed from the population and audited completely
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
531
In the jargon of audit sampling related to account balances, subdividing the population is known as stratification. The total population is subdivided by account balance size. For example, a small number of accounts totalling $75,000 may be the first (large balance) of, say, four strata. The remaining three strata might each contain a total of approximately $75,000 in recorded balances, but each is made up of a successively larger number of customer accounts with successively smaller account balances. Stratification can be used to increase audit efficiency (smaller total sample size). A stratification example appears in the following box, which repeats Exhibit 10–2 for your convenience.
Stratification Example—Selecting Sample Sizes The stratification below subdivides the population into a first stratum of six individually significant accounts and four other strata, each with approximately one-fourth ($75,000) of the remaining dollar balance. This is a typical situation where there is a greater number of accounts of smaller value. The example allocates 90 items to the last four strata. This is referred to as stratified sampling. When each stratum gets one-fourth of the sample size, the sample is skewed toward the higher-value accounts: the second stratum has 23 out of 80 sample items, and the fifth stratum has 23 out of 910 items. STRATUM
BOOK VALUE
1
Over $10,000
2
$625–$9,999
3 4 5
$1–$164
NUMBER
AMOUNT
SAMPLE
6
$100,000
6
80
75,068
23
$344–$624
168
75,008
22
$165–$343
342
75,412
22
910
74,512
23
1,506
$400,000
96
This stratification deals with a normal situation in which the variability of the account balances and errors in them tend to be larger in the high-value accounts than in the low-value accounts. As a consequence, the sample includes a larger proportion of the high-value accounts (23/80) and a smaller proportion of the low-value accounts (23/910). In addition to size or variability, stratification can be based on other qualitative characteristics the auditor considers important, such as individual, location, date, or product.
Choose an Audit Sampling Method An auditor must decide whether to use statistical or non-statistical sampling methods. If statistical sampling is chosen, another choice needs to be made. In statistical sampling, sampling methods utilizing classical variables in normal distribution theory are available. However, MUS, which uses attribute sampling theory, is used more widely in practice. Some of the technical characteristics of the statistical methods are explained more fully in Appendix 10B. The calculation examples shown later in this chapter use the MUS method. This calculation is relatively simple and illustrates the important points.
Perform the Procedures LO6b
Determine sample size and select sample units.
The next three steps represent the evidence-gathering phase of the sampling process. Figuring sample size correctly for account balance auditing is an important aspect of this and requires consideration of several influences. stratification: subdividing the population in an audit sample by, for example, account balance size
WWW.TEX-CETERA.COM
532
PART 2
Basic Auditing Concepts and Techniques
Figuring a sample size in advance helps guard against underauditing (not obtaining enough evidence) and overauditing (obtaining more evidence than needed). It can also control the cost of the audit. An arbitrary sample size could be used for the accounts receivable confirmation procedures, but if it turned out to be too small, processing more confirmations might be impossible before the audit report deadline. Alternative procedures could become costly and time-consuming. A predetermined sample size is not as important in other situations where the auditors can increase the sample simply by choosing more items from those available in the client’s office.
Determine the Sample Size Whether using statistical or non-statistical sampling methods, auditors first need to establish decision criteria for the risk of incorrect acceptance (effectiveness risk for substantive testing), the risk of incorrect rejection (efficiency risk for substantive testing), and the material misstatement criterion to be used with the substantive test. Also, auditors may want to estimate the expected dollar amount of misstatement. These decision criteria should be determined before any evidence is obtained from a sample.
Risk of Incorrect Acceptance, or Effectiveness Risk of the Substantive Test
The audit risk model can be your guide in assessing this risk. A suitable risk of incorrect acceptance depends on the assessments of inherent risk, control risk, and analytical procedures risk. The risk of incorrect acceptance varies inversely with the combined product of the other risks. The larger the combined product of the other risks, the smaller will be the allowable risk of incorrect acceptance. Suppose, for example, two different auditors, both believing 0.05 is an acceptable level of audit risk, independently assess the client’s control risk and their own analytical procedures and arrive at the following conclusions. Auditor A believes the inherent risk is high (IR = 1.0), the control risk is moderate (CR = 0.50), and analytical procedures will not be performed (APR = 1.0). Audit procedures need to be planned so that the risk of incorrect acceptance will be about 10%: 0.05 AR RIA = ______________ = ______________ = 0.10 IR × CR × APR 1.0 × 0.50 × 1.0 Auditor B believes the inherent risk is high (IR = 1.0), the control risk is very low (CR = 0.20), and analytical procedures will not be performed (APR = 1.0). Audit procedures need to be planned so that the risk of incorrect acceptance will be about 25%: 0.05 AR RIA = ______________ = ______________ = 0.25 IR × CR × APR 1.0 × 0.20 × 1.0 Use the model with caution. You can learn from these examples that auditor A’s account balance sampling work must provide less risk than auditor B’s. Since sample size varies inversely with the risk of incorrect acceptance, auditor A’s sample will be larger. In fact, when the control risk is lower, as B’s is, the acceptable risk of incorrect acceptance is higher. Thus, auditor B’s sample of customers’ accounts receivable can be smaller than auditor A’s sample.
Risk of Incorrect Rejection, or Efficiency Risk Like the risk of incorrect acceptance, the risk of incorrect rejection exists in both statistical and non-statistical sampling. It can be controlled, usually by auditing a larger sample, and sample size varies inversely with the risk of incorrect rejection. MUS deals with incorrect rejection (efficiency risk) by increasing sample size above the minimum associated with using K = 0 in sample planning. The simplified approach to sample planning we use here sets K = 0 so that the sample size is the smallest possible for the stated confidence level and materiality.
Material Misstatement
Material misstatement—which can be either a performance materiality or an overall materiality depending on the auditor’s judgment for the line item being tested—must also be
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
533
considered in both non-statistical and statistical sampling. In statistical sampling, material misstatement must be expressed as a dollar amount or as a proportion of the total recorded amount. The sample size varies inversely with the amount of misstatement considered material. The greater the materiality, the smaller the sample size needed.
Expected Dollar Misstatement Auditors estimate an expected dollar misstatement amount based on last year’s audit findings or on other knowledge of the accounting system. Increasing the expectations of dollar misstatement has the effect of increasing the sample size. This is done through reducing the planned precision in planning the sample size. The purpose of doing this is to reduce efficiency risk throughout the range of immaterial misstatements. The more dollar misstatement expected, the larger the sample size should be. So, sample size varies directly with the amount of expected dollar misstatement. The main reason for using expected errors is to control efficiency risk, as discussed earlier in this chapter. See the chapter Application Case for an illustration and Appendix 10B to further understand this technical point. Variability within the Population
Auditors using non-statistical sampling must take into account the degree of dispersion, or typical skewness, of some accounting populations. Skewness is the concentration of a large proportion of the dollar amount in only a small number of the population items. For example, $100,000 (25%) of the total accounts receivable is in 6 customers’ accounts, while the remaining $300,000 is in 1,500 customers’ accounts. As a general rule, auditors should be careful about populations whose unit values range widely, say from $1 to $10,000. In this case, for your population to be representative, you would need to take a larger sample than if the range were only from $1 to $500. Sample size should vary directly with the range of population unit values. Populations with high variability should be stratified, as shown in the stratification example above. When classic statistical sampling methods are used, there must be an estimate of the population standard deviation, which is a measure of the population variability. When using MUS, this estimate is not needed, as the unit of selection is each recorded dollar rather than the account balance. Thus, there is no variability in the population of recorded dollars, as each dollar has the same value. (See Appendix 10B for more details.) MUS sample sizes can be calculated as they are for tests of controls. The same sample planning formula can be applied as long as all monetary amounts are converted to a rate or percentage. Thus, for example, if you have an accounts receivable population with a balance of $10,000,000, you determine materiality to be $300,000. If you wish to plan a sample size for confirming receivables with 95% confidence level, then first convert materiality as a rate by calculating its proportion of the recorded value: P = 300,000/10,000,000 = 0.03. This is simply putting materiality in relative terms. Now you can apply the formula as before to calculate the sample size: n = R/P = 3.0/0.03 = 100. As you can see, the calculation of sample sizes under MUS is very similar for both tests of controls and tests of balances. The calculations for both are summarized in Exhibit 10–11. You can now prove to yourself the efficiency effects of relying on internal controls using the audit risk model. In the above receivables example, assume you desired 95% CL because you planned audit risk at 0.05, and you assessed inherent and control risk at the maximum of 1.0. Hence, you had to get all your assurance from the substantive test using a detection risk (DR) of 0.05. The detection risk is the same as effectiveness risk
expected dollar misstatement: a preliminary estimate of expected monetary misstatements in a total monetary value recorded for a population
skewness: the concentration of a large proportion of the dollar amount in only a small number of the population items
standard deviation: a measure of population variability
WWW.TEX-CETERA.COM
534
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10–11
Sufficiency of Audit Evidence SUMMARY OF SIMPLIFIED CALCULATIONS OF SAMPLE SIZE KEY CONCEPTS
TESTS OF CONTROLS
SUBSTANTIVE TESTS OF BALANCE
Basic formula
R = nP
R = nP
Assessment of materiality or tolerable error rate
P = tolerable error rate
P = materiality as a proportion of the recorded balance
Assessment of effectiveness risk = 1 − confidence level = 1 − CL
Effectiveness risk is based on control risk from audit risk model
Effectiveness risk is risk of incorrect acceptance of audit risk model
R value
From table use K = 0 and desired confidence level.
From table use K = 0 and desired confidence level.
Extent of testing = sample size
CLRK n = ___ P
CLRK n = ___ P
or the risk of incorrect acceptance. Now, assume that you assessed control risk below maximum at 0.50 (instead of at maximum at 1.0); then, using the risk model, you can prove to yourself that detection risk is revised to 0.10; that is, you accept more risk (get less assurance) from your substantive testing. This is reflected by the reduced sample size: n = R/P = 2.31/0.03 = 77 (always round up to ensure the sample is large enough). You have thus reduced your substantive testing by 23 (100 − 77) as a result of your increased reliance on internal controls. This is a simple example, but it illustrates the basic principle of internal control reliance using the audit risk model. These influences are summarized in Exhibit 10–12. EXHIBIT 10–12
Sample-Size Relationships: Audit of Account Balances Using Monetary-Unit Sampling PREDETERMINED SAMPLE SIZE WILL BE SAMPLE-SIZE INFLUENCE
HIGH RATE OR LARGE AMOUNT
LOW RATE OR SMALL AMOUNT
SAMPLE-SIZE RELATION
1. Risk of incorrect acceptance
Smaller
Larger
Inverse
2. Risk of incorrect rejection*
Smaller
Larger
Inverse
3. Tolerable misstatement
Smaller
Larger
Inverse
4. Expected misstatement*
Larger
Smaller
Direct
*These effects are discussed in Appendix 10B. They are ignored under the simplified approach used here, and many practitioners treat these effects as insignificant.
Select the Sample As was the case with test of controls audit samples, account balance samples must be representative. The same selection methods as discussed for tests of controls can be used for MUS in substantive testing. Unrestricted random selection and systematic MUS selection will obtain random samples for statistical applications. Appendix 10B outlines unique features of MUS selection in more detail. Haphazard and block selection methods have the same drawbacks as they have in test of controls audit samples.
Perform the Substantive-Purpose Procedures The basic assertions in a presentation of accounts receivable are that they exist, they are complete (no receivables are unrecorded), the company has the right to collect the money, they are valued properly at net realizable
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
535
value, and they are presented and disclosed properly in conformity with GAAP. A substantive-purpose audit program consists of account balance–related procedures designed to produce evidence about these assertions. The test procedures listed in the box on the two purposes of sampling above (“Two Kinds of Audit Programs: Two Purposes for Audit Sampling”) will obtain the evidence related to the assertions also listed in the box, as further explained below. The confirmation procedures should be performed for all the sampling units, and other procedures must be performed as necessary for evidence relating to existence, ownership, and valuation. It is important to audit all the sample units, even the hard ones. Auditing just those customers whose balances are easy might bias the sample. Sometimes, however, you will be unable to audit a sample unit; there may be no response to the confirmation requests, sales invoices supporting the balance may not be found, and no payment may have been received after the confirmation date. Auditing standards contain the following guidance in this situation: • If your evaluation conclusion isn’t affected by the misstated balance, then you can let it go. If your evalu-
ation conclusion is to accept the book value, the account should not be big enough to change that. If your evaluation conclusion is already to reject the book value, this account misstatement just reinforces the decision. • If considering the entire balance to be misstated would change an acceptance decision to a rejection decision, you may need to expand the sample, perform the procedures on the new items (other than confirmation), and reevaluate the results. • If control risk related to the balance was assessed to be low, you should consider whether this finding contradicts the low control risk assessment.
Review Checkpoints 10-37 Write the expanded risk model. What risk is implied for test of detail risk when IR = 1.0, CR = 0.40, APR = 0.60, AR = 0.048, tolerable misstatement = $10,000, and the estimated standard deviation in the population = $25? 10-38 Explain why control risk is inversely related to the risk of incorrect acceptance. 10-39 Why does the efficiency risk affect audit efficiency and the effectiveness risk affect audit effectiveness? 10-40 When auditing account balances, why is an incorrect acceptance decision considered more serious than an incorrect rejection decision? 10-41 What should be the relationship between tolerable misstatement in the audit of an account balance and the amount of monetary misstatement considered material to the overall financial statements? 10-42 What general set of audit objectives can you use as a frame of reference for specific objectives for the audit of an account balance? 10-43 What audit purpose is served by stratifying an account balance population and by selecting some units from the population for 100% audit verification?
The Evidence LO6c
Evaluate monetary error evidence from a balance audit sample.
The final step represents the evidence evaluation and decision-making phase of the sampling method. Your decisions about existence, ownership, and valuation need to be justifiable by sufficient appropriate quantitative and qualitative evidence. You should be concerned first with the quantitative evaluation of the evidence. Qualitative follow-up is also important and is discussed later.
WWW.TEX-CETERA.COM
536
PART 2
Basic Auditing Concepts and Techniques
Evaluate the Evidence Quantitative evaluation of substantive tests of balances using MUS is the same as that for tests of controls. For example, reject if achieved P is greater than or equal to materiality; otherwise accept the population total recorded amount. The complications arise from possible variability of the misstatements when calculating achieved P. Appendix 10B outlines how to deal with these complications. Exhibit 10–13 summarizes these statistical evaluations. Auditing standards for this evaluation are not written with a particular approach, such as MUS, in mind. Instead, they deal with general features of quantitative evaluation already captured by the particular approaches of formulas, and we review these general considerations here. The reconciliation to particular calculations with MUS is given in Appendix 10B. These are the basic steps in quantitative evaluation: • Figure the total amount of actual monetary error, the known misstatement (identified misstatement),
found in the sample. • Project the known misstatement to the population. The projected amount is the likely misstatement
(projected misstatement). • Compare the likely misstatement to the material misstatement for the account and consider (1) the risk of incorrect acceptance—that likely misstatement is calculated to be less than material misstatement even though the actual misstatement in the population is greater, or (2) the risk of incorrect rejection—that likely misstatement is calculated to be greater than material misstatement, even though the actual misstatement in the population is smaller. This decision can be made statistically, thus reducing non-sampling error with the test. Details are given in Appendix 10B.
Amount of Known Misstatement Hypothetical audit evidence from the sample for the previous stratification example is shown in the box “Stratification Example—Selecting Sample Sizes.” In this example, total accounts receivable is $400,000, while $100,000 of the total is in six large balances, which are to be audited separately. The remainder is in 1,500 customer accounts whose balances range from $1 to $9,999. Suppose the audit team selected 90 of these accounts and applied the confirmation or vouching procedures to each of them, and the evidence showed $136 of net overstatement of the recorded amounts. This amount is the known misstatement for this sample of 90 customer accounts.
Project the Known Misstatement to the Population
Let us review the discussion around Exhibit 10–2. To make a decision about the population, the known misstatement in the sample is projected to the population. The sample must be representative, because if it is not, a projection can produce a misleading number. As an extreme example, suppose one of the six large accounts, which were all audited, contained a $600 disputed amount. Investigation showed the customer was right and management agreed, so the $600 is the amount of known misstatement. If an auditor takes this group of six accounts as being representative of the population, projecting the $100 average misstatement ($600/6) to 1,506 accounts ($100 × 1,506) would project a total misstatement of $150,600, compared with the recorded accounts receivable total of $400,000. This projection is neither reasonable nor appropriate. Nothing is wrong with the calculation method. The non-representative “sample” is the culprit in this absurd result.
Consider Sampling Risks These are risks of making wrong decisions (incorrect acceptance or incorrect rejection) in both non-statistical and statistical sampling. The smaller the sample, the greater both risks are. known misstatement (identified misstatement): the total amount of actual monetary error found in a sample or other non-sampling auditing procedures
likely misstatement (projected misstatement): the projection of a known misstatement identified in a representative sample to the whole population
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
537
EXHIBIT 10–13
Evaluating Sample Results EVALUATING SAMPLE RESULTS* KEY CONCEPTS
TESTS OF CONTROL
Basic formula
R
Solve for achieved P
R P = __ n
R = nP R P = __ n
If achieved P > tolerable error rate, then reject; otherwise, accept reliance on control.
If achieved P > materiality, then reject; otherwise, accept the recorded total for the population.
If accept
Can rely on controls to extent planned at stated confidence level
Can accept client’s recorded amount at stated confidence level
If reject
Need to rely on controls less than expected
Need to sample more or insist on an adjustment (adjust to most likely value as indicated by sample mean extrapolated to the population)
Basic decision rule
= nP
SUBSTANTIVE TESTS OF BALANCE
Consequence of decision:
*n is known, and R is known based on detected errors, K, and planned confidence level.
Common sense tells you that the less you know about a population because of a small sample, the more risk you run of making a wrong decision. Auditing guidance suggests you can use your experience and professional judgment to consider the risk. If the projected likely misstatement is considerably less than tolerable misstatement, chances are good that the total actual misstatement in the population will be less than tolerable misstatement. However, when the projected likely misstatement is close to material misstatement, the risk of incorrect acceptance may exceed the acceptable risk that an auditor initially established as a decision criterion (see AuG-41, paragraph 42). The risk of incorrect rejection is a similar situation. Again, the judgment depends on the size of the sample and the kinds and distribution of misstatements discovered. This judgment can be significantly aided by using statistical theory, as explained in Appendix 10B. Auditors take the rejection decision seriously and conduct enough additional investigation to determine the amount and adjustment required—extra work that mitigates the risk of incorrect rejection. In the example, if the sample of 90 customers’ accounts had shown total misstatement of $900 (yielding the $15,000 projected misstatement using the average difference method), most auditors would consider the evidence insufficient to propose a significant adjustment. (However, correction of the $900 should not by itself be a sufficient action to satisfy the auditors.) When using non-statistical sampling, auditors use their experience and expertise to take risks into account. Statistical samplers can add statistical calculations to these considerations of sampling risk.
Qualitative Evaluation
The numbers are not enough. Auditors are required to follow up each monetary difference to determine whether it arose from (a) misunderstanding of accounting principles, (b) simple mistakes or carelessness, (c) an intentional irregularity, or (d) management override of an internal control procedure. Auditors also need to relate the differences to their effect on other amounts in the financial statements. For example, overstatements in accounts receivable may indicate overstatement of sales revenue. Likewise, you should not overlook the information that can be obtained in account balance auditing about the performance of internal control procedures—the dual-purpose characteristic of auditing procedures. Deviations (or absence of deviations) discovered when performing substantive procedures can help confirm or contradict an auditor’s previous conclusion about control risk. If many more monetary differences than expected arise, the control risk conclusion may need to be revised and more account balance auditing work done.
WWW.TEX-CETERA.COM
538
PART 2
Basic Auditing Concepts and Techniques
Knowledge of the source, nature, and amount of monetary differences is very important in explaining the situation to management and directing additional work to areas where adjustments are needed. The audit work is not complete until the qualitative evaluation and follow-up are done.
Evaluate the Amount of Misstatement
The CPA Canada Handbook guideline AuG-41 requires the aggregation of known misstatement (identified misstatement in the guideline) and projected likely misstatement (likely aggregate misstatement in the guideline). The aggregation is the sum of (a) known misstatement in the population units identified for 100% audit and (b) the projected likely misstatement for the population sampled. The theory underlying (b) is that the projected likely misstatement is the best single estimate of the amount that would be determined if all the accounts in the sampled population had been audited. You can see the importance of sample representativeness in this regard. This aggregation should be judged in combination with other misstatements found in the audit of other account balances to determine whether the financial statements taken as a whole need to be adjusted and, if so, in what amount. The evaluation of amounts is not over yet, however. It cannot be said that the projected likely misstatement is the exact amount that would be found if all the units in the population were audited. The problem arises from sampling error—the amount by which a projected likely misstatement amount could differ from an actual (unknown) total as a result of the sample not being exactly representative. Of course, auditors are mostly concerned with the possibility that the actual total misstatement might be considerably more than the projected likely misstatement. This sampling phenomenon gives rise to the concept of possible misstatement, or maximum possible misstatement (the third kind, in addition to known and likely misstatement), which is interpreted in AuG-41 as the further misstatement remaining undetected in the units not selected in the sample. Non-statistical auditors use their experience and professional judgment in considering additional possible misstatement. Statistical auditors, however, use statistical calculations to measure possible misstatement. In Appendix 10B, the basic example shows how to calculate a possible misstatement. For the illustration here, if the possible misstatement is less than the amount considered material ($10,000), then it could be judged as acceptable (assuming no qualitative factors come into play). If the possible misstatement were higher than $10,000, then the evidence would suggest that the misstatement in the account exceeds $10,000. For a more complete discussion of the evaluation of statistical substantive testing of details results, see Appendix 10B.
Timing of Substantive Audit Procedures Account balances can be audited, at least in part, at an interim date. When this work is done before the company’s year-end, auditors must extend the interim-date audit conclusion to the balance sheet date. Extending the audit conclusion involves performing substantive-purpose audit procedures on the transactions in the remaining period and on the year-end balance to produce sufficient appropriate evidence for a decision about the year-end balance. It is unreasonable to audit a balance (say, accounts receivable) as of September 30, and then, without further work, accept the December 31 balance.
sampling error: the amount by which a projected likely misstatement amount could differ from an actual (unknown) total as a result of the sample not being exactly representative
possible misstatement: the further misstatement remaining undetected in the units not selected in the sample
extending the audit conclusion: performing substantive-purpose audit procedures on the transactions in the remaining period and on the year-end balance to produce sufficient appropriate evidence for a decision about the year-end balance
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
539
If the company’s internal control over transactions that produce the balance under audit is not particularly strong, you should time the substantive detail work at year-end instead of at interim. Likewise, if rapidly changing business conditions predispose managers to misstate the accounts (try to slip one by the auditors), the work should be timed at year-end. In most cases, careful scanning of transactions and analytical review comparisons should be performed on transactions that occur after the interim date. As an example of the process, accounts receivable confirmation can be done at an interim date. Later, efforts must be made to ascertain whether controls continued to be reliable. You must scan the transactions of the remaining period, audit any new large balances, and update work on collectability, especially with analysis of cash received after the year-end. Audit work is performed at interim for two reasons: (1) to spread the accounting firms’ workload so that not all the work on clients is crammed into December and January and (2) to make the work efficient and enable companies to report audited financial results soon after the year-end. Some well-organized companies with wellplanned audits report their audited figures as early as five or six days after their fiscal year ends.
Balance Audit Sampling Failure The company owned surgical instruments that it lent and leased to customers. The auditors decided to audit the existence of the assets by confirming them with the customers who were supposed to be holding and using them. From the population of 880 instruments, the auditors selected eight for confirmation, using a sampling method that purported to produce a representative selection. Two confirmations were never returned, and the auditors did not follow up on them. One returned confirmation indicated that the customer did not have the instrument in question; the auditors were never able to find it. Nevertheless, the auditors concluded that the $3.5 million recorded amount of the surgical instrument assets was materially accurate. Judges who heard complaints on the quality of the audit work concluded that it was not performed in accordance with generally accepted auditing standards (GAAS) because the auditors did not gather sufficient evidence concerning the existence and valuation of the surgical instruments. GAAS require auditors to project the sample findings to the population. The auditors did not do so. They never calculated (non-statistical) the fact that $1,368,750 of the asset amount could not be confirmed or found to exist. The sample of eight was woefully inadequate, both in sample size and in the proportionately large number of exceptions reported. There was a wholly insufficient statistical basis for concluding that the account was fairly stated under generally accepted accounting principles (GAAP). Source: U.S. Securities and Exchange Commission, Administrative Proceeding File No. 3–6579 (Initial Decision, June 1990).
Review Checkpoints 10-44 What kind of evidence evaluation consideration should an auditor give to the dollar amount of a population unit that cannot be audited? 10-45 What are the three basic steps in quantitative evaluation of monetary amount evidence when auditing an account balance? 10-46 The projected likely misstatement may be calculated, yet further misstatement may remain undetected in the population. How can auditors take the further misstatement under consideration when completing the quantitative evaluation of monetary evidence? How is this done by formula? 10-47 What additional considerations are in order when auditors plan to audit account balances at an interim date several weeks or months before the client’s fiscal year-end date?
WWW.TEX-CETERA.COM
540
PART 2
Basic Auditing Concepts and Techniques
A P P L I C AT I O N C A S E W I T H S O L U T I O N & A N A LY S I S Auditor Accused of Not Doing Sufficient Testing
DISCUSSION CASE In a famous U.S. Securities and Exchange Commission (SEC) investigation of the 1972 audit of Giant Stores by the accounting firm of Touche Ross (Accounting Series Release No. 153A, 27 June 1979), the SEC accused Touche Ross of, among other things, not doing sufficient testing to detect $300,000 of fictitious advertising credits supposedly granted to Giant Stores by its suppliers. When the credit was recorded, the accounts payable accounts were debited. The advertising manager had prepared a list of 1,100 suppliers to which advertising credits had been granted, and the SEC claimed that the sample size of 24 used by the auditor to test these recorded credits for accuracy was too small to reach a valid conclusion about the material accuracy of the cumulative $300,000 of advertising credits. By manipulating the company’s financial records, Giant Stores executives converted a $2.5 million loss for 1972 into a $1.5 million profit. Was the SEC correct in arguing that the auditor did insufficient testing of the advertising credits? Can the auditor justify that 24 items was a sufficient sample size? SOLUTION & ANALYSIS Our interest here is in the quantitative aspects of the analysis using the sample size formulas learned here to illustrate how they can be used to defend the auditor’s judgment. Without any sampling theory it would be difficult to defend the auditor’s conclusion. But with some MUS theory it is relatively easy to do so, as we illustrate here. Note what the auditor knows with the information given here: the financial statements show a profit of $1.5 million and the auditor’s task is to verify its accuracy. (Note that the auditor does not know that this profit is fictitious and the actual loss of $2.5 million is hidden. If the auditor knew these things in advance there would be no need for the audit!) First, the auditor needs to calculate a materiality to use in planning the audit. A common rule of thumb is 5% of net income, so let’s use that here since we have very limited information on Giant Stores’ financial statements. So, materiality is 0.05 of $1.5 million, or $75,000. Next we must define the relevant population to be tested. It is evident from the SEC accusation that the amount of testing of the $300,000 of advertising credits is a critical issue. This effectively defines the population in terms relevant for applying MUS. Specifically, what is relevant here is the MUS sample size (n) relative to that actually used by the auditor. Under MUS, n = R/P, where P = (materiality)/(recorded payables or credits for payables, depending on how the population is defined). For example, by AuG-41, materiality is 0.05 × reported net income of $1.5 million = $75,000, so that P = $75,000/$300,000 = 0.25. If we use a 95% confidence level, R = 3.0, so that n = 3/0.25 = 12. The auditor thus picked a sample size twice as large as required by MUS. Note this shows that the SEC may be wrong in saying that 24 items is not a sufficient sample size. Your reasons are those of statistical theory and MUS. What are the SEC’s reasons? Is a 95% confidence level reasonable? Is the materiality of $300,000 reasonable? With MUS we can focus on the key judgments necessary to decide on the sufficiency of testing and determine what is sufficient in an objective manner. These are the major advantages of relying on a formal model like MUS to help guide audit judgments and to make them more justifiable. Note especially the importance of auditor judgment in defining the relevant population.
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
541
SUMMARY • Audit sampling was explained in this chapter as an organized method of making decisions. Two kinds
of decisions were shown: (1) assessment of control risk and (2) the decision about whether financial statement assertions in an account balance are fairly presented. The method is organized by two kinds of audit programs to guide the work on these two decisions: (1) the internal control program and (2) the balance audit program. The audit sampling itself can be attribute sampling for test of controls and balance audit (variables) sampling for auditing the assertions in an account balance. LO1, 2, 3 • Risk in audit decisions was explained in the context of non-sampling and sampling risk, with sam-
pling risk further subdivided into two types of decision errors: (1) assessing control risk too low and incorrect acceptance of a balance and (2) assessing control risk too high and incorrect rejection of an account balance. The first pair damages the effectiveness of audits, and the second pair damages the efficiency of audits. LO4 • Audit sampling is a method of organizing the application of audit procedures and a disciplined approach
to decision problems. Both types of sampling were explained in basic terms of planning the audit procedures, performing the audit procedures, and evaluating the evidence produced by the audit procedures. The latter process was reinforced with some differences and monetary unit sampling (MUS) projections of misstatement amounts. The mechanics were illustrated in the last section. LO5, 6 • Audit programs for test of controls procedures and balance audit procedures were illustrated and inte-
grated with earlier chapters. One of the goals of this chapter was to enable students to understand these procedural programs in the context of audit sampling. The other goal was to clarify the concepts of risk and materiality introduced in the earlier chapters. LO5, 6
KEY TERMS account balance
individually significant items
analytical procedures risk
known misstatement (identified
attribute sampling audit procedures audit sampling
misstatement) likely misstatement (projected misstatement)
risk of assessing the control risk too high risk of assessing the control risk too low risk of incorrect acceptance
block sampling
monetary-unit sampling (MUS)
risk of incorrect rejection
class of transactions
non-sampling risk
sample
classical attribute sampling
non-statistical (judgmental)
sampling error
effectiveness risk (type II error risk) efficiency risk (type I error risk) error analysis
sampling physical representation of the population
sampling risk sampling unit skewness
evidence collection
population
standard deviation
evidence evaluation
population unit
statistical sampling
expectation about the population
possible misstatement
stratification
problem recognition
substantive tests of details auditing
expected dollar misstatement
random sample
systematic random selection
extending the audit conclusion
replicate
tolerable deviation rate
haphazard selection
representative sample
unrestricted random selection
deviation rate
hypothesis testing
WWW.TEX-CETERA.COM
542
PART 2
Basic Auditing Concepts and Techniques
M U LT I P L E - C H O I C E Q U E S T I O N S F O R P R A C T I C E AND REVIEW MC 10-1
LO1
In an audit sampling application, an auditor performs procedures on
a. all the items in a balance and makes a conclusion about the whole balance. b. less than 100% of the items in a balance and formulates a conclusion about the whole balance. c. less than 100% of the items in a class of transactions for the purpose of becoming familiar with the client’s accounting system. d. the client’s unaudited financial statements as an analysis when planning the audit. MC 10-2 a. b. c. d.
MC 10-3 a. b. c. d.
LO2 In audit sampling applications, what is sampling risk?
A characteristic of statistical sampling applications but not of non-statistical applications The probability that the auditor will fail to recognize erroneous accounting in the client’s documentation The probability that accounting errors will arise in transactions and enter the accounting system The probability that an auditor’s conclusion based on a sample might be different from the conclusion based on an audit of the entire population
MC 10-4 a. b. c. d.
LO3 Auditors consider statistical sampling to be characterized by
representative sample selection and non-mathematical consideration of the results. carefully biased sample selection and statistical calculation of the results. representative sample selection and statistical calculation of the results. carefully biased sample selection and non-mathematical consideration of the results.
LO5 When auditing the client’s performance of control for the completeness objective related to recording sales, auditors should draw sample items from which of the following?
A sales journal list of recorded sales invoices A file of shipping documents A file of customer order copies A file of receiving reports for inventory additions
MC 10-5
LO5 Nelson Williams was considering the sample size needed for a selection of sales invoices for the test of controls audit of the LoHo Company’s internal controls. He presented the following information for two alternative cases: CASE A
CASE B
Acceptable risk of underreliance
High
Low
Acceptable risk of overreliance
High
Low
Tolerable deviation rate
High
Low
Expected population deviation rate
Low
High
Nelson should expect the sample size for Case A to be which of the following? a. Smaller than the sample size for Case B b. Larger than the sample size for Case B c. The same as the sample size for Case B d. Not determinable relative to the Case B sample size
WWW.TEX-CETERA.COM
CHAPTER 10
MC 10-6
Audit Sampling
543
LO6 Nelson next considered the sample size needed for a selection of customers’ accounts
receivable for the substantive audit of the total accounts receivable. He presented the following information for two alternative cases:
CASE X
CASE Y
Acceptable risk of incorrect acceptance
Low
High
Acceptable risk of incorrect rejection
Low
High
Tolerable dollar misstatement in the account
Small
Large
Expected dollar misstatement in the account
Large
Small
Estimate of population variability
Large
Small
Nelson should expect the sample size for Case X to be which of the following? a. b. c. d.
Smaller than the sample size for Case Y Larger than the sample size for Case Y The same as the sample size for Case Y Not determinable relative to the Case Y sample size
MC 10-7 a. b. c. d.
LO6 Which of the following should be considered an audit procedure for obtaining evidence?
An audit sampling application in accounts receivable selection Existence and proper valuation of the accounts receivable Sending a written confirmation on a customer’s account balance Non-statistical consideration of the amount of difference reported by a customer on a confirmation response
MC 10-8
LO6 When calculating the total amount of misstatement relevant to the analysis of an account
balance, an auditor should add which of the following to the misstatement discovered in individually significant items? a. The projected likely misstatement and the additional possible misstatement estimate b. The known misstatement in the sampled items c. The known misstatement in the sampled items, the projected likely misstatement, and the additional possible misstatement estimate d. The additional possible misstatement estimate MC 10-9
a. b. c. d.
LO6 Eddie audited the LoHo Company’s inventory on a sample basis. He audited 120 items from an inventory compilation list and discovered net overstatement of $480. The audited items had a book (recorded) value of $48,000. There were 1,200 inventory items listed, and the total inventory book amount was $490,000. Which of these calculations is (are) correct?
Known misstatement of $48,000 using the average difference method Projected likely misstatement of $480 using the sample stratification method Computed upper error limit (UEL) of $49,000 using the taintings method Projected likely misstatement of $4,800 using the average difference method
MC 10-10
LO6 Stefani audited the client’s accounts receivable, but she could not get any good informa-
tion about customer 102’s balance. The customer responded to the confirmation, saying, “Our
WWW.TEX-CETERA.COM
544
PART 2
Basic Auditing Concepts and Techniques
system does not provide detail for such a response.” The sales invoice and shipping document papers have been lost, and the customer has not yet paid. What should Stefani do? a. Get another customer’s account to consider in the sample. b. Treat customer 102’s account as being entirely wrong (overstated) if doing so will not affect her audit conclusion about the receivables taken altogether. c. Require adjustment of the receivables to write off customer 102’s balance. d. Treat customer 102’s account as accurate because there is no evidence saying it is fictitious. MC 10-11 a. b. c. d.
Effectiveness of an audit Efficiency of an audit Control risk assessment decisions Evidence about assertions in financial statements
MC 10-12 a. b. c. d.
LO3 An advantage of statistical sampling is that it helps an auditor
eliminate non-sampling risk. reapply evaluation judgments based on factors in addition to the sample evidence. be precise and definite in the approach to an audit problem. omit quantification of risk and materiality judgments.
MC 10-13
a. b. c. d.
LO4 The risk of incorrect acceptance in balance audit sampling and the risk of assessing control risk too low in test of controls sampling both relate to which of the following?
LO4 To determine the sample size for a balance audit sampling application, an auditor should consider the tolerable misstatement, the risk of incorrect acceptance, the risk of incorrect rejection, the population size, plus which one of the following?
The expected monetary misstatement in the account The overall materiality for the financial statements taken as a whole The risk of assessing control risk too low The risk of assessing control risk too high
EXERCISES AND PROBLEMS EP 10-1 Sampling and Non-sampling Audit Work. LO2, 3 The accounting firm of Mason & Jarr performed the work described in each separate case below. The two partners are worried about properly applying standards regarding audit sampling. They have asked for your advice. Required: Write a report addressed to the partners, stating whether they did or did not observe the essential elements of audit sampling standards in each case. a. Mason selected three purchase orders for raw materials from the LIZ Corporation files, and from there traced each one through the accounting system. He saw the receiving reports, purchasing agent’s approvals, receiving clerks’ approvals, vendors’ invoices (now stamped paid), entry in the cash disbursement records, and cancelled cheques. This work gave him a first-hand familiarity with the cash disbursement system, and he felt confident about understanding related questions in the internal control questionnaire completed later.
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
545
b. Jarr observed the inventory-taking at SER Corporation. She had an inventory list of the different inventory descriptions with the quantities taken from the perpetual inventory records. She selected the 200 items with the largest quantities and counted them after the client’s shop foreman had completed his count. She decided not to check out the count accuracy on the other 800 items. The shop foreman miscounted in 16 cases. Jarr concluded the rate of miscount was 8%, so as many as 80 of the 1,000 items might be counted wrongly. She asked the foreman to recount everything. c. CSR Corporation issued seven series of short-term commercial paper notes near the fiscal year-end to finance seasonal operations. Jarr confirmed the obligations under each series with the independent trustee for the holders, studied all seven indenture agreements, and traced the proceeds of each issue to the cash receipts records. d. At the completion of the EH&R Corporation audit, Mason obtained written representations, as required by auditing standards, from the president, the CFO, and the controller. He did not ask the chief accountant at headquarters or the plant controllers in the three divisions for written representations. EP 10-2 Test of Controls Audit Procedure Objectives and Control Deviations. LO5 This exercise asks you to specify control test objectives and define deviations in connection with planning the test of controls audit of Kingston Company’s internal controls. Required: a. For each control cited below, state the objective of an auditor’s test of controls audit procedure. b. For each control cited below, state the definition of a deviation from the control. 1. The credit department supervisor reviews each customer’s order and approves credit by making a notation on the order. 2. The billing department must receive written notice from the shipping department of actual shipment to a customer before a sale is recorded. The sales record date is supposed to be the shipment date. 3. Billing clerks carefully look up the correct catalogue list prices for goods shipped and recheck the amounts billed on invoices for the quantities of goods shipped. 4. Billing clerks review invoices for intercompany sales and mark each one with the code “9” so that they will be posted to intercompany sales accounts. EP 10-3 Timing of Test of Controls Audit Procedures. LO5 Auditor Magann was auditing the authorization control over cash disbursements. She selected cash disbursement entries made throughout the year and vouched them to paid invoices and cancelled cheques bearing the initials and signatures of people authorized to approve the disbursements. She performed the work on September 30, up to which date the company had issued cheques numbered from 43921 to 52920. Since 9,000 cheques had been issued in nine months, she reasoned that 3,000 more could be issued in the three months before the December 31 year-end. About 12,000 cheques had been issued last year. She wanted to take one sample of 100 disbursements for the entire year, so she selected 100 random numbers in the sequence 43921 to 55920. She audited the 80 cheques in the sample that were issued before September 30, and she held the other 20 randomly selected cheque numbers for later use. She found no deviations in the sample of 80—a finding that would, in the circumstances, cause her to assign a low (20%) control risk to the probability that the system would permit improper charges to be hidden away in expense and purchase inventory accounts.
WWW.TEX-CETERA.COM
546
PART 2
Basic Auditing Concepts and Techniques
Required: Take the role of Magann and write a memo to the audit manager (dated October 1) describing the audit team’s options with respect to evaluating control performance for the remaining period, October through December. EP 10-4 Evaluation of Quantitative Test of Controls Evidence. LO5, 8 Assume you audited control compliance in the Kingston Company for the deviations related to a random selection of sales transactions, as shown in Exhibit EP 10-4. For different sample sizes, the number of deviations was as in Exhibit EP 10-4. Required: For each deviation and each sample, calculate the rate of deviation in the sample (sample deviation rate). EXHIBIT EP 10-4 SAMPLE SIZES 30
60
80
90
120
160
220
240
260
300
Missing sales invoice
0
0
0
0
0
0
0
0
0
0
Missing bill of lading
0
0
0
0
0
1
2
2
3
3
No credit approval
0
3
6
8
10
14
17
23
26
31
Wrong prices used
0
0
0
0
2
4
8
9
9
12
Wrong quantity billed
1
2
4
4
4
5
5
5
5
5
Wrong invoice arithmetic
0
0
0
0
1
2
2
2
2
3
Wrong invoice date
0
0
0
0
0
2
2
2
2
2
Posted to wrong account
0
0
0
0
0
0
0
0
0
0
EP 10-5 Stratification Calculation of Projected Likely Misstatement Using the Ratio Method. LO6 The stratification calculation example in the chapter shows the results of calculating the projected likely misstatement using the difference method. Assume the results shown in Exhibit EP 10-5 were obtained from a stratified sample. Required: Apply the ratio calculation method to each stratum to calculate the projected likely misstatement (PLM). What is the PLM for the entire sample? EXHIBIT EP 10-5 SAMPLE RESULTS STRATUM 1
POPULATION SIZE 6
RECORDED AMOUNT $100,000
RECORDED AMOUNT
MISSTATEMENT AMOUNT*
6
$100,000
$ −600
SAMPLE
2
80
75,068
23
21,700
−274
3
168
75,008
22
9,476
−66
4
342
75,412
22
4,692
−88
910
74,512
23
1,973
23
1,506
$400,000
96
$137,841
$−1,005
5
*A negative misstatement indicates overstatement of the book value, and a positive misstatement indicates understatement.
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
547
EP 10-6 Determining Risk of Incorrect Acceptance. LO5, 6 In the dialogue between the Kingston auditors, Fred said, “Our analytical procedures related to receivables didn’t show much. The total is down, consistent with the sales decline, so the turnover is up a little. If any misstatement is in the receivables total, it may be too small to be obvious in the ratios.” Jill replied, “That’s good news if the problems are immaterial. Too bad we can’t say analytical procedures reduce our audit risk. What about internal control?” Fred responded: “I’d say it’s about a 50–50 proposition. Sometimes control seemed to work well; sometimes it didn’t. I noticed a few new people doing the invoice processing last week when we were here for a conference. Incidentally, I lump the inherent risk problems and internal control risk problems together when I think about internal control risk. Anyway, firm policy is to plan a sample for a low overall audit risk for the receivables.” Required: Based on this dialogue information, use the expanded risk model to determine a test of detail risk. Relate this risk to sample size determination.
DISCUSSION CASES DC 10-1 Projected Likely Misstatement. LO6 When Marge Simpson, PA, audited the Candle Company inventory, a random sample of inventory types was chosen for physical observation and price testing. The sample size was 80 different types of candles and candle-making inventory. The entire inventory contained 1,740 types, and the amount in the inventory control account was $166,000. Simpson had already decided that a misstatement of as much as $6,000 in the account would not be material. The audit work revealed the following eight errors in the sample of 80. BOOK VALUE
AUDIT VALUE
ERROR AMOUNT
$600.00
$622.00
$ 22.00
15.50
14.50
(1.00)
65.25
31.50
(33.75)
83.44
53.45
(29.99)
16.78
15.63
(1.15)
78.33
12.50
(65.83)
13.33
14.22
0.89
93.87
39.87
(54.00)
$966.50
$803.67
$(162.83)
Required: Calculate the projected likely misstatement using the difference method. Discuss the decision choice of accepting or rejecting the $166,000 book value (recorded amount) without adjustment. DC 10-2 Exercises in Applying the Basic Formula and Using the R Value Table in Appendix 10A. LO5 This case gives auditor judgment and audit sampling results for six populations (see Exhibit DC 10-2). Assume large population sizes.
WWW.TEX-CETERA.COM
548
PART 2
Basic Auditing Concepts and Techniques
Required: a. For each population, did the auditor select a smaller sample size than is indicated by using the tables for determining sample size (assume K = 0 in sample size planning)? Explain the effect of selecting either a larger or a smaller size than those determined in the tables. b. Calculate the sample deviation rate and the achieved P or upper error limit (UEL) for each population. c. For which of the six populations should the sample results be considered unacceptable? What options are available to the auditor? d. Why is analysis of the deviations necessary even when the populations are considered acceptable? e. For the following terms, identify which is an audit decision, which is a non-statistical estimate made by the auditor, which is a sample result, and which is a statistical conclusion about the population. 1. Estimated population deviation rate 2. Tolerable deviation rate 3. Acceptable risk of overreliance on internal control 4. Actual sample size 5. Actual number of deviations in the sample 6. Sample deviation rate 7. Achieved P or UEL EXHIBIT DC 10-2 1
2
3
4
5
6
Tolerable deviation rate or error rate as a percentage (equals materiality for the test)
6
3
8
5
20
15
Acceptable risk of overreliance on internal control in percentage = Effectiveness Risk = 1 − Confidence Level
5
5
10
5
10
10
100
100
60
100
20
60
2
0
1
4
1
8
Actual sample size Actual number of deviations (errors) in the sample
CRITICAL THINKING CT 10-1 CT 10-2
LO4 Does non-sampling risk include improper application of GAAP? Discuss. LO4 Do you think the general decision rule “if achieved P > materiality, then reject; otherwise accept the population” should be applied to all estimates in financial reporting whether statistical or not? Discuss.
WWW.TEX-CETERA.COM
A P P E N D I X
1 0 A
Statistical Sampling Tables LO7
Demonstrate that you can work with statistical sampling tables.
R VALUE TABLE K VALUE: NUMBER OF SAMPLE ERRORS
CONFIDENCE LEVELS
CONFIDENCE LEVELS
75%
80%
85%
90%
95%
97.5%
99%
R
R
R
R
R
R
R
1.39
1.61
1.90
2.31
0
3.00
3.69
4.51
2.70
3.00
3.38
3.89
1
4.75
5.58
6.64
3.93
4.28
4.73
5.33
2
6.30
7.23
8.41
5.11
5.52
6.02
6.69
3
7.76
8.77
10.05
6.28
6.73
7.27
8.00
4
9.16
10.25
11.61
7.43
7.91
8.50
9.28
5
10.52
11.67
13.11
8.56
9.08
9.71
10.54
6
11.85
13.06
14.58
9.69
10.24
10.90
11.78
7
13.15
14.43
16.00
10.81
11.38
12.08
13.00
8
14.44
15.77
17.41
11.92
12.52
13.25
14.21
9
15.71
17.09
18.79
13.03
13.66
14.42
15.41
10
16.97
18.40
20.15
TABLE OF RANDOM DIGITS 32942
95416
42339
59045
26693
49057
87496
20624
14819
07410
99859
83828
21409
29094
65114
36701
25762
12827
59981
68155
45673
76210
58219
45738
29550
24736
09574
46251
25437
69654
99716
11563
08803
86027
51867
12116
65558
51904
93123
27887
53138
21488
09095
78777
71240
99187
19258
86421
16401
19397
83297
40111
49326
81686
35641
00301
16096
34775
21562
97983
45040
19200
16383
14031
00936
81518
48440
02218
04756
19506
60695
88494
60677
15076
92554
26042
23472
69869
62877
19584
39576
66314
05212
67859
89356
20056
30648
87349
20389
53805
20416
87410
75646
64176
82752
63606
37011
57346
69512
28701
56992
70423
62415
40807
98086
58850
28968
45297
74579
33844
33426
07570
00728
07079
19322
56325
84819
62615
52342
82968
75540
80045
53069
20665
21282
07768 (continued) 549
WWW.TEX-CETERA.COM
550
PART 2
Basic Auditing Concepts and Techniques
93945
06293
22879
08161
01442
75071
21427
94842
26210
75689
76131
96837
67450
44511
50424
82848
41975
71663
02921
16919
35424
93209
52133
87327
95897
65171
20376
14295
34969
14216
03191
61647
30296
66667
10101
63203
05303
91109
82403
40312
62191
67023
90073
83205
71344
57071
90357
12901
08899
91039
67251
28701
03846
94589
78471
57741
13599
84390
32146
00871
09354
22745
65806
89242
79337
59293
47481
07740
43345
25716
70020
54005
14955
59592
97035
80430
87220
06392
79028
57123
52872
42446
41880
37415
47472
04513
49494
08860
08038
43624
18534
22346
54556
17558
73689
14894
05030
19561
56517
39284
33737
42512
86411
23753
29690
26096
81361
93099
33922
37329
89911
55876
28379
81031
22058
21487
54613
78355
54013
50774
30666
61205
42574
47773
36027
27174
08845
99145
94316
88974
29828
97069
90327
61842
29604
01769
71825
55957
98271
02784
66731
40311
88495
18821
17639
38284
59478
90409
21997
56199
30068
82800
69692
05851
58653
99949
63505
40409
85551
90729
64938
52403
42396
40112
11469
03476
03328
84238
26570
51790
42122
13318
14192
98167
75631
74141
22369
36757
89117
54998
60571
54786
26281
01855
30706
66578
32019
65884
58485
09531
81853
59334
70929
03544
18510
89541
13555
21168
72865
16829
86542
00396
20363
13010
69645
49608
54738
56324
31093
77924
28622
83543
28912
15059
80192
83964
78192
21626
91399
07235
07104
73652
64425
85149
75409
64666
34767
97298
92708
01994
53188
78476
07804
62404
82201
75694
02808
65983
74373
66693
13094
74183
73020
15360
73776
40914
85190
54278
99054
62944
47351
89098
68142
67957
70896
37983
20487
95350
16371
03426
13895
19138
31200
30616
14639
44406
44236
57360
81644
94761
28155
03521
36415
78452
92359
81091
56513
88321
97910
87971
29031
51780
27376
81056
86155
55488
50590
74514
58147
68841
53625
02059
75223
16783
19272
61994
71090
18875
52809
70594
41649
32935
26430
82096
01605
65846
75109
56474
74111
31966
29969
70093
98901
84550
25769
35983
03742
76822
12073
59463
84420
15868
99505
11426
Source: The Rand Corporation, A Million Random Digits with 100,000 Normal Deviates (Glencoe: Free Press, 1955), p. 102. This work is protected by copyright and is being used with the permission of Access Copyright. Any alteration of its content or further copying in any form whatsoever is strictly prohibited.
TABLE TO DETERMINE SAMPLE SIZES FOR TESTS OF CONTROL USING THE MONETARY-UNIT SAMPLING APPROACH TOLERABLE RATE OF DEVIATIONS OR ERRORS 0.01
0.02
0.03
0.04
0.05
0.06
0.07
0.08
0.09
0.10
0.15
0.20
EFFECTIVENESS RISK = 0.05
300
150
100
75
60
50
43
38
34
30
20
15
EFFECTIVENESS RISK = 0.10
231
116
77
58
47
39
33
29
26
24
16
12
WWW.TEX-CETERA.COM
CHAPTER 10
Audit Sampling
551
TABLE TO EVALUATE SAMPLE RESULTS FOR TESTS OF CONTROLS USING THE MONETARY-UNIT SAMPLING APPROACH: COMPUTED UPPER ERROR LIMITS AS A PERCENT (ACHIEVED P’S) FOR CONFIDENCE LEVEL = 95% Effectiveness Risk = 0.05 R VALUE
3
4.75
6.3
7.76
9.16
10.52
11.85
13.15
14.44
15.71
16.97
Actual Number of Errors Found in the Sample Sample Size
0
1
2
3
4
5
6
7
8
9
10
20
15
*
*
*
*
*
*
*
*
*
*
25
12
19
*
*
*
*
*
*
*
*
*
30
10
16
*
*
*
*
*
*
*
*
*
35
9
14
18
*
*
*
*
*
*
*
*
40
8
12
16
20
*
*
*
*
*
*
*
45
7
11
14
18
*
*
*
*
*
*
*
50
6
10
13
16
19
*
*
*
*
*
*
55
6
9
12
15
17
20
*
*
*
*
*
60
5
8
11
13
16
18
20
*
*
*
*
65
5
8
10
12
15
17
19
*
*
*
*
70
5
7
9
12
14
16
17
19
*
*
*
75
4
7
9
11
13
15
16
18
20
*
*
80
4
6
8
10
12
14
15
17
19
20
*
90
4
6
7
9
11
12
14
15
17
18
19
100
3
5
7
8
10
11
12
14
15
16
17
125
3
4
6
7
8
9
10
11
12
13
14
150
2
4
5
6
7
8
8
9
10
11
12
175
2
3
4
5
6
7
7
8
9
9
10
200
2
3
4
4
5
6
6
7
8
8
9
250
2
2
3
4
4
5
5
6
6
7
7
300
1
2
3
3
4
4
4
5
5
6
6
TABLE TO EVALUATE SAMPLE RESULTS FOR TESTS OF CONTROLS USING THE MONETARY-UNIT SAMPLING APPROACH: COMPUTED UPPER ERROR LIMITS AS A PERCENT (ACHIEVED P’S) FOR CONFIDENCE LEVEL = 90% Effectiveness Risk = 0.10 R VALUES
2.31
3.89
5.33
6.69
8.00
9.28
10.54
11.78
13.00
14.21
15.41
Actual Number of Errors Found in the Sample Sample Size
0
1
2
3
4
5
6
7
8
9
10
20
12
20
*
*
*
*
*
*
*
*
*
25
10
16
*
*
*
*
*
*
*
*
*
30
8
13
18
*
*
*
*
*
*
*
*
35
7
12
16
20
*
*
*
*
*
*
*
40
6
10
14
17
20
*
*
*
*
*
* (continued)
WWW.TEX-CETERA.COM
552
PART 2
Basic Auditing Concepts and Techniques
45
6
9
12
15
18
*
*
*
*
*
*
50
5
8
11
14
16
19
*
*
*
*
*
55
5
8
10
13
15
17
20
*
*
*
*
60
4
7
9
12
14
16
18
20
*
*
*
65
4
6
9
11
13
15
17
19
20
*
*
70
4
6
8
10
12
14
16
17
19
*
*
75
4
6
8
9
11
13
15
16
18
19
*
80
3
5
7
9
10
12
14
15
17
18
20
90
3
5
6
8
9
11
12
14
15
16
18
100
3
4
6
7
8
10
11
12
13
15
16
125
2
4
5
6
7
8
9
10
11
12
13
150
2
3
4
5
6
7
8
8
9
10
11
175
2
3
4
4
5
6
7
7
8
9
9
200
2
2
3
4
4
5
6
6
7
8
8
250
1
2
3
3
4
4
5
5
6
6
7
300
1
2
2
3
3
4
4
4
5
5
6
Appendix 10B: More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances (on Connect)
ENDNOTES 1
E. Turner, “How much is enough?” CA Magazine, March 2010, pp. 49–51.
2
CAS 530.05(a).
3
Canadian Institute of Chartered Accountants, Terminology for Accountants, 4th edition (CICA, 1992).
4
“Audit sampling,” Audit and Accounting Guide (AICPA, 1983), pp. 1–3.
5
Effectiveness and efficiency risks are the most fundamental risk concepts in auditing.
6
MUS, however, defines a sampling unit differently as the monetary (dollar) value of the sampling unit. In effect, each recorded dollar is viewed as a sampling unit. This allows wider use of attribute sampling as a substantive test and greatly simplifies formulas that need to be learned with statistical auditing. MUS is explained in detail in Appendix 10B.
7
Accounting firms have different policies for associating tolerable deviation rates with control risk categories. Some start with a minimum rate of 1%, and others start with higher rates.
8
T. Hall and T. Herron, “How reliable is haphazard sampling?” CPA Journal, January 2006, pp. 26–27.
9
Changing the example to suppose deviations were found creates a problem for the non-statistical sampler. He or she must think harder about the evidence (a 5.5% sample rate) in relation to the tolerable rate (8%) and acceptable risk. The statistical sampler can measure the UEL at 8.3%, which is greater than the 8% tolerable rate at a 10% risk of overreliance. The control fails the decision criterion test. Appendix 10B contains more information about making these calculations using statistical tables and formulas.
WWW.TEX-CETERA.COM
A P P E N D I X
1 0 B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances Appendix 10B contains more mathematical and statistical details related to the test of controls sampling introduced in Chapter 10. In fact, it is like a technical appendix on test of controls sampling and substantive testing. In this appendix you will find more-specific explanations of how to do statistical sampling in the test of controls phase of the control risk assessment work, and for substantive tests of details. After studying this appendix in conjunction with Chapter 10, you should be familiar with and able to perform the listed topic items. LO8
Demonstrate that you can apply statistical sampling concepts for tests of controls and tests of balances using the audit risk model.
Appendix Topics Part I: Some More Theory on the Behaviour of Sampling Risks Part II: Test of Controls with Attribute Sampling Risk and Rate Quantifications • Explain how risks behave under the hypothesis testing approach in statistical sampling. • Explain the role of professional judgment in assigning numbers to risk of assessing control risk too
low, risk of assessing control risk too high (efficiency risk), and tolerable deviation rate. • Use statistical tables or calculations to determine test of controls sample sizes when there is more than
one population. • Use tables and calculations to compute statistical results (the computed upper error limit (UEL), which is the same as achieved P in Chapter 10) for evidence obtained with detail test of controls procedures. • Use the discovery sampling evaluation table for assessment of audit evidence. • Choose a test of controls sample size from among several equally acceptable alternatives.
10B-1
WWW.TEX-CETERA.COM
10B-2
PART 2
Basic Auditing Concepts and Techniques
Part III: Audit of an Account Balance • Calculate a risk of incorrect acceptance, given judgments about inherent risk, control risk, and ana-
• • • • • •
lytical procedures risk, using the audit risk model, such as in the CPA Canada Handbook Section 5095, Guideline on Materiality (AuG-41, paragraphs 41 and 42). Explain the considerations in controlling the risk of incorrect rejection. Explain the characteristics of monetary-unit sampling (MUS) and its relationship to attribute sampling. Calculate a monetary-unit sample size for the audit of the details of an account balance. Describe a method for selecting a monetary unit, define a logical unit, and explain the stratification effect of MUS. Calculate a UEL for the evaluation of monetary-value evidence, and discuss the relative merits of alternatives for determining an amount by which a monetary balance should be adjusted. Use your critical thinking skills to evaluate newspaper articles about auditor applications of statistical sampling.
Part IV: Other Topics in Statistical Auditing: Regression for Analytical Review, Monetary-Unit Sampling for Tests of Controls, and the Audit Risk Model • Explain how linear regression can be used as an analytical review procedure. • Describe the advantages of using MUS to test controls. • Explain how the audit risk model evolved from the adoption of statistical sampling in auditing.
Part I: Some More Theory on the Behaviour of Sampling Risks This appendix continues the discussion that began in Chapter 10 regarding statistical sampling in auditing. As you will recall, Chapter 10 ends with some of the mechanics of using statistical formulas and tables in auditing. Here, in this appendix, you will find more details on the theory and mechanics of statistical auditing. We begin with an overview of some theory about how risks are controlled with all statistical audit procedures, using the concept of hypothesis testing. We then review applications to attribute sampling in tests of controls, followed by statistical applications of substantive testing of details on balances. The appendix ends with statistical applications of regression models to analytical review procedures. Under the negative approach, confidence level equals one minus effectiveness risk, while under the positive approach, confidence level equals one minus efficiency risk. Recall that the negative approach is the more important and common approach in auditing. In particular, it underlies all attribute sampling tables and formulas. MUS always uses the negative approach. The positive approach frequently underlies formulas using the normal distribution assumption; this is briefly discussed at the end of the appendix. Because of its simplicity and straightforward relationship to audit objectives, the negative approach is used throughout the appendix. However, it should be noted that the positive approach is much more important in the sciences, and, in particular, the efficiency risk when associated with the null hypothesis of “no difference” is the more important risk of the sciences. In contrast, the effectiveness or effectiveness risk is more important in auditing because it is related to the more important hypothesis of “material misstatement” or “significant difference,” which it is the auditor’s job to detect. In fact, some have characterized the purpose of the auditing profession as “controlling effectiveness risk” associated with financial statements. For this reason, effectiveness risk is associated with audit effectiveness.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-3
How Sampling Risks Are Controlled in Statistical Auditing When using statistical sampling concepts in auditing, we need to develop a decision rule, which must be used consistently if we are to control risks objectively. It is the assumption of the consistent use of a strict decision rule that allows the risks to be predicted and thus controlled via the sample size. The decision rule is frequently referred to as a hypothesis test, and the auditor is typically interested in distinguishing between two hypotheses: Hypothesis 1: There exists a material misstatement in the total amount recorded for the accounting population. Hypothesis 2: There exists no misstatement in the amount recorded for the accounting population. The decision rule the auditor uses in statistical auditing is to select one of these two hypotheses based on the results of the statistical sample. The mechanics of this will be discussed later in this appendix. For now, we are interested in depicting what happens to sampling risks (risks that arise when testing only a portion of the population statistically) when a consistent decision rule is used. This is when the summary concept of a probability of acceptance curve becomes useful. This curve can be used to represent all the possibilities of sampling risk about a sample result.
Probability of Acceptance Curve (or Acceptance Curve, for Short) Consider Exhibit 10B–1, which plots the probability of acceptance of the recorded amount against total misstatement within the recorded amount of some accounting population, such as aggregate accounts receivable. The horizontal axis reflects total misstatement, while the vertical axis reflects probability. In a perfect world of no uncertainty, auditors would want to have a zero probability of accepting a recorded amount having material misstatement (MM in the exhibit). However, the concept of testing or sampling only a part of a population requires the auditor to be willing to accept some uncertainty concerning the total population value. This is reflected in the fact that the probability of acceptance cannot be zero at MM with sampling. However, the auditor can design his or her audit so that this probability is appropriately low (see Exhibit 10B–1). An auditor using a consistent decision rule selecting one of the hypotheses discussed above with a given sample size over a range of possible errors will experience varying probabilities of acceptance, as indicated in Exhibit 10B–1. This is what we mean by a probability of acceptance curve. Note an important feature of this curve: as the error amount increases (going from left to right), the probability of acceptance goes down (as one would expect, because as the amount of error in a population increases, the chances that a sample of a given fixed size will accept the population will decrease). How fast
EXHIBIT 10B–1
Probability of Acceptance versus Total Misstatement Probability representing efficiency risk = incorrect decision Probability of correct decision
Probability Probability = of incorrect representing effectiveness risk decision MM
Efficiency risk range
Effectiveness risk range
WWW.TEX-CETERA.COM
10B-4
PART 2
Basic Auditing Concepts and Techniques
the curve drops depends on a variety of factors, including the sample size, the statistical model, and to a lesser extent the error pattern in the population. It is important to remember that each sample size will have a different acceptance curve. Also, as the sample size increases, the curve shifts upward, until it looks like a rectangle, with a value of exactly one from zero errors to materially misstated errors. At MM, the “perfect” acceptance curve drops to zero, and it stays at zero as the amount of error increases to way above materiality. Note that a perfect acceptance curve results from doing a 100% examination of the population, and also that there is no efficiency or effectiveness risk with a perfect acceptance curve. You can think of the perfect curve as the ideal knowledge state for the auditor. See Exhibit 10B–2 and the discussion following.
Concepts of Sampling Risk When there is a less than perfect (i.e., less than 100%) examination with a given test, the probability of acceptance curve is useful for depicting the full range of sampling risks that the auditor may experience. This is summarized in Exhibit 10B–1. To understand these risks, let us consider some scenarios. First, assume there is an immaterial amount of misstatement (i.e., left of MM in Exhibit 10B–1), say, half MM. The probability of acceptance curve in Exhibit 10B–1 tells us the probability of accepting any given amount of misstatement (including half MM). Is acceptance the correct decision given this amount of misstatement? The answer is “yes,” because the amount of misstatement is less than material. Thus, the probability of acceptance gives us the probability of making the correct decision at half MM. Since the only other alternative in this simple framework is to reject the reported amount, an incorrect decision, this probability of making the incorrect decision must then be one minus the probability of acceptance. This risk of incorrect decision when there is less than material misstatement (i.e., to the left of MM) is the efficiency risk in auditing. A completely different error is possible when there happens to be a material misstatement, that is, to the right of MM in Exhibit 10B–1. Now, accepting the reported amount is the incorrect decision and the probability of accepting the recorded amount is, thus, the risk of accepting a material misstatement. This risk of accepting a material misstatement is the effectiveness risk. The correct decision is to reject the reported amount when there is a material misstatement, and this equals one minus the probability of accepting the reported amount when there is a material misstatement, or one minus effectiveness risk. To recap, efficiency risk can only occur when there is less than material misstatement, and efficiency risk equals one minus the probability of acceptance when there is less than material misstatement. On the other hand, effectiveness risk can only take place when there is a material misstatement, and effectiveness risk equals the probability of acceptance of the recorded amount when there is material misstatement. (Due to rounding errors in calculating values for the tables given later, it is more convenient to say “accept up to and including” exactly material errors, and reject anything, even if just a penny, above it. That is the mathematical treatment, and the auditor should of course qualitatively re-evaluate all such situations.) Another important thing to note is that as error increases, the probability of acceptance decreases, and, therefore, effectiveness risk decreases. The maximum effectiveness risk is thus at the smallest amount of material misstatement, which is at the point MM itself; that is, maximum effectiveness risk is at MM. Hence, if the auditor controls effectiveness risk at a specified level at MM, he or she automatically controls it at a lower level for errors greater than MM. This is not true for efficiency risk, however. An analysis of Exhibit 10B–1 should make clear that as the probability of acceptance decreases with increasing errors in the immaterial error range, efficiency risk is increasing. Maximum efficiency risk therefore occurs at just below MM and equals (at the limit) one minus effectiveness risk at MM. For a numerical example, assume effectiveness risk is controlled at 0.05. Then we know that maximum efficiency risk is 1 − 0.05 = 0.95. In practice, efficiency risk is usually controlled only at zero errors by controlling efficiency risk at its minimum level. Note that this concept of risk control is completely different from that of effectiveness risk control, which is always done via the effectiveness risk’s maximum value.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-5
The difference between behaviours of the two sampling risks and the different concepts of control of efficiency and effectiveness risks have important implications for auditors. First, note that it is a very good thing that we can control effectiveness risk at its maximum! This is because effectiveness risk is the more important risk for auditors. It is so important that some people characterize the reason for the existence of the audit profession as being to control effectiveness risk. If auditors do not detect material misstatements in financial statements, then who will? Thus, effectiveness risk can be said to relate to audit effectiveness. Note also that effectiveness risk is very treacherous. This is so because the auditor has no idea that an effectiveness-type incorrect decision is being made. The sample evidence gives no indication that the amount of misstatement is material. The only way to control effectiveness risk is by planning for it in advance during the sample planning stage of the audit. In statistical sampling formulas, this is done through the calculation of the sample size using a planned precision for the test, similar to the polling example discussed in the chapter. More illustrations will be provided later in this appendix. The consequences of an efficiency-type error are much less dire for the auditor but could be important nevertheless. The auditor is aware that there may be a problem because by rejecting a sample result, there is either a material misstatement or an efficiency error. At this point, auditors have several options: (a) review evidence of related tests, (b) expand audit work by increasing the sample size of the test and related procedures (the audit risk model can assist in this task), (c) ask for an adjustment of the recorded amount of the population so that the estimated probability of material misstatement is reduced to an acceptable amount, or (d) perhaps modify the audit opinion based on the test results. The appropriate action, again, depends on professional judgment and the circumstances. The auditor should, however, be prepared to give good reasons for the decision. Generally, an efficiency-type incorrect decision increases the amount of audit work unnecessarily, and thus it is characterized as an audit efficiency error. There is more complete discussion of auditor options at various stages of the audit later in the appendix.
Positive and Negative Approaches and Confidence Level In the statistical literature, there is frequent reference to the concept of the confidence level of a statistical test. How does this relate to efficiency and effectiveness risks as used in auditing? The answer depends on a number of things, such as the way the hypothesis tests are constructed. Confidence level is related to the primary or null hypothesis of the test. Specifically, confidence level equals one minus the risk of rejecting the null hypothesis when it is true. Thus, confidence level depends on the null hypothesis used. In auditing, a distinctive statistical terminology has evolved over the years: if hypothesis 1 is the null hypothesis, then we are using the negative approach to hypothesis testing, and if hypothesis 2 is the null hypothesis, then we are using the positive approach to hypothesis testing. Under the negative approach, confidence level equals one minus effectiveness risk, while under the positive approach, confidence level equals one minus efficiency risk. The negative approach is the more important and common approach in auditing. Most important is that the effectiveness risk is controlled by selecting the appropriate confidence level, since confidence level equals one minus effectiveness risk. This also means that the confidence level is aligned with the assurance level provided by the test. This can be seen by noting that effectiveness risk is very similar to the definitions of the audit risk model and its various component risks. This aspect of the audit risk model is further discussed in the Application Case for this appendix. The negative approach is normally used to statistically test internal controls. In particular, it underlies all attribute sampling tables and formulas. MUS, discussed later in the appendix, always uses the negative approach. On the other hand, the positive approach frequently underlies formulas using the normal distribution assumption. The consequences of this are briefly discussed at the end of the appendix. Because of its simplicity and straightforward relationship to audit objectives, the negative approach is used throughout the remainder of the appendix. However, it should be noted that the positive approach is much more important in the
WWW.TEX-CETERA.COM
10B-6
PART 2
Basic Auditing Concepts and Techniques
sciences, and, in particular, the efficiency risk, when associated with the null hypothesis of “no difference,” is the more important risk of the sciences. Thus, your statistics course may have used a positive approach, and so within that course confidence level equals one minus efficiency risk. Under the positive approach, there is a less-straightforward relationship between assurance, as the auditor uses that term, and the confidence level. Hence, under the positive approach the auditor needs to make adjustments to the confidence level in determining the assurance level provided by the statistical test. These adjustments are particularly important if the statistical test is to be used with the audit risk model. If we use the negative approach, then the effectiveness risk is controlled directly through the confidence level, as discussed above. But then, how is efficiency risk controlled using the negative approach? The first thing to remember is that efficiency risk cannot be “controlled” the same way that effectiveness risk is controlled (at effectiveness risk’s maximum level). As discussed above, you can only “control” efficiency risk at its minimum value. This is true regardless of whether the positive or negative approach is used. With the formulas we use, this minimum efficiency risk is zero. Under the negative approach, the way to reduce efficiency risk throughout its range is to use a sample size that is bigger than the minimum for the confidence level of the test. Remember that under the negative approach, confidence level equals one minus effectiveness risk, so you are already controlling effectiveness risk once you set the confidence level. Any audit plan that wants to reduce efficiency risk across the entire efficiency risk range needs to do so by increasing the sample size beyond that of the minimum for the stated confidence level. This is illustrated in the end-ofappendix discussion case and discussed in more detail later in this appendix.
Effect of Changing the Sample Size under the Negative Approach Under the negative approach, confidence level (CL) = 1 − effectiveness risk. Under some interpretations, auditors can equate the confidence level with audit assurance, and so these auditors work with assurance or confidence factors rather than risk factors. The underlying principles remain essentially the same, however, whether the auditor works with risk or confidence levels. What if the auditor varies the sample size while keeping the confidence level constant? Exhibit 10B–2 illustrates what happens: curve A is the probability of acceptance with the smallest sample size possible for given effectiveness risk, curve B results from using twice the curve A sample size, and curve C results from four times the curve A sample size, whereas curve D represents a “perfect acceptance curve” with no sampling risk. Curve D occurs when a population is examined 100%. From Exhibit 10B–2, it is evident that if confidence level (and thus effectiveness risk, under the negative approach) and material misstatement (MM) are held constant while changing the sample size, it is the efficiency risk that changes with the sample size—specifically, efficiency risk is reduced throughout its range when the sample size is increased, and vice versa. This illustrates that if the auditor wishes to reduce efficiency risk while keeping effectiveness risk and MM unchanged, then a larger sample size needs to be used. In fact, if any one of efficiency risk, effectiveness risk, and MM were to be reduced, sample size would need to be increased, and vice versa. Curve A reflects the acceptance curve with the smallest sample size possible with MUS for a given effectiveness risk (1 – CL). This smallest sample size is called a discovery sample. If the auditor wishes to control efficiency risk to a lower level than indicated by curve A, the sample size should be increased, while keeping the planned precision and confidence level fixed. Sample size increases in practice are normally implemented through formulas by one of two major approaches: (1) increase the number of errors to be accepted by the sample, or (2) increase the planned expected error rate in computing the sample size. The second approach is the one suggested in CAS 530. This approach also helps explain the concept of performance materiality in Chapter 5 and CAS 530. If the smaller performance materiality is used in planning a sample size but the overall (or specific) materiality of Chapter 5 is used to evaluate the sample results, then the effect is
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-7
EXHIBIT 10B–2
Acceptance Curves for Monetary-Unit Sampling
Probability of accepting book value
MUS curve D 1.0 0.95 0.90 0.85 0.80 0.75
MUS curve C
MUS curve B
0.5
MUS curve A
0.0
0.25MM
0.50MM
0.75MM
1.00MM
Efficiency risk range
1.25MM
1.5MM
Effectiveness risk range
to reduce efficiency risk over its entire range. This is illustrated in Exhibit 10B–1. The auditor gets something for the increased sample size (increased work), and since confidence level (and, therefore, effectiveness risk, under the negative approach) is held fixed, the increased sample size reduces efficiency risk over most of its range. The calculations are illustrated in the Application Case in Chapter 10. Sometimes, a combination of the two approaches is used to compute the sample size. More-rigorous methods are available for controlling efficiency risk for an explicit number of expected errors, but we will not cover these methods here, because the additional complexity does not change the nature of the basic judgments that must be made and the necessary cost-benefit trade-offs that are required. The concepts of effectiveness risk, efficiency risk, and their relationship to confidence level described here apply with some modification to all statistical procedures. In this sense they are very general. Auditors have developed their own terminology for the risks associated with different audit procedures. As we review various statistical procedures, we will identify new risk terms associated with these procedures, but we will see that for the most part these risks relate to the more important sampling risk in auditing, that of effectiveness risk. It should also be noted that these acceptance curves are not the same as probability distributions that you may be familiar with from your statistics courses. Probability distributions measure the probability of various risks by calculating areas under the curve (e.g., the normal probability distribution). The acceptance curves that we have discussed here represent the probabilities as the vertical distance from the curve to the horizontal axis (representing the probability of one or zero, respectively). Acceptance curves make it easier to visualize the sampling risks for different amounts of errors. Acceptance curves are a type of what statisticians call power curve, where the shape of the power curve varies, like the confidence level, with the null hypothesis. Finally, to better appreciate how uncertainty about sampling risk can be eliminated by 100% testing, take a close look at Exhibit 10B–2. In particular notice the rectangle in that figure. Under 100% sampling
WWW.TEX-CETERA.COM
10B-8
PART 2
Basic Auditing Concepts and Techniques
the vertical part of the rectangle drops at exactly 1.00MM. This mean that even one penny above MM the probability of acceptance drops to zero, meaning the effectiveness risk is zero at MM. The rectangle also means that just to the left of (i.e., below) MM the probability of acceptance is exactly one (meaning there is no efficiency risk). Thus, with no sampling risk the auditor always accepts the recorded amount at or below MM and rejects just above MM. In other words, the auditor can perfectly distinguish between the material and immaterial amount of error with 100% testing. This is something one would expect with perfect knowledge of the population. But, logically, the perfect rectangular acceptance curve occurs only with the negative testing approach to hypothesis testing. Under the positive approach to hypothesis testing, perfect knowledge represented by 100% testing would mean the auditor accepts only the zero errors null hypothesis and rejects all non-zero errors. This follows from the different logics underlying the two testing approaches and illustrates that the negative approach is more consistent with the logic of auditing.
Part II: Test of Controls with Attribute Sampling Risk and Rate Quantifications The quantification of sampling risk is an exercise of professional judgment. When using statistical sampling methods, auditors must quantify the two risks of decision error. The risk of assessing control risk too low is generally considered more important than the risk of assessing control risk too high. Auditors must also exercise professional judgment to determine the extent of deviation allowable (tolerable rate) in assessing control risk.
Tolerable Deviation Rate: A Professional Judgment Auditors should have an idea about the correspondence of rates of deviation in the population with control risk assessments. Perfect control compliance is not necessary, so the question is what rate of deviation in the population signals control risk of 10%, 20%, or 30%, and so forth, up to 100%? To answer this question, you need to relate material misstatement of an account to a tolerable deviation rate for the control procedures affecting that account. Assume that a material dollar misstatement of $30,000 is used in planning the audit of accounts receivable for possible overstatement. This amount is relevant to the audit of control over sales transactions because uncorrected errors in sales transactions misstate the financial statements by remaining uncorrected in the accounts receivable balance. In other words, we test the controls over sales transaction processing in order to determine the control risk relevant to our audit of the accounts receivable balance. Therefore, if sales transactions are in error by $30,000 or more, the accounts receivable balance may be materially misstated. However, a deviation in a sales transaction (e.g., one unsupported by shipping documents) does not necessarily mean the transaction amount is totally in error. After all, missing paperwork may be the only problem. Perhaps a better example is a mathematical accuracy deviation; if a sales invoice is computed incorrectly to charge the customer $2,000 instead of $1,800, there is a 100% control deviation (the inaccuracy), but it does not describe a 100% dollar error. Therefore, more than $30,000 in sales transactions can be “exposed” to control deviation without generating a $30,000 error in the sales and the accounts receivable balances. This “exposure” is sometimes called the smoke/fire concept, meaning that there can be more exposure to error (smoke) than actual error (fire), just as in a conflagration.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-9
Smoke/fire thinking produces a multiplier to apply to the tolerable dollar misstatement assigned to the account balance, $30,000 in our example. We know that a multiplier of 1 is not reasonable (i.e., $30,000 on invoices with deviations produces $30,000 of misstatement in the accounts receivable), and a multiplier of 100 or 200 is probably also not reasonable (too large). Some auditors say a multiplier of 3 is reasonable, having no other basis than a mild conservatism. Some public accounting firms have sampling policies with implicit multipliers that range from 3 to 14. A multiplier of 3 has the practical effect of producing the conclusion that $90,000 on sales invoices could be exposed to control deviations. If the total gross sales on all invoices is $8.5 million, the implied tolerable deviation rate is $90,000/$8.5 million = 0.0106, or approximately 1%. This 1% tolerable deviation rate now represents a theoretical anchor. It is the deviation rate that marks low control risk (say, 0.05 control risk). When this tolerable deviation rate seems too low for practical audit work, auditors can “accept” a higher tolerable rate. The only thing that happens is that auditors are implicitly saying that a higher control risk is ultimately satisfactory for the audit of the account balance. Higher tolerable rates signal greater control risk in this scheme of thinking, like the example in Exhibit 10B–3. The point in this demonstration of smoke/fire and tolerable-rate thinking is to show that tolerable rate is a decision criterion that helps auditors assess a control risk. The association of tolerable rates with different control risks is the important point. To achieve a low control risk assessment (e.g., 10%), the sample size of transactions will be very large, but the sample size required to obtain a moderate control risk assessment (e.g., 50%) can be much smaller. Therefore, sample size varies inversely with the tolerable rate—the lower the rate (and the lower the “desired control risk assessment”), the larger the sample size. Some auditors express the tolerable rate as a number (necessary for statistical calculations of sample size), while others do not put a number on it. The audit strategy is to think about the audit plan, including a consideration of the sample size of balances the team wants to audit. For example, Exhibit 10B–4, column 3, shows various numbers of customer accounts. Suppose the audit manager plans to select 107 for confirmation and other procedures. This decision suggests that control risk needs to be as good as 40% (Exhibit 10B–4, column 1), and the tolerable rate for this assessment is 8% (see Exhibit 10B–3). Thus, the auditors need to select a sample of sales transactions for test of controls audit sufficient to justify a decision about an 8% tolerable rate.
EXHIBIT 10B–3
Illustrative Control Risk and Tolerable Rate Relationships TOLERABLE RATE 1% (anchor) 2 4 6 8 10 12 14 16 18 20
CONTROL RISK 0.05 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0.80 0.90 1.00 →
Note: The tolerable rate increases 1 percentage point for each additional 0.05 control risk in this example.
WWW.TEX-CETERA.COM
CONTROL RISK
Low control risk
Moderate control risk
Control risk slightly below maximum Maximum control risk
10B-10
PART 2
Basic Auditing Concepts and Techniques
EXHIBIT 10B–4
Control Risk Influence on Substantive Balance-Audit Sample Size
CONTROL RISK CATEGORIES Low control risk
Moderate control risk
Control risk slightly below the maximum
Maximum control risk
(1) POSSIBLE CONTROL RISK ASSESSMENTS (CR)
(2) RELATED RISK OF INCORRECT ACCEPTANCE (RIA)*
(3) NUMBER OF BALANCE ITEMS TO SELECT FOR SUBSTANTIVE AUDIT
0.10
0.50
51
0.20
0.25
81
0.30
0.167
96
0.40
0.125
107
0.50
0.10
117
0.60
0.083
125
0.70
0.071
130
0.80
0.0625
136
0.90 1.00
0.0556
140
0.05
143
*Assuming AR = 0.05, IR = 1.0, AP = 1.0. Therefore, RIA = 0.05/(1.0 × CR × 1.0).
Risk of Erroneous Control Risk Assessments: Another Professional Judgment Assessing control risk too low causes auditors to rely on control too much (overreliance) and audit the related account balances less than is necessary. The risk in “risk of assessing control risk too low” relates to the effect of the erroneous control evaluation. This effect is produced in the substantive audit by influencing the sample size for auditing the account balances related to the controls being evaluated. Internal control is evaluated, and control risk is assessed on the environment, the accounting system, and the client control procedures related to particular account balances. For example, auditors will evaluate control over the processing of sales and cash receipts transactions because these are the transactions that produce the debits and credits to the customer accounts receivable. Some other examples are shown in Exhibit 10B–5. The ultimate purpose of the control risk assessment is to decide how much work to do when auditing the general ledger accounts—for example, cash accounts receivable, inventory, sales revenue, and expenses. The question of “how much work” relates directly to the sample size of the general ledger account details to audit—for example, how many bank accounts to reconcile, how many customer accounts receivable to confirm, and how many inventory items to count and recalculate for correct costing. The control risk assessment provides supporting information for the balance-audit work. We will proceed, using the audit of accounts receivable as an occasional example. When planning the audit of the accounts receivable balance, auditors make judgments and estimates of the overall risk of failing to detect material misstatements in the balance (AR, audit risk, related to the receivables audit), the probability that errors entered the accounts (IR, inherent risk), and the effectiveness of their analytical procedures for detecting material errors in the receivables (APR, analytical procedures risk). At this stage, the remaining elements of the risk model are the control risk (CR) and the substantive sample risk of incorrect acceptance (RIA). The internal control evaluation task is directed at assessing the control risk, and the risk of incorrect acceptance is then derived using the expanded risk model RIA = AR/(IR × CR × APR). As the acronym indicates, RIA is the same as effectiveness risk, discussed earlier and in Chapter 10.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-11
EXHIBIT 10B–5
Examples of Classes of Transactions Flowing into General Ledger Balances Classes of transactions: Test of controls populations
Transaction processing
General ledger accounts: Substantive balance auditing
Cash
Cash payments
Accounts receivable Cash receipts
Internal control structure • Environment • Accounting system
Credit sales
• Control procedures
Sales revenue Accounts payable Inventory
Purchases Expenses
Since control risk is the probability that the client’s controls will fail to detect material misstatements, provided any enter the accounting system in the first place, control risk itself can take on values ranging from very low probability (say, 0.10) to maximum probability (1.0). Using the audit risk model (AuG-7: Applying Materiality and Audit Risk Concepts in Conducting an Audit), there exists a risk of incorrect acceptance (also known in the literature as “test of details risk”) for every possible control risk assessment. These risks of incorrect acceptance affect the sample sizes for the substantive audit work on the account balances. Exhibit 10B–4 shows a range of possible control risk assessments in column 1. To their left are some labels commonly used in public accounting practice. (Public accounting firms deal with a few control risk categories instead of a full range of control risk probabilities.1) Column 2 contains the risks of incorrect acceptance (RIA) derived from the audit risk model for the balance-audit substantive sample, and column 3 shows the substantive sample sizes based on these risks of incorrect acceptance. The sample sizes in column 3 are the substantive balance-audit sample sizes (e.g., number of customer accounts, number of inventory items), not the test of controls samples. (The actual calculation of these substantive sample sizes is explained later in this appendix.) These relationships are evident in Exhibit 10B–4: (1) For higher control risk, the related risk of incorrect acceptance is lower; (2) for lower risks of incorrect acceptance, the substantive samples are larger; and (3) therefore, the higher the control risk, the larger the substantive sample size required for the audit of the related balance sheet account. These are the relationships suggested by the second examination standard—that is, the control structure and the assessment of control risk need to be understood to plan the nature, timing, and extent of substantive tests to be performed. Erroneous decisions leading to assessing control risk too high should also be avoided in the interest of audit efficiency. For the following explanation, you need to be introduced to the concept of the UEL. The UEL is a statistical estimate of the population deviation rate computed from the test of controls sample evidence. It consists of the actual sample deviation rate (number of deviations found in the sample divided by the test of controls sample size) plus a statistical allowance for sampling error. The UEL is similar to the upper confidence limit of a statistical confidence interval. (You probably studied confidence intervals in your statistics course.) It is used in statistical evaluation of test of controls sample results as the estimate of the population deviation rate. It is compared with the tolerable deviation rate when auditors assess the control risk.
WWW.TEX-CETERA.COM
10B-12
PART 2
Basic Auditing Concepts and Techniques
If the number of deviations in a test of controls sample causes the UEL to be higher than the tolerable deviation rate, when the population deviation rate is actually equal to or lower than the tolerable deviation rate, the auditors may assess control risk too high. This causes them to perform more-substantive audit work on the related account balance than they would have performed had they obtained better information about the control risk. Conversely, if achieved sample UEL is too low (specifically, below tolerable error), the auditor may assess control risk too low. This causes the auditor to do less-substantive audit work on the related account balance than would have been performed had he or she obtained better information on the control risk. This is a much more serious risk for the auditor because it ultimately relates to audit effectiveness. Note also that since this risk adversely affects the auditor’s ability to detect material misstatement, assessing control risk too low is the effectiveness risk associated with tests of control. Public accounting firms frequently use a risk of assessing control risk too low of 10%. This is a rather arbitrary policy that eases the burden of the number of judgments auditors need to make. The implication is that auditors are willing to take a 1 in 10 chance of assessing control risk too low and suffering the consequences of auditing a substantive sample smaller than they would have audited had the decision error not been made. However, less arbitrary methods can be devised that link control risk misassessments to the extent of substantive testing of details. These refined methods are not discussed here.
Review Checkpoints 10B-1 If inherent risk (IR) is assessed as 0.90 and the detection risk (DR) implicit in an audit plan is 0.10, what audit risk (AR) is implied when the assessed level of control risk is each of 0.10, 0.50, 0.70, 0.90, and 1.0? 10B-2 What general considerations are important when an auditor decides on an acceptable risk of assessing control too high? 10B-3 What general considerations are important when an auditor decides on an acceptable risk of assessing control risk too low? 10B-4 What is the probability of finding one or more deviations in a sample of 100 if the population deviation rate is actually 2%? 10B-5 What is the probability of finding one or more deviations in a sample of 100 units if the deviation rate in the population is only 0.5%? 10B-6 What is the connection between possible assessments of control risk and a judgment about tolerable rate, both considered prior to performing test of controls audit procedures? 10B-7 What is the connection between material dollar misstatement assigned for the substantive audit of a balance and tolerable deviation rate used in a test of controls sample? 10B-8 What professional judgment and estimation decisions must be made by auditors when applying statistical sampling in test of controls audit work?
Sample Size Determination As noted in the introduction to this appendix, we will use the simplest formulas and tables to plan and evaluate statistical sampling in auditing. These formulas are based on MUS theory. One of the advantages of MUS is that the same formula and tables can be used for planning sample sizes for tests of
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-13
controls (attribute sampling) and substantive tests of details. The key formula is R = nP. Solving for n in this formula, n = R/P, yields the sample size that would be used with MUS. In this formula, R is the (effectiveness) risk factor or, equivalently, the confidence level factor; P is the precision; and n is the sample size. This same formula is used for sample planning and evaluation—if the formula is used to solve for n, then it is being used for sample planning; if the formula is used to solve for P, then it is being used for sample evaluation. The risk level factor, R, is unique for each combination of risk level (or, equivalently, confidence level) and number of errors. Since we are using the negative approach, confidence level = 1 − effectiveness risk. The less-serious efficiency risks are frequently controlled indirectly in practice through the number of errors that are considered acceptable. For a given RIA and MM, the greater the number of errors to be considered acceptable by a sample, the greater the sample size required (and, as discussed earlier, the lower the efficiency risk). In case you are interested, R is the mean of a Poisson distribution with a Poisson process that captures the essence of the attributes sampling distribution underlying MUS theory. Here we are using the Poisson distribution to approximate the binomial or hypergeometric distributions that underlie the attribute sampling theory that forms the basis for statistical tests of controls. This approximation is quite good for most audit applications, so we can exploit the simplifications possible with the Poisson distribution. P stands for precision and is referred to as planned precision at the sample determination stage. In tests of controls, P is tolerable error or some fraction of it at the sample determination stage. P is also referred to as the planned UEL at the sample determination stage. The auditor must use professional judgment in specifying the number of errors, RIA, and P in planning sample sizes for tests of controls using the formula and the R value tables at the back of this appendix. Note that the R value tables are based on effectiveness risk values = 1 − confidence levels. To illustrate the calculation of sample size for tests of controls, assume the following: 1. Your risk of assessing control risk too low is 1%. That is, effectiveness risk for tests of controls is 1%. 2. Your tolerable rate is 6%. That is, the P value in the formula is 6% = 0.06.
3. Your expected population deviation rate is zero, so we expect zero errors in the sample.
4. Your sample size is 77 calculated using the formula R = nP and the R value tables as follows (to be
conservative, always round up to the nearest integer):
Sample size = n =
R P
=
Poisson risk factor for zero errors and effectiveness risk of 0.01 tolerable deviation rate
=
4.61 0.06
= 77
The sample sizes using the formula are reliable in that they closely approximate but do not understate the sample sizes necessary to achieve audit objectives. (This is because the Poisson is a conservative approximation of the binomial and hypergeometric distributions on which attribute sampling is based.) However, since it is much easier to work with the Poisson table of R values, we will base all our calculations on the R value tables. We can now also illustrate control of efficiency risk. If we wish to reduce efficiency risk, one method is to use a higher number of errors—that is, let errors = 1 in the R value tables and all else in the illustration remain unchanged. Then sample size (n) = 6.64/0.06 = 111. Be sure you can confirm this using the formula and the R value tables. Since effectiveness risk is still the same (1%) and so is tolerable deviation rate (6%), what we get for the increased sample size is a reduction in efficiency risk (as illustrated in Exhibit 10B–2). The auditor can make this efficiency risk control explicit by using more-complex formulas, but most firms follow a policy of controlling efficiency risk indirectly, based on subjectively estimating the number of errors or by using a planned precision P that is less than the tolerable deviation rate.
WWW.TEX-CETERA.COM
10B-14
PART 2
Basic Auditing Concepts and Techniques
The effect of using a lower planned precision in sample determination can also be illustrated. Let us assume the auditor uses a planned precision of 3% rather than the tolerable error rate of 6%. Now we get a sample size n = 4.61/0.03 = 154. Again, effectiveness risk is 1% and tolerable error rate is still 6% (it will be used in the sample evaluation decision rule for deciding if the sample error rate is acceptable), so that what the auditor obtains with the increased sample size is, again, a reduction in efficiency risk. A common way to reduce the planned precision from what is material or tolerable is to subtract the expected error rate from the material or tolerable error rate. For example, if the tolerable rate is 0.06 and the expected error rate is 0.03, then planned precision is 0.06 − 0.03 = 0.03. This is the main reason for considering the expected error rate in the audit under MUS. The expected error rate reduces the planned precision, thereby increasing the sample size and reducing the efficiency risks. This is true for either tests of controls or substantive tests of balances. Since sample size can be increased to virtually any amount, most audit firms put a restriction on planned precision by not letting it get below one half the tolerable deviation rate.
Review Checkpoints 10B-9
What facts, estimates, and judgments do you need to figure a test of controls sample size using the R value tables? What other relevant judgment is not used?
10B-10 Test yourself to see whether you can get the sample size of 87 from the R value table with these specifications: effectiveness risk = 5%, tolerable deviation rate = 9%, expected errors = 3. 10B-11 What facts, estimates, and judgments do you need to figure a test of controls sample size using the R value tables and Poisson risk factors? What other relevant judgment is not used? 10B-12 Test yourself to see whether you can get the sample size of 70 using the Poisson risk factor equation with these specifications: effectiveness risk = 5%, tolerable deviation rate = 9%, expected errors = 2.
More about Defining Populations: Stratification Auditors can be flexible when defining populations. Accounting populations are often skewed, meaning that much of the dollar value in a population is in a small number of population units. For example, the 80/20 rule is that 80% of the value tends to be in 20% of the units. Many inventory and accounts receivable populations have this skewness. Sales invoice, cash receipt, and cash payment populations may be skewed, but usually not as much as inventory and receivables balances. Theoretically, a company’s control procedures should apply to small-dollar as well as to large-dollar transactions. Nevertheless, many auditors believe that evidential matter is better when more dollars are covered in the test of controls part of the audit. This inclination can be accommodated in a sampling plan by subdividing (stratifying) a population according to a relevant characteristic of interest. For example, sales transactions might be subdivided into foreign and domestic, accounts receivable might be subdivided into sets of customers with balances of $5,000 or more and those with smaller balances, and payroll transactions might be subdivided into supervisory (salaried) and hourly payroll. Nothing is wrong with this kind of stratification. However, you must remember that (1) an audit conclusion based on a sample applies only to the population from which the sample was drawn and (2) the sample should be representative—random for statistical sampling. If 10,000 invoices represent 2,000 foreign sales and 8,000 domestic sales, and you want to subdivide the population this way, you will have two
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-15
populations. You can establish decision criteria of acceptable risk of assessing control risk too low and tolerable deviation rate for each population. You can also estimate an expected population deviation rate for each one. Suppose your specifications are these: FOREIGN
DOMESTIC
Risk of assessing control risk too low
5%
10%
Tolerable deviation rate
5
5
Expected population deviation rate
2
1
100
58
Then, sample size (R value tables; assume P is adjusted for expected error rate, e.g., foreign P = 0.05 – 0.02 = 0.03) is
You can evaluate each sample separately using the appropriate risk of assessing control risk too low, or you can combine the sample. To combine the sample sizes effectively, you would have to make the most conservative assumptions among the strata objectives. In the illustration, this means using an overall combined risk of assessing control risk too low of 10% and an expected combined population (strata) deviation rate of 1% so that both efficiency and effectiveness risks are at the lower of the two sample sizes. Interestingly, if the population had not been stratified but treated as one population of 10,000 invoices, and the criteria had been effectiveness risk = 10%, tolerable deviation rate = 5%, and expected error rate = 1%, the sample size would be 58. Subdividing in two a population subject to test of controls sampling has the practical effect of doubling the extent of sampling. This is the price we pay for being able to make separate statistical statements about each stratum—the audit issue becomes: how important is it to evaluate the strata separately?
A Little More about Sampling-Unit Selection Methods Audit sampling can be wrecked on the shoals of auditors’ impatience. Planning an imaginative selection method takes a little time, and auditors are sometimes in a big hurry to grab some units and audit them. A little imagination goes a long way. For example, suppose an auditor of a newspaper publishing client needs to audit the controls over the completeness of billings—specifically, the control procedure designed to ensure that customers were billed for classified ads printed in the paper. You have probably seen classified ad sections, so you likely know they consist of different-size ads, and you know that ad volume is greater on weekends than on weekdays. How can you get a random sample that can be considered representative of the printed ads? The physical frame of printed ads defines the population. You probably cannot obtain a population count (size) of the number of ads. However, you know that the paper was printed on 365 days of the year, and the ad manager can probably show you a record of the number of pages of classified ads printed each day. Using this information, you can determine the number of ad pages for the year, say, 5,000. For a sample of 100 ads, you can choose 100 random numbers between 1 and 5,000 to obtain a random page. Then, you can choose a random number between 1 and 10 to identify one of the 10 columns on the page, and another random number between 1 and 500 (the number of lines on a page). The column-line coordinate identifies any ad on the random day. (This method approximates randomness, because larger ads are more likely to be chosen than smaller ads. In fact, the selection method probably approximates a sample selection stratified by the size of the ads.) You can judge the representativeness by noticing the size of the ads selected. Also, since you will know the number of Friday-Saturday-Sunday pages (say, 70% of the total, or 3,500 pages), you can expect about 70 of the ads to come from weekend days.
WWW.TEX-CETERA.COM
10B-16
PART 2
Basic Auditing Concepts and Techniques
Random Number Table The most accurate, although also most time-consuming, sampling unit selection device is a table of random digits, as in the one at the back of this appendix. This table contains rows and columns of digits from 0 to 9 in random order. When items in the population are associated with numbers in the table, the choice of a random number amounts to the choice of a sampling unit, and the resulting sample is random. Such a sample is called an unrestricted random sample. For example, in a population of 10,000 sales invoices, assume the first invoice in the year was 32071 and the last one was 42070. By obtaining a random start in the table and proceeding systematically through it, 100 invoices may be selected for audit.2 Assume that a random start is obtained at the five-digit number in the second row, 50th column— number 29094—and that the reading path in the table is down to the bottom of the column, then to the top of the next column, and so on. The first usable number and first invoice is 40807, the second is 32146, and so forth. Note that several of the random numbers were skipped because they did not correspond to the invoice number sequence.3 A page of random digits like the one at the back of this appendix can be annotated and made into your sample selection working paper to document the selection, as shown in Exhibit 10B–6.
Systematic Random Selection Another selection method commonly used in auditing because of its simplicity and relative ease of application is systematic random selection. This method is employed when direct association of the population with random numbers is cumbersome. Systematic selection consists of (a) dividing the population size by the sample size, obtaining a quotient k (a “skip interval”); (b) obtaining a random start in the population file; and (c) selecting every kth unit for the sample. A file of credit records is a good example. These may be filed alphabetically with no numbering system. Therefore, to select 50 from a population of 5,000, first find k = 5,000/50 = 100, then obtain a random start in the first 100 of the set of physical files, and pull out every 100th one thereafter, progressing systematically to the end of the file and returning to the beginning of the file to complete the selection. This method only approximates randomness, but the approximation can be improved by taking more than one random start in the process of selection. When more than one start is used, the interval k is changed. For example, if five starts are used, then every 500th item is selected. Five random starts give you five systematic passes through the population, and each pass produces 10 sampling items, for a total of 50. Auditors usually require five or more random starts. You can see that when the number of random starts equals the predetermined sample size, the “systematic” method becomes the same as the unrestricted random selection method. Multiple random starts are a good idea because a population may have a nonrandom order that could be embedded in a single-start systematic method.
Computerized Selection Most audit organizations have computerized random number generators available to cut short the drudgery of poring over printed random number tables. Such routines can print a tailored series of numbers with relatively brief turnaround time. Even so, some planning is required, and knowledge of how a random number table works is useful.
unrestricted random sample: sample obtained by means of unrestricted random selection
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-17
EXHIBIT 10B–6 Index
Prepared by Reviewed by
Kingston Company Random Selection of Sales Invoices Dec. 31, 20X2 Population: 10,000 invoices numbered 32701–42070. Method: unrestricted selection of 5-digit random invoice numbers. Random Start: 32942 07410 59 9 81 4 6 251 65558
95 4 16 99859 6815 5 25437 51 904
42339 83828 45673 69654 931 23
59045 214 09 762 10 9 9 71 6 27887
26693 29094 5821 9 1 1 5 63 5 3138
49057 65 1 1 4 45738 08803 2 1 4 88
87496 36701 29550 86027 09095
20624 25762 24736 51 8 67 78777
1 4819 12827 09574 12 1 1 6 71240
99187 35641 1 4 031 60677 6 6314
192 58 00301 00936 1 5076 05212
86421 16096 81 5 18 92554 67859
1 6 401 34775 48440 26042 8 9356
1 9 397 21 5 62 02 218 23472 20056
83297 97983 04756 69869 30648
4 011 1 45040 1 9506 62877 87349
49326 19200 60695 19584 20389
8 1686 16383 88494 39576 53805
20416 28701 74579 62615 93945
87410 56992 33844 52342 06293
75646 70423 33426 82968 22879
64 1 76 624 1 5 07570 75540 0 8 161
82752 40807 00728 80045 0 1 442
63606 98086 07079 53069 75071
3 70 1 1 58850 1 9322 20665 21427
57346 28968 56325 21 282 94842
69512 45297 84819 07768 26210
75689 02921 1 4295 05303 57071
76 1 3 1 1 6 91 9 34969 9 1 1 09 90357
96837 35424 1 4 2 16 82403 12 9 01
67450 93209 0 3 1 91 4 0 312 08899
4 4 51 1 5 21 33 61 64 7 6 2 19 1 9 1 039
50424 87327 30296 67023 672 5 1
82848 95897 66667 90073 28701
41975 6 5 1 71 10 10 1 83205 03846
716 63 20376 63203 71344 94589
78471 89242 14 955 42446 1 8534
577 41 79337 59 592 41 880 22346
135 99 59293 97035 3741 5 54556
84390 47481 80430 47472 17 558
3214 6 07740 87220 04 51 3 73689
00871 43345 06392 49494 1 4894
09354 25716 79028 08860 05030
22745 70020 5 7123 08038 1 95 6 1
65806 54005 52872 43624 56 517
Selection path: down each column to bottom, top next right column, then to top of column at left Sampling unit selection.
Danger in Systematic Selection Western Products Company has a stable payroll of 50 hourly employees, paid weekly, for a total of 2,600 pay transactions in the year under audit. The auditors decided to select a systematic sample of 104 paycheques for detail test of controls audit procedures. The skip interval was k = 2,600/104 = 25. The auditors carefully chose a random start in the first week at 3 on the payroll register (Wyatt Earp) and selected every 25th payroll entry thereafter. They got 52 entries for Wyatt Earp and 52 entries for Bat Masterson. The audit manager was disgusted over the failure to get a representative sample!
You can also use random number generators in popular electronic spreadsheet programs, like Microsoft Excel. The RAND function in Excel generates a list of random numbers in a desired range. A custom list using an electronic spreadsheet or another random number generator can eliminate the problem of numerous discards (unusable numbers) that is encountered when a printed random number table is used. (Note the numerous discards skipped in the procedure shown in Exhibit 10B–6.)
WWW.TEX-CETERA.COM
10B-18
PART 2
Basic Auditing Concepts and Techniques
Review Checkpoints 10B-13 When you subdivide a population into two populations for attribute sampling, how do the two samples compare to the one sample that would have been drawn if the population had not been subdivided? 10B-14 Are you required to use all five digits of a random number when you have a random number table, such as the one at the end of this appendix? 10B-15 What steps are involved in selecting a sample using the systematic random selection method?
Statistical Evaluation To accomplish a statistical evaluation of test of controls audit evidence, you must know the tolerable rate and the acceptable effectiveness risk. These are your decision criteria—the standards for evaluation under the circumstances. You also need to know the size of the sample that was audited and the number of deviations. Now you can use the R value tables to make the evaluation. Again you use the Poisson risk factors in the R value tables, except now you use the R = nP formula to solve for P to get achieved precision = computed upper error limit = UEL: P = R/n. You already know n since you have already selected the sample; R is obtained from the R value tables with your knowledge of the number of errors found and planned effectiveness risk. For example, suppose you audited a sample of 90 sales transactions and found 2 of them without proper shipping documents. Previously, you had decided an effectiveness risk of 5% was appropriate. Using the formula above, UEL = Poisson risk factor for number of errors = effectiveness risk divided by sample size. For example, the Poisson risk factor for effectiveness risk = 5% and 2 errors (deviations) found in a sample is 6.30; thus, with a sample of 90, UEL = 6.30/90 = 0.07, or 7%.
Applying a Decision Rule After you calculate the UEL, you can compare it to your previously determined tolerable deviation rate and apply an appropriate decision rule. Note that you do not compare the computed UEL to the planned precision that you used in determining the sample size if the planned precision was less than the tolerable rate. As discussed earlier, the sole reason for using a planned precision less than tolerable is to control for efficiency risk through a larger sample size. In sample evaluation, the planned precision has no role to play because we use the achieved precision resulting from the actual sample results. A higher control risk assessment decision is not the same as a “rejection” decision. You can take the UEL derived from your sample and use it to assess the control risk. For example, assume you audited 30 sales transactions (tolerable deviation rate criterion of 8%, an effectiveness risk criterion of 10%, and an expectation of zero deviations) to try to evaluate control risk at 0.40 (see Exhibit 10B–3) and justify the audit of 107 customer accounts in the accounts receivable total (see Exhibit 10B–4). You can achieve this control risk assessment if you find no deviations in the sample of 30 transactions (see the R value tables). If you find one actual deviation in the sample of 30, your computed UEL is 14% (see the R value tables and use the formula), and according to the decision rule, you should not assess control risk at 0.40. However, you can take UEL = 14%, assess a higher control risk (0.70 according to Exhibit 10B–3), and audit a sample of 130 customer accounts, which is appropriate for control risk of 0.70, instead of the sample of 107 appropriate if control risk had been assessed at 0.40.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-19
Test of Controls Decision Rule If the computed UEL is less than your tolerable deviation rate, you can conclude that the population deviation rate is low enough to meet your tolerable rate decision criterion, and you can assess the control risk at the level associated with the tolerable deviation rate. (Alternatively, you can assess the control risk at the level associated with the UEL, or you can calculate a probability associated with the tolerable deviation rate based on the sample data.) If UEL exceeds your tolerable deviation rate, you can conclude that the population deviation rate may be higher than your decision criterion, and you should assess a higher control risk—for example, the control risk associated with the UEL.
The computed upper error limit is a statistical calculation that takes sampling error into account. You know that a sample deviation rate (number of actual deviations in the sample divided by sample size) cannot be expressed as the exact population deviation rate. According to common sense and statistical theory, the actual but unknown population rate might be lower or higher. Since auditors are mainly concerned with the risk of assessing control risk too low (because it relates to the more-serious effectiveness risk), the higher limit is calculated to show how high the estimated population deviation rate may be. Auditing standards tell you to “consider the risk that your sample deviation rate can be lower than your tolerable deviation rate for the population, even though the actual population rate exceeds the tolerable rate.” In statistical evaluation, you accomplish this consideration by holding the risk of assessing the control risk too low constant at the acceptable level while computing UEL and then comparing UEL to your tolerable deviation rate. In short, if achieved UEL > tolerable error for tests of controls, then reject reliance at planned level; otherwise, you can rely. How much reliance depends on the auditor’s judgment and the decision rule he or she uses. (Exhibit 10B–3 is an example of such a decision rule.)
Example of Satisfactory Results Suppose you selected 200 recorded sales invoices and vouched them to supporting shipping orders. You found no shipping orders for one invoice. When you followed up, no one could explain the missing documents, but nothing about the sampling unit appeared to indicate an intentional irregularity. You have already decided that a 10% risk of assessing control risk too low—that is, effectiveness risk for test of controls = 10%—and a 3% tolerable deviation rate, adequately define your decision criteria for the test of controls audit. Calculate UEL using the R = nP formula and the R value tables. From R = nP solve for P: P = R/n. From the R value tables find the appropriate value for R using effectiveness risk = 10% and 1 error: R = 3.89. So the calculated upper error limit = UEL = 3.89/200 = 1.945%. Audit conclusion: The probability is 10% that the population deviation rate is greater than 2%. This finding (UEL of 2%, less than tolerable rate of 3%) satisfies your decision criteria, and you can assess control risk as you had originally planned.
Example of Unsatisfactory Results The situation is the same as above, except you found four invoices with missing shipping orders. Now, P = R/n = 8/200 = 4% = computed upper error limit = UEL. Audit conclusion: The probability is 10% that the population deviation rate is greater than 4%. This UEL finding exceeds your tolerable rate criterion of 3%, and you ought to assess a higher control risk than you had originally planned.
WWW.TEX-CETERA.COM
10B-20
PART 2
Basic Auditing Concepts and Techniques
Discovery Sampling—Fishing for Fraud Discovery sampling is essentially another kind of sampling design directed toward a specific objective. However, discovery sampling statistics also offer an additional means of evaluating the sufficiency of audit evidence in the event that no deviations are found in a sample. A discovery sampling table is obtainable from the R value tables by simply reading the entries for the zero-errors line. That is, no errors are considered acceptable in the sample. As indicated in Exhibit 10B–1, this results in the highest efficiency risk over the range of immaterial errors. A discovery sampling plan deals with the following kind of question: If I believe some important kind of error or irregularity might exist in the records, what sample size will I have to audit to have assurance of finding at least one example? Ordinarily, discovery sampling is used to design procedures to search for such things as examples of forged cheques or intercompany sales improperly classified as sales to outside parties. However, discovery sampling may be used effectively whenever a low deviation rate is expected. Auditors must quantify a desired probability of at least one occurrence when the specified tolerable deviation rate occurs. In discovery sampling the tolerable deviation rate is frequently referred to as the critical rate of occurrence. Generally, the critical rate is very low because the deviation is something very sensitive and important, such as a sign of fraud. The probability in this case represents the desired probability of finding at least one occurrence (example of the deviation) in a sample. In the R value tables, you can read across the zero-errors column for the desired effectiveness risk (the effectiveness risk in the zero-errors row represents the probability of at least one occurrence), and critical rate is simply the P value in our formula: R = nP. To illustrate, suppose that in the test of controls audit of recorded sales, you are especially concerned about finding an example of a deviation of as few as 50 outright fictitious sales (intentional irregularities) existing in the population of 10,000 recorded invoices (a critical rate of 0.5%). Furthermore, suppose you want to achieve at least 0.99 probability (or, in percentage terms, 99% probability) of finding at least one. The R value tables and our formula indicate a required sample size of 922 recorded sales invoices, as follows: n = R/P = 4.61/0.005 = 922. If a sample of this size were audited and no fictitious sales were found, you could conclude that the actual rate of fictitious sales in the population was less than 0.5% with 0.99 probability of being right. This feature of discovery sampling evaluation provides the additional means of evaluating the sufficiency of audit evidence whenever an attribute sample turns up zero deviations. You can scan across the different effectiveness risk tables at the back of this appendix until you find an R value in the zero-errors row that comes just below the one associated with the lowest effectiveness risk. As an illustration, suppose 200 sales invoices were audited and no deviations of missing shipping orders were found. The R value tables show that if the population deviation rate is 2%, the probability of including at least 1 deviation in a sample of 200 is 0.98 (i.e., R = nP = 200 × 0.02 = 4—the highest R value in the zero-errors rows of the R value tables not exceeding 4 occurs with effectiveness risk = 0.02—the complement of this risk is the probability of finding more than zero errors). None were found, so, with 0.98 probability, you can believe that the occurrence rate of missing shipping orders is 2% or less.
Review Checkpoints 10B-16 What is the auditing interpretation of the sampling error–adjusted deviation rate (UEL)? 10B-17 What is the UEL for these data: sample size audited = 46, actual deviations found = 3, effectiveness risk = 35%? 10B-18 What is the proper interpretation of the probability in discovery sampling?
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-21
Putting It All Together To this point, you have learned some of the theoretical details about defining populations, perceiving control risk as a probability ranging from low (e.g., 0.10) to high (e.g., 1.0), using smoke/fire multiple thinking to determine an anchor tolerable deviation rate, and using tables and Poisson risk factor calculations to determine the test of controls sample size (n). You also learned about an assignment of successively higher tolerable deviation rates to successively higher control risks as a means of identifying each control risk level with a tolerable deviation rate. You also learned about the links that connect tests of controls sampling for control risk assessment to substantive sampling for the audit of an account balance. These links are (1) the smoke/fire multiplier judgment that relates tolerable dollar misstatement in the substantive balance-audit sample to the anchor tolerable deviation rate in the test of controls sample and (2) methods that relate an audit judgment of risk of incorrect acceptance for the substantive balance-audit sample to the risk of incorrect acceptance consequences of assessing control risk too low. There is one more link: (3) considering the cost of the substantive balance-audit sample to decide the test of controls sample size and the planned control risk assessment. The planned control risk assessment, with the emphasis on planned, is the auditors’ selection of a control risk level for which they want to justify a control risk assessment after completing the test of controls audit work. Conceptually, the auditor should pick that strategy of control testing combined with substantive tests of detail that minimizes total audit cost. This can be done formally through use of explicit cost assumptions or informally, for example, as in Exhibit 10B–3. Most firms use the informal approach, probably to facilitate implementation and a certain consistency and audit quality across all clients, and because cost estimates may not be that accurate.
Review Checkpoints 10B-19 What are the links that connect test of controls sample planning with substantive balance-audit sample planning? 10B-20 When you have several alternative test of controls sample sizes to choose from, how do you choose the one to audit?
Summary of Sampling for Tests of Controls Statistical sampling for attributes in test of controls auditing provides quantitative measures of deviation rates and risks of assessing control risk too low. The statistics support the auditors’ professional judgments involved in control risk assessment. The most important judgments are the numbers assigned to the tolerable rate of deviation, the risk of assessing control risk too low, and the risk of assessing control risk too high. With these specifications and an estimate of the deviation rate in the population, a preliminary sample size can be determined. However, nothing is magic about a predetermined sample size. It will turn out to be too few, just right, or too many, depending on the evidence produced by it and the control risk assessment supported by it. The easy part of attribute sampling is the statistical evaluation. The hard parts are (1) specifying the controls for audit and defining deviations, (2) quantifying the decision criteria, (3) using imagination to find a way to select a random sample, and (4) associating the quantitative evaluation with the assessment of control risk. The structure and formality of the steps involved in statistical sampling force auditors to plan the procedures exhaustively. The same structure and formality also contribute to good working paper
WWW.TEX-CETERA.COM
10B-22
PART 2
Basic Auditing Concepts and Techniques
documentation because they clearly identify the things that should be recorded in the working papers. Altogether, statistical sampling facilitates auditors’ plans, procedures, and evaluations of defensible evidence.
Part III: Audit of an Account Balance Most of the account balances that appear in financial statements consist of numerous subsidiary accounts, some more numerous than others. Many of these accounts may be audited with sampling methods—auditing less than 100% of the subsidiary accounts within a control account balance or financial statement total for the purpose of determining the fair presentation of one or more of the financial statement assertions. Some examples of such accounts are listed here: • Cash: Usually not audited by sampling because there are few accounts; might be sampled if a company
has a large number of bank accounts • Accounts receivable: Usually audited by sampling when there is a modest to large number of customers • Inventory: Usually audited by sampling when there is a modest to large number of different inventory
items • Fixed assets: Sampling sometimes used to audit numerous additions or an “inventory-taking” of fixed
assets • Accounts payable: Some sampling used, but normally a judgment sample for missing payables • Notes payable: Usually not audited by sampling because of small number
This short list and description of accounts, however, is not a description of relevant data populations for all assertions. For example, you would select a sample from the recorded accounts receivable to audit for the existence, rights, valuation, and presentation and disclosure assertions, but not for the completeness assertion. To audit for missing accounts receivable, the recorded ones are the wrong population! (A selection of shipping documents to determine whether receivables from customers had been recorded, or an audit of cash receipts in the period after year-end to detect receipts applicable to the prior year, could be proper samples for auditing for accounts receivable completeness.) Likewise, a selection of recorded accounts payable does not produce evidence of completeness of liabilities recordings. After all, the unrecorded liabilities are not in that population. (A selection of cash payments made after the yearend to identify ones applicable to year-end liabilities could be one proper sample for auditing for liability completeness.) The audit of an account balance with monetary-value sampling has a different objective than test of controls auditing with attribute sampling. Test of controls sampling has the main objective of producing evidence about the rate of deviation from company control procedures for the purpose of assessing the control risk. Measuring the monetary effect of control deviations is a secondary consideration. On the other hand, a test of an account balance has the objective of producing direct evidence of monetary amounts of error in the account. This is called monetary-value sampling to indicate that the important unit of measure is a monetary amount (such as dollars, pennies, renminbi, euros, or yen). Sometimes, monetary-value sampling is called variables sampling just to distinguish it from attributes sampling and the control risk assessment objective. There are two main types of monetary-value sampling. The one most frequently used in financial auditing is MUS. This method is the subject covered here. The other method is known as classical sampling—a name attached merely to distinguish it from MUS. Classical sampling is discussed briefly at the end of this appendix. The method is called “classical” because it was used before MUS was developed and because it
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-23
depends on the well-known statistical mathematics of the normal distribution. MUS, by contrast, does not depend upon the normal distribution statistics. Before we get to the techniques of MUS, however, two topics of common application need to be expanded—the risk of incorrect acceptance and the risk of incorrect rejection.
Risk of Incorrect Acceptance In Chapter 10, you saw the audit risk model expanded to include these terms: AR = IR × CR × APR × RIA Monetary-value sampling for account balance auditing is primarily concerned with the risk of incorrect acceptance (RIA) in the risk model. The risk of incorrect acceptance is also called the test of details risk because it is the sampling risk of failing to detect a materiality magnitude of monetary error with audit procedures applied to the details (subsidiary units) in a control account. The other elements of the model are products of auditors’ professional judgment. The audit risk (AR) is the overall risk the auditor is willing to take of failing to discover material misstatement in the account. Public accounting firms that quantify this risk usually set it at 0.05 or 0.10. Their policies are somewhat arbitrary, because there is no overall theory acceptable in the practice world to justify any particular quantification of the audit risk. The amounts of 5% and 10% just seem to work adequately. The inherent risk (IR) is the auditors’ assessment of general factors relating to the probability of erroneous transactions entering the accounting system in the first place. It is hard to assess, often consisting of auditors’ memory of no problems in previous audits or other aspects of their knowledge of the business. Some public accounting firms have questionnaires to document the findings of the know-the-business procedures and to translate them into an inherent risk assessment. Analytical procedures were introduced in Chapter 8. They basically consist of all evidence-gathering procedures other than direct audit of account details. They are substantive procedures, as are the substantive tests of details, but they are not applied on a sample basis. Thus, there is frequently no mathematical way to measure their risk of failure. The analytical procedures risk (APR) in the model is the auditors’ judgment of the probability that these non-detail procedures will fail to detect misstatement in the amount of tolerable misstatement in the account. Public accounting firms that quantify this risk assign values from 0.30 to 1.0. The control risk (CR) is the auditors’ assessment of the quality of the client’s control structure. Control risk assessment was explained in detail in Chapters 9 and 10. Some public accounting firms combine the inherent risk judgment and the control risk assessment into one factor. These risk elements are considered independent, meaning that their combined risk can be a product (multiplication). While theoretical arguments of the validity of the model rage, several public accounting firms have built it into their sampling plans. They determine the risk of incorrect acceptance for a sampling application by first making AR, IR, CR, and APR judgments and assessments, and then calculating the risk of incorrect acceptance: Maximum RIA = 0.50, if the equation produces RIA > 0.50 However, be forewarned—not all public accounting firms or other audit organizations use the model in this fashion. Some quantify risk of incorrect acceptance for statistical sampling in the context of the client situation without reference to the model. Some say they do sampling without quantifying risk of incorrect acceptance. Some say they do audit sampling, but not statistical sampling. Practice varies.
WWW.TEX-CETERA.COM
10B-24
PART 2
Basic Auditing Concepts and Techniques
The risk of incorrect acceptance influences statistical sample size calculations, and thus it is a prime determinant of the extent of substantive audit work. Exhibit 10B–4 was presented to emphasize the effect of the audit risk model and its production of risk of incorrect acceptance on the substantive balance-audit sample sizes, as affected by the range of possible control risk assessments. Note the nonlinear change in sample size in relation to the evenly spaced (linear) control risk levels. From CR = 0.10 to CR = 0.20, the sample size increases by 30 sampling units (to 81 from 51), but from CR = 0.90 to CR = 1.00, the sample size increases by only 3 sampling units (to 143 from 140). The sample sizes are based on monetary-unit calculations for an account balance of $300,000 with a tolerable misstatement of $10,000.
Review Checkpoints 10B-21 What is the objective of test of controls auditing with attribute sampling? of test of a balance with monetary-value sampling? 10B-22 Does use of the audit risk model to calculate risk of incorrect acceptance remove audit judgment from the risk determination process? 10B-23 Is there any benefit to be gained from using the audit risk model to calculate risk of incorrect acceptance? 10B-24 If audit risk (AR) is 0.015, inherent risk (IR) is 0.50, control risk (CR) is 0.30, and analytical procedures risk (APR) is 0.50, what risk of incorrect acceptance (RIA) is suggested by the expanded risk model?
Risk of Incorrect Rejection The other risk auditors accept in audit sampling is the decision that an account balance is misstated by more than the material misstatement when it is in fact, but unbeknownst to the auditors, not misstated by that much. Note that this is the efficiency risk. This can happen when the sample is not actually representative of the population from which it was drawn. An initial incorrect rejection decision will create an audit inefficiency because additional work will be done to determine the amount of an adjustment, and the auditors will ordinarily discover that the recorded amount was not materially misstated all along. The planning goal is to keep the risk of incorrect rejection low and also to keep the cost of the audit work within reasonable bounds. When planning the size of an audit sample, the judgment about the acceptable risk of incorrect rejection amounts to an incremental cost analysis. You can minimize the risk of incorrect rejection by auditing a large sample—spending time and effort at the beginning with the initial sample size. Alternatively, you can take a smaller sample size and save time and cost, but this strategy will increase the risk of incorrect rejection. Taking more risk of incorrect rejection increases the likelihood of “rejection,” in which case you may need to expand the sample or otherwise perform work later that you could have performed at the beginning with the initial sample. Thus, your cost trade-off relationship involves (a) the cost saved by taking a smaller initial sample, reduced by (b) the probability-weighted expected cost of needing to expand the sample or perform other types of audit procedures. These two elements taken together are the expected cost saving from taking more risk of incorrect rejection. Taking a chance on needing to expand the sample is important only if the cost (per item) is lower in the initial sample and higher (per item) when sample units are added later. (If these costs were equal, you could simply audit sample items one at a time until you reached a justifiable conclusion.) The cost trade-off is based on probabilities, which are sometimes hard to estimate. An audit manager may prefer to incur the additional cost in the first phase of work to avoid any possibility of additional cost
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-25
of subsequent work. Cost aside, the auditors may not have time to select and audit additional items before the report deadline. For example, auditors may not have time to mail additional accounts receivable confirmations and wait two weeks for replies. Assessment of the risk of incorrect rejection also depends on the audit manager’s preferences for cost and certainty, and on the time deadlines for completing the audit. The risk of incorrect rejection pertains to audit efficiency. However, generally accepted auditing standards (GAAS) do not present a model or method for determining or thinking about this risk. GAAS also do not have anything to say about a “base risk of incorrect rejection” or an “alternative risk of incorrect rejection” used in planning a monetary-value audit sample.
Review Checkpoints 10B-25 Why is the risk of incorrect acceptance considered more critical than the risk of incorrect rejection in connection with audit decisions about an account balance? 10B-26 What considerations are important for determining the risk of incorrect rejection? 10B-27 What position is taken in GAAS with respect to the risk of incorrect rejection?
Monetary-Unit Sampling for Account Balance Auditing MUS is a modified form of attributes sampling that permits auditors to reach conclusions about dollar amounts as well as compliance deviations. Variations are called combined attributes-variables sampling (CAV), cumulative monetary-amount sampling (CMA), dollar-unit sampling (DUS), and sampling with probability proportional to size (PPS). Recall the discussion of the point that the test of controls audit of control procedures based on attribute statistics did not directly incorporate dollar measurements. Hence, conclusions were limited to decisions about the rate of control deviations, which helped auditors assess the control risk. MUS is a sampling plan that attaches dollar amounts to attribute statistics. MUS is used widely by many accounting firms and other audit organizations for account balance auditing (variables sampling). The unique feature of MUS is its definition of the population as the number of dollars in an account balance or class of transactions. Thus, in our example of auditing accounts receivable with a recorded amount (book value) of $300,000, the population is defined as 300,000 dollar units instead of as 1,500 customer accounts for classical sampling applications. With this definition of the population, the audit is theoretically conducted on a sample of dollar units, and each of these sampling units is either right or wrong. This is the type of treatment given to control procedures in attribute sampling: a control procedure is either performed or not performed, and there is either a deviation or no deviation; thus a rate of deviation is the statistical measure. However, MUS adopts a convention for assigning dollar values to the deviations, and we will cover these calculations a little later in this appendix. MUS was significantly enhanced for audit practice by Canadian practitioners, who wrote the first widely published manual on the techniques.4 It is now the first choice of auditors throughout their domestic and international practices.
Use of Monetary-Unit Sampling All monetary-value sampling methods, including MUS, require basic audit judgments for audit risk, inherent risk, control risk, and analytical procedures risk for the purpose of deriving the risk of incorrect acceptance. All these sampling methods, including MUS, require an audit judgment of material dollar
WWW.TEX-CETERA.COM
10B-26
PART 2
Basic Auditing Concepts and Techniques
misstatement for the account and an estimate of the misstatement the auditors think might exist in the account. MUS has advantages in the form of overcoming some of the difficulties inherent in classical sampling plans, such as those listed here: • Accuracy: An accurate estimate of a normal distribution standard deviation is required for clas-
sical sampling. MUS does not require this estimate because the statistical basis is the binomial distribution. • Bias: Classical statistics estimators suffer problems of bias because a sufficient number of errors may not be found in a sample to permit proper use. MUS imposes no requirements for a minimum number of errors. • Large sample sizes: MUS sample sizes are generally smaller than classical sampling sample sizes. (Smaller sample sizes are considered more efficient in most situations.) • Complicated stratification plans: MUS sample selection methods accomplish stratification by automatically selecting a large proportion of high-value items. There are still some critics of MUS, and here is their purported list of disadvantages (along with rebuttals to their arguments): • Criticism: The MUS assignment of dollar amounts to errors is conservative (high) because rigorous
mathematical proof of MUS UEL calculations has not yet been accomplished. • Rebuttal: This provides the auditor with assurance that achieved RIA < planned RIA, which helps
ensure that actual or achieved audit risk is within the planned level. In fact, some practitioners treat this feature of MUS as an advantage because they know their primary objective of risk control is virtually guaranteed to be met. • Criticism: MUS is not designed to evaluate financial account understatement very well. • Rebuttal: No sampling estimator is considered very effective for understatement error. Auditors control this problem the same way that they control for the completeness assertion—through audits of related populations, such as subsequent payments or subsequent collections. When to use MUS in account balance auditing can be inferred from the advantages and disadvantages indicated above. MUS is clearly the best method to use when auditors expect to find few or no errors, and where the greatest risk of error is the risk that the book value is overstated. MUS has also been found to be a reliable estimator in more varied situations where there are more errors, and modifications are available for dealing with both understatement and overstatement of book values. As in any formal techniques, care is needed in using the procedure to make sure the formal requirements of the model are satisfied.
Review Checkpoints 10B-28 What are some of the other names for types of MUS? 10B-29 What is the unique feature of MUS? 10B-30 What are the advantages and disadvantages of MUS? 10B-31 In what way does MUS resemble attribute sampling for control deviations?
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-27
Monetary-Unit Sample Size Calculation The same formula is used for substantive testing of details as for testing of controls: n = R/P. The only adjustment is that planned precision must be converted from a dollar amount to a rate or percentage, as is used in control testing. This is achieved by simply dividing the planned precision in dollars by the recorded amount of the account balance. The basic equation for calculating an MUS sample size for substantive testing of details is n = (BV × R)/MM where BV = Total book value (recorded amount) of the account balance
R = Poisson risk factor appropriate for the risk of incorrect acceptance (RIA or effectiveness risk)
MM = Material misstatement for the account balance Note that the above formula follows from n = R/P if we let P = MM/BV. That is, planned precision P is represented as a rate in testing of details by dividing material misstatement by the reported amount of the account balance. The recorded amount (BV) is the book balance of the account under audit, for example, a $300,000 accounts receivable total for 1,500 customers, subject to auditing by sampling. The concept of material misstatement was covered in Chapter 8. As in attributes sampling, efficiency risk (risk of incorrect rejection) is usually controlled indirectly following either or both of the following approaches: (a) select a number of errors greater than zero, and/or (b) use a planned precision that has been reduced by the amount of expected misstatement. For example, in using approach (b) assume that expected misstatement is EM; then planned precision to be used in the denominator in sample determination is (MM/BV − EM/BV) = (MM − EM)/BV. Auditors who use this technique do not allow planned precision to get below one half of MM/BV. Note that firms using this rule and setting the number of errors at zero in the R value tables never plan higher than twice the discovery sample for the given risk of incorrect acceptance (RIA = 1 − confidence level). To illustrate, assume, as before in Chapter 10, that MM = $10,000. Then a discovery sample size (the smallest possible for RIA = 1%) is n = 4.61/(10,000/300,000) = 4.61/0.0333 = 139 (round up to be conservative). If the auditor wishes to accept a sample with one error and all else remains unchanged, the sample size will be n = 6.64/0.0333 = 200. Note that since risk of incorrect acceptance and materiality are the same, what the auditor gets for this increased work is a reduction in risk of incorrect rejection. (Remember Exhibit 10B–1.) The other way to reduce risk of incorrect rejection is by adjusting planned precision P for expected misstatements (EM). As an illustration, assume EM = 4,000; then sample size can be increased to n = 4.61/ ((10,000 − 4,000)/300,000) = 4.61/(0.0333 − 0.0133) = 4.61/0.02 = 231. Note that in the numerator we use the R value with zero errors, since we are already controlling risk of incorrect acceptance through the tighter precision (0.02 versus 0.0333) in the denominator. There is, thus, little need to combine the adjustment of planned precision approach with the zero-errors approach in controlling risk of incorrect rejection with MUS. More formal, explicit approaches are available for controlling risk of incorrect rejection and risk of incorrect acceptance simultaneously, but since the basic principles are the same, we do not cover these refinements here.
WWW.TEX-CETERA.COM
10B-28
PART 2
Basic Auditing Concepts and Techniques
Review Checkpoints 10B-32 All other factors remaining the same, will an MUS sample size be larger, smaller, or the same for a larger book balance? 10B-33 All other factors remaining the same, will an MUS sample size be larger, smaller, or the same for a larger risk of incorrect acceptance? 10B-34 All other factors remaining the same, will an MUS sample size be larger, smaller, or the same for a larger expected misstatement? 10B-35 All other factors remaining the same, will an MUS sample size be larger, smaller, or the same for a larger tolerable misstatement?
Selecting the Sample MUS unit selection is a type of systematic selection, very similar to the systematic selection method introduced for attribute sampling. However, before sampling is started, auditors usually take some defensive auditing measures. They identify the individually significant units in the whole population and remove them for a 100% audit. In our example of auditing the $400,000 accounts receivable in the balance sheet of Kingston Company, the auditors could identify the six customer accounts over $10,000 (total amount of $100,000) and set them aside for audit. The cutoff size of $10,000 in this case corresponds to the material misstatement assigned to the accounts receivable audit. By being sure to audit each customer account whose balance exceeds the material misstatement, the auditors guard against the possibility of missing a material misstatement that might exist in a single subsidiary account. This leaves the remaining $300,000 of accounts receivable as the dollar value population (BV) subject to auditing by sampling. To carry out a systematic MUS selection, you must calculate the sample size (n) and then divide the population size (BV) by one minus the sample size to get a “skip interval” (k): k = BV/(n-1) For example, in the audit of the Kingston Company accounts receivable, if the sample is 96, the skip interval is k = $300,000/95 = $3,157.89 (rounded to $3,158) You use n − 1 as the denominator because the method of choosing the first and last random selections adds 1 to the sample size. With one random start, you select every 3,158th dollar unit. Each time a $1 unit is selected, it hooks the logical unit that contains it. A logical unit is the ordinary accounting subsidiary unit that contains the dollar unit selected in the sample. In this example the logical unit is a customer’s account. Obviously, all customer accounts with balances of $3,158 or more will be selected, and the larger units have a proportionately larger likelihood of selection than the smaller units. These phenomena of the selection method give MUS its high degree of stratification, with automatic selection of the high-value logical units. MUS samplers say the MUS selection hooks the largest logical units and places them in the sample. In contrast, the classical sampling methods define the population as 1,500 logical units and give each of them an equal likelihood of being selected for the sample. Thus, very large and very small customer balances will be in a classical sample of customer accounts receivable. On average, the number of dollars of the account balance in a classical sample will be smaller than the number hooked in an MUS sample.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-29
Indeed, the MUS systematic selection guarantees that all customer accounts larger than the skip interval (k) will be in the sample, but classical sampling selection of logical units carries no such guarantee. In our Kingston example, all customers with balances over $3,158 will be in the sample. Furthermore, each logical unit has a probability of being in the sample in proportion to its size. That is, a $500 customer balance has twice the probability of selection as a $250 customer balance. A mini-example of MUS selection is shown in the box below.
Mini-Example of Monetary-Unit Sampling Systematic Sample Selection This example is a takeoff on the Kingston Company example. Everything is reduced so that you can see the entire sample selection. See the accompanying table Kingston II. Assume Kingston II has $30,000 accounts receivable in 15 customer accounts, and you want to select a sample of 10 dollar units, which gives you a skip interval of k = 30,000/9 = 3,333. We still start with a random number between 1 and 3,333, say 722, and this random number identifies the first sampled dollar. (The first one will not necessarily fall in the first account.) You identify subsequent logical units by starting an “accumulator.” The accumulator first takes a value of zero minus the starting number. In our example the accumulator is 0 − 722 = −722. You then add the next logical unit account balances to the accumulator until it turns into a positive number. On the first round, when the balance in the second account is added, the accumulator turns positive: −722 + 3,500 = 2,778. When the accumulator turns positive, the logical unit contains a dollar for the sample. On the next round, you go to the “modified accumulator” by subtracting the skip interval; then add the subsequent logical unit balances until the accumulator turns positive again. The modified accumulator is 2,778 − 3,333 = −555; then the accumulator next becomes –555 + 1,965 = 1,410, and this positive number identifies another sample dollar. (See the accompanying table.) The process is repeated. If the modified accumulator remains positive after subtracting the sampling interval, as it does at account #12, you have selected two dollar units in the same logical unit. Subtract the skip interval again before adding the next account balance. KINGSTON II ACCOUNT NUMBER
ACCOUNT BALANCE
ACCUMULATOR
1 2
$ 750 3,500
−722 2,778
3 4 5 6 7 8 9 10 11
1,965 2,400 949 563 1,224 3,211 2,961 1,622 7,200
1,410 477 −1,907 −1,344 −120 3,091 2,719 1,008 4,875
12 13 14 15
1,199 1,000 500 956 $30,000
−592 408 −2,425 −1,469
MODIFIED ACCUMULATOR
DOLLAR SELECTED
LOGICAL UNIT
1st 3,334th
$ 750 3,500
−1,923 −2,856
6,667th 10,000th
1,965 2,400
−242 −614 −2,325 1,542 −1,791
13,333rd 16,666th 19,999th 23,332* 26,665*
3,211 2,961 1,622 7,200
−2,925
29,998th
1,000
−555
Total of logical units in the sample of 10 dollar units .......................................................................................................... $24,609 *Two dollar units in the same logical unit. The dollar-selected column starts with the random start at 722 and adds 3,333 each time a dollar is selected in the sample. This is a selection routine for manual application. It may seem complicated at first glance, but it is really not hard to do with a calculator. When populations are on computer files, a routine like this one can be programmed to make the sample selection.
WWW.TEX-CETERA.COM
10B-30
PART 2
Basic Auditing Concepts and Techniques
Review Checkpoints 10B-36 What effect does the identification of individually significant logical units have on the size of the recorded amount population for MUS? 10B-37 How does MUS sample selection produce an automatic stratification of choosing the high-value logical units in a control account balance? 10B-38 What happens when two dollar units for the sample fall in the same logical unit?
Express the Error Evidence in Dollars The problem with attribute sampling is how to express the results in terms of a deviation rate instead of in dollars. In an audit context, expressing results in dollars is more meaningful when the audit objective is a decision about the fair presentation of a balance expressed in dollars. Therefore, dollar-unit sampling adopts some conventions for expressing the error evidence in dollars. The first step is to determine an average sampling interval. This amount is slightly different from the sample selection skip interval. The average sampling interval (ASI) is BV ASI = ___ n In our example of the audit of Kingston Company’s accounts receivable with a sample of 96 customer accounts, ASI = $300,000/96 = $3,125 You can work with the average sampling interval instead of the skip interval if you remember that the first random dollar is selected from the first interval of dollar units (in this case, 3,125 dollar units) and then simply add 3,125 a total of n − 1 times (in this case 95 times) to select n − 1 additional dollar units.
Calculate an Upper Error Limit: The No-Error Case The UEL is a statistical estimate of the greatest amount of dollar error that might exist in an account balance, with a likelihood (risk of incorrect acceptance) that the actual amount of error might be even greater. The easiest UEL calculation arises when the sample is audited and no dollar misstatements are discovered. Then the calculation is5 UEL = ASI × R In our example, suppose the auditors audited 96 of Kingston’s customers’ accounts and found nothing wrong, no misstatements or arguments. If the auditors wish to evaluate the “greatest amount of error that might exist” at a risk of incorrect acceptance of 0.17, they will find the Poisson risk factor for RIA = 0.17 and zero errors in the R value tables, which is 1.77, and calculate the UEL: UEL = ASI × R = $3,125 × 1.77 = $5,531 This calculation follows from our basic formula R = n × P, except now we solve for P instead of for n as we do at the sample size determination stage. That is, P = R/n = 1.77/96 = 0.0184375. This is the achieved UEL represented as a rate or percentage (keep in mind the attributes sampling theory basis for MUS). How do we
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-31
convert this to a dollar amount? Simple! Multiply by BV: 0.0184375 × $300,000 = $5,531. Remember, we divided by BV to convert precision to a percentage. So, now we must multiply by BV to convert UEL to a dollar amount. The risk of incorrect acceptance represented by the choice of the Poisson risk factor should be the risk of incorrect acceptance derived from the risk model the auditor uses to plan the audit work. This risk of incorrect acceptance is one of the auditors’ decision criteria for accepting the book value as materially accurate or for rejecting it as appearing to contain a material misstatement. The calculated UEL is similar to an attribute sampling computed UEL (that is why we represent both by UEL). The auditor can say, “Based on the quantitative evidence, I estimate the greatest amount of error in the population is UEL (rate of deviation for UEL), with a likelihood of risk of incorrect acceptance [effectiveness risk] that the amount of misstatement error [or in the case of attitude sampling, the rate of deviation] might be greater.” The risk of incorrect acceptance represents the risk associated with MUS. Of course, other sources of evidence may have been used to derive a particular risk of incorrect acceptance from audit risk (AR). The audit risk model reflects these other sources. So, although 1 – RIA reflects the assurance provided by MUS, the total assurance from control-reliance, analytical-review procedures as well as MUS is 1 – AR. The UEL must have a reference point to mean something. The reference point is the material misstatement assigned to the account, and it is the other decision criterion. You can use it with a “UEL decision rule,” as expressed in the following box.
Upper Error Limit Decision Rule Using actual sample data, calculate the UEL of monetary misstatement. Compare this UEL to the material misstatement decision amount. If the UEL is larger, make the “rejection” decision. If the UEL is smaller, make the “acceptance” decision. Note that the decision is based on the amount considered material, MM, not the planned precision, which may be less than material in order to control risk of incorrect rejection.
Using this UEL decision rule in our Kingston Company example, where the risk of incorrect acceptance is 0.17 and the tolerable misstatement is $10,000, the decision is that the evidence shows the $300,000 accounts receivable does not appear to contain a material misstatement. The UEL of $5,531 at RIA = 0.17 is less than the material misstatement. The phenomenon of measuring a UEL amount of misstatement when no errors were found in the sample is a reflection of the partial knowledge given by a sample from the population instead of knowledge of the entire population. Similarly, in attribute sampling for detail test of controls, a UEL greater than zero is expressed even when no deviations are found in a sample. This kind of measurement of sampling error is frequently called “further misstatement remaining undetected in the balance.” Auditors can take it into account by calculating the UEL. The zero-error UEL is actually a reflection of the sufficiency of audit evidence as represented by the size of the sample audited. If the sample size is very small, indicating limited knowledge of the population, the average sampling interval will be large, and the UEL will be high. In these circumstances, the failure of the UEL decision rule (i.e., UEL greater than MM) is an indication of not enough evidence (sample size too small).
Calculate an Upper Error Limit: When Errors Are Found When a dollar-unit sample is audited, the auditors determine (1) the dollar amount of difference between the book value and the audit value of the logical unit—the account or invoice—that contains the sampled dollar, and (2) the ratio of this difference to the recorded amount of the logical unit. This ratio is called the tainting percentage or taint%:
WWW.TEX-CETERA.COM
10B-32
PART 2
Basic Auditing Concepts and Techniques
Taint% = (Book value - Audit value)/(Book value) The tainting percentage is the MUS device for departing from the all-or-nothing, error-no-error measurement of attribute sampling. The theory is that a $1 unit is being audited, but each $1 unit is embedded in a larger logical unit. A logical unit can be partially in error, and this part is attributed to all the dollars in the unit, including the “sampling unit dollar.” Thus, a sampling unit dollar can be wrong in part—the tainting percentage. Look at the three illustrative errors from the audit of Kingston’s accounts receivable in Exhibit 10B–7. The first account had a book value of $1,000, but the auditors determined that the recorded amount should be $200. The customer’s account is overstated by 80% (tainted with error), and so is the $1 sampling unit in it. The other two errors reflect 90% and 75% overstatement errors. The taint% for a particular account is represented as ti, where the subscript “i” refers to a specific account or line item. The calculation of UEL when errors are found is a combination of Poisson risk factors (R), tainting percentages ti, and the average sampling interval (ASI). Exhibit 10B–8 shows a UEL calculation assuming an audit of 96 dollar units from Kingston Company’s $300,000 accounts receivable, when the three errors in Exhibit 10B–7 were found. EXHIBIT 10B–7
Three Illustrative Errors CUSTOMER
BOOK VALUE
AUDIT VALUE
DIFFERENCE
TAINT%
1,425
$1,000
$200
$ 800
80%
310
3,000
300
2,700
90
963
2,000
500
1,500
75
EXHIBIT 10B–8
Upper Error Limit Calculation (RIA = 0.17) BASIC ERROR, LIKELY ERROR, AND TAINTING PGW* FACTORS × PERCENTAGE × 1.
Basic error (0)
2.
Most likely error:
AVERAGE SAMPLING INTERVAL
=
DOLLAR MEASUREMENT
1.77
100.00%
$3,125
$ 5,531
First error
1.00
90.00
3,125
$2,813
Second error
1.00
80.00
3,125
2,500
Third error
1.00
75.00
3,125
2,344
Projected likely error 3.
7,657
Precision gap widening: First error
0.44
90.00
3,125
1,238
Second error
0.32
80.00
3,125
800
Third error
0.27
75.00
3,125
633 2,671
Total upper error limit (0.17 risk of incorrect acceptance) *Precision gap widening.
WWW.TEX-CETERA.COM
$15,859
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-33
The “basic error,” calculated using the RF (risk factor) for the zero-error case, is the underlying sampling error associated with the sample size. It is weighted by a 100% tainting under the assumption that the maximum overstatement of a dollar unit is its recorded amount. Next, the errors are put in descending order of their tainting percentages, the largest first and the smallest last. These are given a “likely error” factor of 1.0. The sum of 1.0 × respective tainting percentages × ASI for the errors is called the “projected likely error.” This is the auditor’s estimate of error based on the actual errors discovered ($5,000 = $800 + $2,700 + $1,500) projected to the population as $7,657. The precision gap widening (PGW) is in addition to the sampling error generated by finding errors in the sample. These factors are in the R value tables. They bear a direct relationship to the Poisson risk (R) factors in the R value tables. Each PGW is the difference between the risk (R) factor for the error number and the risk (R) factor for the error number that preceded it minus 1.0 (the risk factor assigned to the actual error). Thus, the PGW for the first error at RIA = 0.17 is 0.44 = 3.21 − 1.77 − 1.00. In terms of our UEL decision rule test of the accounts receivable, it appears that Kingston’s $300,000 accounts receivable may contain more than $10,000 material misstatement because the UEL of $15,859 is greater than $10,000 at risk of incorrect acceptance of 0.17. In other words, there is a 0.17 probability that overstatement in the receivables exceeds $15,859, when the auditors wanted to achieve a probability of 0.17 that misstatement could exceed only $10,000. We therefore have the “rejection” decision. Exhibit 10B–8 calculations can be summarized by the following formula: (1/n) × (R0 + ((R1 − R0) × t1) + ((R2 − R1) × t2) + ((R3 − R2) × t3)) × BV = (1/n) × (R0 + ((1 + PGW1) × t1) + ((1 + PGW2) × t2) + ((1 + PGW3) × t3)) × BV = (1/n) × BV × (R0 + t1 + t2 + t3 + PGW1 × t1 + PGW2 × t2 + PGW3 × t3) = ((BV/n) × R) + ((BV/n) × (t1 + t2 + t3)) + ((BV/n) × ((PGW1 × t1) + (PGW2 × t2) + (PGW3 × t3))) = Basic error + Most likely error + Precision gap widening, where Basic error = ((BV/n) × R0), Most likely error = ((BV/n) × (t1 + t2 + t3)), and Precision gap widening = ((BV/n) × ((PGW1 × t1) + (PGW2 × t2) + (PGW3 × t3))). Note that (BV/n) is the sampling interval. Although the above calculations may look rather complicated, they follow from the same evaluation formula used in testing of controls. Recall that achieved UEL in testing of controls for K errors found in the sample is P = R/n, where R is the Poisson risk factor for the specified effectiveness risk and K errors using the R value tables. This can be rewritten as follows: R/n = (1/n) × (R0 + ∑Ki=1(Ri - Ri - l) × 1) = achieved UEL as a rate In variables sampling, instead of just working with 0 and 1 values of attribute sampling (i.e., in the formula above there were K errors, or K “1” values, which determined the achieved UEL), one replaces the 1s with the concept of taintings. That is, instead of 1, use a tainting: ti = (BVi - AVi)/BVi It is through the concept of the tainting or fractional error that MUS is converted from a pure attributes sampling model to a variable sampling model that measures the total possible dollar error in a population. The tainting concept has an interesting history. When MUS was first developed by Dutch statistician Dr. Van Heerden, he viewed it as a purely attributes sampling model applied to monetary units. There is no limit to how small the monetary unit can be, so the initial idea was to apply it to the smallest denomination, say, the penny. In penny-unit sampling, you can apply strict attribute sampling because monetary error recorded is reducible only to the nearest penny. Thus, a penny is either in error or not. For example, suppose we have an accounts receivable recorded balance of 543.37, and we confirm that the actual amount is 347.85. Thus, under penny-unit sampling, 34,285 of the recorded pennies are “correct” while 54,337 − 34,785 = 19,552 of the pennies are completely in error; that is, there is a 19,552/54,337 = 36% recorded penny deviation rate in the account. From this perspective, we can view the entire accounts
WWW.TEX-CETERA.COM
10B-34
PART 2
Basic Auditing Concepts and Techniques
receivable population as having a certain attributes deviation rate, and attributes sampling is perfectly appropriate under such an interpretation. The only thing the auditor would have to do is develop a convention to decide which penny of account A has been selected: one of the 19,552 pennies in error, or one of the 34,785 not in error. On selecting account A and determining the error, the auditor would have to use a consistent convention—for example, the in-error pennies can be assumed always at the head of the sequence of recorded pennies, such as the first 19,552 recorded pennies, not the last or the ones in the middle. Any consistent convention will do as long as the pennies in error continue having the same probability of being selected. Under such a convention there would be no need to modify any of the formulas used in testing of controls. The difficulty with such an approach is that it may be impractical. For instance, if on following the convention the auditor knows of the $195.52 error but because of the convention he or she happens to select a penny not considered in error, the auditor would have to ignore this error. The auditor would be hard put to defend such an action in court! The problem is that although such a convention is statistically valid, it is so in the long-term frequency sense, and the auditor has to consider the evidence in the specific case. So, as a compromise, auditors have developed the convention that when an account error is selected, the errors are presumed averaged in every monetary unit in the account. For this reason, the tainting is calculated and assumed to apply to every dollar unit, or penny unit, or whatever, in the misstated account. This approach maximizes the information obtained from the sample. While this latter convention makes the treatment of errors in a given situation more acceptable to the auditor, and it closely approximates the “pure” convention of Van Heerden, it does deviate from pure attribute sampling theory. Nevertheless, much research has shown this approach to result in conservative MUS bounds (the actual risk of incorrect acceptance is less than the planned level, or, to put it another way, the actual confidence level of MUS is greater than planned). This bias is acceptable and even considered preferable by many auditors because it means that the assurance they are getting from MUS is actually somewhat higher than what the formulas indicate.
Calculate the Projected Likely Misstatement The whole point of quantitative evidence evaluation is to extend the findings from the sample to the entire population. The first step is to calculate the projected likely misstatement, which is the auditors’ best estimate of misstatement based on the errors found in the sample. You can see the projected likely misstatement (PLM) of $7,657 at the middle right of Exhibit 10B–8. Auditors are supposed to think about the amount of projected likely misstatement in relation to the material misstatement and consider whether there may be “further misstatement remaining undetected.” The difference between UEL and PLM ($8,202 = $15,859 − $7,657) is the MUS quasi-statistical measurement of sampling error and the “further misstatement remaining undetected.” The projected likely misstatement plays a significant role in the auditors’ problem of deciding upon an amount to recommend for adjustment when they have made a “rejection” decision.
Determine the Amount of an Adjustment The problem of determining the amount to recommend for adjustment is troublesome because auditors usually do not know the exact amount of misstatement in an account. When the evidential base is a random sample, the three measurable aspects of monetary misstatement are (1) known misstatement, (2) projected likely misstatement, and (3) possible misstatement—the “further misstatement remaining undetected.”
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-35
Quantitative Considerations The known misstatement is the sum of the actual dollar errors found in the sample. The projected likely misstatement is a calculation based on the known misstatements. Neither of these is affected by the auditors’ risk of incorrect acceptance criterion. However, the possible misstatement may be large or small. depending upon the risk of incorrect acceptance specification. This makes “possible misstatement” a slippery concept. In our example of the audit of Kingston’s accounts receivable, we have Known misstatement = $5,000 PLM = $7,657 Possible misstatement = $8,202 (at RIA = 0.17) The calculation of these components was illustrated earlier via the basic framework. Auditing standards and practice contain no hard and fast rules for determining the amount of adjustment in sampling situations. Several measures of adjustment amounts can be derived from the data. Various sources have suggested the following: • Adjust the amount of the known misstatement, in this case $5,000. Usually, the actual amount of known
•
•
•
•
misstatement is smaller than the material misstatement. Often, this adjustment is too small and leaves too much potential for remaining error (in this case $10,859 = $15,859 − $5,000) unadjusted. Adjust the amount of the projected misstatement, in this case $7,657. The point estimate of likely misstatement is considered the best single-value measurement available for recommending an adjustment to the client. In addition to adjusting for the projected likely misstatement amount, also adjust the amount of the possible misstatement, in this case another $8,202. This sum is the largest one an auditor can measure using the risk of incorrect acceptance in the audit plan. It contains an element of statistical measurement that auditors and clients may or may not be willing to accept for adjustment purposes. Adjust by the amount of material misstatement when the sum of projected and possible misstatement exceeds material misstatement, in this case $10,000. This kind of rule is somewhat arbitrary and is subject to question when the sum exceeds 2 × MM. Adjust by the amount that the sum of projected and possible misstatement exceeds material misstatement, in this case $5,859 ($15,859 − $10,000). The theory here is that the amount of misstatement left in the account balance after adjustment will not exceed material misstatement ($10,000). This measure is somewhat arbitrary.
Statistical projections are used to recommend adjustment. Adjustments for known misstatements or projected misstatements have the most empirical and theoretical support. It can be shown that for any amount of error, sample size can be increased sufficiently so that adjusting for projected misstatements will always reduce the remaining error to less than a material amount at the stated confidence level. Of course, if the auditor cannot increase the sample size sufficiently, then the theoretically best available adjustment is not an option and the auditor may have to rely on other audit procedures to determine the amount of adjustment or to make the appropriate reservation in the auditor’s report. Not too much is known about public accounting firms’ use of statistical adjustments in financial audits, but, as noted in the following box, tax auditors may use such measures.
WWW.TEX-CETERA.COM
10B-36
PART 2
Basic Auditing Concepts and Techniques
Statistical Sampling as a Tool in Audits of Multinational Concerns The U.S. Internal Revenue Service (IRS) often tries to save resources in audits by projecting tax errors from samples of company data. It does this for travel and entertainment deductions. Now, the IRS is using sampling in challenging prices that a company charges for items sold to foreign subsidiaries. In such cases the IRS claims that a parent company is avoiding U.S. tax by undercharging its foreign units. In a tax court dispute, Halliburton Company says the IRS was seeking to raise its income by $62.5 million for alleged underbilling; $29.5 million of the amount is from “adjustment for statistical sampling population.” The pending case shows that the IRS is using sampling more aggressively. Source: Adapted from The Wall Street Journal, February 18, 1987.
As noted above, research suggests that adjusting for projected misstatement is a valid way of maintaining objective control of sampling risk after adjustment. For example, in Exhibit 10B–8 after adjusting accounts receivable for projected likely error of 7,657, a legitimate post-adjusted UEL with a risk of incorrect acceptance of 17% is 15,859 − 7,657 = 8,202—which would be an acceptable UEL under our decision rule. What happens if the difference between UEL and projected likely misstatement is greater than material? Then clearly an adjustment based on projected likely misstatement would not be sufficient. One way to develop an objective adjustment is to increase sample size. It can be shown that no matter how much error there is in the population, the difference between UEL and projected likely misstatement will be reduced as the sample size is increased. This means that theoretically there is a large enough sample size so that adjusting for projected likely misstatement will ensure that adjusted UEL is less than material and thus acceptable at the stated risk of incorrect acceptance level (or equivalently at a confidence level of 1 – RIA). Of course, as noted above, the auditor may not always be able to increase sample size as much as he or she needs.
Non-quantitative Considerations You can see that much latitude exists for determining the amount of an adjustment to recommend. Often, the amount recommended for one account depends on adjustment amounts recommended for other accounts. Auditors typically consider the findings in other audit areas when recommending adjustments. The special characteristics of the accounts must also be considered. For example, in some cases the actual misstatement (overstatement in our Kingston accounts receivable example) may consist of overcharges to customers and undercharges from sales that were underbilled or simply not invoiced to customers (understatements). Management may make a policy decision not to try to recover the underbilled or unbilled amounts, so the audit manager must then deal with all the overstatement errors instead of a smaller net overstatement. Other accounts may be different. For example, both overstatements and understatements in an inventory valuation may be adjustable simply by correcting the records, and no one needs to take customer relations into account. Even though the lack of a definitive rule on how to figure the amount of an adjustment has revealed the lack of science in auditing, we can close the discussion with a more definite statement: as a general rule, all actual misstatements discovered in accounts audited completely should be adjusted, provided the amounts are material. The CPA Canada Handbook provides additional guidance, but first we must consider the case of both overstatement and understatement in the sample results.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-37
Review Checkpoints 10B-39 Suppose you have audited a $600,000 recorded amount of inventory with a sample of 100 dollar units and their logical units and found no errors. What is the UEL at RIA = 0.05? RIA = 0.10? RIA = 0.25? RIA = 0.50? 10B-40 What is the risk-related interpretation of each of the UELs you calculated in question 10B-39? 10B-41 What is the UEL for the audit of 96 dollar units from the $300,000 accounts receivable, given the errors shown in Exhibit 10B–7, for RIA = 0.48? for RIA = 0.05? What interpretation can you give to these UELs? 10B-42 If you had to pick the one best measure for an amount to recommend for adjustment based on a sample, which one would you choose? 10B-43 Why do you think the auditing profession has no definite rules for deciding the amount of an adjustment?
Overstatement and Understatement When both overstatement and understatement errors are discovered, you need to combine them properly. The calculations are not difficult.6 According to Leslie, Teitlebaum, and Anderson (1979): 1. Calculate separately the gross projected likely error (GPLEO) and the total upper error limit (TUELO) for overstatements, using an array of error taints only of the overstatement errors, ignoring understatement errors. 2. Calculate separately the GPLEU and the TUELU for understatements, using an array of error taints only of the understatement errors, ignoring overstatement errors. 3. Calculate the net projected likely error (PLEN) by finding the net amount of the two gross projected likely error amounts, keeping track of whether the net amount is overstatement or understatement: PLEN = GPLEO − GPLEU 4. Calculate the net upper limits (NUELO for overstatement and NUELU for understatement) by reducing each gross upper error limit (GUEL) by the gross projected likely error (GPLE) of the opposite direction of misstatement; that is, NUELO = TUELO − GPLEU NUELO = TUELU − GPLEO The following example uses the overstatement amounts calculated in the preceding Kingston accounts receivable example and some hypothetical understatement amounts. PROJECTED LIKELY ERROR
UPPER ERROR LIMIT
$7,657
$15,859
5,000
10,000
2,657
10,859
NA = 0
2,343
Gross errors: Overstatements Understatements Net errors: Overstatements Understatements NA means not applicable.
Now you can say that with risk of incorrect acceptance equal to the risk used to calculate both overstatement and understatement estimates, (1) the most likely misstatement amount is PLEN = $2,657
WWW.TEX-CETERA.COM
10B-38
PART 2
Basic Auditing Concepts and Techniques
overstatement, but (2) the misstatement could be between NUELO = $10,859 overstatement and NUELU = $2,343 understatement. Since material misstatement for the receivables is $10,000, the total of $300,000 appears to be materially misstated because the NUELO exceeds $10,000. With this background we can now develop operational guidelines for MUS adjustments consistent with the CPA Canada Handbook.
Audit Adjustments per the CPA Canada Handbook According to CAS 530.14, the auditor should estimate a likely aggregate misstatement by aggregating (a) Known errors on other than representative samples (b) Projection of misstatements on representative (e.g., statistical) samples (i.e., PLENs in MUS) (c) Disagreements with accounting estimates (d) Net effect of uncorrected misstatements in opening equity (note that this can include projections of misstatements in some accounts, e.g., beginning inventory)
As noted in the earlier CICA Handbook, paragraph 5142.18–22, the above types of errors are aggregated in stages: in each stage the auditor determines whether the misstatement for each balance or class of transactions is material. If not, the auditor proceeds until the highest level of aggregation (net income, net assets) is reached. If at any stage the auditor estimates a material likely aggregate misstatement, then the auditor should do the following: (a) Arrange for the client to recheck the areas that contain the largest misstatements OR (b) Perform additional audit procedures (expand audit testing) OR (c) Insist on an adjustment OR (d) Issue a report reservation (CPA Canada Handbook, paragraph 5142.22)
An illustration of an adjustment based on known errors is given in Chapter 15. This example, however, does not consider projections or representative sample results. The general rule in developing an adjustment policy for projections of errors based on statistical sampling is as follows (using the terminology in MUS mechanics): 1. If PLEN > materiality (situations 3 and 4 of AuG-41, paragraph 42), the auditor should insist on adjustment or, failing that, qualify the report. Note that PLEN is the same as = “Likely aggregate misstatement” (LAM) of the Risk and Materiality Guideline in the CICA Handbook. 2. If UEL net > materiality, but PLEN < materiality (situation 2 of AuG-41, paragraph 42, page 15), then the auditor will normally have to do further audit work to obtain more-persuasive evidence that material errors do not exist. Under this condition it is already improbable that (PLEN) material errors exist (since most likely errors projection lies below materiality) and so qualification may not be justified. But it is not sufficiently improbable without further work to justify a clear opinion (unless management agrees to some adjustments). Net UELs are also referred to as possible errors and in the risk and materiality guideline as further possible misstatements (less those due to non-sampling error). Since by definition non-sampling errors are impossible to measure objectively (e.g., the degree to which auditors inaccurately “take a random sample”), they are not explicitly considered in any formula. The types of possible adjustments include the following: 1. Adjust for known errors only. Note that this can be applied to reduce both PLEN and UEL by the known errors. The auditor can then use the above decision rules to decide if the population is acceptable after adjustment.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-39
2. Adjust for PLEN. Note that this reduces adjusted PLEN to zero and likely brings UEL to below materiality as well. If that is the case, the auditor can accept the population after the adjustment. 3. Adjust for anything between zero and PLEN, depending on negotiations with the client. Note that this will be influenced by factors such as the degree of leverage the auditor has over management, and the degree to which auditors incur non-sampling error (e.g., how many of the “sample errors” do they decide to “isolate” and therefore ignore in making projections?). So, as you can see, significant professional judgment is involved in making adjustment decisions. 4. No adjustment is necessary: situation 1 of AuG-41, paragraph 42, is comparable with the case UEL < materiality.
Disclosure of Sampling Evidence GAAS do not require independent auditors to disclose anything about their audit sampling applications in their reports on audited financial statements. Auditors’ determinations of risk, materiality, tolerable misstatement, sample selection, sample coverage of the population, and other details are private auditor information. Consequently, users of financial reports are unable to judge the appropriateness of auditors’ decision criteria and evidence evaluation. However, the Office of Management and Budget audit report requirements (OMB Circular A-133) in the United States include some very interesting sampling disclosures. Among the information required to be reported is a “Schedule of Findings and Questioned Costs” related to government grant programs. The format shown in the box below is an illustration of the OMB requirement for the disclosure of sampling information. The XYZ Organization (e.g., a state agency) uses funds from two federal programs.
XYZ Organization Schedule of Findings and Questioned Costs DEPARTMENT OF ENERGY: HEATING ASSISTANCE FOR LOW-INCOME PERSONS Number of items in population Number of items tested Number of items not in compliance Dollar amount of population
DEPARTMENT OF HEALTH AND HUMAN SERVICES: ABC PROGRAM
234
1
30
1
1
1
$53,330
$2,826
Dollar amount of items tested
9,210
$2,826
Dollar amount of items not in compliance
$
202
$2,826
Amount of questioned costs
$
202
$2,176
Department of Energy: Documentation of verification of low-income status of one grant recipient could not be located. The cost of the assistance may be disallowed.
Department of Health and Human Services: The organization exceeded the approved advertising budget ($65), received an oral authorization, but did not request a written budget modification ($2,176). The program has agreed to accept the overexpenditure. Source: CPA Firm Accounting and Auditing Bulletin, May 1991.
WWW.TEX-CETERA.COM
10B-40
PART 2
Basic Auditing Concepts and Techniques
This illustration offers some information for statistical analysis. Although the schedule does not tell users whether the sample was random, assume that it was a monetary-unit sample. (The average sampling unit was $307 = $9,210/30, whereas the average population item amount was $228 = $53,330/234, indicating an MUS-type weighting toward the higher-valued units.) A user could derive the following: Average sampling interval (ASI) = $53,330/30 = $1,778 Actual errors = one 100% error of lack of documentation The projected likely error (lack of documentation and possible disallowed cost), applying the sample evidence to the whole population, is $1,778 = UEL weight (1.0) × tainting percentage (100%) × ASI ($1,778). Calculation of the UEL requires an assumption about the risk of incorrect acceptance. Assume that 0.05 is appropriate. Then we have the following: UEL FACTOR
×
TAINT %
×
ASI
=
DOLLAR AMOUNT
Basic error
3.00
100%
$1,778
$5,334
PLM
1.00
100
1,778
1,778
PGW
0.75
100
1,778
UEL at 0.05 risk
1,334 $8,446
Note: The illustrative disclosure does not suggest that the auditors projected the sample findings to the population. The disclosure suggests that a minor amount of cost ($202) was questioned in the Department of Energy program. However, government auditors, such as the IRS auditors cited earlier, will not stop at the seemingly minor amount of actual error discovered in a sample. They want to know the amount that might be wrong with the entire population, and in this case the amount could be large. A sample-based projection might become the basis for a claim for refund of federal funds. Then the XYZ Organization could try to defend its proper control and stewardship over federal grants! A Canadian example of the usefulness of statistical sampling is given in the following box. An interesting statistical question raised by this article relates to the quote by the university vice-president that the 40% loss is invalid because the sample size is too small. There are several ways to analyze this comment for its validity. One is to compute an MUS sample size based on, say, a 95% confidence level and a materiality percentage of 40%. This yields, using the R value tables and our formula, R 3.0 n = __ = ___ = 7.5 or 8 P 0.4 for a discovery sample size. Doubling this to control for efficiency risk still leaves a sample size well under what the internal auditors used.
Province Charges University with Lack of Fiscal Care The University of Toronto is careless in the control of its assets, says the 1990 provincial audit. According to the annual report, the university could not account for 40% of its $310 million inventory, and lost money in the disposal of several assets. The U of T comptroller’s ledger gave no location or an unspecific location for $127 million worth of the university’s equipment and furniture, said Rudolph Chiu, who managed the audit for the province. A location such as “Simcoe Hall,” which has over 100 offices, was considered too vague. The university could not find one-third of a sample of 73 items which were identified by room number, serial number or model number. Missing items included video recorders, personal computers, cameras and electronic equipment. One department signed a statement verifying its possession of a computer but would not allow the auditor to follow-up with an on-site inspection. The department claimed “it had just thrown it away the day before,” said Chiu. The University Vice-President of Administration said that the estimate of a 40% loss was invalid because the sample from which the percentage was derived was too small. (continued)
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-41
“There’s no question we do not have an adequate way of checking inventory,” he added, “but it would cost us over a million dollars a year to hire someone to go out and physically check the equipment.” Budget reductions in 1979 forced the university to eliminate the three accounting positions responsible for checking inventory. The report also criticized the university for failing to adhere to its own policy in the sale of equipment. The policy requires that the item be advertised and that a fair price be determined by the university purchasing department. If the sale is to an employee or relative of an employee, the sale must be approved by a university vice-president. In one case, a six-month-old truck was sold unadvertised to a university employee at a 45% discount. One year later, the value of the truck was still higher than the sale price. Criddle faulted an Ottawa truck dealer who had given the purchasing department too low a price on the truck. “The words [the auditor] chose give the wrong impression,” he said. “It’s not a question of the university being careless,” he said, “It’s a question of people not following policy. That doesn’t surprise me. In a place this size there are a lot of procedures people don’t realize exist.” He emphasized that the audit did not criticize the university for losing money, only for failing to adhere to its procedures. Source: Adapted from Kate Zernike, The Newspaper, December 5, 1990. Used with permission from The Newspaper, University of Toronto’s Independent Community newspaper.
Another approach is to solve for the amount of error that would be considered material at sample size of 73 and a 95% confidence level (i.e., RIA = 0.05), and working backward solve 73 = 3.0/P. This yields a materiality of P = 3.0/73 = 0.041. In other words, the sample size was sufficient to detect an error rate of 4.1% or higher at a 95% confidence level. Several other analytical approaches could be followed, but they all point to the same consistent conclusion: the provincial auditor is likely correct and the 40% loss estimate is not invalid. Or, to put it in a more intuitive way, if you lost 40% of your belongings in a burglary you would realize it much more quickly than if, say, 1% of your belongings were missing. A vivid example of the importance of properly interpreting sample results and their consequences was provided by the uproar raised in February 2000 concerning federal spending on job grants. “The Boondoggle’s Big Picture” excerpt reproduces most of an article dealing with extrapolating the results of an internal audit and interpreting its social consequences.
The Boondoggle’s Big Picture OTTAWA—Debate surrounding widespread financial mismanagement of government funds uncovered by an internal Human Resources audit has been dominated by 37 projects whose problems officials judged serious enough to require further review. Jean Chrétien, the Prime Minister, has rejected opposition suggestions of a “billion-dollar boondoggle” by stating, “It’s not $1-billion, it’s 37 cases. Some are worth $10,000 or less.” However, extrapolating the problems identified by the audit sample across the total 30,000 projects from which the random sample was drawn shows thousands of projects could be in need of review. The sample of 459 projects representing $200 million was drawn randomly from a total of 30,000 HRDC projects worth $1 billion a year in federal grants. For a sample size of 459, Prof. Kalbfleisch said the true number of affected files can be estimated with an error of plus or minus 3%, 19 times out of 20. The 35 affected files identified through the audit make up 7.6% of the sample. Extrapolated to 30,000 files, the estimated number of problem projects adds up to 2,280. An error estimate of plus or minus 3% means the true number of affected grants would be between 4.6% and 10.6% of the total, or between 1,380 and 23,180 projects in all. Prof. Kalbfleisch noted that the audit may not have been done by random sample, but by a stratified sample in which projects were chosen so as to represent geographic regions or grant sizes. In that case, the extrapolation would be more complex and the estimate of 2,280 would be incorrect. If the audit targets particularly high-risk files, for example, it could be an overestimate. (continued)
WWW.TEX-CETERA.COM
10B-42
PART 2
Basic Auditing Concepts and Techniques
Ghislain Charron, a spokesman for HRDC, was not able yesterday to clarify the precise methodology of the audit. The internal audit looked at government-funded projects approved between April, 1997, and April, 1999. They ranged in value from $300 to $14-million. Although only 37 projects were identified for further review, administrative problems were widespread. For example, two-thirds of the projects did not contain an analysis or a rationale for recommending or accepting the project. Eight out of every ten reviewed projects did not show evidence of financial monitoring. Three out of four projects to which the government contributed money had no indication of monitoring for achievement of specific results. Of 459 project files reviewed, 15% did not contain an application from the sponsor. Source: Adapted from L. Chwialkowska, “Rot may have spread to 3,000 grants,” National Post, February 11, 2000, pp. A1 and A9.
A number of other statistical issues are discussed at the end of this appendix following the questions. They include use of statistical regression in analytical review, use of MUS for compliance testing, and a more statistical interpretation of the audit risk model. It should be clear by now, however, that statistical auditing can help put auditing on a more scientific basis.
A P P L I C AT I O N C A S E W I T H S O L U T I O N & A N A LY S I S Monetary-Unit Sampling with Critical Thinking about Risk-Based Auditing
DISCUSSION CASE The MUS concepts introduced in this chapter are good illustrations of the application of critical thinking, although the issues of critical thinking may be hidden in the assumptions underlying the mechanics of applying MUS. Can you identify the critical thinking steps, as outlined in Appendix 3A, in the MUS decision making as described in this appendix? SOLUTION & ANALYSIS Through MUS, the auditor arrives at a value for an accounting population. This is done by representative sampling (CAS 530). Step 1 of critical thinking: Learn the views of others. In the sampling context, this step is represented by obtaining from management the total amount recorded for the population or some other claim about a population (e.g., that proper internal controls have been applied to the transactions of the reporting period). The auditor’s views of the population for sampling purposes are relevant here. With MUS, the population is viewed as dollar units, with the total dollar amount recorded representing a population of individual dollars. The more traditional view, statistical sampling using tests based on the normal distribution, is of a population consisting of individual accounts or physical units of varying values (e.g., a population of individual accounts receivable or inventory items). These differences in viewpoints have consequences for the two theories themselves. To summarize, effectiveness risk is the more serious as it relates directly to the audit risk model and its components, depending on whether we are talking about tests of controls or substantive tests.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-43
Effectiveness risk relates to audit effectiveness because the audit fails if it fails to detect a material misstatement. Efficiency risk, instead, relates to audit efficiency; it results in the auditors’ doing unnecessary work to clear up their mistake, something they are aware of by the end of the audit. This risk is implicitly controlled by the K value, as the higher the K value used in sample-size planning, the lower the efficiency risk and the larger the sample size. Another way to lower efficiency risk is to use a planned precision that is lower than overall or specific materiality. A common way to make this adjustment is to subtract expected errors from the overall or specific materiality. When auditors develop planned precision this way, they are really reducing efficiency risk over much of its range. (Remember that efficiency risk is controlled only at its lowest level; it grows automatically with the amount of misstatement and reaches a peak at materiality.) The differing theories result in planning differences, most notably in whether or not tolerable misstatements or performance materialities of CAS 530.05 need to be less than overall materiality or specific materiality. These issues have also historically been related to whether materiality allocation is included in audit planning. Under MUS no allocation is needed. This means that MUS can restrict itself to using overall and specific materialities based on user needs in evaluating the sample results. In MUS, if the precision used in planning the sample size is a performance materiality, then the only reason for this is to help control efficiency risk. The MUS formula examples below show this. For other statistical approaches, things are a bit more complicated. For these other statistical approaches, the model requirements, not user needs, make materiality allocation necessary. MUS accommodates user needs by allowing the use of specific materialities of Chapter 5 without affecting the use of overall materialities in other populations. Also, the results of individual tests can be combined, as shown below, and the results compared with materiality for financial statements as a whole. In general, the process of combining the results of multiple tests is much simpler under MUS and helps explain its popularity. Step 2: Identify the claims at issue. Management claims (asserts) that the recorded amount is materially correct, and the main claim at issue is whether this is true or if, in fact, the population amount is materially in error. The auditor must verify the assertion with the help of the statistical test. Step 3: Reasons for the competing claims. Management will refer to its system of internal controls, corporate governance, and past track record. The auditor must be skeptical and consider the alternative claim that there is a material misstatement in the recorded amount, and show that the risk of this claim is at an appropriately low level (i.e., at an acceptable level). Step 4: Evaluate the arguments. An argument, essentially, gives good reasons for a claim or conclusion. In statistical decision making, logically structured reasoning (see Appendix 3A, available on Connect, for more details) follows a pattern that is consistent with decision making throughout auditing and accounting. The pattern of logical argumentation is as follows. First, identify assumptions (including theories), models, concepts, and principles that guide the overall reasoning process. MUS’s distinctiveness is in viewing the population of interest as a population of dollar units and then applying attribute sampling theory to the dollar-unit population. With theories, many assumptions need to be made; some are more controversial than others, and critical thinking focuses on the more controversial ones, aiming to demonstrate their reasonableness. Often, the issues are a matter of firm policy, and much of the justification is embedded in firm practice manuals and policies. Second, gather the evidence in conformity with the theory and consistent with the goal of the audit procedure. This includes proper specification of the population to be evaluated, as discussed in the chapter. For example, in representative sampling, each unit of the population must have a predictable chance of
WWW.TEX-CETERA.COM
10B-44
PART 2
Basic Auditing Concepts and Techniques
being selected. This is absolutely essential for objectively controlling sampling risk, which is the primary advantage of statistical audit techniques. Third, reach a conclusion about the population that is consistent with the theory. For MUS, the conclusion is reached using the following decision rule: Decision Rule (1): If achieved P > materiality or tolerable deviation rate, then reject the recorded amount for the population; otherwise, accept it. This simple decision rule is effectively an evaluation of management’s claim that there is no material error in the population or that no intolerable deviation rates exist in it. Step 5: Reach a conclusion. The decision rule above indicates the quantitative result. The auditor must also consider qualitative aspects of the sample information, such as nature and cause of errors, before coming to a decision (CAS 530 and AuG-41). The above decision rule has already incorporated key quantitative risk and materiality considerations in the decision-making process. Further Elaboration of the Critical Thinking Aspects of Adopting Monetary-Unit Sampling Once a formal theory, such as MUS, has been accepted to assist in auditor decision making, it can be used to illustrate some basic concepts of auditing. For example, using our formulas and R value tables we can illustrate the law of diminishing marginal assurance to testing that explains why auditors use the sampling (testing) concept. For example, assuming materiality has a value of 0.01 (1%), then the sample sizes (n = R/P) for confidence levels of 80%, 95%, and 99%, respectively (equivalent effectiveness risks of 20%, 5%, and 1%), are as follows: 161, 300, and 451. Confidence levels translate roughly to assurance levels obtained from these samples. Thus, auditors using a materiality of 1% get 80% assurance for sample size 161, 95% assurance for sample size 300, and 99% assurance for sample size 451. These assurance levels relate to specific assertions, such as existence, depending on the audit purpose of the test. Testing is a generic term used for all types of sampling, whether random or not. The above calculations indicate that the first 80% of assurance is achieved with a sample size of 161. To get an additional 15% assurance (to 95%), the necessary sample size almost doubles. In other words, the auditor gets less assurance for each additional item sampled. Note that to get an additional 4% assurance beyond 95%, the original sample size must almost triple. The final 1% assurance comes through testing the entire population. If, for instance, the population consisted of 10,000 items, such as inventory items, of varying amounts (not unusual for a medium-size auditee), the final 1% assurance eliminating all uncertainties regarding existence involves testing an additional 9,549 (10,000 − 451) items! This explains why auditors use sampling and illustrates the diminishing marginal assurance to testing (see figure below)—it is rarely economical to eliminate the last bit of uncertainty in order to get 100% assurance. Since assurance equals one minus risk, this also explains why auditors don’t wish to fully eliminate risk (nor are clients willing to pay for it) but will settle for some acceptable level of it. Illustration Showing Why There Is No Need to Allocate Materiality with Monetary-Unit Sampling With our formula, we can also show why there is no need to allocate materiality with MUS. This is important because if you use a statistical method other than MUS, the auditor can be required to use performance materialities, and related tolerable misstatements derived from them, that are based on the needs of the statistical method, not on user needs. This is an important advantage of MUS. Through these illustrations, we show that the CAS 320 and 530 concepts of performance materiality and related tolerable
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-45
Decreasing Marginal Assurance with Increased Sampling Assurance (probability) 1.0
0
Amount of sampling (n)
misstatements are driven by the specific statistical model used to perform the test. Specifically, MUS does not need to use these concepts to achieve the auditor’s objective of detecting misstatements of greater than specific or overall materiality. For example, assume accounts receivable has a reported balance of $20 million, inventory has a balance of $10 million, and overall materiality is $1 million. If we wanted a 95% confidence level to verify the existence of accounts receivable via confirmation procedures, the sample size would be n = R/P = 3/(1/20) = 60. If we wanted a 95% confidence level to verify the existence of inventory via inventory counts, the sample size would be n = R/P = 3/(1/10) = 30. Note that the sum of these two sample sizes is the same as it would be if we treated inventory and receivables as one monetary-unit population, in which case the sample size for the combined population (at a 95% confidence level) would be n = R/P = 3/(1/30) = 90. Thus, by individually testing the populations associated with receivables and inventory using the same overall materiality of $1 million, the auditor can get the same 95% confidence for the combined population as for the separate populations. All the auditor needs to do is add up the errors from the two samples and evaluate as though one sample of a monetary-unit population of $90 million were tested. In this way, the auditor can also get a 95% confidence level on the overall conclusion for the combined population. The crucial point is that the same materiality is used for the overall evaluation as for the individual inventory and receivables valuations. There is no need to use different performance materialities for the components that are smaller than the overall materiality of $1 million with MUS. However, if user needs dictate a specific materiality smaller than overall materiality, that can be accommodated by MUS. But the point to remember is that performance materialities not based on specific user needs arise because of a particular sampling model, and not because of the needs of basic audit objectives. In other words, it’s the statistical model that gives rise to the need for materiality allocation, not some basic needs or objectives of auditing. Since MUS requires only materiality based on user needs or overall materiality on which to make decisions about a population, MUS is more consistent with the logic of the audit. Also see the next section of this analysis. If there were a lower specific materiality, say, $0.5 million, for receivables, then the sample size for receivables would have been 3/(0.5/20) = 120. If this new sample size were combined with that of inventory using the overall materiality of $1 million, then the total sample size to evaluate the risk of overall material misstatement for the combined population is 120 + 30 = 150. This is more than sufficient to detect material misstatement equal to overall materiality in the combined populations because the calculation in the preceding paragraph shows that the sample size needed for that is 90. This bigger sample size at the same confidence level (equals one minus effectiveness risk of 0.05) means that the efficiency risk for the combined test
WWW.TEX-CETERA.COM
10B-46
PART 2
Basic Auditing Concepts and Techniques
has been reduced over the efficiency risk range. Sampling theory predicts you will get some benefit from the increased testing, and, in this case, that benefit takes the form of reduction in efficiency risk, because the effectiveness risk (and confidence level) for the test have been kept at a constant level. However, this is not necessarily the case for all statistical tests when materialities smaller than overall would be required to get the same confidence level for the combined population. MUS can use smaller materialities for specific populations to meet specific user needs, but it does not require this, whereas non-MUS models can require smaller materiality, such as the performance materiality. This requirement has been referred to as materiality allocation. The need for complex materiality allocation rules has been introduced to auditing primarily because of tests based on the normal distribution, further demonstrating how the needs of specific sampling models can affect audit reasoning about evidence gathering. The calculations in the preceding paragraph also illustrate the chief effect of using smaller performance materialities. Assume that the $0.5 million materiality was a performance materiality instead of a specific (user needs–based) materiality. For example, assume the auditor expected misstatements of $0.5 million. One way audit firms adjust for the user needs–based materiality to get a performance-based materiality is to subtract the expected misstatements from the user needs–based materiality. In this case, subtract $0.5 million of expected misstatements from the $1 million overall to get $0.5 million of performance materiality, to plan the sample size using performance materiality, as indicated above. The important distinction to remember is as follows: use a smaller performance materiality to reduce efficiency risk when planning sample sizes, and use overall or specific materiality to control the effectiveness risk. Since efficiency risk can also be controlled by using a higher K value (effectively, more errors expected in the sample), we can summarize most concisely how the major risks and materiality are controlled by the following characterization of the MUS formula for sample size: n = (efficiency riskReffectiveness risk)/(user-based materiality as a proportion of book value) This formula attempts to concisely summarize the preceding discussion by showing the relationship of the extent of audit work and efficiency risk, effectiveness risk, and user-based materiality. Efficiency risk is affected by the K value chosen. That is why you see efficiency risk as the left-side subscript for R. Userbased materiality means the overall or specific materiality of Chapter 5. And effectiveness risk at this userbased materiality is controlled by choosing the confidence level from the R value table. The next section describes how user-based specific materialities relate to the overall materiality in planning an audit. The Difference between Overall Materiality and Specific Materiality Based on User Needs According to CAS 320.10–11, overall materiality is for financial statements as a whole (i.e., overall conclusion of 5025), versus performance materialities, which are lesser amounts that would affect some users for particular transactions, account balances, or disclosures, a qualified opinion would normally be used if misstatements exceed performance materiality, and an adverse opinion or disclaimer would be used for overall materiality. In order to better understand the distinction between overall materiality and performance materiality based on user needs (i.e., what we call specific materiality), assume there are a total of n users of the financial statements of an auditee, and you can also assume that each user has a different (performance) materiality Mi. Next assume you rank these materialities from smallest to largest so that M1 less than or equal to M2 and so on until Mn, which is the largest materiality. The easiest way to understand CAS 320 is by the way the auditor selects overall materiality, Mo, relative to Mi, where i is greater than zero. A simple approach is to pick Mo = M1. Under this approach the auditor sets overall materiality so that it meets the needs of the
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-47
most demanding user. Of course, by doing so the auditor also automatically satisfies the materiality needs of less demanding users. But this occurs at the cost of additional work on accounts where the additional work is not needed. But what suffers is audit efficiency, not audit effectiveness. Thus, using the smallest performance materiality, M1, for the entire audit results in possibly too much audit work but does not reduce audit effectiveness. If the auditor picks Mo to be greater than M1, then there is a difference between overall materiality and performance materiality. Under these conditions the auditor does less work for accounts that use the performance materiality. You see how this works in practice with this Application Case. Auditing as a Bayesian Reasoning Process Perhaps the most important influence on audit reasoning is the Bayesian view of evidence (i.e., use of Bayes’ theorem and Bayesian logic to evaluate the evidence). Auditors tend to adopt the Bayesian philosophy. The important thing about this view for auditors is that under the Bayesian view of evidence the auditor interprets statistical test results as statements about the probability of material misstatement. If the only audit evidence is the MUS statistical test, and if the auditor accepts the population, then under the Bayesian perspective the auditor can interpret the confidence level as the probability of less than material misstatement and the effectiveness risk as the probability of material misstatement. This view permeates audit reasoning to the point of being reflected in the audit risk model. For our purposes, the importance of the Bayesian view is that it allows the assurance to correspond to the confidence level and the effectiveness risk to the probability of material misstatement. Under this Bayesian view, it can be shown that decision rule (1) is equivalent to the following: Decision Rule (2): If the probability of material misstatement is greater than the acceptable risk, then reject; otherwise, accept the recorded amount. The interesting aspect of decision rule (2) is that it can be applied to all types of risk, not just sampling risk. In particular, this decision rule can be applied to the components of the audit risk model and to the accounting risk concept. Thus, decision rule (2) provides a means for introducing consistency in reasoning for financial reporting involving estimates as well as for other auditing issues. Consistency in reasoning is important to good logic, and it is best that audit reasoning processes be defended as logical. Inconsistencies in reasoning indicate that there is a contradiction, which, in turn, indicates flawed and illogical reasoning. It would be very difficult for an auditor to defend his or her work if the courts or the Canadian Public Accountability Board (CPAB) could show that there is an unresolved contradiction. In fact, philosophers have shown that contradictions can be used to represent lying (i.e., stated belief contradicts actual belief). Chapter 4 distinguishes accounting deficiencies from audit deficiencies. If auditors are to deal with these deficiencies consistently, then a reasoning process like decision rule (2) is one way of doing so. Note that since decision rule (2) focuses on risks, it is fully consistent with risk-based auditing and offers a way to deal with accounting risks of financial reporting as well as audit risk. We illustrate this in the Application Cases of Chapters 19 and 21 (available on Connect), where suitable criteria for financial reporting are discussed.
WWW.TEX-CETERA.COM
10B-48
PART 2
Basic Auditing Concepts and Techniques
SUMMARY • Statistical sampling requires knowledge of the underlying statistical calculations and relationships
and a certain amount of faith in the mathematics. Auditors are entitled to hold a statistical result at arm’s length and study it for its face validity. However, deciding to disregard an adverse statistical result because it does not give an auditor a good “feeling” is dangerous. Auditors must make decisions about account balances with care and with the best evidential base reasonably obtainable. It is not enough to develop a conclusion about the sampled units from a population. An auditor must project the sample evidence for a conclusion about the whole population—the dollar amount of the account under audit. LO8 • Applying statistical sampling is not technically difficult. However, making good sense of the judgments
and estimates involved in sampling is hard. These are the facts, estimates, and judgments auditors should use when applying monetary-unit sampling (MUS) for the substantive audit of an account balance: Fact Recorded amount (book value, population value) of the account Estimate Expected dollar misstatement in the account Judgments Audit risk as it relates to the account Inherent risk as it relates to the account Control risk as it relates to the controls over transactions that create the account balance (coordinated with the control risk assessment work) Analytical procedures risk related to other substantive procedures designed to obtain substantive evidence about the account balance Risk of incorrect acceptance (can be derived from the other risk judgments) Risk of incorrect rejection (can be derived from the cost relationships) Material misstatement—the materiality used for the account LO8 • The appendix incorporated all of these elements in the application of MUS. They were used to explain
procedures for calculating a sample size, selecting a monetary-unit sample, and evaluating the quantitative evidence obtained from a sample. The quantitative evidence measurements were integrated into a discussion of the problem of determining an amount to recommend for adjustment when the evidence is based on a sample. LO8 • Audit sampling is not just theory for textbooks: tax auditors, public sector auditors, and independent
auditors who perform audits of government programs all use sampling for regulatory purposes. Tax and public sector audit applications were illustrated. LO8
KEY TERM unrestricted random sample
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-49
EXERCISES AND PROBLEMS EP 10B-1 Deciding the Best Evidence Representation. LO8 Assume you are working on the audit of a small company and are examining purchase invoices for the presence of a “received” stamp. The omission of the stamp is thus a deviation. The population is composed of approximately 4,000 invoices, which were processed by the company during the current year. You decide that a deviation rate in the population as high as 5% would not require any extended audit procedures. However, if the population deviation rate is greater than 5%, you would want to assess a higher control risk and do more audit work. Required: For each case in the exhibit in EP 10B-5 (below), write the letter of the sample (A or B) that, in your judgment, provides the better evidence that the deviation rate in the population is 5% or less. (Assume that each sample observation is selected at random.) EP 10B-2 Estimating a Frequency. LO8 A local industrial company has two departments. In the larger department, about 45 sales invoices are completed each day; in the smaller department, about 15 invoices are completed each day. About 50% of all sales invoices completed in each department specify discounts from the company’s list prices. However, the exact percentage varies from day to day. It may be higher than 50% sometimes and lower than 50% other times. For a period of one year, and for each department, a member of the audit staff kept track of the number of days on which more than 60% of the sales invoices specified discounts. Required: Which department do you think showed the greater number of such days? a. The larger department b. The smaller department c. About the same EP 10B-3 Risk of Assessing Control Risk Too High. LO8 When you audited Kingston Company’s performance of its control procedures, you found four deviations of “wrong quantity billed” in a sample of 80 invoices. At the risk of assessing control risk too low of 5%, this finding showed a UEL of 12%, which is more than your tolerable rate of 4%. This quantitative evidence indicating control deficiency now subjects you to a risk of assessing control risk too high if you decide internal control risk is high and you should do more audit work on the accounts receivable. Required: Calculate the risk of assessing control risk too high based on the presumption that only 4% of invoices in the population actually have billed the wrong quantity to customers. EP 10B-4 Sample-Size Relationships.
LO8
Required: For the specifications of acceptable risk of assessing control risk too low, tolerable deviation rate, and expected population deviation rate shown below, prepare tables showing the appropriate sample sizes. (Use the evaluation tables at the back of this appendix or the Poisson risk factor equation as given in the solution to EP 10B-3.) Then, repeat a, b, and c for the sample size when the population contains only 500 units.
WWW.TEX-CETERA.COM
10B-50
PART 2
Basic Auditing Concepts and Techniques
a. Tolerable deviation rate = 0.05. Expected population deviation rate = 0. Acceptable risk of assessing control risk too low = 0.01, 0.05, 0.10. b. Acceptable risk of assessing control risk too low = 0.10. Expected population deviation rate = 0.01. Tolerable deviation rate = 0.10, 0.08, 0.05, 0.03, 0.02. c. Acceptable risk of assessing control risk too low = 0.10. Tolerable deviation rate = 0.01, 0.02, 0.04, 0.07, 0.09. EP 10B-5 Exercises in Sample Selection.
LO8
Required: a. Sales invoices beginning with number 0001 and ending with number 5000 are entered in a sales journal. You want to choose 50 invoices for a test of controls. Start at row 5, column 3, of the random number table at the back of this appendix and select the first five usable numbers, using the first four digits in the column. b. There are 9,100 numbered cheques in a cash disbursements journal, beginning with number 2220 and ending with number 11319. You want to choose 100 disbursements for a test of controls. Start at row 11, column 1, of the table of random digits at the back of this appendix and select the first five usable numbers. c. During the year the client wrote 45,200 vouchers. Each month, the numbering series started over with number 00001, prefixed with a number for the month (January = 01, February = 02, and so on), so the voucher numbers had seven digits, the last five of which were in overlapping series. You want to choose 120 vouchers for audit. Evaluate each of the suggested selection methods in Exhibit EP 10B-5. EXHIBIT EP10B–5 CASE 1 Sample A or B
CASE 2
B
A
75
200
150
Number of deviations found in sample
1
4
Percentage (%) of sample invoices with deviations
1.3
2.0
Number of invoices examined
A
CASE 3
B
CASE 4
CASE 5
A
B
A
B
A
B
25
250
100
100
125
225
200
2
0
6
2
1
3
7
4
1.3
0.0
2.4
2.0
1.0
2.4
3.1
2.0
i.
Choose a month at random, and select 120 at random in that month by association with a five-digit random number.
ii.
Choose 120 usable seven-digit random numbers.
iii.
Select 10 vouchers at random from each month.
d. Explain how you could use systematic sampling to select the first five items in each case above. For c, assume the random start is at voucher 03-01102. EP 10B-6 Imagination in Sample Selection. LO8 This appendix illustrated a problem of selecting a sample of classified ads printed in a newspaper. Auditors often need to be imaginative when figuring out how to obtain a random sample. Required: For each of the cases below, explain how you could select a sample with the best chance of being random. a. You need a sample of recorded cash payments. The client used two bank accounts for general payments. Account number 1 was used during January–August and issued cheques numbered 3633– 6632. Account number 2 was used during May–December and issued cheques numbered 0001–6000.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-51
(Hint: For purposes of random number selection and cheque identification, convert one of the numerical sequences to a sequence that does not overlap the other.) In the table of random digits, start at row 1, column 2, and select the first five random cheques, reading down column 2. b. You need a sample of purchase orders. The client issued prenumbered purchase orders in the sequence 9000–13999 (5,000 of them). You realize if you just select five-digit random numbers from a table, looking for numbers in this sequence, 95% of the random numbers you scan will be discards because a table has 100,000 different five-digit random numbers. (The computer is down today!) How can you fiddle with this sequence to reduce the number of discards? (Hint: You can reduce discards to zero.) In the table of random digits, start at row 30, column 3, and select the first five random purchase orders, reading down column 3. c. You need a sample of perpetual inventory records so that you can go to the warehouse and count the quantities while the stock clerks take the physical inventory. The perpetual records have been printed out in a control list showing location, item description, and quantity. You have a copy of the list. It is 75 pages long, with 50 lines to a page (40 lines on the last page). Find an efficient way to select 100 lines for your test of controls audit of the client’s counting procedure. d. You need to determine whether an inventory compilation is complete. You plan to select a sample of physical locations, describe and count the inventory units, and trace the information to the inventory list. The inventory consists of tools, parts, and other hardware material shelved in a large warehouse. The warehouse contains 300 rows of 30-metre-long shelves, each of which has 10 tiers. The inventory is stored on these shelves. Find an efficient way to select 100 sampling units of physical inventory for count and tracing to the inventory listing. EP 10B-7 Upper Error Limit Calculation Exercises. LO8 Required: Using the table of random digits and the Poisson risk factor equation, find the computed UEL for each case below. (a)
(b)
(c)
Risk of assessing control risk too low
0.01
0.05
0.10
Sample size
300
300
300
6
6
6
Sample deviation rate
—
—
Computed UEL
—
—
Deviations
—
(d)
(e)
(f)
Risk of assessing control risk too low
0.05
0.05
0.05
Sample size
100
200
400
2
4
8
Sample deviation rate
—
—
—
Computed UEL
—
—
—
Deviations
(g)
(h)
(i)
Risk of assessing control risk too low
0.05
0.05
0.05
Sample size
100
100
100
Deviations
10
6
0
Sample deviation rate
—
—
—
Computed UEL
—
—
—
WWW.TEX-CETERA.COM
10B-52
PART 2
Basic Auditing Concepts and Techniques
EP 10B-8 Discovery Sampling.
LO8
Required: Using the discovery sampling theory and R value tables, fill in the missing data in each case below. Critical rate of occurrence
(a)
(b)
(c)
0.4%
0.5%
1.0%
Required probability
99
99
99
Sample size (minimum)
—
—
—
(d)
(e)
(f)
2.0%
1.0%
0.5%
Critical rate of occurrence Required probability
—
Sample size (minimum) Critical rate of occurrence Required probability Sample size (minimum)
—
—
240
240
(g)
(h)
(i)
—
—
—
70
85
300
460
240
95 700
EP 10B-9 Selecting a Monetary-Unit Sample. LO8 You have been assigned the task of selecting a monetary-unit sample from the Whitney Company’s detail inventory records as of September 30, 20X2. Whitney’s controller has given you a list of the 23 different inventory items and their recorded book amounts. The senior accountant has told you to select a sample of 10 dollar units and the logical units that contain them. Required: Prepare a working paper showing a systematic selection of 10 dollar units and the related logical units. (Arrange the items in their numerical identification number order, and take a random starting place at the 1210th dollar.) ID
AMOUNT
ID
AMOUNT
ID
AMOUNT
ID
AMOUNT
1
$1,750
7
$1,255
13
$ 937
19
$2,577
2
1,492
8
3,761
14
5,938
20
1,126
3
994
9
1,956
15
2,001
21
565
4
629
10
1,393
16
222
22
2,319
5
2,272
11
884
17
1,738
23
1,681
6
1,163
12
729
18
1,228
EP 10B-10 When Acceptable Risk Exceeds 50%.
LO8
Required: Write an explanation of the auditing theory and GAAS regarding sampling plans when the risk model causes the calculation of RIA (acceptable risk of incorrect acceptance) to exceed 50%.
DISCUSSION CASES DC 10B-1 Tom’s Misapplied Application. LO8 Tom Barton, an assistant accountant with a local public accounting firm, has recently graduated from the Other University. He studied statistical
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-53
sampling for auditing in university and wants to impress his employers with his knowledge of modern auditing methods. He decided to select a random sample of payroll cheques for the test of controls, using a tolerable rate of 5% and an acceptable risk of assessing control risk too low of 5%. The senior accountant told Tom that 2% of the cheques audited last year had one or more errors in the calculation of net pay. Tom decided to audit 100 random cheques. Since supervisory personnel had larger paycheques than production workers, he selected 60 of the larger cheques and 40 of the others. He was very careful to see that the selections of 60 from the April payroll register and 40 from the August payroll register were random. The audit of this sample yielded two deviations, exactly the 2% rate experienced last year. The first was the deduction of federal income taxes based on two exemptions for a supervisory employee. The other was payment to a production employee at a rate for a job classification one grade lower than his actual job. The worker had been promoted the week before, and Tom found that in the next payroll he was paid at the higher correct rate. When he evaluated this evidence, Tom decided that these two findings were really not control deviations at all. The withholding of too much tax did not affect the expense accounts, and the proper rate was paid the production worker as soon as the clerk caught up with his change orders. Tom decided that having found zero deviations in a sample of 100, the computed upper limit at 5% risk of assessing control risk too low was 3%, which easily satisfied his predetermined criterion. The senior accountant was impressed. Last year, he had audited 15 cheques from each month, and Tom’s work represented a significant time savings. The reviewing partner on the audit was also impressed because he had never thought that statistical sampling could be so efficient, and that was the reason he had never studied the method. Required: Identify and explain the mistakes made by Tom and the others. DC 10B-2 Determine Sample Size for a Test of Controls. LO8 N. Wolfe, PA, is planning the audit of Goodwin Manufacturing Company’s inventory. Wolfe plans to audit the inventory by selecting a sample of items for physical observation and counting, followed by price testing. The price testing part of the work takes a large portion of the time on each sampling unit because the company’s costing method is complex. The estimated cost of auditing each sampling unit in this substantive balance-audit sample is estimated at $25. Because this detailed substantive work is expensive, Wolfe would like to minimize the sample size by assessing a low control risk. She decided that control over accurate pricing of purchases (additions to the inventory) would be the most appropriate control attribute. The reasoning is that inventory balance misstatements could arise from either or both of miscounting or erroneous pricing and costing calculations. If the basic purchase pricing were accurate, then the inventory count accuracy and the difficult inventory costing calculations would be the remaining source for error and audit attention. The estimated cost to audit a purchase transaction for pricing accuracy is estimated to be $12. She thinks the client’s staff makes few, if any, errors in pricing the purchase transactions. For the audit of the inventory balance, Wolfe accepted the accounting firm’s policy of setting audit risk at 0.05. Since business activity in the client company had been hectic lately, she decided to be conservative and set inherent risk at 1.0. However, certain analytical procedures will be performed by comparing the inventory balance to prior years, the company budget, and
WWW.TEX-CETERA.COM
10B-54
Basic Auditing Concepts and Techniques
PART 2
certain historical statistics, and these procedures might have a 10% chance of detecting material misstatements of the balance. The book-recorded amount of the inventory is $72 million, spread among 3,345 different kinds of inventory items. Purchases for the year amounted to $467 million in about 6,000 separate purchase transactions. Wolfe believes the inventory balance can be misstated by as much as $2 million without causing the financial statements as a whole to be materially misstated. The overall materiality judgment is $8 million misstatement of operating income before taxes, and $2 million is the amount assigned to the audit of the inventory balance. The audit staff recently attended a training session where Wolfe learned about the concepts of a smoke/fire multiplier and an incremental risk of incorrect acceptance used to judge the risk of assessing control risk too low. Inventory purchase pricing errors can be numerous yet not affect the dollar amounts very much, so Wolfe decided that a smoke/fire multiplier of 7 was appropriate. (The firm’s policy is to use the multiplier to figure an anchor tolerable deviation rate for control risk = 0.05, and round the anchor up to 1% if the multiplier produces an anchor less than 1%. After that, each tolerable deviation rate is 1 percentage point higher for each control risk level increment of 0.05.) The firm’s policy about an incremental risk of incorrect acceptance resulting from assessing control risk too low has not yet been published, but Wolfe thinks that a 0.02 change should not make much difference. The problem is deciding the size of the test of controls sample for the audit of the purchasepricing transactions. Wolfe partially completed the worksheet shown in Exhibit DC 10B-2. She handed it over to you. Required: Copy the worksheet. Complete it and decide the size of the sample for the detail test of accuracy control over the pricing of purchases (additions to the inventory). Round the risk of incorrect acceptance and risk of assessing control risk too low probabilities to two decimal places. EXHIBIT DC 10B–2 TEST OF CONTROL CONTROL RISK CATEGORIES Low control risk
Moderate control risk
Control risk below maximum Maximum risk
CR
TDR
RIA
RACRTL
N[C]
COST
BALANCE-AUDIT N[S]
0.10
25
0.20
46
0.30
60
0.40
71
0.50
71
0.60
87
0.70
91
0.80
96
0.90
101
1.00
101
CR = Control risk. TDR = Test of details risk.
WWW.TEX-CETERA.COM
COST
TOTAL
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
APPENDIX 10B
10B-55
RIA = Risk of incorrect acceptance for the substantive balance-audit sample. RACRTL = Risk of assessing control risk too low. DC 10B-3 Relation of Monetary-Unit Sample Sizes to Audit Risk Model.
LO8
Required: Prepare tables like the one in Exhibit DC 10B-2 under different assumptions for the three combinations given below. Calculate monetary-unit sample sizes using the Poisson risk factors for a dollar value of the balance of $300,000 and a tolerable misstatement of $10,000. Assume zero expected misstatement. (These are the recorded amount and tolerable misstatement underlying Exhibit DC 10B-2.) Round your RIAs to two decimal places to use the Poisson risk factor tables. 1. AR = 0.10, IR = 1.00, AP = 1.00 2. AR = 0.05, IR = 0.50, AP = 1.00 3. AR = 0.05, IR = 1.00, AP = 0.50 Required: Explain the differences or similarities among the different or same sample sizes produced by your calculations. DC 10B-4 Determining an Efficient Risk of Incorrect Rejection (Monetary-Unit Sampling). LO8 Your audit firm is planning the audit of a company’s accounts receivable, which consists of 1,032 customer accounts with a total recorded amount (book value) of $300,000. You have already decided that the accounts receivable can be overstated by as much as $10,000, and the financial statements would not be considered materially misstated. Judging by the experience of past audits on this client, only a negligible amount of misstatement is expected to exist in the account. Preliminary calculations of sample sizes have been made for several possible control risk levels. These calculations were based on a “base” risk of incorrect rejection of 0.01. Minimum sample sizes based on the alternative risks of incorrect rejection shown below were also calculated. Audit work on the accounts will cost $8 per sampling unit when the accounts are selected for the initial sample. However, if the sample indicates a rejection (material overstatement) decision, the audit of additional sampling units will cost $19 each. CONTROL RISK
“BASE” SAMPLE
0.20 0.30 0.40 0.50 0.60 0.70 0.80 0.90 1.00
80 96 107 116 122 128 133 137 141
ALTERNATIVE RIR
ALTERNATIVE (MINIMUM) SAMPLE
0.02 0.02 0.03 0.03 0.03 0.03 0.03 0.03 0.03
41 53 62 68 74 78 82 86 89
RIR = risk of incorrect rejection.
Required: For each of the control risk levels shown above, calculate the expected cost savings from auditing the initial alternative (minimum) sample. Assume that the action in the event of a rejection decision is to expand the work by selecting additional units up to the number in the base sample. Discuss the potential audit efficiencies and possible inefficiencies from beginning the audit work with the alternative (minimum) sample size.
WWW.TEX-CETERA.COM
10B-56
PART 2
Basic Auditing Concepts and Techniques
DC 10B-5 Different Sampling Methods Compared. LO8 The trial balance of 50 of Kingston Company’s accounts receivable (“balance” column) in Exhibit DC 10B-5 was extracted from the population of 1,506 customer accounts. The customer account numbers have been changed to run consecutively from 1 to 50. This small population represents the accounts kept by a division of the company, although they are included in the population of 1,506 for financial statement presentation. The small population would normally not be audited separately or treated by statistical sampling methods. However, it is presented here to enable you to try out some of the sample selection methods and calculations. You are also given hypothetical audit findings for all the accounts, as if all the errors in them were known. The requirements below are a kind of “final exam” on account balance-audit sampling. Required: a. Select an unrestricted random sample (without replacement) of the customer accounts by associating account numbers with random numbers. Start in the first row, first column, of the table of random digits at the back of this appendix. Use two-digit random numbers, reading down the first column until you have identified 10 customer accounts. b. Select a systematic random sample of 10 customer accounts using two random starts. Select a random number between 1 and 10 and select every 10th account, and then select another random number between 1 and 10 and select every 10th account again. (Your instructor’s solution is based on random starts of 3 and 5.) c. Select a systematic random monetary-unit sample of 10 dollars, identifying the associated logical units. For the given sample size of 10, the average sampling interval is $1,947 ($17,523/9). Select a random number between 1 and 1,947. (Your instructor’s solution is based on a random starting number of 0741. At the end of the population you will need to cycle back to the beginning to get the 10th selection.) d. Which customer account(s) in the trial balance will always be included in a systematic monetary-unit sample of 10? e. Prepare a table comparing the results of each of the samples in a, b, and c above. The columns should be titled (a) Random-Unit Sample, (b) Systematic-Unit Sample, and (c) Monetary-Unit Sample. Label the rows for the following data and calculations: population size, population dollar total, sample size, recorded amount in sample, number of error accounts in sample, projected likely misstatement (difference method, ratio method, monetary-unit method). Produce all the values for the rows for each kind of sample. f. Calculate the UEL (finitely corrected) for the 2% risk of incorrect acceptance for each sample. Add a line for UEL to the table you started in e above. Assume the relevant standard deviations are standard deviation of random unit sample and systematic unit sample difference amounts = $181. EXHIBIT DC 10B-5
ACCOUNT NO. 1
BALANCE $
WRONG QUANTITY
WRONG MATH
WRONG DATE
141
MONETARY ERROR $
0
AUDIT AMOUNT $ 141
2
346
0
346
3
1,301
0
1,301
0
683
4
683
5
1,555
6
105
$ 600 $ 200
600
955
0
105
200
1,706
7
1,906
8
102
0
102
9
634
0
634
(continued)
WWW.TEX-CETERA.COM
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
APPENDIX 10B
EXHIBIT DC 10B-5
(continued) ACCOUNT NO.
BALANCE
WRONG QUANTITY
WRONG MATH
WRONG DATE
MONETARY ERROR
AUDIT AMOUNT
10
116
0
11
77
0
116 77
12
51
0
51
13
320
0
320
14
178
0
178
15
188
16
482
17
183
18
130
137 59 $8
0
188
137
345
59
124
8
122
19
683
0
683
20
141
0
141
21
57
0
57
22
161
0
161
23
145
0
145
24
210
0
210
25
461
26
508
27
656
28
193
111 136 11
111
350
136
372
0
656
11
182
29
98
0
98
30
177
0
177
31
103
0
103
32
503
115
115
388
33
500
107
107
393
34
104
0
104
35
157
0
157
36
388
0
388
37
98
38
621
106
0
98
106
515
39
394
0
394
40
134
0
134
41
80
0
80
42
91
0
91
43
65
0
65
44
10
0
10
45
470
46
156
47
703
48
378
49 50 Number
117
353
0
156
0
703
72
306
312
0
312
268
0
268
72
50
$
4
$17,523
$
476
Average
$350.46
$119.00
Standard deviation
$374.28
Total
117
2
7
13
50
19
$ 1,284
$1,779
$15,744
$9.50
$183.43
$
WWW.TEX-CETERA.COM
$35.58
$314.88
$94.31
$320.88
10B-57
10B-58
PART 2
Basic Auditing Concepts and Techniques
Part IV: Other Topics in Statistical Auditing: Regression for Analytical Review, MonetaryUnit Sampling for Tests of Controls, and the Audit Risk Model Auditors sometimes use statistical models with analytical review procedures. The most common such statistical model is regression. In a regression model a linear mathematical relationship is assumed between one dependent variable and one or more independent variables based on a set of values for these variables. An illustration of a relationship that may be used in auditing is to set the dependent variable equal to sales and the independent variable to cost of sales. The data set may consist of monthly recorded amounts for each of the 36 months preceding the current year. A scatter graph of these variables may suggest a linear relationship, which the auditor might exploit to get audit assurance from such a relationship. The simple regression model assumes a linear relationship and “fits” a line that reflects this relationship and estimates two parameter values necessary to model the line. The regression model is represented as follows: y = a + bx + E where y = the dependent variable values, for example, sales values, which vary depending on the independent variable. x = the independent variable, for example, cost of sales, which is the variable assumed “to explain” the dependent variable. From an audit point of view it can be any variable that plausibly explains the dependent variable based on past historical relationships. a = a constant and represents one of the parameters, the intercept (value of y when x = 0), estimated by the regression of the linear equation. b = another constant estimated by the regression model called the coefficient of the independent variable and representing the slope of the regression line. Both constants a and b are needed to define the regression line mathematically. E = the residual unexplained difference, which reflects the fact that the regression line is not a perfect predictor of y given the x variable. If this residual gets too large for any given month observation, the observation is termed an outlier. After constructing a regression line statistically with one or more independent variables, the auditor can use this model to predict the adequacy of the reported amount for the dependent variable for the months covering the current audit period. For an illustration we use an example from an influential book on statistical regression by K. W. Stringer and J. R. Steward of the former Deloitte Haskins Sells.7 Their Gamma Company example used data from the 36 months preceding the current fiscal year to estimate a linear equation using regression of the following form: y =-366.46 + 0.8906x1 + 1.3578x2 where y here represents revenues for a software firm, x1 = programming hours at standard, and x2 = expenses
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-59
Graph of Typical Regression Application y
y = a + bx = Fitted Regression Line
residual
observed relationship x
Assume also that the model has successfully passed the usual tests for regression, for example, t test and F test, and the usual diagnostics that are normally built into the software used by auditing firms. With such a model the auditor can develop expectations for the current audit period on revenues by month, for example, say the client reports revenues of 2,698 for June and the auditor wishes to get some assurance on the accuracy of this amount. The above regression model can be used to predict what revenues should be, given historical relationships. So, plugging standard hours of 2,013 for June and expenses of 1,157 for June into the equation, we get predicted revenues of y = −336.46 + 0.8906(2,013) + 1.3578(1,157) = 3,027 The difference between the expected amount provided by the model and the actual amount proposed by the client (3,027 − 2,698 = 329) is the amount of variation unexplained by expected relationships. If the auditor feels this difference is significant, he or she should investigate revenue for the month of June in more detail. Note how regression can be used to identify problem areas and to help plan the audit of the revenue amount in this case. Several technical implementation issues have to be addressed in developing models like the one above. First, and most important, the auditor has to determine plausible business relationships for use in the regression to determine expectations for the amounts being audited. This includes identifying the appropriate dependent and independent variables to use in the model. The auditor would start by using his or her professional judgment in selecting the variables to use in the model. This can be supplemented by various statistical tests to further refine the model. For example, the initial set of independent variables considered for this regression included hours worked by the programmer, the senior programmer, and analysts, as well as the hourly rates for each of these groups, and expenses charged to clients and cost of services. It takes a high level of audit judgment and good knowledge of the client’s business to develop costeffective regression models for analytical procedures. Such statistical models are used primarily at the planning stage, when they are of most use to the auditor. As noted in Chapter 10, analytical procedures have proved to be very effective for detecting material errors in audits. And they can be used for a variety of accounts, particularly when sufficiently desegregated monthly data are conveniently available from the client.
WWW.TEX-CETERA.COM
10B-60
PART 2
Basic Auditing Concepts and Techniques
However, caution is advisable since research has also shown that while statistical analytical review can be used to provide some audit assurance for client accounts, it should not be used to provide a high level or the sole amount of assurance for anything other than immaterial amounts. Another caution is that because of the sensitivity of the regression results to materiality, the planned level of assurance (the confidence level), and the need to use the negative approach, auditors need to develop a special interface in applying regression models to audit practice. In other words, you cannot just take a regression package available from, say, Microsoft Excel and apply it to your audit data. Keep in mind that audit assurance is related to 1 – RIA, not 1 – RIR. Specifically, in most scientific applications the null hypothesis relates to there being no difference because the scientist is usually interested in the effects of some experimental treatment. In auditing, because the crucial null hypothesis assumes there is a material difference, the confidence level is the complement of the opposite risk that is normally used in the sciences. Specifically, in the sciences (and therefore in most statistical tables), the positive approach is used rather than the negative approach that is relevant to the auditor. As a result, special adjustments normally need to be made for classical statistical estimators, including the regression model. That is why audit firms have developed a special audit interface to be used with the regression models. And you should be aware of the need for such an interface before applying off-the-shelf regression packages to audit applications. In fact, it is far better to obtain a package specially tailored for auditor use. Most of the large firms already have such packages, making the use of statistical analytical procedures very feasible. Research has shown that the negative approach for analytical review in auditing is preferred to the positive approach in controlling both efficiency and effectiveness risks.8
Monetary-Unit Sampling for Tests of Controls Although we have noted that MUS formulas can be used for tests of controls applications, we implicitly assumed in all our illustrations that the test of controls sampling was based on physical-unit selection. Some auditors argue that a more appropriate way of evaluating controls is to use MUS rather than physical-unit selection. This is because automatic stratification of the population results from MUS, so the evaluation of controls can be based on the maximum proportion of dollars (rather than the maximum proportion of physical units) in the population that is likely to contain errors. Research has shown that compliance deviation rates per recorded dollar can be substantially different from compliance deviation rates for physical units, such as sales invoices and shipping documents. For example, in the stratification example in Chapter 10, compliance deviations for strata 3, 4, 5 may be much higher than for the high-valued items in strata 1 and 2. The auditor can incorporate such differences judgmentally or let the MUS sampling technique automatically account for this effect in evaluating controls. Note that such differences in controls for different strata could affect auditor strategies, as noted in Exhibit 10–5. In fact, we can take the position that unstratified physical-unit sampling for attributes ignores possible differing strengths of controls based on the value of items recorded—unstratified physical-unit sampling for tests of controls implicitly assumes controls are equally strong for high-value items and low-value items. Limited empirical evidence on this issue suggests that this is not the case in practice. Nevertheless, unstratified physical units is the most commonly used method in current practice. A Canadian research study has called for a change in this practice and increased reliance on MUS for control testing.9 As the importance of auditor reports on internal controls increases, perhaps this issue will gain increasing prominence.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-61
For example, the increasingly important concept of continuous auditing allows a way to calculate sample size and sampling interval without knowing the recorded amount for the entire period, that is, without knowing the recorded amount (BV) of an entire population, such as sales or purchases for the period. Tests of controls and substantive tests with MUS address this problem of continuous audits by allowing the calculation of sampling interval and sample size without knowing the BV for the population in advance. All that is required is for the auditor to specify materiality in dollar terms. But this is simply P × BV, that is, MM = P × BV. Note that if the auditor can directly specify MM (= P × BV), then the auditor can also determine the average sampling interval: BV/n. This is possible because n = R/P, and the sampling interval is algebraically equivalent to BV/(R/P) = (BV × P)/R = MM/R. Thus, the auditor can determine the sampling interval without specifying BV itself or knowing BV in advance. This can be an important advantage in practice if the client has not yet compiled a total BV for his or her population, as would be the case in continuous audits involving continuous online real-time reporting of sales and purchases as may be demanded in e-commerce audits. The auditor can take a systematic sample as he or she simply adds through the population of transactions as the transactions occur. This, however, would require embedded software. We can now try to summarize all the various sampling risks with the audit risk model.
Sampling Risks and the Audit Risk Model The basic goal of the audit can be characterized as providing a high degree of assurance that there are no material errors, where Level of assurance = Probability that there is no material error after the audit = 1 − Probability of material error existing after the audit = 1 − Audit risk, and where audit risk according to the CPA Canada Handbook can be represented as audit risk = IR × CR × DR, where IR = inherent risk, CR = control risk, and DR = detection risk. Detection risk, in turn, is sometimes split up into a substantive testing of details risk (RIA) and risk of other audit procedures including analytical review (APR). Some auditors prefer to stress the audit assurance aspect provided by these various sources so that they refer to assurance from substantive testing of details risk (= 1 − RIA) or assurance from analytical procedures (= 1 − APR). This is just a different way of looking at these factors, and the amount of work would not be affected since the assessments are still the same. Now, how do all these risks relate to sampling risk? • IR = inherent risk has nothing to do with sampling risk, but note that it relates to the risk of having
material errors (i.e., the negative approach null hypothesis underlying effectiveness risk).
• RIA = effectiveness risk for substantive tests of details.
• CR = effectiveness risk for tests of control under some approaches; however, since there are usually
several tests of control, CR does not automatically equal effectiveness risk for a given test. Professional judgment is also required in combining the results of several procedures on internal control (some statistical, some not) to assess CR for a given application. • APR = effectiveness risk for regression equations for analytical review, but if combined with other non-statistical analytical procedures (which is normally the case), additional professional judgment is required to assess APR. Now we can better appreciate why same practitioners say, “Minimization of the overall effectiveness risk is the reason for the existence of the public accounting profession.” Statistical auditing provides a more objective means of controlling these effectiveness risks for different procedures. Note moreover that efficiency risk is not directly considered anywhere in the risk model. Perhaps this explains why auditors are less likely to directly quantify efficiency risk in practice.
WWW.TEX-CETERA.COM
10B-62
PART 2
Basic Auditing Concepts and Techniques
Tucker (1989)10 provides a useful review of the development of the audit risk model. The basic idea for the risk model was developed by one of the earliest researchers in auditing, Ken Stringer, a former partner in what is now Deloitte. In the early 1960s he was one of the first auditors to develop sampling plans tailored to audit objectives. He was also a pioneer in introducing MUS and the original concepts underlying the audit risk model (see Tucker, 1989, Table A, for a summary) to auditing. The audit risk model initially focused on sampling risks associated with tests of controls and substantive tests of details. Specifically, the model focused on effectiveness risks associated with the two types of tests. The two tests were treated as independent, allowing the representation of the multiplicative form of the model that you see in this appendix. Specifically, Stringer started the risk model in the form Audit risk = Internal control risk × Sampling risk (from substantive tests of detail). The model focuses on the failure to detect material misstatements. It thus implicitly assumes that all detected material errors are corrected. This is an important assumption, as it means that if this assumption is made for all audit evidence, then the more extended risk model you saw in this appendix is basically appropriate or can be made appropriate with conditional probabilities for a specific sequence of audit procedures. You can view the CAS risk model as a generalization that incorporates statistical as well as non-statistical procedures. However, it has limitations that were recognized by Stringer, for example, that inherent risk and control risk cannot be assessed at zero. For these reasons, the CASs prefer to represent the model qualitatively in words and not quantitatively as a formula. Thus the approach to quantification reflects to some degree the importance attached to qualitative versus quantitative representation of the risk model. This difference in approach is partly a matter of preferences as well as professional judgment, and this is also reflected in attitudes toward statistical modelling in general. Despite these different approaches to the audit risk model, the critical assumptions that all detected material misstatements can be corrected holds for all approaches. As we will see in Chapter 19, however, when it comes to accounting risk this assumption is not always true. That’s because errors associated with future events cannot be eliminated. And the risks associated with them can behave quite differently from the risks in the audit risk model. One may ask, why not always represent the risk model qualitatively? The answer is to make the audit more objective. The current qualitative interpretation in CASs has been greatly influenced by the quantification efforts of Stringer (e.g., see Tucker, 1989). Stringer’s modelling efforts have helped clarify the reasoning process of auditing as a whole. Quantification helps address problems associated with qualitative assessments, as is discussed in Appendix 3A, on critical thinking. A balance of both quantitative and qualitative approaches seems needed to maximize audit effectiveness. This is part of professional judgment and the critical thinking that accompanies it.
R Value Tables R value tables give a unique R value for every combination of confidence level (CL) or effectiveness risk (= 1 − CL) and number of errors (K value) (PGW = precision gap widening): EFFECTIVENESS RISKS (= 1 - CONFIDENCE LEVELS)
50% (CL = 50%) K ERRORS
45% (CL = 55%)
40% (CL = 60%)
35% (CL = 65%)
R
PGW
R
PGW
R
PGW
R
0
0.70
—
0.80
—
0.92
—
1.05
—
1
1.70
0.00
1.84
0.04
2.02
0.10
2.22
0.17
2
2.70
0.00
2.88
0.04
3.11
0.09
3.35
0.13
3.70
0.00
3.92
0.04
4.18
0.07
4.45
0.10
3
PGW
(continued)
WWW.TEX-CETERA.COM
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
APPENDIX 10B
EFFECTIVENESS RISKS (= 1 - CONFIDENCE LEVELS)
50% (CL = 50%) K ERRORS
45% (CL = 55%)
40% (CL = 60%)
35% (CL = 65%)
R
PGW
R
PGW
R
PGW
R
PGW
4
4.70
0.00
4.95
0.03
5.24
0.06
5.55
0.10
5
5.70
0.00
5.97
0.02
6.29
0.05
6.63
0.08
6
6.70
0.00
7.00
0.03
7.34
0.05
7.71
0.08
7
7.70
0.00
8.02
0.02
8.39
0.05
8.78
0.07
8
8.70
0.00
9.04
0.02
9.43
0.04
9.85
0.07
9
9.70
0.00
10.06
0.02
10.47
0.04
10.91
0.06
10
10.70
0.00
11.08
0.02
11.51
0.04
11.97
0.06
11
11.70
0.00
12.10
0.02
12.55
0.04
13.03
0.06
12
12.70
0.00
13.12
0.02
13.59
0.04
14.09
0.06
13
13.70
0.00
14.14
0.02
14.62
0.03
15.14
0.05
14
14.70
0.00
15.15
0.01
15.66
0.04
16.19
0.05
15
15.70
0.00
16.16
0.01
16.69
0.03
17.24
0.05
16
16.70
0.00
17.18
0.02
17.72
0.03
18.29
0.05
17
17.70
0.00
18.19
0.01
18.75
0.03
19.33
0.04
18
18.70
0.00
19.21
0.02
19.78
0.03
20.38
0.05
19
19.70
0.00
20.22
0.01
20.81
0.03
21.42
0.04
20
20.70
0.00
21.24
0.02
21.84
0.03
22.47
0.05
30% (CL = 70%) K ERRORS
R
25% (CL = 75%)
PGW
R
20% (CL = 80%)
PGW
R
19% (CL = 81%)
PGW
R
PGW
0
1.21
—
1.39
—
1.61
—
1.66
—
1
2.44
0.23
2.70
0.31
3.00
0.39
3.06
0.40
2
3.62
0.18
3.93
0.23
4.28
0.28
4.36
0.30
3
4.77
0.15
5.11
0.18
5.52
0.24
5.61
0.25
4
5.90
0.13
6.28
0.17
6.73
0.21
6.82
0.21
5
7.01
0.11
7.43
0.15
7.91
0.18
8.01
0.19
6
8.12
0.11
8.56
0.13
9.08
0.17
9.19
0.18
7
9.21
0.09
9.69
0.13
10.24
0.16
10.35
0.16
8
10.31
0.10
10.81
0.12
11.38
0.14
11.51
0.16
9
11.39
0.08
11.92
0.11
12.52
0.14
12.65
0.14
10
12.47
0.08
13.03
0.11
13.66
0.14
13.79
0.14
11
13.55
0.08
14.13
0.10
14.78
0.12
14.92
0.13
12
14.63
0.08
15.22
0.09
15.90
0.12
16.04
0.12
13
15.70
0.07
16.31
0.09
17.02
0.12
17.17
0.13
14
16.77
0.07
17.40
0.09
18.13
0.11
18.28
0.11
15
17.84
0.07
18.49
0.09
19.24
0.11
19.39
0.11
16
18.90
0.06
19.57
0.08
20.34
0.10
20.50
0.11
17
19.97
0.07
20.65
0.08
21.44
0.10
21.61
0.11
18
21.03
0.06
21.73
0.08
22.54
0.10
22.71
0.10
19
22.09
0.06
22.81
0.08
23.64
0.10
23.81
0.10
20
23.15
0.06
23.89
0.08
24.73
0.09
24.91
0.10
WWW.TEX-CETERA.COM
10B-63
10B-64
PART 2
Basic Auditing Concepts and Techniques
EFFECTIVENESS RISKS (= 1 - CONFIDENCE LEVELS)
18% (CL = 82%) K ERRORS
R
0
1.71
1
PGW
17% (CL = 83%)
16% (CL = 84%) 15% (CL = 85%)
R
PGW
PGW
R
—
1.77
—
1.83
—
1.90
—
3.13
0.42
3.21
0.44
3.29
0.46
3.38
0.48
2
4.44
0.31
4.53
0.32
4.63
0.34
4.73
0.35
3
5.70
0.26
5.80
0.27
5.90
0.27
6.02
0.29
4
6.92
0.22
7.03
0.23
7.15
0.25
7.27
0.25
5
8.12
0.20
8.24
0.21
8.36
0.21
8.50
0.23
6
9.31
0.19
9.43
0.19
9.57
0.21
9.71
0.21
7
10.48
0.17
10.61
0.18
10.75
0.18
10.90
0.19
8
11.64
0.16
11.78
0.17
11.92
0.17
12.08
0.18
9
12.79
0.15
12.93
0.15
13.09
0.17
13.25
0.17
10
13.93
0.14
14.08
0.15
14.24
0.15
14.42
0.17
11
15.07
0.14
15.23
0.15
15.39
0.15
15.57
0.15
12
16.20
0.13
16.36
0.13
16.54
0.15
16.72
0.15
13
17.33
0.13
17.49
0.13
17.67
0.13
17.86
0.14
14
18.45
0.12
18.62
0.13
18.80
0.13
19.00
0.14
15
19.57
0.12
19.74
0.12
19.93
0.13
20.13
0.13
16
20.68
0.11
20.87
0.13
21.06
0.13
21.26
0.13
17
21.79
0.11
21.98
0.11
22.17
0.11
22.39
0.13
18
22.90
0.11
23.09
0.11
23.29
0.12
23.51
0.12
19
24.00
0.10
24.20
0.11
24.40
0.11
24.63
0.12
20
25.10
0.10
25.30
0.10
25.52
0.12
25.74
0.11
14% (CL 5 86%)
13% (CL 5 87%)
R
12% (CL 5 8%)
PGW
11% (CL 5 89%)
K ERRORS
R
PGW
R
PGW
R
PGW
R
0
1.97
—
2.04
—
2.12
—
2.21
PGW —
1
3.46
0.49
3.56
0.52
3.66
0.54
3.77
0.56
2
4.83
0.37
4.94
0.38
5.06
0.40
5.18
0.41
3
6.13
0.30
6.25
0.31
6.39
0.33
6.53
0.35
4
7.39
0.26
7.53
0.28
7.67
0.28
7.83
0.30
5
8.63
0.24
8.77
0.24
8.93
0.26
9.09
0.26
6
9.85
0.22
10.00
0.23
10.17
0.24
10.34
0.25
7
11.05
0.20
11.21
0.21
11.38
0.21
11.57
0.23
8
12.24
0.19
12.41
0.20
12.59
0.21
12.78
0.21
9
13.41
0.17
13.59
0.18
13.78
0.19
13.99
0.21
10
14.58
0.17
14.77
0.18
14.97
0.19
15.18
0.19
11
15.75
0.17
15.94
0.17
16.14
0.17
16.36
0.18 0.18
12
16.90
0.15
17.10
0.16
17.31
0.17
17.54
13
18.05
0.15
18.26
0.16
18.47
0.16
18.70
0.16
14
19.19
0.14
19.41
0.15
19.63
0.16
19.87
0.17
15
20.33
0.14
20.55
0.14
20.78
0.15
21.02
0.15
16
21.46
0.13
21.69
0.14
21.92
0.14
22.18
0.16
17
22.59
0.13
22.83
0.14
23.07
0.15
23.33
0.15
18
23.72
0.13
23.96
0.13
24.21
0.14
24.47
0.14
19
24.84
0.12
25.09
0.13
25.34
0.13
25.61
0.14
20
25.97
0.13
26.21
0.12
26.47
0.13
26.75
0.14
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
EFFECTIVENESS RISKS (= 1 - CONFIDENCE LEVELS)
10% (CL = 90%)
5% (CL = 95%)
4% (CL = 96%)
3% (CL = 97%)
K ERRORS
R
PGW
R
PGW
R
PGW
R
0
2.31
—
3.00
—
3.22
—
3.51
—
1
3.89
0.58
4.75
0.75
5.01
0.79
5.36
0.85
2
5.33
0.44
6.30
0.55
6.60
0.59
6.98
0.62
3
6.69
0.36
7.76
0.46
8.09
0.49
8.51
0.53
4
8.00
0.31
9.16
0.40
9.51
0.42
9.96
0.45
5
9.28
0.28
10.52
0.36
10.89
0.38
11.37
0.41
6
10.54
0.26
11.85
0.33
12.24
0.35
12.75
0.38
7
11.78
0.24
13.15
0.30
13.57
0.33
14.10
0.35
8
13.00
0.22
14.44
0.29
14.87
0.30
15.42
0.32
9
14.21
0.21
15.71
0.27
16.16
0.29
16.73
0.31
10
15.41
0.20
16.97
0.26
17.43
0.27
18.02
0.29
11
16.60
0.19
18.21
0.24
18.69
0.26
19.30
0.28
12
17.79
0.19
19.45
0.24
19.94
0.25
20.57
0.27
13
18.96
0.17
20.67
0.22
21.18
0.24
21.83
0.26
14
20.13
0.17
21.89
0.22
22.42
0.24
23.08
0.25
15
21.30
0.17
23.10
0.21
23.64
0.22
24.32
0.24
16
22.46
0.16
24.31
0.21
24.86
0.22
25.56
0.24
17
23.61
0.15
25.50
0.19
26.07
0.21
26.78
0.22
18
24.76
0.15
26.70
0.20
27.27
0.20
28.00
0.22
19
25.91
0.15
27.88
0.18
28.47
0.20
29.22
0.22
20
27.05
0.14
29.07
0.19
29.67
0.20
30.42
0.20
2% (CL = 98%)
1% (CL = 99%)
K ERRORS
R
PGW
R
0
3.91
—
4.61
PGW —
1
5.83
0.92
6.64
1.03
2
7.52
0.69
8.41
0.77
3
9.08
0.56
10.05
0.64
4
10.58
0.50
11.61
0.56
5
12.03
0.45
13.11
0.50
6
13.44
0.41
14.58
0.47
7
14.82
0.38
16.00
0.42
8
16.17
0.35
17.41
0.41
9
17.51
0.34
18.79
0.38
10
18.83
0.32
20.15
0.36
11
20.13
0.30
21.49
0.34
12
21.42
0.29
22.83
0.34
13
22.71
0.29
24.14
0.31
14
23.98
0.27
25.45
0.31
15
25.24
0.26
26.75
0.30
16
26.50
0.26
28.04
0.29
17
27.74
0.24
29.31
0.27
18
28.98
0.24
30.59
0.28
19
30.22
0.24
31.85
0.26
20
31.42
0.20
33.11
0.26
WWW.TEX-CETERA.COM
PGW
10B-65
10B-66
PART 2
Basic Auditing Concepts and Techniques
Table of Random Digits 32942 07410 59981 46251 65558
95416 99859 68155 25437 51904
42339 83828 45673 69654 93123
59045 21409 76210 99716 27887
26693 29094 58219 11563 53138
49057 65114 45738 08803 21488
87496 36701 29550 86027 09095
20624 25762 24736 51867 78777
14819 12827 09574 12116 71240
99187 35641 14031 60677 66314
19258 00301 00936 15076 05212
86421 16096 81518 92554 67859
16401 34775 48440 26042 89356
19397 21562 02218 23472 20056
83297 97983 04756 69869 30648
40111 45040 19506 62877 87349
49326 19200 60695 19584 20389
81686 16383 88494 39576 53805
20416 28701 74579 62615 93945
87410 56992 33844 52342 06293
75646 70423 33426 82968 22879
64176 62415 07570 75540 08161
82752 40807 00728 80045 01442
63606 98086 07079 53069 75071
37011 58850 19322 20665 21427
57346 28968 56325 21282 94842
69512 45297 84819 07768 26210
75689 02921 14295 05303 57071
76131 16919 34969 91109 90357
96837 35424 14216 82403 12901
67450 93209 03191 40312 08899
44511 52133 61647 62191 91039
50424 87327 30296 67023 67251
82848 95897 66667 90073 28701
41975 65171 10101 83205 03846
71663 20376 63203 71344 94589
78471 89242 14955 42446 18534
57741 79337 59592 41880 22346
13599 59293 97035 37415 54556
84390 47481 80430 47472 17558
32146 07740 87220 04513 73689
00871 43345 06392 49494 14894
09354 25716 79028 08860 05030
22745 70020 57123 08038 19561
65806 54005 52872 43624 56517
39284 33922 78355 08845 01769
33737 37329 54013 99145 71825
42512 89911 50774 94316 55957
86411 55876 30666 88974 98271
23753 28379 61205 29828 02784
29690 81031 42574 97069 66731
26096 22058 47773 90327 40311
81361 21487 36027 61842 88495
93099 54613 27174 29604 18821
17639 05851 42396 13318 60571
38284 58653 40112 14192 54786
59478 99949 11469 98167 26281
90409 63505 03476 75631 01855
21997 40409 03328 74141 30706
56199 85551 84238 22369 66578
30068 90729 26570 36757 32019
82800 64938 51790 89117 65884
69692 52403 42122 54998 58485
09531 72865 56324 78192 64666
81853 16829 31093 21626 34767
59334 86542 77924 91399 97298
70929 00396 28622 07235 92708
03544 20363 83543 07104 01994
18510 13010 28912 73652 53188
89541 69645 15059 64425 78476
13555 49608 80192 85149 07804
21168 54738 83964 75409 62404
82201 15360 68142 19138 28155
75694 73776 67957 31200 03521
02808 40914 70896 30616 36415
65983 85190 37983 14639 78452
74373 54278 20487 44406 92359
66693 99054 95350 44236 81091
13094 62944 16371 57360 56513
74183 47351 03426 81644 88321
73020 89098 13895 94761 97910
87971 58147 18875 75109 35983
29031 68841 52809 56474 03742
51780 53625 70594 74111 76822
27376 02059 41649 31966 12073
81056 75223 32935 29969 59463
86155 16783 26430 70093 84420
55488 19272 82096 98901 15868
50590 61994 01605 84550 99505
74514 71090 65846 25769 11426
Source: The Rand Corporation, A Million Random Digits with 100,00 Normal Deviates (Glencoe: Free Press, 1955), p. 102.
WWW.TEX-CETERA.COM
APPENDIX 10B
More-Advanced Statistical Sampling Concepts for Tests of Controls and Tests of Balances
10B-67
ENDNOTES 1
Public accounting firms that use quantitative test of controls sampling policies have quantified probabilities underlying their categories, and they fall in the ranges indicated in Exhibit 10B–3.
2
A random start in a table may be obtained by poking a pencil at the table, or by checking the last four digits on your $10 bill to give row and column coordinates for a random start.
3
Most auditors will not allow the same sample item to appear twice in a selection—duplicate selections are counted only once. Strictly speaking, this amounts to sampling without replacement, and the hypergeometric probability distribution is appropriate instead of the binomial distribution. The binomial probabilities are exact only when each sample item is replaced after selection, thus giving it an equally likely chance of appearing in the sample more than once. For audit purposes, the practice of ignoring the distribution is acceptable because the difference is mathematically insignificant.
4
See D. A. Leslie, A. D. Teitlebaum, and R. J. Anderson, Dollar-Unit Sampling: A Practical Guide for Auditors (Toronto: Copp Clark Pitman, 1979).
5
There are other methods for calculating an MUS UEL. They are more complicated and require a computer.
6
The purpose of these calculations is to take into account both overstatement and understatement errors. It is not valid to (a) net the sample errors themselves and project the net error or (b) net the two total UELs to arrive at a net UEL. Actually, the calculations described in this chapter are the simplest of other more-complex calculations.
7
K. W. Stringer and J. R. Stewart, Statistical Techniques for Analytical Review (STAR) (New York: Deloitte, Haskins & Sells, 1985).
8
See Y. Chen and R. A. Leitch, “An analysis of the relative power characteristics of analytical procedures,” Auditing, A Journal of Practice and Theory, Fall 1999, pp. 35–69.
9
D. A. Leslie, Materiality, The Concept and Its Application to Auditing (Toronto: CICA, 1985), Ch. 8.
10
J. Tucker, “An early contribution of Kenneth W. Stringer: Development and dissemination of the audit risk model,” Accounting Horizons, June 1989, pp. 28–37.
WWW.TEX-CETERA.COM
PA R T 3 Performing the Audit C H A P T E R
1 1
The Revenues, Receivables, and Receipts Process and Cash Account Balance This chapter starts with a prelude to Part 3, giving an overview of how the audit planning explained in Part 2 links to performing the audit in the main business processes of a typical organization. The chapter then describes the accounting process related to a business’s revenues: accepting customer orders, delivering goods and services to customers, accounting for customer sales and accounts receivable, collecting and depositing cash received from customers, and reconciling bank statements. It then describes the control considerations, typical control tests, and substantive audit programs used in auditing the revenues, receivables, and receipts process. Special technical notes on auditing the existence assertion using confirmations and on auditing bank reconciliations are provided. An Application Case with suggested solution and analysis is given at the end of the chapter to demonstrate the performance of audit procedures in situations where errors or frauds might be discovered in the revenues, receivables, and receipts process.
L EAR NING OBJE CT I VE S After completing this chapter, you will be able to do the following: Describe the revenues, receivables, and receipts process, including typical risks, transactions, account balances, source documents, and controls. Describe the auditor’s control risk assessment and control tests for auditing control over customer credit approval, delivery, accounts receivable, cash receipts, and bank statements. Explain how the auditor’s risk assessment procedures and control testing link to the key assertions and audit objectives in designing a substantive audit program for the cash account balance. Describe the typical substantive procedures used to address the assessed risk of material misstatement in the main account balances and transactions in the revenues, receivables, and receipts process.
553
WWW.TEX-CETERA.COM
554
PART 3
Performing the Audit
Explain the importance of the existence assertion for the audit of cash and accounts receivable. Identify considerations for using confirmations when auditing cash and accounts receivable. Describe the audit of bank statement reconciliations and how auditors identify accounts receivable lapping and suspicious cash transactions. (Appendix 11A) Describe the internal control questionnaires used in audit practice. (Appendix 11B) Describe the accounting control system documentation approaches used in audit practice. (Appendix 11C) Describe the organization and contents of the sections contained in typical audit documentation files.
CH APT ER APP ENDICE S Internal Control Questionnaires System Documentation Examples for the Revenues, Receivables, and Receipts Process Example of an Audit Engagement File Index (on Connect)
EcoPak Inc. Caleb and Donna completed their interim audit work on the systems and controls at EcoPak on schedule. Shree has also completed her work on the information technology (IT) systems, finding they are designed well and provide effective controls over authorization of transactions, accuracy, and completeness of processing the data. The audit team’s interim work has identified a strong control environment and general controls in the company, since Nina has made a point of ensuring that good processes have been implemented, including appropriate segregation of duties to the extent possible given the size of the company. Nina performs many key reconciliation and review controls procedures and analyzes all the accounts for the year-end to make sure any posting or misclassification errors are corrected prior to preparing the draft financial statements, before the auditors even see them. One weakness the team noted was that Mike’s user ID gives him access to both the inventory and the sales processes, which are considered incompatible functions. Nina explains that they set it up that way because Mike sometimes has to work quite closely with customer relations when a new customized product is being developed: “This was the easiest way for him to get all the information he needs to make sure customers get what they want and the new pricing is appropriate.” To fully assess this risk, the team has verified that Mike has no access to any financial accounting processes, so the risk of misstatement is reduced. The audit team concluded that there are effective control procedures in the sales processing and credit note processing functions that can be relied on as a basis for planning lower extents of substantive work on the sales transactions. Belinda reviewed the files and was satisfied with their work and the reasonableness of their conclusions. She agrees that Mike’s access is probably not a big problem, but that it should be mentioned to the board as a management letter recommendation to consider whether a more customized access profile could be implemented
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
555
to meet Mike’s information needs. She does warn the team, however: “You guys are very lucky on this audit. Nina is highly qualified and seems to run a tight ship in the accounting area, so it looks like this could be a very clean audit. But even so, don’t let your guard down. We need sufficient evidence beyond the fact that management has good controls, and misstatements are always possible!” The time is now approaching to begin making arrangements with EcoPak’s management to visit their business to complete the year-end audit work. Belinda asks Donna to carry on with preparing the substantive audit programs for her review so that she can finalize the assignment of audit staff to the year-end. Since Caleb will be starting with the cash balance audit, Donna prepares that plan first and goes over it with Caleb so he will be ready to go when they get back to the EcoPak offices. Donna uses the firm’s template program form as a starting point and then tailors it for EcoPak’s business and its processes and for the team’s findings to date on its internal control. Based on the results of their control tests, Donna concludes that there are strong controls in place for the existence, completeness, and ownership assertions of the cash balance, so this can be taken into account in the extent of further testing of these assertions. They did not perform control tests specifically related to the valuation and presentation of cash, as it would be more efficient to simply rely on substantive procedures for these assertions. Taking into account their inherent risk assessments and their control findings, Donna designs an audit program for cash, with further procedures to respond to the residual risk of misstatement, applying the audit risk model to determine the residual risk for each assertion. She then turns her attention to tailoring the other substantive programs for the revenues, receivables, and receipts process, and then for the rest of EcoPak’s processes. Tariq wants to review the completed planning file early next week before a meeting he has scheduled with Kam, Mike, and Zhang. This means Donna needs to get it to Belinda by Friday morning to give her time to review it first. Once all the reviews are completed, Donna and Caleb head out to EcoPak’s offices to complete their field work.
Preview of Part 3: Linking Audit Planning to Performing an Independent Financial Statement Audit You are about to begin Part 3 of the text, which illustrates how the audit activities, concepts, and tools presented in Part 2 are applied in practice to perform audits. In Part 3, simplified business situations will be used as examples to illustrate the links from planning considerations to actually doing the audit work. In Chapter 5, we discussed how the auditor’s understanding of the auditee’s business—its environment, risks, systems, and controls—is the basis for developing an appropriate overall audit strategy, which sets out the preliminary decisions on the scope of the audit. As covered in Chapters 4 and 5, the audit scope defines the entity and the financial information that is the subject of the audit opinion. The overall strategy also sets out the audit’s timing and the approach to be used to gather sufficient appropriate evidence. As discussed, the strategy involves the following: • Determining appropriate materiality levels for planning purposes • Assessing the auditee’s industry, legal, and regulatory environment; generally accepted accounting princi-
ples (GAAP); and changes in the company’s management, information systems, or operations that can affect financial reports
WWW.TEX-CETERA.COM
556
PART 3
Performing the Audit
�� Identifying material financial statement components and high-risk audit areas �� Determining the audit evidence required to assess internal control effectiveness �� Deciding, on a preliminary basis, whether controls will be tested, what substantive evidence will be required,
and what the timing for the procedures will be Based on the overall strategy, the auditor will communicate to auditee management and those charged with its governance about the resources and cooperation that will be required from auditee personnel, so that arrangements can be made for access to records and personnel at the time planned for performing the interim and final audit work. The audit firm’s internal resource needs are also specified in the overall strategy: How many audit staff are required and what experience levels do they need? Are audit staff with special expertise in IT or tax issues required? Will external experts be required for valuation assistance? Will other offices of the audit firm be involved for multi-location businesses, or will the work of other audit firms be used? Overall audit strategy development also sets out a schedule for audit team meetings, timing of the process, and experience levels required for working paper reviews. The auditor’s assessment of management’s internal controls is made at the company level and at the application level (transactions, balances, and disclosures, and the assertions of each). Details of this assessment were covered in Part 2, but this prelude provides a questionnaire guiding the auditor in this assessment for the overall strategy development stage of the audit. The overall strategy is the basis for the detailed audit plan, which is a set of audit programs designed for all the accounting processes in the auditee’s business. A business enterprise can be viewed as being made up of several business processes, each with a related accounting process. This view of a business is useful for an organization’s management and its systems development purposes, and it is likely also to be an effective approach in most audit engagements. The accounting processes we will examine in Part 3 are as follows: �Ì� Revenues, receivables, and receipts process (Chapter 11) �Ì� Purchases, payables, and payments process (Chapter 12) �Ì� Payroll and production process (Chapter 13) �Ì� Finance and investment process (Chapter 14)
Even though organizations may differ, generally, these four processes cover the key functions that need to be managed and accounted for in any organization. The detailed audit plan for each process includes specific audit programs that take effectiveness and efficiency into consideration in (1) specifying the nature, extent, and timing of audit procedures to assess inherent and control risk at the assertion level and (2) planning further audit procedures that will be done to reduce these risks to an acceptably low level for issuing an audit opinion. The detailed audit plan also covers decisions about managing the audit team: assigning staff with necessary competencies, supervision and review to allow less experienced staff to develop professional skepticism and judgment, and the time budgets required. Finally, the evidence and knowledge gained from performing audit procedures provide feedback to the audit planning process and may suggest that the current or future overall strategy and audit plan should be modified in terms of the audit scope, timing, or extent. The diagram below summarizes this development process for the overall strategy and the detailed audit plan.
detailed audit plan: an audit planning document outlining the nature, timing, and extent of audit procedures to assess the risk of financial statement misstatement and obtain the necessary audit evidence for each assertion for all significant transactions, balances, and disclosures, including staffing decisions and time budgets
audit scope: the entity and the financial statements that will be covered by the audit engagement, and the client documents and records to be examined to provide the necessary audit evidence
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
557
Relating Audit Planning to Audit Performance Audit Planning Ō Client acceptance Ō Independence Ō Terms of engagement Ō Understanding business and environment Overall Strategy Ō Scope: Entity General purpose financial statements Ō Approach: Planning materiality Inherent and control risk assessment Control effectiveness Client and audit firm human resource requirements Timing of procedures, team meetings, reviews
Feedback
Communicate with client management and audit committee.
Efficiency and Effectiveness Considerations Detailed Audit Plan Nature, timing, and extent of audit procedures to Ō Assess business and audit risk Ō Obtain evidence to reduce audit risk for each assertion for transactions/balances/disclosures in each accounting process: – Revenues, purchases, production, payroll, finance, investment processes Staffing and time budgets: Ō Professional skepticism and competency: – Direction and training Ō Quality control: – Supervision, review
Perform the Audit Document the Evidence Issue the Report Communicate with Client
Business Processes and Accounting Cycles: The Big Picture To keep things as simple as possible, the design and execution of audit programs for each business process will be focused on individually, even though the processes are all interrelated. Exhibit 6–12, “Capturing an Organization’s Business Processes in Its Financial Statements,” gave a big-picture view of how the processes fit together in an organization. The shares and debt coming into the entity and being invested in capital assets are handled mainly in the finance and investment process (Chapter 14); creation of goods and services involves the purchases, payables, and payments process (Chapter 12) as well as the payroll and production processes (Chapter 13); and generation of revenues is handled in the revenues, receivables, and receipts process (Chapter 11). The financial statements covered by the auditor’s opinion are part of the big-picture approach as well. Exhibit 7–4, “The Financial Reporting Process in an Auditee Company,” expanded the picture to show the role of business processes and controls in capturing information about the entity’s events and environment into
WWW.TEX-CETERA.COM
558
PART 3
Performing the Audit
its accounting system, allowing production of a set of general purpose financial statements. The full set of statements—that is, the balance sheet, statement of income and comprehensive income, cash flow statement, and statement of shareholders’ equity—are all connected so that a change in one particular statement will flow through to all the related accounts in the other statements. By focusing on balance sheet accounts and changes in them, we are also gaining assurance about the rest of the financial statement accounts that are connected to it. We refer to this as the balance sheet approach to auditing. As an example of this interrelationship, a high level of audit assurance about the change in net assets and shareholder transactions also gives assurance that the net income amount is correct and that only the allocations within the income statement need to be verified as reasonable. This verification can often be done by using mainly analytical procedures rather than more costly vouching or confirmation. This interrelationship reflects the control provided by the double-entry accounting system and the financial statement definitions set out in GAAP. These strengths of the accounting and reporting framework are helpful in pulling all of the audit work together for completion of the audit.
Overview of Chapters 11 through 16 The organization of Chapters 11 to 14 illustrates how the audit plan is performed in the processes. Each chapter follows this pattern: �� An overview of the business risks and the transactions, balances, and disclosures in that process is given. �� Significant risks of misstatement at the assertion level are analyzed. �� An example of the process and the main accounts related to it is given. �� Key control assertions and risks, the types of control activities that would address those risks, and proce-
dures auditors can use to assess controls are covered. �� Examples of alternative controls tests follow, should the auditors decide that reliance on effective controls
would be cost effective in reducing the risk of not detecting a material misstatement. �� Examples of substantive audit programs are presented, showing the link from risk assessment at the
assertion level, to control evaluation, to substantive evidence gathering that could be used in a particular context to reduce audit risk to an acceptable level. �Ì� An Application Case with analysis illustrating accounting problems in that process and how audit procedures can uncover them is offered. �Ì� A chapter summary reviews the learning objectives covered and provides an overview of the balance sheet approach to analyzing financial statement components. This approach considers the relationships among accounts and how they can be used to develop analytical procedures and assess the impact of the types of misstatements commonly discovered in each process. Part 3 concludes with two chapters covering issues that the auditor must address to complete the audit and form an audit opinion. Chapter 15 covers audit procedures that gather some final evidence to complete the audit. It presents procedures for auditing revenues and expenses and the cash flow statement. It also discusses the evaluation of potential unrecorded liabilities by obtaining lawyers’ confirmation letters, the review of subsequent events, management representation letters, and the management letter. The standards for documenting the audit work in the final audit file are reviewed, and the overall review of evidence is obtained. Chapter 16 explains how auditors apply judgment to assess the misstatements identified and their materiality, propose financial statement adjustments to management, assess the overall financial statement presentation
balance sheet approach to auditing: using audit analysis of changes in balance sheet accounts as a basis for obtaining preliminary assurance about the related income statement accounts and cash flow information
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
559
and disclosure, and form an audit opinion. Based on the opinion formed, the final step is to prepare the appropriate form of audit report to attach to the financial statements. Note that there are many references in Part 3 to details of generally accepted auditing standards (GAAS) issued in the CPA Canada Assurance Handbook as Canadian Auditing Standards (CASs), which are virtually identical to the International Standards on Auditing (ISAs).1 Since this text is aimed at students who will most likely be auditing under Canadian or international GAAS, the text refers, for the most part, to the auditing and assurance recommendations set out by the standard-setting boards of CPA Canada in the CASs and the International Federation of Accountants (IFAC) in the ISAs. The U.S. auditing standards for private companies have been moving toward harmonization with international GAAS. The American Institute of Certified Public Accountants (AICPA) has a set of clarified auditing standards based on ISAs that came into effect for private companies for periods ending on or after December 15, 2012. However, U.S. pronouncements and standard setting are structured somewhat differently in response to unique U.S. legal, regulatory, and political circumstances, and auditing standards for public companies are set by federal regulation through the Public Company Accounting Oversight Board (PCAOB). This text refers to U.S. standards when they are likely to lead to similar developments in future Canadian or international GAAS. For those who wish to learn more about U.S. GAAS, refer to the PCAOB and AICPA websites for specific details.
The Essentials of Auditing a Business’s Revenues, Receivables, and Receipts Process Revenue creation is the main focus of any organization, and management will have strategies in place to generate revenues as well as business processes to implement the strategies. The accounting process for revenue transactions also involves processing the related accounts receivable account balance and cash receipts transactions. The two routine journal entries in this process are as follows: Dr Accounts Receivable Cr Sales Revenues
Dr Cash Cr Accounts Receivable
Management’s main control objectives for revenues relate to the completeness, accuracy, and authorization of revenue transactions, to ensure that all sales are recorded for the proper amounts and credit granting is appropriate. Auditors’ main concern is with management’s controls over the validity of sales transactions, since recording non-existent revenues would overstate the performance of the business, potentially misleading financial statement users. Auditor control testing in the revenue process is usually required when there is a high volume of revenue transactions, especially when there is a lot of variability in the amounts recorded. Controls over cash receipt transactions are also often tested to ensure they are valid. The results of the auditor’s control testing will affect the nature of further substantive audit work to be performed, as well as the sample sizes and timing of further procedures. Substantive audit procedures that are commonly used in the revenues, receivables, and receipts accounting process are briefly outlined here. For cash, the auditor obtains a confirmation of bank account details at the period-end directly from the bank and reperforms the auditee’s reconciliation of bank account balances to general ledger cash account balances. For accounts receivable, a sample of outstanding customer accounts receivable balances is usually confirmed, and cutoff information for cash receipts and sales invoicing are agreed to the cutoff for receivables balances. The auditor also evaluates the adequacy of the auditee’s allowance for bad debts, often based on the aged trial balance of customer account balances and a review of historical collection patterns. The substantive verification of sales revenues is often performed by using dual-purpose audit procedures that provide evidence about control effectiveness and substantive evidence that the general ledger amounts
WWW.TEX-CETERA.COM
560
PART 3
Performing the Audit
are correct. Auditors will test the controls over revenue processing for a sample of revenue transactions recorded in the general ledger and also vouch the same sample of transactions back to supporting sales documents, such as shipping records (packing slips) and customer orders, to provide substantive evidence about the occurrence and the monetary valuation assertions. Similarly, cash receipts can be tested by dual-purpose procedures, vouching credit entries in accounts receivables back to valid cash bank deposits or records of authorized credit notes. The audit of revenues, receivables, and receipts is focused on the risk of material misstatement related to the existence assertion. This is because overstatements of revenues and related assets pose the greatest threat, due to potential management incentives to overstate these performance-related measures. Also, financial statement users are very interested in these measures to evaluate the success and potential of the business.
Review Checkpoints 11-1 What are the main classes of transactions and related account balances for the revenue process? 11-2 What are management’s main control objectives related to the revenue process? Why? 11-3 What are an auditor’s main concerns related to revenue transactions? Why? 11-4 In what situations is it most likely that auditors will decide to test controls over revenue transactions? 11-5 What are some common substantive audit procedures for revenues, cash, and accounts receivable? 11-6 Give two examples of dual-purpose tests that can be used in the revenue process. 11-7 What assertion is the auditor most concerned about in auditing the revenues, receivables, and receipts process? Why? 11-8 What is an example of a substantive audit procedure that provides evidence related to the existence of cash? of accounts receivable?
Understanding the Revenues, Receivables, and Receipts Process LO1
Describe the revenues, receivables, and receipts process, including typical risks, transactions, account balances, source documents, and controls.
Revenue creation is the focus of strategy and business processes for any organization because revenues provide the cash flows that are its lifeblood. The auditor must understand the business’s method of generating revenues and the use of them in the operation of the business in order to assess the business risk and the risk that the financial statements are misstated, as discussed in Chapter 6. In a for-profit business, costs incurred must generate enough sales revenue to provide profits to sustain operations and also provide investment returns to owners and creditors. A not-for-profit organization must also generate enough revenues to pay for the activities necessary to achieve its charitable or other purposes.
Assertion-Based Risk Assessment for Revenues, Receivables, and Receipts To assess risks in the revenue-generating processes, the auditor mainly considers the revenue and cash receipts transactions, as well as the accounts receivable balances. Important presentation and disclosure issues relating to revenues include revenue recognition policies, related party transactions, commitments, and economic dependencies.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
561
At the assertion level, risks related to the existence/occurrence and ownership of revenues may arise if management chooses overly aggressive revenue recognition policies (e.g., Nortel, Xerox), perhaps because of management incentives or pressure to meet performance targets. Complex sales arrangements that involve multiple deliverables with differing rights of return by customers, or complex revenue recognition situations, such as longterm contracts, may also increase the existence and ownership risks, as revenue may be recognized inappropriately. Ownership risks may exist where managers can transfer funds between related entities under their control (e.g., Enron, Hollinger). Completeness risks relate to recordkeeping and custodial controls over cash receipts; these must ensure that all revenues the business earns are received by the company and recorded in full. Fraudulent misappropriation of cash by employees is a key completeness risk in the revenue process. Because substantial flows of funds may be involved in the revenue processes of some businesses (e.g., financial services, banking), money laundering—processing monetary profits of crime to cover up their sources and convert them to “clean” cash—is also an ownership risk related to the revenue transactions. Valuation and ownership risks can exist when substantial revenues are generated in foreign countries because of currency exchange risks and potential restrictions on removing money from these countries. Presentation and disclosure risks include revenue recognition policy explanations; reporting significant revenue categories separately; accruals of complex revenue streams, such as royalties or long-term contracts; reporting the extent of barter transactions (e.g., in e-commerce); or disclosing contractual commitments to sell inventory at fixed prices. These are only some examples of risks that may exist in a particular business. You can see how an auditor’s in-depth understanding of the auditee’s business, the revenue-generating strategy that drives it, and the environment it operates in is critical to a comprehensive assessment of business risks and the possible financial misstatements that these risks can lead to. This chapter uses simple examples to outline the business processes and related accounting process for recording and controlling revenues, accounts receivable, and cash receipts. It explains the control activities that are important in these processes, how to evaluate and test these controls, and how to design and implement the substantive audit tests that provide evidence that the resulting financial statements are fairly reported. The risk of non-existent or incorrectly valued revenues or receivables can often be addressed by confirmation and analytical procedures. Control tests in the revenue transaction processes may also provide assurance that the controls effectively lower the risk of material misstatement, thereby reducing the amount of assurance required from substantive evidence. Revenue completeness usually relies on controls and control testing; substantive testing alone may not provide sufficient evidence for the completeness assertion for revenues.
Revenues, Receivables, and Receipts Process: Typical Activities The picture in Exhibit 11–1 presents a skeleton overview of typical activities in the revenues, receivables, and receipts process in a business that sells inventory (a similar process is used in a service business, except that a service is provided to the customers rather than a tangible good).2 The basic process functions, shown in bold, are as follows: (1) receiving and processing customer orders, (2) credit granting, (3) delivering goods and services to customers, (4) billing customers and accounting for accounts receivable, and (5) collecting and depositing cash received from customers. As you follow the exhibit, you can track some of the elements of the control structure, shown in the green ovals. Control will be strengthened by ensuring that these functions are performed by different people. Further examples of controls related to this process are provided in Appendix 11A, Exhibit 11A–2. In practice, you would have obtained a detailed organizational chart as part of the audit planning. This chart identifies the specific auditee personnel responsible for the various functions in the process. These are the people you will work with to design and perform your audit work. Your audit documentation for significant processes will be in the form of system narratives, flowcharts, or process tables: these are described next. money laundering: engaging in specific financial transactions in order to conceal the identity, source, and/or destination of money resulting from an illegal act, which may involve organized crime, tax evasion, or false accounting
WWW.TEX-CETERA.COM
562
PART 3
Performing the Audit
EXHIBIT 11–1
Revenues, Receivables, and Receipts Process: Overview Diagram of Typical Activities START HERE Cash reconciliation
Customer payments (cash receipts) Collections Deposit cash in bank.
Monthly statements
To customer
Cash receipts transaction file
Cash custody
Sales invoice
To customer
Accounts receivable master file
Cash balances (account) file
Shipping documents (copy) Customer order
Bank statements
Customer Orders
Cash receipts recording Accounts receivable recording
Bill Customers
Sales authorization Credit Granting
Physical custody
Customer’s purchase orders, contracts
Credit files, reports
Warehousing , Shipping , and Delivery Shipping documents
Shipping document transaction file
To customer
Perpetual inventory records
Shipping documents (copy)
Accounts/Records Cash in bank Cash receipts Accounts receivable Allowance for doubtful accounts, write-offs Bad debt expense Sales revenue Sales returns, allowances, discounts Perpetual inventory records, shipping records
Sales invoice (copy)
Review Checkpoints 11-9
What is the basic sequence of activities and related accounting in the revenues, receivables, and receipts process?
11-10 What are some risks of material misstatement in the assertions for revenues?
Revenues and Accounts Receivable: Processing and Controls This section gives a narrative description of a system for processing customer sales orders. Alternative documentation formats, such as a flowchart diagram or a process table, could be used for this description, and examples of these formats are provided in Appendix 11B. At the starting point, company personnel receive the customer’s purchase order and create a sales order, entering it into a computer system. The computer system
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
563
then performs automatic authorization procedures—determining whether the customer is a regular or new customer, approving credit, and checking the availability of inventory. (If inventory is short, a back order is entered.) Once these authorizations are in a computer system, access to the master files for additions, deletions, and other changes must be limited to responsible persons; otherwise, it is possible for errors to occur, e.g., orders processed for fictitious customers, credit approved for bad credit risks, or packing slips created for goods that do not exist in the inventory. When a customer order passes the authorizations, the system (1) creates a record in the pending order master file, (2) transmits a packing slip to the stockroom and shipping department, and (3) updates the inventory master file to show the commitment (removal) of the inventory. The pending order and the packing slip should be numbered sequentially so that the system can determine if any transactions have not been completed (completeness objective of control). The packing slip is the stockkeeper’s authorization to release inventory to the shipping department and the shipping department’s authorization to release goods to a trucker or the customer. It may be helpful to think about how these activities are performed in a company you have done business with, such as Amazon. The company’s internal control will feature important types of control activities designed to prevent things from going wrong. The control activities include employee procedures relating to keeping custody of assets and records; properly recording transactions and events; and performing reconciling procedures to check the completeness and integrity of the records by comparison to other summaries, reports, or the actual assets themselves. These control activities, and what could go wrong if they are ineffective or missing, are described in more detail below.
Custody Physical custody of inventory starts with the stockroom or warehouse. Custody is transferred to the shipping department when the packing slip is authorized. As long as the system works, custody is under proper control. However, if the stockkeeper or the shipping department personnel have the power to change the quantity shown on the packing slip, they can cause errors in the system by billing the customer for too small or too large a quantity. With collusion, this can allow inventory to be stolen, for example, shipping a customer more than it will be billed for, covered up by the alterations in the records. (This is a combination of custody and recording functions, a segregation-of-duties control weakness. A computer record or log of such changes is a control procedure creating an electronic audit trail.) Custody of the accounts receivable records is with the personnel who have the power to enter those records directly or to enter transactions to alter them (e.g., transfers, returns, allowance credits, write-offs). Ideally, personnel with the ability to enter accounts receivable records do not also have sole authorization over the entries or the ability to perform reconciliations, as this can reduce the probability of catching the person’s recording errors, such as omitting part of a sales order from a sales invoice. This kind of combination of authorization and recording responsibility is another example of a control weakness due to a lack of segregation of incompatible duties.
Shipping Employee Caught by Computer! A customer paid off a shipping department employee to change the quantity on the packing slip and bill of lading to a smaller quantity than was actually shipped. This caused the customer’s invoices to be understated. The employee did not know that a computer log recorded all the entries altering the original packing slip record. An alert internal auditor noticed the pattern of “corrections” made by the shipping employee. A trap was laid by initiating fictitious orders for this customer, and the employee was observed making the alterations. This independent review of the transactions was an effective control for detecting the missing sales.
WWW.TEX-CETERA.COM
564
PART 3
Performing the Audit
Recording When delivery or shipment is complete, the shipping personnel enter the completion of the transaction in the system, which (1) produces a bill of lading shipping document, evidence of an actual delivery or shipment; (2) removes the pending order from the inventory recording system; and (3) produces a sales invoice (prenumbered the same as the order and packing slip) that bills the customer for the quantity shipped, according to the bill of lading. Shipping personnel who have the power to enter or alter these transactions or to intercept the invoice that is supposed to be sent to the customer have undesirable combinations of authorization, custody, and recording responsibilities. This is a control weakness because it provides an opportunity for employees to commit a fraud by misappropriating inventory and concealing it in the accounting records. Another authorization in the system is the price list master file containing product unit prices for billing customers. Those with power to alter this file can authorize price changes, which could allow the employee to undercharge a favoured customer and even to get kickbacks as part of a fraud scheme, so this function needs to be segregated from people who record customer receivables and receipts.
Periodic Reconciliation For accounts receivable, the sum of customers’ unpaid balances in the subledger should reconcile with the accounts receivable control account total in the general ledger. Usually, this is an automated procedure, as the computer system updates the subledger and general ledger simultaneously, so any out-of-balance situation suggests a system problem that needs to be investigated. Internal auditors, or employees who are independent of the inventory and receivables recording functions, can perform periodic comparison of the customers’ obligations (according to the customers) with the recorded amount by requesting confirmations from the customers. These confirmations are often requested for long-overdue accounts, based on the aged trial balance—a list of the customers and their balances—with the balances classified in columns indicating the different age categories (e.g., current, 1–30 days past due, 31–60 days past due, 61–90 days past due, and over 90 days past due). (Refer to the special note on the audit use of confirmations later in this chapter.)
Cash Receipts and Cash Balances: Processing and Controls There are numerous ways to receive payments: cash and cheques over the counter, via electronic funds transfer, through the mail, and by receipt in a lockbox. In a lockbox arrangement, a fiduciary (e.g., a bank) opens the box, lists the receipts, deposits the money, and sends the remittance advices showing the amount received from each customer to the company. While most companies need little authorization to accept a payment, authorization is important for approving discounts and allowances taken. Receiving cash and approving discounts is another example of incompatible duties that provide an opportunity for employees to defraud the company. A flowchart diagram of a manual system for processing cash receipts is shown in Exhibit 11B–2 in Appendix 11B.
Custody In many organizations, someone takes the cash and cheques, which gives them custody of the physical cash for a time. Control over this custody can vary: responsibility can be rotated so that one person does not have this custody all the time; there could be teams of two or more people, so they would need to collude to steal money, or there could be arrangements outside the company for actual cash custody (e.g., the lockbox arrangement, or direct deposit to the company’s bank account). Since initial custody cannot be avoided, it is good control to prepare a list of the cash receipts as early in the process as possible, and then separate the actual cash from the bookkeeping documents. The cash goes to a cashier or treasurer’s office, where a bank deposit is prepared and made. The list goes to the accountants, who record the cash receipts. This list may simply be a stack of
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
565
the remittance advices received with the customers’ payments. Many organizations use electronic payment systems (e.g., for debit and credit cards in stores or over the Internet). These systems reduce the amount of physical cash in custody, relying instead on programmed systems control to ensure the payments transferred are authorized and complete.
Recording The accountants who record cash receipts and credits to customer accounts should not handle the cash. They should use the remittance list to make entries to the cash and accounts receivable control accounts and to the customers’ accounts receivable subsidiary account records. In fact, a good error-checking procedure is to have cash receipts entries and subsidiary account entries made by different people. Then, later, the accounts receivable entries and balances can be compared (reconciled) to determine whether the proper source documents (remittance lists) were used to make error-free accounting entries.
Periodic Reconciliation Bank account reconciliations should be prepared carefully. Deposit slips are compared with cash remittance lists, and the totals should be traced to the general ledger entries. Likewise, paid cheques should be traced to the cash disbursements listing (journal) and the general ledger. Electronic funds transfers should be traced from the banking system reports to cash receipts, cash payments journals, and general ledger entries. The reconciliation should be done by someone other than the accountant responsible for cash accounting, such as the office manager or administrative assistant. (Refer to the special note on auditing bank reconciliations later in this chapter.)
Review Checkpoints 11-11 What purpose is served by prenumbering sales orders, shipping documents (packing slips and bills of lading), and sales invoices? 11-12 Why is controlled access to computer programs and master files (such as credit files and price lists) important in a control environment? 11-13 Why is it a control weakness if the same employee can authorize inventory transfers and record accounts receivable entries? 11-14 Why should a list of cash remittances be made and sent to the accounting department? Is it easier to send the cash and cheques to the accountants so that they can accurately enter the credits to customers’ accounts?
Audit Evidence in Management Reports and Data Files Management generates a variety of reports to provide important audit evidence for revenues, accounts receivable, and cash receipts. Some examples follow.
Pending Order Master File The pending order master file contains sales transactions started but not yet completed in the system and thus not recorded as sales and accounts receivable. Old orders may represent shipments actually made, but for some reason the shipping department did not enter the shipping information (or entered an incorrect code that did not match the pending order file). The pending order backlog can be reviewed for evidence relating to the completeness assertion for recorded sales and accounts receivable.
WWW.TEX-CETERA.COM
566
PART 3
Performing the Audit
Credit Check Files The computer system may make automatic credit checks, but up-to-date maintenance of the credit information is very important. Customers’ credit status is concerned with possibly uncollectible receivables, which constitute important audit evidence about the valuation assertion. Credit checks on old or incomplete information are not good credit checks. A sample of the files can be tested for current status, or the company’s records can be reviewed for evidence of updating operations.
Price List Master File The computer system may produce customer invoices automatically, but, if the master price list is wrong, the billings will be wrong. The computer file can be compared with an official price source for accuracy and authorization. (As a control, an employee should perform this comparison every time the prices are changed.) Incorrect pricing can lead to revenues and receivables being measured incorrectly, affecting the valuation assertion.
Sales Detail (Sales Journal) File The sales detail (sales journal) file should contain the detailed sales entries, including the shipping references and dates. It can be scanned for entries without shipping references (fictitious sales) and for matching recording dates with shipment dates (sales recorded before shipment). This file also contains the population of debit entries to the accounts receivable, so this evidence is relevant to the existence/occurrence assertion for revenues and receivables. When there are high volumes of sales entries, these files can be tested with computerassisted auditing techniques (CAATs). Some examples of CAATs are as follows: �� Auditor-designed analyses of customers or geographic regions assessed as high risk �� Scrutiny for unusually large entries that can indicate fraud or error �� Scrutiny for items in round numbers, same values, or just below some control dollar limit that occur more
frequently than expected �� Verification of numerical continuity of invoices and agreement to general ledger entries
Sales Analysis Reports The auditor can perform analytical procedures on a variety of sales analyses. Sales classified by product line or region constitute information for the business segment disclosures. Those classified by period or by sales employee can show unusually high or low volumes that may need investigation if error is suspected. This information can provide evidence related to completeness and existence, or occurrence, of revenues, and it is also useful for assessing the proper presentation or classification of revenue information in the financial statements, as shown in the following box relating to presentation of quarterly sales figures.
Peaks and Valleys During the year-end audit, the independent auditors reviewed the weekly sales volume reports classified by region. They noticed that sales volume was very high in region 2 for the last two weeks of March, June, September, and December. The volume was unusually low in the first two weeks of April, July, October, and January. In fact, the peaks far exceeded the volume in all the other six regions. Further investigation revealed that the manager in region 2 was holding open the sales recording at the end of each quarterly reporting period in an attempt to make the quarterly reports look good. The analysis revealed to the auditors that the improper sales cutoff led to overstated sales at quarter-end.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
567
Aged Accounts Receivable Trial Balance The list of accounts receivable balance details is called the accounts receivable subsidiary ledger. The summary of the subsidiary ledger by invoice dates is called the aged accounts receivable trial balance. If the general ledger control account total is larger than the sum in the aged trial balance, too bad! A receivable amount not identified with a customer cannot be collected! The trial balance is the population used for confirmation. (See the special notes on the existence assertion and on using confirmations, later in this chapter.) The aging information is used in assessing the allowance for doubtful accounts. (An aged trial balance is shown in Exhibit 11–10.) The credit department uses the aged trial balance for follow-up of overdue and delinquent customer accounts. This is important evidence for assessing the existence, completeness, and valuation assertions for accounts receivable.
Cash Receipts Journal The cash receipts journal contains all the detail for cash deposits and credits to various accounts and is the population of entries that should be the credits to accounts receivable for customer payments. It also contains any adjusting or correcting entries resulting from the bank account reconciliation. These entries may signal the types of accounting errors or manipulations that happen in the cash receipts accounting and provide evidence relating to existence and completeness of cash and accounts receivable.
Review Checkpoints 11-15 What accounting records and files could an auditor examine to find evidence of unrecorded sales, inadequate credit checks, and incorrect product unit prices? 11-16 Suppose you selected a sample of customers’ accounts receivable and wanted to find supporting evidence for the entries in the accounts. Where would you go to vouch the debit entries? What would you expect to find? Where would you go to vouch the credit entries? What would you expect to find? What assertions are you finding evidence about?
Control Risk Assessment LO2
Describe the auditor’s control risk assessment and control tests for auditing control over customer credit approval, delivery, accounts receivable, cash receipts, and bank statements.
Control risk assessment governs the nature, timing, and extent of substantive audit procedures that will be applied in the audit of the accounts and records in the revenues, receivables, and receipts processes (listed in the lower right corner of Exhibit 11–1). These include the following: �Ì� Cash in bank �Ì� Cash receipts
accounts receivable subsidiary ledger: a detailed listing of outstanding accounts receivable balances by individual customers that adds up to the total balance in the general ledger accounts receivable “control” account; reconciliation of the subsidiary ledger and the control account is an important control procedure and a key audit test
aged accounts receivable trial balance: a list of all outstanding accounts receivable balances organized by how long they have been outstanding; used to manage collection and assess the accounting requirement to provide an allowance for possible uncollectible accounts
control risk assessment: a process the auditor uses to understand the client’s internal control in order to identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and to design and perform further audit procedures
WWW.TEX-CETERA.COM
568
PART 3
Performing the Audit
�� Accounts receivable �� Allowance for doubtful accounts and write-offs �� Bad debt expense �� Sales revenue �� Sales returns, allowances, and discounts �� Perpetual inventory records and shipping records
Information about the control structure is often gathered though internal control questionnaires, introduced in Chapter 9. A selection of other questionnaires for both general controls and application controls over cash receipts, sales revenues, and accounts receivable is found in Appendix 11A. These questionnaires provide details of desirable control policies and procedures. The questions are organized under headings that identify the important control objectives: environment and general accounting controls, validity, completeness, authorization, accuracy, classification, and proper period recording. General information about internal controls can also be gathered by a walk-through procedure. Here the auditors take a single example of a transaction and “walk it through” from its initiation to its recording in the accounting records. The revenues, receivables, and receipts process walk-through involves following a sale from the initial customer order through credit approval, delivery of goods or services, and billing; to the entry in the sales journal and subsidiary accounts receivable records; and finally to its subsequent collection and cash deposit. Sample documents are collected, and employees in each department are questioned about their specific duties. Walk-throughs (1) verify or update the auditors’ understanding of the auditee’s sales/accounts receivable accounting system and control procedures and (2) show whether the controls the auditee reported in the internal control questionnaire are actually in place. The walk-through, combined with inquiries, can contribute evidence about appropriate separation of duties, a basis for assessing control risk to be low. However, a walk-through is too limited in scope to provide sufficient evidence about whether the control procedures were operating effectively during the period under audit. A larger sample of transactions for specific control testing is necessary to provide actual evidence about control effectiveness.
General Control Considerations Control procedures for proper segregation of responsibilities should be in place and operating. Control activities that should be segregated are indicated in the green ovals in Exhibit 11–1, showing that the authorization of sales and credit should be performed by persons who do not have custody, recording, or reconciliation duties. Custody of inventory and cash is by those who do not directly authorize credit, record the accounting entries, or reconcile the bank account. Recording (accounting) is performed by those who do not authorize sales or credit, handle the inventory or cash, or perform reconciliations. Periodic reconciliations should be performed by employees who do not have authorization, custody, or recording duties related to the same assets. Combinations of two or more of these responsibilities in one person, one office, or one information system may open the door for errors and fraud. Cash management commonly requires people who handle cash to be insured under a fidelity bond— an insurance policy that covers most kinds of cash embezzlement losses. Fidelity bonds do not prevent or detect embezzlement, but failing to carry the insurance exposes the company to complete loss when embezzlement occurs. However, a company must prove its losses before it can collect on them—another good reason for internal controls.
fidelity bond: a type of insurance policy that covers theft of cash by employees
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
569
The control structure includes general controls and also application control activities that provide for detailed control-checking procedures. The following set of procedures should take place: 1.
Sales orders entered only with a customer order
2.
Credit-check code or manual signature recorded by authorized means
3.
Inventory and shipping area access restricted to authorized persons
4.
Access to billing programs and blank invoice forms restricted to authorized personnel
5.
Sales and accounts receivable recorded only when all supporting shipping documentation is in order (i.e., sales and receivables recorded as of the date the goods were shipped or services were provided, and cash receipts recorded as of the date the payments were received)
6.
Customer invoices compared with bills of lading and customer order details to verify that quantities billed match quantities shipped and that the goods were shipped in correct quantities and pricing to proper locations
7.
Pending order files reviewed to ensure timely billing and recording
8.
Bank statements reconciled in detail, monthly
The “Fictitious Revenue” box below illustrates improper period recording. It is one of a class of widespread financial reporting problems commonly referred to as revenue recognition problems. Many of the financial restatements filed with securities regulators by public companies involve revenue recognition, most of these dealing with premature revenue recognition. Since management’s motivation is to increase revenues, the risk of fraud in revenue recognition is always high. For this reason, CAS 240 requires auditors to always consider fraud risk to be present in the audit of revenues, and to perform procedures to confirm or dispel this presumption. Timing is critical to many accounting issues. For example, major retailers that buy in bulk receive discounts from suppliers if they meet sales targets. But how are these rebates accounted for? The prudent practice is to wait until the targets are met. However, companies such as Kmart in the United States and Royal Ahold in the Netherlands, once the world’s third-largest food retailer, appear to have booked these payments before they were earned. In 2001/2002, Ahold may have booked the total expected bulk discounts as profit in the first year of a multi-year contract. Its CEO and CFO both resigned in February 2002. Ahold has been referred to as “Europe’s Enron.” Controls related to proper timing in the recording of transactions are becoming more important in the current environment.
Fictitious Revenue A Mississauga (Ontario) computer peripheral-equipment company was experiencing slow sales, so the sales manager entered some sales orders for customers who had not ordered anything. The invoices were marked “hold,” while the delivery was to one of the company’s own warehouses. The rationale was that these customers would buy the equipment eventually, so why not anticipate the orders! (However, it is a good idea not to send them the invoices until they actually make the orders, hence the “hold.”) Due to management’s override of the controls, the “sales” and “receivables” were recorded in the accounts, and the financial statements contained overstated revenue and assets. The ability of management to override controls is the main reason GAAS require auditors to always get some substantive evidence—auditors cannot rely entirely on testing control effectiveness.
revenue recognition problems: techniques used by financial statement preparers to manipulate reported revenues resulting in low-quality earnings
WWW.TEX-CETERA.COM
570
PART 3
Performing the Audit
Control Tests An organization should have input, processing, and output control procedures in place and operating in order to prevent, detect, and correct accounting errors. You studied the general control objectives in Chapter 9 (validity, completeness, authorization, accuracy, classification, and proper period cutoff). Exhibit 11–2 puts these in the perspective of the revenue process with examples of specific objectives. Study this exhibit carefully, as it expresses the control objectives in specific examples rather than in the abstract. EXHIBIT 11–2
Internal Control Objectives: Revenue Process (Sales Revenues) GENERAL OBJECTIVES
EXAMPLES OF SPECIFIC OBJECTIVES
1. Recorded sales are valid and documented.
Customer purchase orders support invoices. Bills of lading or other shipping documentation exist for all invoices. Recorded sales in sales journal are supported by invoices.
2. Valid sales transactions are recorded completely, with none omitted.
Invoices, shipping documents, and sales orders are prenumbered and the numerical sequence is checked. Overall comparisons of sales are made periodically by a statistical or product-line analysis.
3. Sales are authorized according to company policy.
Credit sales are approved by the credit department. Prices used in preparing invoices are from the authorized price schedule.
4. Sales invoices are accurately prepared.
Invoice quantities are compared with shipment and customer order quantities. Prices are checked and mathematical accuracy independently checked after the invoice is prepared.
5. Sales transactions are properly classified.
Sales to subsidiaries and affiliates are classified as intercompany sales and receivables. Sales returns and allowances are properly classified.
6. Sales transactions are recorded in the proper period.
Sales invoices are recorded on the shipment date.
The last general objective relates to recording sales in the proper period, a problem of timing, a growing concern to the profession. One of the most important audit procedures is sales cutoff testing, which gives evidence about whether transactions have been recorded in the proper period, either before or after the period-end date. If revenues and expenses that belong in the current period are recorded after the cutoff date, there is a completeness misstatement (i.e., an understatement) in the current period. If transactions that belong in the next period are recorded too early, there will be an existence/occurrence misstatement in the current period. If the auditee recognizes sales when title passes from seller to buyer—the point when the risks and rewards of ownership are transferred—the date when the shipment or delivery of the auditee’s inventory is made is the critical point when the revenue should be recorded. Auditors test sales cutoff by vouching shipping documents for a sample of sales recognized just before the year-end to check that the shipping dates and deliveries were in fact before year-end. This provides evidence of the existence/occurrence of these sales, which is the auditors’ main concern. The auditors also test the first sales after year-end to verify that those shipments also occurred after year-end, to get evidence about the completeness assertion for the current period. Note that cutoff errors are a type of reversing error (i.e., they have an equal and opposite effect) in the following period. Objective 6 in Exhibit 11–2 refers to shipment date. sales cutoff testing: control procedures designed to ensure sales transactions are recorded in the proper period
reversing error: errors in the current period that will have an equal and opposite effect in the following period
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
571
Shipment of inventory is closely tied to the audit of inventory, so we will defer that discussion to Chapter 12. The relationship between all of these illustrates that the processes are not independent of each other, the important point here being that sales cutoff related to proper recording of sales for the period is closely linked to inventory shipments to customers and to the shipping terms (FOB shipping or FOB destination). The effect of shipping terms on cutoff tests is also explained in Chapter 12. Some control tests can be used to effectively test procedures in more than one way at the same time. Two-direction testing, for instance, audits both control over completeness in one direction and control over validity in the other. Completeness determines if all the sample transactions that occurred were recorded (none omitted), and validity determines if recorded transactions actually occurred (were real). An example of the first direction is examining a sample of shipping documents (from the file of all shipping documents) to determine whether invoices were prepared and recorded. The second direction is determining whether supporting shipping documents exist and verifying the actual shipment. The content of each file is compared with that of the other. This is illustrated in Exhibit 11–3.
EXHIBIT 11–3
Two-Direction Audit Testing Shipping document file
Sample
A-3-b
Sales invoice file (journal) Trace shipping evidence to invoices
Vouch to shipping document evidence
A-1-b
Sample
Completeness
Validity
Note: The A-1-b and A-3-b codes refer to control tests listed in Exhibit 11–4.
Exhibit 11–4 contains a selection of control tests, many of which are steps verifying the content and character of sample documents from one file against the content and character of documents in another file. This process leads to objective evidence about the effectiveness of controls and the reliability of accounting records. These samples are usually attribute samples similar to those you studied in Chapter 10. Control objectives tested by the audit procedures are also shown in Exhibit 11–4. These test of controls procedures produce evidence that helps auditors determine whether the specific control objectives listed
FOB shipping: terms of sale indicating that title to goods sold transfers from seller to buyer when the goods are handed over from the seller to the shipping company that will ultimately deliver them to the buyer; can give rise to an amount of inventoryin-transit at year-end that is owned by an auditee company (the buyer) that is not physically on hand at the auditee’s premises
FOB destination: terms of sale indicating that title to goods sold transfers from seller to buyer when the goods reach the buyer’s destination; can give rise to an amount of inventory-in-transit at year-end that is owned by an auditee company (the seller) that is not physically on hand at the auditee’s premises
two-direction testing: audit control over both completeness in one direction and validity in the other
WWW.TEX-CETERA.COM
572
PART 3
Performing the Audit
in Exhibit 11–2 were achieved. Appendix 11A illustrates internal control questionnaires used in deciding on the extent of the testing in Exhibit 11–4. (This exhibit is very general and not affected by whether manual or IT-based procedures are used to record a transaction.) Exhibits 11–5 and 11–6 will later illustrate two of the substantive audit programs that would be affected by the control testing results illustrated in Exhibit 11–4.
EXHIBIT 11–4
Control Tests for Sales, Cash Receipts, and Receivables* CONTROL OBJECTIVE A. Sales 1. Select a sample of shipping documents: (a) Scan for missing numbers.
Completeness
(b) Trace to related sales invoices.
Completeness
2. Scan sales invoices for missing numbers in the sequence.
Completeness
3. Select a sample of recorded sales invoices (sales journal): (a) Perform recalculations to verify arithmetic accuracy.
Accuracy
(b) Vouch to supporting shipping documents. Note dates and quantities.
Validity Accuracy Proper period
(c) Vouch prices to approved price lists.
Authorization
(d) Vouch credit approval.
Authorization
B. Cash Receipts 1. Select a sample of recorded cash receipts (cash receipts journal): (a) Vouch to deposit slip and remittance list.
Validity
(b) Trace to bank statement.
Validity
2. Select a sample of remittance lists (or daily cash reports): (a) Trace to cash receipts journal.
Completeness
(b) Trace to bank statement.
Accuracy
C. Accounts Receivable 1. Select a sample of customers’ accounts: (a) Vouch debits to supporting sales invoices.
Validity
(b) Vouch credits to supporting cash receipts documents and approved credit memos.
Validity
2. Select a sample of credit memos: (a) Review for proper approval.
Authorization
3. Observe mailing of monthly customer statements.
Validity
* Auditors will assess the control environment and general controls over the accounting process at an overall level to ensure proper procedures are performed and the general ledger and subledger processing of sales invoices, credit memos, and cash receipts is accurate and complete.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
573
Summary: Control Risk Assessment The auditor must evaluate the evidence obtained from an understanding of the internal control structure and from control tests (phases 1 and 2 of the control evaluation, as explained in Chapter 9). The tests set out in Exhibit 11–4 might show that control objectives are being met, and then control risk can be assessed as being low. On the other hand, the tests might reveal weaknesses, such as posting sales without shipping documents, charging customers the wrong prices, or recording credits to customers without supporting credit memos. In that case, control risk will be assessed as high and little reliance can be placed on controls. If a low control risk is assessed, auditors can rely on the effectiveness of the controls to reduce the risk of material misstatement. In this case, the substantive audit procedures on the account balances can be performed in cost-saving ways. For example, the accounts receivable balances can be confirmed at a date prior to the year-end when more audit staff have time available, and the sample size can be fairly small. If tests of controls reveal weaknesses, control risk is assessed high and the substantive procedures will need to be more extensive and provide more assurance, to lower the risk of failing to detect material error in the account balances. For example, the confirmation procedure may need to be scheduled on the year-end date with an extensive sample of customer accounts. Descriptions of control deficiencies, weaknesses, and inefficiencies are incorporated in a management letter to auditee management. Significant control deficiencies must also be communicated to those charged with governance.
Standards Check CAS 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management 6.
9. 10.
(b) Significant deficiency in internal control—A deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. (Ref: Para. A5) The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (Ref: Para. A12–A18, A27) The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis (Ref: Para. A19, A27) (a) In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and (Ref: Para. A14, A20–A21) (b) Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention. (Ref: Para. A22–A26)
Source: CPA Canada Handbook—Assurance, 2014.
Accounts Receivable Confirmation Findings and Prior Control Assessment Accounts receivable confirmation is a substantive procedure designed to obtain evidence of the existence and gross amount (valuation) of customers’ balances directly from the customer. If such confirmations show numerous exceptions, however, auditors will be concerned with the controls over the details of sales and cash receipts transactions, even if previous control assessment seemed to show little control risk. This indicates a reassessment of control risk that may call for additional substantive procedures.
WWW.TEX-CETERA.COM
574
PART 3
Performing the Audit
Review Checkpoints 11-17 What account balances are included in the revenues, receivables, and receipts process? 11-18
What specific control policies and procedures (in addition to separation of duties and responsibilities) should be in place and operating in a control structure governing revenue recognition and cash accounting?
11-19 What is a walk-through of a sales transaction? How can the walk-through procedure complement the use of an internal control questionnaire? 11-20 What are the two important characteristics of a control test? What actions are typically used to perform control tests? 11-21 What is two-direction testing of controls? What are the objectives of two-direction testing in auditing the revenues, receivables, and receipts process?
Example of Linking Risk Assessment to Substantive Audit Procedures for Audit of Cash Account Balance LO3
Explain how the auditor’s risk assessment procedures and control testing link to the key assertions and audit objectives in designing a substantive audit program for the cash account balance.
This section of the chapter presents a detailed exhibit of a substantive audit program, using the EcoPak case. For this exhibit, we choose the cash account balance audit program, since cash is an account that is affected by the revenues, receivables, and receipts process as well as all the other processes. The cash balance audit is usually completed as early as possible in the audit, because knowing that the cash balance is fairly stated is an important foundation for obtaining sufficient appropriate audit evidence overall. Exhibit 11–5 shows how an auditor would respond to a questionnaire by noting the findings from the risk assessments and control testing done to date. These assessments are then the basis for assessing risk, assertion by assertion. Based on the assertion-level risks, the auditor specifies the audit procedures that need to be performed. This is a very challenging exercise in applying professional judgment! The exhibit can give you a realistic idea of how auditors respond to their risk assessments at the assertion level by obtaining reliable evidence that is relevant to the higher-risk assertions in each account balance and transaction stream. The example program is comprehensive and includes some procedures that might not be performed if the risk of material misstatement for the related assertion is quite low. Many auditors prefer to use comprehensive audit program templates to start off, however, as it can give them another chance to think through their prior decisions about risk and evaluate the costs and benefits of performing audit procedures. Sometimes, a simple and quick procedure can provide good evidence. This is often the case for the cash balance, the account we will be looking at in this exhibit. Auditors find it worthwhile to do a very thorough audit of cash, because most operating transactions run through the cash balance, and because the consequences of missing a big misstatement here would be so devastating to the auditor’s reputation (the Parmalat audit failure described in the box after the exhibit is a good example). So, many auditors will decide to obtain confirmation of every bank account, even those with small balances or minimal activity during the audited period. On the other hand, for more costly, time-consuming procedures, such as confirmation of accounts receivable balances, auditors may decide to limit their extents or not perform the procedure at all if they assess the risk as very low.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
575
Dairy Foods Giant Parmalat Goes Sour—Where Was That $4.9 Billion in Cash? The accounting calamity at Italian dairy foods giant Parmalat was one of the largest financial frauds in history. In the investigation, Italian prosecutors discovered that managers simply invented assets to offset as much as $16.2 billion in liabilities and falsified accounts over a 15-year period. Some of Parmalat’s assets were supposedly held in a $4.9 billion Bank of America account of a Parmalat subsidiary in the Cayman Islands. Auditors first inquired about the Cayman Islands account in December 2002 and received a letter on Bank of America stationery in March 2003 confirming the existence of the account. The letter was apparently a forgery, concocted by someone in Parmalat’s Italian headquarters. The very size of the alleged account should have raised a red flag. “Things have been strange at Parmalat since the mid-1980s,” says one senior investment banker, who avoided all business with the company. “It smelled bad.” As the fast-growing dairy group returned time and again to the corporate debt market—issuing some $8 billion in bonds between 1993 and 2003—analysts, investment bankers, and fund managers all began questioning Parmalat’s strange hunger for debt despite its apparent mountain of cash. For its part, Parmalat’s auditor claimed that the “letter” from Bank of America vouching for the cash was a forgery good enough to fool them into approving the falsified accounts. The audit firm claims that it too was the “victim” of a fraud. But investigating magistrates say that, according to former finance officials with Parmalat, the auditor used Parmalat’s internal mail to request financial information, rather than dealing with banks or other parties directly. If so, it would mean that the auditors were not going outside of a closed loop of internal communications to independently scrutinize vital transactions. The Parmalat scandal revealed an alarming lack of transparency at one of Europe’s largest and most global companies. Like many companies in Europe, Parmalat is family controlled through a chain of holding companies, making corporate governance and supervision by regulators more difficult. The Parmalat board, consisting overwhelmingly of family members and Parmalat insiders, wasn’t prone to raising questions. Sources: businessweek.com/stories/2004-01-11/how-parmalat-went-sour; businessweek.com/stories/2004-01-25/the-milk-just-keeps-on-spilling-at -parmalat; “Milking Lessons,” economist.com/node/2320134.
The audit program starts off with the auditor’s risk assessments from the planning stages, and the auditor’s conclusions based on performing the control tests (such as those set out in the example in Exhibit 11–4). The control test results allow the auditor to conclude on the control risk level that is appropriate for deciding on the nature, timing, and extent of the substantive procedures that should be performed to reduce the risk of not detecting a material misstatement to an acceptably low level. A detailed audit program such as the one shown in Exhibit 11–5 shows the list of procedures describing the “nature” of each (this refers to the kinds of evidence-gathering methods to be used), the planned “extents” (this could be a sample size, or an indication that all the relevant items will be looked at), and the “timing” (when the auditors plan to perform the procedure, which could be at the period-end date in the case of procedures such as cutoff and counts; during the field work visits for procedures such as those involving analysis, confirmations, and examination of source documents; or at the audit report date for such procedures as obtaining management’s final representations about the accounts). Looking more closely at the responses in Exhibit 11–5, we see that the audit senior, Donna, has recorded the assessments of risk at the assertion level based on the overall risk assessment procedures and control tests performed to date. We assume she concluded that there is a moderate risk of fraud in this account and that risk at the overall financial statements level is also moderate, based on the overall assessment performed earlier in the planning and approved by the engagement partner. The audit file index references (e.g., “522” in red) indicate where the risk-assessment work and conclusions have been documented in the audit file. The index references are based on the audit-file indexing example shown in Appendix 11C (available on Connect).
WWW.TEX-CETERA.COM
576
PART 3
Performing the Audit
EXHIBIT 11–5
Example of Substantive Audit Program Responding to Assessed Risk of Material Misstatement AUDIT PROGRAM AUDITEE: ECOPAK INC.
FILE INDEX: A-100
FINANCIAL STATEMENT PERIOD: y/e DECEMBER 31, 20X1 ACCOUNT: CASH BALANCE Consider risk assessment findings:
High
Moderate
Low
√
√
√
High
Moderate
Low
Provide specific risk description or audit file documentation reference:
What fraud risk level has been assessed related to this account (e.g., theft of assets, unrecorded or fictitious transactions, inappropriate journal entries)?
√
No indicators of fraud have been noted by staff, but cash is vulnerable to fraud so risk is more than low. [Ref: 522]
What is the assessed risk level for this account at the financial statement level (e.g., consider business risks, entity-level control environment, risk assessment and monitoring, general IT controls, management override, going-concern risks, related party transactions)?
√
See overall risk assessment at financial statement level. [520]
What is the assessed inherent risk level at the assertion level for
High
Moderate
√
Completeness?
√
Ownership? Valuation? If tests of key controls have been conducted, what is the assessed control risk? (Note: If no controls were tested, control risk must be assessed as “high.”)
√ High
Moderate
√ √ High
Moderate
Low
[605]
√
Existence
√
Completeness Ownership Valuation Presentation
[585]
√
Ownership Presentation
Low
√
Completeness
Reduce residual detection risk by performing substantive procedures.
√
√
Existence
Valuation
[584]
√
Existence?
Presentation?
Low
√
√
WWW.TEX-CETERA.COM
√
(continued)
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
577
EXHIBIT 11–5
Example of Substantive Audit Program Responding to Assessed Risk of Material Misstatement (continued) Substantive audit program in response to assessed risks: Substantive audit procedures
Assertions for CASH: evidence is related to [E, C, O, V, P*]
Timing
Extent (if applicable)
Working paper documentation reference
1. Prepare a “Lead Sheet” with a list of all cash accounts and current and prior period balances. Tie current balances into period-end general ledger. Agree prior balances to prior period audit file and financial statements, if available.
E, C, V
Feb. 20X2
100%
A-1
2. Analytical procedures: Develop expectations for cash balances and interest income/expense, based on inquiries and your understanding of the business. Inquire about any unusual cash transactions or balances.
E, C, V
Feb. 20X2
N/A
A-10
3. Obtain confirmations from all banks auditee has dealt with (request from banks using standard bank confirmation form).
E, C, O, V, P
Jan. 20X2
100%
A-20
4. Review the bank confirmation for loans, collateral, or guarantees.
P
Feb. 20X2
100%
A-20
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce risk of material misstatement to an acceptable level.)
Feb. 20X2
5. Obtain auditee-prepared reconciliations of all bank accounts. For each bank account, perform the following:
A-30
(a) Trace the bank balance on the reconciliation to the bank confirmation.
E, C, O, V
100%
A-30
(b) Trace the reconciled book balance to the general ledger.
E, C, V
100%
A-30
(c) Verify a sample of outstanding cheques and outstanding deposits to source documents.
V
10 largest cheques 100% of deposits
A-30
(d) Recalculate the arithmetic on auditee-prepared bank reconciliations.
V
100%
A-30
100%
A-31
Reviewed online bank account detail under audit control as of Feb. 6, 20X2.
A-40
(e) Ensure all differences are explained by valid timing E, C, O, V, P differences or bank errors, or are adjusted by appropriate journal entries. 6. Ask the auditee to request cutoff bank statements for a period after the financial statement date (e.g., two weeks or one month), to be mailed directly to the audit firm; in a low-risk audit, an account detail report directly from the auditee’s online banking can be used.
E, C, O, V, P
Feb. 20X2
(a) Trace deposits in transit on the reconciliation to bank deposits early in the next period.
E
100%
A-40
(b) Trace outstanding cheques on the reconciliation to cheques cleared in the next period.
C
10 largest cheques
A-40
(continued)
WWW.TEX-CETERA.COM
578
PART 3
Performing the Audit
EXHIBIT 11–5
Example of Substantive Audit Program Responding to Assessed Risk of Material Misstatement (continued) (c) Prepare a schedule of interbank transfers for a period of 10 business days before and after the year-end date. Verify that the dates of book entries for these transfers agree with bank entries and reconciliation items, if any, to ensure amounts are only counted in the cash balance once.
E, C
Feb. 20X2
10 days
A-40
(d) If any material outstanding cheques at period-end have not cleared by the end of the audit field work, confirm the related disbursements with the payee.
C
End of field work
100%
n/a (none)
7. If significant amounts of cash are held outside bank accounts at period-end, count cash funds in the presence of an auditee representative.
E, C, O, V
Dec. 31, 20X1
100%
n/a (none)
8. Inquire if any outstanding cheques have been prepared but not mailed at period-end, verifying if these are material and should be reclassified as accounts payable.
E, P
Dec. 31, 20X1
100%
Inquired of Nina, CFO none (representation letter point 350)
9. Ensure all foreign currency cash balances have been translated to reporting currency at the correct period-end rate.
V
Dec. 31, 20X1
100%
A-1 All bank accounts CDN$
10. Ensure all cash is properly presented on the balance sheet and in the cash flow statement.
P
Mar. 20X2
100%
120
11. Ensure all required disclosures related to cash balances and banking terms are provided in the financial statement notes.
P
Mar. 20X2
100%
120
12. Obtain written management representations on matters such as compensating balance agreements, debt covenants, restrictions on cash, or other disclosure issues.
P
Audit report date
350
AUDITOR’S CONCLUSIONS Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the CASH BALANCE is acceptably low. Prepared by Donna Ladona
Date Feb. 12, 20x2
Reviewed by Tariq Khan
Date Feb. 14, 20x2
* E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
For the inherent risk assessments, Donna has concluded that, ignoring controls, there is a moderate inherent risk that cash might be misstated by errors, such as not recording cash EcoPak has paid out (the cash therefore does not exist any more from EcoPak’s perspective), not recording cash received (therefore, EcoPak’s cash balance is not complete), or not deducting outstanding cheques issued from the bank account in the bank reconciliation (the cash is now “owned” by the payee on the cheque, not by EcoPak). Assuming EcoPak has only Canadian dollar bank accounts, she has assessed a low inherent risk for valuation. For presentation, she has assessed a high inherent risk, which we can assume is based on such concerns as inaccuracies arising in a manual preparation of the cash flow statement and disclosure of complex banking arrangements, since EcoPak relies quite heavily on bank lines of credit for its operating and financing cash needs. Her reference to file index “584” indicates a working paper where these assessments are explained in more detail. Turning to Donna’s control risk assessments, we can note that—based on testing the identified strengths in controls relating to existence, completeness, and valuation—Donna has concluded that control risk is lower
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
579
for these assertions, such that further substantive procedures related to those assertions can be fairly limited. However, in the case of valuation and presentation, where controls were not tested, more extensive tests of details and other substantive procedures are performed, since the auditors have no basis for reducing their reliance on substantive evidence. Despite what the actual control risk is in such cases, if they are not tested the auditor simply proceeds on the basis that the control risk is high. Based on the inherent and control risk assessments, Donna has determined how much residual detection risk is left. This residual risk must be reduced by the auditors’ detection procedures: gathering substantive evidence to bring the risk of material misstatement down to the acceptable level for the audit (i.e., the planned acceptable audit risk level (acceptable audit risk level)). In the case of the existence, completeness, and ownership assertions, Donna assessed a moderate inherent risk of material misstatement, and the assessed combined risk of material misstatement was lowered considerably by strong controls (low control risk). This means there is little risk left and only limited substantive procedures are required (in comparison, say, to another audit where these controls were not as effective). For the valuation assertion, inherent risk was assessed to be low, but no controls were tested in relation to it, so some moderate substantive evidence still needs to be obtained to make sure the cash valuation is appropriate. In the case of the presentation assertion, this was assessed with a high inherent risk, and no controls were tested for it, so all the assurance required will need to come from substantive sources. Using her assertion-level risk assessments, Donna is now in a position to identify the procedures required to obtain the required substantive evidence to support her conclusion on EcoPak’s year-end cash balance. Based on the risk assessments, in the detailed substantive program section of Exhibit 11–5, Donna has selected appropriate types of substantive tests and procedures and decided on how extensive the procedures need to be, as well as the optimal time to perform the procedures. This substantive audit program form is also used to summarize the audit findings by providing reference to the audit file pages where the work is documented, and to record the auditor’s final conclusion based on the evidence obtained. You can appreciate how the audit program illustrated in Exhibit 11–5 helps the audit firm schedule staff to perform the work; gives the staff assigned to do the work a very helpful set of instructions to follow; and gives the audit manager and partner a concise, efficient way to review the adequacy of the audit work performed.
Substantive Audit Programs for the Revenues, Receivables, and Receipts Process LO4
Describe the typical substantive procedures used to address the assessed risk of material misstatement in the main account balances and transactions in the revenues, receivables, and receipts process.
This section provides further examples of substantive procedures that are used for other elements of the revenues, receivables, and receipts process of a typical business. These examples are concise lists of basic substantive procedures, along with the related assertions they address. Exhibit 11–6 shows a program for auditing accounts receivable and notes receivable account balances, and Exhibit 11–7 is a program for auditing revenue transactions. Unlike Exhibit 11–5, the programs illustrated in Exhibits 11–6 and 11–7 are generic; they are not tailored to a specific engagement’s risk. It is important to note that the full risk assessment illustrated in Exhibit 11–5 would always be done in each audit program to design an appropriate set of audit procedures linked to the assessed risks at the assertion level in each auditee’s specific circumstances. planned acceptable audit risk level (acceptable audit risk level): the level of audit risk determined by the auditor at the planning stage to be acceptable based on engagement characteristics, achieved by performing control tests and substantive procedures that lower audit risk to the acceptable level
WWW.TEX-CETERA.COM
580
PART 3
Performing the Audit
EXHIBIT 11–6
Audit Program for Accounts and Notes Receivable: Selected Substantive Procedures AUDITEE: ECOPAK INC.
FILE INDEX: C-100
FINANCIAL STATEMENT PERIOD: y /e DECEMBER 31, 20X1 ACCOUNT: ACCOUNTS & NOTES RECEIVABLE BALANCES
Substantive audit program in response to assessed risks: Substantive audit procedures
Assertions for ACCOUNTS & NOTES RECEIVABLE: evidence is related to [E, C, O, V, P*]
Timing
Extent Working paper (if applicable) documentation reference
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce the risk of material misstatement to an acceptable level.) 1. Obtain an aged trial balance of individual customer accounts. Recalculate the total and trace to the general ledger control account.
E, C
2. Send confirmations to all accounts over $X. Select a random sample of all remaining accounts for confirmation.
E, C, V
(a) Investigate differences reported by customers. (b) Perform alternative procedures on accounts that do not respond to positive confirmation requests. (i) Vouch cash receipts after the confirmation date for subsequent payment. (ii) Vouch sales invoices and shipping documents. 3. Evaluate the adequacy of the allowance for doubtful accounts.
V
(a) Vouch a sample of current amounts in the aged trial balance against sales invoices to determine whether amounts aged current should be aged past due. (b) Compare the current-year write-off experience to the prioryear allowance. (c) Vouch cash receipts after the balance sheet date for collections on past-due accounts. (d) Obtain financial statements or credit reports and discuss collections on large past-due accounts with the credit manager. (e) Calculate an allowance estimate using prior relations of write-offs and sales, taking under consideration current economic events. 4. Review the bank confirmations, loan agreements, and minutes of the board for indications of pledged, discounted, or assigned receivables.
O, P
5. Inspect or obtain confirmation of notes receivable.
E, C, V
6. Recalculate interest income and trace to the income account.
V (continued)
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
581
EXHIBIT 11–6
Audit Program for Accounts and Notes Receivable: Selected Substantive Procedures (continued) 7. Obtain written management representations regarding pledge, discount, or assignment of receivables, and about receivables from officers, directors, affiliates, or other related parties.
E, C, O, V, P
8. Review the adequacy of control over recording of all charges to customers (completeness) audited in the sales transaction test of controls audit program.
C, V
AUDITOR’S CONCLUSIONS Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the ACCOUNTS & NOTES RECEIVABLE BALANCES is acceptably low. Prepared by _________________________________
Date _________________________________
Reviewed by _________________________________
Date _________________________________
* E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
EXHIBIT 11–7
Audit Program for Sales Revenue Transactions: Selected Substantive Procedures AUDITEE: ECOPAK INC.
FILE INDEX: 705
FINANCIAL STATEMENT PERIOD: y/e DECEMBER 31, 20X1 ACCOUNT: SALES REVENUES TRANSACTIONS Substantive audit program in response to assessed risks: Substantive audit procedures
Assertions for REVENUES evidence is related to [E, C, O, V, P*]
Timing
Extent (if applicable)
Working paper documentation reference
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce the risk of material misstatement to an acceptable level.) 1. Select a sample of recorded sales invoices and vouch to underlying shipping documents.
E, V, O
2. Select a sample of shipping documents and trace to sales invoices.
C
3. Obtain production records of physical quantities sold and calculate an estimate of sales dollars based on average sale prices.
V
4. Compare revenue dollars and physical quantities with prior-year data and industry economic statistics.
E, C, V
5. Select a sample of sales invoices prepared a few days before and after the balance sheet date and vouch to supporting documents for evidence of proper cutoff.
E, C
6. Review accounting policies for revenue recognition and ensure they comply with the company’s financial reporting framework and are properly disclosed.
P
AUDITOR’S CONCLUSIONS Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the REVENUES is acceptably low. Prepared by _________________________________
Date _________________________________
Reviewed by _________________________________
Date _________________________________
* E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
WWW.TEX-CETERA.COM
582
PART 3
Performing the Audit
The audit of the revenues, receivables, and receipts processes verifies that there is no material misstatement in the balance of accounts receivable and the two transaction streams that run through it—revenues and cash receipts. By focusing on the balance sheet account of the process, we can analyze the accounts receivable balance changes and the financial statement items related to them by studying the continuity of the accounts receivable account over the period being audited.
Analysis of Financial Statement Relationships A continuity schedule is a working paper that shows the movements in the account balances and the other financial statement amounts that should tie in with them. Exhibit 11–8 illustrates a continuity schedule for the accounts receivable balance. As these relationships illustrate, procedures to audit the revenues, receivables, and receipts allow assessment of whether all components of this system are reported accurately in the financial statements. These relationships also indicate analytical procedures that can detect material misstatements. For example, the ratios measuring collection period or number of days of sales in accounts receivable can indicate non-existent sales revenues or receivables that are not likely to be collected.
EXHIBIT 11–8
Continuity Schedule for the Accounts Receivable Balance AUDITED AMOUNT
FINANCIAL STATEMENT WHERE AMOUNT IS REPORTED
Opening balance of accounts receivable
Balance sheet (prior-year comparative figures)
Add: Revenues from credit sales
Income statement (component of total revenues)
Deduct: Cash received against accounts receivable
Cash flow statement (direct method)
Deduct: Uncollectible accounts written off
Balance sheet (change in allowance for doubtful accounts)*
Ending balance of accounts receivable
Balance sheet (current-year figures)
*The bad debt expense and the allowance for doubtful accounts balance can be analyzed using the same technique. Question EP 11-7 at the end of the chapter asks you to provide the continuity schedule for the allowance for doubtful accounts and to identify the related financial statement items that it will have to be agreed to in the audit file.
Misstatement Analysis The financial statement relationships noted in the section above can also be used to analyze the impact of misstatements discovered in the audit. For example, consider the impact if the following cutoff error occurs: a cash receipt that was received on December 31, 20X1, was not recorded until January 2, 20X2. In the continuity schedule in Exhibit 11–8, the cash receipts transaction total deducted from accounts receivable will be too small, leading to an overstatement of accounts receivable (and an understatement of the cash balance). As another example, consider if a sale on account for $13,000 was recorded on December 31, 20X1, and the auditor’s cutoff testing revealed the shipment did not occur until the first week of the following year. In this case, sales revenues in the income statement will be overstated. Also, the amount of revenues added to the accounts receivable balance in Exhibit 11–8 will be overstated by $13,000, leading to an overstatement
continuity schedule: a working paper that shows the movements in an account balance from the beginning to the end of the period under audit; used to analyze the account balance changes and the other financial statement items related to them
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
583
in the balance sheet. The misstatement will also affect the inventory and cost of sales—assuming a gross margin of 40%, the inventory and cost of sales will be understated by $7,800. As required by CAS 450, the auditor must accumulate misstatements identified during the audit, other than those that are clearly trivial. A worksheet used for this purpose is illustrated in Exhibit 16–1 of Chapter 16. This sales cutoff error will be carried forward, as well as the related error in inventory cutoff. The accumulated misstatements worksheet shows the impact of all misstatements on the balance sheet and income statement and sets out the debits and credits of proposed adjusting entries to correct them, if management chooses to do so.
Special Note: The Existence Assertion LO5
Explain the importance of the existence assertion for the audit of cash and accounts receivable.
When considering assertions and obtaining evidence about accounts receivable and other assets, auditors must emphasize the existence and ownership (rights) assertions. (For liability accounts, the emphasis is on the completeness assertion, as will be explained in Chapter 12.) This priority is placed on existence because many audit failures are due to auditors giving a clean audit opinion on financial statements that have overstated assets and revenues and understated expenses. For example, credit sales recorded too early (fictitious sales) result in overstated accounts receivable and overstated sales revenue, and failure to amortize prepaid expenses results in understated expenses and overstated current assets. Identifying the population of assets to audit for existence and ownership is easy because the company has asserted the assets’ existence by putting them on the balance sheet. The audit procedures described in the following sections can be used to obtain evidence about the existence and ownership of accounts receivable and other assets.
Recalculation Assets that depend largely on calculations are best audited by using recalculation procedures. For example, expired prepaid expenses are recalculated using vouching of basic documents, such as loan agreements (prepaid interest), rent contracts (prepaid rent), and insurance policies (prepaid insurance). Depreciation expenses are recalculated using original acquisition and payment documents and term (useful life) estimates. A bank reconciliation is a special kind of calculation, and it can be audited. (There is a special note on auditing a bank reconciliation later in this chapter.)
Inspection of Physical Assets Inventories and fixed assets can be inspected and counted (there is more on inventory observation in Chapter 12). Titles to automobiles, land, and buildings can be vouched, sometimes using public records. Petty cash and undeposited receipts can be observed and counted, but the cash in the bank cannot. Securities held as investments can be inspected if documents are held by the auditee.
Confirmation Letters of confirmation can be sent to banks and customers, asking for a report of the balances owed to the company. Likewise, if securities held as investments are in the custody of banks or brokerage houses, the custodians can be asked to report the names, numbers, and quantity of the securities held for the company. In some cases, inventories held in public warehouses or out on consignment can be confirmed with the other party. (Refer to the special note on confirmations later in this chapter.)
Inquiry While inquiries to management do not provide convincing evidence about existence and ownership, inquiries should always be made about the company’s agreements to maintain compensating cash balances
WWW.TEX-CETERA.COM
584
PART 3
Performing the Audit
(these restricted cash amounts cannot be classifiable as “cash” among the current assets), the pledge or sale of accounts receivable with recourse in connection with financings, and the pledge of other assets as collateral for loans.
Inspection of Documents: Vouching Evidence of ownership can be obtained by vouching the title documents for assets. Examination of loan documents may yield evidence of the need to disclose assets pledged as loan collateral.
Inspection of Documents: Scanning Assets are supposed to have debit balances, and auditors can scan accounts receivables, inventory, and fixed assets for credit balances that usually reflect errors in the recordkeeping, for example, customer overpayments, failure to post purchases of inventory, and depreciation of assets by more than cost. The names of debtors can be scanned for officers, directors, and other related parties, to identify related party balances that need to be reported and disclosed separately in the financial statements.
Analysis A variety of analytical comparisons may be employed, depending on the circumstances and the nature of the business. Comparisons of asset and revenue balances with recent history may help detect overstatements. Relationships such as receivables turnover, gross margin ratio, and sales-asset ratios can be compared with historical data and industry statistics for evidence of overall reasonableness. Account interrelationships can also be used in analytical review. For example, sales returns and allowances and sales commissions generally vary directly with dollar sales volume, bad debt expense usually varies directly with credit sales volume, and freight expense varies with the physical sales volume. Accounts receivable write-offs should be compared with earlier estimates of doubtful accounts.
Review Checkpoints 11-22 Why is it important to emphasize the existence and ownership (rights) assertions when auditing cash and accounts receivable? 11-23 Which audit procedures are usually the most useful for auditing the existence and ownership (rights) assertions? Give some examples.
Special Note: Using Confirmations LO6
Identify considerations for using confirmations when auditing cash and accounts receivable.
The confirmation audit procedure was introduced in Chapter 8. This special note gives some details about using confirmations in the audit of cash and accounts receivable. The use of confirmations for cash balances and trade accounts receivable is considered a generally accepted auditing standard.3 However, auditors may decide not to use them if suitable alternative procedures are available and applicable in particular circumstances. Justifications for the decision not to use confirmations for trade accounts receivable in a particular audit should be documented. Acceptable reasons could be that (1) receivables are not material; (2) confirmations would be ineffective, based on prior years’ experience or knowledge that responses could be unreliable; and (3) other substantive test of details procedures provide sufficient appropriate evidence, and the assessed combined level of inherent risk and control risk associated with the financial statement assertions being audited is low.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
585
Standards Check CAS 505 External Confirmations External Confirmation Procedures 7.
When using external confirmation procedures, the auditor shall maintain control over external confirmation requests, including (a) Determining the information to be confirmed or requested; (Ref: Para. A1) (b) Selecting the appropriate confirming party; (Ref: Para. A2) (c) Designing the confirmation requests, including determining that requests are properly addressed and contain return information for responses to be sent directly to the auditor; and (Ref: Para. A3–A6)
(d) Sending the requests, including follow-up requests when applicable, to the confirming party. (Ref: Para. A7). 13. If the auditor has determined that a response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence, alternative audit procedures will not provide the audit evidence the auditor requires. If the auditor does not obtain such confirmation, the auditor shall determine the implications for the audit and the auditor’s opinion in accordance with CAS 705. (Ref: Para. A20). Source: CPA Canada Handbook—Assurance, 2014.
Simple Analytical Comparison The auditors prepared a schedule of the monthly credit sales totals for the current and prior years. They noticed several variations, but one, in November of the current year, stood out in particular. The current-year credit sales were almost twice those of any prior November. Further investigation showed that a computer error had caused the November credit sales to be recorded twice in the control accounts. The accounts receivable and sales revenue were materially overstated as a result.
A Decision Not to Use Accounts Receivable Confirmations Surepart Manufacturing Company sold all its production to three auto manufacturers and six aftermarket distributors. All nine of these customers were well-known companies that typically paid their accounts in full by the 10th day of the following month. The auditors were able to vouch the cash receipts for the full amount of the accounts receivable in the bank statements and cash receipts records in the month following the Surepart year-end. Confirmation evidence was not considered necessary in these circumstances as the risk of material misstatement was deemed to be very low.
Confirmations of Cash and Loan Balances The standard bank confirmation form shown in Exhibit 11–9 is used to confirm deposit and loan balances. The exhibit shows the blank form that would be sent by the auditee to its bank and an illustration of a completed form returned from the bank for the EcoPak case. A word of caution is in order: while financial institutions may note exceptions to the information typed in a confirmation and may confirm items omitted from it, the auditor should not rely solely on the form to satisfy the completeness assertion, insofar as cash and loan balances are concerned. Officers and employees of financial institutions cannot be expected to search their information systems for balances and loans that may not be immediately evident as assets and liabilities of the auditee company. However, it is a good idea to get bank confirmation of zero balances on accounts the company represents as closed during the year. (If a non-zero balance is confirmed, the auditors have evidence that some asset accounting has been omitted in the company records.)
WWW.TEX-CETERA.COM
586
PART 3
Performing the Audit
EXHIBIT 11–9
Bank Confirmation Form Blank Bank Confirmation Form Sent to EcoPak’s Bank:
Bank Confirmation Areas to be completed by client are marked §, while those to be completed by the financial institution are marked †. CLIENT (LEGAL NAME) §
FINANCIAL INSTITUTION § (Name, branch, and full mailing address)
The financial institution is authorized to provide the details requested herein to the below-noted firm of accountants § Client’s authorized signature Please supply copy of the most recent credit facility agreement (initial if required) §
CONFIRMATION DATE § (All information to be provided as of this date) (See Bank Confirmation Completion Instructions)
1. LOANS AND OTHER DIRECT AND CONTINGENT LIABILITIES (If balances are nil, please state)
NATURE OF LIABILITY/ CONTINGENT LIABILITY †
INTEREST (Note rate per contract) RATE †
DATE PAID TO †
DATE OF DUE DATE † CREDIT FACILITY AMOUNT AND CURRENCY OUTSTANDING † AGREEMENT †
ADDITIONAL CREDIT FACILITY AGREEMENT(S) Note the date(s) of any credit facility agreement(s) not drawn upon and not referenced above †
2. DEPOSITS/OVERDRAFTS TYPE OF ACCOUNT §
ACCOUNT NUMBER §
INTEREST RATE §
ISSUE DATE (If applicable) §
MATURITY DATE (If applicable) §
AMOUNT AND CURRENCY (Brackets if Overdraft) †
EXCEPTIONS AND COMMENTS (See Bank Confirmation Completion Instructions)†
STATEMENT OF PROCEDURES PERFORMED BY FINANCIAL INSTITUTION † The above information was completed in accordance with the Bank Confirmation Completion Instructions.
BRANCH CONTACT Authorized signature of financial institution
Name and telephone number
Please mail this form directly to our public accountant in the enclosed addressed envelope. Name: Address:
Telephone: Fax:
(continued)
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
EXHIBIT 11–9
Bank Confirmation Form (continued) Bank Confirmation Form Completed and Returned to Auditor by Bank Official for EcoPak:
Bank Confirmation Areas to be completed by client are marked §, while those to be completed by the financial institution are marked † ECOPAK INC. 22 Industrial Avenue Townville BC V3B 2C1 The financial institution is authorized to provide the details requested herein to the below-noted firm of accountants
FINANCIAL INSTITUTION § (Name, branch, and full mailing address)
CLIENT (LEGAL NAME) §
WEST COUNTRY BANK Main Branch 100 King Street Townville BC V4E 5F6
Mina Amine § Client’s authorized signature Please supply copy of the most recent credit facility agreement (initial if required) §
CONFIRMATION DATE December 31, 20X1 (All information to be provided as of this date) (See Bank Confirmation Completion Instructions)
1. LOANS AND OTHER DIRECT AND CONTINGENT LIABILITIES (If balances are nil, please state)
NATURE OF LIABILITY/ CONTINGENT LIABILITY † §2,000,000 Operating Line of Credit Account # 0995-1622
INTEREST (Note rate per contract) RATE †
DATE PAID TO †
Prime plus 1%
DATE OF DUE DATE † CREDIT FACILITY AMOUNT AND CURRENCY OUTSTANDING † AGREEMENT †
N/A
March 12, 20X1
nil
ADDITIONAL CREDIT FACILITY AGREEMENT(S) Note the date(s) of any credit facility agreement(s) not drawn upon and not referenced above † 2. DEPOSITS/OVERDRAFTS TYPE OF ACCOUNT §
ACCOUNT NUMBER §
INTEREST RATE §
Current
189168461
nil
Money Market
520153615
variable
730844022
nil
US$ Current
ISSUE DATE (If applicable) §
MATURITY DATE (If applicable) §
AMOUNT AND CURRENCY (Brackets if Overdraft) † $368,202.11 $505,000.00 $1,612.98
EXCEPTIONS AND COMMENTS (See Bank Confirmation Completion Instruction)†
STATEMENT OF PROCEDURES PERFORMED BY FINANCIAL INSTITUTION † The above information was completed in accordance with the Bank Confirmation Completion Instructions.
BRANCH CONTACT Authorized signature of financial institution
Name and telephone number
Please mail this form directly to our public accountant in the enclosed addressed envelope. Name: Meyer & Gustav, LLP Address: 200 Avenue Street Townville BC V7H BJ9 Telephone: 555 666 7777 Fax: 555 666 7778
SIGNATURE GUARANTEED West Country Commercial Banking Townville Commercial Centre 100 King Street, 12th Floor Townville BC V4E 5F6 ......... ... .... . ... ....Manager
Source: Developed by the Canadian Bankers Association and the Canadian professional accounting bodies.
WWW.TEX-CETERA.COM
587
588
PART 3
Performing the Audit
The auditor should also be alert for evidence of transactions with banks or bank accounts other than those for which there are general ledger accounts. For example, loan documents or cheques written on other banks may come to light during scanning or other document examination procedures. Inquiries of management should be made to assess whether bank confirmations should be obtained from these banks and whether any financial statement impact exists.
Confirmation of Accounts and Notes Receivable Confirmations provide evidence of existence of accounts and notes receivable. Those to be confirmed should be documented in the working papers with an aged trial balance. A partial aged trial balance is shown in Exhibit 11–10, annotated to show the auditor’s work. Accounts for confirmation can be selected at random or in accordance with another plan consistent with the audit objectives. Statistical methods are useful for determining the sample size, and audit software accessing receivables files could be used to select and print the confirmations. EXHIBIT 11–10
Illustration of Audit Working Paper—Aged Accounts Receivable Trial Balance (Partial) C-20
Prepared
ECOPAK INC. ACCOUNTS RECEIVABLE December 31, 20X1
DD
Date Jan . 12,20X2 Reviewed BP Date Jan 17 20X2 Collection
Aged 30-60 Days
Current Ace Specialties Bakery Supreme Charley Cafes Deli Delites
61-90 Days
Billing errors Adjusted balance
Total
Current
12,337 712
12,337 712
1,906 755
1,486
755
214
531 214
15,000
400,000
12,337 712 1,486
420
Waffles Unlimited Zedd's Balance per books
Over 90 Days
531
335,000
30,000
20,000 (1,000)
(11,000) 324,000
30,000
19,000
Past Due
420
531 214 320,000
25,000
(12,000) 15,000
388,000
Traced to accounts receivable subsidiary ledger Positive confirmation mailed Jan. 4. Replies C-230 No reply to positive confirmation, vouched charges to invoices Traced to general ledger control account Billing error adjustment explained on working paper C-220 Note: See C-220 for analysis of doubtful accounts and our test of reasonableness.
However, confirmations of accounts, loans, and notes receivable may not produce sufficient appropriate evidence regarding the ownership (rights) assertion. Debtors may not be aware that the auditee has sold its accounts, notes, or loans receivable to financial institutions or to the public (as collateralized securities). Auditors need to perform additional inquiry and details procedures to get evidence of the ownership of the receivables and of the appropriateness of disclosures related to financing transactions secured by receivables. Responses that reveal a dispute over the account or unwillingness to pay may also provide some evidence related to the valuation assertion.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
589
Positive and Negative Confirmations Confirmations can be either positive or negative. An example of a positive confirmation of accounts receivable that could be used in the EcoPak audit is shown in Exhibit 11–11. It gives the customer the option of confirming its total balance owing, or of selected invoices if its system makes agreeing the total balance infeasible. A variation of the positive confirmation is the blank form, which does not contain the balance; customers are asked to fill it in themselves. The blank positive confirmation may produce better evidence because the recipients need to get the information directly from their own records instead of just signing the form and returning it with no exceptions noted. (However, the effort involved may result in a lower response rate.) EXHIBIT 11–11
Positive Confirmation Letter
January 12, 20X2 Equality Roasters Accounts Payable Department Quarter Road Campool, BC Dear Sir or Madam: In connection with our audit, our auditors, Meyer & Gustav LLP request confirmation of your account with us. Our records show an amount receivable from you of $125,540.55 as at December 31, 20X1. In the event that your accounting system does not permit confirmation of your entire account balance, please confirm the following items were outstanding and receivable from you at the above date. The amounts listed below represent only a selection of those items making up your total balance. Date Invoice Number Amount ___________________________________________ ___________ October 12, 20X1 December 15, 20X1
101-100567 121-100987
$32,430.00 $79,100.00
If you agree with (a) the above account balance, or (b) the outstanding item(s) set out above, please complete and sign this letter in the space provided below. If you do not agree with the above information, please provide us with the details of any differences. An envelope is enclosed for your convenience in returning this letter to the attention of Donna Ladona at Meyer & Gustav LLP, 200 Avenue Street, Townville, BC. Your early attention to this request will be appreciated. Yours truly, ECOPAK INC. Signed _____________________________ ECOPAK Authorized Officer ____________________________________________________________________________ CONFIRMATION: a) We confirm that the above balance is correct except as noted below:
It’s correct and we have paid the October invoice on January 3, 20X2. _____________________________________________________________
By: J.Java Joey Java , Accounts Payable Manager. _____________________________________________________________ Name, signature, and title b) We confirm that the above invoice(s) was (were) outstanding at [date]: _____________________________________________________________ Name, signature, and title
WWW.TEX-CETERA.COM
590
PART 3
Performing the Audit
Exhibit 11–12 shows an example of a negative confirmation form (since EcoPak’s auditors are assumed to use only positive confirmations, this example is for a different audit). Note that the positive form asks for a response, while the negative form asks for a response only if something is wrong with the balance. Thus, lack of response to negative confirmations is considered as evidence that nothing is wrong. For this reason, CAS 505 states that evidence from negative confirmations is less reliable than evidence from positive confirmations, and it requires that negative confirmations be used only when the risk of misstatement is low and the auditor has reason to believe the recipients will not disregard the request. For example, in the audit of an investment management business (such as the one illustrated in Exhibit 11–12), if the balance of a client’s investment account has been understated, it would be very motivated to respond to the confirmation request to get this error corrected. A customer with an outstanding account payable balance, however, may be less motivated to confirm its liability. So, negative confirmation for accounts receivables is unlikely to provide sufficient appropriate evidence in many audits. EXHIBIT 11–12
Negative Confirmation Letter
January 3, 20X3 Mr. Xavier Riche, President Riche Family Holdings Inc. Suite 5808 Magnifia Tower Toronto, ON Dear Sir: Our auditors, Meyer & Gustav LLP,are making their regular audit of our financial statements. Part of this audit includes direct verification of client balances. PLEASE EXAMINE THE DATA BELOW CAREFULLY AND COMPARE THEM TO YOUR RECORDS OF YOUR INVESTMENT ACCOUNT WITH US. IF OUR INFORMATION IS NOT IN AGREEMENT WITH YOUR RECORDS PLEASE STATE ANY DIFFERENCES IN THE SECTION AT THE BOTTOM OF THIS PAGE AND RETURN DIRECTLY TO OUR AUDITORS IN THE RETURN ENVELOPE PROVIDED. IF THE INFORMATION IS CORRECT, NO REPLY IS REQUIRED. As of December 31, 20X2, we show the following account balance: Investment Name Amount _____________________________________________________________ RSI-High Yield Global Bond Fund $1,062,003.16 Yours truly, Signed _______________________________________________ Rising Sun Investments Inc., Chief Financial Officer ____________________________________________________________________ CONFIRMATION: The above balance does not agree with our records. We show $1,067,779.50 as of Dec. 31, 20X2.
By: Xavier Riche Xavier Riche, President, Riche Family Holdings Inc.
_____________________________________________________________ Name, signature, and title
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
591
Standards Check CAS 505 External Confirmations Negative Confirmations 15. Negative confirmations provide less persuasive audit evidence than positive confirmations. Accordingly, the auditor shall not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: (Ref: Para. A23) (a) The auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion; (b) The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous account balances, transactions, or conditions; (c) A very low exception rate is expected; and (d) The auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests. Source: CPA Canada Handbook—Assurance, 2014.
The positive form is used when individual balances are relatively large or when accounts are in dispute. They may ask for information about either the account balance or specific invoices, depending on knowledge about how customers maintain their accounting records. The negative form is used only when inherent risk and control risk are considered low, when a large number of small balances is involved, and when customers can be expected to consider the confirmations properly. A special positive confirmation letter may be used for possibly inappropriate bill-and-hold transactions. While bill-and-hold sales transactions are not necessarily a GAAP violation when customers have actually requested this arrangement, they have often been associated with financial fraud and should be investigated. The bill-and-hold confirmation is an example of a confirmation request to verify the substance of a transaction from the customer’s point of view. It requests confirmation of the customer’s agreement to be billed and for the auditee to hold the inventory for the time being, to provide evidence that it is appropriate to recognize the revenue.
Controlling Delivery and Receipt of Confirmations Delivering confirmations to the intended recipient is a problem that requires auditors’ careful attention. Auditors need to control the confirmations, including the addresses to which they are sent, to ensure they were not mailed to company accomplices who will provide false responses. Features of the reply, such as postmarks, fax responses, letterhead, email, telephone, or other characteristics that suggest responses are false should be carefully reviewed. Auditors should follow up electronic and telephone responses by returning the call if the number is known, looking up telephone numbers, or using a directory to determine the respondent’s address to verify its origin. Furthermore, with the lack of response to a negative confirmation there is no guarantee that the intended recipient received it, even if the auditor carefully controlled the mailing. Audit firms can use secure third-party confirmation services that will integrate with a firm’s electronic working papers and independently authenticate all participants to the confirmation, with a turnaround time of about 24 hours instead of several weeks.4
bill-and-hold transactions: sales that a customer has asked to be billed/invoiced for but does not want to be shipped immediately; require a special audit confirmation of the details of the customer’s agreement to ensure revenue recognition is appropriate
WWW.TEX-CETERA.COM
592
PART 3
Performing the Audit
The confirmation response rate for positive confirmations is the proportion of the number returned to the number sent. This varies depending on whom the confirmations are sought from, but generally the auditor is aiming at a 100% response. Non-responses are tolerated if the amounts can be verified by other audit procedures. The detection rate for confirmations is the ratio of the number of misstatements reported to auditors in confirmation responses to the number of actual account misstatements. Experience indicates that negative confirmations tend to have lower detection rates than positive confirmations, and detection rates for misstatements favouring recipients (i.e., an accounts receivable understatement) also tend to be less likely. Overall, positive confirmations are considered to be more effective than negative confirmations, but results depend on the type of recipients, the size of the account, and the type of account being confirmed. Confirmation effectiveness depends on attention to these factors and on prior years’ experience with particular accounts. Second and third requests for positive confirmations should be sent to non-respondents. If there is no response or the response specifies an exception to the auditee’s records, alternative substantive procedures should be used to audit the account. These procedures include finding sales invoice copies, shipping documents, and customer orders to verify the existence of sales transactions. They also include finding evidence of customer payments in cash receipts and bank statements. When random sampling is used, all selected accounts in the sample should be audited rather than substituting an easier-to-audit customer account into the sample as a replacement for one that does not respond to a confirmation request. If the amount cannot be verified by confirmation or alternative procedures, the auditor has to consider that the account balance does not exist.
Confirmation at Dates Other Than Year-End Confirmation of receivables may be performed at an interim date to help the audit firm spread work throughout the year and avoid the pressures that occur around December 31. Also, the audit can be completed sooner after the year-end date if confirmation has been done earlier. Internal control over transactions affecting receivables is the biggest concern when confirming accounts before the balance sheet date. The following additional procedures should be considered when confirmation is done at an interim date: 1.
Obtain a summary of receivables transactions from the interim date to the year-end date.
2.
Obtain a year-end trial balance of receivables, compare it with the interim trial balance, and obtain evidence and explanations for large variations.
3.
Consider additional confirmations as of the balance sheet date if balances have increased materially or a material new customer balance has been added.
Summary: Confirmations Confirmations of cash balances, loans, accounts receivable, and notes receivable can provide very reliable audit evidence. Confirmation is usually required to provide sufficient appropriate audit evidence, unless auditors can justify substituting other procedures in a particular audit. The bank confirmation is a standard positive form. Confirmations for accounts and notes receivable can be in positive or negative form, and the positive form may be a blank confirmation. Auditors must control confirmations to ensure that responses are received from the real debtors and not from persons intercepting the confirmations to give false responses. Responses by email, telephone, fax, or other means not written and signed by a recipient should be followed up. Second and third requests should confirmation response rate: the ratio of the number of confirmations returned to the number sent
detection rate for confirmations: the ratio of the number of misstatements reported to auditors to the number of actual account misstatements
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
593
be sent for positive confirmation responses, and non-responding customers should be audited by alternative procedures. Accounts in a sample should not be left unaudited (e.g., “They didn’t respond”), and easy-to-audit accounts should not be substituted for hard-to-audit ones in a sample. These techniques might raise the apparent response rate, but they do not increase the persuasiveness of the audit evidence obtained. Confirmations yield evidence about existence. While the value is also confirmed, the fact that a debtor admits to owing the debt does not mean it can pay. While confirmations can give some clues about collectability of accounts, other procedures must audit this. Also, confirmations of accounts, notes, and loans receivable provide only partial evidence of the ownership (rights) assertion of these financial assets, so other corroborating evidence of ownership must be obtained.
Review Checkpoints 11-24 List the information an auditor should ask for in a standard bank confirmation sent to an auditee’s bank. 11-25 Distinguish between positive and negative confirmations. Under what conditions would you expect each type of confirmation to be appropriate? 11-26 Distinguish between confirmation response rate and confirmation detection rate. 11-27 What are some of the justifications for not using confirmations of accounts receivable on a particular audit? 11-28 What special care should be taken with regard to examining the sources of accounts receivable confirmation responses?
Special Note: Audit of Bank Reconciliations LO7
Describe the audit of bank statement reconciliations and how auditors can identify accounts receivable lapping and suspicious cash transactions.
The company’s bank reconciliation is the primary means of valuing cash in the financial statements. The amount of cash in the bank is almost always different from the amount in the books (financial statements), and the reconciliation is performed to explain the difference. A company-prepared bank reconciliation is audited; auditors should not prepare the reconciliation, as this is a company control function. A bank reconciliation is shown in Exhibit 11–13. The bank balance is confirmed and cross-referenced to the bank confirmation working paper. The reconciliation is recalculated, the outstanding cheques and deposits in transit totals are recalculated, and the book balance is traced to the trial balance (which has been traced to the general ledger). The reconciling items should be vouched to determine whether outstanding cheques were really not paid and that deposits in transit were actually sent to the bank before the reconciliation date. The auditor vouches the bank reconciliation items against a cutoff bank statement—a complete bank statement, including all paid cheques and deposit slips for a 10- to 20-day period following the reconciliation date, or the next regular monthly statement, received directly by the auditors. Note that the cash balance audit program in Exhibit 11–5 includes detailed substantive procedures related to auditing the bank reconciliation and Exhibit 11–9 shows the bank confirmation form used in practice.
cutoff bank statement: a complete bank statement showing paid cheques, deposits, and other bank account transactions for a 10- to 20-day period following the reconciliation date
WWW.TEX-CETERA.COM
594
Performing the Audit
PART 3
EXHIBIT 11–13
Bank Reconciliation ECOPAK INC. BANK RECONCILIATION-NORTH COUNTRY BANK General Account Dec. 31, 20X1
A.20
Prepared C.C. Jan. 10, 20X 3 Reviewed J R A Jan 10, 20X 2
Prepared by client
Balance per bank statement
506,100
Add: Deposit in transit as of Dec. 31, 20X1 Deduct outstanding cheques:
51,240 557,340
Date
No.
Payee
Dec. 10, 20X0
842
Ace Supply Company
500
Nov. 31, 20X1
1280
Ace Supply Company
1,800
Dec. 15, 20X1 Dec. 28, 20X1 Dec. 30, 20X1
1372 1412 1417
Northwest Lumber Co. Gibson & Johnson North Country payroll
Dec. 30, 20X1 Dec. 30, 20X1 Dec. 30, 20X1
1418 1419 1420
Ace Supply Company City Utilities Howard Coatings Inc.
Balance per book
30,760 7,270 20,000 2,820 2,030 8,160 73,340 484,000
Obtained cutoff bank statement Jan. 9, 20X2 A.23 Footed Confirmed by bank standard bank confirmation A.22 Vouched to cutoff bank statement, deposit recorded by bank on Jan. 3, 20X2. Vouched to duplicate deposit slip validated Jan. 3, 20X2 Vouched to paid cheque cleared with cutoff bank statement Vouched to statement from law firm Amount in dispute per controller
Vouching outstanding cheques and deposits in transit is a matter of comparing cheques that cleared in the cutoff bank statement with the list of outstanding cheques, looking for evidence that all cheques written prior to the reconciliation date were on the list of outstanding cheques. The deposits shown in transit should be recorded by the bank in the first business days of the cutoff period. If otherwise, they may have been made up from receipts of the period after the reconciliation date. Other documents should be vouched for large outstanding cheques not cleared in the cutoff period. These procedures are keyed and described by tick marks in Exhibit 11–13.
Accounts Receivable Lapping When the business receives many payments from customers, cheques listed on a sample of deposit slips (from the reconciliation month and other months) are compared with the detail of customer credits listed on the day’s
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
595
posting to customer accounts receivable (daily remittance list or other record of detail postings) in a detailed audit. This is a test for accounts receivable lapping—a manipulation of accounts receivable entries to hide a theft or fraud. For example, an employee steals a payment by collecting from customer A without recording the payment. Before customer A’s account becomes past due and attracts the attention of a credit manager, customer B’s similar-sized payment is credited to customer A’s account. Then, before customer B’s account goes past due, a payment from customer C is credited to customer B’s account, and so on. This fraud may grow and go on indefinitely. The audit procedure is to look for credits given to customers who did not make payments on the day in question. This requires some careful vouching work, especially when many sales are for similar amounts. An example of this type of comparison is given in Audit 11.1 in the Application Case at the end of this chapter.
Careful Reconciliation Suppose the cashier who prepares the remittance list stole and converted customer A’s cheques for personal use. The cashier knows this will work only until customer A complains that the company has not given it credit for its payments. So, the cashier later puts customer B’s cheques in the bank deposit, but shows customer A on the remittance list; thus, the accountants give customer A credit. So far, so good for preventing customer A’s complaint, but now customer B needs to be addressed. This “lapping” of customer payments to hide an embezzlement can be detected by a bank reconciliation comparison of the cheques deposited (customer B) with the remittance credit recorded (customer A). Sometimes, the lapping is covered by issuing a credit note for customer B. This illustrates the importance of proper authorization and control of credit notes.
Suspicious Cash Transactions While examining the bank reconciliation, auditors should be alert for large cash transactions with no apparent business purpose. These may indicate the possibility of cheque kiting or management window dressing between affiliated companies. Cheque kiting is a scam that involves building up apparent balances in one or more bank accounts based on uncollected (float) cheques drawn against similar accounts in other banks. New technologies and procedures in the banking industry have greatly reduced the float time in clearing cheques between financial institutions, making kiting much more difficult. For example, electronic scans of cheques can process deposits before a kite can be started, and software detecting suspicious transactions can identify an attempted kite. Management may engage in window dressing the balance sheet by transferring large sums of cash between different entities under control close to the period-end. Recording the transfer-out slightly late, or the inflow slightly early, can result in the cash appearing in two places at once. This can inflate current assets and may help conceal a bank covenant violation based on the current ratio.
accounts receivable lapping: a manipulation of the accounts receivable entries to hide a theft or fraud
cheque kiting: a scam that involves building up apparent balances in one or more bank accounts based on uncollected (float) cheques drawn against similar accounts in other banks when there is a time lag in clearing items between the banks
window dressing: in financial reporting, the inappropriate manipulation of account balances by management, usually at the end of a period, to make the financial position or performance reported in the financial statements appear more attractive to users; often involves using accounting policies, journal entries, or actual cash transactions between related parties that have no real business purpose, resulting in artificial embellishment of the company’s results or liquidity to obtain some benefit (e.g., salaries and bonuses that depend on how well the company performed)
WWW.TEX-CETERA.COM
596
PART 3
Performing the Audit
Professional money managers working for cash-conscious businesses try to have minimal unused balances in their accounts, and their efforts can sometimes look like suspicious transfers. Tight cash flows can motivate window dressing, however, to inflate cash balances deceitfully. This amounts to fraudulent financial reporting. If cash transfers are recorded in the books, negative balances resulting from cheques drawn on insufficient funds will appear. Perpetrators may try to hide inappropriate bank transfers by not recording the deposits and cheques. Such manoeuvres may be detectable in a bank reconciliation audit. Since Cash is the key account and most operating transactions run through it, an inability to obtain sufficient appropriate evidence to audit cash will probably result in a pervasive limitation on the audit scope and an inability to form an audit opinion on the financial statements. A key audit test for inappropriate window dressing is preparing a bank transfer schedule in which all interbank transfers a few days before and after the year-end are traced to the accounting records. This schedule shows each cheque amount, the name of the paying bank (with the book recording date and the cheque clearing date), and the name of the receiving bank (with the book deposit date and the bank clearing date), using information taken from the cancelled cheques and the cleared deposits in the bank statements. The purpose of this schedule is to see that both sides of the transfer transaction are properly recorded in the same period. You may note that this test is similar in design to a cutoff test for transaction processing.
Summary: Bank Reconciliations, Lapping, and Cash Window Dressing The combination of all the procedures performed on the bank reconciliation provides evidence of existence, valuation, and proper cutoff of the bank cash balances. Auditors use a cutoff bank statement to obtain independent evidence of the proper listing of outstanding cheques and deposits in transit on a bank reconciliation. Note that if the auditor reperforms the bank reconciliation, it is a substantive procedure, because it yields direct evidence on monetary misstatements. However, if the auditor checks that bank reconciliations are performed on a regular basis, this is a test of controls that provides only indirect evidence of the risk of monetary misstatements. Additional procedures might detect attempts at lapping accounts receivable collections and inappropriate bank transfers. Auditing the details of customer payments listed in bank deposits in comparison with details of customer payment postings (remittance lists) will show lapping. Preparing schedules of intercompany bank transfers just before and after year-end will detect double counting of amounts that inflates the reported cash balance.
Review Checkpoints 11-29 What is a cutoff bank statement? How is it used by auditors? 11-30 What is lapping? What procedures can auditors employ for its detection? 11-31 What is the purpose of auditing intercompany bank transfers just before and after the year-end?
bank transfer schedule: an audit analysis summarizing all the transfers between the auditee’s bank accounts in the days just before and after the period-end to verify that each amount transferred is included in only one account at the period-end, not double counted
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
597
A P P L I C AT I O N C A S E W I T H S O L U T I O N & A N A LY S I S Detecting Misstatements in the Revenues, Receivables, and Receipts Process INTRODUCTION This Application Case contains specific examples of tests of controls and substantive audit procedures used to gather evidence in the revenues, receivables, and receipts process. The purpose of substantive audit procedures differs from that of tests of controls in that substantive procedures are designed to provide direct audit evidence about the dollar amounts in account balances, while tests of controls provide audit evidence about the company’s performance of its own control procedures. Substantive procedures include tests of details of balances and transactions as well as focused analytical procedures. Substantive procedures must follow the assessment of control risk, as auditors cannot rely exclusively on controls. Dual-purpose procedures can be designed that cover substantive and control testing purposes simultaneously. In this Application Case, as well as in those of subsequent chapters, each audit case situation describes an error or fraud that occurred, followed by an audit approach analysis that explains the audit objective (assertion), controls relevant in the business process, tests of controls, and substantive procedures that could be considered in an approach to the case. The audit approach section presumes that the auditors do not know everything about the situation. (As a student of the case, you have inside information.) Each audit situation is set up with the following framework. CASE DESCRIPTION This offers the background of what happened in the case: the dollar amount of overstated assets and revenue, or understated liabilities, and expenses that resulted; the method or cause of the misstatement (accidental error, intentional irregularity, or fraud attempt); the failure of controls that made it possible; and the amounts involved. Audit Trail This is a set of telltale signs of erroneous accounting and missing or altered documents. SOLUTION & ANALYSIS Audit Approach This section contains the following parts: audit objective and controls relevant to the process. Audit Objective This refers to the recognition of a financial statement assertion for which evidence needs to be obtained. The assertions are about existence of assets, liabilities, revenues, and expenses; their valuation; their complete inclusion in the account balances; the rights and obligations inherent in them; and their proper presentation and disclosure in the financial statements. (These assertions were introduced in Chapter 6.) Controls Relevant to the Process This is a recognition of the control procedures that should be used by an organization to prevent and detect errors and fraud.
WWW.TEX-CETERA.COM
598
PART 3
Performing the Audit
Audit Procedures These are evidence-gathering procedures—tests of controls, dual-purpose procedures, and tests of details of balance. Audit Results This is a summary of the auditors’ findings and their implications. In the end-of-chapter review section, similar discussion cases allow you to test your ability to design audit procedures for the detection of errors or fraud. DISCUSSION CASE Jack’s first year on the audit trail has been an exciting one. He has worked on many audits and gained experience in a wide variety of situations that have helped him develop his professional judgment. While meeting with some new junior audit staff members, Jack describes three very different experiences in auditing the revenues, receivables, and receipts process. The three audit situations he encountered provide a lot of insight into the risk of material misstatements. The first case involved misstatement due to employee embezzlement, the second involved fraudulent financial reporting by management, and the third was an unintentional error by the accounting department.
AUDIT 11.1 The Embezzling Cashier CASE DESCRIPTION Cash embezzlement by an employee at a new audit client, Sports Equipment Inc. (SEI), an equipment retailer, caused overstated accounts receivable, overstated customer discounts expense, and understated cash sales. SEI also failed to earn interest income on funds “borrowed.” Over a six-year period, D. Bakel, the assistant controller of SEI, built up a $350,000 average balance in a Sport Equipment Company (SEC) account, which earned a total of $67,500 in interest that should have been earned by SEI. By approving the “extra” discounts, Bakel also skimmed 2% of about $1 million in annual sales, for a total of $120,000. Since SEI would have had net income before taxes of about $1.6 million over the six years, Bakel’s embezzlement took about 12.5% of the income. SEI maintained accounts receivable for school boards in the region; its other customers received credit only by using their own credit cards. Bakel was the company cashier, receiving all the incoming payments on school board accounts and credit card accounts, as well as all the other cash and cheques taken over the counter. Bakel prepared the bank deposit (and delivered the deposit to the bank), listing all the cheques and currency; prepared a remittance worksheet (daily cash report) that showed amounts received, discounts allowed on school board accounts, and amounts to credit to the accounts receivable; and reconciled the bank statement. No one else reviewed the deposits or the bank statements except the independent auditors. Bakel opened the bank account in the name of Sport Equipment Company (SEC), after properly incorporating the company with the government Ministry of Commerce. He took over-the-counter cash and cheques and school board payments from the SEI receipts and deposited them in the SEC account. No one, including the bank, noticed the difference between the rubber stamp endorsements for the two similarly named corporations. Bakel kept the money in the SEC account, earning interest on it, and then wrote SEC cheques to SEI to replace the “borrowed” funds. In the meantime, new SEI receipts were being deposited to SEC. When Bakel deposited SEC cheques in SEI, giving the schools credit, an additional 2% customer discount was approved. Thus, the school boards received proper credit later, but SEC paid in a discounted amount.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
599
Audit Trail SEI’s bank deposits showed fairly small currency deposits as Bakel was nervous about taking too many SEI cheques, so preferred to take cash. As shown in the examples below, the deposit slips listed the SEC cheques Bakel deposited, as the bank tellers usually check this. The remittance worksheet, on the other hand, did not show SEC cheques but rather receipts from school boards and currency, and not many overthe-counter cheques from customers. The transactions became complicated enough that Bakel had to use the computer in the office to keep track of the school boards that needed to get credit. There were no vacations for this hard-working cashier because the discrepancies might be noticed by a substitute employee. SOLUTION & ANALYSIS Audit Approach Audit Objective The auditor’s objective was to obtain evidence determining whether the accounts receivable recorded on the books represented claims against real customers in the gross amounts recorded. Controls Relevant to the Process The authorization related to cash receipts, custody of cash, recording of cash transactions, and bank statement reconciliation should be separate duties assigned to different people. Independent review of one or more of these duties should be performed as a supervisory control designed to detect errors and fraud. Unfortunately, at SEI, Bakel had all these duties. (While recording was not actually performed, Bakel provided the source document—the remittance worksheet that the other accountant used to make the cash and accounts receivable entries.) According to the company president, the only “control” was the diligence of “our long-time, trusted, hard-working assistant controller.” Assessing the control risk on this new audit, Jack’s audit team identified serious control weaknesses. By thinking like a crook to imagine ways these control weakness could allow Bakel to commit fraud, the auditors discovered the scheme for cash theft and accounts receivable lapping. Audit Procedures Dual-Purpose Tests Since Bakel’s “honest and diligent” performance was the “control” of the accounting and control procedures that should have been performed by two or more people, the auditors performed a dual-purpose test of controls and obtained substantive details of cash receipts transactions as they relate to accounts receivable credits. The samples and direction of test procedure are as follows: (a) Validity direction—Select a sample of customer accounts receivable, and reconcile payment credits to remittance worksheets and bank deposits, including recalculation of discounts allowed according to sales terms (2%), classification (customer name), identification, and correspondence of receipt date to recording date. (b) Completeness direction—Select a sample of remittance worksheets (or bank deposits), vouch details to bank deposit slips (trace details to remittance worksheets if the sample is bank deposits), and trace forward to complete accounting posting in customer accounts receivable. Test of Details of Balance The auditors sent positive confirmations on all 72 school board accounts. Since there was a control risk of incorrect accounting, the accounts receivable confirmation was performed at the year-end date, using
WWW.TEX-CETERA.COM
600
PART 3
Performing the Audit
positive confirmations. Blank confirmations were used, and the “sample” included all the accounts, since the number was not too large. Audit Results The audit tests showed four cases of discrepancy where the responses stated that the boards had paid the balances before the confirmation date. Follow-up procedures on their accounts receivable credit in the next period showed they had received credit in remittance reports, and the bank deposits had shown no cheques from the school boards, but had contained a cheque from SEC. To further investigate, the auditors used the Internet, telephone book, chamber of commerce directory, and a visit to a local Ministry of Commerce office to determine the location and identity of SEC. Further investigation of SEC revealed the connection of Bakel, who was confronted and then confessed. CASH REMITTANCE REPORT BANK DEPOSIT SLIP
NAME
AMOUNT
DISCOUNT
ACCOUNTS RECEIVABLE
SALES
Jones
25
Smith
35
Jones
25
0
0
25
980
Smith
35
0
0
35
Hill Dist. Sport Equip Currency Deposit
1,563 540 3,143
Hill Dist.
980
20
1,000
0
Marlin Dist.
480
20
500
0
Waco Dist.
768
32
800
0
Currency Totals
855
0
0
855
3,143
72
2,300
915
AUDIT 11.2 Bill Early, Bill Often! CASE DESCRIPTION McGossage Company is a long-time audit client of Jack’s firm that has been experiencing profit pressures for two years now. A recessionary economy reduced profits, but the company reported net income decreases that were not as severe as other companies in its industry. In the audit, it was discovered that employees were recording sales too early and failing to account for customer discounts taken, resulting in overstated sales and receivables, understated discounts expense, and overstated net income. As misstatements go, some of these were on the materiality borderline. Sales were overstated 0.3% and 0.5% in the prior and current year, respectively. Accounts receivable were overstated 4% and 8%. But the combined effect was to overstate the division’s net income by 6% and 17%. Selected data are as follows: ONE YEAR AGO
Sales
CURRENT YEAR
REPORTED
ACTUAL
REPORTED
ACTUAL
$330.0
$329.0
$350.0
$348.0
Discounts expense
1.7
1.8
1.8
2.0
Net income
6.7
6.3
5.4
4.6
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
601
In McGossage’s grocery products division, sales had been recorded for orders prepared for shipment but not actually shipped until later. Employees backdated the shipping documents. Gross profit on these “sales” was about 30%. Customers took discounts on payments, but the company did not record them, leaving the debit balances in the customers’ accounts receivable instead of charging them to discounts and allowances expense. Company accountants were instructed to wait 60 days before recording discounts taken. The division vice-president and general manager knew about these accounting practices, as did a significant number of the 2,500 employees in the division. The division managers were under orders to achieve profit objectives they considered unrealistic, thus creating pressure on them to misstate the financial results. Audit Trail The customers’ accounts receivable balances contained amounts due for discounts the customers had already taken. The cash receipts records showed payments received without credit for discounts. Discounts were entered monthly by a special journal entry. The unshipped goods were on the shipping dock at year-end, with papers showing earlier shipping dates. SOLUTION & ANALYSIS Audit Approach Audit Objective The auditors’ objectives were to obtain evidence to determine if sales were recorded in the proper period, if gross accounts receivable represented the amounts due from customers at year-end, and if discounts expenses were recognized in the proper amount in the proper period. Controls Relevant to the Process The accounting procedures manual should state that sales are to be recorded on the date of shipment (or when title passes, if later); management overrode this control procedure by having shipping employees date the shipping papers incorrectly. Cash receipts procedures call for discounts to be authorized and recorded when they are taken by customers; management overrode this control procedure by giving instructions to delay the recording. Audit Procedures Tests of Controls Auditors used questionnaires and inquiries to determine the company’s accounting policies, as it is possible that employees and managers would conceal these from auditors unless asked directly. Pointed questions about revenue recognition and discount recording policies might elicit revealing answers. Dual-Purpose Procedures The auditors selected a sample of cash receipts, examined them for authorization, recalculated the customer discounts, and traced them to accounts receivable input for recording of the proper amount on the proper date. They selected a sample of shipping documents and vouched them to customer orders, and then traced them to invoices and to recording in the amounts receivable input with proper amounts on the proper dates. These tests follow the tracing direction—data representing the beginning of transactions (cash receipts, shipping) are traced through the company’s accounting process.
WWW.TEX-CETERA.COM
602
PART 3
Performing the Audit
Tests of Details of Balance The auditors confirmed a sample of customer accounts and used analytical relationships of past years’ discount expense to a relevant base (sales, sales volume) to calculate an overall test of the discounts expense. They recorded shipping details including relevant dates for any inventory on the shipping dock at year-end and traced to the sales invoice to check dating. Audit Results The managers lied to the auditors about their revenue and expense timing policies. The sample of shipping documents showed no dating discrepancies because the employees had inserted incorrect dates. The analytical procedures on discounts did not show the misstatement because the historical relationships were too erratic to show a deficient number (outlier). However, the sample of cash receipts transactions showed that discounts were not calculated and recorded at time of receipt. Additional inquiry led to discovery of the special journal entries and admission of the recording delay. Two customers in the sample of 65 confirmations responded with exceptions that turned out to be unrecorded discounts. Two other customers in the confirmation sample complained that they did not owe for late invoices on December 31. Follow-up showed the shipments were goods on the shipping dock noticed by auditors during the December 31 inventory taking. The shipping documents were dated December 26. The sales recording had them recorded as “bill and hold” on December 29.
AUDIT 11.3 Thank Goodness It’s Friday CASE DESCRIPTION In the audit of Alpha Brewery Corporation (Alpha), Jack’s audit team found that overstated sales caused net income, retained earnings, current assets, working capital, and total assets to be overstated. Overstated cash collections did not change the total current assets or total assets, but they increased the amount of cash and decreased the amount of accounts receivable by an offsetting amount, affecting the liquidity ratios that Alpha’s bank monitors. Alpha recorded sales of $672,000 and gross profit of $268,800 over the January 1–4 period. Cash collections on customers’ accounts amounted to $800,000. Alpha generally has good control policies and procedures related to authorization of transactions for accounting entry, and the accounting manual has instructions for recording sales transactions in the proper accounting period. The company regularly closes the accounting process each Friday at 5 p.m. to prepare weekly management reports. The year-end date (cutoff date) is December 31, and, in 20X0, December 31 was a Monday. However, the accounting was performed through Friday as usual, and the accounts were closed for the year on January 4. Audit Trail All the entries were properly dated after December 31, including the sales invoices, cash receipts, and shipping documents. However, the trial balance from which the financial statements were prepared was dated December 31, 20X0, even though the accounts were actually closed on January 4. Nobody noticed the slip of a few days because the Friday closing was normal. SOLUTION & ANALYSIS Audit Approach Audit Objective The auditors’ objectives were to obtain evidence to determine the existence, completeness, and valuation of sales for the year ended December 31, 20X0, and of the cash and accounts receivable as of December 31, 20X0.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
603
Controls Relevant to the Process The company had in place proper instructions for dating transactions on the actual date they occurred, entering sales and cost of goods sold on the day of shipment, and entering cash receipts on the day received in the company offices. An accounting supervisor should have checked the entries through Friday to make sure the dates corresponded to the actual events and that the accounts for the year were closed with Monday’s transactions. Audit Procedures Tests of Controls In this case, the auditors needed to be aware of the company’s weekly routine closing and of the possibility that the Monday occurrence of December 31 might cause a problem. Asking the question “Did you cut off the accounting on Monday night this week?” might elicit the “Oh, we forgot!” response. It would be normal to sample transactions around the year-end date to determine if they were recorded in the proper accounting period. To do this, they selected transactions from 10 days before and after the year-end date and inspected the dates on supporting documentation. Tests of Details of Balance For sales overstatements, the auditors confirmed a sample of accounts receivable. If the accounts were too large, the auditors expected the debtors to say so, thus leading to detection of sales overstatements. Cash overstatement was audited by examining the bank reconciliation to see whether deposits in transit (the deposits sent late in December) actually cleared the bank early in January. Obviously, the January 4 cash collections could not reach the bank until at least Monday, January 7. That is too long for a December 31 deposit to be in transit to a local bank. The completeness of sales recordings was audited by selecting a sample of sales transactions and supporting shipping documents in the early part of the next accounting period (January 20X1). Sales of 20X0 could be incomplete if recording of December shipments had been postponed until January, and this procedure would detect them if the shipping documents were dated properly. The completeness of cash collections and accounts receivable credits was audited by examining the cash deposits early in January for any sign of holding cash without entry until January. In this case the existence objective was more significant to discovering the problem than the completeness objective; after all, the January 1–4 sales, shipments, and cash collections did not “exist” in December 20X0. Audit Results The test of controls sample from the days before and after December 31 quickly revealed the problem. Company accounting personnel were embarrassed, but there was no intent to misstate the financial statements. This was a simple error. The company readily made the following adjustment: DEBIT Sales
CREDIT
$672,000
Inventory
403,200
Accounts receivable
800,000
Accounts receivable
$672,000
Cost of goods sold
403,200
Cash
800,000
WWW.TEX-CETERA.COM
604
PART 3
Performing the Audit
Review Checkpoints 11-32 In the Audit 11.1 case, name one bank reconciliation control procedure that could have revealed signs of embezzlement. 11-33 What feature(s) of a cash receipts internal control system would be expected to prevent the cash receipts journal and recorded cash sales from reflecting more than the amount shown on the daily deposit slip? 11-34 In the Audit 11.2 case, what information might have been obtained from each of the following: inquiries, detailed test of controls procedures, observations, and confirmations? 11-35 With reference to the Audit 11.3 case, how would an understanding of the business and management reporting system have contributed to discovery of the open cash receipts journal cutoff error?
SUMMARY �� The revenues, receivables, and receipts process consists of customer order processing, credit
checking, goods shipping, customer billing, accounts receivable accounting, cash receipts collection, and accounting. Companies reduce control risk by having a suitable separation of authorization, custody, recording, and periodic reconciliation duties. Error-checking procedures of comparing customer orders and shipping documents are important for billing customers the right prices for the delivered quantities. Otherwise, many things could go wrong—from sales to fictitious customers or those with bad credit to billings for the wrong quantities at the wrong prices at the wrong time. LO1 �Ì� Auditors consider environmental and general controls and then assess specific application controls.
Internal control questionnaires often used in practice are provided in Appendix 11A to illustrate the nature of the auditor inquiries and observations used to assess control risk. Controls activities may be tested through observation, inspection, and reperformance procedures. Examples of control tests in this process were provided. LO2 �Ì� Substantive programs are developed by linking the auditor’s risk assessments to the risks of material
misstatements in revenue transactions, accounts receivable balance, and cash receipts transactions. A detailed example showing the process documenting and linking risk assessments to the design of an audit program of substantive procedures was provided for one example, the cash balance. Similar linking exercises would be used to develop substantive audit procedures in response to the assessed risks at the assertion level for all the significant classes of transactions, account balances, and disclosures. LO3 �� Generic substantive audit programs were illustrated by providing examples of typical substan-
tive procedures that would be considered, depending on the risks assessed in each particular case. LO4 �� Three topics were given special technical notes in the chapter. The existence assertion is very
important in the audit of cash and receivables assets, as misleading financial statements often include overstated assets and revenue. LO4 �� Confirmations are very important substantive procedures for obtaining audit evidence about asset
existence from outside parties.
LO6
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
605
�� Bank reconciliations were shown to be an audit opportunity to recalculate the amount of cash reported
in the financial statements and to look for signs of accounts receivable lapping and inappropriate banking transfers that inflated reported cash balances at year-end. LO7 This chapter concluded with an application case and suggested solution analysis that told the stories of three audit situations, with one involving a cash embezzlement scheme using the practice of lapping accounts receivable. Cash collection is a critical point for asset control. Many cases of embezzlement occur in this process.
KEY TERMS accounts receivable lapping
continuity schedule
online input validation
accounts receivable subsidiary ledger
control risk assessment
planned acceptable audit risk level
aged accounts receivable trial balance
cutoff bank statement
audit scope
detailed audit plan
revenue recognition problems
balance sheet approach to auditing
detection rate for confirmations
reversing error
bank transfer schedule
fidelity bond
sales cutoff testing
bill-and-hold transactions
FOB destination
two-direction testing
cheque kiting
FOB shipping
window dressing
confirmation response rate
money laundering
(acceptable audit risk level)
M U LT I P L E - C H O I C E Q U E S T I O N S F O R P R A C T I C E AND REVIEW MC 11-1
LO7 Which of the following is the best protection for a company that wishes to prevent the lapping of trade accounts receivable?
a. Segregate duties so that the bookkeeper in charge of the general ledger has no access to incoming mail. b. Segregate duties so that no employee has access to both cheques from customers and currency from daily cash receipts. c. Have all customers make payments directly to the company’s bank by electronic transfer. d. Request that customers’ payment cheques be made payable to the company and addressed to the treasurer. MC 11-2
LO3 Which of the following internal control procedures will most likely prevent the concealment of a cash shortage from the improper write-off of a trade account receivable?
a. Write-offs must be approved by a responsible officer after review of credit department recommendations and supporting evidence. b. Write-offs must be supported by an aging schedule showing that only receivables overdue several months have been written off. c. Write-offs must be approved by the cashier who is in a position to know if the receivables have, in fact, been collected. d. Write-offs must be authorized by company field sales employees who are in a position to determine the financial standing of the customers.
WWW.TEX-CETERA.COM
606
PART 3
Performing the Audit
MC 11-3 LO4 Auditors sometimes use comparisons of ratios as audit evidence. For example, an unexplained decrease in the ratio of gross profit to sales suggests which of the following possibilities? a. b. c. d.
Unrecorded purchases Unrecorded sales Merchandise purchases charged to selling and general expense Fictitious sales
MC 11-4
a. b. c. d.
LO4 An auditor is auditing sales transactions. One step is to vouch a sample of debit entries from the accounts receivable subsidiary ledger back to the supporting sales invoices. What would the auditor intend to establish by this step?
Sales invoices represent bona fide sales. All sales have been recorded. All sales invoices have been properly posted to customer accounts. Debit entries in the accounts receivable subsidiary ledger are properly supported by sales invoices.
MC 11-5
LO2 If a dishonest bookkeeper is trying to conceal defalcations involving receivables, which of the following accounts would the auditor most likely expect the bookkeeper to charge?
a. Miscellaneous income b. Petty cash MC 11-6 a. b. c. d.
c. Miscellaneous expense d. Sales returns
LO2 Which of the following would the auditor consider to be an incompatible operation if the cashier receives remittances?
The cashier prepares the daily deposit. The cashier makes the daily deposit at a local bank. The cashier posts the receipts to the accounts receivable subsidiary ledger cards. The cashier endorses the cheques.
MC 11-7
LO4 The audit working papers often include an auditee-prepared aged trial balance of accounts
receivable as of the balance sheet date. The aging is best used by the auditor for which of the following? a. b. c. d.
Evaluating internal control over credit sales Testing the accuracy of recorded charge sales Estimating credit losses Verifying the existence of the recorded receivables
MC 11-8
LO4 Which of the following might be detected by an auditor’s cutoff review and examination of sales journal entries for several days prior to the balance sheet date?
a. Lapping year-end accounts receivable b. Inflating sales for the year MC 11-9
c. Kiting bank balances d. Misappropriating merchandise
LO6 Confirmation of individual accounts receivable balances directly with debtors will, of itself, normally provide evidence concerning which of the following?
a. Collectability of the balances confirmed b. Ownership of the balances confirmed
c. Existence of the balances confirmed d. Internal control over balances confirmed
WWW.TEX-CETERA.COM
CHAPTER 11
MC 11-10
The Revenues, Receivables, and Receipts Process and Cash Account Balance
607
LO7 Which of the following is the most effective technique for detecting suspicious cash trans-
actions between intercompany banks? a. b. c. d.
Review the composition of authenticated deposit slips. Review subsequent bank statements. Prepare a schedule of the bank transfers. Prepare a year-end bank reconciliation.
MC 11-11 a. b. c. d.
Enables determination of the accuracy of each document Enables determination of the proper period recording of sales revenue and receivables Allows checking of the numerical sequence for missing documents and unrecorded transactions Enables determination of the validity of recorded transactions
MC 11-12 a. b. c. d.
LO2 What is the best reason for prenumbering, in sequence, documents such as sales orders, shipping documents, and sales invoices?
When a sample of customer accounts receivable is selected for the purpose of vouching debits for evidence of existence, the auditors will vouch them to which other items? LO1
Sales invoices with shipping documents and customer sales invoices Records of accounts receivable write-offs Cash remittance lists and bank deposit slips Credit files and reports
MC 11-13
LO5 In the audit of cash and accounts receivable, the main emphasis should be on which assertion?
a. Completeness b. Existence MC 11-14
c. Obligations d. Presentation and disclosure
LO6 When accounts receivable are confirmed at an interim date, the auditors are not concerned with which of the following?
a. Obtaining a summary of receivables transactions from the interim date to the year-end date b. Obtaining a year-end trial balance of receivables, comparing it with the interim trial balance, and obtaining evidence and explanations for large variations c. Sending negative confirmations to all the customers as of the year-end date d. Considering the necessity for some additional confirmations as of the balance sheet date if balances have increased materially MC 11-15
LO6 The negative request form of accounts receivable confirmation is most likely to be
acceptable in which case? ASSESSED LEVEL OF CONTROL RISK RELATING TO RECEIVABLES IS
NUMBER OF SMALL BALANCES IS
PROPER CONSIDERATION BY THE RECIPIENT IS
a. Low
Many
Likely
b. Low
Few
Unlikely
c. High
Few
Likely
d. High
Many
Likely
(© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.)
WWW.TEX-CETERA.COM
608
PART 3
MC 11-16
Performing the Audit
LO4 When an auditor selects a sample of shipping documents and takes the tracing direction of a
test to find the related sales invoice copies, the evidence is relevant for deciding which of the following? a. b. c. d.
If shipments to customers were invoiced If shipments to customers were recorded as sales If recorded sales were shipped If invoiced sales were shipped (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.)
EXERCISES AND PROBLEMS EP 11-1 Cash Receipts: Control Objectives and Control Examples.
LO1, 2
Required: Prepare a table similar to Exhibit 11–2 on internal control objectives for cash receipts. EP 11-2 Cash: Substantive Audit Procedures on Bank Reconciliation. LO3, 5, 7 The following auditee-prepared bank reconciliation is being examined by you during an audit of the financial statements of Cynthia Company. CYNTHIA COMPANY BANK RECONCILIATION VILLAGE BANK ACCOUNT 2 DECEMBER 31, 20X0 Balance per bank (a):
$18,375.91
Deposits in transit (b): Dec. 30
$1,471.10
Dec. 31
2,840.69
Subtotal
4,311.79 22,687.70
Outstanding cheques (c): 837
6,000.00
1941
671.80
1966
320.00
1984
1,855.42
1985
3,621.22
1987
2,576.89
1991
4,420.88
(19,466.21)
Subtotal
3,221.49
NSF cheque returned Dec. 29 (d):
200.00
Bank charges
5.50
Error: cheque no. 1932
148.10
Customer receivable collected by electronic funds transfer ($3,050 less $50 service fee) (e): Balance per books (f):
(3,025.00) $
WWW.TEX-CETERA.COM
550.09
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
609
Required: Indicate one or more audit procedures that should be performed in gathering evidence in support of each of the items (a) through (f) above. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) EP 11-3 Sales Cutoff and Cutoff Bank Statement.
LO2, 5, 7
Required: a. You wish to test Houston Corporation’s sales cutoff at June 30. Describe the steps you should include in this test. b. You obtain a July 10 bank statement directly from the bank. Explain how this cutoff bank statement should be used 1. in your review of the June 30 bank reconciliation, and 2. to obtain other audit information. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) EP 11-4 Alternative Accounts Receivable Procedures. LO1, 5, 6 Several accounts receivable confirmations have been returned with the notation “verification of supplier statements is no longer possible because our data processing system does not accumulate each supplier’s invoices.” Required: What alternative auditing procedures could be used to audit these accounts receivable? (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) EP 11-5 Accounts Receivable Audit Procedures. LO1, 4, 5 During the audit of the December 31, 20X5, financial statements, the auditor identifies cash amounts received after December 31, 20X5, and traces these amounts to the cash account in the general ledger and to the accounts receivable subledger balances at December 31, 20X5. Required: a. What kind of procedure is this? Which financial statement assertion does it provide evidence for? What is that evidence? b. What records or documents would the auditor need to look at to identify cash amounts received after year-end? EP 11-6 Accounts Receivable Audit Procedures. LO4, 6 The auditor is considering confirming zero-balance accounts from the auditee’s accounts receivable subledger to provide evidence concerning the completeness assertion for accounts receivables and sales. Required: a. What are the advantages and limitations of this procedure? b. How would the decision to use this procedure relate to the auditor’s control assessment? In particular, discuss the kinds of controls the auditee would be expected to have and the procedures the auditor could use to test them.
WWW.TEX-CETERA.COM
610
PART 3
Performing the Audit
EP 11-7 Continuity Schedule for Allowance for Doubtful Accounts.
LO4
Required: a. Complete the following continuity schedule indicating how the movements in the allowance for doubtful accounts tie into other amounts in the financial statements. b. Prepare an audit program listing the procedures that can be used to audit the accounts in this system. Demonstrate how your audit program addresses all the relevant assertions. AUDITED AMOUNT
FINANCIAL STATEMENT WHERE AMOUNT IS REPORTED
Opening balance of allowance for doubtful accounts Add: Deduct: Ending balance of allowance for doubtful accounts
EP 11-8 Cutoff Bank Statement for Auditing the Bank Reconciliation. LO7 Velma Inc. is a very modern company that strives to be paperless in all its administrative functions. Velma has arranged with its bank to receive all its banking transaction information online, through the bank’s online banking website. Velma’s auditor want to get a cutoff bank statement as of January 20, 20X1, to complete the audit of the bank reconciliation. Required: a. Explain what a cutoff bank statement is and its purpose in auditing the bank reconciliation. b. Describe one way that Velma’s auditor can obtain a cutoff bank statement if the bank is unable to provide a paper copy.
DISCUSSION CASES DC 11-1 Internal Control Questionnaire for Book Buy-Back Cash Fund. LO2 Taylor, a PA, has been engaged to audit the financial statements of University Books Incorporated. University Books maintains a large, revolving cash fund exclusively for the purpose of buying used books from students for cash. The cash fund is active all year because the nearby university offers a large variety of courses with varying start and completion dates throughout the year. Receipts are prepared for each purchase. Reimbursement vouchers are periodically submitted to replenish the fund. Required: Construct an internal control questionnaire to be used in evaluating the system of internal control over University Books’ use of the revolving cash fund to buy back books. The internal control questionnaire should be designed to require a Yes or No response to each question. Do not discuss the internal controls over books that are purchased. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) DC 11-2 Test of Controls Audit Procedures for Cash Receipts. LO1, 2 You are the in-charge auditor examining the financial statements of the Gutzler Company for the year ended
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
611
December 31. During late October, with the help of Gutzler’s controller, you completed an internal control questionnaire and prepared the appropriate memoranda describing Gutzler’s accounting procedures. Your comments relative to cash receipts are as follows: All cash receipts are sent directly to the accounts receivable clerk with no processing by the mail department. This clerk keeps the cash receipts journal, prepares the bank deposit slip in duplicate, posts from the deposit slip to the subsidiary accounts receivable ledger, and mails the deposit to the bank. The controller receives the validated deposit slips directly (unopened) from the bank. She also receives the monthly bank statement directly (unopened) from the bank and promptly reconciles it. At the end of each month, the accounts receivable clerk notifies the general ledger clerk, by journal voucher, of the monthly totals of the cash receipts journal for posting to the general ledger. Each month, the general ledger clerk records the total debits to cash from the cash receipts journal. The clerk also, on occasion, makes debit entries in the general ledger cash account from sources other than the cash receipts journal, for example, funds borrowed from the bank. Certain standard auditing procedures listed below have already been performed by you in the audit of cash receipts: � � �
� "MM�DPMVNOT�JO�UIF�DBTI�SFDFJQUT�IBWF�CFFO�UPUBMMFE�BOE�DSPTT�UPUBMMFE� � 1PTUJOHT�GSPN�UIF�DBTI�SFDFJQUT�KPVSOBM�IBWF�CFFO�USBDFE�UP�UIF�HFOFSBM�MFEHFS� � 3FNJUUBODF�BEWJDFT�BOE�SFMBUFE�DPSSFTQPOEFODF�IBWF�CFFO�USBDFE�UP�FOUSJFT�JO�UIF�DBTI�SFDFJQUT� journal.
Required: Considering Gutzler’s internal control over cash receipts and the standard auditing procedures already performed, list all other auditing procedures that should be performed to obtain sufficient appropriate audit evidence regarding cash receipts control, and give the reasons for each procedure. Do not discuss the procedures for cash disbursements and cash balances. Also, do not discuss the extent to which any of the procedures are to be performed. Assume adequate controls exist to ensure that all sales transactions are recorded. Organize your answer sheet as follows: Other Audit Procedures
Reason for Other Audit Procedures
(© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) DC 11-3 Cash Receipts: Weaknesses and Recommendations. LO2 The Pottstown Art League operates a museum for the benefit and enjoyment of the community. During hours when the museum is open to the public, two volunteer clerks positioned at the entrance collect a $5 admission fee from each non-member patron. Members of the Art League are permitted to enter free of charge on presentation of their membership cards. At the end of each day, one of the clerks delivers the proceeds to the treasurer. The treasurer counts the cash in the presence of the clerk and places it in a safe. Each Friday afternoon, the treasurer and one of the clerks deliver all cash held in the safe to the bank, and they receive an authenticated deposit slip that provides the basis for the weekly entry in the cash receipts journal.
WWW.TEX-CETERA.COM
612
PART 3
Performing the Audit
The board of directors of the Pottstown Art League has identified a need to improve the system of internal control over cash admission fees. The board has determined that the cost of installing turnstiles or sales booths or otherwise altering the physical layout of the museum will greatly exceed any benefits that may be derived. However, the board has agreed that the sale of admission tickets must be an integral part of its improvement efforts. Required: The board of directors has requested your assistance. Prepare a report for presentation and discussion at their next board meeting that identifies the weaknesses in the existing system of cash admission fees and suggests recommendations. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) DC 11-4 Control Weaknesses: Shipping and Billing. LO2 Ajax Inc. recently implemented a new accounting system to process the shipping, billing, and accounts receivable records more efficiently. During the interim work of Ajax’s auditors, an assistant completed the review of the accounting system and the internal controls. The assistant determined the following information concerning the computer systems and the processing and control of shipping notices and customer invoices: The computer system documentation consists of the following items: program listings, error listings, logs, and database dictionaries. The system and documentation are maintained by the IT administrator. To increase efficiency, batch totals and processing controls are not used in the system. Ajax ships its products directly from two warehouses, which forward shipping notices to general accounting. There, the billing clerk enters the price of the item and accounts for the numerical sequence of the shipping notices. The billing clerk also manually prepares daily adding machine tapes of the units shipped and the sales amounts. The computer processing output consists of the following: (a) A three-copy invoice that is forwarded to the billing clerk (b) A daily sales register showing the aggregate totals of units shipped and sales amounts that the billing clerk compares with the adding machine tapes The billing clerk mails two copies of each invoice to the customer and retains the third copy in an open invoice file that serves as a detailed accounts receivable record. Required: a. Prepare a list of weaknesses in internal control (manual and computer), and for each weakness make one or more recommendations. b. Suggest how Ajax’s computer processing over shipping and billing could be improved through the use of remote terminals to enter shipping notices. Describe appropriate controls for such an online data entry system. DC 11-5 Bank Reconciliation: Cash Shortage. LO4, 7 The Patrick Company had poor internal control over its cash transactions. Facts about its cash position at November 30 were as follows: The cash books showed a balance of $18,901.62, which included undeposited receipts. A credit of $100 on the bank statement did not appear on the books of the company. The balance according to the statement was $15,550.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
613
When you received the cutoff bank statement on December 10, the following cancelled cheques were enclosed: No. 6500 for $116.25, No. 7126 for $150.00, No. 7815 for $253.25, No. 8621 for $190.71, No. 8623 for $206.80, and No. 8632 for $145.28. The only deposit was in the amount of $3,794.41 on December 7. The cashier handles all incoming cash and makes the bank deposits personally. He also reconciles the monthly bank statement. His November 30 reconciliation is shown below. Balance, per books, November 30
$18,901.62
Add: Outstanding cheques: 8621
$
190.71
8623
206.80
8632
145.28
442.79 19,344.41
Less: Undeposited receipts Balance per bank, November 30 Deduct: Unrecorded credit True cash, November 30
3,794.41 15,550.00 100.00 $15,450.00
Required: a. You suspect that the cashier has stolen some money. Prepare a schedule showing your estimate of the loss. b. How did the cashier attempt to conceal the theft? c. Based only on the information above, name two specific features of internal control that are missing. d. If the cashier’s October 31 reconciliation is known to be in order and you start your audit on December 5, what specific auditing procedures could you perform to discover the theft? (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) DC 11-6 Receivables Audit Procedures. LO3, 4, 6, 7 The ABC Appliance Company, a manufacturer of small electrical appliances, deals exclusively with 20 distributors situated throughout the country. At December 31 (the balance sheet date), receivables from these distributors aggregated $875,000. Total current assets were $1.3 million. With respect to receivables, the auditors followed the procedures outlined below in the course of the annual audit of financial statements: 1. 2. 3. 4. 5.
Reviewed the system of internal control and found it to be exceptionally good. Reconciled the subsidiary and control accounts at year-end. Aged the accounts—none were overdue. Examined detailed sales and collection transactions for February, July, and November. Received positive confirmations of year-end balances.
Required: Criticize the completeness or incompleteness of the above program, giving reasons for your recommendations concerning the addition or omission of any procedures. (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.)
WWW.TEX-CETERA.COM
614
PART 3
Performing the Audit
DC 11-7 Rent Revenue. LO4 You were engaged to conduct an audit of the financial statements of Clayton Realty Corporation for the year ending January 31. The examination of the annual rent reconciliation is a vital portion of the audit. The following rent reconciliation was prepared by the controller of Clayton Realty Corporation and was presented to you. You subjected it to various audit procedures: CLAYTON REALTY CORPORATION RENT RECONCILIATION FOR THE YEAR ENDED JANUARY 31 Gross apartment rents (Schedule A) $1,600,800* Less vacancies (Schedule B) 20,000* Net apartment rentals
1,580,300
Less unpaid rents (Schedule C)
7,800*
Total
1,572,500
Add prepaid rent collected (Schedule D) Total cash collected
500* $1,573,000
Schedules A, B, C, and D are available to you but have not been illustrated. You have conducted an assessment of the control risk and found it to be low. Cash receipts from rental operations are deposited in a special bank account. Required: What substantive audit procedures should you employ during the audit in order to substantiate the validity of each of the dollar amounts marked by an asterisk (*)? (© 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.) DC 11-8 Business Risk, Evidence Analysis, Sales Detail. LO1, 3, 4 Rosella is the senior in charge of the current-year audit of Harrier Limited, a company that designs and manufactures highly sophisticated machines used to make precision plastic parts and instruments. The machines have a high dollar value (ranging from $500,000 to over $1,000,000), and there is a long lead time between receiving a customer’s order and specifications and designing the machine, building it, and testing it. Because of these business factors, sales do not tend to follow a regular pattern, but certain constraints exist that can be used to analyze the reasonability of sales for audit purposes. Customer orders are tracked as the “backlog” file, and sales can be expected to follow the backlog after allowing for design, manufacturing, and testing time. This takes between two and three months, on average. Another factor is the physical limitation of the factory and equipment: there are 12 job stations where machines can be built, so a maximum of 12 machines can be in the work-in-process inventory at any one time. Harrier’s shares are privately held by its founder and president and several outside investors, but it issued bonds to the public several years ago and is subject to debt covenants that require it to maintain a current ratio of 1.5 to 1.0 and a debt to equity ratio of 0.5 to 1.0 at each year-end. In addition, no dividends or management bonuses can be paid out unless the net income before taxes is at least $1,000,000. The draft statements for the current year meet all covenants and show a net income before taxes of $1,300,000.
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
615
In reviewing the monthly sales for the current year, Rosella notices several anomalies. First, 15 machines were shipped in December, the last month of the current year, while in December of the prior year only 6 were shipped. The average monthly shipment volume is between 5 and 6 machines. Also, the average gross profit on sales in prior years, and in most months, is approximately 40%. The gross profit on the December sales is 75%. The annual sales were $66 million, with $15 million of this occurring in December. The annual gross profit is $33 million, with $11 million of this occurring in December. While scrutinizing the cash records for the first month of the new year to look for unaccrued liabilities, Rosella notices some large amounts paid for travel expenses for employees and for shipments of “spare parts” to customers. Inquiries of the employees reveal that they are engineers and technicians who were required to spend two or three weeks in various cities where the December machine sales were shipped in order to “work out the bugs” and add some parts to these machines. Required: a. What are the main business risks in Harrier Limited? What are the risks of financial statement misstatements that Rosella should be aware of? b. What types of evidence collection procedures were used, and what assertions do they provide evidence about? c. Analyze the information Rosella obtained and offer reasonable explanations for the sales anomalies noted. What additional inquiries should Rosella make to form an opinion on the operating results reported in Harrier’s draft financial statements? What is your conclusion on the draft sales and gross profits amounts, based on your analysis of the facts given? d. Harrier’s revenue recognition policy is to recognize revenue when the machines are shipped and title passes to customers. This point occurs when the machines are loaded on the truck at Harrier’s factory. Given this policy, what adjustment (if any) would be required in Harrier’s current financial statements given the conclusion you reached in (c) above? DC 11-9 Negative Confirmations. LO1, 4, 6, 7 The auditor of a stock brokerage company, Roller Securities Inc., sends out negative confirmations of account details for a sample of about 50% of the stock brokerage’s customers, selected at random. Historically, 2–5% of the confirmations have been returned, and the majority of the discrepancies reported have been understatements. Investigation of the discrepancies rarely indicates an error on Roller Securities Inc.’s part. Usually, they are explained by transactions that are in progress or pending over the year-end, by late payments on the customer’s part, or by other mistakes in the customer’s own records. Required: a. Describe the inherent risks and the internal control risks that exist for customer accounts at Roller Securities Inc. b. Discuss the advantages and disadvantages of using negative confirmations to provide audit evidence about the assertions in this case. Comment on the persuasiveness of the evidence the negative confirmations provide. Do you think it can be sufficient to support the auditor’s opinion? DC 11-10 Substantive Testing for Sales. LO1, 4 Parts Inc. sells electrical components to large department stores and also has a few cash sales to electricians. Sales invoices are prepared for all sales. Cash sales are recorded to the cash receipts journal, and cash is deposited to the bank each day. All sales to large stores are credit sales and are handled by sales clerks by telephone or email.
WWW.TEX-CETERA.COM
616
PART 3
Performing the Audit
The sales clerk takes the customer’s request, checks the authorized customer list for credit limits (if it is a credit sale), prepares the sales invoice, and sends one copy to the inventory control department, which sends the ordered goods to the shipping department. For cash sales, the inventory control clerk brings the items sold to the sales counter and the goods are given to the purchaser at the time of sale. For credit sales, the shipping clerk signs the inventory control copy of the sales invoice and then prepares a shipping invoice. A third copy of the sales invoice is forwarded to the accounting department so that a clerk can enter the sale into the sales journal. The shipping invoices are maintained in the shipping department in case a shipment needs to be checked. All goods are shipped FOB shipping point. Required: a. Design two audit procedures, in addition to sample selection, that will provide evidence of the occurrence/existence of sales. Identify the procedure (trace, compare, vouch, and so on) and the documents you are using, and explain why these procedures will show whether recorded sales are valid. b. Design two audit procedures that will provide evidence of the completeness of sales. Identify the procedure (trace, compare, vouch, and so on) and the documents you are using, and explain why these procedures will show whether recorded sales are complete. (Adapted from External Auditing (AU1), June 2011, with permission of Chartered Professional Accountants of Canada, Toronto, Canada. Any changes to the original material are the sole responsibility of the author (and/or publisher) and have not been reviewed or endorsed by the Chartered Professional Accountants of Canada.) DC 11-11 Municipal Government, Employee Theft. tion Case in the chapter.
LO2, 3, 4
This case is modelled on the Applica-
Case Description: In the audit of a municipal government, the auditors discovered that receivables for property taxes were overstated because the tax assessor stole some taxpayers’ payments. J. R. Shelstad had been the tax assessor-collector for 15 years in the Ridge Municipal District, a large metropolitan area. Known as a “good personnel manager,” Shelstad pocketed 100–150 counter payments each year, in amounts of $500–$2,500, stealing about $200,000 a year for a total of approximately $2.5 million. The district had assessed about $800–$900 million per year in property tax revenues, so the annual theft was less than 1%. Nevertheless, the taxpayers got mad. In Shelstad’s assessor-collector office, staff processed tax notices on a computer system and generated 180,000 tax notices each October. A summary listing report was printed and used to check “paid” when payments were received. Payments were processed by computer, and a master file of accounts receivable records (tax assessments, payments) was kept on the computer hard drive. Shelstad often took over the front desk at lunchtime so the teller staff could enjoy lunch together. During these times, Shelstad took tax payments over the counter, gave the taxpayers a counter receipt, and pocketed some of the money, which was never entered in the computer system. Shelstad eventually resigned when the district’s assessor-collector office was eliminated upon the creation of a new region-wide tax agency. Audit Trail: The computer records showed balances due from many taxpayers who had actually paid their taxes. The book of printed notices was not marked “paid” for many taxpayers who had received counter receipts. These records and the daily cash receipts reports (cash receipts journal) were available at the time the independent auditors performed the most recent annual audit in April. To keep his fraud going and prevent auditors from detecting it, Shelstad persuaded the auditors that the true “receivables” were the delinquencies turned over to the
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
617
region’s legal counsel. Their confirmation sample and other work were based on this population. Thus, confirmations were not sent to fictitious balances that Shelstad knew had been paid. When Shelstad resigned in August, a power surge permanently destroyed the hard drive where the receivables file was stored, and the cash receipts journals could not be found. When the new regional agency managers took over the tax assessment, they noticed that the total of delinquent taxes disclosed in the audited financial statements was much larger than the total turned over to the region’s legal counsel for collection and foreclosure. AUDIT APPROACH ANALYSIS Audit Objective: The auditors’ objective is to obtain evidence determining if the receivables for taxes (delinquent taxes) represent genuine claims collectible from the taxpayers. Controls Relevant to the Municipal Tax Revenue Process: The municipal system for establishing the initial amounts of taxes receivable was fine. Professional staff appraisers and the independent appraisal review board established the tax base for each property, and the municipal council set the price (tax rate). The computer system authorization for billing was validated on these two inputs. The cash receipts system was well designed, calling for preparation of a daily cash receipts report (cash receipts journal that served as a source input for computer entry). This report was always reviewed by the “boss,” Shelstad. Unfortunately, Shelstad had the opportunity and power to override the controls and become both cash handler and supervisor. He made the decisions about sending delinquent taxes to the region’s legal counsel for collection, but the ones he knew to have been paid but stolen were withheld. Required: Describe in detail the audit procedures you would perform in this case. Consider tests of control and substantive tests such as dual-purpose tests of transactions and/or tests of details of balance. In particular, identify the information that could have been obtained from confirmations directed to the real population of delinquent accounts receivable (i.e., including the ones that had been stolen by Shelstad). Which tests do you consider likely to detect Shelstad’s theft? Why? DC 11-12 Audit of Revenue with Accounting for Different Components. LO1, 3, 4 It is Monday, September 13, 20X1. You, a PA, work at Fife & Richardson LLP, a public accounting firm. Ken Simpson, one of the partners, approaches you mid-morning regarding Brennan & Sons Limited (BSL), a private company client for which you performed the August 31, 20X0, year-end audit. “It seems there have been substantial changes at BSL this year,” Ken explains. “I’m going there tomorrow, and since you will be on the audit again this year, it would be beneficial for you to come. I took the liberty of retrieving information from last year’s files so you can refresh your memory about this client (Exhibit DC 11-12–1).” EXHIBIT DC 11-12–1
Excerpt from Permanent File Date of incorporation:
October 27, 1982
Year-end:
August 31
Ownership:
50 common shares
Harold Thomas
50 common shares
Kyle Stanton
WWW.TEX-CETERA.COM
618
Performing the Audit
PART 3
The next day, you and Ken meet with Jack Wright, the accounting manager at BSL. Jack gives you the internally prepared financial statements (Exhibits DC 11-12–2 and DC 11-12–3). To your surprise, there are also financial statements for two new companies. Jack quickly explains that BSL incorporated two subsidiaries in January 20X1, each with the same year-end as BSL: Brennan Transport Ltd. (Transport)—100% owned by BSL Brennan Fuel Tank Installations Inc. (Tanks)—75% owned by BSL
EXHIBIT DC 11-12–2
Internal Financial Statements—Balance Sheets BRENNAN & SONS LIMITED BALANCE SHEET AS AT AUGUST 31 (IN THOUSANDS OF DOLLARS) 20X0
20X1
(audited)
(unaudited)
BSL
BSL
Transport
Tanks
75
$ 67
970
603
119
–
10
500
–
15
1,447
1,178
186
97
Assets Cash Accounts receivable Inventory
Note receivable Property, plant, & equipment Investment in subsidiaries Intangible asset
$
467
$
–
431 (note 1)
$ 82
–
–
4,768
13,400
400
80
–
2
–
–
–
–
–
$6,215
$15,011
$586
$197
20 (note 2)
$
$128
$166
Liabilities Accounts payable Note payable Mortgage payable
$ 315
813
–
–
431 (note 1)
–
100
6,500
–
–
415
7,313
559
166
Shareholders’ Equity Common stock Retained earnings
1
1
1
5,799
7,697
26
30
5,800
7,698
27
31
$6,215
$15,011
$586
$197
Notes: 1. Note receivable/payable for sale of trucks and trailers from BSL to Transport, interest at 8% 2. Training costs for Sean Piper, owner/installer 3. Includes Sean’s equity interest
WWW.TEX-CETERA.COM
1 (note 3)
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
619
EXHIBIT DC 11-12–3
Internal Financial Statements—Income Statements BRENNAN & SONS LIMITED INCOME STATEMENT FOR THE YEAR ENDED AUGUST 31 (IN THOUSANDS OF DOLLARS) 20X0
20X1
(audited) BSL (12 months)
BSL (12 months)
(unaudited) Transport (8 months)
Tanks (8 months)
Revenue Scrap metal
$11,000
Transportation services
$10,003
900
Fuel tank installations
300 (note 4)
$–
$–
700 (note 4)
–
–
–
–
320
11,900
10,303
700
320
1,600
1,440
–
–
700
340
550
–
Cost of sales Scrap metal Transportation services
–
–
–
220
Gross margin
Fuel tank installations
9,600
8,523
150
100
General & administration (note 5)
8,491
7,930
90
50
Interest expense
9
120
16
–
1,100
473
44
50
Gain on sale of equipment
–
84
–
–
Gain on sale of property
–
2,500
–
–
Interest income
–
16
–
–
Property rental
–
90 (note 6)
–
–
44
50
Income before other income Other income
Income before income tax
1,100
Income tax Net income
$
3,163
440
1,265
18
20
660
$ 1,898
$ 26
$ 30
Notes: 4. Transport took over transportation services in January 5. 20X1 General & administration includes amortization 6. $10,000 per month from Transport and $5,000 per month from Tanks for six months
You diligently take notes during the meeting (Exhibit DC 11-12–4). Jack states that BSL will prepare consolidated financial statements for audit based on Canadian GAAP to satisfy the bank’s request. Ken asks that you work on the overall planning for these engagements. As part of your planning, he asks you to discuss the new accounting issues that arise as a result of the changes during the year, and to evaluate their implications for the engagements.
WWW.TEX-CETERA.COM
620
PART 3
Performing the Audit
EXHIBIT DC 11-12–4
Notes from Your Meeting with Jack Wright BSL continues to operate the scrap metal business. BSL’s management thinks the price of metal is going to go up in the near future and has therefore started stockpiling for the first time. Unfortunately, BSL does not really have an inventory tracking system in place. If, in fact, it turns out that stockpiling is a good way for BSL to make money, it will install a better system. The company did its best to log each of the amounts going into the stockpile as it was added, knowing that an amount for its year-end inventory balance would need to be determined. BSL also used a known engineering formula to come up with an estimate for year-end inventory and tried to measure the different piles of metal as a way of counting what was on hand at August 31, 20X1. The different methods came up with different amounts, so management went with the initial amount based on the log. Jack noted that we would have had a good laugh at the different ways they tried to measure the piles if we’d been there to see it. As soon as it was incorporated on January 1, 20X1, Transport took over BSL’s transportation operations. Transport provides transportation services to BSL and external customers, the same as BSL did. BSL sold the trucks to Transport in late January at fair market value. However, Transport didn’t have the funds to buy the equipment, so BSL issued a note receivable at what Jack believed to be the market interest rate. Tanks installs and maintains pre-engineered, above-ground fuel storage tank systems, a new line of business for BSL. Sean Piper, a good friend of one of BSL’s owners, approached BSL last fall with the idea. Sean was willing to take the necessary training to become a certified fuel tank installer, and he wanted 50% ownership in Tanks. The owners of BSL agreed it was a great opportunity but wanted more control. The parties settled on Sean’s receiving 25% ownership of Tanks. As part of the agreement, BSL was required to provide a guarantee per taining to Tanks’ licensing application to the environmental authority, since Tanks was a newly formed corporation. Although other vendors sell the same tanks and installation services separately, Tanks only sells the tank combined with installation and service. The tank is marked up by 20% on the price paid and is sold including installation and a five-year maintenance package for a total of $40,000. One hundred percent of the revenue is recognized when the sales agreement is signed by the customer. The tank is then delivered and installed at the customer’s site within two to three weeks of signing. The fuel tanks need to be pressuretested every year, and the measurement gauge needs to be checked. Tanks will perform the maintenance services for customers for the first five years. Thereafter, Tanks will offer to continue to perform the maintenance for a contract price of $5,000 a year.
Nature of the Business: BSL operates as a scrap metal dealer and processor. It buys used scrap metal from individuals and businesses and then bundles the different metals and sells them in larger quantities at a higher price to bigger recycling businesses. BSL’s revenue fluctuates significantly because of the volatility in the market rates for steel and non-ferrous metals. To help control costs, BSL uses its own trucks and trailers to do the pickups. BSL earns additional revenue by providing transportation services to other businesses and by renting out the trucks during slower periods. As part of BSL’s overall strategy, the owners admit a willingness to take risks. They monitor the marketplace and are always on the lookout for new business opportunities. They even found a piece of land on the outskirts of the city that they thought would be great for a dump they considered operating themselves. They decided not to make an offer, but may reconsider in 20X1. For BSL’s 20X0 audit, materiality was set at $70,000. Required: Prepare a memo to the audit engagement partner discussing the planning for the BSL audit engagement. Your memo should discuss planning considerations for the audit of the consolidated financial statements, the risk assessments, and materiality decisions for the overall audit strategy. As part of your planning, discuss the new revenue accounting issues that arise as a result of the changes during the year and evaluate
WWW.TEX-CETERA.COM
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
621
their implications for the engagement. [Assume that BSL will use Accounting Standards for Private Enterprises (ASPE) as its financial reporting framework. Given the timing of the case, ASPE can be adopted, and it will meet the bank’s requirement for Canadian GAAP.] (Source: CPA Canada 2010 Uniform Final Exam, adapted.) DC 11-13 Special Confirmation Procedures for Bill-and-Hold Transactions. LO6 Specialties Papers Inc. (SPI) makes a unique type of paper that is used in specialized biohazard cleanup operations. Since customers cannot predict when they will need large supplies of the paper, they typically purchase a quantity of paper and ask SPI to hold it in its warehouse until they order it to be delivered. Kelly is auditing the revenues of SPI for the first time and notices a number of sales classified as bill and hold. She consults with more-senior auditors in her firm and learns that while bill-and-hold sales transactions are not necessarily a GAAP violation when customers have actually requested this arrangement, they have often been associated with financial fraud and should be investigated. It is the substance rather than the form of the transaction that is important. Kelly realizes she needs to do some GAAP research to get up to speed on this accounting issue. She learns that according to IAS 18, Revenue, the following conditions should be met for revenue recognition to be appropriate, including for any bill-and-hold sales arrangements: (14) Revenue from the sale of goods shall be recognized when all the following conditions have been satisfied: (a) the entity has transferred to the buyer the significant risks and rewards of ownership of the goods; (b) the entity retains neither continuing managerial involvement to the degree usually associated with ownership nor effective control over the goods sold; (c) the amount of revenue can be measured reliably; (d) it is probable that the economic benefits associated with the transaction will flow to the entity; and (e) the costs incurred or to be incurred in respect of the transaction can be measured reliably. (15) The assessment of when an entity has transferred the significant risks and rewards of ownership to the buyer requires an examination of the circumstances of the transaction. In most cases, the transfer of the risks and rewards of ownership coincides with the transfer of the legal title or the passing of possession to the buyer. This is the case for most retail sales. (16) If the entity retains significant risks of ownership, the transaction is not a sale and revenue is not recognized. Kelly also learns from some auditing research that a special positive confirmation letter is often used for possibly inappropriate bill-and-hold transactions. An example of this confirmation is illustrated in Exhibit DC 11-13. Required: a. Discuss how the issues Kelly is addressing in the SPI audit illustrate that auditors must have a good understanding of the auditee, its business, and its products in order to identify the warning signs of revenue recognition misstatements and fraud. b. Discuss the nature of the special bill-and-hold confirmation, and what evidence it will provide (i.e., is it an example of a confirmation request to verify the contractual substance of a sales transaction from the customer’s point of view?).
WWW.TEX-CETERA.COM
622
PART 3
Performing the Audit
EXHIBIT DC 11-13
Confirmation Request for a Bill-and-Hold Transaction [Client Letterhead] [Date] [Name and address of customer employee with sufficient authority to commit customer] Dear [Name]: Our auditors [public accounting firm name and address] are auditing our financial statements at [balance sheet date]. Please compare the following information with your records and report directly to our auditors whether that information is correct: We sold you [product description] on [date] for [total sales price] under your purchase order [date and number]. [Product description] has been sold to you on our normal payment terms as described in our invoice [number and date], and those terms have not been modified. There are no written or oral amendments to the terms specified in the purchase order. At your request we are holding [product description] at your risk on our premises, and title has passed to you. You requested us to hold [product description] for you because [description of business reason for delayed shipment]. There are no written or oral amendments to the terms specified in the purchase order. You are obligated to pay us [total sales price] by [payment due date]. Please use the enclosed pre-addressed, postage-paid reply envelope. Because this response is needed for our auditors to complete their audit, we would appreciate a prompt response. Very truly yours, [Signature and title of authorized client representative] If the above information is correct, please confirm. If your understanding of anything described above differs in any respect, please explain. Date: _______________________ Signed: _____________________ Source: © 2000, American Institute of CPAs. All Rights Reserved. Adapted by permission.
WWW.TEX-CETERA.COM
A P P E N D I X
1 1 A
Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process LO8
Describe the internal control questionnaires used in audit practice.
Exhibit 11A–1 provides an example of the type of form that could be used to guide the auditor’s assessment of the effectiveness of application controls in the two main classes of transactions and the main account balance in the revenues, receivables, and receipts process. Note that in practice, forms like this can provide only a general starting point, and the actual audit work must always be tailored to the specifics of each engagement. Exhibit 11A–2 provides a few examples of the types of controls one expects to find in a typical system, such as the one illustrated in Exhibit 11–1 of the chapter. EXHIBIT 11A–1
Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process INTERNAL CONTROL QUESTIONNAIRE FOR REVENUES, RECEIVABLES, AND RECEIPTS PROCESS AUDITEE: __________________________________________________________ F/S PERIOD: _________________________________________________________
Auditor Responses
Audit File References
OVERALL COMPANY-LEVEL CONTROL AND GENERAL CONTROL ACTIVITIES ASSESSMENT (Refer to responses recorded for questions in Exhibit 9A–1 in Appendix 9A) Are company-level and general control activities adequate as they apply to the revenues, receivables, and receipts components of the information system? `¼ ¼"IHMC>?L¼ NB?¼ CGJ;=N¼ I@¼ ;HS¼ Q?;EH?MM¼ CH¼ =IGJ;HS F?P?F¼ ;H>¼ A?H?L;F¼ =IHNLIF¼ ;=NCPCNC?M¼ IH¼ NB?¼ planned audit approach and procedures. `¼ ¼ MM?MM¼ NB?¼ JIN?HNC;F¼ @IL¼ Q?;EH?MM?M¼ NI¼ L?MOFN¼ CH¼ ;¼ G;N?LC;F¼ GCMMN;N?G?HN¼ I@¼ NB?¼ @CH;H=C;F¼ information generated from this accounting cycle. If a significant risk of misstatement is assessed, perform procedures to determine the extent of any misstatement. Consider the adequacy of the following general controls in place in the revenues, receivables, and receipts process to – – – – – –
Prevent unauthorized access or changes to programs and data Ensure the security and privacy of data Control and maintain key systems Protect assets susceptible to misappropriation Ensure completeness, accuracy, and authorization of data and processing Ensure that adequate management trails exist
(continued) 623
WWW.TEX-CETERA.COM
624
PART 3
Performing the Audit
EXHIBIT 11A–1
Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process (continued) Auditor Responses
Audit File References
APPLICATION CONTROL ASSESSMENTS CASH RECEIPTS TRANSACTIONS APPLICATION CONTROLS Environment and General Controls Relevant to This Application 1. Are receipts deposited daily, intact, and without delay? 2. Does someone other than the cashier or accounts receivable bookkeeper take the deposits to the bank? 3. Are the duties of the cashier entirely separate from recordkeeping for notes and accounts receivable? from general ledger recordkeeping? Is the cashier denied access to receivables records or monthly statements? 4. Does someone reconcile the accounts receivable subsidiary to the control account regularly (to determine whether all entries were made to customers’ accounts)? 5. Are employees with access to cash covered by fidelity insurance against embezzlement losses (also called fidelity bonding of employees)? Application Control Assessment Validity objective: 6. Is a bank reconciliation performed monthly by someone who does not have cash custody or recordkeeping responsibility? 7. Are the cash receipts journal entries compared with the remittance lists and deposit slips regularly? Completeness objective: 8. Does the person who opens the mail make a list of cash received (a remittance list)? 9. Are currency receipts controlled by mechanical devices? Are machine totals checked by the internal auditor? 10. Are prenumbered sales invoice or receipt books used? Is the numerical sequence checked for missing documents? Authorization objective: 11. Does a responsible person approve discounts taken by customers on their payments on account? Accuracy objective: 12. Is a regular (e.g., monthly) bank reconciliation performed by the internal auditor or someone other than the employee making the deposits? 13. Is the remittance list compared with the deposit by someone other than the cashier? Classification objective: 14. Does the accounting manual contain instructions for classifying cash receipts credits? Proper period objective: 15. Does the accounting manual contain instructions for dating cash receipts entries the same day as the date of receipt? SALES TRANSACTIONS APPLICATION CONTROLS Environment and General Controls Evaluation Relevant to This Application 1. Is the credit department independent of the marketing department? 2. Are non-routine sales controlled by the same procedures described below (e.g., sales to employees, cash-on-delivery (COD) sales, disposals of property, cash sales, and scrap sales)? 3. Are summary journal entries approved before posting? Application Control Assessment Consider whether the auditee has appropriate policies and procedures in place to meet the following control objectives: Validity objective: 4. Is access to the sales invoicing process restricted to appropriate personnel? 5. Are prenumbered bills of lading or other shipping documents produced and completed in the shipping department?
WWW.TEX-CETERA.COM
(continued)
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
EXHIBIT 11A–1
Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process (continued) Auditor Responses
Audit File References
Completeness objective: 6. Are sales invoices prenumbered? 7. Is the sequence checked for missing invoices? 8. Is the shipping document numerical sequence checked for missing bill of lading numbers? Authorization objective: 9. Are all credit sales approved by the credit department prior to shipment? 10. Are sales prices and terms based on approved pricing lists and credit policies? 11. Are returned sales credits and other credits supported by documentation as to receipt, condition, and quantity, and approved by a responsible officer? Accuracy objective: 12. Are shipped quantities compared with invoice quantities? 13. Are sales invoices checked for error in quantities, prices, extensions and totals, and freight allowances, and against customers’ orders? 14. Is there an overall check on arithmetic accuracy of period sales data by a statistical or product-line analysis? 15. Are periodic sales data reported directly to general ledger accounting independent of accounts receivable accounting? Classification objective: 16. Does the accounting manual contain instructions for classifying sales, and are employees following these instructions? Proper period objective: 17. Does the accounting manual contain instructions to date sales invoices on the shipment date, and are employees following these instructions? ACCOUNTS RECEIVABLE BALANCE APPLICATION CONTROLS Environment and General Controls Relevant to This Application 1. 2. 3. 4. 5. 6. 7. 8.
Are customers’ subsidiary records maintained by someone who has no access to cash? Is the cashier denied access to the customers’ records and monthly statements? Does someone regularly reconcile the accounts receivable subsidiary to the control account? Are delinquent accounts listed periodically for review by someone other than the credit manager? Are written-off accounts kept in a memo ledger or credit report file for periodic access? Is the credit department separated from the sales department? Are notes receivable in the custody of someone other than the cashier or accounts receivable recordkeeper? Is custody of negotiable collateral in the hands of someone not responsible for handling cash or keeping records?
Application Control Assessment Consider whether the auditee has appropriate policies and procedures in place to meet the following control objectives: Validity objective: 9. Are customers’ statements sent to them regularly (e.g., monthly) by the accounts receivable department? 10. Are direct confirmations of accounts and notes obtained periodically by the internal auditor? 11. Are differences reported by customers routed to someone outside the accounts receivable department for investigation? 12. Are returned goods checked against receiving reports? Completeness objective: (Refer to completeness questions in the sales and cash receipts questionnaires.) 13. Are credit memo documents prenumbered and the sequence checked for missing documents? (continued)
WWW.TEX-CETERA.COM
625
626
PART 3
Performing the Audit
EXHIBIT 11A–1
Internal Control Questionnaires for the Revenues, Receivables, and Receipts Process (continued) Authorization objective: 14. Is customer credit approved before orders are shipped? 15. Are write-offs, returns, and discounts allowed after the discount date subject to approval by a responsible officer? 16. Are large loans or advances to related parties approved by the directors? Accuracy objective: 17. Do the internal auditors periodically confirm customer accounts to determine accuracy? Classification objective: 18. Are receivables from officers, directors, and affiliates identified separately in the accounts receivable records? Proper period objective: (Refer to proper period objective questions in the sales and cash receipts questionnaires.) Auditor’s conclusion on the effectiveness of application controls in the revenues, receivables, and receipts process: _________________________________________________________ _________________________________________________________
Prepared by
Date
_____
_____
_____
EXHIBIT 11A–2
Examples of Controls in a Revenues, Receivables, and Receipts Process, Relating to Exhibit 11–1 `¼ ¼$;=B¼MSMN?G¼N?LGCH;F¼;FFIQM¼;==?MM¼IHFS¼NI¼>?MCAH;N?>¼@OH=NCIHM ¼%IL¼?R;GJF?�¼NB?¼N?LGCH;F¼;N¼NB?¼MBCJJCHA¼>I=E¼=;HHIN¼¼ to enter initial sales information or to access the payroll database. `¼ ¼ H¼C>?HNC@C=;NCIH¼HOG¼IH¼;H¼CH>CPC>O;F J?LMIH¼¼NI¼?HN?L¼NB?¼M;F?M�¼;H>¼@IL¼?;=B¼ subsequent command entered to process the transaction. Unauthorized entry attempts are logged and immediately investigated. Further, certain passwords have “read-only” (cannot change any data) authorization. For example, the credit manager can determine the outstanding balance of any account or view online “reports” summarizing overdue accounts receivable but cannot enter credit memos to change the balances. `¼ ¼ FF¼ CHJON¼ CH@ILG;NCIH¼ CM¼ CGG?>C;N?FS¼ FIAA?>¼ NI¼ JLIPC>?¼ L?MN;LN¼ JLI=?MMCHA¼ MBIOF>¼ ;HS¼ N?LGCH;F¼ ¼¼;M¼J;LN¼I@¼NB?¼M;F?M¼L?=IL>¼CH¼NB?¼ accounts receivable database. `¼ ¼ ¼>;CFS¼M?;L=B¼I@¼NB?¼J?H>CHA¼IL>?L¼>;N;?¼¼M;F?M¼IL>?LM¼IONMN;H>CHA¼GIL?¼NB;H¼M?P?H¼ days are listed on a report accessible to marketing management.
online input validation: inputting information correctly or the computer will not accept the transaction; uses validation checks such as missing data, check digit, and limit tests
WWW.TEX-CETERA.COM
A P P E N D I X
1 1 B
System Documentation Examples for the Revenues, Receivables, and Receipts Process LO9
Describe the accounting control system documentation used in audit practice.
This appendix provides examples of systems documentation prepared using flowchart and process table diagram formats. These formats may be use in lieu of, or in addition to, narrative descriptions. Exhibit 11B–1 diagrams an IT-based system for processing customer sales orders and accounts EXHIBIT 11B–1
Sales and Accounts Receivable Processing Flowchart Example: Information Technology– Based System
Inventory master (subsidiary)
Accounts receivable master (subsidiary)
Credit check files
Customer purchase order
Price list master file
Pending order master
Back order master
Order entry
Terminal logs
General ledger master
Packing slip
Online sales processing
Sales order
Sales detail (journal)
q�"VUIPSJ[FE�UFSNJOBM�*% q�4BMFT�PSEFS�TDSFFn q�"VUPNBUJD�DSFEJU�DIFDk q�*OWFOUPSZ�PO�IBOE�DIFDk q�*NNFEJBUF�VQEBUF�PG�BMM�EBUBCBTFT q�0OMJOF�TUBUVT�RVFSZ q�"VUPNBUJD�USBOTGFS�GSPN�QFOEJOg order to accounts receivable and general ledger master files
Stockroom
Bill of lading
Marketing management
Credit management
Shipping Terminal logs
Invoices
Back order report
%BJMZ�TBMFT report
Sales analysis
Accounts receivable listing and aging
Monthly customer statements
627
WWW.TEX-CETERA.COM
628
PART 3
Performing the Audit
receivable. Exhibit 11B–2 show a manual system of processing cash receipts, and Exhibit 11B–3 shows the same system using an input/process/output table as the documentation format. The narrative descriptions of these systems in the chapter correspond to the activities and records shown in these diagrams.
EXHIBIT 11B–2
Cash Receipts Processing Flowchart Example: Manual System Treasurer’s Office Marketing Department (sales clerks) ––––––––––––––––––––– Operations Department (mailroom) ––––––––––––––––––––– START Cash received
Cashier ––––––––––––––––––––
Controller’s Office
Cash Management ––––––––––––––––––––
Accounts Receivable –––––––––––––––––––– 2
Prepare cash remittance list.
C.R.L. 3 C.R.L. 2 Cash 1 remittance list
1
2
Approve discounts. Prepare deposit.
1 Post to customer accounts.
Deposit slip 1
To bank
All cash receipts are deposited. C.R.L. 3 Deposit slip 2
Prepare cash receipts journal. Post to general ledger. Cash receipts journal
Approval of discounts noted on remittance list
Money C.R.L. 3 Deposit slip 2
General Ledger Accountant ––––––––––––––––––––
Accounts Individual receivable customer accounts control account, subsidiary general ledger ledger
Cash accounts
Cash 2 remittance list
Cash 1 remittance list
Date
Date
Monthly bank statement Prepare monthly bank reconciliation.
WWW.TEX-CETERA.COM
Controller –––––––––––––––––––– Prepare monthly reconciliation of accounts receivable subledger to general ledger control account.
CHAPTER 11
The Revenues, Receivables, and Receipts Process and Cash Account Balance
629
EXHIBIT 11B–3
Cash Receipts Processing Input/Process/Output Table Example: Manual System INPUT
ACTIVITY
PERFORMED BY
FREQUENCY
OUTPUT
Customer payment collected
List cash receipts by customer and invoice number.
Cashier
Daily
Cash remittance list
Cash remittance list
Approve any discounts taken.
Cash management
Daily
Approved cash remittance list [3 copies]
Approved cash remittance list [1]
Prepare deposit slip for bank.
Cashier
Daily
Deposit slip
Bank deposit slip
Take cash and deposit slip to bank.
Cash management
Daily
Bank-stamped deposit slip
Approved cash remittance list [2]
Post to customer accounts.
Accounts receivable clerk
Daily
Accounts receivable subledger update
Approved cash remittance list [3]
Post to cash receipts journal.
General ledger accountant
Daily
Accounts receivable subledger update
Accounts receivable subledger update
Post total cash receipts to general ledger accounts receivable control account.
General ledger accountant
Daily
General ledger update
Accounts receivable reconciliation
Agree total accounts receivable subledger balance to balance of accounts receivable control account in general ledger.
Controller
Monthly
Reconciliation summary with documented support for all reconciling items
Bank reconciliation
Reconcile cash balance per general ledger to balance per bank statement.
Cash management
Monthly
Reconciliation summary with documented support for all reconciling items
APPENDIX 11C Example of an Audit Engagement File Index (on Connect)
ENDNOTES 1
The only differences between CASs and ISAs are a small number of amendments that are necessary to reflect particular Canadian laws and regulations. These amendments do not affect how an auditor performs a financial statement audit.
2
This picture is not a flowchart. Flowcharts are illustrated in Appendix 11B.
3
CAS 505.
4
B. Fox, “Preventing confirmation fraud,” The Auditor’s Report, Spring 2004, p. 15, www2.aaahq.org/audit/Pubs/ Audrep/04spring/Spring2004.pdf.
WWW.TEX-CETERA.COM
A P P E N D I X
1 1 C
Example of an Audit Engagement File Index LO10
Describe the organization and contents of the sections contained in typical audit documentation files.
This exhibit provides an example of a file index (Exhibit 11C–1) that can be used to prepare a file of audit documentation working papers. The file indexing system shown here sets out the audit documentation sections in three main parts: (1) Audit Administration Documentation; (2) Audit Planning Documentation; (3) Audit Evidence Documentation. The index is adapted from the Canadian Professional Engagement Manual (C•PEM), which is available on a subscription basis. The C•PEM is an example of the kinds of practice aids that are available to help to public accountants (PAs) in practice. This sample file index and standard forms may be used for any size of entity. Some forms come in condensed versions that can be used instead of standard forms for smaller entities. Where completion of the standard or condensed form is more than is necessary (based on professional judgment) to meet the CAS requirements for a particular entity, a memo to file may be prepared using the same file index number. Standard and condensed-form versions are also provided for use on audits of not-for-profit entities. EXHIBIT 11C–1
Example of an Audit Engagement File Index FILE INDEX NUMBER AND DOCUMENT NAME 100 Report transmittal
STANDARD
CONDENSED
NFP
NFPC
101—199 FINANCIAL STATEMENTS AND AUDIT REPORT 110 Financial statements and audit report 120 Supporting worksheets for note disclosures, cash flows, etc. 150 Trial balance 160 Adjusting entries 200—299 INCOME TAXES 205 Income tax assessments/correspondence 210 Income tax returns 300—399 COMPLETION DOCUMENTS 310 Checklist—Audit completion 320 Notes on significant audit decisions 330 Worksheet—Audit findings and matters for discussion 335 Worksheet—Summary of identified misstatements 340 Worksheet—Matters to be communicated to management and those charged with governance 350 Written representations (management representation letter) 360 Legal and other significant correspondence 370 Worksheet—Matters for future consideration
(continued) 11C-1
WWW.TEX-CETERA.COM
APPENDIX 11C
Example of an Audit Engagement File Index
11C-2
EXHIBIT 11C–1
Example of an Audit Engagement File Index (continued) FILE INDEX NUMBER AND DOCUMENT NAME
STANDARD
CONDENSED
NFP
NFPC
400—499 PLANNING 405 New engagement—Acceptance 407 Letter from predecessor auditor 408 Initial audit engagements—Opening balances 410 Existing engagement—Continuance 415 Terms of engagement (engagement letter) 420 Materiality 426 Planned risk assessment procedures 428 Worksheet—Selecting an auditor’s expert 430 Overall audit strategy 436 Team planning discussions 437 Worksheet—Fraud scenarios 440 Worksheet—Information/analysis requested from management 445 Group audit planning 450 Worksheet —Time budget 451 Worksheet—Detailed budget 460 Planning-related reports, letters, and agreements (such as with management, those charged with governance, component auditors, and auditor specialist(s)) 500—599 RISK ASSESSMENT PROCEDURES Risk Identification and Assessment 500 Observation and analytical procedures 501 Worksheet—Preliminary analytical procedures 505 Inquiries of management and others 506 Worksheet—Identifying fraud risks 507 Worksheet—Minutes of governance meetings 508 Worksheet—Listing of risk factors and possible responses 509 Worksheet—Notes on meetings with management and others 510 Identifying risks through understanding the entity 513 Understanding accounting estimates 514 Worksheet—Outcome of prior-period accounting estimates 515 Understanding related parties 520 Risk register—Entity specific—Business/operating 522 Risk register—Entity specific—Fraud 525 Going concern—Identifying events and conditions Understanding Internal Control 530 Pervasive (entity-level) risks and controls 540 Control design/implementation—[Blank] 545 Control design/implementation—Revenues, receivables, receipts 550 Control design/implementation—Purchases, payables, payments 555 Control design/implementation—Payroll 560 Control design/implementation—Financial reporting 565 Worksheet—Control implementation—Business process controls 570 Worksheet—Internal control documentation and implementation 575 Worksheet—Internal control deficiencies identified 580 Communication of significant deficiencies in internal control 582 Worksheet—Library of typical control activities Summary of Assessed Risks at Financial Statement and Assertion Levels 590-1 FSL Worksheet—Assessing risk at the financial statement level 590-2 AL Engagement scoping/summary of assessed risks at the assertion level 590-Previous Engagement scoping/summary of assessed risks [previous] 600—699 RESPONSE TO ASSESSED RISKS 605 Responding to risk at the financial statement level
(continued)
WWW.TEX-CETERA.COM
11C-3
PART 3
Performing the Audit
EXHIBIT 11C–1
Example of an Audit Engagement File Index (continued) FILE INDEX NUMBER AND DOCUMENT NAME 606 Worksheet—Audit plan—[Blank] 608 Worksheet—Further audit procedures—[Blank] 610 Worksheet—Sampling—Tests of details 614 Worksheet—Substantive analytical procedures 615 Worksheet—Sampling—Tests of controls 618 Worksheet—Tests of pervasive (entity-level) controls 620 Worksheet—Evaluating the work of an auditor’s expert 625 Worksheet—Going-concern evaluation 630 Worksheet—Summary of external confirmations 635 Worksheet—Accounting estimates (including fair values) 637 Worksheet—Sales tax reasonability 645 Litigation, claims, and non-compliance 650 Subsequent events 655 Worksheet—Final analytical procedures 666 Worksheet—Related party transactions 670 Use of journal entries 675 Library of sample audit procedures 680 Worksheet—ASPE Supplementary audit procedures 681 Worksheet—NFP Supplementary audit procedures A—Z AUDIT A. 100 A. 110 A. 115 B. 100 C. 100 C. 110 D. 100 D. 110 E. 100 L. 100 N. 100 U. 100 W. 100
STANDARD
PLANS AND PROCEDURES—ASSETS Cash—Audit procedures Bank reconciliation procedures Cash count procedures Investments (such as investing excess cash)—Audit procedures Accounts receivable, trade, and other—Audit procedures Accounts receivable confirmation—Supplementary procedures Inventory—Audit procedures Inventory count checklist Loans and advances receivable—Audit procedures Prepaid expenses and other assets—Audit procedures Long-term investments—Audit procedures Property, plant, and equipment—Audit procedures Intangibles and goodwill—Audit procedures
AA—ZZ AUDIT PLANS AND PROCEDURES—LIABILITIES AND EQUITY AA. 100 Bank indebtedness—Audit procedures BB. 100 Notes payable and bank debt—Audit procedures CC. 100 Accounts payable and accrued liabilities—Audit procedures CC. 110 Accounts payable confirmation checklist FF. 100 Income taxes—Audit procedures GG. 100 Loans and advances payable—Audit procedures KK. 100 Long-term debt—Audit procedures MM. 100 Deferred contributions—Audit procedures TT. 100 Net assets—Audit procedures UU. 100 Equity—Audit procedures (partnership) UU. 110 Equity—Audit procedures (corporate) 700—799 AUDIT PLANS AND PROCEDURES—INCOME STATEMENT 705 Revenues—Audit procedures 720 Cost of sales—Audit procedures 730 Payroll and other expenses—Audit procedures 800—899 OTHER WORKING PAPERS, FORMS, PLANS, CHECKLISTS, AND PROCEDURES 900—999 FINANCIAL REPORTING FRAMEWORKS* *Note: For financial statement presentation and disclosure requirements, refer to the FRF900 series of forms. Source: Adapted from C•PEM “Audit engagement file index—[Sample] 001,” C•PEM Forms—Audits, 2015.
WWW.TEX-CETERA.COM
CONDENSED
NFP
NFPC
C H A P T E R
1 2
The Purchases, Payables, and Payments Process This chapter summarizes the purchases, payables, and payments business process, which involves the purchase of goods (inventory); services (expenses); and property, plant, and equipment (PPE) (fixed assets), and the expenditure of cash (cash payments) to pay for purchases, as well as the related audit procedures. It then describes the control considerations, typical control tests, and substantive audit programs used in auditing the purchases, payables, and payments business process. The chapter provides special notes on inventory observation, accounts payable completeness, and auditing PPE and intangible assets. The Application Case at the end of the chapter demonstrates the performance of audit procedures in situations where errors or frauds might be discovered in the purchases, payables, and payments process.
L EAR NING O BJE CT IVE S After completing this chapter, you will be able to do the following: LO1
Describe the purchases, payables, and payments process, including typical risks, transactions, account balances, source documents, and controls.
LO2
Describe the auditor’s control risk assessment and control tests for auditing control over the purchase of inventory, services, and fixed assets, and for the payment of cash.
LO3
Describe the typical substantive procedures used to respond to the assessed risk of material misstatement in the main account balance and transactions in the purchases, payables, and payments process.
LO4
Identify audit considerations for observing the physical inventory count.
LO5
Explain the main auditing procedures used for property, plant, and equipment and intangible assets.
LO6
Explain the importance of the completeness assertion for auditing the accounts payable liabilities, and the procedures used to search for unrecorded liabilities.
LO7
(Appendix 12A) Describe internal control questionnaires used in audit practice for the purchases, payables, and payments process.
630
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
CHAP T ER APP ENDIX APPENDIX 12A Internal Control Questionnaires for the Purchases, Payables, and Payments Process
EcoPak Inc. EcoPak will perform a physical count of their inventory on December 31 to coincide with their year-end date. The count will take from 4 p.m. until approximately 11 p.m. This is a crucial, time-sensitive opportunity to collect audit evidence, so Donna takes the following steps to make sure it is done well. First, she discusses the inventory with various people at EcoPak to identify inventory risk factors and internal controls, including cutoff procedures. Next, she calls Nina and obtains EcoPak’s inventory count instructions and its procedures for tying the count information into the accounting records to prepare the financial statements. She then develops a plan for M&G to attend the company’s inventory count to observe the execution of the count, and to perform the necessary audit procedures, such as performing test counts. She also plans follow-up procedures that will allow the audit team to tie the count information into the final inventory listing that supports the valuation in the financial statements, to allow them to reach a conclusion on whether it is fairly presented. Since it is M&G’s first year auditing EcoPak, they assessed the inherent risks in inventory as high and decided to go with a totally substantive approach rather than testing controls. They will reconsider this approach for next year’s audit, based on their greater experience with the company’s inventory processes. Donna notes some other key information about the count. The main raw materials items to count are processed biomass fibre, binding solutions, coatings, and ink. These will all be measured by volume, based on engineering specifications. There will also be a stock of finished products prepared for shipments in early January to fill outstanding orders. There are also quantities of a variety of products on hand for samples, prototypes, or any urgent unplanned orders that might arise. Donna was happy to hear that EcoPak plans to complete all production and shut down the production lines on December 28 to allow for quarterly maintenance and cleaning of the equipment. This will also make the count easier, as there will be no work in process (WIP) or movements of raw materials and finished goods. Experienced production workers will perform the count under Mike’s supervision. During the count, the workers will also count the supplies and moulds used in the production process, which are carried as separate inventory categories, and the plant and equipment, which are capitalized. Once the count is finished, Nina will review the count information for completeness and any outstanding issues that need to be addressed before the workers leave for the holidays. The plant and offices will be closed until January 3. Donna has decided that Caleb will attend the EcoPak count to perform the required audit procedures. Even though he has never observed a count before, Donna feels confident that he understands what the audit team needs to achieve by observing the physical inventory and by doing the audit test counts and other procedures at EcoPak’s year-end. So, she has no hesitation in assigning Caleb to do the count on his own. Donna also asks Caleb to get information for cutoff testing while he is at the count: last cheques issued and last deposits for cash, last shipments for sales and accounts receivable, and last inventory receipts for the inventory and payables. And since this is a new audit, Caleb should also ask the factory manager to show him the various machines and equipment items that are listed in the plant equipment schedule. Caleb is a bit nervous about attending the count on his own, but he realizes that the most important objective is for a person independent of EcoPak to make observations, perform test counts, and inspect the assets and related
WWW.TEX-CETERA.COM
631
632
PART 3
Performing the Audit
documents. He has seen EcoPak’s operations and had a tour of the factory during their interim visit, so he feels he has a good knowledge of what he needs to do at the count. “As long as I keep good notes of everything and follow the program, it should be fine,” he thinks to himself. Also, Donna has arranged to be available by cell phone in case he has any questions. Donna will not be going to the EcoPak count because she has been assigned to an inventory observation at another client, Jetstream Inc., a large jet turbine manufacturer, where she will need to supervise two assistants. Jetstream is a much more complex audit due to the high value and complicated technical design of its inventory, a large balance of WIP in various stages of completion, and very complex accounting processes. Also, Jetstream is a public company with some financial challenges, so that makes the engagement a lot riskier than EcoPak. Caleb realizes Donna will have a lot of challenges of her own on December 31! And, as it turns out, Caleb is in for quite a complex learning experience himself—he gets quite a surprise just as he is finishing up his day at the count. When Caleb arrives at the count, the workers are receiving their instructions from Nina, and during the afternoon he observes them following these quite closely. He is provided with the schedules of plant equipment as well as copies of the count sheets the workers are now completing for the raw material, finished goods, and supplies counts. Caleb decides to do the cutoff work first and then turn to the test counts. While he is out on the loading dock noting the last receiving reports numbers for the last materials received, he notes a shipment of 100 crates of ink that the shipper/receiver, Karl, had signed for at 3:55 p.m. The crates were tagged and included in the count, but there was no receiving report issued for them. Caleb goes and finds Karl, who explains that this order arrived just as he was going off to help with the count, so he was going to leave off entering it until after the holiday. Caleb points out that since the inventory is physically on hand, it should be counted and the paperwork showing that it was received should be processed into the accounts payable system. “Yes, I see your point. We have counted and tagged these crates to include them in our count, so I guess we need to set up the amount payable, too.” Karl logs into the system and issues the appropriate document, Receiving Report #24-0909, and Caleb records this as the last receipt of inventory. “The gates are locked now, so even if another truck arrives they won’t be able to drop anything off. This one really will be the last receipt for this year!” Karl tells Caleb. As he is getting set to leave the dock, Caleb notices a small shipment of finished product sitting on the loading dock with shipping document #14-1546, dated December 30, for pickup by Kingston Transport attached. When he asks Karl about it, Karl takes a look at the document and says, “Looks like the truck didn’t make it in to pick this up last night. Now the gates are closed, so that means this will the first shipment of next year—I’d better make sure accounting knows.” So Caleb notes that #14-1545 was the last shipment, and #14-1546 should be the first of next year. At this point, Mike comes looking for Caleb to tell him the production engineer is about to finish measuring the main vats of processing fibres. “Since that’s most of our inventory, I thought it was something you would want to observe for sure!” Caleb heads down to the storage vats area with Mike. On the way, he notices an unlocked room full of spare moulds with three workers busy counting them. Mike explains, “The moulds are really expensive and if one breaks it shuts down the line until we can replace it. So, we keep a good supply of spares in the locked storage. You will probably want to take some tests in there too, after we finish in the vat room. Quite a few dollars are tied up in there.”
The Essentials of Auditing a Business’s Purchases, Payables, and Payments Process Businesses have to spend money to make money, and keeping track of payments to various suppliers is a critical management process. Typically there will be a variety of suppliers to pay, and many different types of assets and expenses to pay for. The accounting process for purchasing transactions also involves processing the
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
633
related accounts payable balance and cash payment transactions (also called “cash disbursements”). The two main journal entries in this process are as follows: Dr Various asset or expense accounts Cr Accounts Payable
Dr Accounts Payable Cr Cash
Management’s main control objectives for the purchases, payables, and payments process relate to the validity, accuracy, and authorization of purchases and cash payments. Because the risk of employee fraud involving misappropriation of cash or other company assets is a major concern, strong controls are needed to ensure the company’s expenditures are appropriate. Classification is also an important control objective, since there are usually many different reasons to spend money, and some are for expenses with no future benefit, but others that have future benefits need to be classified as assets. Note that purchases of PPE can involve investments of large amounts of money and thus require a separate approval process from the highest level of governance. This may be part of the finance and investment process (discussed in Chapter 14) in many organizations. In this text, we will cover the purchase of PPE as part of the purchasing process here in Chapter 12, because many of the controls and procedures related to expenditures are similar, and junior audit team members are often involved in examining the accounting for PPE. Auditors’ concern is with management’s controls over the validity, completeness, authorization, and proper period cutoff for purchasing and payment transactions, to ensure that financial statements include all the liabilities that exist at year-end, and that expenses and assets are correctly classified. Auditor control testing in the purchasing process is usually required, since there tends to be a high volume of transactions affecting various accounts. Controls over cash payment transactions are often tested to ensure only authorized and valid cash payments can be made, since this can provide assurance that control risk is lowered, affecting many other accounts in the audit. The main control tests will trace records of goods and services received (e.g., purchase orders, bills of lading, supplier invoices, new assets) to authorization and recording of payables and payments in the general ledger, and test proper recording of cutoff at period end. The results of the auditor’s control testing will affect the nature of further substantive audit work to be performed, as well as the sample sizes and timing of further procedures. Substantive audit procedures that are commonly used in the purchases, payables, and payments process include reconciliation of bank account balances, analysis of accrual and expense accounts for reasonability, vouching of major expenses and asset purchases (inventory, PPE, and intangible assets) to supporting documents, and examining payments made just after year-end to ensure any related to the current period were accrued. The audit of the purchases, payables, and payments process focuses on the risk of material misstatement related to the completeness assertion, since understatements of liabilities and expenses hide poor financial performance and skew debt-related ratios that creditors monitor to assess the safety of their loans. Misstatements caused by improper capitalization of expenses are also a concern as they result in overstatements of assets and income, which can affect important user decisions and evaluations.
Review Checkpoints 12-1 What are the main classes of transactions and related account balances for the purchases process? 12-2 What are management’s main control objectives related to the purchases process? Why? 12-3 What are an auditor’s main concerns related to purchasing and payment transactions? Why? 12-4 Why do auditors frequently choose to test controls in the purchases, payables, and payments process? 12-5 What substantive audit procedures are often performed for purchases, payables, and cash payments? 12-6 How do the results of the auditor’s control testing affect the plan to perform substantive procedures? 12-7 What assertion is the auditor most concerned about in auditing the purchases, payables, and payments process? Why?
WWW.TEX-CETERA.COM
634
PART 3
Performing the Audit
Understanding the Purchases, Payables, and Payments Process LO1
Describe the purchases, payables, and payments process, including typical risks, transactions, account balances, source documents, and controls.
Purchases of goods and services are a major part of cash outflow in most organizations. For this reason, they will be subject to a fairly high level of management planning and control. Purchases may result in the organization’s acquiring assets, for example, inventory, fixed assets (such as PPE), or intangibles (such as patents and customer lists). Some purchases of goods, such as supplies, are expensed, and purchases of services are mainly expensed. Costs of purchasing goods and services may be deferred in some cases, if they relate to producing inventory (see Chapter 13) or internally developed assets, such as buildings and new products (deferred development costs).
Risk Assessment for Purchases, Payables, and Payments To assess risks in the purchasing-related processes, the auditor focuses on purchasing and cash payment transaction streams and accounts payable balances. Important disclosures relating to purchases include asset capitalization and valuation policies, inventory cost flow assumption policies, contractual commitments, and related party transactions. The auditor’s understanding of the auditee’s business and environment will point to specific business risks and the related financial misstatement risks that can arise from the auditee’s purchases, payables, and payments activities. Some examples of the risks at the assertion level are as follows. Existence risks could involve inventory being overstated due to double counting or other errors in the year-end physical inventory count. Purchased assets may include improper capitalization of costs to increase reported profits (e.g., WorldCom). Improper cutoff can lead to overstating inventory on hand at period-end if shipments received after period-end are included. Ownership risks can include inventory held on consignment being recorded as the company’s own inventory, in error. In an owner-managed business, some personal expenses of the owner may be run through the company to avoid income taxes. Completeness risks relate mainly to the possibility of unrecorded liabilities. Goods or services received but not yet paid for at year-end may not have been accrued. Provisions for future costs, such as warranties, may be missing or understated. Improper cutoff can also lead to incomplete recording of liabilities if purchased goods that are still in transit are not accounted for at period-end. Valuation risks can exist when purchases are denominated in foreign currency; if inventory or property values decline because of market conditions, obsolescence, or improper storage; or if intangible assets are improperly valued. Frauds relating to purchases and payables can arise from collusion between suppliers and employees to overstate purchase transactions payments, for example, via kickback schemes. Presentation and disclosure risks include not properly presenting separate categories of inventory, PPE, or intangible assets; inadequate capitalization policy notes; and failure to disclose contractual commitments to make future purchases at fixed prices. As you start to consider assertion-based risks more carefully, you will note that sometimes the same error or problem can affect more than one assertion. For example, if inventory held on consignment is included in the company’s own inventory balance, this error affects both the existence and ownership assertions. The great value of the assertions concept to auditors is that it provides a wide net for catching all kinds of things that could have gone wrong in a particular auditee’s business to result in material misstatements in its financial statements. This chapter outlines simple examples of processes for purchasing services, inventory, and fixed assets, as well as the related accounting process and its control activities. The main risk in these processes is incomplete recognition of expenses and liabilities. Control tests in the purchasing processes and physical inspection of
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
635
inventory and fixed assets address existence, completeness, and valuation assertions, and some substantive evidence for completeness is obtained from examining payments subsequent to year-end. It may be necessary to further inspect documents and use confirmations for more evidence in assessing the ownership assertion.
Purchases, Payables, and Payments Process: Typical Activities Exhibit 12–1 presents a skeleton overview of the typical activities and transactions involved in the purchases, payables, and payments process, and it also lists the accounts and records typically involved. The basic activities are (1) requesting purchases of goods and services, (2) receiving them, (3) recording costs and liabilities, and (4) paying the bills. The green ovals in the exhibit show the main elements of the control structure: authorization (procedure), custody, recordkeeping (documents and records), and periodic reconciliation (reconciling). These control activities are described in the following sections. Further examples of controls related to the illustrated process are provided in Exhibit 12A–2 in Appendix 12A. The purchases, payables, and payments process involves meeting various departments’ identified requirements for goods and services, issuing purchase orders to suppliers, receiving the goods and services, and taking custody of goods received. Accounts payable to suppliers are recorded once the goods have been received or the services have been used, usually at the time the supplier invoice is received. The payables are recorded in a subledger by supplier name and in a control account in the general ledger. Payments involve transferring money (e.g., by cash, cheque, or electronic funds transfer [EFT]) to the supplier, which relieves the liability in both the supplier subledger and the general ledger control account. Frequently, suppliers provide monthly statements of the amount owing, which are reconciled to the subledger balance to ensure the correct amounts are being paid. The company’s control system will feature important types of control activities, including employee procedures relating to keeping custody of assets and records; authorizing purchases and payments; properly recording transactions and events; and reconciling to check the completeness and integrity of the records by comparison to other summaries, reports, or the actual assets themselves. These control activities are described in more detail below.
Authorization Purchases are requested (requisitioned) by people who know the needs of the organization. A purchasing department finds the best prices and quality and issues a purchase order. Obtaining competitive bids is a good practice because involving several suppliers tends to produce the best prices. It also reduces the risk of frauds involving collusion between suppliers and purchasing department employees, such as inflating purchases to increase sales commissions to the supplier, who then kicks back some of these commissions to the purchasing employee.
authorization (procedure): a control activity that assigns specific individuals in an organization the responsibility for approving the initiation of transactions on behalf of the organization
custody: a control activity that identifies the individuals in an organization with the responsibility to hold and safeguard the organization’s assets and/or records
recordkeeping (documents and records): a control activity that involves the preparation of entries and supporting materials in an accounting information system
periodic reconciliation (reconciling): a control activity that involves regularly comparing reports, summaries, and balances in an accounting information system to the actual assets, or detailed components of accounts, to ensure they agree or indicate any discrepancies, such as a bank reconciliation, supplier reconciliation, inventory count, or agreeing the accounts receivable subledger total to the balance in the general ledger accounts receivable control account
WWW.TEX-CETERA.COM
636
Performing the Audit
PART 3
EXHIBIT 12–1
Purchases, Payables, and Payments Process: Overview Diagram of Typical Activities
To supplier
Start here.
Disburse cash.
Cheques or EFTs
Request purchases. Reconciling
Cheque copy or EFT reference code Requisition Purchase order Receiving report Supplier invoice
Authorization
Recordkeeping
To supplier Custody
Supplier invoice
Accounts payable master file
Purchase order
Enter accounts payable.
Receive supplier invoice.
Cash payment transaction file
Purchase requisition
Asset and expense accounts
Perpetual inventory record
Receive goods and services.
Receiving report
Put goods in inventory. Put fixed assets in productive service. Put services to use. Accounts/Records: ––––––––––––––––––––––––– Raw materials WIP Finished goods PPE Insurance Supplies Various expenses Cash payments Accounts payable
Payments to suppliers are authorized by an accounts payable department employee matching purchase orders, supplier invoices, and internal receiving reports to show there is a valid obligation to pay. Accounts payable obligations are usually recorded when the purchaser receives the goods or services ordered. Cheques are signed by an authorized person. Companies may have a policy requiring two signatures on cheques over a certain amount. Also, a company may have EFT arrangements with suppliers that allow an authorized person to transfer money directly from the company’s bank account to the supplier’s account. Invoices should be marked “paid” or otherwise stamped to show that they have been processed completely, so that they will not be paid a second time (which would be an existence assertion error).
Custody The receiving department is responsible for inspecting received goods for quantity and quality (producing a receiving report) and passing them on (e.g., to inventory warehousing, fixed asset installation). Services are accepted by the people responsible for them. For cash in the company’s bank accounts, custody belongs to those authorized to sign cheques or transfer funds. Access to the computerized purchase authorization program, or to blank documents if manual procedures are used—such as purchase orders, receiving reports, and blank cheques—is also a custody issue. If unauthorized persons can access these or have authorization involving them, they can forge a purchase order to a
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
637
fictitious supplier, forge a receiving report, send a false invoice from a fictitious supplier, and then prepare a company cheque in payment, which is embezzlement.
Recordkeeping When the purchase order, supplier’s invoice, and receiving report are matched, the accounting system will enter the accounts payable with (1) debits to proper inventory, fixed asset, and expense accounts and (2) a credit to accounts payable. When cheques are prepared, entries are made to debit accounts payable and credit cash.
Too Much Trouble A trucking company self-insured claims of damage to goods in transit, processed claims reports, and paid customers from its own bank accounts. Several persons were authorized to sign cheques. One person thought it “too much trouble” to stamp the claims reports as PAID and said, “That’s textbook stuff anyway.” Numerous claims were recycled to other cheque signers, and $80,000 in claims was paid in duplicate before the problem was discovered.
Review Checkpoints 12-8 What is a purchase requisition? 12-9 Which assertion is affected if duplicate payments are made from the same supporting documents? How can this type of error be prevented?
Periodic Reconciliation A periodic reconciliation of existing assets to recorded amounts is not shown in Exhibit 12–1, but it occurs when (1) a physical inventory count compares inventory on hand with perpetual inventory records, (2) a bank account reconciliation compares book cash balances with bank cash balances, (3) an inspection compares fixed assets with detailed fixed asset records, (4) preparation of an accounts payable trial balance compares the detail of accounts payable with the control account in the general ledger, and (5) accounts payable personnel compare suppliers’ reports and monthly statements with recorded liabilities.
Audit Evidence in Management Reports Computer processing of purchases and payments transactions makes it possible for management to generate reports for control purposes, but it can also can provide important audit evidence. Exhibit 12–2 shows how computer processing might do this, and it is discussed in the following section.
Open Purchase Orders Held in an open purchase order file, purchase orders are open from the time they are issued until the goods and services are received. Generally, no liability exists until the transactions are complete. However, auditors may find evidence of losses on purchase commitments in this file if market prices have fallen below the purchase order price.
Unmatched Receiving Reports Normally, liabilities should be recorded on the date the goods and services are received and accepted. Sometimes, however, supplier invoices arrive later and the accounts payable department holds the receiving reports, unmatched with invoices, until the information for recording an accounting entry arrives. Auditors can scan the unmatched receiving report file to see if the company has material unrecorded liabilities on the financial statement date. The matching control procedures ensure purchases are valid by verifying that the purchases are real and approved prior to processing the payment.
WWW.TEX-CETERA.COM
638
PART 3
Performing the Audit
EXHIBIT 12–2
Management Control Reports Useful for Audit Evidence MANAGEMENT REPORT
CONTROL PURPOSE
POTENTIAL AUDIT EVIDENCE
Open purchase orders
Completeness of accounts payable
Purchase commitments, valuation of inventory
Unmatched receiving reports
Validity of purchases recorded
Unaccrued liabilities for purchases
Unmatched supplier invoices
Validity of purchases recorded
Unaccrued liabilities for purchases
Accounts payable trial balance
Proper accounting of cash flow management
Existence and completeness of payables
Purchases journal
Completeness and validity of inventory, purchases, and expenses
Analysis of inventory changes and expense reasonability
Inventory reports
Completeness, validity, and valuation of inventory
Analysis of inventory balances, valuation, selection of samples for test counts, and valuation tests
Fixed asset reports
Completeness, validity, and valuation of fixed assets, accumulated depreciation, and depreciation expense
Analysis of changes in fixed asset balances, selection of sample additions for vouching, and recalculation of depreciation expense
Cash payments report
Expenditure reviews by management for validity, authorization
Selection of sample for testing existence, authorization, and proper cutoff of payments
Unmatched Supplier Invoices Supplier invoices may arrive in the accounts payable department before the receiving process is complete. These invoices are held, unmatched with receiving reports, until there is information that the goods and services were actually received and accepted. Systems failures and human coding errors can cause unmatched invoices and receiving reports to sit around unnoticed when all the information is actually at hand. Auditors can inspect the unmatched invoice file and compare it with the unmatched receiving report file to determine whether liabilities are unrecorded.
Accounts Payable Trial Balance This trial balance is a list of payable balances, totalling up the outstanding invoices for each supplier. The sum of the supplier balances will agree with the accounts payable control account in the general ledger. Typically, recording to the supplier account and the control account is a simultaneous updating procedure in a computerized accounting system, so differences indicate a system problem. Note that some organizations record payables by individual invoices instead of by supplier names, so the trial balance is a list of unpaid invoices, which still will agree with the control account balance. This type of system is sometimes called an open invoice system. The ideal trial balance for audit purposes contains the names of all of an organization’s suppliers, even if their balances are zero. The audit “search for unrecorded liabilities” should include the small and zero balances, especially for regular suppliers, because these may be the places where liabilities are unrecorded. Major suppliers will send regular statements of amounts outstanding, and the company usually has a control procedure that reconciles suppliers’ statements with accounts payable. Details of these supplier reconciliations can be audited to detect any unrecorded liabilities. All paid and unpaid accounts payable should have supporting documents or computerized records, including a purchase requisition (if any), purchase order (if any), supplier invoice, receiving report (if any), and cheque copy (or notation of cheque number, date, and amount) or EFT reference details, as shown in Exhibit 12–1. Similar records should be available for audit verification in a computerized accounts payable system.
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
639
Classify the Debits Correctly Invoices for expensive repairs were not clearly identified, so the accounts payable accountants entered the $125,000 as capitalized fixed assets instead of as repairs and maintenance expense. This initially understated expenses and overstated pretax income by $125,000 for 1 year, although the incorrectly capitalized expenses were written off as depreciation over the 10-year life of the assets. This spread the misstatement over many years, lowering its materiality.
Thinking Ahead Lone Moon Brewing purchased bulk aluminum sheets and manufactured its own cans. To ensure a source of raw materials, the company entered into a long-term purchase agreement for three million kilograms of aluminum sheeting at 80 cents per kilogram. At the end of this year, 1.5 million kilograms had been purchased and used, but the market price had fallen to 64 cents per kilogram. Lone Moon was on the hook for a $240,000 (1.5 million kilograms × 16 cents) purchase commitment in excess of current market prices, so the auditors required management to disclose this fact in the company’s financial statements.
Purchases Journal This listing of all purchases may exist as a printed report, or only in a computer transaction file. In either event, it provides raw data for (1) audit analysis of purchasing patterns, which may exhibit characteristics of errors or fraud, and (2) a sample selection of transactions for control tests of supporting documents for validity, authorization, accuracy, classification, and proper period recording. A company may have already performed analyses of purchases, and auditors can use these for analytical evidence, provided the analyses are produced under reliable control conditions.
Inventory Reports (Trial Balance) A wide variety of inventory reports are useful for analytical evidence. An item-by-item trial balance should agree with a control account (if balances are kept in dollars). Auditors can use this trial balance (1) to scan for unusual conditions (e.g., negative item balances, overstocking, and valuation problems) and (2) as a population for sample selection for a physical inventory observation (audit procedures to obtain evidence about the existence of inventory included in the account). The scanning and sample selection may be computer-audit applications on a computerized inventory report file.
Fixed Asset Reports These reports are similar to inventory reports because they show the details of fixed assets in control accounts and they can be used for scanning and sample selection as well. A sample selection of fixed assets acquired can be verified against costs shown on purchase invoices. The information for depreciation calculation (cost, useful life, method, and salvage) can be audited by sampling, or a computer application can perform recalculations.
Cash Payments Report The cash payments process produces a cash payments journal—sometimes printed, sometimes maintained only as a computer file. This journal should contain the date, cheque or EFT reference number, payee, amount, account debited for each cash payment, and a cross-reference to the supplier invoice number or other reason for the payment. A sample can be selected from the population of transactions in the cash payments journal for control tests of supporting documents for validity, authorization, accuracy, classification, and proper period recording of payments.
WWW.TEX-CETERA.COM
640
PART 3
Performing the Audit
The Sign of the Credit Balance Auto Parts & Repair Inc. kept perpetual inventory records and fixed assets records on its computer system. Because of the size of the files (8,000 parts in various locations and 1,500 asset records), the company never printed reports for visual inspection. Auditors ran a computer audit “sign test” on inventory balances and fixed asset net book balances. The test called for a printed report for all balances less than zero. The auditors discovered 320 negative inventory balances caused by failure to record purchases and 125 negative net asset balances caused by depreciating assets more than their cost.
Review Checkpoints 12-10 Where could an auditor look to find evidence of losses on purchase commitments? on unrecorded liabilities to suppliers? 12-11 List the main supporting source documents used in a purchases, payables, and payments process. 12-12 List the management reports that can be used for audit evidence. What information in them can be useful to auditors?
Control Risk Assessment LO2
Describe the auditor’s control risk assessment and control tests for auditing control over the purchase of inventory, services, and fixed assets, and for the payment of cash.
Control risk assessment is important because it governs the nature, timing, and extent of substantive audit procedures that will be applied in the audit of account balances in the purchases, payables, and payments process. These account balances include the following: �Ì� Inventory �Ì� PPE (fixed assets) and intangible assets �Ì� Depreciation and amortization expense �Ì� Accumulated depreciation/amortization �Ì� Accounts and notes payable �Ì� Cash �Ì� Expenses—administrative (supplies, legal fees, audit fees, taxes, insurance), selling (commissions, travel,
delivery, advertising), manufacturing (maintenance, freight in, utilities), and so on
General Control Considerations Control policies for proper segregation of responsibilities should be in place and operating. The green ovals in Exhibit 12–1 show the control activities that should be segregated. Proper segregation means that people with authorization (requisitioning, purchase ordering) responsibilities do not have custody, recording, or reconciliation duties. Custody of inventory, fixed assets, and cash belongs with people who do not directly authorize purchases or cash payments, record the accounting entries, or reconcile physical assets and cash to recorded amounts. Recording (accounting) is done by people who do not authorize transactions, have custody of assets, or perform reconciliations. Simultaneous updating and process controls are in place in the computerized accounting system. Periodic reconciliations are performed by people who do not have authorization, custody, or recording duties related to the same assets. Combinations of two or more of these responsibilities in a single person,
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
641
office, or computer system may open the door for errors or frauds. An employee who has incompatible duties could make errors that go undetected, or even steal assets from the company and cover it up by making false accounting entries.
Purchase Order Splitting A school board’s purchasing agent had authority to buy supplies in amounts of $1,000 or less without being required to get competitive bids for the best price. The purchasing agent wanted to favour local businesses owned by her friends instead of large chain stores, so she broke up the year’s $350,000 supplies order into numerous $900–$950 orders, paying about 12% more to local stores than would have been paid to the large chains. In return, the purchasing agent received very generous discounts and gifts from these local businesses. The auditors discovered this practice by scanning the purchases journal and investigating the frequent small amounts that were being paid to the same payee. They recommended to management that a regular supervisor review of the purchases journal may improve control over authorization of purchases.
In addition, internal controls should provide for detail-checking control procedures. For example, (1) all purchase requisitions and purchase orders are approved by authorized personnel, (2) purchase order master files changes are made by authorized persons only, (3) physical security for inventory warehouses and fixed asset locations (storerooms, fences, locks, etc.) is adequate, (4) accounts payable are recorded only when all the supporting documentation is in order (purchases and payables as of the date goods and services were received and payments on the date the cheques (or EFTs) leave the organization’s control), (5) procedures exist to prevent making duplicate payments for the same invoice, and (6) supplier invoices are compared with purchase orders and receiving reports to verify the price and that the quantity billed is the same as the quantity received. The following box offers an example of the consequences of weak management controls—in this case, when authorization controls for contract payments are inadequate in a government department.
Where Tax Dollars Go The Auditor General of Canada (AGC) had some harsh words for the federal government in an 83-page report released just days before an expected election call. The report criticized the way the government’s departments and services spend money and was particularly critical of Human Resources Development Canada (HRDC; now Human Resources and Skills Development Canada [HRSDC]), pointing out its sloppy paperwork, careless spending, and vague job creation figures. HRDC was at the centre of a scandal starting in January 2000 when an internal audit found massive mismanagement in its $1-billion jobs grants program. The AGC’s report confirms that finding and condemns poor accountability between the department and its programs, and within HRDC itself. The audit cites breaches of authority, improper payment practices, and limited monitoring of recipient projects’ finances and activities. It also found an inadequate process to decide which projects should get money, including examples of some that were not eligible for funding but received it anyway. Auditor General Sheila Fraser said in a 2002 speech: “Our audit of HRDC grants and contributions showed what happens when there is no longer a balance between the insistence on performance and controls, and more emphasis is placed on one of these components. Management’s priorities were to implement strategic initiatives and improve service. We found that it had not placed enough emphasis on maintaining vital control while it reduced red tape and improved service.” In Alberta, the provincial government’s health care monopoly, Alberta Health Services (AHS), spent almost $250 million between 2012 and 2013, nearly half a million a day, on consultants. Consultants were paid to help AHS executives with projects like “buying art,” “staff scheduling transformation,“ and “executive coaching . . . (in) . . . self-discovery . . . .” And in the midst of these scandals, the AHS board insisted on paying out millions in bonuses to its executives. Given that the actual mandate of the taxpayer-funded AHS is to support provision of health services to Albertans, opposition politicians and the press and the public were outraged by the waste of taxpayer funds. (continued)
WWW.TEX-CETERA.COM
642
PART 3
Performing the Audit
The Delhi 2010 Commonwealth Games were a showcase for India’s status as an emerging global power, but the headlines were stolen by allegations of corruption and spending irregularities. Venue delays, shoddy construction, and budget overruns tripled the cost of the event to US$6 billion. In 2011, India’s national auditor accused the Delhi government of wasteful spending of at least US$29 million during its “ill-conceived and ill-planned” program to beautify the city before the Games. In 2014, Delhi’s newly elected chief minister ordered the state anti-corruption bureau to investigate alleged irregularities in a deal by the previous Delhi state government to buy expensive imported street lights before the event, a 310 million rupee ($5.5 million) contract for the lights. Numerous legal cases have also been filed in Delhi courts and outside, relating to disputes in finance, workforce, catering, merchandising, cleaning and waste management, technology, and other functional areas connected to the Games. Sources: CBC News, “Auditor General delivers stinging rebuke to Ottawa,” October 22, 2000, at cbc.ca/news/canada/auditor-general-deliversstinging-rebuke-to-ottawa-1.230824; Notes for an address by Sheila Fraser, FCA, Auditor General of Canada, to Canada Mortgage and Housing, June 11, 2002, Ottawa, Ontario, at oag-bvg.gc.ca/internet/English/sp_20020611_e_23844.html; Lorne Gunter, “Alberta health minister Fred Horne has to go.” at edmontonsun.com/2014/04/10/health-minister-just-doesnt-get-ahs-problems, April 10, 2014; The Sydney Morning Herald, “India launches corruption inquiry into Delhi Commonwealth Games,” at smh.com.au/sport/india-launches-corruption-inquiry-into-delhi-commonwealthgames-20140206-325kr.html, February 14, 2014; Press Trust of India, “Commonwealth Games corruption: Organising Committee faces Rs 350 crore worth legal cases,” at sports.ndtv.com/othersports/news/215193-commonwealth-games-corruption-organising-committee-faces-rs-350-croreworth-legal-cases, October 6, 2013.
Information gathering about the control structure often begins with an internal control questionnaire. An example of a questionnaire is provided in Appendix 12A. The questionnaire can be studied for details of desirable control policies and procedures, as it is organized under headings that identify the important control objectives: environment, validity, completeness, authorization, accuracy, classification, and proper period recording.
Review Checkpoints 12-13 What functions should be segregated in the purchases, payables, and payments process? 12-14 What are some controls that might prevent the embezzling of cash by creation of fictitious supplier invoices? 12-15 How could an auditor determine if the purchasing agent had practised purchase order splitting?
Control Tests An organization should have detailed control procedures in place and operating to prevent or detect and correct accounting errors. You studied the general control objectives in Chapter 9 (validity, completeness, authorization, accuracy, classification, and proper period recording). Exhibit 12–3 demonstrates these in a purchasing activity situation, with examples related to specific purchasing objectives. Study this exhibit carefully. Auditors can perform tests to determine whether controls said to be in place and operating are actually being performed properly by company personnel. Recall from Chapter 9 that a control test consists of (1) identifying the data population from which a sample of items will be selected for audit and (2) describing the action that will produce relevant evidence. The actions involve vouching, tracing, observing, scanning, and recalculating— procedures for obtaining evidence used in a final control risk assessment. If control procedures are not well performed, auditors need to design substantive audit procedures to try to detect whether control failures have produced materially misleading account balances. Proper timing is very important in the recording of the purchase transaction, and purchase cutoff tests provide assurance, as indicated in objective 6 of Exhibit 12–3. In a perpetual inventory system, the inventory purchase cutoff: recording purchase transactions in the proper period, including accruals of payments not due until the following period
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
643
EXHIBIT 12–3
Internal Control Objectives (Purchases) GENERAL CONTROL OBJECTIVES
EXAMPLES OF SPECIFIC CONTROL OBJECTIVES
1. Recorded purchases are valid and documented.
¼`¼ /OL=B;M?M¼I@¼CHP?HNILS¼�IL¼@CR?>¼;MM?NM�¼;L?¼MOJJILN?>¼?LM�¼;H>¼L?=?CPCHA¼L?JILNM¼;L?¼JL?HOG¼;H>¼HOG?LC=;F¼ sequence is checked. ¼`¼ .P?L;FF¼=IGJ;LCMIHM¼I@¼JOL=B;M?M¼;L?¼G;>?¼J?LCI>C=;FFS¼O=N FCH?¼ analysis.
3. Purchases are authorized according to company policy.
¼`¼ FF¼JOL=B;M?¼IL>?LM¼;L?¼MOJJILN?>¼¼=;JCN;F¼ budgets). ¼`¼ /OL=B;M?M¼;L?¼G;>?¼@LIG¼;JJLIP?>¼MOJJFC?LM¼IHFS¼;@N?L¼M¼;L?¼L?=?CP?>¼;H>¼?P;FO;N?>
4. Purchase orders are accurately prepared.
¼`¼ "IGJF?N?>¼JOL=B;M?¼IL>?L¼KO;HNCNC?M¼;H>¼>?M=LCJNCIHM¼;L?¼CH>?J?H>?HNFS¼=IGJ;L?>¼QCNB¼ requisitions and suppliers’ catalogues. ¼`¼ %L?CABN CH¼CM¼CH=FO>?>¼;M¼J;LN¼I@¼JOL=B;M?¼;H>¼;>>?>¼NI¼CHP?HNILS¼�IL¼@CR?>¼;MM?NM�¼=IMNM
5. Purchase transactions are properly classified.
`¼ ¼ ==IOHN¼>CMNLC¼L?PC?Q?>¼CH>?J?H>?HN¼I@¼JL?J;L;NCIH ¼`¼ /OL=B;M?M¼@LIG¼MOC;LC?M¼;H>¼;@@CFC;N?M¼;L?¼=F;MMC@C?>¼;M¼CHN?L=IGJ;HS¼JOL=B;M?M¼;H>¼ payables. ¼`¼ /OL=B;M?¼L?NOLHM¼;H>¼;FFIQ;H=?M¼;L?¼JLIJ?LFS¼=F;MMC@C?> ¼`¼ /OL=B;M?M¼@IL¼L?J;CLM¼;H>¼G;CHN?H;H=?¼;L?¼M?AL?A;N?>¼@LIG¼JOL=B;M?M¼I@¼@CR?>¼;MM?NM
6. Purchase transactions are recorded in the proper period.
¼`¼ /?LJ?NO;F¼CHP?HNILS¼;H>¼@CR?>¼;MM?N¼L?=IL>M¼;L?¼OJ>;N?>¼;M¼I@¼NB?¼>;N?¼AII>M¼;L?¼L?=?CP?>¼IL¼ title of ownership is transferred.
records are kept up to date continuously. In a periodic system, the inventory level is known only at the physical inventory count date. Even in perpetual systems, however, there should be an annual inventory count to reconcile records with actual inventory. The inventory count procedures are described in more detail later in this chapter. Thus, for both types of inventory systems, the inventory cutoff test date is the date the physical inventory is taken and accounting records are adjusted to distinguish between sales and purchases before the cutoff date and those after it. A cutoff error is a failure to assign a transaction to the proper period. For example, the shipping terms FOB destination and FOB shipping indicate the date that legal title to the inventory is transferred to the purchaser: when goods are received, in the case of FOB destination, and when goods leave the seller’s premises, in the case of FOB shipping. Delivery time can thus have a major impact on proper recording of purchases, payables, inventory, sales, and receivables. The appropriate accounting depends on the shipping terms and whether the auditee is the buyer or seller in the transaction. These are major considerations in cutoff procedures related to inventory. Note that the auditee control system’s ability to detect and correct cutoff errors justifies the auditor’s decision to perform more or fewer cutoff audit procedures. The auditee may use a cutoff date other than the balance sheet date if controls are strong enough to ensure that transactions between the cutoff and year-end are recorded accurately and completely. In this situation, the auditor verifies both the cutoff and the transactions in the roll-forward period, the period between cutoff and year-end, to ensure that the year-end balance is not misstated. cutoff error: when transactions are recorded in the wrong period, either by postponing to the next period or accelerating next-period transactions into the current period
roll-forward period: the period between the cutoff and fiscal year-end, when a cutoff is made before the year-end
WWW.TEX-CETERA.COM
644
PART 3
Performing the Audit
EXHIBIT 12–4
Control Tests for Purchases, Payments, and Accounts Payable CONTROL OBJECTIVE Consider the control environment Observe whether purchasing department personnel understand how to implement control activities assigned to them.
All control objectives
A. Purchases 1. Select a sample of receiving reports: (a) Vouch to related purchase orders and note missing receiving reports (missing numbers).
Authorization Completeness
(b) Trace to inventory record posting of additions.
Completeness
B. Payments and Other Expenses 1. Select a sample of payment cheque or EFT numbers: (a) Scan for missing documents (missing numbers).
Completeness
(b) Vouch supporting documentation for evidence of accurate arithmetic, correct classification, proper approval, and proper date of entry.
Accuracy Classification Authorization Proper period
2. Select a sample of recorded expenses from various accounts and vouch them to (a) cancelled cheques or EFT references and (b) supporting documentation.
Validity Classification
C. Accounts Payable 1. Select a sample of open accounts payable and vouch to supporting documents of purchase (purchase orders, suppliers’ invoices).
Validity
2. Trace debits arising from accounts payable transactions for proper classification.
Classification
3. Select a sample of accounts payable entries recorded after the balance sheet date and vouch to supporting documents for evidence of proper cutoff—evidence that a liability should have been recorded as of the balance sheet date.
Proper period
Exhibit 12–4 shows a selection of tests for controls over purchase, payment, and accounts payable transactions. The samples are usually attribute samples designed along the lines of those studied in Chapter 10. On the right, the exhibit shows the control objectives tested by the audit procedures shown on the left.
Control Tests for Inventory Records Many organizations have material investments in inventories. In some engagements, auditors need to determine whether they can rely on the accuracy of perpetual inventory records. For example, if inventory is to be physically counted at a date other than year-end, the controls need to be relied on to verify inventory changes in the roll-forward period. Tests of controls over accuracy involve tests of the additions (purchases) to the inventory detail balances and tests of the reductions (issues) of the item balances. Exhibit 12–5 pictures the two-direction testing of audit samples. The samples of receiving reports and issue slips (or packing slips) meet the completeness direction requirement: everything received recorded as an addition to and everything issued recorded as a reduction of the balance. The sample from the perpetual inventory transaction records meets the validity direction requirement: everything recorded as an addition or reduction is supported by receiving reports and issue documents. Exhibit 12–6 contains a selection of tests for controls over perpetual inventory records similar to that of Exhibit 12–4. Note that some of these tests are dual-purpose procedures as they also provide
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
645
EXHIBIT 12–5
Two-Direction Testing of Audit Samples Perpetual inventory transaction records
File of inventory receiving reports
Sample
Trace receiving evidence to perpetual records.
A-1
A-2
A-3-a
Vouch additions to receiving reports.
File of inventory issues documents
Sample
Trace issues evidence to perpetual records.
Sample
Vouch issues to issue slips or other supporting documents.
A-3-b
Note: The symbols A-1, A-2, A-3-a, and A-3-b are cross-references to the procedures in Exhibit 12–6.
substantive evidence regarding the inventory balance. As before, the samples are usually attribute samples designed along the lines of those studied in Chapter 10. The control objectives tested are in the column on the right. EXHIBIT 12–6
Control Tests for Inventory Records CONTROL OBJECTIVE Consider the control environment Observe whether inventory department personnel understand and implement control activities assigned to them.
All control objectives
A. Inventory Receipts and Issues 1. Select a sample of receiving reports and trace to perpetual inventory record entry of receipt.
Authorization Completeness
2. Select a sample of sales invoices, bills of lading or other shipping documents, or production requisitions and trace to perpetual inventory record entry of issue.
Authorization Completeness
3. Select a sample of inventory items from the perpetual records: (a) Vouch additions to receiving reports.
Validity
(b) Vouch issues to invoices, bills of lading or other shipping documents, or production requisitions.
Validity
B. Cost of Sales 1. With the sample of issues in A-2 above: (a) Review the accounting summary of quantities and prices for mathematical accuracy.
Accuracy
(b) Trace posting of amounts to the general ledger.
Completeness
2. Obtain a sample of cost of goods sold entries in the general ledger and vouch to supporting summaries of finished goods issues.
Validity
3. Review (recalculate) the appropriateness of standard costs, if used, to price inventory issues and cost of goods sold. Review the disposition of variances from standard costs.
Accuracy
WWW.TEX-CETERA.COM
646
PART 3
Performing the Audit
Summary: Control Risk Assessment The audit manager or senior in charge on the audit evaluates the evidence obtained from an understanding of the internal controls and from the control test procedures. If the control risk is assessed very low, the substantive audit procedures on the account balances can be limited for efficiency. For example, the inventory observation test counts could be done prior to year-end and with a small sample size. On the other hand, if tests of controls reveal weaknesses, the substantive procedures will be needed to lower the risk of failing to detect material error in the account balances. For example, the inventory observation may need to be done on the year-end date and with a large number of test counts. Descriptions of major deficiencies, control weaknesses, and inefficiencies should be incorporated in a management letter to the auditee.
Review Checkpoints 12-16 Describe the two general characteristics of a control test. 12-17 How is the information from the shipping department, receiving department, and warehouse used to update perpetual inventory records? 12-18 In fixed asset management and accounting, which functional responsibilities should be delegated to separate departments or management levels?
Substantive Audit Programs for the Purchases, Payables, and Payments Process LO3
Describe the typical substantive procedures used to respond to the assessed risk of material misstatement in the main account balances and transactions in the purchases, payables, and payments process.
This section provides examples of substantive procedures that may be considered for auditing the purchases, payables, and payments process. These examples are concise lists of basic substantive procedures, along with the related assertions they address. As discussed in Chapter 11, the risk assessments and results of any control testing are taken into account in selecting the nature, timing, and extent of further substantive procedures. For example, if controls are considered effective, confirmations of supplier account balances are usually not considered necessary. On the other hand, if there are control weaknesses potentially affecting the accuracy and completeness of accounts payable balances, the auditor may decide to confirm outstanding balances with major suppliers. Exhibit 12–7 shows selected substantive procedures for accounts payable and related accounts, such as accrued liabilities and unearned revenues. Exhibit 12–8 shows a generic program for inventory balance and the related expense, cost of sales. Exhibit 12–9 shows a program for PPE and intangible assets, and related depreciation and amortization accounting. The following sections of the chapter present special technical notes that go into more detail on some of the procedures related to assertions that tend to have high risks of material misstatement in many audit situations. Typical procedures used to respond to these risks are discussed in these sections.
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
647
EXHIBIT 12–7
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Accounts Payable and Accrued Liabilities: Selected Substantive Procedures AUDIT PROGRAM AUDITEE: ECOPAK INC.
FILE INDEX: BB-100
FINANCIAL STATEMENT PERIOD: y/e DECEMBER 31, 20X1 ACCOUNT: Accounts Payable and Accrued Liabilities Substantive audit program in response to assessed risks at the assertion level: Consider risk assessment findings and conclusion on residual detection risk to be reduced by performing substantive procedures.
[Reference to relevant working papers]
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce risk of material misstatement to an acceptable level.) Assertions evidence is related to [E, C, O, V, P*]
Substantive audit procedures:
Timing
Extent
Working paper reference
A. Accounts Payable 1. Obtain a trial balance of recorded accounts payable as of year-end. (a) Recalculate its total and trace the total to the general ledger Accounts Payable control account.
E, C
(b) Vouch a sample of balances to suppliers’ statements.
E, C, O
(c) Review the trial balance for unusual items, related party payables, or other items and follow up with management inquiries.
E, C
2. When concerned about the possibility of unrecorded payables, send confirmations to creditors, especially those with small or zero balances and those with whom the company has done significant business.
C
3. Conduct a search for unrecorded liabilities by examining client reconciliations of suppliers’ statements to Accounts Payable control account and payments from the bank accounts made for a period after year-end, and by performing other procedures required to respond to assessed risk.
C
4. Inquire about terms that justify classifying payables as long term instead of current.
V, P
5. Obtain written management representations about completeness of Accounts Payable, related party payables, and pledges of assets as collateral for liabilities.
C, O, V, P
B. Accrued and Other Liabilities, Unearned Revenues 1. Obtain a schedule of all accrued and other liabilities and unearned revenues. Agree each balance to the general ledger, and compare with prior-period balances.
E, C
(continued)
WWW.TEX-CETERA.COM
648
PART 3
Performing the Audit
EXHIBIT 12–7
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Accounts Payable and Accrued Liabilities: Selected Substantive Procedures (continued) 2. Determine the basis for accrual/deferral, discuss the nature of each item with management, recalculate the recorded amounts, and determine whether each item is properly allocated to the current or a future accounting period and properly classified as current or long term.
V, P
3. Obtain or prepare a continuity schedule showing all significant additions and subtractions from balances during the audited period, and vouch them to supporting documents, such as invoices, contracts, receipts, or calculations. Tie all expense items to revenue and expense audit working papers.
E, C, V
4. In other audit work on revenues and expenses, be alert to items that should be considered deferred or accrued.
C, P
5. Scan the expense accounts in the trial balance, and compare with prior year. Investigate unusual differences that may indicate failure to account for a deferral or accrual item.
C, P
6. For estimated liabilities, such as warranties, determine and evaluate the basis of estimation, recalculate the estimate, and assess its reasonability. Ensure management’s disclosure accounting policy is properly applied.
E, C, V
7. Obtain written management representations about completeness and appropriate presentation of accrued and other liabilities and deferred revenue.
C, O, V, P
Misstatement summary: Summarize here all misstatements discovered in executing this program. Carry all forward for accumulation in the Summary of Accumulated Misstatements worksheet (Exhibit 16–1). AUDITOR’S CONCLUSIONS [If the audit program is completed satisfactorily and the audit objectives are met, a conclusion such as the following would be recorded by the auditor performing the work.] Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the ACCOUNTS PAYABLE, ACCRUED AND OTHER LIABILITIES: UNEARNED REVENUE is acceptably low. Prepared by _________________________
Date _________________________
Reviewed by _________________________
Date _________________________
*E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
Review Checkpoints 12-19 In what situations would auditors send confirmation letters to suppliers to audit accounts payable? Why? 12-20 What information would be included in a continuity schedule for an accrued liability?
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
649
EXHIBIT 12–8
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Inventory and Cost of Goods Sold: Selected Substantive Procedures AUDIT PROGRAM AUDITEE: ECOPAK INC.
FILE INDEX: D-100
FINANCIAL STATEMENT PERIOD: y/e DECEMBER 31, 20X1 ACCOUNT: Inventory and Cost of Goods Sold Substantive audit program in response to assessed risks: Consider risk assessment findings and conclusion on residual detection risk to be reduced by performing substantive procedures.
[Reference to relevant working papers]
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce risk of material misstatement to an acceptable level.) Assertions evidence is related to [E, C, O, V, P*]
Substantive audit procedures:
Timing
Extent
Working paper reference
A. Inventory Balance 1. Obtain the auditee’s final inventory compilation and tie into relevant general ledger accounts and supporting evidence from the observation of the company’s physical inventory count, as follows: (a) Trace the samples of inventory items audited at the physical inventory count observation to the final inventory compilation.
E, C
(b) Select a further sample of items from the physical inventory listing and verify existence by finding them in the inventory.
E, C
(c) Trace other information (items, quantities) recorded from the inventory listing at the count date to the final compilation.
E, C
(d) Inquire about and make note of any damaged or scrap inventory, or inventory that appears slow moving or obsolete.
V
2. Scan the inventory compilation for items added from sources other than the physical count and items that appear to be large round numbers or systematic fictitious additions.
E
3. Select a sample of inventory items from the final compilation. Vouch unit prices to suppliers’ invoices or other cost records. Recalculate the multiplication of unit times price.
V
4. Recalculate the extensions and totalling of the final inventory compilation for arithmetic accuracy.
V
5. For selected inventory items and categories, determine the replacement cost and the applicability of lower-of-cost-and-market valuation.
V, P
6. Determine whether obsolete or damaged goods should be written down: (a) Inquire about obsolete, damaged, unsaleable, slow-moving items. (b) Scan the perpetual records for slow-moving items. (c) Ensure obsolete and damaged goods observed during the physical observation have been removed from the final inventory compilation. (d) Compare the listing of obsolete, slow-moving, damaged, or unsaleable inventory from last year’s audit to the current inventory compilation.
V
(continued)
WWW.TEX-CETERA.COM
650
PART 3
Performing the Audit
EXHIBIT 12–8
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Inventory and Cost of Goods Sold: Selected Substantive Procedures (continued) 7. At year-end (at physical inventory count observation), obtain the numbers of the last shipping and receiving documents for the year. Tie these into the sales, inventory/cost of sales, and accounts payable entries to verify proper cutoff. Note FOB terms in force, and ensure that goods-in-transit is correctly cut off.
E, C
8. Read bank confirmations, debt agreements, and minutes of the board, and inquire about pledge or assignment of inventory to secure debt.
O, P
9. Inquire about inventory out on consignment and about inventory on hand that is consigned in from suppliers.
E, C, O
10. Confirm or inspect inventories held in public warehouses.
E, C, V
11. Obtain written management representations concerning completeness of inventory; valuation accounting policies; and whether there are any pledges of inventory as collateral, intercompany sales, or other related party transactions.
C, O, V, P
B. Cost of Sales 1. Select a sample of recorded cost of sales entries and vouch to supporting documentation.
E, C
2. Select a sample of basic transaction documents (such as sales invoices, production reports) and determine whether the related cost of goods sold was calculated and recorded properly.
E, C, V
3. Determine whether the accounting costing method used by the client (such as FIFO, average cost, standard cost) was applied properly.
V, P
4. Compute the gross margin rate and compare with prior years. Follow up with management on unusual fluctuations.
E, C, V
5. Compute the ratio of cost elements (such as labour, material) to total cost of goods sold and compare with prior years. Follow up with management on unusual fluctuations.
E, C
Misstatement summary: Summarize here all misstatements discovered in executing this program. Carry all forward for accumulation in the Summary of Accumulated Misstatements worksheet (Exhibit 16–1). AUDITOR’S CONCLUSIONS [If the audit program is completed satisfactorily and the audit objectives are met, a conclusion such as the following would be recorded by the auditor performing the work.] Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the INVENTORY AND COST OF SALES is acceptably low. Prepared by _________________________
Date _________________________
Reviewed by _________________________
Date _________________________
*E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
Review Checkpoints 12-21 List key substantive audit procedures used to address the inventory valuation assertion. 12-22 How is information collected during the auditor’s attendance at the physical inventory count used in the audit of the inventory balance? 12-23 What cutoff misstatements can arise if the FOB terms for sales shipped are not properly accounted for? What about for inventory received?
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
651
EXHIBIT 12–9
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Property, Plant, and Equipment and Intangible Assets: Selected Substantive Procedures* AUDIT PROGRAM AUDITEE: ECOPAK INC.
FILE INDEX: U-100
FINANCIAL STATEMENT PERIOD: y/e DECEMBER 31, 20X1 ACCOUNT: Property, Plant, & Equipment and Intangible Assets: Depreciation and Amortization Expense Substantive audit program in response to assessed risks at the assertion level: Consider risk assessment findings and conclusion on residual detection risk to be reduced by performing substantive procedures.
[Reference to relevant working papers]
(Of the procedures listed below, perform those considered necessary to provide sufficient appropriate evidence to address the assessed risks and reduce risk of material misstatement to an acceptable level.) Assertions evidence is related to [E, C, O, V, P**]
Substantive audit procedures:
Timing
Extent
Working paper reference
A. Property, Plant, & Equipment (PPE) and Intangible Assets 1. Summarize and recalculate detailed PPE and intangible asset subsidiary records, and reconcile to general ledger control account(s).
E, C
2. Select a sample of asset subsidiary records: (a) Perform a physical observation (inspection) of the fixed assets recorded. (b) Inspect title or other ownership legal documents, if any. (c) Inspect supporting documentation (e.g., invoices, contracts, purchase agreements) or obtain written confirmation of acquisition and ownership.
E E, O E, O
3. Obtain, or prepare, a continuity schedule of the balances, showing asset additions and disposals for the period: (a) Vouch to disposals to documents, indicating proper approval. (b) Vouch costs of additions to invoices, contracts, or other supporting documents. (c) Determine whether all costs of shipment, installation, testing, and the like have been properly capitalized. (d) Vouch proceeds (on dispositions) to cash receipts or other asset records. (e) Recalculate gain or loss on dispositions. (f) Agree amounts to detailed fixed asset records and general ledger control account(s).
C E, V V V, P V, P E, C, V
4. Observe a physical inventory taking of the fixed assets, and compare with detailed assets records.
E, C
5. If any property is valued at fair value, examine and verify supporting valuation evidence, such as independent appraisals.
V
6. Obtain written representations from management regarding ownership, completeness, and any pledging of assets as security for loans and leased assets.
C, O, V, P
B. Depreciation/Amortization 1. Analyze amortization expense for overall reasonableness with reference to costs of assets (or fair values if used) and average depreciation rates.
V
WWW.TEX-CETERA.COM
(continued)
652
PART 3
Performing the Audit
EXHIBIT 12–9
Example of Substantive Audit Program Responding to Assessed Risks of Material Misstatement for Property, Plant, and Equipment and Intangible Assets: Selected Substantive Procedures* (continued) 2. Obtain, or prepare, a continuity schedule of accumulated amortization showing beginning balance, current amortization, disposals, and ending balance. Trace to amortization expense and asset disposition analyses. Trace amounts to general ledger account(s).
E, C, P
3. Recalculate amortization expense and trace to general ledger account(s).
E, C, P
C. Related Accounts 1. Analyze insurance for adequacy of coverage.
V, P
2. Analyze property taxes to determine whether taxes due on assets have been paid or accrued.
O (C for liability)
3. Select a sample of rental expense entries. Vouch to rent/lease contracts to determine whether any leases qualify for capitalization.
V, P
4. Select a sample of repair and maintenance expense entries, and vouch them to supporting invoices for evidence of property that should be capitalized.
V
Misstatement summary: Summarize here all misstatements discovered in executing this program. Carry all forward for accumulation in the Summary of Accumulated Misstatements worksheet (Exhibit 16–1). AUDITOR’S CONCLUSIONS [If the audit program is completed satisfactorily and the audit objectives are met, a conclusion such as the following would be recorded by the auditor performing the work.] Based on my professional judgment, the evidence obtained is sufficient and appropriate to conclude that the risk of material misstatement of the PROPERTY, PLANT, & EQUIPMENT AND INTANGIBLE ASSETS, AND RELATED DEPRECIATION AND AMORTIZATION EXPENSE is acceptably low. Prepared by _________________________
Date _________________________
Reviewed by _________________________
Date _________________________
*The programs illustrated in Exhibits 12–7 to 12–9 are generic and, in practice, will need to be tailored to a specific audit engagement’s risk assessments, to design an appropriate set of audit procedures linked to the assessed risks at the assertion level in each auditee’s specific circumstances. **E, C, O, V, P = existence, completeness, ownership, valuation, presentation.
Review Checkpoints 12-24 What assertion(s) are addressed by a physical inspection of PPE? 12-25 What key items on the fixed assets continuity schedule are vouched to supporting documentation? 12-26 What is the main evidence used to audit depreciation expense?
To cap off this general description of an audit program for a purchases, payables, and payments process, note the following analysis approaches used to integrate the audit findings.
Analysis of Financial Statement Relationships The audit of the purchases, payables, and payments processes results in verifying the balance of accounts payable/accrued liabilities and the two transaction streams that run through it—purchases/expenses and payments.
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
653
As an overall analysis technique, we can analyze balance changes and the financial statement items related to them by preparing a continuity schedule. The accrued legal fees balance shown below is one example for the purchases, payables, and payments process. (The relationship between inventory purchases and balance sheet amounts will be analyzed in Chapter 13.) AUDITED AMOUNT
FINANCIAL STATEMENT WHERE AMOUNT IS REPORTED
Opening balance of accrued liability for legal fees
Balance sheet (component of accrued liabilities in prior-year comparative figures)
Add: New legal services expensed during the year
Income statement expense (e.g., legal services acquired)
Deduct: Cash paid against payables
Cash flow statement (direct method)
Ending balance of accrued liability for legal fees
Balance sheet (component of accrued liabilities in current-year figures)
As these relationships illustrate, our procedures to audit the purchases, payables, and payments process allow us to assess whether all components of this system of related amounts are reported accurately in the financial statements. These relationships also indicate analytical procedures that can detect material misstatements. For example, the ratios that measure inventory turnover or expense-to-revenue ratios exploit these relationships and can indicate non-existent inventory or misstatement in expense accounts and liabilities.
Misstatement Analysis The financial statement relationships can also be used to analyze the kinds of misstatements that may be uncovered in the audit work. Consider the following situations. Say the auditors discover by their testing of the payments that a cutoff error has occurred. After the books were closed for the year-end on December 31, one additional cheque was issued that was not recorded. The auditors learned through inquiries that this happened when the CFO had to see the company lawyer on a last-minute issue late on December 31 and asked the payables manager to issue a cheque to pay the lawyer’s outstanding bill of $42,000, which had been set up in accounts payable when it was received earlier in the year. (A sharp auditor would also be sure to find out what the “last-minute” legal issue was!) This cutoff error results in the payment amount deducted from the accrued liability balance being too small, making the accrued liability balance too big, that is, overstated. Since the cash part of the transaction was also unrecorded, the cash balance is overstated (this difference will also be picked up in the bank reconciliation audit). This misstatement will be carried forward to the accumulated misstatements worksheet in the audit file, as illustrated in Exhibit 16–1 of Chapter 16. Consider another type of misstatement related to the expense accounts and accruals. The electricity company billed the company for December based on an estimate of its usage, and this bill was accrued at the yearend. However, on February 3, the electricity company sent a revised bill based on a meter reading, and the actual electricity charges were higher than the accrued amount by $3,700. Since the new bill was received when the audit field work was being performed, it was noted by the auditors in their subsequent payments testing. Inquiries revealed that the company’s electricity usage in December was much higher than in the past because it was an exceptionally cold month, and at one point, the loading dock door froze open over a weekend, causing a great deal of power to be wasted. The impact of the error is that too little was added to the accounts payable account, and too little was expensed, so liabilities are understated and net income is overstated. This misstatement will also be carried forward to the accumulated misstatements worksheet (see Exhibit 16–1) for evaluation at the final stage of the audit when the audit partner must assess whether the misstatements uncovered accumulate to a material amount.
WWW.TEX-CETERA.COM
654
PART 3
Performing the Audit
The following sections provide more detail on substantive procedures related to some of the key assertions to be audited in account balances and transactions related to the purchases, payables, and payments process. Three special notes are given discussing audit considerations for the observation of the physical inventory count; the valuation of PPE; and the completeness of liabilities. These are areas that often have high assessed risk, warranting a rigorous response.
Special Note: Physical Inventory Observation and Audit of Inventory and Cost of Sales LO4
Identify audit considerations for observing the physical inventory count.
The audit procedures for inventory and related cost of sales accounts can be extensive, as there are many facets of inherent risk and control risk to consider, and the process of obtaining evidence about inventory financial statement assertions can be complex. Inventories are significant assets in many businesses and reflect the unique characteristics of the business’s operations. Significant to manufacturing, wholesale, and retail organizations, inventories are also frequently material to the financial statements of service organizations. For some types of businesses, inventories constitute a significant percent of total assets and represent the largest current asset. A material misstatement in inventory has a pervasive effect on financial statements. It will cause misstatements in current assets, working capital, total assets, cost of sales, gross margin, and net income. While analytical procedures can help indicate inventory presentation problems, physical observation of the auditee’s inventory count is the best way to detect inventory misstatements. Canadian Auditing Standards (CAS 501) require that auditors attend the physical inventory counting when inventory is material to the financial statements, to provide evidence of the existence and condition of inventory. While auditors rarely count the entire inventory, management’s procedures for recording and controlling the count should be evaluated and observed, inventory inspected, and test counts performed. Later, the final inventory records should be tested to ensure they accurately reflect the evidence the auditor obtained at the physical counting.
Standards Check CAS 501 Audit Evidence—Specific Considerations for Selected Items 4.
If inventory is material to the financial statements, the auditor shall obtain sufficient appropriate audit evidence regarding the existence and condition of inventory by (a) Attendance at physical inventory counting, unless impracticable, to (Ref: Para. A1–A3) (i) Evaluate management’s instructions and procedures for recording and controlling the results of the entity’s physical inventory counting; (Ref: Para. A4) (ii) Observe the performance of management’s count procedures; (Ref: Para. A5) (iii) Inspect the inventory; and (Ref: Para. A6) (iv) Perform test counts. (Ref: Para. A7–A8) (b) Performing audit procedures over the entity’s final inventory records to determine whether they accurately reflect actual inventory count results.
Source: CPA Canada Handbook—Assurance, 2014.
In some audits, obtaining evidence about an inventory’s existence and valuation requires expert knowledge in a field other than accounting or auditing, as described in CAS 620. Often, experts employed by the auditee’s management will provide tests and reports for this purpose. An auditee will likely have employees with the
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
655
expertise required, for example, to assess the assembly stage of highly technical equipment held as WIP inventory, or to calculate the quantity of raw material in containers or stockpiles based on measures of volume and density. Alternatively, if a high risk is assessed, an expert employed by the audit firm or an outside expert engaged by the audit firm to assist the team may be assigned to provide evidence that is considered more independent, and reliable, than that obtained from management’s experts. In evaluating the need for an expert, the auditor first considers whether alternative sources of sufficient appropriate evidence are available and more cost effective. For example, an outside expert’s report prepared for the auditee but for another purpose may also be relevant and reliable for the auditor’s purposes.
Standards Check CAS 620 Using the Work of an Auditor's Expert 6.
For purposes of the CASs, the following terms have the meanings attributed below: (a) Auditor’s expert—An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence. An auditor’s expert may be either an auditor’s internal expert (who is a partner or staff, including temporary staff, of the auditor’s firm or a network firm), or an auditor’s external expert. (Ref: Para. A1–A3) (b) Expertise—Skills, knowledge and experience in a particular field. (c) Management’s expert—An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements.
Nature, Timing, and Extent of Audit Procedures 8.
The nature, timing, and extent of the auditor’s procedures with respect to the requirements in paragraphs 9–13 of this CAS will vary depending on the circumstances. In determining the nature, timing, and extent of those procedures, the auditor shall consider matters including (Ref: Para. A10) (a) The nature of the matter to which that expert’s work relates; (b) (c) (d) (e)
The risks of material misstatement in the matter to which that expert’s work relates; The significance of that expert’s work in the context of the audit; The auditor’s knowledge of and experience with previous work performed by that expert; and Whether that expert is subject to the auditor’s firm’s quality control policies and procedures. (Ref: Para. A11–A13)
The Competence, Capabilities, and Objectivity of the Auditor’s Expert 9.
The auditor shall evaluate whether the auditor’s expert has the necessary competence, capabilities, and objectivity for the auditor’s purposes. In the case of an auditor’s external expert, the evaluation of objectivity shall include inquiry regarding interests and relationships that may create a threat to that expert’s objectivity. (Ref: Para. A14–A20)
Obtaining an Understanding of the Field of Expertise of the Auditor’s Expert 10.
The auditor shall obtain a sufficient understanding of the field of expertise of the auditor’s expert to enable the auditor to (Ref: Para. A21–A22) (a) Determine the nature, scope, and objectives of that expert’s work for the auditor’s purposes; and (b) Evaluate the adequacy of that work for the auditor’s purposes.
Source: CPA Canada Handbook—Assurance, 2014.
Take note of the following details related to auditors’ observation of physical inventory taking. The first task is to review the auditee’s inventory-taking instructions. The instructions should include the following: �Ì� Names of auditee personnel responsible for the count �Ì� Dates, times, and locations of inventory taking �Ì� Names of auditee personnel who will participate in the inventory taking �Ì� Instructions for recording accurate descriptions of inventory items, for count and double count, and for mea-
suring or translating physical quantities (such as counting by measures of litres, barrels, metres, dozens) �� Instructions for making notes of obsolete or worn items
WWW.TEX-CETERA.COM
656
PART 3
Performing the Audit
�� Instructions for the use of tags, cards, count sheets, or other media devices, and for their collection and
control �� Plans for shutting down plant operations or for taking inventory after store closing hours, and plans for hav-
�� �� �� �� ��
ing goods in proper places (such as on store shelves instead of on the floor, or in a warehouse rather than in transit to a job) Plans for counting or controlling movement of goods in receiving and shipping areas if those operations are not shut down during the count Instructions for recording cutoff information, such as document numbers and details relating to last shipments and last receipts of inventory at period-end Instructions for compilation of the count information (such as computer processing of scanned codes, or manual input of tags or count sheets) into final inventory listings or summaries Instructions for pricing the inventory items Instructions for review and approval of the inventory count and notations of obsolescence or other matters by supervisory personnel
These instructions characterize a well-planned counting operation. As the plan is carried out, the independent auditors should be present to hear the count instructions being given to the auditee’s count teams and to observe the instructions being followed. Many physical inventories are counted at year-end when the auditor is present to observe. The auditor can perform two-direction testing by (1) selecting inventory items from a perpetual inventory master file and going to the location to obtain a test count, which produces evidence for the existence assertion, and (2) selecting inventory from locations on the warehouse floor, obtaining a test count, and tracing the count to the final inventory compilation, which produces evidence for the completeness assertion. If the company does not have perpetual records and a file to test for existence, the auditor must be careful to obtain a record of all the counts and to use it for the existence-direction tests. However, other situations, as described below, frequently occur.
Physical Inventory Not Taken on Period-End Date Auditees sometimes count the inventory on a date other than the balance sheet date. The auditor observes this count, following the same procedures as for a period-end count. For the period between the count date and the balance sheet date, additional roll-forward or rollback auditing procedures must be performed on inventory purchase (increasing) and issue (decreasing) transactions during that period. The inventory on the count date is
Standards Check CAS 501 Audit Evidence—Specific Considerations for Selected Items 5. If physical inventory counting is conducted at a date other than the date of the financial statements, the auditor shall, in addition to the procedures required by paragraph 4, perform audit procedures to obtain audit evidence about whether changes in inventory between the count date and the date of the financial statements are properly recorded. (Ref: Para. A9–A11) A11. � � �
Relevant matters for consideration when designing audit procedures to obtain audit evidence about whether changes in inventory amounts between the count date, or dates, and the final inventory records are properly recorded include q� 8IFUIFS�UIF�QFSQFUVBM�JOWFOUPSZ�SFDPSET�BSF�QSPQFSMZ�BEKVTUFE� q� 3FMJBCJMJUZ�PG�UIF�FOUJUZ�T�QFSQFUVBM�JOWFOUPSZ�SFDPSET� q� 3FBTPOT� GPS� TJHOJGJDBOU� EJGGFSFODFT� CFUXFFO� UIF� JOGPSNBUJPO� PCUBJOFE� EVSJOH� UIF� QIZTJDBM� DPVOU� BOE� UIF� QFSQFUVBM� inventory records.
Source: CPA Canada Handbook—Assurance, 2014.
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
657
reconciled to the period-end inventory by appropriate addition or subtraction of the receiving and issue transactions that have occurred in the roll-forward or rollback period.
Cyclical Inventory Counting Some companies count inventory on a cyclical basis but never take a complete count on a single date. Businesses that count inventory this way claim that they have accurate perpetual records and that they carry out the counting as a means of testing the records and maintaining their accuracy. In these cases, the auditors must understand management’s counting plan and evaluate its appropriateness, and they should attend and perform tests whenever the value of inventory to be counted is material. They must be present during some counting operations to evaluate the counting plans and their execution. The procedures listed above for an annual count are used, test counts are made, and the audit team forms a conclusion concerning the accuracy (control) of perpetual records.
Auditors Not Present at Auditee’s Inventory Count It might happen on a first audit that the audit firm is appointed after the beginning inventory has already been counted. The auditors should still review the auditee’s plan for the already completed count. Some test counts of current inventory should be made and traced to current records to form a conclusion about the reliability of perpetual records. If the actual count was recent, intervening transaction activity may be tested and reconciled back to the beginning inventory. However, it may be very difficult to reconcile more than a few months’ transactions to an unobserved beginning inventory. Auditors may use the interrelationships between sales activity, physical volume, price variation, standard costs, and gross profit margins to form a conclusion about the reasonableness of the beginning inventory. This must be done very carefully, and, if the auditors cannot satisfy themselves as to the beginning inventory balance, a modification in the auditor’s report is normally called for (CAS 510).
Standards Check CAS 501 Audit Evidence—Specific Considerations for Selected Items 6.
7.
If the auditor is unable to attend physical inventory counting due to unforeseen circumstances, the auditor shall make or observe some physical counts on an alternative date, and perform audit procedures on intervening transactions. If attendance at physical inventory counting is impracticable, the auditor shall perform alternative audit procedures to obtain sufficient appropriate audit evidence regarding the existence and condition of inventory. If it is not possible to do so, the auditor shall modify the opinion in the auditor’s report in accordance with CAS 705. (Ref: Para. A12–A14)
Source: CPA Canada Handbook—Assurance, 2014.
Inventories Located off the Auditee’s Premises The auditors must determine the locations and values of inventories that are located off the auditee’s premises, perhaps in the custody of consignees or in public warehouses. If amounts are material and control is not exceptionally strong, the audit team may visit these locations and conduct onsite test counts. However, if amounts are not material or related evidence (periodic reports, cash receipts, receivables records, shipping records) is adequate and control risk is low, then direct confirmation with the inventory custodian may be sufficient appropriate evidence of existence (CAS 501).
WWW.TEX-CETERA.COM
658
PART 3
Performing the Audit
INVENTORY COUNT AND MEASUREMENT CHALLENGES EXAMPLES
CHALLENGES
Lumber
Identifying quality or grade
Piles of sugar, coal, scrap steel
Need for geometric computations, aerial photos
Items weighed on scales
Accuracy of scales
Bulk materials (oil, grain, chemicals, liquids in storage tanks)
Dipping measuring rods into tanks Sample for assay or chemical analysis
Diamonds, jewellery
Identification and quality determination Need for an expert
Pulp wood
Quantity measurement estimation Need for aerial photos
Livestock
Movement not controllable (count critters’ legs and divide by four—two for chickens)
Source: Adapted from CICA, Audit of Inventories, Auditing Procedure Study (1986), p. 28.
Summary: Inventory Observation The physical observation procedures are designed to audit for existence and completeness (physical quantities) and also to provide support for audit valuation procedures (e.g., recalculation of appropriate FIFO, weighted average, specific item, or other pricing at cost, and evaluation of lower-of-cost-and-net-realizable-value writedown of obsolete or damaged inventory). After the observation is complete, auditors should have sufficient appropriate evidence of physical quantities and valuations to ensure the inventory compilation includes goods (a) owned, on hand, and counted; (b) owned but not on hand (consigned out or stored in outside warehouses); and (c) in transit (purchased and recorded but not yet received, or shipped FOB destination but not yet delivered to customers). The inventory compilation should exclude goods (a) in the perpetual records but not owned; (b) on hand, already sold, but not yet delivered; and (c) on hand but not owned (consigned in).
Review Checkpoints 12-27 In the review of an auditee’s inventory-taking instructions, what characteristics are the auditors looking for? 12-28 Explain two-direction sampling in the context of inventory test counts. 12-29 What procedures are followed to audit inventory when the physical inventory is taken on a cyclical basis or on a statistical plan but never as a complete count on a single date?
Special Note: Audit of Property, Plant, and Equipment and Intangible Assets LO5
Explain the main auditing procedures used for property, plant, and equipment and intangible assets.
PPE and intangible assets are the long-term assets used in an entity’s operations. To be considered assets, they must be controlled by the entity and be expected to provide future economic benefits to it. PPE include land, buildings, equipment, vehicles, computers, leasehold improvements, and other physical types of assets. PPE are also called “fixed assets.” Intangible assets are identifiable non-monetary assets, such as patents, licences, copyrights, trademarks, application software, development costs, and customer lists, that do not have a physical
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
659
substance. The risks, controls, and audit procedures required to respond to the risks in the assertions of PPE and intangible assets are outlined in this section.
Risks and Controls Generally, the existence, completeness, and ownership assertions for PPE are likely to have a low assessed risk of misstatement and will be fairly straightforward to verify, since reliable evidence that is relevant to these assertions is usually available, as is introduced below. Since acquisitions of PPE tend to be infrequent, nonroutine, high-value transactions, they will have senior management approval requirements. Due to their special nature, PPE purchase transactions may be processed separately from the main purchasing process, but for study purposes we include the audit of PPE in this chapter. For intangible assets, the existence assertion tends to have a high risk, as it can be complex to determine whether a particular expenditure meets the definition of an intangible asset under generally accepted accounting principles (GAAP) (e.g., CPA Canada Accounting Handbook, Part II, section 3064, or IFRS/IAS 38). Valuation can be a very high risk assertion and challenging to verify, as there are many allocations and estimates involved. Presentation can also be a challenging assertion to verify when complex assets are acquired with multiple components that need to be classified separately, or as bundled purchases of different types of assets. PPE and intangible assets with definite lives are initially recorded at their acquisition costs and then amortized to expense over their expected useful lives. Intangible assets with indefinite lives are not amortized but are tested periodically for value impairment. Due to these assets’ long lives, a number of valuation changes can occur over time. Thus, there is a high degree of complexity involved in applying GAAP for subsequent measurement, amortization, and recording of impairment losses. Recall that the valuation assertion mainly concerns whether the monetary amount included in financial statements complies with the applicable financial reporting principles. For example, under International Financial Reporting Standards (IFRS) (IAS 16 and IAS 38), management can choose the traditional cost model or a revaluation model based on fair value estimates, indicating the complexity of valuation for PPE and intangible assets. Also, if market conditions or production technologies change over time, an asset’s value may become impaired, requiring a write-down to be recorded. A further complexity arises if the company has an obligation to restore the property to its original condition at the end of its useful life, to remove any environmental damage created during its operation, for example, for mining or oil extraction. In this case an asset retirement obligation must be estimated based on the present value of the expected future costs, and this amount is included in the value of the depreciable PPE. Overall, the accounting choices available within GAAP, and the subjective kinds of information used, can open the door for management bias in coming up with estimates. Also, the amounts invested in these long-lived operating assets can be quite large. These factors can often lead to the risk of material misstatement for the valuation assertion being high for PPE and intangible assets. As discussed earlier on the subject of auditing the valuation of unusual types of inventory, auditors may also need to rely on experts in asset valuation, engineering, or other sciences for evidence related to complex types of PPE and intangibles. The main presentation issues are to ensure that management’s accounting policies for PPE are appropriate and fully disclosed, and that the categories and appropriate monetary values of PPE elements are presented in the balance sheet and notes in accordance with the applicable financial reporting framework. Disclosures are required of the details and assumptions of the various valuation tests and models used. Auditors need to verify that these are in accordance with GAAP, and more important, that these GAAP methods match what management actually used to come up with its numbers. Much of this information involves estimates, and Chapter 19 (available on Connect) elaborates on the audit considerations related to obtaining reasonable assurance on accounting estimates, which can bear a high level of accounting risk. The box below provides examples of accounting policy disclosures for PPE and intangibles from various Canadian public companies’ audited financial statements, to give you a sense of the complexity and estimations involved.
WWW.TEX-CETERA.COM
660
PART 3
Performing the Audit
Examples of Public Companies’ Accounting Policy Notes for Property, Plant, and Equipment and Intangible Assets Note 2: Summary of Significant Accounting Policies 2(g) Property, plant, and equipment Production equipment, office equipment, and computer software and equipment are stated at cost less accumulated depreciation and accumulated impairment losses. Depreciation of these assets, on the same basis as other property assets, commences when the assets are ready for their intended use. Pre-production costs relating to installations of major new production equipment are expensed in the period in which they occurred. Depreciation is recognized so as to write off the cost of assets less their residual values over their useful lives, using the straight-line method. The estimated useful lives, residual values, and depreciation method are reviewed at each yearend, with the effect of any changes in estimate accounted for on a prospective basis. ASSET
BASIS
PERIOD
Buildings
Straight-line
20–40 years
Equipment
Straight-line
4–20 years
Production equipment
Straight-line
10–20 years
Office equipment
Straight-line
5 years
Computer software and equipment
Straight-line
3 years
Leasehold improvements are amortized on a straight-line basis over the lesser of the terms of the leases or their useful lives. Effective January 1, 20X0, the Company revised the estimated useful life of its production equipment from 10 and 15 years to 20 years. The changes in estimates, which were applied prospectively, resulted in a reduction in depreciation of $2,126,000 ($2,017,000) for the year ended December 31, 20X1 (20X0). When parts of an item of plant and equipment have different useful lives, they are accounted for as separate items (major components). The cost of replacing a component of an item of plant and equipment is recognized in the carrying amount of the item if it is probable that the future economic benefits of the item will occur and its cost can be measured reliably. The costs of day-to-day maintenance of plant and equipment are recognized directly in the statement of income. An item of property, plant, and equipment is de-recognized upon disposal, or when no future economic benefits are expected to arise from the continued use of the asset. The gain or loss arising on the disposal or retirement of an item of property, plant, and equipment is determined as the difference between the sales proceeds and the carrying amount of the asset and is recognized in profit or loss. When the Company has a legal right or constructive obligation to restore a site on which an asset is located either through make-good provisions in lease agreements or decommissioning of environmental risks, the present value of the estimated costs of dismantling and removing the asset and restoring the site are included in the carrying value of the asset with a corresponding increase to provisions. Borrowing costs directly attributable to the acquisition, construction, or production of qualifying property, plant, and equipment that takes an extended period of time to be placed into service are added to the cost of the assets, until such time as the assets are substantially ready for their intended use.
2(h) Assets under finance lease Assets held under finance leases are depreciated over their expected useful lives on the same basis as owned assets or, where shorter, the term of the relevant lease.
2(i) Impairment At each reporting date, or sooner if there is an indication that an asset may be impaired, the Company reviews the carrying amounts of its assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss (if any). The recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pretax discount rate that reflects current market (continued)
WWW.TEX-CETERA.COM
CHAPTER 12
The Purchases, Payables, and Payments Process
661
assessments of the time value of money and the risks specific to the assets for which the estimates of future cash flows have not been adjusted. If the recoverable amount of the assets is estimated to be less than their carrying amount, the carrying amount is reduced to the recoverable amount. An impairment loss is recognized immediately in profit or loss. Where an impairment loss subsequently reverses, the carrying amount of the assets is increased to the revised estimate of its recoverable amount, but such that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognized for the asset in prior years. A reversal of an impairment loss is recognized immediately in profit or loss.
2(j) Grants and investment tax credits Grants and investment tax credits are accounted for using the cost reduction method and are amortized to earnings as a reduction of depreciation, using the same rates as those used to depreciate the related property, plant, and equipment.
2(k) Intangible assets Intangible assets consist primarily of customer relationships and client lists, application software, and favourable leases. They are recorded at cost less accumulated amortization and impairment losses and amortized on a straight-line basis, over the estimated useful lives as follows: Patents
Between 2 and 17 years
Customer relationships and client lists
Between 2 and 30 years
Application software
Between 3 and 10 years
Favourable leases
Term of the lease
Other
Between 2 and 20 years
Expenditure on research activities is recognized as an expense in the period in which it is incurred.
The main financial controls of concern in this area relate to authorization of acquisitions, proper classification of assets and expenses, accuracy of the depreciation calculations and recording, and application of appropriate revaluation or impairment testing procedures. In larger organizations with many different types of fixed assets, the information system will likely have a specialized subledger module for keeping the details and integrating the summary data with the general ledger system. In smaller entities, the details may be kept in a separate schedule, often a spreadsheet, which is used to update general ledger balances through manual journal entries. A further complication is that the tax values of assets can differ from their accounting values when companies choose depreciation accounting policies that differ from those prescribed for income tax purposes (i.e., capital cost allowance, or CCA). Such differences necessitate a separate tax-based schedule of asset values and also give rise to deferred tax balances for accounting purposes in some financial reporting frameworks (which also need to be audited!). Currently, most companies continue to use the cost basis for capital assets, and that will be the main focus of the following discussion. Generally, the assets are initially recorded at cost and then the cost is allocated by depreciation (or amortization) expense to periods of use over the life of the assets. Depreciation and amortization allocation approaches are designed to allocate costs systematically to the accounting periods in which their benefits are consumed, which results in a smoother income measure. While these allocations are estimates, approaches used have been well accepted for many decades. Still, these are important and often material estimates, and like all management estimates, the risk of management bias must always be kept in mind by auditors. Be on the lookout for questionable changes to useful lives or depreciation methods, improper cost capitalization, idle assets still on the books, or estimates based on unreasonable assumptions. See, for example, item 2(g) in the box above; the auditors need to determine if this is a reasonable change. Exhibit 12–10 shows a typical continuity schedule used to keep track of details underlying the valuation of PPE and intangible assets. Often, management will prepare this type of schedule for its own control purposes,
WWW.TEX-CETERA.COM
662
WWW.TEX-CETERA.COM
0
0
0
0 165,892 [d]
111,996 152,256 [d]
Agreed to prior year's financial statement audit file. Agreed to prior-year financial statements. Agreed to general ledger account balance. Footed: Recalculated totals and cross totals - all are correct.
Additions verified on and by vouching a sample of additions to valid supporting payments and proper account allocations. - Conclusion is that amounts are valid, complete, accurate, authorized, and properly classified.
Disposals verified on , by vouching amounts to documentation of sale or scrap, recalculation of cost and accumulated depreciation amounts removed from the accounts, and inquiries of management regarding reasons. - Conclusion is disposal amounts are valid, complete, accurate, authorized, and properly classified.
[e]
[f]
0
0
[d]
DEPRECIATION /
0
[d]
50,367
47,998
0
2,368
2,143,270
59,738
0
1,475,275
608,257
[a] [b] 0
0
[d]
[d]
0
0
190,393 208,940
0
0
265,282
15,000
0
250,282
[f]
16,178
2,368
609,453
21,130
312,912
244,999
30,413
[g] *
DISPOSALS
0
[d]
0
0
0
0
579,995
0
0
579,995
[h]
IMPAIRMENT
ACCUMULATED DEPRECIATION/AMORTIZATION
DEC. 31, 20X0 AMORTIZATION
BALANCE
BALANCE
0
[d]
259,306
238,391
16,178
4,736
3,067,437
65,868
312,912
2,049,987
638,670
[d]
DEC. 31, 20X1
NET BOOK VALUE
[d]
58,842
(126,395)
149,714
35,524
3,618,685
30,177
2,816,207
400,000
121,651
250,650
[d]
DEC. 31, 20X1
NET BOOK VALUE
[d]
101,889
63,998
0
37,892
2,055,560
28,763
148,808
1,475,275
152,064
250,650
[a] [b]
DEC. 31, 20X0
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
Audited balances carried forward to final financial statement and notes worksheet at
[i]
.
Impairment testing reviewed on —the value-in-use of the old production line has declined and it is being phased out as the new line is more efficient. Impairment testing discussed with management. Only production line 1 found to be potentially impaired. Management’s estimation methods and assumptions reviewed. Estimation method and assumptions discussed and assessed with G&M’s valuation expert, P. Enge, and found to be reasonable. - Conclusion is impairment value estimate appears to be within a reasonable range and is not materially misstated. No other assets found to be impaired.
*There is a misstatement in the amortization expense for the addition to production software. The bookkeeper recorded $17,000 because the software was put into operation in November. However, the CFO notes their usual policy is to record no amortization in first year of use. This $17,000 overstatement carried forward to the Summary of Accumulated Misstatements for management decision on correcting journal entry. See W/P# . - Except for the error in amortization calculation, my conclusion is depreciation and amortization expenses are reasonable.
Depreciation and amortization calculations verified on and by recalcuation, agreeing rates and methods to stated management accounting policies, and assessing reasonability based on asset types and industry practices.
[d]
318,148
111,996
165,892
40,260
6,686,122
96,045
3,129,119
2,449,987
760,321
250,650
[c]
DEC. 31, 20X1
BALANCE
[h]
[g]
0
0
0
0
515,563
15,000
0
500,563
[f]
DISPOSALS
[a] [b] [c] [d]
and
0 165,892
0
3,002,855
22,544
2,980,311
[e]
40,260
4,198,830
COST ADDITIONS
AUDIT VERIFICATION SUMMARY: Based on the Audit Programs filed at
TOTALS
CUSTOMER RELATED SOFTWARE
PRODUCTION SOFTWARE
PATENT
INTANGIBLE ASSETS
TOTALS
88,501
148,808
PRODUCTION MACHINERY - LINE 2
COMPUTER EQUIPMENT
2,950,550
760,321
PRODUCTION MACHINERY - LINE 1
250,650
BUILDING
[a] [b]
DEC. 31, 20X0
BALANCE
LAND
PROPERTY, PLANT, & EQUIPMENT
W/P REF.
Date
ASSET CATEGORY
Date
Prepared by
FINANCIAL STATEMENT PERIOD:
LONG-LIVED ASSETS CONTINUITY SCHEDULE
Reviewed by
FILE INDEX:
AUDITEE:
Example of Continuity Schedule Working Paper for Property, Plant, and Equipment and Intangible Assets
EXHIBIT 12–10
CHAPTER 12
The Purchases, Payables, and Payments Process
663
and the auditors can use it as a working paper on which to summarize their verification work and conclusions. An example of the audit work related to impairment testing and recognized impairment losses is shown in item [h] of the Audit Verification Summary at the bottom of Exhibit 12–10. Examples of the main audit procedures applied to PPE and intangible assets are set out in the audit program in Exhibit 12–9. Note that the analytical procedures involve study of industry trends, business strategy, changes in products or production methods, and changes in sales volumes, as these can have an impact on the recoverability of the company’s investments in its long-term operating assets. Control tests are generally performed in the underlying purchases, payments, and payments cycle, though controls specific to these account balances may also be identified and considered for reliance, particularly when there are many different individual assets to keep track of. Substantive procedures include physical inspection and inspection of documents, recalculation, and use of experts regarding valuation if it is complex and specialized. Inquiry is an important source of evidence for evaluating completeness, as well as aspects of valuation that may relate to management’s intended use of various operating assets, but corroborating documentation-based evidence is also crucial.
Summary The special note outlines some standard procedures used to obtain evidence about the existence, completeness, and ownership assertions, as well as the cost allocation aspect of the valuation assertions for PPE. The fair value aspect of valuation assertion risk relating to complexity of components; fair value option under IFRS IAS 16; and estimation bias, which is difficult to debate due to subjectivity of the allocations, are challenging issues the auditing profession is currently grappling with.
Review Checkpoints 12-30 Explain why the valuation assertion often has a high risk of misstatement for PPE and intangible assets. 12-31 What is the purpose of a continuity schedule for PPE and intangibles in audit working papers?
Special Note: The Completeness Assertion for Liabilities LO6
Explain the importance of the completeness assertion for auditing the accounts payable liabilities, and the procedures used to search for unrecorded liabilities.
When considering assertions and obtaining evidence about accounts payable and other liabilities, auditors must emphasize the completeness assertion. In contrast, for asset accounts the emphasis is on the existence and ownership assertions. This is necessary because companies are typically less concerned about timely recording of expenses and liabilities than they are about timely recording of revenues and assets. Also, management may have incentives to understate liabilities and expenses to show more favourable performance or financial position than is really the case. Of course, GAAP fair presentation requires timely accrual of liabilities and their associated expenses. Evidence verifying the completeness assertion is more difficult to find than for the existence assertion. Auditors cannot rely entirely on a management assertion of completeness, even with a favourable assessment of control risk. Substantive procedures, tests of details, or analytical procedures should also provide corroborating evidence. The search for unrecorded liabilities is a set of procedures designed to yield audit evidence of search for unrecorded liabilities: a set of procedures for inspecting documents and records in the period following the audit client’s balance sheet date designed to yield audit evidence of liabilities relating to the current period that were omitted, thus violating the completeness assertion
WWW.TEX-CETERA.COM
664
PART 3
Performing the Audit
liabilities that were not recorded in the reporting period. This search should normally be performed up to the audit report date in the period following the auditee’s balance sheet date. The following list of procedures is useful in the search for unrecorded liabilities. The audit objective is to search all the places where there might be evidence of them, and if none are revealed, it is reasonable to conclude that all material liabilities were recorded. Trade payables
¼`¼ 2NO>S¼NB?¼;==IOHNM¼J;S;¼H?;L¼ the year-end, evidence that invoices aren’t being recorded. ¼`¼ "IH@CLG¼;==IOHNM¼J;S;¼L?=?CPCHA¼L?JILN¼@CF?¼;H>¼L?=?CPCHA¼L?JILNM¼ prepared after year-end, determine when the goods were received. Determine which invoices, if any, should be recorded. ¼`¼ 3L;=?¼NB?¼OHG;N=B?>¼L?=?CPCHA¼L?JILNM¼NI¼;==IOHNM¼J;S;¼>?N?LGCH?¼C@¼;HS¼L?=IL>?>¼CH¼NB?¼ next accounting period need to be reported in the current accounting period under audit. ¼`¼ 5IO=B¼;¼M;GJF?¼I@¼J;SG?HNM¼@LIG¼NB?¼;==IOHNCHA¼J?LCI>¼@IFFIQCHA¼NB?¼;N?¼;A;CHMN¼ supporting documents (invoice, receiving report) to determine if the related liabilities were recorded in the proper accounting period. Select the sample from the post-year-end cutoff bank statement to audit the cash balance. ¼`¼ 2=;H¼NB?¼IJ?H¼JOL=B;M?¼IL>?L¼@CF?¼;N¼S?;L ?H>¼@IL¼JOL=B;M?¼=IGGCNG?HNM¼;N¼@CR?>¼JLC=?M ¼%LIG¼=OLL?HN¼ prices, determine if any adjustments for loss and liability are needed due to unrecorded losses on forward purchase contracts.
Accrued liabilities
¼`¼ ¼=B?=EFCMN¼I@¼;==LO?>¼?RJ?HM?M¼QCFF¼B?FJ¼>?N?LGCH?¼QB?NB?L¼NB?¼=IGJ;HS¼B;M¼
View more...
Comments
