Assurance BROADEST
Assurance Def: |
are independent professional services |
| |
that improve the quality of information |
| |
or its context |
| |
for decision makers |
assurance services: |
| |
quality of a business process |
| |
reliability of computer systems |
| |
(ICFR) Internal control over financial reporting |
“Reliability” AICPA’s definition for Assurance services
Attestation MIDDLE
Definition |
in which a practitioner issues a report on subject matter or assertion that is the responsibility of another party |
| |
To provide assurance through a written report regarding reliability of management’s assertion. |
Examination = |
high assurance |
Review = |
moderate assurance |
nonissuers |
AICPA: SSAE / AT-C standards |
issuers |
PCAOB: AT No.1 & 2 , && Interim Standards |
financial attestation engagements |
| |
Agreed upon procedures |
| |
Pro forma financial information |
| |
Financial forecasts and projections |
non-financial attestation engagements |
| |
Compliance with contractual requirements |
| |
Effectiveness of internal control systems |
| |
Inventory quantities and locations |
General Audit Info
Steps |
1. |
Assessing client acceptance and retention decisions |
2. |
Understanding the client-planning |
3. |
Obtain evidence about internal control and determine impact on the financial statements |
4. |
Obtain substantive evidence about account assertions |
5. |
Wrapping up the audit and making reporting decisions-do we have enough evidence |
WHY? |
User demands: |
reliable, relevant, timely info |
conditions that increase user demand: |
Complexity, Remoteness, Time sensitivity, Consequences |
AAA Definition |
Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and communicating the results to interested users. |
assertions |
Financial Statements & footnotes |
established criteria |
GAAP |
communicating the results |
Auditor's Report/ Other Reports |
interested users |
Creditors && Investors |
Audit Purpose: |
provide users with an opinion by the auditor on whether the F/S are presented fairly, in all material respects in accordance with the AFRF |
Audit Premise: |
those charged with governance have responsibility for |
| |
The preparation and presentation of the f/s in accordance with the AFRF |
| |
IC over financial reporting |
| |
Providing auditor with ALL information necessary and unrestricted access. |
Information risk is the risk (probability) that the information (mainly financial) disseminated by a company will be materially false or misleading.
Nature of the Company
The company’s organizational structure and management personnel. |
The sources of funding of the company’s operations and investment activities. |
The company’s significant investments |
The company’s operating characteristics, including its size and complexity. |
The sources of the company’s earnings, including the relative profitability of key products and services, and key supplier and customer relationships. |
| |
Where are the Risks of Material Misstatement |
Preliminary Analytical Procedures
beginning of an audit |
compare to industry and previous years |
"reasonableness tests" |
1)Develop an expectation |
2) Define a significant difference. |
% OR $ |
3) Compare expectation with the recorded amount. |
horizontal analysis // year to year |
| |
vertical analysis // % of whole |
4) Investigate significant differences |
"attention directing" |
5) Document each of the preceding steps |
Stages of Audit "performance"
1. Obtain Engagement |
| |
(1) perform procedures regarding the acceptance or continuance of the audit client relationship |
| |
-must attempt contact w/ predecessor auditor |
| |
-when issuer changes auditors Form 8-K |
Generally Include: |
Obtaining and reviewing: annual reports, interim statements, registration statements, Form 10-Ks, reports to regulatory agencies |
| |
criminal background checks of senior managers |
| |
Considering the need for specialists |
| |
Evaluate the firm’s independence |
| |
Requesting the client’s bankers, legal counsel, underwriters, analysts to "spill the tea" |
| |
Considering if the engagement will involve unusual risks |
| |
(2) determine compliance with independence and ethics requirements |
| |
(3) reach a contractual understanding with the client for the terms and conditions of the audit engagement |
| |
engagement letter has: |
| |
-objectives of the engagement |
| |
-management’s responsibilities |
| |
-auditors’ responsibilities |
| |
-any limitations |
| |
optional = termination letter |
2. Engagement Planning |
| |
Audit Plan engagement partner |
| |
develop and document a plan (NTE) to assess RMM |
| |
THEN plan the (NTE) control and substantive tests that mitigate these risks to an acceptable level (kinda step 3) |
| |
Why audit plan? |
| |
-quality control, supervision, (provable) documentation |
| |
goals of audit planning |
| |
-firm has the requisite staff |
| |
-determine materiality |
| |
-outline the specific audit procedures to lessen RMM |
3. Risk Assessment |
| |
-Internal control |
| |
-risk of material misstatement |
| |
-inherent risk and control risk |
4. Audit Evidence |
| |
-“sufficient appropriate” |
| |
-minutes of meetings, confirmations with independent third parties, invoices, analyst reports, and all other information that permits auditors to reach valid, logical conclusions |
| |
-Detection risk!! |
5. Reporting (reporting principle) |
Audit procedures for obtaining evidence
Why? |
| |
1) understand the client (& risks) |
| |
"risk assessment procedures" |
| |
2) to test the operating effectiveness of IC |
| |
"tests of controls" |
| |
3) produce evidence about management’s assertions |
| |
evidence for PERCV/ASB assertions |
Procedures |
1) Inspection of Records and Documents |
completeness (T/S), existence (v), occurrence (V) |
| |
vouching, tracing, scanning |
| |
hierarchy of evidence |
2) Inspection of Tangible Assets |
existence |
3) Observation |
"test of controls" |
| |
a general awareness of events in the client’s offices |
4) Inquiry |
"risk assessment procedures" / documentation |
| |
written representations or management representations |
| |
“inquiry alone” is never enough |
| |
early planning stages of the engagement |
5) Confirmation |
existence, R/O, Valuation, Cut-off depends on the info requested |
Confirmation letters: |
printed on the client’s letterhead and signed by a client officer |
| |
seek information the recipient can supply |
| |
audit firm should control confirmations |
| |
responses the audit firm || client |
6) Recalculation |
existence & valuation |
| |
recalculation of computations || "test of controls" & potential evidence |
7) Reperformance |
any client control procedure |
8) Analytical Procedures |
REQUIRED during planning && final evaluation |
| |
optional: substantive testing phase |
Auditors are REQUIRED to Document
Risk Assessment process |
in the workpapers |
| |
Discussions with engagement personnel. |
| |
Procedures to identify and assess risk. |
| |
Significant decisions during discussion (team brainstorming sessions) |
| |
Specific risks identified and audit team responses. |
| |
Explanation of why improper revenue recognition is not a risk, if so deemed. |
| |
Results of audit procedures, particularly procedures regarding management override. |
| |
Other conditions causing auditors to believe that additional procedures are required. |
| |
Communications to management and those charged with governance, such as the audit committee. |
Audit Documentation
PCAOB-AS 1215 "audit documentation": |
The written record of the basis for the auditor’s conclusions that provides the support for the auditor’s representations, whether those representations are contained in the auditor’s report or otherwise |
Permanent Files |
"continuing audit significance" |
| |
corporate or association charter, bylaws, or partnership agreement |
| |
continuing contracts such as leases, bond indentures, and royalty agreements |
| |
A history of the company, its products, markets, and background. |
| |
minutes of meetings of stockholders and/or directors on matters of lasting interest. |
| |
Continuing schedules of accounts with balances that are carried forward for several years, such as owners’ equity, retained earnings, partnership capital, ect. |
| |
prior-years’ financial statements and audit reports |
| |
Client organization chart. |
Current Files |
"the year under audit" |
| |
planning memorandum = summary of current files |
| |
lead schedule = summary of accounts in "account group" |
| |
Indexing = docs get index number |
| |
Cross-referencing = basically a Foreign Key |
| |
Heading =name of the company, the balance-sheet date, and a descriptive title |
| |
Signatures and initials =auditor who performs the work and the supervisor who reviews it must sign the audit documentation |
| |
Dates of audit work = dates of performance and review are recorded |
| |
Audit marks (tick marks) and explanations = auditor’s shorthand comments about work preformed |
Materiality &
Lower the materiality level if |
high complexity + low balance = higher risk |
if materiality is lower |
test more |
RMM and detection risk are inversely related |
IC risk won't change. |
Firm sets this. |
control risk goes up |
detection risk goes down |
we control |
Detection risk |
Cycles
Voucher packet |
approvals, accounts, and amounts to be recorded |
| |
supporting purchase order |
| |
receiving report |
| |
vendor invoice |
|
|
Entities
PCAOB Public |
Public Company Accounting Oversight Board |
| |
ASs-Auditing Standards |
AICPA Private |
American Institute of Certified Public Accountants |
| |
ASB - Auditing Standards Board |
| |
SASs - Statements on Auditing Standards |
GAO Gov. |
U.S. Government Accountability Office |
| |
The “Yellow Book” - Government Auditing Standards |
IFAC Foreign |
International Federation of Accountants |
| |
IAASB - International Auditing and Assurance Standards Board |
| |
ISAs - International Standards on Auditing |
Domestic AFRF (applicable financial reporting framework) GAAP
Foreign AFRF (applicable financial reporting framework) IFRS
Detection risk
| |
Need for Suff. & App. |
Detection Risk |
Poor Controls |
|
|
Good Controls |
|
|
ASB Assertions
ASB Assertions |
Evaluates what? |
Procedures |
Existence |
do assets exist? |
assets Inspection of tangible assets |
Occurrence |
transactions actually occur? |
Inspection of records or documents (vouching) |
Rights and obligations |
ownership & legal responsibilities |
independent Confirmations |
Completeness |
financial statements (footnotes too) complete? |
Inspection of records or documents (tracing) |
Cutoff |
proper period |
Inspection of records or documents (tracing or vouching) |
Valuation or allocation |
accounts valued correctly? |
Reperformance |
Accuracy |
transactions recorded accurately? |
Inspection of records or documents (tracing or vouching) |
Presentation |
appropriately presented & clearly described? |
Management Inquiry |
Classification |
in the proper accounts? |
Analytical procedures |
PERCV
Presentation & Disclosure |
Presentation |
footnotes |
| |
Disclosure |
disclose inventory methods |
Existence && Occurrence |
Existence |
assets |
| |
inspection of tangible assets |
| |
Balance sheet (vouch) |
Occurrence |
transactions |
| |
push/pull revenue |
| |
income statement |
| |
Purchase Journal Receiving Reports |
| |
Vouching |
Rights && Obligations |
Rights |
Balance sheet |
| |
inventory consignment |
| |
Obligations |
Balance sheet |
| |
consignment |
Completeness |
| |
liabilities and revenue |
| |
accrued liabilities |
| |
Receiving Reports Purchase Journal |
| |
Tracing |
Valuation OR Allocation |
Valuation |
credit ratings |
| |
ASC 606 accuracy |
Allocation |
GAAS “Principles”
Responsibilities |
| |
1. Competence |
education, training, experience |
| |
2. Independence |
fact and appearance |
| |
3. Due professional care (GAAS) |
performance of the audit AND the preparation of the report |
| |
Performance |
To express an opinion, Obtain reasonable assurance that financial statements are free of material misstatement whether due to error or fraud |
obtain reasonable assurance: |
| |
Planning and supervision |
| |
|
Prepare an audit program & plan including timing |
| |
|
Supervise the audit work |
| |
|
Obtain knowledge of the client |
| |
|
Have a system in place to settle disagreements |
| |
Determining materiality |
Nature, Timing, Extent |
| |
Risk assessment |
risk of material misstatement |
| |
|
inherent risk and control risk |
| |
based on an understanding: |
| |
|
the entity |
| |
|
operating environment |
| |
|
internal control |
| |
in order to determine the |
Nature, Timing, Extent |
| |
Evidence Gathering |
sufficient & appropriate |
| |
|
Sufficient # |
| |
|
Appropriate quality (R&R) |
| |
|
relevance - the assertion being tested |
| |
|
Reliability — source and nature of the evidence |
| |
obtained |
through audit procedures |
| |
|
to afford a reasonable basis for an opinion |
Reporting |
conclusion and communication |
| |
State whether financial statements follow GAAP |
Explicit The report shall state whether the financial statements are presented in accordance with GAAP |
| |
Identify inconsistencies |
| |
Address adequacy of disclosures |
| |
Express an opinion or explain why none is given |
appropriate: Relevance & Reliability
Relevance — the assertion being tested
Reliability — source and nature of the evidence
Fraud
What is FRAUD |
| |
1) knowingly making material misrepresentations of fact |
| |
2) with the intent of inducing someone to believe the falsehood && and act on it |
| |
3) causing victim to suffer a loss or damage |
Types |
Employee Fraud |
"misappropriations of assets" |
Embezzlement |
employees or nonemployees wrongfully taking money or property entrusted to them, by cover-up |
Larceny |
theft of an employer’s property that is not entrusted to an employee |
Defalcation |
Misuse of funds by a fiduciary |
Management fraud |
"Fraudulent financial reporting" |
| |
deliberate fraud committed by management that injures investors and creditors through materially misstated information. |
| |
(1) overstating revenues and assets |
| |
(2) understating expenses and liabilities |
| |
(3) giving disclosures that are misstated or that omit important information |
Prevention |
| |
Tone at the top |
Deterrent |
| |
Internal Controls |
Motives |
Psychological |
for the hell of it |
Egocentric |
prove they can |
Ideological |
moral justification |
Economic |
need for $$ |
Triangle |
Incentive |
Opportunity |
Attitude/Rationalization |
Capability |
Susceptibility |
| |
Dollar size of the account. |
| |
Liquidity. |
| |
Volume of transactions |
| |
Complexity of the transactions |
| |
Subjective estimates. |
Control Stages
Custody |
Authorization |
Recording |
Reconciliation |
Confirmations
Types |
Positive |
| |
small number of accounts are involved |
| |
Individual balances are large |
| |
large number of errors are anticipated |
Negative |
| |
a large number of small balances are involved |
| |
the combined assessed level of inherent and control risk is low |
| |
the auditor has no reason to believe that the recipients of the requests are unlikely to give them consideration. |
Blank |
| |
should be used if the recipient is likely to return a positive confirmation without verifying the accuracy of the information. |
| |
considerations |
| |
positive and blank confirmations > negative non-responses |
| |
Recipients of accounts receivable confirmations might not report understatements |
Non-response to Positive/blank |
Follow up with 2nd & 3rd |
| |
lower than expected response rate = fictitious customer accounts |
Non-response to negative |
Alternative procedures are not necessary |
| |
Only limited evidence |
Assertions |
| |
existence |
| |
occurrence |
Inspection of Firms
Issuers |
PCAOB is charged with monitoring |
"inspections" |
>100 issuer audits |
annual inspections |
<100 issuer audits |
triennial inspections |
Non-Issuers |
AICPA |
"peer reviews" |
AICPA National Peer Review Committee |
Triennial peer reviews |
Plans
audit plan |
a comprehensive list of the "specific audit procedures" that the audit team needs to perform to gather sufficientappropriate evidence |
internal control audit plan |
a list of "specific procedures" needed to obtain an understanding of the client’s internal control system and test that understanding for those controls |
substantive audit plan |
a list of "audit procedures" for gathering evidence |
| |
(1) substantive analytical procedures |
| |
-more efficient |
| |
(2) tests of details |
| |
-more effective |
System of Quality Control //AICPA // Audit firm
quality control standards |
QC |
Purpose |
provide the firm reasonable assurance that the firm and its personnel |
1. Leadership responsibilities |
“tone at the top” |
2. Relevant ethical requirements |
independence, Competence, Due professional care, Skepticism |
3. Acceptance and continuance of client relationships |
adequately perform the engagement, integrity of the client, firm’s ability to comply with legal and ethical requirements |
4. Human resources (audit firm) |
Hire quality personnel, Assign staff to engagements based on their capabilities, Provide professional development opportunities, Effectively evaluate, compensate, and promote staff |
5. Engagement performance |
engagement quality control reviews |
6. Monitoring. |
either an ongoing postissuance review of engagement documentation or targeted inspection procedures for a sample of engagements |
| |
-appropriateness of the firm’s guidance materials |
| |
-compliance with policies and procedures on independence |
| |
- effectiveness of continuing professional education |
| |
-decisions regarding the acceptance and continuance |
Balance-Sheet / Operations Ratios
Directions
Source |
TRACING |
Accounting Docs |
| |
|
|
Accounting Docs |
VOUCHING |
Source |
| |
|
|
CAATs |
Scanning |
Accounting Docs |
| |
|
|
Control Signals
“absence of controls” |
inherent risk |
“internal control effectiveness” |
control risk |
“sufficient appropriate evidence” |
detection risk |
“more internal control” |
lower control risk |
“less effective controls” |
increase procedures |
|
