Professional Documents
Culture Documents
Auditing - CAS Standards
Auditing - CAS Standards
1) CAS 200: Overall Objective of the Independent Auditor and the Conduct of the
Audit in Accordance with CAS (overall responsibilities when conducting an audit
in accordance with CAS)
a. Use the application of ethical standards in making informed decisions
b. To obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or
error, thereby enabling the auditor to express an opinion on whether the
financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework
c. To report on the financial statements, and communicate as required by
the CAS, in accordance with the auditor’s findings
- Conduct of an audit: comply with CAS and CAPN
- Scope of an audit: professional judgement when deciding with CAS on type of
audit procedure and must be documented
- Reasonable assurance: evidence gather should allow auditor to have
reasonable assurance that financial statement are free of material
misstatements, whether due to fraud of error. Needs to be high assurance.
- Audit risk and materiality: Audit risk = risk that auditor expresses an
inappropriate audit opinion when financial statements are materially
misstated. Related to evidence gathering. I.e. fail to detect material
misstatement. Audit Risk needs to be low by effective audit procedures.
- Planning and supervision (CAS 300)
- Internal control assessment (CAS 315)
- Sufficient appropriate evidential matter (CAS 200)
Professional Judgement is based on relevant facts and circumstances at the time the
audit decision is made. Auditors uses it to focus on the most important aspects of an
audit, I.e. determining nature, timing and extent of audit procedures and evaluate
appropriateness of the application of GAAP by management.
It also involved identifying reasonable alternatives. Careful and objective consideration
of information that may seem contradictory to a conclusion is critical to the appropriate
application of professional judgement. Documentation of judgement is also important.
Evidence is the heart of audits of financial statements and we need it to justify opinions
2) CAS 208
3) CAS 210
4) CAS 220
5) CAS 230
6) CAS 240
a. Maintain professional skepticism and make no assumption about
managements honesty
b. CAS 240 requires auditors to presume that there is always a risk of
fraudulent revenue recognition, a presumption that is rebuttable by audit
evidence.
i. Rebuttable procedures require auditors to perform analytical
procedures on revenues, make inquiries and scan for unusual
entries.
ii. Audit team should hold fraud and error meeting to identify and
share info on fraud risk factors during the audit. They also need to
identify biases in management accounting estimates and
understand business rationale of transactions.
iii. If cannot reject presumption, then need to raise concern with those
charged with governance.
7) CAS 250: Illegal Act by Auditees – “Non compliance with laws and regulations”
a. Requires auditors to consider the consequences of the illegal acts very
broadly and to consider the best way of disclosing these consequences.
8) CAS 260:
a. Requires that those charged with governance be informed about the
scope and results of the independent audit.
b. Requires oral or written communication from auditors on misstatements
other than trivial errors, fraud, misstatements that may cause future
financial statements to be materially misstated, illegal or possibly illegal
acts and weakness in internal control.
9) CAS 700: Forming an Opinion and Reporting on Financial Statements
a. Unmodified and Modified Opinion Report
i. Features (pg.44): Title, Address, Intro, Opinion, Key Audit Matters,
Mgmt and Corporate Governance Responsibilities, Description of
Audit, Signature, Date, Auditor Address.
10)CAS 705: Guidance on Modification to Auditor Report
a. Adverse Opinion, Qualified Opinion or Disclaimer of Opinion
Performing the audit will give the auditor reasonable assurance that financial
statements are fairly presented, not materially misstated. Their opinion is
communicated in the Auditor’s Report. It provides a high level assurance (confidence) to
the user that the auditor believes that the information risk is LOW and has evidence to
support that belief.
Three party accountability is reducing the risk on information created by the second
party (preparer), to foreseeable third parties who use the information. Auditor is first
party.
Chapter 2
The CPA member has to act with INTEGRITY, remain OBJECTIVE (by remaining
independent of conflicting interests and maintain independence in fact and in
appearance to outsiders, maintain PROFESSIONAL COMPETENCIES their work requires
and to do their work with appropriate DUE CARE, to keep CONFIDENTIAL all information
they acquire through their professional work and to BEHAVE PROFESSIONALLY in a way
that befits a well-respected profession.
Chapter 3
- Due Care: auditor has duty to corroborate managements claims and assertions.
- Auditors have moral, professional and legal obligation.
o Moral: doing the right thing.
o Professional: formal ethical responsibilities of auditors.
o Legal: risks auditors accept in court of law while practicing public
accounting
- Critical thinking is important. Critical thinking framework consists of objectives,
principles, concepts and their application and ethics is important concept within
framework.
- 5 fundamental principles of professional accounting ethics:
o Professional behaviour
o Integrity and due care
o Professional competence
o Confidentiality
o Objectivity
-
Chapter 4
- Auditors report is the most public output of a financial statement audit and
states the auditors opinion on whether the financial statements are fairly
presented.
- Forming Audit Opinion= ultimate goal of audit engagement
- CAS 700,701,705 and 706: reporting standards GAAS
- Clean or unmodified opinion is most common type
- Modified/qualified audit opinion: because 1) GAAP violations that affect fair
presentation and 2) audit scope limitations that impair the auditors ability to fully
comply with GAAS
Auditors must be free of personal interest in the company and financial statements,
meet professional ethics codes and comply with GAAS. Auditor must determine these
before accepting audit engagements.
After acceptance. Must establish mutual agreement in annual audit engagement letter.
The letter describes nature of the audit, managements responsibilities for fair
presentation, implementing internal controls and providing all information that auditor
needs to complete engagement. Letter also describes auditors responsibilities. After
acceptance of audit, the performing of audit begins.
- Three Main Steps
1) Risk Assessment: Understand the auditees business. Assess the risk that the
auditees financial statements are not fairly presented.
2) Responding to the Assessed Risks: by performing the audit work necessary to
gather sufficient and appropriate evidence relevant to the risks that have been
assessed to be significant
3) Concluding and Reporting: conclusion based on audit findings as to whether they
give auditor reasonable assurance that financial statements are fairly presented
and communicate this in opinion paragraph of the report.
1) Risk Assessment
a. Knowledge of business operations and environment business operates in
b. Need to fairly portray underlying economic realities of the business. Key
risk areas, account balances, disclosures.
c. Business of environmental risk could result in material misstatement in
financial statements.
d. Document planning decisions in overall audit strategy ; summarizing key
audit areas that need to be address and main characteristics of the
engagement. It’s a planning document serving as guide. IT means auditor
used due care and to defend against legal liability for negligence.
Pre Audit Risk Management Activities: done before accepting a client relationship and
beginning any audit work
- Professional ethics codes and GAAS must be met before acceptance. Risk of
negative consequences as well. Need to reduce risk by conducting audit to
reduce chance that something will go wrong and lead to misstated financial
statements being released to users. Need to implement quality control
procedures to ensure audits done in accordance with CAS
- Auditor must be satisfied that the company understands its responsibilities to
prepare financial statements in accordance with acceptable financial reporting
framework GAAP and for implementing and maintain internal control to ensure
the financial statements are free of misstatements due to error or fraud. Mgmt
must also give unrestricted access to all information, records, documentations,
etc.
- Need to contact predecessor auditor to decide to accept auditee and to plan
audit.
- Auditor can take on any risk as long as they are confident that the risk can be
managed down to acceptable level through careful performance of high-quality
audit work. EXHIBIT 5-2 RISK FACTORS
o How widely distributed are the audited financial statements?
o How strong is the financial condition of the auditee?
o How trustworthy is the auditees management?
o How complex is the financial reporting required?
o How knowledgeable are the people using the financial statements likely to
be?
- Engagement Letter: when new audit is accepted auditor must obtain this. IT sets
out terms of the engagement, forming a contract between auditor and client.
Need to revise yearly if needed. Letter should cover objective, scope and
limitations of the audit and the responsibilities of both parties.
- Need to also plan time budget for each part of the audit. Interim Audit Work;
covers tasks done before the balance sheet date. I.e. internal control risk
assessment and auditing balances as they exist at an early date.
- Overall Audit Strategy: pg 153. Planning document that sets the scope timing,
direction of audit, and guides the audit plan development; reporting objectives,
nature, timing and extent of resources necessary for engagement
- Auditing standards require auditor to document overall strategy, audit plan and
audit programs and evidence that support the report
o Need to find factors that create business and fraud risk and reduce
information risk for users of F/S
o Then perform more detailed assessment of transactions, account balances
and disclosures.
o 5 Principal Assertions (Claims) : Existence, Completeness, Ownership,
Valuation, Presentation
Management is claiming that each element of financial statements,
the element exists; its complete; it is right owner by entity; its value
is measured in accordance with reporting framework and presented
in terms of classification, description and disclosure. EXHIBIT 5-3,
5-6
Performance Materiality: amount set by the auditor which is less than materiality for
the F/S to reduce an appropriately low level the prob that undetected misstatements
exceeds materiality for the F/S. Prof that audit work might miss some errors. Basically
an allowance for amount of mistakes that can be made or overlooked until it exceeds to
overall materiality level.
We. Focus on overall materiality and performance materiality required by CAS 320.
Chapter 6- Assessing Risks in Audit Engagement
Based on previous audit findings and business risk assessment, auditor forms
expectations about what financial analysis should discover.
The risk-based approach to auditing starts with a business risk analysis that
provides an under- standing of the auditee’s business, its environment, and the
risks it faces. The auditor considers the strategic goals of the business, the risks of
not meeting those goals, and the process the entity’s management uses to
manage these risks. The auditor then examines the financial and non- financial
performance of the entity to assess whether the performance reported in
management’s financial statements is consistent with the auditor’s understanding
of the business risk and its performance. The business risk assessment can
identify risks that can have a pervasive impact on the financial statements as a
whole, such as those arising from fraud, management bias, manipulation of
reported results, lack of management competence, or a deficiency in the overall
control environment.
Assess risk of MM at assertion level means – auditors can use assertions to think
about what could go wrong an how likely it is to happen.
Auditing = risk management process, information risk that materially misstated will go
out to users. Assurance is complement of audit risk. High assurance = low audit risk.
Audit Risk = probability that auditor will fail to express opinion on FS that are materially
misstated. AR needs to be low.
- AR = IR x CR x DR
- Auditor Approach
Governance
Risk based audit approach, auditors must consider elements of managemet’s control
structure to gain a better understanding of how internal can affect the audit.
GAAS suggest that auditors use internal control framework, have 5 components
- Control Environment
- Managements Risk assessment Process
- Information and Communication
- Control Activities
- Monitoring of Controls
Fraud triangle, incentives/pressures and opportunity and rationalization. All three
factors present means fraud likely to occur.
Two types of FRAUD- fraudulent financial reporting and misappropriation of assets