Audit Objective: Render opinion on whether the financial statements are fairly

presented in accordance with GAAP.

1) CAS 200: Overall Objective of the Independent Auditor and the Conduct of the
Audit in Accordance with CAS (overall responsibilities when conducting an audit
in accordance with CAS)
a. Use the application of ethical standards in making informed decisions
b. To obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or
error, thereby enabling the auditor to express an opinion on whether the
financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework
c. To report on the financial statements, and communicate as required by
the CAS, in accordance with the auditor’s findings
 - Conduct of an audit: comply with CAS and CAPN
- Scope of an audit: professional judgement when deciding with CAS on type of
audit procedure and must be documented
- Reasonable assurance: evidence gather should allow auditor to have
reasonable assurance that financial statement are free of material
misstatements, whether due to fraud of error. Needs to be high assurance.
- Audit risk and materiality: Audit risk = risk that auditor expresses an
inappropriate audit opinion when financial statements are materially
misstated. Related to evidence gathering. I.e. fail to detect material
misstatement. Audit Risk needs to be low by effective audit procedures.
- Planning and supervision (CAS 300)
- Internal control assessment (CAS 315)
- Sufficient appropriate evidential matter (CAS 200)

Professional Judgement : “the application of relevant training, knowledge and

experience, within the context provided by auditing, accounting and ethical standards,
in making informed decisions about the courses of action that are appropriate in the
circumstances of the audit engagement.”

Professional Judgement is based on relevant facts and circumstances at the time the
audit decision is made. Auditors uses it to focus on the most important aspects of an
audit, I.e. determining nature, timing and extent of audit procedures and evaluate
appropriateness of the application of GAAP by management.
It also involved identifying reasonable alternatives. Careful and objective consideration
of information that may seem contradictory to a conclusion is critical to the appropriate
application of professional judgement. Documentation of judgement is also important.

Professional Skepticism is also essential to the professional judgement process. “It

means recognizing that circumstances causing the financial statements to be materially
misstated may exist.” Its an auditors tendency not to believe management assertions
but instead to find sufficient support for the assertions through appropriate audit
evidence.

Evidence is the heart of audits of financial statements and we need it to justify opinions

2) CAS 208

3) CAS 210
4) CAS 220

5) CAS 230
6) CAS 240
a. Maintain professional skepticism and make no assumption about
managements honesty
b. CAS 240 requires auditors to presume that there is always a risk of
fraudulent revenue recognition, a presumption that is rebuttable by audit
evidence.
i. Rebuttable procedures require auditors to perform analytical
procedures on revenues, make inquiries and scan for unusual
entries.
ii. Audit team should hold fraud and error meeting to identify and
share info on fraud risk factors during the audit. They also need to
identify biases in management accounting estimates and
understand business rationale of transactions.
iii. If cannot reject presumption, then need to raise concern with those
charged with governance.
7) CAS 250: Illegal Act by Auditees – “Non compliance with laws and regulations”
a. Requires auditors to consider the consequences of the illegal acts very
broadly and to consider the best way of disclosing these consequences.

8) CAS 260:
a. Requires that those charged with governance be informed about the
scope and results of the independent audit.
b. Requires oral or written communication from auditors on misstatements
other than trivial errors, fraud, misstatements that may cause future
financial statements to be materially misstated, illegal or possibly illegal
acts and weakness in internal control.
9) CAS 700: Forming an Opinion and Reporting on Financial Statements
a. Unmodified and Modified Opinion Report
i. Features (pg.44): Title, Address, Intro, Opinion, Key Audit Matters,
Mgmt and Corporate Governance Responsibilities, Description of
Audit, Signature, Date, Auditor Address.
10)CAS 705: Guidance on Modification to Auditor Report
a. Adverse Opinion, Qualified Opinion or Disclaimer of Opinion

11)CAS 300: Planning and Supervising an Audit

a. Prepare Audit Plan and Supervise Audit Work
b. Obtain Knowledge of Auditee Business: must understand events,
transactions and practices that are characteristic of the business and its
management and how if effect financial statement.
c. Deal with Difference of Opinion Among Audit Firm’s Own Personnel
d. Written Audit Program: required before the audit work starts listing
procedures auditor will perform to produce evidence needed for good
audit decisions.
e. Audit File: of working papers documenting the evidence obtained that
supports audit opinion. “Not documented, not done”.
 12)CAS 315: Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment.
Obtain and understanding of all internal controls relevant to the Audit using
internal control framework. Use professional judgement to decide if control is
relevant to audit. Auditor responsible to evaluate the design of all controls that
are relevant to the audit and determining whether or not they have been
implemented.
a. Internal Control Assessment: understand auditees internal control;
control environment, accounting system and control procedures. Need to
know to assess control risk: the chance that material misstatement could
occur and not be prevented or detected on a timely basis by the internal
control structure. Main purpose, help auditors develop the audit program.
Good internal control = low control risk = minimizing extent of subsequent
audit procedures.
GAAS suggest that auditors use internal control framework, have 5 components.
(EXHIBIT 7-1)
13)Control Environment
14)Managements Risk assessment Process
15)Information and Communication
16)Control Activities: controls over processes
17)Monitoring of Controls
12) CAS 320
13) CAS 540: Manipulation of Estimates in Fraudulent Financial Reporting
 Chapter 1

Performing the audit will give the auditor reasonable assurance that financial
statements are fairly presented, not materially misstated. Their opinion is
communicated in the Auditor’s Report. It provides a high level assurance (confidence) to
the user that the auditor believes that the information risk is LOW and has evidence to
support that belief.
Three party accountability is reducing the risk on information created by the second
party (preparer), to foreseeable third parties who use the information. Auditor is first
party.

Chapter 2

The CPA member has to act with INTEGRITY, remain OBJECTIVE (by remaining
independent of conflicting interests and maintain independence in fact and in
appearance to outsiders, maintain PROFESSIONAL COMPETENCIES their work requires
and to do their work with appropriate DUE CARE, to keep CONFIDENTIAL all information
they acquire through their professional work and to BEHAVE PROFESSIONALLY in a way
that befits a well-respected profession.

5 situations arise in three-party accountability. Five threats or risk to INDEPENDENCE.

(PG.79)
- Self review
- Self interest
- Advocacy
- Familiarity
- Intimidation

Ethical Requirements Relating to an Audit of Financial Statements (pg.40)

- Competence: adequate technical training and proficiency in auditors. Education,
on the job training in developing and applying professional judgement.
- Objectivity and Independence: Auditors must have objective state of mind-
intellectual honest and impartiality. They must be unbiased with respect to the
financial statements and other information. Expected to be fair to the issuer and
users of information. MAINTAIN Professional Independence in appearance as
well.
- Due Professional Care: Requires observance of the rules of professional ethics
and GAAS. Auditors must be competent and independent, exercising proper care
in planning and supervising the audit, understanding the auditee’s control
structure and in obtaining sufficient appropriate evidence.
GAAS examination standards covered by CAS 300,315 and 200.

Chapter 3
- Due Care: auditor has duty to corroborate managements claims and assertions.
- Auditors have moral, professional and legal obligation.
o Moral: doing the right thing.
o Professional: formal ethical responsibilities of auditors.
o Legal: risks auditors accept in court of law while practicing public
accounting
- Critical thinking is important. Critical thinking framework consists of objectives,
principles, concepts and their application and ethics is important concept within
framework.
- 5 fundamental principles of professional accounting ethics:
o Professional behaviour
o Integrity and due care
o Professional competence
o Confidentiality
o Objectivity
-

Chapter 4

- Auditors report is the most public output of a financial statement audit and
states the auditors opinion on whether the financial statements are fairly
presented.
- Forming Audit Opinion= ultimate goal of audit engagement
- CAS 700,701,705 and 706: reporting standards GAAS
- Clean or unmodified opinion is most common type
- Modified/qualified audit opinion: because 1) GAAP violations that affect fair
presentation and 2) audit scope limitations that impair the auditors ability to fully
comply with GAAS

- 4 Main segments must be present:

o Intro about company and the set of financial statements that were audited
o Mgmt responsibility paragraph, internal controls to ensure statements are
free of material misstatements due to fraud or error
o Description of auditor responsibility in three paragraphs outlining
responsibilities, what examination involves, auditors belief that their
procedures provided sufficient basis for the opinion.
 o Opinion paragraph on fair presentation of the financial statements
- Association: imp way for PA to meet ethical standard of integrity. PA did some
work or agreed to have their name connected to the information or company.
- Also need to be clear on review engagement or audit engagement.
o Review: procedures are less time consuming and less costly than high level
of assurance. No verification or analysis.
o Audit: high level of assurance about fair presentation of financial
statement. High level analysis.
o Compilation Engagement: no assurance, but association exists by
preparing financial statement from info in company books
- Association: arrives in three ways: without knowledge or consent, through some
action, or third party assumes.
o When associated, CPA standards must be met, must comply with rules of
professional conduct, and there is communication of the extent of
involvement with the information.
o Financial statements prepared on PA letterhead,
o Produced by PAs computer as part of bookkeeping service
o Or document identifies this person as PA
- Don’t want to mislead third party by being associated in the wrong way.

3 Levels of Assurance/ Conclusions

- Unmodified Report/ Clean Opinion (highest level) Start off with positive
assurance opinion sentence.
- Limited Assurance (Qualified Report) (Moderate of Negative Assurance).. review
report of unaudited financial statements. AKA Adverse Opinion
o Contains opinion that doesn’t give positive assurance that everythings in
conformity with GAAP.
o Two types of Qualified Reports: GAAP departure reports and scope
limitation reports.
- No Assurance; compilation engagements and specified procedures engagements.
No conclusion on reliability of the statements. I.e. just check use of correct
account titles and format but no verification of accuracy of underlying accounting
records.

5 Basic Segments for Standard Unmodified Report

- Opinion Segment
- Basis for opinion segment
- Key audit matters segment
- Management and governance responsibility segment
- Auditor responsibility paragraphs
Audit Reservation from two types of circumstances: audit deficiencies due to scope
limitation and accounting deficiencies resulting from GAAP departure. And Uncertainty
Accounting deficiency; qualification or adverse opinion
Audit deficiency; qualification or disclaimer of opinion

4 Types of Opinions: Unqualified, qualified,

- disclaimer of opinion, from lack of independence and lack of sufficient
appropriate evidence
- adverse opinion resulting from GAAP departures

Analytical Procedures ( 5 types) Pg.159.

Horizontal analysis: comparing changes of F/S numbers and ratios across 2+ years
Vertical analysis: comparing all F/S items to common base.. i.e. Total assets or total
sales/ Debt to equity ratio etc.

Chapter 5: Preliminary Audit Planning: Understanding the Auditees Business

Auditors must be free of personal interest in the company and financial statements,
meet professional ethics codes and comply with GAAS. Auditor must determine these
before accepting audit engagements.
After acceptance. Must establish mutual agreement in annual audit engagement letter.
The letter describes nature of the audit, managements responsibilities for fair
presentation, implementing internal controls and providing all information that auditor
needs to complete engagement. Letter also describes auditors responsibilities. After
acceptance of audit, the performing of audit begins.
- Three Main Steps
1) Risk Assessment: Understand the auditees business. Assess the risk that the
auditees financial statements are not fairly presented.
2) Responding to the Assessed Risks: by performing the audit work necessary to
gather sufficient and appropriate evidence relevant to the risks that have been
assessed to be significant
 3) Concluding and Reporting: conclusion based on audit findings as to whether they
give auditor reasonable assurance that financial statements are fairly presented
and communicate this in opinion paragraph of the report.

1) Risk Assessment
a. Knowledge of business operations and environment business operates in
b. Need to fairly portray underlying economic realities of the business. Key
risk areas, account balances, disclosures.
c. Business of environmental risk could result in material misstatement in
financial statements.
d. Document planning decisions in overall audit strategy ; summarizing key
audit areas that need to be address and main characteristics of the
engagement. It’s a planning document serving as guide. IT means auditor
used due care and to defend against legal liability for negligence.

Pre Audit Risk Management Activities: done before accepting a client relationship and
beginning any audit work
- Professional ethics codes and GAAS must be met before acceptance. Risk of
negative consequences as well. Need to reduce risk by conducting audit to
reduce chance that something will go wrong and lead to misstated financial
statements being released to users. Need to implement quality control
procedures to ensure audits done in accordance with CAS
- Auditor must be satisfied that the company understands its responsibilities to
prepare financial statements in accordance with acceptable financial reporting
framework GAAP and for implementing and maintain internal control to ensure
the financial statements are free of misstatements due to error or fraud. Mgmt
must also give unrestricted access to all information, records, documentations,
etc.
- Need to contact predecessor auditor to decide to accept auditee and to plan
audit.
- Auditor can take on any risk as long as they are confident that the risk can be
managed down to acceptable level through careful performance of high-quality
audit work. EXHIBIT 5-2 RISK FACTORS
o How widely distributed are the audited financial statements?
o How strong is the financial condition of the auditee?
o How trustworthy is the auditees management?
o How complex is the financial reporting required?
o How knowledgeable are the people using the financial statements likely to
be?
- Engagement Letter: when new audit is accepted auditor must obtain this. IT sets
out terms of the engagement, forming a contract between auditor and client.
Need to revise yearly if needed. Letter should cover objective, scope and
limitations of the audit and the responsibilities of both parties.
- Need to also plan time budget for each part of the audit. Interim Audit Work;
covers tasks done before the balance sheet date. I.e. internal control risk
assessment and auditing balances as they exist at an early date.
- Overall Audit Strategy: pg 153. Planning document that sets the scope timing,
direction of audit, and guides the audit plan development; reporting objectives,
nature, timing and extent of resources necessary for engagement
- Auditing standards require auditor to document overall strategy, audit plan and
audit programs and evidence that support the report

- First need to understand business risk and managements risk assessment

process. To see how likely a material misstatement of financial statement is.

o Need to find factors that create business and fraud risk and reduce
information risk for users of F/S
o Then perform more detailed assessment of transactions, account balances
and disclosures.
o 5 Principal Assertions (Claims) : Existence, Completeness, Ownership,
Valuation, Presentation
 Management is claiming that each element of financial statements,
the element exists; its complete; it is right owner by entity; its value
is measured in accordance with reporting framework and presented
in terms of classification, description and disclosure. EXHIBIT 5-3,
5-6
Performance Materiality: amount set by the auditor which is less than materiality for
the F/S to reduce an appropriately low level the prob that undetected misstatements
exceeds materiality for the F/S. Prof that audit work might miss some errors. Basically
an allowance for amount of mistakes that can be made or overlooked until it exceeds to
overall materiality level.

We. Focus on overall materiality and performance materiality required by CAS 320.
 Chapter 6- Assessing Risks in Audit Engagement

- High level view based on nature of business, environment, financial

strength, corporate governance to make assessment of risk of material
misstatement for financial statements.
- Identify business risk and learn management controls/processes.
- Breakdown F/S to 5 assertions for RISK ASSESMENT EXERCISE:
o Existence (occurrence): auditor needs evidences that transactions
are valid and actually occurred.
o Completeness: completeness errors exists when transaction total or
account balance is understated. Accounting is not complete for a
transaction that really occurred.
o Ownership (Rights and Obligations): Managements claim that the
entity has proper rights to all the assets and revenues reported and
proper obligations to pay out all the liabilities and expenses.
o Valuation (Measurement and Allocation): Managements claim is
that dollar amounts recorded in FS are correctly calculated and
allocated and used in accordance with GAAP.
o Presentation (Classification and Disclosure): Mgmt claim is that FS
are presented fairly in accordance with GAAP. Disclosing notes, etc.

- Auditor needs to focus on 2 related factors that create risk of material

misstatement at assertion level
o Inherent risks arising in business environment and operations
o Control risks arising from lack of effective internal control over
financial information system
- Audit risk: chance that auditor gives opinion that F/S fairly presented but
actually materially misstated. Lower Audit Risk level is preferred
- AR = IR x CR x DR
- Risk of MM = (IR x CR), chance that one or more assertions in FS is MM due
to IR and CR
- IR= chance that MM affected one or more assertions in FS could have
occurred before any controls were applied.
o Revenue accounting can have high IR. Most MM.
- CR= chance that mgmt. control policies will fail to prevent or detect MM
o Concerned with internal control risk related to audit.
 - DR= chance that auditor procedures will fail to detect MM that occurred
due to IR and has not been corrected by company internal controls due to
CR. Substantive Procedure: designed to detect MM at assertion level;
comprising tests of details (transactions, account balance and disclosures)
and analytical procedures.
- Need to understand business risk and strategy to assess the risk of MM

Fraud Triangle- incentive, opportunity and rationalization make fraud likely.

Based on previous audit findings and business risk assessment, auditor forms
expectations about what financial analysis should discover.

The risk-based approach to auditing starts with a business risk analysis that
provides an under- standing of the auditee’s business, its environment, and the
risks it faces. The auditor considers the strategic goals of the business, the risks of
not meeting those goals, and the process the entity’s management uses to
manage these risks. The auditor then examines the financial and non- financial
performance of the entity to assess whether the performance reported in
management’s financial statements is consistent with the auditor’s understanding
of the business risk and its performance. The business risk assessment can
identify risks that can have a pervasive impact on the financial statements as a
whole, such as those arising from fraud, management bias, manipulation of
reported results, lack of management competence, or a deficiency in the overall
control environment.

Assertions are claims that management make in presenting its financial

statements that auditor needs to verify by obtaining audit evidence.

- CAS 315 defines assertion in terms of 3 main financial reporting categories:

account balance, classes of transactions and disclosures.

Assess risk of MM at assertion level means – auditors can use assertions to think
about what could go wrong an how likely it is to happen.

Auditing = risk management process, information risk that materially misstated will go
out to users. Assurance is complement of audit risk. High assurance = low audit risk.
Audit Risk = probability that auditor will fail to express opinion on FS that are materially
misstated. AR needs to be low.
 - AR = IR x CR x DR

o 5% lowest level possible for auditors to hold.

o Step 1:AR and IR and CR and then DR

- Four Accounting Processes: revenue, purchasing, production and financing

Pg224. Case Study Analysis

- Auditor Approach

o Identify Key business risk Factors

 Governance

 Controls over Financial Reporting

 Industry, Regulatory and other External Risk factors such as

competition, new product market acceptance risk, Foreign
exchange risk, government

 Operations related risk: product development, limited protection,

expansion, manufacturing risk,

o Link Business Risk to Risk of Material Misstatement

 Industry, Regulatory and other External Risk factors

 Nature of business (operations, investments, financing_

 Objectives and Strategy to address business risk

o Assess risk at assertion level (E.C.V.O.P)

 Chapter 7

Risk based audit approach, auditors must consider elements of managemet’s control
structure to gain a better understanding of how internal can affect the audit.
GAAS suggest that auditors use internal control framework, have 5 components
- Control Environment
- Managements Risk assessment Process
- Information and Communication
- Control Activities
- Monitoring of Controls
Fraud triangle, incentives/pressures and opportunity and rationalization. All three
factors present means fraud likely to occur.
Two types of FRAUD- fraudulent financial reporting and misappropriation of assets

Internal control is process designed, implemented and maintained by management and

other auditee personnel to provide reasonable assurance about the reliability of
financial reporting, the effectiveness and efficiency of operations and compliance with
applicable laws and regulations.

Accounting Control Activities

- General Controls- organizational features such as capable personnel,
segregation of duties, controlled access.
- Application Controls- viewed in terms of whether they relate to data
input, processing or output of the accounting system.