Professional Documents
Culture Documents
Audit & Assurance Bible
Audit & Assurance Bible
1
party
transactions
Auditing in a Implications of the use of IS TB 6
12 computerized for audit process 43
environment General & application controls
and testing
Auditing the Risks and key controls of the TB 10
13 revenue process revenue process SSA 505, 47
AGS 2
15 56
Auditing the Risks and key controls of TB 11 & 13
supply chain supply chain, inventory. SSA 501,
and inventory AGS 4
Auditing HR, Risks and key controls of HR, TB 12 & 14
16 PPE, prepaid PPE, prepaid expenses, 69
expenses, intangibles, goodwill
intangibles and
goodwill
Auditing Risks and key controls in TB 15 & 16
17 investments and financing processes. 71
financing FS assertions: investments,
processes borrowings, equity and income
statement accounts
Audit sampling Audit sampling TB 8 & 9
18 Sampling procedures SSA 530 -
Attribute and monetary unit
sampling
Specific audit Auditing estimates TB 3 & 5
19 issues Using the work of other SSA 540, 76
auditors and experts 600, 610,
Group FS 620
Audit Auditor’s responsibility to TB 3 & 17
20 completion contingent liabilities, SSA 260, 80
subsequent events, going 501, 560,
concern assumption 570, 720
Auditor’s communication to
TCWG
2
2: Types and Elements of Assurance
Services
Assurance service:
AICPA Special Committee on Assurance Services:
“Assurance services are independent professional services that improve the quality of information,
or its context, for decision makers.
→ US definition
→ As long as you add value to the information, it’s counted as assurance
→ Only have 2 parties involved
5 criteria:
1. Must have 3 parties (User, practitioner, responsible party)
2. Must have appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report
3
whether management provides subject matter to users.
What is auditing?
“A systematic process of objectively obtaining and evaluating evidence regarding assertions
about economic actions and events to ascertain the degree of correspondence between those
assertions and established criteria, and communicating the results to interested users”
Question: Why is the bank willing to charge different interest rates for the loan depending on
whether the financial statements are reviewed or audited?
1. Less information asymmetry
2. Less monitoring required
5
3: The auditing profession and
regulation
Profession:
(By Australian Council of Professions)
A disciplined group of individuals who adhere to high ethical standards and uphold themselves
to, and are accepted by, the public as possessing special knowledge and skills in a widely
recognized, organized body of learning derived from education and training at a high level, and
who are prepared to exercise this knowledge and these skills in the interest of others.
Professional associations:
• Main issuer of pronouncement of auditing matters: IFAC (International Federation of
Accountants) → IFAC’s IAASB (International Auditing and Assurance Standards Board) issues ISAs
(International Standards on Auditing). Also under IFAC: IESBA, IAESB.
• Issuer of IFRS’s: IASB (International Accounting Standards Board)
• Assembles securities commissions worldwide: IOSCO (International Organization of
Securities Commission)
• Private professional bodies: ICPAS, AICPA, ICAEW, CPA Australia, ACCA, IIA (Institute of
Internal Auditors) → Certifies internal auditors with CIA (Certified Internal Auditor)
• Government bodies (International standard setting): INTOSAI (Auditors and stakeholders
pooled together)
• Fraud: ACFE (Association of Certified Fraud Examiners)
• Information Systems Audit: ISACA
Characteristics of a profession (Sager 1995) → KETTLE AC
1. Skill based on theoretical knowledge
2. Extensive period of education
3. Testing competency
4. Institutionalized training or period of internship
5. Licensed practitioners
6. Work autonomy environment
7. Professional associations
8. Code of ethics
Ethics, Independence and the IFAC Code of Ethics For Professional Accountants
• If an auditor is incompetent or lacks independence, the parties to the contract will place
little or no value on the service provided.
• Ethics: A system or code of conduct based on moral duties and obligations that indicated
how we should behave.
6
Types of Auditors
External Auditors Internal Auditors Government Auditors Forensic Auditors
- Aka Independent - Auditors that are - Employed by - Employed by
auditors/professional employees of national or local corporations,
accountants in public individual companies, governmental government agencies,
practice. Not gov bodies and other institutions and public audit firms and
employees of the entities. bodies. consulting and
entity they audit - Internal auditing = - Provide assurance on investigative services
- Stat auditor: “An independent, compliance and firms.
Approved to carry out objective assurance operational - Trained in detecting,
an audit of FS required and consulting activity performance. investigating and
by law designed to add value - Compliance audit: deterring fraud and
- Hold some form of and improve an Determines the extent white-collar crime.
license/authorization organization’s to which rules, policies, - Association of
- Audit FS for public, operations. It helps an laws or gov regulations Certified Fraud
private etc, as well as organization are followed by the Examiners (ACFE)
certain unrestricted accomplish its entity. supports forensic
advisory services. objectives by bringing - Operational auditors.
- Professional a systematic, performance audit: - ACFE educates CFEs,
qualifications are disciplined approach Systematic review of who gather evidence,
regulated, licenses are to evaluate and part/all if an take statements, write
granted after a period improve the organization’s reports and assist in
of professional effectiveness of risk activities to evaluate investigating fraud in
practice, and management, control whether resources are its varied forms.
continuous education and gov processes.” being use efficiently
is required. and effectively.
7
Organization forms of audit firms
Sole General Limited Liability Partnership Corporation
Proprietorship Partnership
This lends additional credibility Private affair Books are publicly available
to the services provided to the Separate legal entity
users because the individual Less personal responsibility → But there are SAFEGUARDS:
auditor is willing to risk the loss Accountants Act: There must be a minimum level of insurance
of his or her personal wealth. provided. And if found to be professionally guilty, the individual
will still be held individually professionally liable.
A Model of Business
Corporate Governance
Corporate Governance consists of all the people, processes and activities in place to help ensure
proper stewardship over an entity’s assets. Ensures that those managing an entity properly utilize
their time, talents and the entity’s resources in the best interest of owners and other stakeholders,
and that they faithfully report the economic condition and performance of the enterprise.
Those Charged With Governance (TCWG): Person(s) or organization(s) with responsibility for
overseeing the strategic direction of the entity and obligations related to the accountability of the
entity. Usually TCWG = BOD.
Audit committee: Usually a mandatory requirement for listed companies and financial institutions.
Assists governing body in meeting financial reporting responsibilities. Members of the audit
committee may be required to be independent and have competence in accounting and
auditing. Audit committee may be directly responsible for the appointment, compensation and
oversight of the work of external auditors engaged by firm.
Global: Organization for Economic Co-operation and Development (OECD) issued the Principles
of Corporate Governance to improve corporate governance.
Objectives, Strategies, Processes, Controls, Transactions and Reports
• Management typically sets objectives and strategies on how to achieve these objectives.
• Organization must assess and manage risks that threaten the achievement of these
objectives.
• 5 components of business processes: Revenue process, Purchasing process, HR
management process, Inventory management process, Financing process.
• Enterprise must design and implement accounting information systems to capture the
transactions from each of these processes.
8
4: Overview of financial statement
audits
Question 1:
a) What is the current requirement for mandatory financial statement audits in Singapore?
Companies Act 205:
205.
—(1) The directors of a company shall, within 3 months after incorporation of the company,
appoint a person or persons to be the auditor or auditors of the company, and any auditor or auditors
so appointed shall, subject to this section, hold office until the conclusion of the first annual general
meeting.
Audit Exemptions:
a) Dormant companies
→ A company that has no accounting transactions for the financial year in question or has
not started business since its corporation
b) Small exempt private companies
→ Private company, no corporate shareholders, not more than 20 members, company’s
revenue not more than $5.0mil, and proper accounting records are maintained, with FS
prepared according to FRS for submission to IRAS, and audit is not required by ACRA, SHs
holding not less than 5% interest in the co’s share capital, or other gov bodies.
Rationale:
Subsidiaries need to be audited in order to protect shareholders of Parent company who do not
have the rights to financial information of the subsidiaries that the parent invests in.
Companies Act 201:
• Directors of every company to present at AGM audited profit and loss account and
balance sheet that comply with the (FRS) requirements of the Accounting Standards and give a
true and fair view of the profit and loss and state of affairs of the company respectively.
• Holding companies to present audited balance sheet of the holding company and
consolidated accounts (P/L and B/S)
Case study: Societe Generale Bank → In beg 2008, a fraud was discovered worth 6.4bn, which
constituted 20% of total assets. By standards, cannot push the loss of 6.4bn to 2007 as it’s not a
condition they could have foreseen at end 2007. But they did shift it to 2007 by T&F override.
b) How will this change if the recent proposed changes to the Companies Act are
implemented?
Small exempt private companies =
Total revenue < 10 mil, Total Gross assets < 10 mil, Employees < 50 in number
→ Just need to meet 2 out of these 3 requirements.
→ Will no longer need to be audited
9
c) How will the change impact the audit profession?
SME audit practices will be affected.
The market/pie is shrinking!
Question 2:
Debate: “There should not be any mandatory financial statement audits required for non-listed
companies in Singapore”
Should not be mandatory Should be mandatory
• Costly to conduct FS audits • Public interest (eg, Employees, Suppliers,
• Should let market forces decide. (eg, Customers)
Supplier can demand the co get audited if • Free good: Somebody should do it for
they’re influential enough). Whether co is the good of everyone
audited or not doesn’t really affect the • Protect minority interest
customers → Regulation unnecessary. • Other benefits of Audit (Auditor will give
• Provides signaling effect: Those who recommendations on internal audit, detect
choose to be audited can signal that they are fraud etc)
more transparent that other companies.
Objective and Scope of FS Audit
SSA 200
• To enhance the degree of confidence of intended users in the financial statements
• Through the expression of an opinion by the auditor on whether the financial statements
are presented fairly, in all material respects, (or give a true and fair view) in accordance with an
applicable financial reporting framework.
• By obtaining reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error.
10
4. Management’s responsibility 5. Auditor’s responsibility 6. Auditor’s opinion
7. Auditor’s signature 8. Audit report date 9. Auditor’s address
Immaterial EOM/OM: Can come together with either Unmodified or Modified opinion
Scope limitation: Auditor is unable to Departure from financial reporting
collect sufficient appropriate evidence. framework: The financial statements
Limited by the client or by condition (eg are not prepared or presented in
Cannot get evidence of factory that accordance with the applicable
supposedly exists in North Korea). financial reporting framework
* Scope refers to scope of auditor, not
management! Ie, Auditor cannot get
the info. NOT mgt cannot get -_-
Material not Qualified: “Except for” → Quite common. Not very serious.
pervasive
Material and Disclaimer: No opinion Adverse: Negative opinion → Financial
pervasive statements are materially misstated
11
Question: If the auditor cannot get
information on a company’s large
subsidiary’s financial statements, what
should be the opinion on the Group FS?
Answer: ADVERSE.
→ This isn’t a limitation of scope.
Consolidation is a requirement of FRS.
Thus, since it’s a large subsidiary
(material), and can’t get information at
all (pervasive for the group), auditor
should issue an Adverse opinion.
12
emphasized.
Examples of situations: Eg:
• An uncertainty relating to the future outcome of Other Matter
exceptional litigation or regulatory action The financial statements of K Ltd for
• Early application (where permitted) of a new the year 31 Dec 2009 were audited by
accounting standard that has a pervasive effect on the another auditor who expressed an
FS in advance of its effective date unmodified opinion on those
• A major catastrophe that has, or continues to statements on 31 Mar 2010.
have, a significant effect on the entity’s financial position
• A material uncertainty that may cast significant
doubt about the co’s ability to continue as a going
concern which has been adequately disclosed (SSA 570)
13
deteriorating for the last 5 years. Most of its EOM
problems result from loans made to real
estate developers. Your review of the loan
portfolio indicates that there should be a
major increase in the loan-loss reserves.
Based on your calculations, the proposed
write0down of the loans will out H Bank into
violation of the capital requirements. The
client refuses to make the adjustment or to
disclose the possible going-concern issue in
the notes to FS.
14
5: Overview of financial statement
audits II
Audit Expectation Gap
What auditor thinks What public expects
he’s supposed to do auditor to do
Auditor not good in his Standards not Gap that cannot be closed
work clear. Eg No of → Constantly educate the
→ Need more training Samples public
required/what
exactly is true and
fair?
→ Educate public
→ Improve
standards
Audit Quality
In the IAASB’s view, a quality audit is likely to be achieved when the auditor’s opinion on the FS
can be relied upon as it was based on sufficient appropriate audit evidence obtained by an
engagement team that:
• Exhibited appropriate values, ethics attitudes;
• Was sufficiently knowledgeable and experienced and had sufficient time allocated to
perform the audit work;
• Applied a rigorous audit process and quality control procedures;
• Provided valuable and timely reports; and
• Interacted appropriately with a variety of different stakeholders.
Audit Failure
1. The financial statements are found to be materially misstated after the auditor issued an
unqualified audit opinion on the FS
2. The co goes bankrupt less than 12 months after the FYE, but auditor’s report did not
highlight any going concern uncertainty → Auditor should have been able to see it coming
3. Auditors are found to have close relationships with the client
4. Auditors issued an unqualified audit opinion without obtaining sufficient appropriate
evidence.
1. & (2): Something has happened. Outcome signals the audit failure.
15
(3) & (4): No outcome. Process based.
Q: Why did Arthur Andersen collapse?
1. They destroyed audit evidence
2. They’re a global partnership. One die all die (Unlike Deloitte [Franchise])
SSQC 1: Addresses a firm’s system of quality control to provide reasonable assurance that the firm
and its personnel comply with professional standards and applicable legal and regulatory
requirements. Compliance with those policies.
Part A: Fundamental principles and conceptual framework for all professional accountants.
Part B: Application of conceptual framework in certain situations encountered by professional
accountants in public practice. → *** Important sections: 290: Independence – Audit & Review
Engagements
Part C: Application of conceptual framework in certain situations encountered by professional
accountants in business.
ACRA Code – Part A and B
ISCA Code – Part A, B and C
16
Fundamental Principles of IFAC Code of Ethics → I Only Choose Pepperoni Pizza
Integrity
Be straightforward and honest
Objectivity
Do not compromise judgment due to bias, conflict of interest, undue influence
Confidentiality
Professional behavior
Comply with laws and regulations, avoid any action that brings discredit to the profession
Independence in Appearance
→ The avoidance of facts and circumstances that are so significant that a reasonable and
informed third party would be likely to conclude, weighing all the specific facts and
circumstances, that a firm’s, or a member of the audit team’s, integrity, objectivity or professional
skepticism has been compromised.
DON’T GIVE OUTSIDERS ANY REASON TO THINK THAT YOU’RE NOT INDEPENDENT (Impression)
• i
Self nterest threat
o The threat that a financial or other interest will inappropriately
influence the PA’s judgment or behaviour
• Advocacy threat
o The threat that a PA will promote a client’s or employer’s position to the point that
the PA’s objectivity is compromised.
• Intimidation threat
o The threat that a PA will be deterred from acting objectively because of actual or
perceived pressures, including attempts to exercise undue influence over the PA.
• Familiarity threat
o The threat that due to a long or close relationship with a client or employer, a PA will
be too sympathetic to their interests or too accepting of their work
17
Circumstances that may lead to: (From ACCA Code of Ethics and Conduct)
Self Interest Threat:
(a) Financial interests, loans or guarantees;
(b) Incentive compensation arrangements;
(c) Concern over employment security;
(d) Commercial pressure from outside the employing organisation;
(e) Inappropriate personal use of corporate assets;
(f) Close personal or business relationships;
(g) A financial interest in a client or jointly holding a financial interest with a client;
(h) Undue dependence on fees from a client.
Advocacy Threat
(a) Commenting publicly on future events in particular circumstances, having made assertions
without detailing the assumptions;
(b) Where information is incomplete or advocating an argument which is unlawful;
(c) Promoting shares in a listed entity when that entity is a financial statement audit client;
(d) Acting as an advocate on behalf of an assurance client in litigation or disputes with third
parties.
Intimidation Threat
(a) Threat of dismissal or replacement of the member, or a close or immediate family member,
over a disagreement about the application of an accounting principle or the way in which
financial and performance information is to be reported;
(b) A dominant personality attempting to influence the decision-making process, for example with
regard to the awarding of contracts or presentation of financial information, or controlling
relations with auditors or other oversight bodies;
(c) Being threatened with litigation;
(d) Being pressured to reduce inappropriately the extent of work performed in order to reduce
fees.
Familiarity Threat
(a) A person in a position to influence financial or non-financial reporting or business decisions
having an immediate or close family member who is in a position to benefit from that influence;
(b) Long association with business contacts influencing business decisions;
(c) Acceptance of gifts or preferential treatment, unless the value is clearly insignificant;
(d) Over-familiarity with the management of the organisation such that professional judgment
could be compromised
(e) A former partner of the firm being a director or officer of the client or an employee in a
position to exert direct and significant influence over the subject matter of the engagement.
18
Question: Debate: “External auditors should not be allowed to provide any non-audit services to
their audit clients.”
For Against
• Economies of scale → Auditor knows • Let auditor focus on auditing services
best • Self-interest threat
• Cost saving • Self-review threat (eg Accounting
• Let the business (ie, the Audit company) service then internal control service -_-)
decide for itself • Intimidation threat
• As long as they disclose, let the public • Lack of independence in appearance
decide whether there’s a threat
3. Created by individual
a. Complying with continuing professional development requirements
b. Keeping records of contentious issues and approach to decision-making
c. Maintaining a broader perspective on how similar organisations function through establishing business
relationships with other professionals
d. Using an independent mentor
e. Maintaining contact with legal advisors and professional bodies
Question
With reference to ACRA Code of Professional Conduct and Ethics, identify and explain any threat
to your independence:
Threat Rationale
Client’s CFO Code 290.206 → Are they paying you a lot? If it’s substantial, there may be a
approach you to self interest threat.
provide “Substantial” = >5% of audit firm’s total audit fees (if client is listed), or >15% of
substantial audit firm’s total audit fees (if client is not listed), or if total fees are 50% or more
advisory services of public accountant’s total fees.
Provide advisory Code 290.181: Provision of Internal Audit Services
services • If client is a listed co.: CANNOT
necessary to set • If client is NOT listed co.: Self-review threat may be created
up an internal Internal audit services comprise of:
audit I. Extension of audit firm’s services beyond requirement
department II. Assist in performance of client’s internal audit activity
III. Outsourcing of (II)
• Internal audit services do not include operational internal audit services
unrelated to the internal accounting controls, financial systems or
financial statements.
Safeguards: 290.185
Free upgrade to Code 260: Gifts and Hospitality
a nicer room for • Self-interest threat, intimidation threat
accommodation • Depends on the magnitude of benefit
Code 290.213: Gifts and Hospitality
• Self interest, Familiarity threat
• Unless value is clearly insignificant, the threat cannot be reduced by
any safeguard
You inherited Code 290.113
$180,000 worth of “If a firm has material direct financial interest in a FS audit client of the firm the
shares in the self interest threated created would be so significant no safeguard could
client reduce the threat to an acceptable level.” → Must dispose of direct interest
Code 290.114
“If a firm has material indirect financial interest in a FS audit client, a self
interest threat is also created.” → Either dispose of the indirect interest in total
or dispose of a sufficient amount of it so that the remaining interest is no longer
material.
20
6: Financial statement assertions &
audit evidence
Management Assertions
Assertions are representations by management, explicit or otherwise, that are embodied in
financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur (ISA 315, para 4(a))
Occurrence Transactions and events that have been recorded have occurred
and pertain to the entity
Failure to meet occurrence → Overstatement of the account
Completeness All transactions and events that should have been recorded have
been recorded
Failure to meet completeness → Understatement of the account
Accuracy Amounts and other data relating to recorded transactions and
Transactions
rights and obligations actually have occurred and pertain to the entity
Completeness All disclosures that should have been included in the financial
statements have been included
Disclosure
Audit Evidence
The Nature of Audit Evidence
→ Refers to the form or type of information, which includes accounting records and other
available information.
Eg: Cheques and records of electronic fund transfers; invoices; contracts; the general and
subsidiary ledgers, journal entries and other adjustments of FS, records such as work sheets and
spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
Other info eg: Minutes from meetings; confirmations from third parties; analysts’ reports;
comparable data about competitors (benchmarking); control manuals; information obtained by
the auditor from inquiries, observation and inspection.
Sufficiency and Appropriateness of Audit Evidence
Sufficiency → Measure of the quantity of audit evidence
Appropriateness → Measure of quality of audit evidence.
Quality of evidence required is affected by (i) Risk of misstatement and (ii) by quality of the audit
evidence gathered.
𝟏
𝑺𝒖𝒇𝒇𝒊𝒄𝒊𝒆𝒏𝒄𝒚 ∝
𝑨𝒑𝒑𝒓𝒐𝒑𝒓𝒊𝒂𝒕𝒆𝒏𝒆𝒔𝒔
Appropriateness: Both relevant and reliable
• Relevance: Relationship to the assertion or to the objective of the control being tested.
• Reliability: Whether a particular type of evidence can be relied upon to signal the true
state of an assertion.
o Knowledgeable independent source of the evidence → As opposed to evidence
obtained solely from within the entity
o Effectiveness of internal control → When client’s internal control is effective,
evidence generated is viewed as reliable
o Auditor’s direct personal knowledge → As opposed to evidence obtained indirectly
or by interference (eg Inquiry)
o Documentary evidence → As opposed to oral representation
o Original documents → Auditor’s examination of an original signed copy more
reliable than a photocopy.
Evaluation of Audit Evidence
In evaluating evidence, an auditor should be thorough in searching for evidence and unbiased in
its evaluation. The auditor must remain objective and must not allow the evaluation of the
evidence to be biased by other considerations.
Audit Procedures
MUST DO A FEW. NOT JUST 1.
• Examining internal or external records or documents that are in paper form, electronic
form or other media.
Inspection of records/ documents
• External documents (remittance advices returned with cash receipts from customer
payment, bank statements, vendors’ invoice) more reliable than internal documents
(Duplicate copies of sales invoices and shipping documents, materials requisition
forms, work sheets for OH cost allocation)
Vouching (Occurrence)
Source Journal or
Document ledger
Tracing (Completeness)
22
Inspection • Auditor inspects or counts a tangible asset.
• Eg: Counting cash, examining inventory or marketable securities, examining
tangible
assets
tangible fixed assets.
• May provide evidence on valuation.
of
23
• Consist of evaluations of financial information made by a study of plausible
relationships among bot financial and non-financial data (ISA 520)
Analytical procedures
Audit Documentation
Working papers have two functions:
1) To provide a sufficient and appropriate record for the basis for the auditor’s report
2) To provide evidence that the audit was planned and performed in accordance with ISAs
and applicable legal and regulatory requirements (ISA 230, para 5)
When determining form, content and extent of the documentation, consider:
• Nature of auditing procedures to be performed
• Identified risks of material misstatement
• Extent of judgment involved in performing the work and evaluating the results
• Significance of the evidence obtained
• Nature and extent of exceptions identified
• The need to document a conclusion or the basis for a conclusion not readily determinable
from the documentation of the work performed or evidence obtained
Audit documentation should enable an experienced auditor, having no previous connection with
the audit, to understand:
• The nature, timing, extent of the audit procedures performed to comply with the ISAs and
applicable legal and regulatory requirements
• The results of the audit procedures performed and the audit evidence obtained
• Significant matters arising during the audit, the conclusions reached thereon, and
significant professional judgments made in reaching those conclusions (ISA 230, Para 8)
Identify items tested, who performed the audit work, date work was completed, who reviewed,
date of review.
25
7: Financial statement assertions &
audit evidence II
Client Acceptance
SSA 220.A8 states that information such as the following assists the engagement partner in
determining whether the conclusions reached regarding the acceptance and continuance of
client relationships and audit engagements are appropriate:
• The integrity of the principal owners, key management and TWCG
• Whether the engagement team is competent to perform the audit engagement and has
necessary capabilities, including time and resources.
• Whether the firm and the engagement team can comply with relevant ethical
requirements, and
• Significant matters that have arisen during the current or previous audit engagement, and
their implications for continuing the relationship.
2) Test of Controls
Performed to test the operating effectiveness of controls in preventing, or detecting and
correcting material misstatements at the relevant assertion level.
MUST BE CONDUCTED WHEN: SSA 330(8)
1) When auditor’s risk assessment at assertion level includes an expectation of the operating
effectiveness of controls (ie Auditor intends on relying on relying on controls to determine
nature, timing and extent of substantive procedures)
2) When substantive procedures alones do not provide sufficient appropriate audit evidence
Eg of TOC:
• Inquiries of appropriate management, supervisory and staff personnel
• Inspection of documents, reports and electronic files
• Observation of the application of specific controls
• Walk-through → Trace transaction from its origination to its inclusion in the FS through a
combi of audit procedures including inquiry, observation and inspection
• Re-performance of the application of the control
3) Substantive procedures
→ Detect material misstatements in a transaction class, account balance and disclosure element
of the FS. Two types: (1) Test of details of classes of transactions, account balances and
disclosures; and (2) Substantive analytical procedures.
28
---Continued next page---
Substantive Analytical Procedures
Preliminary Analytical Used for risk assessment to better understand the business and to
Procedures plan the nature, timing ad extent of audit procedures
Substantive Analytical Used to obtain evidence about particular assertions related to
Procedures account balances or classes of transactions. (Not mandatory)
Final Analytical Procedures Used as an overall review of the financial information in the final
review stage of the audit.
29
8: Materiality and Risk Assessments
Materiality and Audit Risk
SSA 320 (A1):
Materiality and audit risk are considered throughout the audit, in particular, when:
• Identifying and assessing the risks of material misstatements (SSA 315)
• Determining the nature, timing and extent of further audit procedures
• Evaluating the effect of uncorrected misstatements, if any, on the FS and in forming the
opinion in the auditor’s report
Materiality
SSA 320 (2):
• Misstatement, including omissions, are considered to be material if they, individually or in
the aggregate, could reasonably be expected to influence the economic decisions of
users taken on the basis of the FS
• Judgments about materiality are made in light of surrounding circumstances, and are
affected by the size or nature of a misstatement, or a combination of both
• Judgments about matters that are material to users of FS are based on a consideration of
the common financial information needs of users as a group
• Profit before tax from continuing operations I often used fro profit-oriented entities
• There is a relationship between the percentage and the chosen benchmark, such that a
percentage applied to profit before tax from continuing operations will normally be higher
than a percentage applied to total revenue.
• Materiality may need to be revised as the audit progresses due to changes in circumstances.
30
Performance materiality
SSA 320 (9 & 11)
1. The auditor shall determine performance materiality for the
purposes of assessing the risks of material misstatement
and determining the nature, timing and extent of further
audit procedures
2. Performance materiality means the amount(s) set by the
auditor at less than materiality for the FS as a whole (and
for particular classes of transactions, account balances or
disclosures where applicable) to reduce to an
appropriately low level that the probability that the
aggregate of uncorrected and undeterred misstatements
exceeds materiality.
Dr AR 10
Cr Sales 10
...
...
Aggregate
Nature of misstatements
SSA 450.A3: In evaluating the effect of misstatements and commincating misstatements with
TCWG, it may be useful to distinguish between:
• Factual misstatements
→ About which there is no doubt
• Judgmental misstatements
→ Related to management’s selection or application of accounting policies or judgments
concerning accounting estimate that the auditor considers inappropriate or unreasonable
• Projected misstatements
→ Related to auditor’s best estimate of misstatements based on projection of identified
misstatements from audit samples to entire populations.
31
Evaluating effect of Uncorrected Misstatements
SSA 450.11: The auditor shall determine whether uncorrected misstatements are material,
individual or in aggregate, considering:
Size and nature of the misstatements
Particular circumstance of their occurrence
Effect of uncorrected misstatements related to prior periods (and future periods?)
Step 2: Determine
Step 1: Determine Materiality and
Materiality and Performance Materiality Step 3:
Performance Materiality for Classes of Evaluate audit findings
for the FS as a whole Transactions, Account
Balances or Disclosures
32
*** Audit Risk Model: ***
Audit Risk = IR x CR x DR
• Risk of material misstatements: The risk that the FS are materially misstated prior to the
audit. May exist at overall financial report level and may affect many assertions or at
assertion level (SSA 200.A34). At assertion level, RMM consists of 2 components:
o Inherent risk: The risk that FS could be materially misstated, before consideration of any
related controls.
o Control risk: The risk that any material misstatement in the FS will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control.
• Detection risk: Risk that the procedures performed by the auditor fail to detect a material
misstatement that exists.
It is the risk that auditor will not detect misstatements.
Consists of (i) Non sampling risk: Inappropriate audit procedure, failure to detect when
using the appropriate procedure, misinterpreting audit results, and
(ii) Sampling risk: Wrong sample, wrong number of samples, etc.
eg:
AR = IR x CR x DR
SIA Low Low High
Durian Ltd High High Low
→ Auditor can afford to make more mistakes for SIA, but must do more work for Durian Ltd
33
9: Risk Assessments
Audit risk, Auditor’s business risk and client’s business risk
Audit Risk Auditor’s Business Risk Client’s Business Risk
The risk that the auditor The risk that the auditor is A risk resulting from significant
expresses an inappropriate exposed to loss or injury to conditions, events,
audit opinion when the professional practice from circumstances, actions or
financial statements are litigation, adverse publicity or inactions that could adversely
materially misstated. (SSA 200) other events arising in affect an entity’s ability to
connection with financial achieve its objectives and
statements audited and execute its strategies, or from
reported on (EMGP p.77, SSA the setting of inappropriate
200, A33) objectives and strategies.
Relate those risks to what can go wrong at the class of transactions, account balance
or disclosure levels
34
EXTERNAL
PEST Analysis – Tool for assessing external risks.
• Political: Government stability, taxation laws, industrial policies, employment law, mergers
law, environment law, trade treaties
• Economic: Inflation, employment, disposable income, interest rates
• Social: Demographic, income distribution, level of education, attitudes to work and leisure
• Technological: New developments/discoveries, technological transfer, technological
obsolescence
SWOT analysis
S: Strengths – Internal aspects that can improve competitive situative
W: Weaknesses – Internal aspects, vulnerability to competitors’ strategic moves
O: Opportunities: Environmental aspects that can improve entity’s situation relative to
competitors
T: Threats: Environment aspects that can undermine entity’s competitive situation.
INTERNAL
Strategic risk: eg, Emphasis on wrong product; inappropriate acquisitions
Operational risk: Flaws in the way business is carried on, its processes and systems (eg Poor labour
relations; loss of key employees; reliance on few suppliers or customers; lack of R&D)
Governance risk: Poor or inadequate corporate governance
Financial risk: Inadequate finance, high gearing
SSA 315(25): The auditor shall identify and assess the RMM:
• At the financial statement level, and
• At the assertion level for classes of transactions, account balances, and disclosures, taking
into account relevant controls the auditor intends to test
To provide a basis for designing and performing further audit procedures.
35
Financial statement level Assertion level
RMM is pervasive (3 criteria) Can identify into a few assertions?
Eg: Going concern problem (Affects whole FS) *** Try to do assertion level as much as
Cannot specify which account is at risk possible
TRY TO DRILL DOWN TO ASSERTION LEVEL AS FOR AS POSSIBLE! THEN CAN SPECIFICALLY DESIGN
PROCEDURES FOR THESE ASSERTIONS.
36
10: Internal Control over Financial
Reporting
COSO Internal Control Integrated Framework
Internal control is a process designed and effected by entity’s BOD, management, and other
personnel to provide reasonable assurance that the organization’s objectives are being met:
• Effectiveness and efficiency of operations
• Safeguarding of assets
• Reliability of financial reporting
• Compliance with applicable laws and regulations
SSA 315(12): Most controls relevant to the audit are likely to relate to financial reporting
Management’s responsibility for internal control Auditors’ responsibility for client’s internal contrl
SSA 200(A2): An audit in accordance with SSAs SSA 315(12): Obtain an understanding of
is conduced on the premise that mgmt. and internal control relevant to the audit when
TCWG have acknowledged and understand identifying and assessing the risks of material
their responsibility for: misstatement
• Preparation of f/s in accordance with
the applicable financial reporting SSA 265: Communicate identified control
framework; and deficiencies to TCWG and mgmt. that are of
• Such internal control determined by sufficient importance to merit their respective
them to be necessary for preparation of attention
f/s that are free from material
misstatement, whether due to error or USA: Auditor required to express opinion of
fraud effectiveness of internal controls over financial
Companies Act (S199, 2A): Every public reporting for public companies
company and every subsidiary of a public
company shall devise and maintain a system of
internal accounting controls sufficient to
provide a reasonable assurance that
• Assets are safeguarded against loss from
unauthorized use or disposition; and
• Transactions are properly authorized and
recorded to permit the preparation of
true and fair profit and loss accounts and
balance sheets and to maintain
accountability of assets
37
Control risk assessment and audit strategy
Control risk assessed at maximum (Substantive Control risk assessed at below maximum
Strategy): (Reliance Strategy):
Auditor does not intend on relying on entity’s Auditor intends on relying on entity’s internal
internal controls to reduce substantive testing controls to reduce substantive testing
because he concludes that: • Need to test operating effectiveness of
• Internal controls are not effectively controls to assess if the “achieved” level
designed or implemented (hence of control risk is in line with the “planned”
reliance strategy is not justified), OR control risk (ie Whether preliminary
• A substantive strategy is more efficient assessment of control risk is supported
IF CONTROLS SUCK, DON’T BOTHER TESTING TEST THE INTERNAL CONTROL SINCE YOU
WANNA RELY ON IT (Then can do less
substantive testing!)
38
Limitations of internal controls
SSA 330(18): Irrespective of the assessed RMM, the auditor shall design and perform substantive
procedures for each material class of transactions, account balances and disclosures.
Because of the limitations of entity’s internal control
• Management override of internal control
• Collusion
• Human errors or mistakes
Moreover, auditor’s risk assessment is judgmental
No such thing as 100% control testing
But 100% substantive is possible
TEST OF CONTROLS
• Inquiry, observation, inspection of documents, re-performance
Consider:
• Who performs the control
• How well was the control performed
• How consistent was the control applied throughout the period of intended reliance
• Potential risk factors, such as Changes in personnel, Seasonal fluctuations in volume of
transactions.
Examples:
39
Shall also comm other control deficiencies judged to be of suff importance to merit mgmt.’s attn..
40
11: Auditor’s responsibility for fraud, illegal acts and
related party transactions
Significant risks
SSA 315(27-28): As part of risk assessment, auditor shall determine whether any risks identified are
significant risks (before considering controls), including risks related to:
• Fraud
• Significant economic, accounting or other developments
• Complex transactions
• Significant transactions with related parties
• Financial information involving high measurement subjectivity or uncertainty
• Significant transactions outside normal course of business or otherwise appear unusual
Such risks have higher RMM because (1) Often involve significant non-routine transactions or
judgmental matters, and (2) are less subject to routine controls.
Auditor needs to obtain understanding of entity’s controls relevant to such significant risks, and
perform substantive procedures that are responsive to the assessed risks at the assertion level.
41
Non-cash misappropriation EmpE steals inventory from warehouse
EmpE steals/uses confidential client info
Behavioral red flags
- Living beyond means (look at income tax against wealth)
- Financial difficulties
- Unusally close associate with vendor/customer
- Control issues, unwillingness to share duties
- Divorce, family problems
Responsibility
Primary responsibility for the prevention and deterion of fraud rests with mgmt. and TCWG.
Auditor’s responsibility
• An auditor conducting an audit inaccordance with SSAs is responsible for obtaining
reasonable assurance that the FS taken as a whole are free from material misstatement,
whether caused by fraud or error.
• In relation to RMM due to fraud, auditor should:
- Identify and assess RMM due to fraud
- Design and implement appropriate responses
- Respond appropriately to identified or suspected fraud
Auditor’s response...
... 1. To overall heightened risk of fraud (SSA 240)
• Maintain professional skepticism throughout the audit, recognizing the possibility of fraud
• Discuss susceptibility of FS to fraud among engagement team
• Perform relevant risk assessment procedures, including
o Enquire management and other within the entity (including internal auditors, TCWG)
▪ Fraud risk management process
▪ Knowledge of actual, suspected or alleged fraud
o Apply analytical procedures to identify unusual/unexpected relationships that may be
indicative of fraud
o Consider other information (eg From client acceptance process or other engagements)
that may be indicative of fraud
o Evaluate fraud risk factors
▪ Fraud risk triangle (INCENTIVE, OPPORTUNITY, RATIONALIZATION)
▪ * Rationalization: Even if there’s incentive and opportunity, if the company has
a culture/ethics/values that are against fraud, fraud will still not occur)
42
... 2. To RMM due to fraud:
• Identify & assess RMM due to fraud at FS level and assertion level
• Presumed risks of (Don’t start at neutral. Start at being suspicious already) eg At start of audit
already assume that revenue is overstated and that controls have been overridden, THEN
justify otherwise
o Fraud in revenue recognition
o Mgmt override of conrols
• Respond to assessed RMM due to fraud
o FS level (overall responses) – SSA 240 (A33 – 36)
▪ Eg Assignment of more experienced staff or experts & closer supervision
o Assertion level – SSA 240 (A34 – 40, Appen 2)
▪ Nature, timing and extent of further audit procedures responsive to the assessed
risks
Audit procedures for risk of override of controls
• Test appropriateness of journal entries and other adjustments
• Review accounting estimates for bias
• Assess business rationale of significant transactions
• Obtain written representations from mgmt. and TCWG (* Not enough but is a must)
o Acknowledgement of responsibility for IC to prevent and detect fraud
o Results of management’s assessment of RMM due to fraud
o Any known, alleged or suspected fraud
... 3. To identified/suspected fraud
• Evaluate implications for other aspects of audit (eg Risk assesments and audit plan, reliabilitiy
of evidence collected)
• Communicate with management and TCWG on timely basis (including control deficiencies)
• Consider the need to:
o Report to outside authorities
o Withdraw from engagement
▪ If there’s serious integrity issues with management
o Seek legal advice
▪ Communication responsibilities
▪ Other laws (eg Money laundering laws)
Auditor’s responsibility...
... 1. To report on NON COMPLIANCE WITH COMPANIES ACT
Companies Act S207(9):
If an auditor, in the course of the performance of his duties as auditor of a co, is satisfied that
a) There has been a breach or non-observance of any of the provisions of this Act; and
b) The circumstances are such that in his opinion the matter has not been or will not be
adequately dealt with by comment in his report on the accounts or consolidated accounts
or by bringing the matter to the notice of the directors of the company or, if the company
is a subsidiary, of the directors of its holding company
43
(ie, His comment will not be enough to deal with the matter)
→ This is onerous on the auditor
he shall immediately report the matter in writing to the Registrar.
Eg, Auditor can choose whether to report the co. for eg for not meeting quorum for AGM.
→ Very administrative, strictly speaking not very serious
BUT, eg, If auditor discovers that a private exempt company has given a loan to a director and it’s
serious → MUST REPORT.
... 2. To report FRAUD
Companies Act S207, 9A:
If an auditor of a public co or a sub of a public co has reason to believe that a ***serious offence
involving fraud or dishonesty is being or has been committed against the co by officers or
employees of the co, he shall immediately report the matter to the Minister.
CA S207, 9D:
*** A serious offence = An offence punishable by imprisonment of not less than 2 years and the
value of the property involved not less than $20,000.
... 3. Other reporting responsibility
SAP 1 – Guidance to Auditors on Money Laundering and Terrorism
• Whilst auditors have no statutory responsibility to undertake work solely for the purpose of
detecting money laundering and terrorism financing, they nevertheless need to take the
possibility of money laundering and terrorism financing into account (para 21)
• Auditor of all entities need to be sufficiently aware of the main provisions of the anti-money
laundering (AML) and anti-terrorism financing (ATF) legislation... (para 44)
Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (Chapter 65A)
• S39 – Duty to disclose knowledge or suspicion of drug trafficking or criminal conduct.
Related Parties
SSA 550: → Provides robust basis for identifying risks of material misstatement from RPs
• Many financial reporting frameworks establish specific accounting and disclosure
requirements for related party (RP) relationships, transactions and balances because RP are
not independent of each other.
o FRS 24 (Disclosure):
▪ Knowledge of such information may affect FS users’ assessments of entity’s
operations, including risks and opportunities facing the entity.
• Audit significance of RPs and RP transactions:
o Risks from inappropriate accounting → Arms-length transaction
o Risks from non-identification or non-disclosure
o Risks of fraud
• Inherent difficulty in identifying undisclosed RPs/RPTs
o Eg, Management itself may be unaware of RPs and RPTs (especially if framework does
not require disclosure)
• Heightened risk of fraud
o RPs present greater opportunities for collusion, concealment, or manipulation by
management
o RPs involved in a number of corporate reporting scandals in recent times
SSA 315:
• Risk based approach requires a thorough understanding of RPs and RPTs to identify and assess
risks
o Consider RPs in engagement team discussion
o Inquire into changes in RPs from prior period, nature of RP relationships, and type and
purpose of RPTs
o Understand controls to identify, account for, and disclose RPs and RPTs; and to authorize
44
and approve significant RPTs
• Determine whether any of the assessed risks are significant risks.
• Respond appropriately to assessed risks
45
Purchasing clerk pay • Check on clerk’s wealth vs income • Rotation of
higher-than-market • Check comparative quotes purchasing clerk
prices from an between vendors (Competitive • Encourage whistle
important vendor → In pricing) blowing
return, receive perks • Are there two to three quotes? Did
from vendor and clerk take care to find the cheapest
kickbacks quotation?
Supervisor of small • Check against CPF • Segregation of
manuf co and payroll • Attend and observe issuing of duties (though may
clerk colluded to add cheques (eg Look at empE, do they still collude)
extra person to payroll really look like construction workers) • Rotate
• Should report to TCWG, even if not supervisor/clerk
material
46
12: Auditing in a computerized
environment
Issues introduced in a computerized environment
1. Input errors → If there’s something wrong with one check, it can lead to all transactions having
errors
2. Systematic vs Random processing errors
3. Lack of an audit trail → (Therefore the logbook is very important → Check who comes in at
odd hours
4. Inappropriate access to computer files and programs → Easy to copy out database
5. Reduce human involvement in processing transactions → Harder to track and monitor
processes
General Controls
1. Data centre and network operations
a. Controls over computer and network operations: Rotation of operator duties, mandatory
vacations, operations systems log that is regularly reviewed to ensure that operators have
not performed any unauthorized activities.
b. Controls over data preparation: Proper entry of data into application system, proper
oversight of error correction
c. Work flow control: Scheduling of application programs, proper setup for programs, use of
control files
d. Library: Need to make sure that correct files are provided for specific applications, files are
47
properly maintained, and backup and recovery procedures exist.
Approval process for purchases of new system software and changes and maintenance of
existing systems.
3. Access security
a. Physical protection of computer equipment, software and data
b. Loss of assets and information through theft or unauthorized use
• Locating the computer facilities in a separate building or in a secure part of a building
• Limit access to the computer facilities through use of locked doors + conventional key,
authorization card, physical recognition
• Programmer not allowed in computer room → Prevent them from making unauthorized
modifications to systems and app process.
• Protection against water, fire, electrical problems, sabotage (Proper construction of computer
facilities, disaster recovery plan eg off-site backup location for processing critical applications)
• Physical security over remote terminals
• Authorization tables
• Firewalls
• User identification controls like passwords
• Encryption of data
4. Application system acquisition, development and maintenance
• Written policies and procedures for planning, acquiring or developing and implementing new
systems.
• Request by user department > Feasibility study > Acquired/designed, programmed, tested,
implemented > Documentation including flowcharts, file layouts, source code lsitings, operator
instructions.
• Controls that enable authorized changes to be implemented
• Controls that prevent unauthorized changes.
Application Controls
1. Data capture controls
Ensure that (1) all transactions are recorded in the application system, (2) transactions are
recorded only once, (3) rejected transactions are identified, controlled, corrected and re-entered
into the system.
Primarily concerned with occurrence, completeness, accuracy.
i) Source documentation data capture should have these controls: Batch processing control (ie,
Group similar transactions for data entry), attach unique number to each batch, record numbers
into a batch register, cover sheet attached to each batch for signatures, batch totals.
ii) Direct data entry should: Have a log that contains detailed record of each transaction,
including date and time of entry, terminal and operator identification and unique number (eg
Cust no.)]
48
• Sign test: Proper arithmetic sign
• Check-digit verification: Check that original value was not altered
• Turnaround document: Output docs that are used as source docs in later processing →
Prevents data capture and data validation errors.
• Prompts that wait for acceptable response before requesting next piece of input data, eg
Blanks provided to be filled.
• Completeness test: All data items are completed before processing
3. Processing controls
Proper processing of transactions
Highly dependent on General controls
4. Output controls
• Report distribution log: Contains schedule of when reports are prepared, names f
individuals who are to receive the report, date of distribution
• Transmittal sheet: Indicates intended recipient’s names and addresses attached to each
copy of the output
• Release form: Signed upon receipt of the report
Outputs should be reviewed by user departments as they may be the only ones with sufficient
knowledge to recognize certain types of error.
Data control group should check output for reasonableness, batch totals.
5. Error controls
Errors must be resubmitted to the application system at the correct point in processing. (ie, after
being rejected by validity test, the corrected info should be resubmitted into the system)
Test data: Auditor prepares a set of valid, and invalid data, and calculates the expected results
of processing the data, then submits the data into the system, gets the actual results, then
compare the actual with the expected results. Invalid data should be identified as errors.
☺ Direct evidence on effectiveness
Time consuming to create test data
May not be sure that all relevant conditions or controls are tested
Must make sure that the test data is properly removed after testing
Must make sure that the test data are processed using the client’s regular production programs
50
13: Auditing the revenue process
Revenue:
IASB definition: The gross inflow of economic benefits during the period arising in the course of the
ordinary activities of an entity when those inflows results in increases in equity, other than increases
relating to contributions from equity participants
51
Remittance Advice Contains info regarding which invoices are being paid by the customer
Cash receipts journal To record entity’s cash receipts.
Credit memorandum Record credits for the return of goods in a customer’s account or to record
allowances that will be issued.
Write-off Authorizes the write off of an uncollectible account. Normally initiated in the
Authorization credit department, final approval coming from treasurer.
Segregation of Duties
This function ...Should be ...And these Because
separate from people should do
it instead
Credit or Approval of write- Treasurer/cash To prevent fictitious bad-debt write-offs
collection off of bad debts management IC to conceal misappropriation of cash
Credit Billing The individual may make sales to a
customer who is not credit worthy →
bad debts
Shipping Billing Possible unauthorized shipment of
goods. Usual billing procedures may
be circumvented. → Unrecorded sales
transactions and theft of goods.
Accounts General ledger Individual can conceal unauthorized
recoverable shipments. → Unrecorded sales
transactions, theft of goods
Cash Accounts Cash could possibly be diverted and
receipts receivable shortage of cash in accounting records
to be covered. →
52
Inherent risk assessment (4 factors specific to Revenue)
1. Industry-related factors
• Profitability and health of the industry (Lack of demand)
• Level of competition (Affects pricing policies, credit terms, product warranties)
• Industry’s rate of technological change
• Governmental regulation (Some industries more regulated than others)
• Consumer protection legislation (Warranties, returns, financing and product liability)
→ Management may engage in activities that can result in misstatements.
→ Assertions impacted: Authorization and accuracy.
2. Complexity and contentiousness of revenue recognition issues
• Eg: Long term construction contracts, long term service contracts, lease contracts,
installment sales.
• When auditor and management dispute over when revenue, expenses and related profits
should be recognized, auditor should assess RMM as high.
→ Assertions impacted: Cut-off and accuracy.
3. Difficulty of auditing transactions and account balances
• Eg: Mgmt’s estimate for allowance (Subjective).
• RMM of estimates should be set as high as the only evidence available may be past
payment history or a credit agency report which are not reliable.
4. Misstatements detected in prior audits
• Indicator that misstatements are likely to be present during the current audit.
*The auditor’s testing of control for revenue process impacts the detection risk and therefore the
level of substantive procedures impacted by the controls.
1. Understand and document the revenue process based on a reliance approach
Control environment
Integrity and ethical values, commitment to competence, etc.
Control activities
What are the controls that exist to ensure that management’s objectives are being met?
53
TOC to ensure that controls operate effectively.
TOC include:
• Inquiry of client personnel
• Inspection of documents and records
• Observation of the operation of the control
• Walk-throughs
• Re-performance
3. Set and document the Control Risk
Auditor sets the achieved level of control risk.
If results of TOC do not support the planned level of CR, auditor sets CR at a level higher than
planned. Additional substantive procedures in the accounts affected by the revenue process
must then be conducted.
Assertions
Occurrence All revenue and cash receipt transactions and event that have been recorded
have occurred and pertain to the entity
Completeness All revenue and cash receipt transactions and events that should have been
recorded have been recorded
Authorization All revenue and cash receipt transactions and events are properly authorized
Accuracy Amounts and other data relating to recorded revenue and cash receipt
transactions and events have been recorded appropriately and properly
accumulated from journals and ledgers
Cut-off All revenue and cash receipts transactions and events have been recorded in
the correct accounting period
Classification All revenue and cash receipt transactions and events have been recorded in
the proper accounts
REVENUE TRANSACTIONS
Assertion Possible Example Control Example TOC
Misstatement
Occurrence Fictitious revenue Segregation of duties Observation and evaluation of proper
segregation of duties
Revenue recorded, Sales recorded only with Testing of a sample if sales invoice for
goods not shipped, approved customer order the presence of authorized customer
or services not and shipping document order and shipping document,; it IT
performed application, examination of
application controls
Accounting for numerical Review and testing of client
sequences of sales invoices procedures (control activities) for
accounting for numerical sequence
of sales invoices; if IT, examine app
controls
Monthly customer Review and testing of client
statements; complaints procedures for mailing and handling
handled independently complaints about monthly statements
Completeness Goods shipped or Accounting for numerical Review and testing of client’s
services performed, sequences of shipping procedures for accounting for
revenue not documents and sales numerical sequence of shipping
recorded invoices docs, and sales invoices. If IT;
examine app controls
Shipping documents Tracing of sample of shipping docs to
matched to sales invoices their respective sales invoices and to
the sales journal
54
Sales invoices reconciled to Testing of a sample of daily
daily sales report reconciliations
An open order file that is Examination of open-order file for
maintained currently and unfilled orders
reviewed periodically
Authorization Goods shipped or Proper client’s procedures Review of client’s procedures for
services performed for authorizing credit and granting credit.
for a customer who shipment f goods Examination of sales orders for
is a bad credit risk evidence of proper credit approval; if
IT, examine app controls for credit
limit
Shipments made or Authorized price list and Comparison of prices and terms on
services performed specified terms of trade sales invoices to authorized price list
at unauthorized and terms of trade; if IT, examine app
prices or on controls for authorized price and
unauthorized terms terms.
Accuracy Revenue Authorized price list and Same as above.
transaction specified terms of trade. Examination of sales invoices for
recorded at an Each sales invoice agreed evidence that client personnel
incorrect monetary to shipping doc and verified mathematical accuracy.
amount customer order for product Recomputation of the info on a
type and quantity; sample of sales invoices; if IT, examine
mathematical accuracy of app controls and consider CAATs.
sales invoice verified
Revenue Sales invoices reconciled to Examination of recon of sales invoices
transactions not daily sales report. to daily sales report.
posted correctly to Daily postings to sales Examination of recon of entries to
the sales journal or journal reconciled with sales journal with entries to subsi
customer’s posting to subsi ledger ledger
accounts in AR
subsi ledger.
Amounts from sales Subsi ledger reconciled to Review of recon of subsi ledger to GL
journal not posted GL control account control account
correctly to GL Monthly customer Review and testing of client
statements with procedures for mailing and handling
independent review of complaints related to monthly
complaints statements
Cut-off Revenue All shipping documents Comparison of the dates on sales
transactions forwarded to the billing invoices with dates of the relevant
recorded in the function daily shipping docs
wrong period Daily billing of goods Comparison of the dates on sales
shipped invoices with the dates they were
recorded in the sales journal
Classification Revenue Chart of accounts Review of sales journal and general
transaction not ledger for proper classification
properly classified Proper codes for different Examination of sales invoices for
types of products or services proper classification; if IT, test of app
controls for proper codes
55
review
Completeness Cash receipts Same as above. Same TOC as above
received or Daily cash receipts reconciled with Testing of the recon of daily
deposited but postings to AR subsi ledger cash receipts with posting to
not recorded AR subsi ledger
Customer statements prepared on a Inquiry of client personnel
regular basis; complaints handled about handling of customer
independently statements and examination
of resolution of complaints.
Authorization Cash discounts Client’s procedures specifying policies Review and test client’s
not properly and controls for cash discounts procedures to control proper
taken cash discounts
Accuracy Cash receipts Daily remittance report reconciled to Review and testing of
recorded at control listing of remittance advices reconciliation
incorrect Bank statement reconciled regularly Examination of bank recon
amount and independently reviewed for independent review
Cut-off Cash receipts Cash receipts at, before, and after an Review and testing of
recorded in accounting period are reconciled to reconciliation
wrong period ensure recording in appropriate period
Classification Cash receipts Daily remittance report reconciled daily Review and testing of recon,
posted to wrong with postings to cash receipts journal if IT, testing of app controls
customer and AR subsi ledger for posting
account Monthly customer statements with Review and testing of client
independent review of complaints procedures for mailing
statements and handling
complaints from customers
Cash receipts Monthly cash receipts journal agreed to Review of posting from cash
not properly GL posting receipts journal to GL.
posted to GL AR subsi ledger reconciled to GL control Examination of recon of AR
accounts account to GL
Cash receipts Chart of accounts Tracing of cash receipts from
recorded in listing to cash receipts journal
wrong FS for proper classification.
account Review of cash receipts
journal for unusual items
56
channel with industry and competitor’s sales trends, if known.
Accounts receivable, Allowance for Uncollectible accounts, and bad debt expense
Comparison of receivables turnover and days outstanding in AR to Under or
PY/industry overstatement of
Comparison of ageing categories on aged trial balance of AR to PY allowance for
Comparison of bad debt expense as a % of revenue to PY and/or industry uncollectible
Comparison of the allowance for uncollectible accounts as a % of AR or accounts and bad
credit sales to PY and/or industry debt expense
Examination of large customer accounts individually and comparison to
PY
Sales returns an allowances and sales commissions
Comparison of sales returns as a percentage of revenue to previous years’ Under or
or industry overstatement of
Comparison of sales discounts as a percentage of revenue to PY and/or sales returns, sales
industry discounts, and sales
Estimation of sales commission expense by multiplying net revenue by commission expense
average commission rate and comparison of recorded sales commission and related accrual
expense
Assertions and tests on (i) Classes of transactions, (ii) Account balances and (iii) Presentation and
Disclosure, on (a) AR, (b) Allowance for uncollectibles, (c) Bad debt expense
Assertions about Substantive Tests of Transactions
Classes of
Transactions
Occurrence For a sample of sales transactions recorded in the sales journal, vouching of the sales
invoices back to customer orders and shipping documents
Completeness Tracing of a sample of shipping documents to the details of the sales invoices and to
the sales journal and customers’ AR subsi ledger
Authorization and Comparison of prices and terms on a sample of sales invoices with authorized price
accuracy list and terms of trade
Cut-off Comparison of the dates on a sample of sales invoices with the dates of shipment
and with the dates they were recorded in the sales journal
Classification Examine a sample of sales invoices for proper classification into revenue accounts
Assertions about TOD of Account Balances
Account Balances
Existence Confirmation of selected accounts receivable
Performance of alternative procedures for AR confirmation exceptions and non-
responses
Rights and Review of bank confirmations for any liens on receivables
obligations Inquiry of mgmt., review of any loan agreements and review pf BOD’s minutes for
any indication the AR have been sold
Completeness Obtaining of aged trial balance of AR and agreeing total to GL control accounts
Review results of testing the completeness assertion for assessing CR; tracing of
shipping docs into sales journal and to AR subsi ledger if such testing was not
performed as TOC
Valuation and Examination of the results of confirmations of selected AR
allocation Examination of the adequacy of the allowance for uncollectable accounts
Assertions about TOD of Disclosures
presentation and
disclosure
Occurrence, and Determine whether any receivables have been pledged, assigned or discounted.
rights & obligations Determine If such items require disclosure.
Completeness Complete financial reporting checklist to ensure that all financial statement
disclosures relating to AR and related accounts have been disclosed
Classification and Review of aged trial balance for material credits, LT receivables and non-trade
understandability receivables. Determine whether such items require separate disclosure on the
balance sheet. Read notes to ensure that required disclosures are understandable
Accuracy and Read notes and other info to ensure that the info is accurate and properly presented
57
valuation at the appropriate amounts.
59
15: Auditing the supply chain &
inventory
(i) SUPPLY CHAIN
• Receiving department PO quantity is omitted to ensure that the receiving clerk actually counts
and records the stock. Physically checks quality and quantity and description.
60
• 3 way match: PO, receiving report, supplier’s invoice, before preparing payment voucher.
Check description, quantity, and amount billed, and freight charges etc. Check for arithmetic
errors in invoice.
• Purchase, receive, record, pay must ALL be separated.
IASB:
Expenses: are decreases in economic benefits during the accounting period in the form of
outflows or depletions of assets or incurrences of liabilities that result in decreases in equity, other
than those relating to distributions to equity participants.
Liability: is a present obligation of the entity arising from past events, the settlement of which is
expected to result in an outflow from the entity of resources embodying economic benefits.
Segregation of Duties
This function ...Should be Because
separate from
Purchasing Requisition an Fictitious or unauthorized purchases can be made. → Theft of
receiving goods, possibly payment for unauthorized purchases
Invoice- AP Purchase transactions can be processed at the wrong price or
processing terms, or a cash disbursement can be processed for goods or
services not received. → Overpayment/theft of cash
Disbursement AP Unauthorized payments supported by fictitious documents can
be issued, and unauthorized transactions can be recorded. →
Theft of cash.
AP GL Concealment of defalcation that would be normally detected
by reconciling subsi records with GL control account
Understand and
Set and socument the
document the revenue Plan and perform TOC
control risk for the
process based on a on revenue transactions
revenue process
reliance approach
Monitoring of controls
How does the client monitor controls, how personnel are reviewed.
Plan and perform TOC
Identify controls that can be relied upon > Test them to verify that control is operating effectively >
Examine sample of transactions > Consistent with mgmt. policy?
Set and Document CR
TOC supports planned CR: No modification necessary to the planned DR, then proceed with
planned substantive procedures.
TOC does NOT support planned CR: Set a higher CR, lower DR, more substantive procedures
needed than originally planned.
Document the achieved level of CR (Flowcharts, results of TOC, etc)
PURCHASE TRANSACTIONS
Assertion Possible Misstatement Example Control Example TOC
Occurrence Purchase recorded, Segregation of duties Observe and evaluate
goods/services not ordered proper segregation of duties
or received Purchase not recorded Test a sample of vouchers for
without approved PO and the presence of an
RR authorized PO and RR. If IT,
test app controls
Accounting for numerical Review and test client
sequence of RR and procedures for accounting
vouchers for numerical sequence. If IT,
test app controls
Cancellation of documents Examine paid vouchers and
supporting docs for
indication of cancellation
Completeness Purchases made but not Accounting for numerical Review client’s procedures
recorded sequence of PO, RR, for accounting for numerical
vouchers sequence. If IT, test app
controls
RR matched to VI and Trace a sample of receiving
entered in purchase journal reports to their respective VI
and vouchers
Trace a sample of vouchers
to purchase journal
Authorization Purchase of goods/services Approval of acquisitions Review client’s monetary
not authorized consistent with the client’s limits authorization for
authorization monetary acquisitions
limits
Approved PR and PO Examine them for proper
approval. If IT, examine app
controls
Purchase of goods/services Competitive bidding Review client’s competitive
at unauthorized prices/on procedures followed bidding procedures.
63
unauthorized terms
Accuracy Vendor invoice improperly Mathematical accuracy of Recompute the
priced or incorrectly vendor invoice verified mathematical accuracy of
calculated VI
PO agreed to RR and VI for Agree the info on a sample
product, quantity and price. of voucher packets
Purchase transactions not Vouchers reconciled to Examine recon of vouchers
posted to the purchase daily AP listing to daily AP report. If IT,
journal or AP subsi ledger examine app controls
Amounts from purchase Daily postings to purchase Examine recon. If IT,
journal not posted correctly journal reconciled with examine app controls.
to Gl postings to AP subsi records
Cut-off Purchase transactions All RR forwarded to AP dept Compare dates on RR and
recorded in the wrong daily dates on relevant vouchers
period Existence of procedures Compare dates on vouchers
that require recording the with the dates they were
purchases as soon as recorded in purchases
possible after journal
goods/services are received
Classification Purchase transaction not Chat of accounts Review purchase journal and
properly classified GL for reasonableness
64
Cash disbursement Vendor statements reconciled and Review reconciliation
posted to the wrong independently reviewed
vendor account
Cash disbursements Monthly cash disb journal agreed Review postings from cash
journal not to GL postings disb journal to GL
summarized properly AP subsi records reconciled to GL Review recon
or not properly posted control accounts
to GL accounts
Cut-off Cash disbursement Recon of e-fund transfer and Review recon
recorded in wrong cheques issued with postings to the
period cash disb journal and AP subsi
records
Classification Cash disb charged to Chart of accounts Review cash disb journal for
wrong account reasonableness of account
distribution
Independent approval and review Review GL acc code on
of GL acc on voucher package voucher package for
reasonableness
65
Search for unrecorded liabilities by inquiring of mgmt. and examining post-balance
sheet transactions
Obtain selected vendors’ statements and reconcile to vendor accounts
Confirmation of selected AP (Manually/CAATs)
Valuation and Obtain listing of AP and account analysis schedules for accruals; foot listing and
allocation schedules and agree totals to GL (Manually/CAATs)
Trace selected items from AP listing to subsi records and voucher packets
(Manually/CAATs)
Review results of confirmations of selected AP
Obtain selected vendors’ statements and recon to vendor accounts
Assertions about TOD of Disclosures
Presentation and
Disclosure
Occurrence and Inquire about AP and accrued expenses to ensure that the are properly disclosed
rights and
obligations
Completeness Complete financial reporting checklist to ensure that all FS disclosures related to AP
and accrued expenses have been disclosed
Classification and Review of listing of AP for material debits, LT payables, and non-trade payables.
understandability Determine whether such items require separate disclosure on B/S.
Read notes to ensure that required disclosures are understandable.
Accuracy and Read notes and other info to ensure that the info is accurate and properly presented
valuation at the appropriate amounts
*Accounting for numerical sequence tests for both (1) Completeness (ie Look for missing #), and
(2) Occurrence (ie Got two #88! One of the #88 probably hasn’t occurred.
AR confirmation AP confirmation
Test for existence Test for completeness (Understatement)
(Overstatement)
Vendor usually does not recall Vendor is the creditor. He wants the payment so he will want
what is the amount, so must to confirm that the client owes him money
give the amount for him to
confirm
Vendor is not obliged to Pick major and regular amounts, including nil balances.
confirm for you → Pick through transaction testing. Look through accounting
records, approved vendors list, prior audit/previous experience
Eg,
If company takes 120 days to pay back when credit terms are 30 days → Signals cash flow
problems
If company pays in 5 days when term is 30,
→ Signals that client is not managing their cash well (Should max out credit days)
→ Suggests maybe there was a a change in credit terms on supplier’s side. Maybe supplier’s
pissed about company taking damn long to pay up during previous months.
(ii) INVENTORY
Documents and Records
Production schedule Prepared based on expected demand.
Receiving report Receipt of goods from vendors.
Materials requisition Prepared by dept personnel as needs for production purposes. A copy of
materials requisitions may be maintained in the raw materials dept, and another
copy accompanies goods to the prodn process.
Inventory master file Contains all important info related to entity’s inventory, including perpetual
inventory records and standard costs used to value the inventory
Production data info Transfer of goods and related cost accumulation at each stage of production.
Cost accumulation and Material, labour and overhead costs are charged to inventory as part of the
67
variance report manufacturing process. Variance report: Actual costs compared to budgeted
costs.
Inventory status report Shows the type and amount of products on hand.
Shipping order Used to remove goods from client’s perpetual inventory records.
Segregation of Duties
Custody of assets x Authorization or approval x Recording or report → All incompatible!
This function
...Should be Because
separate from
Inventory Cost accounting Production and inventory costs can be manipulated. →
management function Over or understatement of inventor and net income
Inventory Cost-accounting Unauthorized shipments can be made ot theft of goods
stores can be covered up
Cost GL Conceal unauthorized shipments. → Theft of goods,
accounting overstatement of inventory
Supervising Inventory Inventory shortages can be covered up through the
physical management and adjustment of the inventory records to the physical
inventory inventory stores inventory → overstatement of inventory
Summary of assertions, possible misstatements, control and TOC for Inventory transactions
Assertion Possible Misstatement Example Control Example TOC
Occurrence Fictitious inventory Segregation of duties Observe and evaluate
proper segregation of duties
Inventory transferred to Review and test procedures
inventory dept using an for the transfer for inventory
approved, prenumbered
receiving report
Inventory transferred to Review and test procedures
manufacturing using for issuing materials to manuf
prenumbered materials depts.
requisitions
Accounting for numerical Review and test client
sequence of materials procedures for accounting
requisitions for numerical sequence
Inventory recorded by not Physical safeguards over Observe the physical
on hand due to theft inventory safeguards over inventory
68
Completeness Purchases made but not Accounting for numerical Review client’s procedures
recorded sequence of PO, RR, for accounting for numerical
vouchers sequence. If IT, test app
controls
RR matched to VI and Trace a sample of receiving
entered in purchase journal reports to their respective VI
and vouchers
Trace a sample of vouchers
to purchase journal
Consigned goods not Procedures to include goods Review and test client’s
properly accounted for out on consignment and procedures for consignment
exclude goods held on goods
consignment
Authorization Unauthorized production Preparation and review of Review
activity, resulting in excess authorized purchase or
levels of inventory production schedules
Inventory obsolescence Use of material requirements Review and test procedures
planning and/or JIT inventory for developing inventory
systems levels and procedures used
Review of inventory levels by to control them
design dept
Accuracy Inventory quantities Periodic or annual Review and test procedures
recorded incorrectly comparison of goods on for taking physical inventory
hand with amounts shown in
perpetual inventory records
Inventory and cost of Standard costs that are Review and test procedures
goods sold not properly reviewed by mgmt. used to develop standard
cost Review of cost accumulation costs
and variance reports Review and test cost
accumulation and variance
report
Inventory obsolescence Inventory management Review and test procedures
personnel review inventory for for identifying these
obsolete, slow-moving or
excess quantities
Inventory transactions not Perpetual inventory records Review the recon of
posted to the perpetual reconciled to GL control perpetual inventory to GL
inventory records account monthly control account
70
Accuracy Recompute the mathematical accuracy of a sample of inventory transactions (ie
Price x Quantity)
Audit standard costs or other methods used to price inventory
Trace cots used to price goods in the inventory compilation to standard costs or
vendors’ invoices
Cut-off Trace a sample of time cards before and after period end to the appropriate weekly
inventory report, and trace he weekly inventory report to the GL to verify inventory
transactions are recorded in the proper period
Classification Examine a sample of inventory checks for proper classification into expense accounts
Assertions about TOD of account balances
Account Balances
at Period End
Existence Observe count of physical inventory
Rights and Verify that inventory held on consignment for others is not included in inventory
obligations Verify that ‘bill-and-hold’ goods are not included
Completeness Trace test counts and tag control info to the inventory compilation
Valuation and Obtain a copy of the inventory compilation and agree totals to GL
allocation Trace test counts and tag control info to the inventory compilation
Test mathematical accuracy of extensions and foots the compilation
Inquire of mgmt. concerning obsolete, slow-moving or excess inventory
Review book-to-physical adjustment for possible misstatements
Assertions about TOD of disclosures
presentation and
disclosure
Occurrence, rights Inquire of mgmt. and review any loan agreements and BOD’s minutes for any
and obligations indication that inventory has been pledged or assigned
Inquire of mgmt. about issues related to warranty obligations
Completeness Complete financial reporting checklist to ensure that all FS disclosures related to
inventory are made
Classification and Review inventory compilation for proper classification among raw mterials, WIP and
understandability FG.
Read notes to ensure the required disclosures are understandable
Accuracy and Determine if cost method is accurately disclosed
valuation Read notes and other info to ensure that info is accurate and properly presented at
appropriate amounts
Weighted-average Method
Inventory unit cost is weighted for each purchase. The auditor must be careful to examine that
the client’s inventory system has been correctly weighted average based on recent purchases.
72
16: Auditing HR, PPE
HUMAN RESOURCES
Major functions
Functions Purpose
HR Authorization of hiring, firing, wage rate and salary adjustments, salaries and
payroll deductions
Supervision Review and approval of employees’ attendance and time info; monitoring of
employee scheduling, productivity and payroll cost variances
Timekeeping Processing of employees’ attendance and time info, and coding of account
distribution
Payroll Computation of gross pay, deductions and net pay; recording and
processing summarization of payments and verification of account distributions
Disbursement Payment of employees’ compensation and benefits
GL Proper accumulation, classification and summarization of payroll in GL
Summary of assertions, possible misstatements, control and TOC for Inventory transactions
Assertion Possible Misstatement Example Control Example TOC
Occurrence Payments made to Segregation of duties Observe and evaluate
fictitious employees proper segregation of duties
Payments made to Changes in employment Test timelines of update of
terminated employees status and salaries promptly changes of personnel and
updated payroll records
Payments made to valid Use of time clocks and pre- Observe use of time clock
employees who have no numbered time cards and inspect time cards for
worked approved by supervisors proper approval
73
PPE
• Usually represents a material amount in the FS (eg 64% of total assets for SIA in 2012/13)
• There is typically limited activities in PPE, and beg bal have been audited in prior years (except
for new engagements)
→ Auditors usually focus on tests of transactions (additions, disposals, write-offs, impairment) and
analytical procedures (depreciation)
Inherent Risk
• When assets are purchased directly from vendor: Transaction relatively easy to audit
• When transactions involve donated assets, non-monetary exchanges, self-constructed assets
→ More difficult to audit
• When judgment and complexity associated with valuation of long-lived assets, the auditor
would likely assess IR as high
Key controls
Occurrence and Authorization
Control procedures for the occurrence and authorization of PPE are normally part of the
purchasing process. However, large capital asset transactions may be subject to additional
controls. Companies should have an authorization table for approving capital asset transactions.
74
17: Auditing of Investment & Financing
Processes, Prepaid, Intangibles, Goodwill
INVESTING
Investing and financing
processes will eventually
affect cash.
Investing process
Main accounts affected:
- Investments
- Goodwill and
intangibles
- Amortization
expenses
- Impairment loss
- Dividend
Key assertions
• Do investments recorded exist? (ie Is the investment still there?)
• Are investments properly valued?
• Correctly classified (eg HFT? AFS? HTM?)
→ Look at client’s history on (1) Financial investments, ie investment factors, (2) Minutes of
BOD, ie what did they discuss? What were their intentions? (3) Investment strategy
• Is investment income and/or investment acquisitions or disposals recorded in the correct
period? (ie Cut-off)
• Are investments appropriately disclosed?
→ Complex disclosure rules exist for new financial instruments, hence more risk than normal
PREPAID EXPENSES
Assertions about TOD of account balances
Account Balances
at Period End
Existence and Confirm policy with insurance broker, examine supporting documents.
completeness
Rights and Confirm policy beneficiary with the insurance broker
obligations
Valuation Determine unexpired portion of policy and insurance expense
Classification Determine propriety of distribution between manufacturing OH and SG&A expense
FINANCING (BORROWING)
Accounts affected
• Borrowings (bank loans, bonds, notes payable)
• Interest expense, payables
76
• Equity accounts
• Dividend paid and payable
Inherent Risks
IR normally assessed as low to moderate because the volume of transactions are low, the
accounting is not complex, and the client often receives third-party statements or amortization
tables.
For instruments that have characteristics of both debt and equity (ie Are sophisticated) and are in
large amounts, IR should be assessed as high.
Key assertions (borrowings)
• Are all borrowings recorded? (Completeness)
• Are all borrowings properly authorized?
• Are borrowings recorded at amounts actually owed (valuation)?
• Are borrowings classified correctly?
• Are all borrowings recorded in the correct period?
• Are borrowings appropriately disclosed?
Substantive tests for Borrowings
• Confirmations from banks and known creditors to establish validity and completeness of
obligations
• Examination of legal documents to ensure compliance of bank covenant, test valuation and
disclosure of obligations
• Cutoff tests for unrecorded liabilities (especially interest accruals and derivative transactions)
• Substantive analytical procedures to test interest expense
• Assessment of reasonableness and extent of disclosures.
FINANCING (EQUITY)
• Equity is usually a minor portion of the audit unless
o There have been complex transactions like mergers
o The company uses esoteric equity arrangements. (*Esoteric = Only understood by a
small group of people)
• Are all new equity issues, splits, dividends completely recorded and recorded in the right
periods?
• Are treasury shares completely recorded?
• Are all equity transactions appropriately valued?
o Especially for complex transactions that involve deferred compensation, hybrid
securities, or derivatives
• Are all equity transactions and balances appropriately disclosed?
Substantive tests for Equity
• Confirm existence, completeness and valuation of equity with the independent registrar or
transfer agent
• Examine BOD minutes for authorization and details about current-period transactions (share
issue, share buy-back: treasury shares, dividends)
• Perform substantive analytical procedures to test dividend accruals and totals
• Assess reasonableness and extent of disclosures (no. of shares issued, treasury shares, retained
earnings)
Audit Strategy
• Cash accounts are affected by many transactions in different business processes → More
efficient to rely on controls over cash payments and receipts to reduce detailed tests of
transactions → Send bank confirmation cause there is a section for a bank to state how much
loan and contingent liability client owes the bank.
• Substantive tests of cash balances focus on bank confirmations and tests of bank
reconciliations at YE (Key assertion: Existence, due to high susceptibility to fraud)
Review of bank reconciliation
• Ensures that client does regularly (Control)
• Cut-off bank statement → Cannot wait for the next month bank statement. And only when
there is a tight audit schedule for client to sign off.
Fraud related audit procedures
Extended bank Proof of cash Test of kiting
recon
Eg, EmpE steals Prepared by client Auditor will only realize if client practices kiting if
cash from client when requested auditor sees Interbank Transfer Schedule. Bank
then records a by auditor, to statement is not enough. Kiting: Record the in but not
fictitious deposit trace the cash. If the out by taking advantage of the time it takes for
in transit accounts for every the receiving bank to collect funds from the disbursing
single dollar of bank. Eg, Record receipt before YE and record
cash. Usually disbursement only after YE.
requested when
there is a high risk Checking interbank transfer schedule also signals
of fraud weak internal control, like when the $$$ was received
but only recorded in the books 5 days later.
78
Question
Audit Findings Audit procedure to detect Control to prevent or detect
(i) The company had overstated Review of bank transfer schedule Client prepares transfer schedule
cash by transferring funds at year – Look at dates and someone receives it, while
end to another account but someone else controls timely
failed to record recording of payment + review of
promptness
(ii) On occasion, customers with Send confirmation. Balance may Process of sending statement of
smaller balances send in checks not be small, even though accounts. Eg, Still outstanding
without specific identification of transaction may be small. even though customer has paid _
the customer except the name independent follow up of
printed on the check. The client complaints
has an automated cash receipts
process, but the employee Supervision
opening the envelopes pocketed
the cash and destroyed other
supporting documentation.
(iii) Same as finding (2), but the Analytical procedures as these Segregation of duties (One
employee prepared a turnaround discounts will affect sales and receiving $ cannot have access
document that showed either an trends. to the accounting function).
additional discount for the Proper approval process for giving
customer or a credit to the discounts by supervisor
customer's account. Mgmt account review.
(iv) The controller was temporarily Bank recon: Why short of items? Review
taking cash for personal purposes Segregation of duties (Someone
but intended to repay the compile, someone else bank in,
company (although the someone else approves)
repayment never occurred).The
cover-up was executed by
understating outstanding checks
in the monthly bank
reconciliation.
(v) The company had temporary Recalculation Mgmt review of all investmnts’
investments in six-month Analytical review income report
certificates of deposit at the bank. How come interest income is Segregation of duties. One who
The CDs were supposed to yield lower than the 12%? makes investment report different
an annual interest rate of 12%, but from the one who records in GL
apparently are yielding only 6%.
(vi) Cash remittances are not In a retail environment, cash is Bank recon, segregation of duties
deposited in a timely fashion and banked in promptly. Bank recon (one receive, one bank in, one
are sometimes lost. will detect. If banking is sloppy, checks banking slip)
recon will not help.
Normal review of cash receipt
(vii) Substantial bank service Bank recon (Why not balanced Timely review of bank loan
charges have not been recorded off by bank charge?) Review of bank statement
by the client prior to year end.
(viii) A loan has been Review of BOD minutes Proper approval procedure
negotiated with the bank to Bank confirmation Review by financial controller or
provide funds for a subsidiary internal audit
company. The loan was made by Regular review of loans
the controller of the division, who
apparently was not authorized to
negotiate the loan.
(ix) A check written to a vendor Bank recon (eg One recn, two Independent review of bank
had been recorded twice in the payments?) reconciliation
cash disbursements journal to Payment control → Stamp paid
cover a cash shortage. serial number of cheques → No
duplications
79
19: Specific Audit Issues: Group,
internal audit, experts, accounting
estimates
Auditing group financial statements
• Is sufficient appropriate audit evidence reasonably be expected to be obtained regarding
(para 12):
o The consolidation process → ie, Consolidation adjustments
o Components’ financial information → Only part that forms the group components! (ie,
Joint ventures/assoc/subsi)
• Decision to accept is also based on whether the group engagement team has unrestricted
access to:
o Management and TCWG of the group
o Component auditors and their work
o Management and TCWG of the components
• Holding co. auditor = Group auditor
• If need to go and see foreign subsi, must be able to obtain free access → Must state outfront
to mgmt. before audit; if they don’t agree, don’t do the audit!
2) Only audit the big ones! 4) eg Must tell Chna auditors that you’re going
3) GROUP materiality, then assign to to come down on [Date].
subsidiaries If China auditor doesn’t let group auditor to go
down, might either need to deem it as a (1)
scope limitation or (2) fire the dude lol.
If China dude’s work is unsatisfactory, fire the
dude too lol.
80
Significance:
• Group engagement team may apply
a % (> 15%) to a chosen benchmark.
• Determining benchmark and
percentage involve professional
judgment
• Appropriate benchmarks include:
Group assets, liabilities, cash flows,
profits, turnover.
• Higher/lower than 15% may be
deemed appropriate in the
circumstances
81
• Do work on some that are not significant too.
82
Internal Auditors
• IAs help organization accomplish its pbjectives by bringing a systematic, disciplined approach
to evaluate and improve the effectiveness of risk management, control and governance
processes
• IAs report to the mgmt. or (ideally) the entity’s audit committee or BOD
• IAs can be staffed entirely in-house, co-sourced or out-sourced to typically an audit firm
• IAs are not 100% independent
83
Auditing estimates
• FS items that cannot be precisely measured
o Eg Allowance for uncollectible accounts, FV of goodwill, provision of warranty
• The nature and reliability of info available affects the degree of estimation uncertainty, which
in turn affects the RMM of the accounting estimates, including their susceptibility to
unintentional and intentional mgmt. bias.
• Estimation RMM is usually very high!
• Look at subsequent events for estimates. → eg Subsequent warranty payments ot see if
provision for warranty is sufficient.
• Risk assessment procedures should include (among others):
o Obtaining an understanding of data, assumptions, and method used by mgmt. and
relevant controls
o Reviewing the outcome of prior period accounting estimates
• Responses to assessed RMM could include:
o Consideration of events up to the date of auditor’s report
o Testing the estimation process, data, methods and assumptions used by mgmt.
o Testing the operating effectiveness of controls over estimation process
o Developing an independent point estimate or range to evaluate mgmt’s point estimate
o Considering the use of experts
o Evaluating the adequacy of disclosure of estimation uncertainty (for sig risks)
84
20: Audit Completion
(i) Contingencies, (ii) Commitments, (iii) Subsequent events, (iv) Final evidence evaluation
processes, (v) Communication with TCWG
Contingencies
Contingencies: Liabilities that are uncertain because the possible outflow of resources fro the
entity will ultimately be resolves when some future event occurs or fails to occur.
Eg: Pending or threatened litigation, actual or possible claims and assessments, income tax
disputes, product warranties or defects, guarantees of obligations to others, agreements to
repurchase receivables that have been sold.
• Probable: Contingency that more likely than not will occur and that can be measured reliably
should be recognized in the FS and requires disclosure.
• Neither probable nor remote: Contingency les likely that not will occur but where the
likelihood of occurrence is not remote requires disclosure.
• Remote: Contingency where the likelihood of occurrence is remote and does not require
disclosure.
Identifying Contingencies:
General examples of procedures to identify:
• Reading minutes of meetings of TCWG
• Review contracts, loan agreements, leases and correspondences from gov bodies
• Reviewing tax returns, tax liability and tax authorities’ reports
• Confirming or otherwise documenting guarantees and letters of credit obtained from financial
and lending institutions
• Inspecting other docs for possible guarantees or other similar agreements
85
• A request that the lawyer confirms the reasonableness of mgmt’s assessments and if the
mgmt’s info is considered incomplete or incorrect.
• A request that the lawyer indicates if his or her response is limited in any way and the reasons
for such limitations.
Lawyer may not want to provide info about unasserted claims because of (i) Client-lawyer
privilege, and (ii) concern that disclosing will actually encourage a law suit
Disclosing an unasserted claim Is not required unless it is probable that the claim will be asserted
and there is more than a remote possibility that the outcome will prove to be unfavourable.
Refused to furnish information in a legal letter is a limitation of scope of the audit sufficient to
preclude an unmodified opinion.
Commitments
Identification:
Inquiry of client personnel during the audit of revenue and purchasing processes through a review
of the minutes of board meetings.
Subsequent Events
Between date of BS and date of auditor’s report, and facts that become known to the auditor after
the date of the auditor’s report (ISA 560)
Type I Event Type II Event
Events that provide additional evidence about Events that provide evidence about conditions
conditions that existed at the date of BS and that did not exist at the date of the balance
affects the estimates that are part of the FS sheet but arose subsequent to that date.
preparation process Require FS disclosure
Require adjustment of FS
eg
eg • Purchase or disposal of a business by the
• An uncollectable AR resulting from entity
continued deterioration of a customer’s • Sale of enquity capital or bond issue by the
financial condition leading to bankruptcy entity
after BS date • Loss of the entity’s manufacturing facility or
• The sale of inventories after BS date giving assets resulting from a casualty such as a fire
evidence about their NRV at the end of or flood
reporting period • Commencing major litigation arising solely
• Settlement of a law suit after BS date for an out of events that occurred after the BS
amount different from the amount recorded date.
in year-end FS
• Determination after the BS date f the cost of
assets purchased or the proceeds from
assets sold before BS date.
ISA700: Auditor’s report shall be dated no earlier that when (1) all statements that comprise FS
have been prepared and (2) BOD have asserted that they have taken responsibility for those FS.
(ie, audit report date is always after FS date)
86
Formal subsequent- Subsequent discovery of facts existing at the date of
events period auditor’s report
Auditor actively conducts Don’t need to actively search. In the event where a fact
audit procedures related becomes known to the auditor that, had it been known to
to the current-year audit. the auditor at the date of the audit report, may have
caused the auditor to amend the audit report, the auditor:
(1) Discusses w=the matter with mgmt. and, where
appropriate, TCWG
(3) Determines whether FS need amendment and if so
inquires how mgmt. intends to address the matter in
the FS
If mgmt. amends, auditor needs to privde a new audit
report after carrying out the audit procedures necessary.
New audit report would be dated no earlier than the date
of approval of the amended FS, and will include an
EOM/OM paragraph that draws attention to the note of
the FS discussing the reason for the reason for the revision
and reissue of FS.
Audit procedures for subsequent events up to the date of the audit report
• Obtaining an understanding of any procedures mgmt. has established to ensure that
subsequent events are identified
• Inquiring of mgmt., and where appropriate, TCWG as to whether any subsequent events have
occurred which might affect the FS. Specific inquiries may relate to:
(1) The current status of any items in the FS that were accounted for based on preliminary and
inconclusive data;
(2) Whether new commitments, borrowings or guarantees have been entered into;
(3) Whether there have been any developments regarding contingencies
(4) Whether any events have occurred that are relevant to the measurement of estimates or
provisions made in the FS; and
(5) Whether any events have occurred that are relevant to the recoverability of assets
• Reading minutes of the meetings, of the entity’s owners, management and TCWG, that have
been held after the date of the FS and inquiring about matters discussed at any such meetings
for which minutes are not available
• Reading the entity’s latest subsequent interim FS, if any
• Examining the books of original entity (such as sales journal, purchases journal, cash receipts,
cash disbursement journals, GL etc) for the subsequent events period and investigating any
unusual transactions
• Asking legal counsel about any litigation, claims or assessments against the entity
87
Final Evidence Evaluation
1. Performance of final analytical procedures: Relook at the numbers now that you have the
evidence. Review adequacy of the evidence gathered in response to unexpected
fluctuations in the account balances identified during the planning of the audit and identifying
any unusual or unexpected relationships not previously considered. → Final smell test!
If such events or conditions exist, auditor should evaluate mitigating factors, including
feasibility and effectivness of mgmt’s action plans, to determine whether a material
uncertainty exists.
Mitigating factors:
1. Asset factor: Are there assets that the co can liquidate?
2. Debt factor: Can co borrow $ somewhere somehow?
3. Equity factor: Funding/shares somehow?
4. Cost factor: Can co reduce costs (eg Cut off any unprofitable biz?)
Implications on auditor’s report:
• If GC assumption is appropriate but material uncertainty exists:
o Adequate disclosure in FS:
Unqualified opinion with EOM that draws attention to the FS disclosure; or
Disclaimer of opinion in situations involving multiple material uncertainties
(extremely rare)
o Inadequate disclosure in FS
Qualified or adverse opinion
• If FC assumption is inappropriate:
o Adverse opinion unless FS prepared on appropriate alternative basis. Eg, FS is
prepared on a non-going concern basis/liquidation basis. → Still must gather
sufficient evidence that FS are fairly presented on these bases.
88
Should be dated same date or as near as possible to, but not after, date of auditor’s report.
There must not be a gap between what mgmt. has represented & what auditor has covered
4. Review of working papers: Reviewers must ensure that WPs document that the audit was
properly planned and supervised, that the evidence supports the assertions tested, and that
the evidence is sufficient for the type of audit report issued.
5. Final evaluation of audit results: (1) Sufficiency of the audit evidence → If insufficient, must go
gather more (2) Effects of identified misstatements in the FS. Eg, Compare the amount of
remaining uncorrected misstatements, if any, to the amount of materiality.
7. Obtaining a quality control review of the engagement: Engagement quality control reviewer,
normally a partner, is not part of the engagement team. Evaluate bjectively the significant
judgments that the engagement team made and the conclusions reached in formulating the
auditor’s report.
8. Archiving and retention: Requires auditors to retain audit file for a number of years (usually >5
years). 60 days deadline to wrap up!
Comparative information (SSA 710)
Corresponding figures are comparative information where amounts and other disclosures for the
prior periods are an integral part of the current period FS, and are intended to be read only in
relation to current period figures.
Comparative financial statements are considered separate financial statements and are
included for comparison with the FS of the current period.
Even if prior years were not audited by you, you will be responsible for the reasonableness of the
comparative figures → Thus must do some work on the opening balances.
89
Communication with TCWG (SSA 260)
During audit planning:
• Auditor’s responsibilities and compliance with independence requirements
• Planned scope and timing of audit
90