Audit ‘n’ Assurance Madness

Sem Topic Important Points Readings Page

2 3
Types and Different types of assurance TB 1& 20
elements of services SSA Preface
assurance Key elements of an assurance & Framework
services engagement
Different levels of assurance
3 The auditing
profession and
Nature of auditing profession
Regulatory framework
TB 2 & 20
6
regulation Organizational forms of audit
firms
4 9
Overview of Objective and scope of FS TB 1 & 18
financial audit SSA 200,
statement Pros and cons of mandatory 210, 230,
audits audit requirement 300, 700,
Audit process 705, 706
Audit report
Audit opinion
Overview of Audit expectation gap TB 19
5 financial Audit quality, audit failure SSA 220, 14
statement Quality control over audit SSQC 1,
audits II Code of Professional Conduct & ACRA Code
Ethics
Financial FS Assertions TB 4
6 statement Audit evidence, audit SSA 230, 20
assertions and procedures 315 (A110-
audit evidence Appropriateness and 112), 500,
sufficiency of audit evidence 520, 580
7 25
Financial Analytical procedures TB 5
statement Client acceptance SSA 210,
assertions and Audit planning 510, 520
audit evidence
II
Materiality and Materiality TB 3
8 risk Audit risk SSA 315, 28
assessments 320, 450
Risk Differences and relationships TB 3
9 assessments between audit risk, client SSA 315, 32
business risk, audit 330
engagement risk
Risk assessments
Internal Internal control TB 6
10 control over Audit procedures to rest SSA 260, 35
financial internal control 265, 315,
reporting Reporting internal control 330, 610
deficiencies
11 Auditor’s
responsibility
Auditor’s responsibility for
fraud, illegal acts, related
SSA 240,
250, 550 38
for fraud, party transactions
illegal acts Fraud risk indicators
and related Audit procedures to detect

1
 party
transactions
Auditing in a Implications of the use of IS TB 6
12 computerized for audit process 43
environment General & application controls
and testing
Auditing the Risks and key controls of the TB 10
13 revenue process revenue process SSA 505, 47
AGS 2
15 56
Auditing the Risks and key controls of TB 11 & 13
supply chain supply chain, inventory. SSA 501,
and inventory AGS 4
Auditing HR, Risks and key controls of HR, TB 12 & 14
16 PPE, prepaid PPE, prepaid expenses, 69
expenses, intangibles, goodwill
intangibles and
goodwill
Auditing Risks and key controls in TB 15 & 16
17 investments and financing processes. 71
financing FS assertions: investments,
processes borrowings, equity and income
statement accounts
Audit sampling Audit sampling TB 8 & 9
18 Sampling procedures SSA 530 -
Attribute and monetary unit
sampling
Specific audit Auditing estimates TB 3 & 5
19 issues Using the work of other SSA 540, 76
auditors and experts 600, 610,
Group FS 620
Audit Auditor’s responsibility to TB 3 & 17
20 completion contingent liabilities, SSA 260, 80
subsequent events, going 501, 560,
concern assumption 570, 720
Auditor’s communication to
TCWG

2
2: Types and Elements of Assurance
Services
Assurance service:
AICPA Special Committee on Assurance Services:
“Assurance services are independent professional services that improve the quality of information,
or its context, for decision makers.
→ US definition
→ As long as you add value to the information, it’s counted as assurance
→ Only have 2 parties involved

SSA: (Based on IAASB)

“Assurance engagement means an engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria”
→ Singapore definition

5 criteria:
1. Must have 3 parties (User, practitioner, responsible party)
2. Must have appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report

Income statement assertions Balance sheet assertions Presentation & disclosure

• Accuracy • Rights & obligations • Occurrence and Rights &
• Completeness • Existence obligations
• Cut-off • Completeness • Completeness
• Existence • Valuation • Classification and
• Classification Understandability
• Accuracy and valuation

Assurance services Non-assurance services

Audit ERS (Internal audit)
Advisory
Consultancy

Attestation: Giving a statement of assurance

→ Audit is a type of attestation

Assurance engagement can either be:

(1) Attestation (assertion-based) engagement
(2) Direct reporting engagement

Types of Assurance Services:

1. Financial statement audit (Definitely Attestation)
2. Compliance
3. Systems Reliability
4. Risk Management Effectiveness
5. Operational Performance
6. Control Effectiveness
* 2 – 6: Can either by attestation or direct reporting. Depends on

3
 whether management provides subject matter to users.

What is auditing?
“A systematic process of objectively obtaining and evaluating evidence regarding assertions
about economic actions and events to ascertain the degree of correspondence between those
assertions and established criteria, and communicating the results to interested users”

Risk-based approach (as opposed to transaction based approach):

Which assertion carries the highest risk depends on the nature, planning & understanding of the
entity.

Audit Financial Statements Sustainability Report

3 Parties Responsible party: Firm Responsible party: Firm
Practitioner: Auditor Practitioner: Environmental expert
User: Shareholders User: Stakeholders
Criteria FRS GRI (Global Reporting Initiative)
More developed criteria Less developed criteria
Assurance Reasonable assurance Limited assurance
provided Negative statement, ie
“We are not aware of otherwise”
Stakeholders Homogeneous shareholders: Easy to Hard to satisfy all stakeholders
please/satisfy stakeholders
Evidence Easier to get evidence Harder to get evidence

Qn: Which are assurance services?

Preparation of a
Assistance to
Investigation of due diligence Technical reviews Assistance in
management
compliance with review for the across networks, identifying
and BOD in
fire safety purpose of a operating systems legislative
strengthening
regulations corporate and databases obligations
internal controls
takeover
No Yes Yes No No
Assuming expert If report is issued,
signs somewhere then it could Consulting is not
Only 2 parties Can be by lawyer
and submits possibly be assurance.
report to SCDF assurance.

Types of Assurance Engagements

Assertion-based vs direct reporting engagements Reasonable assurance vs limited
assurance engagements
Vary in terms of who provides the subject matter info to the Vary in terms of the level of
intended users assurance provided and the extent
of the evidence gathered
Assertion Based Direct reporting engagement Reasonable Limited
(Attestation) assurance assurance
engagement engagement
- Evaluation or - Practitioner either directly - Practitioner - Practitioner
measurement of the performs the evaluation or gathers sufficient gathers sufficient
subject matter is measurement of the subject appropriate appropriate
performed by the matter, or obtains a evidence to evidence to
responsible party representation from the enable him to enable him to
- Subject matter info is in responsible party that has express his express his
the form of an assertion performed the evaluation or conclusion in the conclusion in the
by the responsible party measurement that is not position form negative form
4
that is made available to available to the intended users. - Eg “In our - Eg “In our
the intended users. - Subject matter info is opinion, mgts opinion, nothing
- Eg FS audits, external provided to the users in the assertions are has come to our
assurance on BP’s assurance report. (Auditor fairly presented” attention that
sustainability report becomes the point of contact - Audit causes us to
- Mgt is responsible for FS, → More onerous on the auditor, believe that
not auditor. Auditor just auditor has more responsibility) mgt’s assertions
provides an opinion over - Eg Happy Toilet, compliance are not fairly
and above FS and operational performance presented”
audits - Review

Assertion based engagement Direct reporting engagement

Question: Why is the bank willing to charge different interest rates for the loan depending on
whether the financial statements are reviewed or audited?
1. Less information asymmetry
2. Less monitoring required

Question: Should SMEs obtain a review or an audit of its financial statements?

Assume these facts:
Interest rate Compliance cost Interest cost Total cost
None 5% - 150,000 150,000
Review 4% 10,000 120,000 130,000
Audit 3.5% 30,000 105,000 135,000
By looking just at the numbers, the SME should just do a review (minimize cost)
However, doing an audit has other benefits!
1. Others users like Shareholders may prefer an audit
2. Signaling: Auditing will signal to the bank that company is very forthcoming especially
when audit is not required by the law.
3. Value added by audit: Audit will suggest areas of improvement within the company! Can
detect fraud etc.

Types of services offered by Audit Firms (Textbook page 65)

Assurance engagements: (1) Audit of financial statements, (2) Reviews
Related services: (1) Agreed upon procedures, (2) Compilation of financial information
Other services: (1) Tax services, (2) Advisory services, (3) Accounting services, (4) Forensic Audits

5
3: The auditing profession and
regulation
Profession:
(By Australian Council of Professions)
A disciplined group of individuals who adhere to high ethical standards and uphold themselves
to, and are accepted by, the public as possessing special knowledge and skills in a widely
recognized, organized body of learning derived from education and training at a high level, and
who are prepared to exercise this knowledge and these skills in the interest of others.

Professional associations:
• Main issuer of pronouncement of auditing matters: IFAC (International Federation of
Accountants) → IFAC’s IAASB (International Auditing and Assurance Standards Board) issues ISAs
(International Standards on Auditing). Also under IFAC: IESBA, IAESB.
• Issuer of IFRS’s: IASB (International Accounting Standards Board)
• Assembles securities commissions worldwide: IOSCO (International Organization of
Securities Commission)
• Private professional bodies: ICPAS, AICPA, ICAEW, CPA Australia, ACCA, IIA (Institute of
Internal Auditors) → Certifies internal auditors with CIA (Certified Internal Auditor)
• Government bodies (International standard setting): INTOSAI (Auditors and stakeholders
pooled together)
• Fraud: ACFE (Association of Certified Fraud Examiners)
• Information Systems Audit: ISACA
Characteristics of a profession (Sager 1995) → KETTLE AC
1. Skill based on theoretical knowledge
2. Extensive period of education
3. Testing competency
4. Institutionalized training or period of internship
5. Licensed practitioners
6. Work autonomy environment
7. Professional associations
8. Code of ethics

Ethics, Independence and the IFAC Code of Ethics For Professional Accountants
• If an auditor is incompetent or lacks independence, the parties to the contract will place
little or no value on the service provided.
• Ethics: A system or code of conduct based on moral duties and obligations that indicated
how we should behave.

Code of Ethics for Professional Accountants: (TB page 63)

• No IFAC member body or firm is allowed to apply less stringent standards
• Fundamental principles: Integrity, objectivity, professional competence and due care,
confidentiality, and professional behavior.
• Framework should assist the professional accountant to identify, evaluate and respond to
threats to compliance with the fundamental principles.

Independence of Mind and Independence in Appearance:

An auditor must not only be independent of mind but also avoid actions and circumstance that
may appear to affect independence. If an auditor is perceived as not being independent, users
may lose confidence in the auditor’s ability to report objectively and truthfully on financial
statements.

6
Types of Auditors
External Auditors Internal Auditors Government Auditors Forensic Auditors
- Aka Independent - Auditors that are - Employed by - Employed by
auditors/professional employees of national or local corporations,
accountants in public individual companies, governmental government agencies,
practice. Not gov bodies and other institutions and public audit firms and
employees of the entities. bodies. consulting and
entity they audit - Internal auditing = - Provide assurance on investigative services
- Stat auditor: “An independent, compliance and firms.
Approved to carry out objective assurance operational - Trained in detecting,
an audit of FS required and consulting activity performance. investigating and
by law designed to add value - Compliance audit: deterring fraud and
- Hold some form of and improve an Determines the extent white-collar crime.
license/authorization organization’s to which rules, policies, - Association of
- Audit FS for public, operations. It helps an laws or gov regulations Certified Fraud
private etc, as well as organization are followed by the Examiners (ACFE)
certain unrestricted accomplish its entity. supports forensic
advisory services. objectives by bringing - Operational auditors.
- Professional a systematic, performance audit: - ACFE educates CFEs,
qualifications are disciplined approach Systematic review of who gather evidence,
regulated, licenses are to evaluate and part/all if an take statements, write
granted after a period improve the organization’s reports and assist in
of professional effectiveness of risk activities to evaluate investigating fraud in
practice, and management, control whether resources are its varied forms.
continuous education and gov processes.” being use efficiently
is required. and effectively.

Importance of Audit and the Accounting Profession

• Even though audit is the biggest business of audit firms, audit has the smallest profit margin!
Thus, the pressure is on to move from audit to non-audit services.
• There is a conflict of interest when non-audit fees are much more expensive than audit
fees.
• After scandals:
o Slowly the public realized that auditors do have an impact
o Greater awareness about corporate governance
o So, in the US, they made it compulsory to split audit & non-audit services

Regulation of public accountants in Singapore

• The Accounting and Corporate Regulatory Authority (ACRA) is the national regulator of
business entities and public accountants in Singapore.
• ACRA also plays the role of a facilitator for the development of business entities and the
public accountancy profession.
• Regulates businesses
• Regulates public accountancy profession
• Accountants Act, Chapter 2: Governs public accountants from registration to
deregistration.
• Registration requirements for public accountant in Singapore:
1. “Qualification” requirement: Final exams in accountancy as currently prescribed under
the 2nd schedule to the Accountants Rules
2. “Membership” requirement: Member of ICPAS. (1) Fulfill ICPAS membership
recognition, (2) Completed SQP or (3) Complete requirements for ICPAS

7
Organization forms of audit firms
Sole General
Proprietorship Partnership
This lends additional credibility
to the services provided to the
users because the individual
auditor is willing to risk the loss
of his or her personal wealth.
Limited Liability Partnership Corporation
Private affair Books are publicly available
Separate legal entity
Less personal responsibility → But there are SAFEGUARDS:
Accountants Act: There must be a minimum level of insurance
provided. And if found to be professionally guilty, the individual
will still be held individually professionally liable.

A Model of Business
Corporate Governance
Corporate Governance consists of all the people, processes and activities in place to help ensure
proper stewardship over an entity’s assets. Ensures that those managing an entity properly utilize
their time, talents and the entity’s resources in the best interest of owners and other stakeholders,
and that they faithfully report the economic condition and performance of the enterprise.

Those Charged With Governance (TCWG): Person(s) or organization(s) with responsibility for
overseeing the strategic direction of the entity and obligations related to the accountability of the
entity. Usually TCWG = BOD.

Audit committee: Usually a mandatory requirement for listed companies and financial institutions.
Assists governing body in meeting financial reporting responsibilities. Members of the audit
committee may be required to be independent and have competence in accounting and
auditing. Audit committee may be directly responsible for the appointment, compensation and
oversight of the work of external auditors engaged by firm.

Global: Organization for Economic Co-operation and Development (OECD) issued the Principles
of Corporate Governance to improve corporate governance.
Objectives, Strategies, Processes, Controls, Transactions and Reports
• Management typically sets objectives and strategies on how to achieve these objectives.
• Organization must assess and manage risks that threaten the achievement of these
objectives.
• 5 components of business processes: Revenue process, Purchasing process, HR
management process, Inventory management process, Financing process.
• Enterprise must design and implement accounting information systems to capture the
transactions from each of these processes.

8
4: Overview of financial statement
audits
Question 1:
a) What is the current requirement for mandatory financial statement audits in Singapore?
Companies Act 205:

205.
—(1) The directors of a company shall, within 3 months after incorporation of the company,
appoint a person or persons to be the auditor or auditors of the company, and any auditor or auditors
so appointed shall, subject to this section, hold office until the conclusion of the first annual general
meeting.

Audit Exemptions:
a) Dormant companies
→ A company that has no accounting transactions for the financial year in question or has
not started business since its corporation
b) Small exempt private companies
→ Private company, no corporate shareholders, not more than 20 members, company’s
revenue not more than $5.0mil, and proper accounting records are maintained, with FS
prepared according to FRS for submission to IRAS, and audit is not required by ACRA, SHs
holding not less than 5% interest in the co’s share capital, or other gov bodies.

Rationale:
Subsidiaries need to be audited in order to protect shareholders of Parent company who do not
have the rights to financial information of the subsidiaries that the parent invests in.
Companies Act 201:
• Directors of every company to present at AGM audited profit and loss account and
balance sheet that comply with the (FRS) requirements of the Accounting Standards and give a
true and fair view of the profit and loss and state of affairs of the company respectively.
• Holding companies to present audited balance sheet of the holding company and
consolidated accounts (P/L and B/S)

True and Fair Override: S201, section 14A:

Where accounts or consolidated accounts prepared in accordance with any requirement of the
Accounting Standards would not give a true and fair view, the accounts or consolidated
accounts need not comply with that requirement to the extent that this is necessary for them to
give a true and fair view of the matter.

Case study: Societe Generale Bank → In beg 2008, a fraud was discovered worth 6.4bn, which
constituted 20% of total assets. By standards, cannot push the loss of 6.4bn to 2007 as it’s not a
condition they could have foreseen at end 2007. But they did shift it to 2007 by T&F override.

b) How will this change if the recent proposed changes to the Companies Act are
implemented?
Small exempt private companies =
Total revenue < 10 mil, Total Gross assets < 10 mil, Employees < 50 in number
→ Just need to meet 2 out of these 3 requirements.
→ Will no longer need to be audited

9
c) How will the change impact the audit profession?
SME audit practices will be affected.
The market/pie is shrinking!
Question 2:
Debate: “There should not be any mandatory financial statement audits required for non-listed
companies in Singapore”
Should not be mandatory Should be mandatory
• Costly to conduct FS audits • Public interest (eg, Employees, Suppliers,
• Should let market forces decide. (eg, Customers)
Supplier can demand the co get audited if • Free good: Somebody should do it for
they’re influential enough). Whether co is the good of everyone
audited or not doesn’t really affect the • Protect minority interest
customers → Regulation unnecessary. • Other benefits of Audit (Auditor will give
• Provides signaling effect: Those who recommendations on internal audit, detect
choose to be audited can signal that they are fraud etc)
more transparent that other companies.
Objective and Scope of FS Audit
SSA 200
• To enhance the degree of confidence of intended users in the financial statements
• Through the expression of an opinion by the auditor on whether the financial statements
are presented fairly, in all material respects, (or give a true and fair view) in accordance with an
applicable financial reporting framework.
• By obtaining reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error.

Overview of the Audit Process

Major phases of the audit

1. Client acceptance/continuance and establishing an understanding with the client
2. Preliminary engagement activities
3. Plan the audit
4. Consider internal control
5. Audit business processes and related account (eg Revenue generation)
6. Complete the audit
7. Evaluate results and issue audit report.

Elements of a “standard” audit report

1. Report title 2. Addressee 3. Introductory paragraph

10
4. Management’s responsibility 5. Auditor’s responsibility 6. Auditor’s opinion
7. Auditor’s signature 8. Audit report date 9. Auditor’s address

Types of Audit Opinion

(SSA 700 [Standard/unmodified/clean], SSA 705 [modified/qualified], SSA 706 [Emphasis of
Matters/Other Matters])

Immaterial EOM/OM: Can come together with either Unmodified or Modified opinion
Scope limitation: Auditor is unable to Departure from financial reporting
collect sufficient appropriate evidence. framework: The financial statements
Limited by the client or by condition (eg are not prepared or presented in
Cannot get evidence of factory that accordance with the applicable
supposedly exists in North Korea). financial reporting framework
* Scope refers to scope of auditor, not
management! Ie, Auditor cannot get
the info. NOT mgt cannot get -_-
Material not Qualified: “Except for” → Quite common. Not very serious.
pervasive
Material and Disclaimer: No opinion Adverse: Negative opinion → Financial
pervasive statements are materially misstated

11
 Question: If the auditor cannot get
information on a company’s large
subsidiary’s financial statements, what
should be the opinion on the Group FS?

Answer: ADVERSE.
→ This isn’t a limitation of scope.
Consolidation is a requirement of FRS.
Thus, since it’s a large subsidiary
(material), and can’t get information at
all (pervasive for the group), auditor
should issue an Adverse opinion.

Misstatement (SSA 200)

The difference between the amount, classification, presentation, or disclosure of a reported
financial statement item and the amount, classification, presentation, or disclosure that is required
for the item to be in accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.
Material misstatements (SSA 320(2))
• Misstatements, including omissions, are considered to be material if they, individually or in
aggregate, could reasonably be expected to influence the economic decisions of users taken on
the basis of the financial statements.
• Judgments about materiality are made in light of surrounding circumstances, and are
affected by the size or nature of a misstatement, or a combination of both.
• Auditor will decide on materiality based on what he thinks the user will decide
Pervasive misstatements
• Are not confined to specific elements, accounts or items of the financial statements;
• If so confined, represent or could represent at substantial proportion of the financial
statements; or
• In relation to disclosures, are fundamental to users’ understanding of the financial
statements → Eg Related Parties. If co has most of its transactions with related parties, users would
wanna know!
*** Affects a lot of accounts in financial statements, or the one account that is affected is gonna
be affected damn a lot. → “Substantial” is up to the judgment of the auditor

Emphasis of Matter Paragraph Other Matter Paragraph

An EOM does not affect the auditor’s opinion because it
can only be included in the audit report if the matter is
appropriately presented or disclosed in the financial
statements.
MUST BE IMPORTANT TO THE USER.
EOM used to draw users’ attention to a matter which,
although appropriately presented in the FS, is of such
importance that it is fundamental to users’ understanding
of FS
• The EOM is included immediately after the opinion
paragraph in the audit report and the heading of
“Emphasis of Matter” is used
• The para includes a clear reference to the matter
being emphasized and to where relevant disclosures that
fully describe the matter can be found in the FS
• The auditor should indicate that the auditor’s
opinion is NOT modified in respect to the matter
An OM does not affect the auditor’s
opinion because it relates to a matter
other than those required to be
presented or disclosed in the financial
statements.
MUST RELATE TO THE UNDERSTANDING
OF THE AUDIT, THE AUDITOR’S
RESPONSIBILITIES OR THE AUDITOR’S
REPORT.
• OM para is headed “Other
Matter” and the para is included in
the audit report immediately after the
opinion para and any EOM
paragraph.

12
emphasized.
Examples of situations: Eg:
• An uncertainty relating to the future outcome of Other Matter
exceptional litigation or regulatory action The financial statements of K Ltd for
• Early application (where permitted) of a new the year 31 Dec 2009 were audited by
accounting standard that has a pervasive effect on the another auditor who expressed an
FS in advance of its effective date unmodified opinion on those
• A major catastrophe that has, or continues to statements on 31 Mar 2010.
have, a significant effect on the entity’s financial position
• A material uncertainty that may cast significant
doubt about the co’s ability to continue as a going
concern which has been adequately disclosed (SSA 570)

Question. (Assume each item is significant)

Situation Opinion Rationale
A Ltd is suing your client B Ltd. B’s outside Unmodified. FRS 37: Not probable, not
legal counsel assures for A’s case is No EOM. important to reader
completely without merit
In previous years, your client C Ltd has Unmodified In compliance with standards. If
consolidated its Panamanian subsi. Because subsidiary is huge (makes a
of restrictions on repatriation of earnings, C significant difference), may want to
has decided to account for the subsi on include EOM
equity basis in the current year. You concur
with the change.
The accounting records for cash sales of your Qualified,
client D Ltd are not adequate for audit scope
purposes are you have been unable to limitation
obtain reasonable assurance that all cash
sales have been properly recorded. Effects
are material but not pervasive.
Your E Ltd has in the current year applied a Unmodified, No pervasive effect.
new accounting standard for empE’s no EOM Assume early adoption is permitted
compensation that will be required to apply
next year. The application of the standard
has not had a pervasive effect on the
financial statements
Upon review of the recent history of the lives Unmodified FRS 8: Change of accounting
of its specialized automobiles, F Ltd justifiably estimate. Assumes mgt gives
changed the service lives for depreciation proper disclosure. If not disclosed
purposes. This change resulted in a material → Qualified
amount of additional depreciation expense.
During the audit of G Ltd, you found that a Unmodified
material amount of inventory had been
excluded from the co’s FS. After discussion
with mgt, you become convinced that it was
an unintentional oversight. Mgt
appropriately corrected the error prior to the
completion of your audit.
You have detected that the info about this Unmodified But if management report is
year’s sales in annual report is materially released with the annual report,
inconsistent with that in audited FS. must OM to explain to reader that
sales in annual report is not
misstated while mgt report is wrong.
H Bank’s financial condition has been Adverse + Departure as no disclaimer is made,

13
deteriorating for the last 5 years. Most of its EOM
problems result from loans made to real
estate developers. Your review of the loan
portfolio indicates that there should be a
major increase in the loan-loss reserves.
Based on your calculations, the proposed
write0down of the loans will out H Bank into
violation of the capital requirements. The
client refuses to make the adjustment or to
disclose the possible going-concern issue in
the notes to FS.

14
5: Overview of financial statement
audits II
Audit Expectation Gap
What auditor thinks What public expects
he’s supposed to do auditor to do

Narrowing the Gap:

Auditor not good in his Standards not Gap that cannot be closed
work clear. Eg No of → Constantly educate the
→ Need more training Samples public
required/what
exactly is true and
fair?
→ Educate public
→ Improve
standards

How do Audit Reports narrow the Audit Expectation Gap?

→ After Enron/Worldcom scandals, the public started to realized that auditors are only a small player in the world of
“corporate governance”, “good controls” etc. → Narrowed audit expectation.

Audit Quality
In the IAASB’s view, a quality audit is likely to be achieved when the auditor’s opinion on the FS
can be relied upon as it was based on sufficient appropriate audit evidence obtained by an
engagement team that:
• Exhibited appropriate values, ethics attitudes;
• Was sufficiently knowledgeable and experienced and had sufficient time allocated to
perform the audit work;
• Applied a rigorous audit process and quality control procedures;
• Provided valuable and timely reports; and
• Interacted appropriately with a variety of different stakeholders.
Audit Failure
1. The financial statements are found to be materially misstated after the auditor issued an
unqualified audit opinion on the FS
2. The co goes bankrupt less than 12 months after the FYE, but auditor’s report did not
highlight any going concern uncertainty → Auditor should have been able to see it coming
3. Auditors are found to have close relationships with the client
4. Auditors issued an unqualified audit opinion without obtaining sufficient appropriate
evidence.
1. & (2): Something has happened. Outcome signals the audit failure.
15
 (3) & (4): No outcome. Process based.
Q: Why did Arthur Andersen collapse?
1. They destroyed audit evidence
2. They’re a global partnership. One die all die (Unlike Deloitte [Franchise])

Q: How does audit quality relate to audit failure?

1
𝐴𝑢𝑑𝑖𝑡 𝑄𝑢𝑎𝑙𝑖𝑡𝑦 ∝
𝐴𝑢𝑑𝑖𝑡 𝐹𝑎𝑖𝑙𝑢𝑟𝑒

Consequences of audit fail

• For the auditors/audit firms:
o Legal liability
o Loss of reputation and future business
o Disciplinary actions by regulators
• For the profession:
o Loss of confidence
Quality controls over Audit Engagements & Audit Firm
SSA 220: Addresses quality control for the engagement team. It requires engagement teams to
implement quality controls procedures for each audit.

SSQC 1: Addresses a firm’s system of quality control to provide reasonable assurance that the firm
and its personnel comply with professional standards and applicable legal and regulatory
requirements. Compliance with those policies.

SSQC 1 includes specific detailed requirements of policies and procedures necessary to

implement and monitor compliance with those policies. Elements include:
• Leadership responsibilities for quality within the firm
• Relevant ethical requirements
• Acceptance and continuance of client relationships and specific engagements
• Human resources
• Engagement performance
• Monitoring → Cannot get complacent!
IFAC Code of Ethics
• Establishing fundamental principles
• Providing a conceptual framework to comply with those principles, which requires auditors
to:
o Identify threats (circumstances or relationships) that may compromise one’s ability to
comply with fundamental principles
o Evaluate the significance of the threats identified
o Apply safeguards (actions or measure), where necessary, to eliminate or reduce
threats to an acceptable level (based on what a reasonable and informed third
party would likely conclude)
o If no appropriate safeguards are available, eliminate the circumstance or
relationship creating the threats, or decline or terminate the audit engagement.

GET RID OF THREAT OR GET RID OF AUDIT.

Part A: Fundamental principles and conceptual framework for all professional accountants.
Part B: Application of conceptual framework in certain situations encountered by professional
accountants in public practice. → *** Important sections: 290: Independence – Audit & Review
Engagements
Part C: Application of conceptual framework in certain situations encountered by professional
accountants in business.
ACRA Code – Part A and B
ISCA Code – Part A, B and C
16
Fundamental Principles of IFAC Code of Ethics → I Only Choose Pepperoni Pizza

Integrity
Be straightforward and honest

Objectivity
Do not compromise judgment due to bias, conflict of interest, undue influence

Confidentiality
Professional behavior
Comply with laws and regulations, avoid any action that brings discredit to the profession

Professional competence and due care

Exercise sound judgments, observe standards
Independence
Independence of Mind
→ The state of mind that permits the expression of a conclusion without being affected by
influences that compromise professional judgment, thereby allowing an individual to act with
integrity and exercise objectivity and professional skepticism.
FACTUALLY INDEPENDENT

Independence in Appearance
→ The avoidance of facts and circumstances that are so significant that a reasonable and
informed third party would be likely to conclude, weighing all the specific facts and
circumstances, that a firm’s, or a member of the audit team’s, integrity, objectivity or professional
skepticism has been compromised.
DON’T GIVE OUTSIDERS ANY REASON TO THINK THAT YOU’RE NOT INDEPENDENT (Impression)

Threats (**PA = Professional Accountant) → I Really Adore Italian Food

• i
Self nterest threat
o The threat that a financial or other interest will inappropriately
influence the PA’s judgment or behaviour

• Self review threat

o The threat that a PA will not appropriately evaluate the results of a previous
judgment made or service performed by the PA, or by another individual within the
PA’s firm or employing organization, on which the PA will rely when forming a
judgment as part of providing a current service
o Eg: Accounting and auditing by the same person

• Advocacy threat
o The threat that a PA will promote a client’s or employer’s position to the point that
the PA’s objectivity is compromised.

• Intimidation threat
o The threat that a PA will be deterred from acting objectively because of actual or
perceived pressures, including attempts to exercise undue influence over the PA.

• Familiarity threat
o The threat that due to a long or close relationship with a client or employer, a PA will
be too sympathetic to their interests or too accepting of their work
17
Circumstances that may lead to: (From ACCA Code of Ethics and Conduct)
Self Interest Threat:
(a) Financial interests, loans or guarantees;
(b) Incentive compensation arrangements;
(c) Concern over employment security;
(d) Commercial pressure from outside the employing organisation;
(e) Inappropriate personal use of corporate assets;
(f) Close personal or business relationships;
(g) A financial interest in a client or jointly holding a financial interest with a client;
(h) Undue dependence on fees from a client.

Self Review Threat

(a) Business decisions or data being subject to review and justification by the same person
responsible for making those decisions or preparing those data;
(b) An analyst, or member of a board, audit committee or audit firm being in a position to exert
direct and significant influence over the financial reports;
(c) The discovery of a significant error during a re-evaluation of the work undertaken by the
member;
(d) Reporting on the operation of financial systems after being involved in their design or
implementation;
(e) A member of the assurance team being, or having recently been, employed by the client in a
position to exert direct and significant influence over the subject matter of the engagement;
(f) Performing a service for a client that directly affects the subject matter of an assurance
engagement.

Advocacy Threat
(a) Commenting publicly on future events in particular circumstances, having made assertions
without detailing the assumptions;
(b) Where information is incomplete or advocating an argument which is unlawful;
(c) Promoting shares in a listed entity when that entity is a financial statement audit client;
(d) Acting as an advocate on behalf of an assurance client in litigation or disputes with third
parties.

Intimidation Threat
(a) Threat of dismissal or replacement of the member, or a close or immediate family member,
over a disagreement about the application of an accounting principle or the way in which
financial and performance information is to be reported;
(b) A dominant personality attempting to influence the decision-making process, for example with
regard to the awarding of contracts or presentation of financial information, or controlling
relations with auditors or other oversight bodies;
(c) Being threatened with litigation;
(d) Being pressured to reduce inappropriately the extent of work performed in order to reduce
fees.

Familiarity Threat
(a) A person in a position to influence financial or non-financial reporting or business decisions
having an immediate or close family member who is in a position to benefit from that influence;
(b) Long association with business contacts influencing business decisions;
(c) Acceptance of gifts or preferential treatment, unless the value is clearly insignificant;
(d) Over-familiarity with the management of the organisation such that professional judgment
could be compromised
(e) A former partner of the firm being a director or officer of the client or an employee in a
position to exert direct and significant influence over the subject matter of the engagement.

18
Question: Debate: “External auditors should not be allowed to provide any non-audit services to
their audit clients.”
For Against
• Economies of scale → Auditor knows • Let auditor focus on auditing services
best • Self-interest threat
• Cost saving • Self-review threat (eg Accounting
• Let the business (ie, the Audit company) service then internal control service -_-)
decide for itself • Intimidation threat
• As long as they disclose, let the public • Lack of independence in appearance
decide whether there’s a threat

IFAC Independence an the Conceptual Framework Approach

Identify threats to
independence

Evaluate the significance of the

threats identified

Apply safeguards, when necessary, to eliminate the

threats or reduce them to an acceptable level.

When the practitioner determines that appropriate safeguards are not

available or cannot be applied to eliminate the threats or reduce them to
an acceptable level, he or she shall eliminate the circumstance or
relationship creating the threats, or decline or terminate the audit
engagement.

Safeguards to eliminate or reduce threats to acceptable levels

1. Created by profession, legislation, or regulation
a. Educational, training and experience requirements for entry into the profession
b. Continuing professional development requirements
c. Corporate governance regulations
d. Professional standards
e. Professional or regulatory monitoring and disciplinary procedures
f. External review by a legally empowered third party of the reports, returns, communications or
information produced by a member

2. Created by work environment

a. The employing organisation’s systems of corporate oversight or other oversight structures
b. The employing organisation’s ethics and conduct programmes
c. Recruitment procedures in the employing organization emphasizing the importance of employing high
calibre, competent staff
d. Strong internal controls
e. Appropriate disciplinary processes
f. Leadership that stresses the importance of ethical behavior and the expectation that employees will
act in an ethical manner
g. Policies and procedures to implement and monitor the quality of employee performance, quality
control of engagements
h. Documented policies regarding the identification of threats to compliance with the fundamental
principles, the evaluation of the significance of these threats and the identification and application of
safeguards to eliminate or reduce the threats, other than those that are clearly insignificant, to an
acceptable level
19
i. Timely communication of the employing organisation’s policies and procedures, including any changes
to them to all employees and appropriate training and education on such policies and procedures
j. Using different partners and engagement teams with separate reporting lines for the provision of non-
assurance services to clients
k. Policies and procedures to prohibit individuals who are not members of an engagement team from
inappropriately influencing the outcome of the engagement
l. Policies and procedures to empower employees to communicate to senior levels with the employing
organization any ethical issues that concern them without the fear of retribution.
m. Discussing ethical issues with TCWG of the client
n. Disclosing to TCWG of the client the nature of the services provided and extent of fees charged
o. Consultation with another appropriate PA

3. Created by individual
a. Complying with continuing professional development requirements
b. Keeping records of contentious issues and approach to decision-making
c. Maintaining a broader perspective on how similar organisations function through establishing business
relationships with other professionals
d. Using an independent mentor
e. Maintaining contact with legal advisors and professional bodies

Question
With reference to ACRA Code of Professional Conduct and Ethics, identify and explain any threat
to your independence:
Threat Rationale
Client’s CFO Code 290.206 → Are they paying you a lot? If it’s substantial, there may be a
approach you to self interest threat.
provide “Substantial” = >5% of audit firm’s total audit fees (if client is listed), or >15% of
substantial audit firm’s total audit fees (if client is not listed), or if total fees are 50% or more
advisory services of public accountant’s total fees.
Provide advisory Code 290.181: Provision of Internal Audit Services
services • If client is a listed co.: CANNOT
necessary to set • If client is NOT listed co.: Self-review threat may be created
up an internal Internal audit services comprise of:
audit I. Extension of audit firm’s services beyond requirement
department II. Assist in performance of client’s internal audit activity
III. Outsourcing of (II)
• Internal audit services do not include operational internal audit services
unrelated to the internal accounting controls, financial systems or
financial statements.
Safeguards: 290.185
Free upgrade to Code 260: Gifts and Hospitality
a nicer room for • Self-interest threat, intimidation threat
accommodation • Depends on the magnitude of benefit
Code 290.213: Gifts and Hospitality
• Self interest, Familiarity threat
• Unless value is clearly insignificant, the threat cannot be reduced by
any safeguard
You inherited Code 290.113
$180,000 worth of “If a firm has material direct financial interest in a FS audit client of the firm the
shares in the self interest threated created would be so significant no safeguard could
client reduce the threat to an acceptable level.” → Must dispose of direct interest
Code 290.114
“If a firm has material indirect financial interest in a FS audit client, a self
interest threat is also created.” → Either dispose of the indirect interest in total
or dispose of a sufficient amount of it so that the remaining interest is no longer
material.

20
6: Financial statement assertions &
audit evidence

Management Assertions
Assertions are representations by management, explicit or otherwise, that are embodied in
financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur (ISA 315, para 4(a))
Occurrence Transactions and events that have been recorded have occurred
and pertain to the entity
Failure to meet occurrence → Overstatement of the account
Completeness All transactions and events that should have been recorded have
been recorded
Failure to meet completeness → Understatement of the account
Accuracy Amounts and other data relating to recorded transactions and
Transactions

events have been recorded appropriately

Cut-off Transactions and events have been recorded in the correct
accounting period
Classification Transactions and events have been recorded in the correct
accounts
Existence Assets, liabilities and equity interests exist
Rights and The entity holds or controls the rights to assets, and liabilities are the
obligations obligations of the entity. Eg, Rights of ownership of inventory.
Completeness All assets, liabilities and equity interests that should have been
Balances

recorded have been recorded

Valuation and Assets, liabilities and equity interests are included in the financial
allocation statements at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded
Occurrence and Events, transactions and other matters that have been disclosed
Presentation and

rights and obligations actually have occurred and pertain to the entity
Completeness All disclosures that should have been included in the financial
statements have been included
Disclosure

Classification and Financial information is appropriately presented and described,

understandability and disclosures are clearly expressed
Accuracy and Financial and other information are disclosed fairly and at
Valuation appropriate amounts

Transactions: Balances: Presentation and Disclosure:

Orange Carrot And Chicken Curry Crabs R Very Expensive The Only Right Option is Cookies
And Cream

MOST IMPORTANT AREAS

Assets: Existence, Valuation & Allocation
Liabilities: Completeness
21
Revenue: Occurrence
Expenses: Completeness

Audit Evidence
The Nature of Audit Evidence
→ Refers to the form or type of information, which includes accounting records and other
available information.
Eg: Cheques and records of electronic fund transfers; invoices; contracts; the general and
subsidiary ledgers, journal entries and other adjustments of FS, records such as work sheets and
spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
Other info eg: Minutes from meetings; confirmations from third parties; analysts’ reports;
comparable data about competitors (benchmarking); control manuals; information obtained by
the auditor from inquiries, observation and inspection.
Sufficiency and Appropriateness of Audit Evidence
Sufficiency → Measure of the quantity of audit evidence
Appropriateness → Measure of quality of audit evidence.
Quality of evidence required is affected by (i) Risk of misstatement and (ii) by quality of the audit
evidence gathered.
𝟏
𝑺𝒖𝒇𝒇𝒊𝒄𝒊𝒆𝒏𝒄𝒚 ∝
𝑨𝒑𝒑𝒓𝒐𝒑𝒓𝒊𝒂𝒕𝒆𝒏𝒆𝒔𝒔
Appropriateness: Both relevant and reliable
• Relevance: Relationship to the assertion or to the objective of the control being tested.
• Reliability: Whether a particular type of evidence can be relied upon to signal the true
state of an assertion.
o Knowledgeable independent source of the evidence → As opposed to evidence
obtained solely from within the entity
o Effectiveness of internal control → When client’s internal control is effective,
evidence generated is viewed as reliable
o Auditor’s direct personal knowledge → As opposed to evidence obtained indirectly
or by interference (eg Inquiry)
o Documentary evidence → As opposed to oral representation
o Original documents → Auditor’s examination of an original signed copy more
reliable than a photocopy.
Evaluation of Audit Evidence
In evaluating evidence, an auditor should be thorough in searching for evidence and unbiased in
its evaluation. The auditor must remain objective and must not allow the evaluation of the
evidence to be biased by other considerations.

Audit Procedures
MUST DO A FEW. NOT JUST 1.
• Examining internal or external records or documents that are in paper form, electronic
form or other media.
Inspection of records/ documents

• External documents (remittance advices returned with cash receipts from customer
payment, bank statements, vendors’ invoice) more reliable than internal documents
(Duplicate copies of sales invoices and shipping documents, materials requisition
forms, work sheets for OH cost allocation)

Vouching (Occurrence)
Source Journal or
Document ledger
Tracing (Completeness)

22
Inspection • Auditor inspects or counts a tangible asset.
• Eg: Counting cash, examining inventory or marketable securities, examining
tangible
assets
tangible fixed assets.
• May provide evidence on valuation.
of

• Observing the process or procedure being performed by others

Observation

• Does not leave an audit trail

• Eg: Observation of the counting of inventory, observation of control activities
• Limited by the fact that client may act differently when auditor is not observing
• Not considered very reliable → Generally requires additional corroboration by auditor
• Seek information of knowledgeable persons throughout the entity /outside the entity.
• May range from formal written inquiries to informal oral inquiries
• Techniques:
o Consider the knowledge, objectivity, experience, responsibility and
qualifications of the individual to be questioned.
o Ask clear, concise and relevant questions.
o Use open or closed questions appropriately.
o Listen actively and effectively.
o Consider the reactions and responses, and ask follow-up questions
Inquiry

o Evaluate the response.

• Not considered very reliable → Generally requires additional corroboration by auditor
• Obtain a representation of information or of an existing condition directly from a third
party.
• Also used to obtain audit evidence about the absence of certain conditions
• “Confirmation” usually used to refer to written response from third party.
• Reliability depends on:
o Form of the confirmation
o Prior experience with the entity
o Nature of the information being confirmed
o Intended respondent
• Used for existence assertion and completeness assertion (eg Accounts Payable)
Amounts or Information Confirmed Source of Confirmation
Cash balance Bank
Accounts Receivable Individual customers
Inventory on consignment Consignee
Accounts payable Individual vendors
Bonds payable Bondholders/trustee
Confirmation

Common stock outstanding Registrar/transfer agent

Insurance coverage Insurance company
Collateral for loan Creditor

• Checking of mathematical accuracy of documents or records.

Recanciliation

• Can use Computer-Assisted Audit Techniques (CAATs) to check through IT.

• Other eg: Footing, cross-footing, reconciling subsidiary ledgers to account balances,
testing postings from journals to ledgers.
• Usually viewed as highly reliable as auditor creates this evidence

• Independent execution by the auditor of procedures or controls that were originally

performed by company personnel.
Reperfor
mance

• Usually viewed as highly reliable as auditor creates this evidence

23
 • Consist of evaluations of financial information made by a study of plausible
relationships among bot financial and non-financial data (ISA 520)
Analytical procedures

• Eg Compare this year’s AR balance compared to last year’s AR balance

• Analytical procedures are an effective and efficient form of evidence
• Reliability depends on:
o Availability and reliability of data used in the calculations
o Plausibility and predictability of the relationship being tested
o Precision of the expectation and rigour of the investigation

• Review of accounting data to identify significant or unusual items

Scanning

• Eg Search for large and unusual items in accounting records.

• Can be used in conjunction with analytical procedures or on its own
• Can be done manually or through CAATs

General Reliability Relationship Types of Evidence

High Inspection of tangible assets, re-performance, recalculation

Inspection of records or documents, confirmation, analytical

procedures, scanning

Low Observation, inquiry

Audit Documentation
Working papers have two functions:
1) To provide a sufficient and appropriate record for the basis for the auditor’s report
2) To provide evidence that the audit was planned and performed in accordance with ISAs
and applicable legal and regulatory requirements (ISA 230, para 5)
When determining form, content and extent of the documentation, consider:
• Nature of auditing procedures to be performed
• Identified risks of material misstatement
• Extent of judgment involved in performing the work and evaluating the results
• Significance of the evidence obtained
• Nature and extent of exceptions identified
• The need to document a conclusion or the basis for a conclusion not readily determinable
from the documentation of the work performed or evidence obtained
Audit documentation should enable an experienced auditor, having no previous connection with
the audit, to understand:
• The nature, timing, extent of the audit procedures performed to comply with the ISAs and
applicable legal and regulatory requirements
• The results of the audit procedures performed and the audit evidence obtained
• Significant matters arising during the audit, the conclusions reached thereon, and
significant professional judgments made in reaching those conclusions (ISA 230, Para 8)
Identify items tested, who performed the audit work, date work was completed, who reviewed,
date of review.

Item Tested Documentation Required

Sample selected from population of Include identifying characteristics (eg Specific
documents payroll numbers)
All items over specific monetary amount Scope and identification of the population (eg
selected All vouchers over $10000 from July register)
Systematic sample Starting point, sampling interval

Significant Matters That Require Documentation

• Matters that give rise to significant risks.
24
• Results of audit procedures indicating (1) that the financial info or disclosures could be
materially misstated; or (2) a need to revise the auditor’s previous assessment of the risk of
material misstatement and the auditor’s responses to those risks.
• Circumstances that cause the auditor significant difficulty in applying necessary audit
procedures.
• Findings that could result in a modification of auditor’s opinion or the inclusion of an EOM.
• Discussions of significant matters with management/TCWG

25
7: Financial statement assertions &
audit evidence II
Client Acceptance
SSA 220.A8 states that information such as the following assists the engagement partner in
determining whether the conclusions reached regarding the acceptance and continuance of
client relationships and audit engagements are appropriate:
• The integrity of the principal owners, key management and TWCG
• Whether the engagement team is competent to perform the audit engagement and has
necessary capabilities, including time and resources.
• Whether the firm and the engagement team can comply with relevant ethical
requirements, and
• Significant matters that have arisen during the current or previous audit engagement, and
their implications for continuing the relationship.

Prospective client acceptance → WHAT TO CHECK BEFORE ACCEPTING

1. Obtain and review financial information (Annual report, interim FS, income tax returns etc)
2. Inquire third parties (Bankers, lawyers, credit agencies)
3. Communicate with the predecessor auditor (Find out why client changed audit firm)
• Confidentiality principles in IFAC Code refrains from disclosing any confidential client info
without the specific consent of the client, unless there is a legal or professional duty to
disclose. May include info regarding integrity of management, disagreements with
management over accounting and auditing issues, communication with TCWG regarding
fraud, non-compliance, or internal control deficiencies)
• If client refuses to let firm communicate with predecessor client: Firm should have
reservations about accepting the client, because auditor’s own business risk is too high.
4. Consider unusual business or audit risks (Litigation, going concern)
5. Determine if the firm is independent (of the client)
6. Determine if the firm has the necessary skills and knowledge (of the industry)
7. Determine if acceptance violates any applicable regulatory or ethical requirements

Establishing terms of the engagement

Engagement letter should include:
1. Objectives of the engagement
2. Management’s responsibilities
I. Preparation of the FS in accordance with the applicable financial reporting framework
II. Internal control as management determines necessary to enable the preparation of FS that
are free from material misstatement whether due to fraud or error, AND
III. Provide auditor with:
a. Access to all information of which management is aware that is relevant to the
preparation of financial statements
b. Additional information that the auditor may request from management
c. Unrestricted access to persons within the entity
→ (SSA 210.6)
IF MANAGEMENT NOT WILLING TO GIVE a. – b., SHOULD NOT ACCEPT ENGAGEMENT
SSA 210.7 → “If mgt or TCWG impose a limitation on the scope of the auditor’s work in terms of
a proposed audit engagement such that the auditor believes the limitation will result in the
auditor disclaiming an opinion on the FS, the auditor shall not accept such a limited
engagement as an audit engagement, unless required by law or regulation to do so”
3. Auditor’s responsibilities
4. Limitations of the engagement
Internal Auditors
When the client has internal auditors, the external auditor may use the work of the internal
26
auditors to modify audit procedures to be performed.
1) Obtain an understanding of the internal audit function
2) Determine whether any of these activities are likely to be relevant to the audit of the FS
3) Assess the competence and objectivity of the internal auditors
Factors for assessing:
Competence Objectivity
• Educational level and professional • The organizational status of the internal
experience auditor responsible for the internal audit
• Professional certification and continuing function (eg Internal auditor reports to
education and has direct access to TCWG)
• Audit policies, procedures and • Policies to maintain internal auditor’s
checklists objectivity about the areas audited
• Practices regarding their assignments • Tow hat extent management acts on
• The supervision and review of their audit the recommendation of the internal
activities audit function, and how such action is
• The quality of their working paper evidenced
documentation, reports and
recommendations
• Evaluation of their performance
4) When external auditor intends on using specific work of the internal auditor, he or she should
evaluate and perform audit procedures on that work to confirm its adequacy for audit
→ External auditor should supervise, review, evaluate and test the internal auditor’s work.
Those Charged With Governance (TCWG)
→ Person(s) with responsibility for overseeing the strategic direction of the entity and obligations
related to the accountability of the entity.
CHAPTER 17, SEMINAR 20.

Audit Strategy and Audit Plan

Audit Strategy
1) Scope of the engagement
2) Ascertain the reporting objectives to plan the timing of the audit
3) Consider the factors that will determine the focus of the engagement team’s efforts (RMM)
Audit Plan → More material that Audit Strategy
1) Nature, timing and extent of the planned risk assessment procedures to be used
2) Nature, timing and extent of planned further audit procedures at the assertion level for each
class of transactions, account balance and disclosure
3) Description of other audit procedures to be performed in order to comply with auditing
standards
• Auditor should be guided by the results of the risk assessment procedures performed. Steps:
o Assess business risks and establish materiality
o Assess the need for experts
▪ Finance, tax, valuation, pension and information technology
▪ Auditor is still ultimately responsible for work performed by the expert.
o Consider the possibility of non-compliance with laws and regulations
o Identify related parties
▪ Three categories:
(1) Entity that has control or significant influence, directly or indirectly through
one or more intermediaries on the reporting entity
(2) Entity over which the reporting entity has control or direct or indirect
significant influence
(3) Entity that is under common control with reporting entity through having
common controlling ownership, owners who are close family members, or
common key management
▪ Important because transactions may not be at arm’s length
o Conduct preliminary analytical procedures
27
 ▪ Defined as consisting of evaluation of financial information through analysis of
plausible relationships among both financial and non-financial data.
• Objectives of analytical procedures:
o Understand the client’s business and transactions
o Identify financial statement accounts that tare likely to contain
errors → Allocate more resources to investigate these accounts
▪ Eg: Compare financial information with prior periods, anticipated or industry
results.
▪ Investigation of unexpected fluctuations and relationships
o Consider additional value-added services
▪ Tax planning, transaction supports, IT consultancy etc.
▪ Should alert the audit engagement team to proactively identify opportunities to
improve client service
▪ * Remember that there’s a limitation to consultancy services that can be provided

TYPES OF AUDIT TESTS

1) Risk Assessment Procedures. 2) Test of Controls. 3) Substantive procedures
1) Risk Assessment Procedures
Used to assess the risks of material misstatement at the FS and assertion levels.
CHAPTER 3, SEMINARS 8 & 9

2) Test of Controls
Performed to test the operating effectiveness of controls in preventing, or detecting and
correcting material misstatements at the relevant assertion level.
MUST BE CONDUCTED WHEN: SSA 330(8)
1) When auditor’s risk assessment at assertion level includes an expectation of the operating
effectiveness of controls (ie Auditor intends on relying on relying on controls to determine
nature, timing and extent of substantive procedures)
2) When substantive procedures alones do not provide sufficient appropriate audit evidence

Eg of TOC:
• Inquiries of appropriate management, supervisory and staff personnel
• Inspection of documents, reports and electronic files
• Observation of the application of specific controls
• Walk-through → Trace transaction from its origination to its inclusion in the FS through a
combi of audit procedures including inquiry, observation and inspection
• Re-performance of the application of the control

3) Substantive procedures
→ Detect material misstatements in a transaction class, account balance and disclosure element
of the FS. Two types: (1) Test of details of classes of transactions, account balances and
disclosures; and (2) Substantive analytical procedures.

(1) Test of details

a. Substantive tests of transactions: Test for errors or frauds in individual transactions. Eg
Examine a large purchase of inventory by testing cost in invoice properly recorded
in inventory and AP accounts
b. Test of details of account balance and disclosures: eg Send confirmations to a
sample of customers in order to gather evidence.

(2) Substantive Analytical Procedures

• Defined as consisting of evaluation of financial information through analysis of plausible
relationships among both financial and non-financial data.
COMPARISON OF RECORDED VALUES WITH EXPECTATIONS DEVELOPED BY AUDITOR.

28
 ---Continued next page---
Substantive Analytical Procedures
Preliminary Analytical Used for risk assessment to better understand the business and to
Procedures plan the nature, timing ad extent of audit procedures
Substantive Analytical Used to obtain evidence about particular assertions related to
Procedures account balances or classes of transactions. (Not mandatory)
Final Analytical Procedures Used as an overall review of the financial information in the final
review stage of the audit.

Types of Analytical Procedures

• Evaluative procedures
o Trend analysis: Analysis of change in an account over time
o Ratio analysis: Comparison of relationships between financial statement accounts
or between an account and non-financial data, across time or to a benchmark.
• Predictive procedures
o Reasonableness analysis: Development of a model to form an expectation using
financial data, non-financial data, or both, to test account balances or changes in
account balances between accounting periods.

Reliability depends on:

• Availability of relevant and reliable data used in the calculations
• Plausibility and predictability of the relationship being tested
• Precision of the expectation and rigour of the investigation
• Assessed RMM. Higher risk → Greater reliance on TOD

IF THERE ARE UNEXPECTED RESULTS FROM ANALYTICAL PROCEDURES:

SSA 520 para 7:
• Ordinarily begins with inquiries of management
• Corroboration of management’s responses
• Consider need for other audit procedures f explanation not adequate

29
8: Materiality and Risk Assessments
Materiality and Audit Risk
SSA 320 (A1):
Materiality and audit risk are considered throughout the audit, in particular, when:
• Identifying and assessing the risks of material misstatements (SSA 315)
• Determining the nature, timing and extent of further audit procedures
• Evaluating the effect of uncorrected misstatements, if any, on the FS and in forming the
opinion in the auditor’s report

Materiality
SSA 320 (2):
• Misstatement, including omissions, are considered to be material if they, individually or in
the aggregate, could reasonably be expected to influence the economic decisions of
users taken on the basis of the FS
• Judgments about materiality are made in light of surrounding circumstances, and are
affected by the size or nature of a misstatement, or a combination of both
• Judgments about matters that are material to users of FS are based on a consideration of
the common financial information needs of users as a group

Determining Materiality at planning stage

SSA 320 (10): When establishing the overall audit strategy, the auditor shall determine materiality
• For FS as a whole
• For particular classes of transactions, account balances or disclosures for which
misstatements of lesser amounts than materiality for the FS as a whole could reasonably be
expected to influence the economic decisions of users taken on the basis of FS, due to
circumstances such as:
- Law, regulation or applicable financial reporting framework affecting users’ expectations
regarding certain items (eg related party transactions, director’ remuneration)
- Key disclosures in relation to the industry in which entity operates (eg R&D for
pharmaceutical company)
- Attention focused on particular aspect of entity’s business that is separately disclosed in
the FS (eg Newly acquired business)

SSA 320 (A3-4, A7)

• Typically use a percentage applied to a chosen benchmark as a starting point in
determining the materiality for the financial statements as a whole (Professional judgment)
• Factors affecting choice of benchmark
o Elements of FS (eg Assets, Liabilities, Equity, Revenue, Expenses)
o Focus of users (eg Financial performance)
Nature of entity (eg Industry, source of finance)
o Volatility of benchmark
Eg: Capitaland → Asset based company, so will look more at Assets as compared to
income. (eg Look at appreciation of assets rather than revenue)

• Profit before tax from continuing operations I often used fro profit-oriented entities
• There is a relationship between the percentage and the chosen benchmark, such that a
percentage applied to profit before tax from continuing operations will normally be higher
than a percentage applied to total revenue.
• Materiality may need to be revised as the audit progresses due to changes in circumstances.

30
Performance materiality
SSA 320 (9 & 11)
1. The auditor shall determine performance materiality for the
purposes of assessing the risks of material misstatement
and determining the nature, timing and extent of further
audit procedures
2. Performance materiality means the amount(s) set by the
auditor at less than materiality for the FS as a whole (and
for particular classes of transactions, account balances or
disclosures where applicable) to reduce to an
appropriately low level that the probability that the
aggregate of uncorrected and undeterred misstatements
exceeds materiality.

Audit implications of Identified Misstatements

SSA 450: Auditor shall:
• Accumulate misstatements identified during the audit other than those that are clearly
trivial (CTT)
• Evaluate if identified misstatements require revision to overall audit strategy and audit plan
• Communicate identified misstatements with management and request for correction
• Evaluate the effect of uncorrected misstatements on the FS (after updating materiality
where necessary)
• Communicate uncorrected misstatements with TCWG and request for correction
• Request written representation from management and TCWG that the effects of
uncorrected misstatements are immaterial, individually and in aggregate, to FS as a whole.
o List out all misstatements!
o Don’t need to list those below CTT but still need to tell management as they are still
responsible for corporate governance and they would want to know that they need
to improve their controls

Dr AR 10
Cr Sales 10
...
...
Aggregate

Nature of misstatements
SSA 450.A3: In evaluating the effect of misstatements and commincating misstatements with
TCWG, it may be useful to distinguish between:

• Factual misstatements
→ About which there is no doubt
• Judgmental misstatements
→ Related to management’s selection or application of accounting policies or judgments
concerning accounting estimate that the auditor considers inappropriate or unreasonable
• Projected misstatements
→ Related to auditor’s best estimate of misstatements based on projection of identified
misstatements from audit samples to entire populations.

31
Evaluating effect of Uncorrected Misstatements
SSA 450.11: The auditor shall determine whether uncorrected misstatements are material,
individual or in aggregate, considering:
Size and nature of the misstatements
Particular circumstance of their occurrence
Effect of uncorrected misstatements related to prior periods (and future periods?)

SSA 450.16: Examples of circumstances that may render a misstatement material:

The extent to which the misstatement:
• Affects compliance with regulatory requirements, debt covenants or other contractual
requirements
• Masks a change in earnings or other trends
• Affects ratios used to evaluate the entity’s financial position, results of operations or cash
flows
• Affects significant segment information presented in the financial statements
• Increases management compensation (eg By meeting bonus criteria)

Step 1: Determine
Materiality and
Performance Materiality
for the FS as a whole
Step 2: Determine
Materiality and
Performance Materiality Step 3:
for Classes of Evaluate audit findings
Transactions, Account
Balances or Disclosures

Overall materiality: For FS as a whole

Specific materiality: For particular FS areas

Audit Risk (SSA 200)

• The risk that the auditor expresses an inappropriate audit opinion when the FS are
materially misstated.
• As the basis for the auditor’s opinion, SSAs require auditor to obtain reasonable assurance
about whether the FS as a whole are free from material misstatement, whether due to
fraud or error.
• Reasonable assurance is a high level of assurance. It is obtained when the auditor has
obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low
level.
High materiality → Low Audit Risk → Less extensive audit procedures required
Low materiality → High Audit Risk → More extensive audit procedures required

32
 *** Audit Risk Model: ***

Inherent risk and control risk:

Risk the Material Misstatements Exist

Audit Risk = IR x CR x DR
• Risk of material misstatements: The risk that the FS are materially misstated prior to the
audit. May exist at overall financial report level and may affect many assertions or at
assertion level (SSA 200.A34). At assertion level, RMM consists of 2 components:
o Inherent risk: The risk that FS could be materially misstated, before consideration of any
related controls.
o Control risk: The risk that any material misstatement in the FS will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control.
• Detection risk: Risk that the procedures performed by the auditor fail to detect a material
misstatement that exists.
It is the risk that auditor will not detect misstatements.
Consists of (i) Non sampling risk: Inappropriate audit procedure, failure to detect when
using the appropriate procedure, misinterpreting audit results, and
(ii) Sampling risk: Wrong sample, wrong number of samples, etc.

eg:
AR = IR x CR x DR
SIA Low Low High
Durian Ltd High High Low
→ Auditor can afford to make more mistakes for SIA, but must do more work for Durian Ltd

Planned DR = Planned AR / RMM

Detection risk (SSA 200)

• Relates to the nature, timing and extent of auditor’s procedures determined by auditors to
reduce audit risk to an acceptably low level
• Is a function of effectiveness of an audit procedure and its application by auditors, which may
be affected by factors such as:
o Adequate planning
o Proper assignment of personnel to the engagement team
o Application of professional skepticism
o Supervision and review of the audit work performed

33
9: Risk Assessments
Audit risk, Auditor’s business risk and client’s business risk
Audit Risk
The risk that the auditor
expresses an inappropriate
audit opinion when the
financial statements are
materially misstated. (SSA 200)
Auditor’s Business Risk
The risk that the auditor is
exposed to loss or injury to
professional practice from
litigation, adverse publicity or
other events arising in
connection with financial
statements audited and
reported on (EMGP p.77, SSA
200, A33)
Client’s Business Risk
A risk resulting from significant
conditions, events,
circumstances, actions or
inactions that could adversely
affect an entity’s ability to
achieve its objectives and
execute its strategies, or from
the setting of inappropriate
objectives and strategies.

Why assess client’s business risk?

• Business risks include any external or internal factors, pressures, and forces that bear on the
entity’s ability to survive and be profitable
• Implications for the auditor:
o Risk of materiality misstatement (IR and CR)
o Financial statement expectations
o Going concern risks
o Value-added advice and services
o Client may not be able to pay audit firm at the end of the engagement

Auditor’s risk assessment process

Assess the entity's business risks

Relate those risks to what can go wrong at the class of transactions, account balance
or disclosure levels

Assess the risk of material misstatement

(RMM)
(* RMM = IR x CR)

Audit risk = RMM x Detection Risk

Understanding entity’s business and its environment

SSA 315(11): Auditor is required to obtain an understanding of the entity and its environment,
including entity’s internal control:
• Relevant industry, regulatory and other external factors
• Nature of the entity, including its ownership and governance, operating, investing and
financing activities
• Selection and application of accounting policies
• Objectives and strategies, and those related business risks that may result in risks of
misstatement
• Measurement and review of entity’s financial performance

34
EXTERNAL
PEST Analysis – Tool for assessing external risks.
• Political: Government stability, taxation laws, industrial policies, employment law, mergers
law, environment law, trade treaties
• Economic: Inflation, employment, disposable income, interest rates
• Social: Demographic, income distribution, level of education, attitudes to work and leisure
• Technological: New developments/discoveries, technological transfer, technological
obsolescence

Porter’s Five Forces

1. New entrants
2. Customers
3. Suppliers
4. Substitutes
5. Industry competitors

SWOT analysis
S: Strengths – Internal aspects that can improve competitive situative
W: Weaknesses – Internal aspects, vulnerability to competitors’ strategic moves
O: Opportunities: Environmental aspects that can improve entity’s situation relative to
competitors
T: Threats: Environment aspects that can undermine entity’s competitive situation.

INTERNAL
Strategic risk: eg, Emphasis on wrong product; inappropriate acquisitions
Operational risk: Flaws in the way business is carried on, its processes and systems (eg Poor labour
relations; loss of key employees; reliance on few suppliers or customers; lack of R&D)
Governance risk: Poor or inadequate corporate governance
Financial risk: Inadequate finance, high gearing

Responses to assessed risks

SSA 315(5): Risk assessment procedures by themselves do not provide sufficient appropriate audit
evidence on which to base the audit opinion

SSA 315(25): The auditor shall identify and assess the RMM:
• At the financial statement level, and
• At the assertion level for classes of transactions, account balances, and disclosures, taking
into account relevant controls the auditor intends to test
To provide a basis for designing and performing further audit procedures.
35
 Financial statement level Assertion level
RMM is pervasive (3 criteria) Can identify into a few assertions?
Eg: Going concern problem (Affects whole FS) *** Try to do assertion level as much as
Cannot specify which account is at risk possible
TRY TO DRILL DOWN TO ASSERTION LEVEL AS FOR AS POSSIBLE! THEN CAN SPECIFICALLY DESIGN
PROCEDURES FOR THESE ASSERTIONS.

Responses for FS level risks Responses for assertion level risks

SSA 330(5, A1-3): Auditor shall design and
implement overall responses to address the
assessed RMM at the FS level, including:
• Emphasizing to the audit tea the need
to maintain professional skepticism
• Assigning more experienced staff or
those with special skills or using experts
• Providing more supervision
• Incorporating additional elements of
unpredictability in the selection of
further audit procedures to be
performed
• Making general changed to the nature,
timing, or extent of audit procedures,
for eg: Performing substantive
procedures at the period end instead
of at an interim date; or modifying the
nature of audit procedures to obtain
more persuasive audit evidence.
SSA 330 (6, A4-16): Auditor shall design and
perform further audit procedures whose
nature, timing and extent are based on and
are responsive to the assessed RMM at assn.
level.
• Nature: Purpose (eg TOC vs Substantive
procedures), and Type (eg
Confirmations vs substantive analytical
procedures)
• Timing (Interim date vs period end)
• Extent (eg Sample size, frequency of
observation)

36
10: Internal Control over Financial
Reporting
COSO Internal Control Integrated Framework
Internal control is a process designed and effected by entity’s BOD, management, and other
personnel to provide reasonable assurance that the organization’s objectives are being met:
• Effectiveness and efficiency of operations
• Safeguarding of assets
• Reliability of financial reporting
• Compliance with applicable laws and regulations
SSA 315(12): Most controls relevant to the audit are likely to relate to financial reporting

Management’s responsibility for internal control Auditors’ responsibility for client’s internal contrl
SSA 200(A2): An audit in accordance with SSAs SSA 315(12): Obtain an understanding of
is conduced on the premise that mgmt. and internal control relevant to the audit when
TCWG have acknowledged and understand identifying and assessing the risks of material
their responsibility for: misstatement
• Preparation of f/s in accordance with
the applicable financial reporting SSA 265: Communicate identified control
framework; and deficiencies to TCWG and mgmt. that are of
• Such internal control determined by sufficient importance to merit their respective
them to be necessary for preparation of attention
f/s that are free from material
misstatement, whether due to error or USA: Auditor required to express opinion of
fraud effectiveness of internal controls over financial
Companies Act (S199, 2A): Every public reporting for public companies
company and every subsidiary of a public
company shall devise and maintain a system of
internal accounting controls sufficient to
provide a reasonable assurance that
• Assets are safeguarded against loss from
unauthorized use or disposition; and
• Transactions are properly authorized and
recorded to permit the preparation of
true and fair profit and loss accounts and
balance sheets and to maintain
accountability of assets

Obtaining understanding of internal control

• Auditor needs to evaluate the design of controls relevant to the audit and whether they
have been implemented
• Typical audit procedures used include:
o Inquiry of entity’s personnel
o Observing application of specific controls
o Inspecting documents and reports
o Tracing transactions through the information system relevant to financial reporting =
Walkthrough
o Reperformance

37
Control risk assessment and audit strategy
Control risk assessed at maximum (Substantive
Strategy):
Auditor does not intend on relying on entity’s
internal controls to reduce substantive testing
because he concludes that:
• Internal controls are not effectively
designed or implemented (hence
reliance strategy is not justified), OR
• A substantive strategy is more efficient
IF CONTROLS SUCK, DON’T BOTHER TESTING
Control risk assessed at below maximum
(Reliance Strategy):
Auditor intends on relying on entity’s internal
controls to reduce substantive testing
• Need to test operating effectiveness of
controls to assess if the “achieved” level
of control risk is in line with the “planned”
control risk (ie Whether preliminary
assessment of control risk is supported
TEST THE INTERNAL CONTROL SINCE YOU
WANNA RELY ON IT (Then can do less
substantive testing!)

Testing of operating effectiveness of internal control

SSA 330(8): Auditor shall test the operating effectiveness of relevant controls if:
• Auditor’s assessment of risks of material misstatement at the assertion level includes an
expectation that the controls are operating effectively (that is, the auditor intends to rely
on the operating effectiveness of controls in determining the nature, timing and extent of
substantive procedures); OR
• Substantive testing alone cannot provide sufficient appropriate audit evidence at the
assertion level (eg For highly automated systems)

38
Limitations of internal controls
SSA 330(18): Irrespective of the assessed RMM, the auditor shall design and perform substantive
procedures for each material class of transactions, account balances and disclosures.
Because of the limitations of entity’s internal control
• Management override of internal control
• Collusion
• Human errors or mistakes
Moreover, auditor’s risk assessment is judgmental
No such thing as 100% control testing
But 100% substantive is possible

TEST OF CONTROLS
• Inquiry, observation, inspection of documents, re-performance
Consider:
• Who performs the control
• How well was the control performed
• How consistent was the control applied throughout the period of intended reliance
• Potential risk factors, such as Changes in personnel, Seasonal fluctuations in volume of
transactions.
Examples:

Control Audit Procedure

Payment received by cheque,
not cash
Daily cash receipts reports are
generated and reconciled to all
cheques
Cheques are deposited daily
Check bank statements
Check whether there has been any cash received
Check for evidence that clerk really checked one by one
(eg Tickmarks)
* A print out/balance check does not prove anything.
Outcome (balance) is not indicative of process/control
Check bank statements (that they have been banked daily)

Communication of deficiencies in internal control

Deficiency Significant Deficiency
1. A control designed, implemented or operated in such Deficiency or combination of
a way that it is unable to prevent, or detect and deficiencies in internal control
correct, misstatements in the FS on a timely basis that, in the auditor’s professional
Or judgment, is of sufficient
2. A control necessary to prevent, or detect and correct, importance to merit the attention
misstatements in the FS on a timely basis is missing. of TCWG.
Communication: Depends on both whether misstatement has occurred and likelihood and
potential magnitude of misstatement.
SSA 265: Auditor shall communicate in writing significant control deficiencies to TCWG.

39
Shall also comm other control deficiencies judged to be of suff importance to merit mgmt.’s attn..

40
11: Auditor’s responsibility for fraud, illegal acts and
related party transactions

Significant risks
SSA 315(27-28): As part of risk assessment, auditor shall determine whether any risks identified are
significant risks (before considering controls), including risks related to:
• Fraud
• Significant economic, accounting or other developments
• Complex transactions
• Significant transactions with related parties
• Financial information involving high measurement subjectivity or uncertainty
• Significant transactions outside normal course of business or otherwise appear unusual
Such risks have higher RMM because (1) Often involve significant non-routine transactions or
judgmental matters, and (2) are less subject to routine controls.
Auditor needs to obtain understanding of entity’s controls relevant to such significant risks, and
perform substantive procedures that are responsive to the assessed risks at the assertion level.

Misstatements due to fraud

SSA 240: Misstatements can arise from:
- Error (unintentional)
- Fraud (An intentional act by one or more individuals among management, TCWG, employees
or third parties, involving the use of deception to obtain unjust or illegal advantage.
1. Fraudulent financial reporting (para A3):
• Manipulation, falsification or alteration of records or documents
• Misrepresentation or omission of the effects of transaction from records or documents
• Intentional misapplication of accounting policies
2. Misappropriation of assets (defalcation)
• Embezzling receipts
• Stealing assets or intellectual property
• Causing an entity to pay for goods not received
• Using an entity’s assets for personal use
- Although FS fraud is the least common, it causes the biggest loss
- Vice versa for asset misappropriation
- Usually detected through whistle blowing from employees
- Most frequent anti fraud controls (in order): External audit, code of conduct
- Primary internal control weaknesses: Lack of internal control, override, lack of mgt review
- Department of perpetrator: Accounting, operations, sales
Asset misappropriation
Category Example
Skimming Employee accepts payment from a customer but does not record the
sale and instead pockets the money
Cash larceny Steals cash and cheques from daily receipts before they can be
deposited in bank
Billing EmpE creates shell co and bills employer for services not actually
rendered
Employee purchases personal items and submits an invoice to employer
for pmt
Expense reimbursement EmpE files fraudulent expense repoirt, claiming personal travel,
nonexistent meals etc
Cheque tempering EmplE steals blank company cheques and makes them out to himself
EmpE steals outgoing cheques and deposit in own account
Payroll EmpE claims overtime for hours not worked
EmpE adds ghost empE
Cash register disbursements EmpE fraudulently voids a sale on cash register and steals the cash
Misappropriation of cash on hand EmpE steals cash from vault

41
 Non-cash misappropriation EmpE steals inventory from warehouse
EmpE steals/uses confidential client info
Behavioral red flags
- Living beyond means (look at income tax against wealth)
- Financial difficulties
- Unusally close associate with vendor/customer
- Control issues, unwillingness to share duties
- Divorce, family problems

Responsibility
Primary responsibility for the prevention and deterion of fraud rests with mgmt. and TCWG.
Auditor’s responsibility
• An auditor conducting an audit inaccordance with SSAs is responsible for obtaining
reasonable assurance that the FS taken as a whole are free from material misstatement,
whether caused by fraud or error.
• In relation to RMM due to fraud, auditor should:
- Identify and assess RMM due to fraud
- Design and implement appropriate responses
- Respond appropriately to identified or suspected fraud

Auditor’s response...
... 1. To overall heightened risk of fraud (SSA 240)
• Maintain professional skepticism throughout the audit, recognizing the possibility of fraud
• Discuss susceptibility of FS to fraud among engagement team
• Perform relevant risk assessment procedures, including
o Enquire management and other within the entity (including internal auditors, TCWG)
▪ Fraud risk management process
▪ Knowledge of actual, suspected or alleged fraud
o Apply analytical procedures to identify unusual/unexpected relationships that may be
indicative of fraud
o Consider other information (eg From client acceptance process or other engagements)
that may be indicative of fraud
o Evaluate fraud risk factors
▪ Fraud risk triangle (INCENTIVE, OPPORTUNITY, RATIONALIZATION)
▪ * Rationalization: Even if there’s incentive and opportunity, if the company has
a culture/ethics/values that are against fraud, fraud will still not occur)

42
... 2. To RMM due to fraud:
• Identify & assess RMM due to fraud at FS level and assertion level
• Presumed risks of (Don’t start at neutral. Start at being suspicious already) eg At start of audit
already assume that revenue is overstated and that controls have been overridden, THEN
justify otherwise
o Fraud in revenue recognition
o Mgmt override of conrols
• Respond to assessed RMM due to fraud
o FS level (overall responses) – SSA 240 (A33 – 36)
▪ Eg Assignment of more experienced staff or experts & closer supervision
o Assertion level – SSA 240 (A34 – 40, Appen 2)
▪ Nature, timing and extent of further audit procedures responsive to the assessed
risks
Audit procedures for risk of override of controls
• Test appropriateness of journal entries and other adjustments
• Review accounting estimates for bias
• Assess business rationale of significant transactions
• Obtain written representations from mgmt. and TCWG (* Not enough but is a must)
o Acknowledgement of responsibility for IC to prevent and detect fraud
o Results of management’s assessment of RMM due to fraud
o Any known, alleged or suspected fraud
... 3. To identified/suspected fraud
• Evaluate implications for other aspects of audit (eg Risk assesments and audit plan, reliabilitiy
of evidence collected)
• Communicate with management and TCWG on timely basis (including control deficiencies)
• Consider the need to:
o Report to outside authorities
o Withdraw from engagement
▪ If there’s serious integrity issues with management
o Seek legal advice
▪ Communication responsibilities
▪ Other laws (eg Money laundering laws)

FRAUD AND LAW AND REGULATIONS

Non compliance with laws and regulations may have material effect on FS because:
1. Some laws and regulations have direct effect on the determination of material amounts and
disclosures in F/S (eg Tax laws, disclosures required by SGX regulations)
• Auditor needs to obtain sufficient appropriate evidence regarding compliance with
these laws and regulations
2. Non compliance with certain laws and regulations may lead to material penalties, and
restrictions to, or inability to continue operations
• Auditor needs to perform audit procedures to identify instances of non-compliance with
these laws and regulations (eg Inquiry with mgmt. and TCWG, and inspection of
correspondences with relevant authorities)
3. May affect completeness of legal liabilities

Auditor’s responsibility...
... 1. To report on NON COMPLIANCE WITH COMPANIES ACT
Companies Act S207(9):
If an auditor, in the course of the performance of his duties as auditor of a co, is satisfied that
a) There has been a breach or non-observance of any of the provisions of this Act; and
b) The circumstances are such that in his opinion the matter has not been or will not be
adequately dealt with by comment in his report on the accounts or consolidated accounts
or by bringing the matter to the notice of the directors of the company or, if the company
is a subsidiary, of the directors of its holding company

43
 (ie, His comment will not be enough to deal with the matter)
→ This is onerous on the auditor
he shall immediately report the matter in writing to the Registrar.

Eg, Auditor can choose whether to report the co. for eg for not meeting quorum for AGM.
→ Very administrative, strictly speaking not very serious
BUT, eg, If auditor discovers that a private exempt company has given a loan to a director and it’s
serious → MUST REPORT.
... 2. To report FRAUD
Companies Act S207, 9A:
If an auditor of a public co or a sub of a public co has reason to believe that a ***serious offence
involving fraud or dishonesty is being or has been committed against the co by officers or
employees of the co, he shall immediately report the matter to the Minister.

CA S207, 9D:
*** A serious offence = An offence punishable by imprisonment of not less than 2 years and the
value of the property involved not less than $20,000.
... 3. Other reporting responsibility
SAP 1 – Guidance to Auditors on Money Laundering and Terrorism
• Whilst auditors have no statutory responsibility to undertake work solely for the purpose of
detecting money laundering and terrorism financing, they nevertheless need to take the
possibility of money laundering and terrorism financing into account (para 21)
• Auditor of all entities need to be sufficiently aware of the main provisions of the anti-money
laundering (AML) and anti-terrorism financing (ATF) legislation... (para 44)

Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (Chapter 65A)
• S39 – Duty to disclose knowledge or suspicion of drug trafficking or criminal conduct.

Related Parties
SSA 550: → Provides robust basis for identifying risks of material misstatement from RPs
• Many financial reporting frameworks establish specific accounting and disclosure
requirements for related party (RP) relationships, transactions and balances because RP are
not independent of each other.
o FRS 24 (Disclosure):
▪ Knowledge of such information may affect FS users’ assessments of entity’s
operations, including risks and opportunities facing the entity.
• Audit significance of RPs and RP transactions:
o Risks from inappropriate accounting → Arms-length transaction
o Risks from non-identification or non-disclosure
o Risks of fraud
• Inherent difficulty in identifying undisclosed RPs/RPTs
o Eg, Management itself may be unaware of RPs and RPTs (especially if framework does
not require disclosure)
• Heightened risk of fraud
o RPs present greater opportunities for collusion, concealment, or manipulation by
management
o RPs involved in a number of corporate reporting scandals in recent times

SSA 315:
• Risk based approach requires a thorough understanding of RPs and RPTs to identify and assess
risks
o Consider RPs in engagement team discussion
o Inquire into changes in RPs from prior period, nature of RP relationships, and type and
purpose of RPTs
o Understand controls to identify, account for, and disclose RPs and RPTs; and to authorize

44
 and approve significant RPTs
• Determine whether any of the assessed risks are significant risks.
• Respond appropriately to assessed risks

Identifying undisclosed RPs or significant RPT

• Searching for unidentified or undisclosed RPs or RPTs can be an onerous task
• SSA 550.15
o Mandatory document inspection limited to a few document types (Bank and legal
confirmations and minutes)
o Required to consider which other records or documents should be inspected in the
circumstances (ie, As required). SSA 550.A22
o Required to remain alert to undisclosed RPs or RPTs (SSA 550.A23)
o Use secondary information (eg Google)

Fraud risk factors

• Be especially alert to fraud risk factors from RPs
• SSA 550.A224-A30
o Consider fraud potential of RPs in engagement team discussion
o Consider features of the control environment that may deter or facilitate fraud
o Consider fraud implications if non-disclosure of RPs or RPTs by management appears
intentional
o Evaluate business rationale of significant RPTs outside normal business

Discovery of undisclosed RP or significant RPTs

Treated as a red flag
• Probe the underlying circumstances
• Communicate newly identified RPs to the team
• Ask management to identify all transactions with the newly identified RPs
• Perform substantive procedures in relation to newly identified RPs/RPTs
• Reassess risk that other unidentified or undisclosed RPs or RPTs may exist
• If non-disclosure appears intentional, evaluate audit implications
• If they die die don’t wanna confess, may need to qualify your opinion about the suspected
transactions. (Limitation of scope)

Misappropriation for Audit procedure Control

assets
Accountant managed • Check for income from investment • Segregation of
investment activities. (Analytical review) duties
Divert earnings to • Note that there is no segregation of • Management
personal use. To cover duties review of
up, systematically • Look at annual investor report which investment reports
under-recorded the will state the income earned over
income earned. the year
Purchasing clerk sets • Analytical review: Purchase • Proper control of
up fictitious vendor, turnover, why COGS > Sales, approving vendors
creates bogus declining Gross Profit Margin • Restrict access,
receiving reports, • Vendor confirmation → Depends on segregate duties,
vendor invoices, POs to how creative the clerk is rotate the
accounts payable for • Observe inventory stock count → purchasing clerk so
processing Goods must have come in for these that LT relationship
purchases. Look @ write off of cannot be built →
inventory Lower likelihood of
• Look at segregation of duties → How collusion
can purchasing clerk also process
payment

45
Purchasing clerk pay • Check on clerk’s wealth vs income • Rotation of
higher-than-market • Check comparative quotes purchasing clerk
prices from an between vendors (Competitive • Encourage whistle
important vendor → In pricing) blowing
return, receive perks • Are there two to three quotes? Did
from vendor and clerk take care to find the cheapest
kickbacks quotation?
Supervisor of small • Check against CPF • Segregation of
manuf co and payroll • Attend and observe issuing of duties (though may
clerk colluded to add cheques (eg Look at empE, do they still collude)
extra person to payroll really look like construction workers) • Rotate
• Should report to TCWG, even if not supervisor/clerk
material

46
12: Auditing in a computerized
environment
Issues introduced in a computerized environment
1. Input errors → If there’s something wrong with one check, it can lead to all transactions having
errors
2. Systematic vs Random processing errors
3. Lack of an audit trail → (Therefore the logbook is very important → Check who comes in at
odd hours
4. Inappropriate access to computer files and programs → Easy to copy out database
5. Reduce human involvement in processing transactions → Harder to track and monitor
processes

Implications of IT/CIS for auditor’s risk assessment

SSA 315 (11d): Auditor shall obtain an understanding of the entity’s objectives and strategies, and
those related biz risks that may results in RMM
SSA 315 (Appendix 2): eg of events and conditions that may indication RMM
• Inconsistencies between entity’s IT strategy and its biz strategies
• Changes in the IT environment
• Installation of significant new IT systems related to financial reporting
SSA 315 (A55-56):
• IT can improve an entity’s internal control (eg, By enhancing consistency of info processing,
segregation of duties)
• However, can also pose specific risks to internal control (eg Risk of unauthorized access or
change to data and programs)
SSA 315 (21):
In understanding the entity’s control activities, the auditor shall obtain an understanding of how
the entity has responded to risks arising from IT
SSA 315 (A95-97):
Controls over IT systems include:
• General controls → Excess to the house
• Application controls → Excess to the fridge
→ Only bother to care about application controls if general controls are working

General controls Application controls

Excess to the house
Policies and procedures that relate to all
applications and support the effective
functioning of application controls.
Deficiencies will affect processing of various
types of transactions
Excess to the fridge
Manual or automated controls over input,
processing and output of individual
applications to help ensure transactions are
authorized and processed accurately and
completely

General Controls
1. Data centre and network operations
a. Controls over computer and network operations: Rotation of operator duties, mandatory
vacations, operations systems log that is regularly reviewed to ensure that operators have
not performed any unauthorized activities.
b. Controls over data preparation: Proper entry of data into application system, proper
oversight of error correction
c. Work flow control: Scheduling of application programs, proper setup for programs, use of
control files
d. Library: Need to make sure that correct files are provided for specific applications, files are

47
 properly maintained, and backup and recovery procedures exist.

2. System software acquisition, change and maintenance

→ Computer programs that control the computer functions and allow the application programs
to run. (eg OS, Library, Security packages, DBMS)

Approval process for purchases of new system software and changes and maintenance of
existing systems.
3. Access security
a. Physical protection of computer equipment, software and data
b. Loss of assets and information through theft or unauthorized use
• Locating the computer facilities in a separate building or in a secure part of a building
• Limit access to the computer facilities through use of locked doors + conventional key,
authorization card, physical recognition
• Programmer not allowed in computer room → Prevent them from making unauthorized
modifications to systems and app process.
• Protection against water, fire, electrical problems, sabotage (Proper construction of computer
facilities, disaster recovery plan eg off-site backup location for processing critical applications)
• Physical security over remote terminals
• Authorization tables
• Firewalls
• User identification controls like passwords
• Encryption of data
4. Application system acquisition, development and maintenance
• Written policies and procedures for planning, acquiring or developing and implementing new
systems.
• Request by user department > Feasibility study > Acquired/designed, programmed, tested,
implemented > Documentation including flowcharts, file layouts, source code lsitings, operator
instructions.
• Controls that enable authorized changes to be implemented
• Controls that prevent unauthorized changes.

Application Controls
1. Data capture controls
Ensure that (1) all transactions are recorded in the application system, (2) transactions are
recorded only once, (3) rejected transactions are identified, controlled, corrected and re-entered
into the system.
Primarily concerned with occurrence, completeness, accuracy.

i) Source documentation data capture should have these controls: Batch processing control (ie,
Group similar transactions for data entry), attach unique number to each batch, record numbers
into a batch register, cover sheet attached to each batch for signatures, batch totals.

ii) Direct data entry should: Have a log that contains detailed record of each transaction,
including date and time of entry, terminal and operator identification and unique number (eg
Cust no.)]

iii) Combination of source doc and direct entry

2. Data validation controls
Validate batches by an edit program or by routines.
• Limit check: Ensure that a numerical value does not exceed some predetermined value
• Range check: Value in a field falls within an allowable range of values
• Sequence check: Proper numerical/alphabetical sequence
• Existence (validity) test: Test an ID/code by comparison to a file/table contained valid IDs
• Field test: Field contains either all numeric or alphabetical characters

48
 • Sign test: Proper arithmetic sign
• Check-digit verification: Check that original value was not altered
• Turnaround document: Output docs that are used as source docs in later processing →
Prevents data capture and data validation errors.
• Prompts that wait for acceptable response before requesting next piece of input data, eg
Blanks provided to be filled.
• Completeness test: All data items are completed before processing
3. Processing controls
Proper processing of transactions
Highly dependent on General controls
4. Output controls
• Report distribution log: Contains schedule of when reports are prepared, names f
individuals who are to receive the report, date of distribution
• Transmittal sheet: Indicates intended recipient’s names and addresses attached to each
copy of the output
• Release form: Signed upon receipt of the report
Outputs should be reviewed by user departments as they may be the only ones with sufficient
knowledge to recognize certain types of error.
Data control group should check output for reasonableness, batch totals.
5. Error controls
Errors must be resubmitted to the application system at the correct point in processing. (ie, after
being rejected by validity test, the corrected info should be resubmitted into the system)

Controls and purpose

Control
User authorization table
User’s passwords and access
codes are established by user
management and approved
by programming manager
User requests for data are
validated by system against a
transactions-conflict matric
Passwords
Terminal activity logs are
maintained
Input data edited for
reasonableness and
completeness
Control totals are generated
and reconciled
Output is reconciled to
transaction and input control
totals
Backup copies of the
database are generated daily,
restricted to the IT personnel
Purpose Test of Control
Controls who can access what Inspect the table
(Control matrix) Inspect the access
Inspect approval docs
Users can only do certain tings Inspect the table
that are not in conflict w/ their Inspect the access
authority Inspect approval docs
Observe log in
Test log ins
Monitoring of behavior (eg
What time log in? Why he
takes so many times to log in?)
Checks. Eg Do postal codes Test funny data
match?
Credit limits realistic?
Look at log-book, check for
counter-checks eg Tickmarks
→ Evidence for checks by
someone
Prevent loss of data Check back up log

Forming an assessment of control risk

1. Identify specific control objectives
49
2. Identify points where misstatements could occur
3. Identify control procedures designed to prevent or detect misstatements
• General controls and application controls
4. Evaluate design of control procedures
Are tests of control cost-effective?
*** If control is not working, find another control to test. Don’t bother testing the control that
obviously doesn’t work.

Auditing around the computer Auditing through the computer

• Computer treated as a “black box” and
performs tests on inputs and outputs of the
system
• May be appropriate for less complex IT
systems with the existence of hard copy
audit trail
Used when computer is used for relatively
simple calculations
Used when implementation of computer
controls are less extensive
“Hard copy” source documents or audit trail
exists
• Directly test IT controls, with help of CAATs
• SSA 330(8) requires auditor to test the
operating effectiveness of relevant controls
if substantive procedures alone cannot
provide sufficient appropriate audit
evidence at the assertion level
Used when computer applications are more
complex in nature
Used when implementation of computer
controls are more extensive
Source documents exist in electronic formal
Results of one stage of computerized
processing are used a inputs in subsequent
stages of processing

Computer-assisted Audit Techniques (CAATs)

• Generalized audit software (eg ACL)
• Specialized or custom audit software → Very rare and expensive
• Test data → eg Test timesheet (a couple of samples from outside the system)
• Integrated test facility → Run live. Concurrent audit techniques: Evidence are collected at
the same time as when transactions are being processed
• Parallel simulation
• Embedded audit modules → Akin to putting a camera on the client’s software

Test data: Auditor prepares a set of valid, and invalid data, and calculates the expected results
of processing the data, then submits the data into the system, gets the actual results, then
compare the actual with the expected results. Invalid data should be identified as errors.
☺ Direct evidence on effectiveness
 Time consuming to create test data
 May not be sure that all relevant conditions or controls are tested
 Must make sure that the test data is properly removed after testing
 Must make sure that the test data are processed using the client’s regular production programs

50
13: Auditing the revenue process
Revenue:
IASB definition: The gross inflow of economic benefits during the period arising in the course of the
ordinary activities of an entity when those inflows results in increases in equity, other than increases
relating to contributions from equity participants

Criteria for revenue recognition:

1. The entity has transferred to the buyer the significant risks and rewards of ownership of the
goods
2. The entity retains neither continuing managerial involvement to the degree usually associated
with ownership nor effective control over the goods sold
3. The amount of revenue can be measured reliably
4. It is probable that the economic benefits associated with the transaction will flow to the entity
5. The costs incurred or to be incurred in respect of the transaction can be measured reliably

Primary control-related features

• Segregation of duties: Separation of the departments/functions
• Control over sources docs and inputs: The source docs created during processing should
be printed on pre-numbered forms
• Checks, approvals and reconciliations: Additional overlays for control purposes

Revenue process: Audit significance

• Major component of FS – “Always material” except for dormant companies
• High transaction volume (reliance on controls)
• Significant complexity and judgment involved
o Revenue recognition, allowance for doubtful debts
• Susceptibility to fraud
o SSA 240: Presumed risk of fraud in revenue recognition
• Major source of cash inflow (Business risk)

Documents and Records

Customer sales order Details the type and quantity of products or services ordered by customer, and
customer information.
Credit approval form Results from formal procedure for investigating the creditworthiness of the
customer
Open-order Report Report of all customer orders for which processing has not been completed.
Should be reviewed daily or weekly, and old orders should be investigated to
determine if any goods have been shipped but not billed or to determine why
orders have not been filled.
Shipping Document Serves as a bill of lading
Contains information on the type of the product shipped, the quantity shipped
and other relevant data.
Sales Invoice Used to bill the customer. Contains info on the type of product, the quantity,
price and terms of trade of the product/service. Original copy usually sent to
customer, while copes are distributed to other departments.
Sales invoice are typically the source document that signals the recognition of
revenue.
Sales Journal Used to record the necessary info for each sales transaction.
Customer statement Mailed to customer monthly. Contains the details of all sales, cash receipts, credit
memorandum transactions.
AR Subsidiary ledger Contains an account and the details of transactions with each customer
Aged TB of AR Prepared weekly/monthly, summarizes all customer balances in the AR subsidiary
ledger. Balances are reported in categories based on time expired since the day
of the sales invoice.

51
Remittance Advice Contains info regarding which invoices are being paid by the customer
Cash receipts journal To record entity’s cash receipts.
Credit memorandum Record credits for the return of goods in a customer’s account or to record
allowances that will be issued.
Write-off Authorizes the write off of an uncollectible account. Normally initiated in the
Authorization credit department, final approval coming from treasurer.

Functions in the Revenue Process

Order entry Acceptance of customer orders for goods and services into the system in
accordance with management criteria
Credit authorization Appropriate approval of customer orders for creditworthiness. Must
ensure that credit limit is not exceeded without proper authorization.
Shipping Shipping of goods that have been authorized. There must be payment
of proper credit approval before shipment.
Billing Issuance of sales invoices to customers for goods shipped or services
provided; also, processing of billing adjustments for allowances discounts
and returns.
Cash receipts Processing of the receipt of cash from customers. Cash collections must
be properly identified and promptly deposited intact at the bank
Accounts receivable Recording of all sales invoices, collections and credit memoranda in
individual customer accounts. All billings, adjustments and cash receipts
must be properly recorded in customer’ AR records. Use of control totals
and daily activity reports.
General ledger Proper accumulation, classification and summarization of revenues,
collections and receivables in the FS accounts. Reconciliation of AR
subsi ledger to GL control account. Responsible for mailing monthly
customer account statements.

Segregation of Duties
This function ...Should be ...And these Because
separate from people should do
it instead
Credit or Approval of write- Treasurer/cash To prevent fictitious bad-debt write-offs
collection off of bad debts management IC to conceal misappropriation of cash
Credit Billing The individual may make sales to a
customer who is not credit worthy →
bad debts
Shipping Billing Possible unauthorized shipment of
goods. Usual billing procedures may
be circumvented. → Unrecorded sales
transactions and theft of goods.
Accounts General ledger Individual can conceal unauthorized
recoverable shipments. → Unrecorded sales
transactions, theft of goods
Cash Accounts Cash could possibly be diverted and
receipts receivable shortage of cash in accounting records
to be covered. →

52
Inherent risk assessment (4 factors specific to Revenue)
1. Industry-related factors
• Profitability and health of the industry (Lack of demand)
• Level of competition (Affects pricing policies, credit terms, product warranties)
• Industry’s rate of technological change
• Governmental regulation (Some industries more regulated than others)
• Consumer protection legislation (Warranties, returns, financing and product liability)
→ Management may engage in activities that can result in misstatements.
→ Assertions impacted: Authorization and accuracy.
2. Complexity and contentiousness of revenue recognition issues
• Eg: Long term construction contracts, long term service contracts, lease contracts,
installment sales.
• When auditor and management dispute over when revenue, expenses and related profits
should be recognized, auditor should assess RMM as high.
→ Assertions impacted: Cut-off and accuracy.
3. Difficulty of auditing transactions and account balances
• Eg: Mgmt’s estimate for allowance (Subjective).
• RMM of estimates should be set as high as the only evidence available may be past
payment history or a credit agency report which are not reliable.
4. Misstatements detected in prior audits
• Indicator that misstatements are likely to be present during the current audit.

Control risk assessment

Understand and
Set and socument the
document the revenue Plan and perform TOC
control risk for the
process based on a on revenue transactions
revenue process
reliance approach

*The auditor’s testing of control for revenue process impacts the detection risk and therefore the
level of substantive procedures impacted by the controls.
1. Understand and document the revenue process based on a reliance approach
Control environment
Integrity and ethical values, commitment to competence, etc.

Entity’s risk assessment process

How management considers risks that are relevant to the revenue process, estimates their
significance, assesses the likelihood of their occurrence and decides what actions to take.
Eg of risks: Competition, rapid growth, new technology

Control activities
What are the controls that exist to ensure that management’s objectives are being met?

Information systems and communication

For each major class of transactions in the revenue process, auditor needs to obtain the following
knowledge:
• The process where sales, cash receipts, sales returns & allowances transactions are initiated
• The accounting records, supporting documents and accounts that are involved in
processing sales, cash receipts, and sales returns and allowances transactions.
• The flow of each type of transaction from initiation to inclusion in the FS, including computer
processing of the data
• The process used to prepare estimates for accounts such as the allowance for
uncollectable accounts and sales returns
2. Plan and perform tests of controls
Identify relevant controls > Controls are relied upon > CR set below maximum > Auditor conduct

53
TOC to ensure that controls operate effectively.
TOC include:
• Inquiry of client personnel
• Inspection of documents and records
• Observation of the operation of the control
• Walk-throughs
• Re-performance
3. Set and document the Control Risk
Auditor sets the achieved level of control risk.
If results of TOC do not support the planned level of CR, auditor sets CR at a level higher than
planned. Additional substantive procedures in the accounts affected by the revenue process
must then be conducted.

Document: Either quantitative or qualitative (High/Med/Low). Document the accounting system

using flowcharts, results of the TOC, and memorandum indicating overall conclusions about CR.

Assertions
Occurrence All revenue and cash receipt transactions and event that have been recorded
have occurred and pertain to the entity
Completeness All revenue and cash receipt transactions and events that should have been
recorded have been recorded
Authorization All revenue and cash receipt transactions and events are properly authorized
Accuracy Amounts and other data relating to recorded revenue and cash receipt
transactions and events have been recorded appropriately and properly
accumulated from journals and ledgers
Cut-off All revenue and cash receipts transactions and events have been recorded in
the correct accounting period
Classification All revenue and cash receipt transactions and events have been recorded in
the proper accounts

REVENUE TRANSACTIONS
Assertion Possible Example Control Example TOC
Misstatement
Occurrence Fictitious revenue Segregation of duties Observation and evaluation of proper
segregation of duties

Revenue recorded, Sales recorded only with
goods not shipped, approved customer order
or services not and shipping document
performed
Accounting for numerical
sequences of sales invoices
Monthly customer
statements; complaints
handled independently
Completeness Goods shipped or Accounting for numerical
services performed, sequences of shipping
revenue not documents and sales
recorded invoices
Shipping documents
matched to sales invoices
Testing of a sample if sales invoice for
the presence of authorized customer
order and shipping document,; it IT
application, examination of
application controls
Review and testing of client
procedures (control activities) for
accounting for numerical sequence
of sales invoices; if IT, examine app
controls
Review and testing of client
procedures for mailing and handling
complaints about monthly statements
Review and testing of client’s
procedures for accounting for
numerical sequence of shipping
docs, and sales invoices. If IT;
examine app controls
Tracing of sample of shipping docs to
their respective sales invoices and to
the sales journal

54
 Sales invoices reconciled to
daily sales report
An open order file that is
maintained currently and
reviewed periodically
Authorization Goods shipped or Proper client’s procedures
services performed for authorizing credit and
for a customer who shipment f goods
is a bad credit risk
Shipments made or Authorized price list and
services performed specified terms of trade
at unauthorized
prices or on
unauthorized terms
Accuracy Revenue Authorized price list and
transaction specified terms of trade.
recorded at an Each sales invoice agreed
incorrect monetary to shipping doc and
amount customer order for product
type and quantity;
mathematical accuracy of
sales invoice verified
Revenue Sales invoices reconciled to
transactions not daily sales report.
posted correctly to Daily postings to sales
the sales journal or journal reconciled with
customer’s posting to subsi ledger
accounts in AR
subsi ledger.
Amounts from sales Subsi ledger reconciled to
journal not posted GL control account
correctly to GL Monthly customer
statements with
independent review of
complaints
Cut-off Revenue All shipping documents
transactions forwarded to the billing
recorded in the function daily
wrong period Daily billing of goods
shipped
Classification Revenue Chart of accounts
transaction not
properly classified Proper codes for different
types of products or services
Testing of a sample of daily
reconciliations
Examination of open-order file for
unfilled orders
Review of client’s procedures for
granting credit.
Examination of sales orders for
evidence of proper credit approval; if
IT, examine app controls for credit
limit
Comparison of prices and terms on
sales invoices to authorized price list
and terms of trade; if IT, examine app
controls for authorized price and
terms.
Same as above.
Examination of sales invoices for
evidence that client personnel
verified mathematical accuracy.
Recomputation of the info on a
sample of sales invoices; if IT, examine
app controls and consider CAATs.
Examination of recon of sales invoices
to daily sales report.
Examination of recon of entries to
sales journal with entries to subsi
ledger
Review of recon of subsi ledger to GL
control account
Review and testing of client
procedures for mailing and handling
complaints related to monthly
statements
Comparison of the dates on sales
invoices with dates of the relevant
shipping docs
Comparison of the dates on sales
invoices with the dates they were
recorded in the sales journal
Review of sales journal and general
ledger for proper classification
Examination of sales invoices for
proper classification; if IT, test of app
controls for proper codes

CASH RECEIPTS TRANSACTIONS

Assertion Possible Example Control Example TOC
Misstatement
Occurrence Cash receipts Use of electronic cash receipts transfer Examine application controls
recorded but Segregation of duties for electronic cash receipts
not received or transfer.
deposited Observation and evaluation
of proper segregation of
duties.
Bank recon prepared regularly and Reviewed of bank recon for
independently reviewed indication of independent

55
 review
Completeness Cash receipts Same as above. Same TOC as above
received or Daily cash receipts reconciled with Testing of the recon of daily
deposited but postings to AR subsi ledger cash receipts with posting to
not recorded AR subsi ledger
Customer statements prepared on a Inquiry of client personnel
regular basis; complaints handled about handling of customer
independently statements and examination
of resolution of complaints.
Authorization Cash discounts Client’s procedures specifying policies Review and test client’s
not properly and controls for cash discounts procedures to control proper
taken cash discounts
Accuracy Cash receipts Daily remittance report reconciled to Review and testing of
recorded at control listing of remittance advices reconciliation
incorrect Bank statement reconciled regularly Examination of bank recon
amount and independently reviewed for independent review
Cut-off Cash receipts Cash receipts at, before, and after an Review and testing of
recorded in accounting period are reconciled to reconciliation
wrong period ensure recording in appropriate period
Classification Cash receipts Daily remittance report reconciled daily Review and testing of recon,
posted to wrong with postings to cash receipts journal if IT, testing of app controls
customer and AR subsi ledger for posting
account Monthly customer statements with Review and testing of client
independent review of complaints procedures for mailing
statements and handling
complaints from customers
Cash receipts Monthly cash receipts journal agreed to Review of posting from cash
not properly GL posting receipts journal to GL.
posted to GL AR subsi ledger reconciled to GL control Examination of recon of AR
accounts account to GL
Cash receipts Chart of accounts Tracing of cash receipts from
recorded in listing to cash receipts journal
wrong FS for proper classification.
account Review of cash receipts
journal for unusual items

Substantive Analytical Procedures for AR and related accounts

Eg SAP Possible
misstatements
detected
Revenue
Comparison of gross profit percentage by product line with previous years’ Unrecorded
and industry data (understated)
revenue
Comparison of reported revenue and budget Fictitious (overstated)
Analysis of the ratio of sales in the last month/week to total sales for revenue
quarter/year Changes in pricing
Comparison of revenues recorded daily for periods shortly before and policies
after the end of the audit period for unusual fluctuations such as an Product-pricing
increase just before an a decrease just after problems
Comparison of details of units shipped with revenues and production
records and consideration of whether revenues are reasonable compared
to levels of production and average sales price
Comparison of the number of weeks of inventory in distribution channels
with prioer periods for unusual increases that may indicate channel stuffing
Comparison of percentages and trends of sales into the distributor

56
channel with industry and competitor’s sales trends, if known.
Accounts receivable, Allowance for Uncollectible accounts, and bad debt expense
Comparison of receivables turnover and days outstanding in AR to Under or
PY/industry overstatement of
Comparison of ageing categories on aged trial balance of AR to PY allowance for
Comparison of bad debt expense as a % of revenue to PY and/or industry uncollectible
Comparison of the allowance for uncollectible accounts as a % of AR or accounts and bad
credit sales to PY and/or industry debt expense
Examination of large customer accounts individually and comparison to
PY
Sales returns an allowances and sales commissions
Comparison of sales returns as a percentage of revenue to previous years’ Under or
or industry overstatement of
Comparison of sales discounts as a percentage of revenue to PY and/or sales returns, sales
industry discounts, and sales
Estimation of sales commission expense by multiplying net revenue by commission expense
average commission rate and comparison of recorded sales commission and related accrual
expense

Assertions and tests on (i) Classes of transactions, (ii) Account balances and (iii) Presentation and
Disclosure, on (a) AR, (b) Allowance for uncollectibles, (c) Bad debt expense
Assertions about Substantive Tests of Transactions
Classes of
Transactions
Occurrence For a sample of sales transactions recorded in the sales journal, vouching of the sales
invoices back to customer orders and shipping documents
Completeness Tracing of a sample of shipping documents to the details of the sales invoices and to
the sales journal and customers’ AR subsi ledger
Authorization and Comparison of prices and terms on a sample of sales invoices with authorized price
accuracy list and terms of trade
Cut-off Comparison of the dates on a sample of sales invoices with the dates of shipment
and with the dates they were recorded in the sales journal
Classification Examine a sample of sales invoices for proper classification into revenue accounts
Assertions about TOD of Account Balances
Account Balances
Existence Confirmation of selected accounts receivable
Performance of alternative procedures for AR confirmation exceptions and non-
responses
Rights and Review of bank confirmations for any liens on receivables
obligations Inquiry of mgmt., review of any loan agreements and review pf BOD’s minutes for
any indication the AR have been sold
Completeness Obtaining of aged trial balance of AR and agreeing total to GL control accounts
Review results of testing the completeness assertion for assessing CR; tracing of
shipping docs into sales journal and to AR subsi ledger if such testing was not
performed as TOC
Valuation and Examination of the results of confirmations of selected AR
allocation Examination of the adequacy of the allowance for uncollectable accounts
Assertions about TOD of Disclosures
presentation and
disclosure
Occurrence, and Determine whether any receivables have been pledged, assigned or discounted.
rights & obligations Determine If such items require disclosure.
Completeness Complete financial reporting checklist to ensure that all financial statement
disclosures relating to AR and related accounts have been disclosed
Classification and Review of aged trial balance for material credits, LT receivables and non-trade
understandability receivables. Determine whether such items require separate disclosure on the
balance sheet. Read notes to ensure that required disclosures are understandable
Accuracy and Read notes and other info to ensure that the info is accurate and properly presented
57
valuation at the appropriate amounts.

Confirmation of Accounts Receivable

In deciding to what extent to use external confirmations, consider:
• The materiality of the account (Immaterial → Don’t need confirmation)
• The assessment of RMM in the account (If IR and CR are low → Don’t need confirmation)
• Effectiveness of external confirmations (Other substantive tests sufficient? Low response or
unreliable response from prior experience?)
Assertions addressed:
Existence, cut-off, completeness, valuation and allocation
Reliability of confirmations, consider:
• Type of confirmation request: Positive or Negative
• Prior experience with client or similar engagements: Low response rate?
• The intended respondent: Competence, knowledge, ability and objectivity (eg Small
corporations may not have the knowledge or ability to respond appropriately to request)
Type of confirmation: SSA 505
Positive Negative
Requests that customers indicate whether they Requests that customers reply only if they
agree with the amount due stated in the disagree with the amount due to the client.
confirmation.
Response is required regardless of whether the
customer believes the amount is correct or
wrong.
Includes ‘blank’ form → Customer requested
to provide the amount owed.
Use when account’s individual balances are SSA 505 (15): Use when there are (i) many
large or if errors are anticipated because CR is accounts with homogeneous & small
judged to be high balances, transactions or conditions, (ii) CR
assessed to be low, and auditor believes
customers will devote adequate attention to
the confirmation.
Any amounts for which responses are not Non response assumed to represent a valid
received must be verified using alternatives. AR.
Accuracy of AR confirmation: Best if customer encloses their monthly statement.
Timing
Confirmed either at interim date or at year end.
Confirmation request should be sent soon after the end of the accounting period to maximize
response rate.
Confirmation Procedures
• Should mail outside the client’s facilities. Best to mail from auditor’s office.
• Undeliverable should be returned to auditors: Envelopes should list auditor’s address as
return address. This also provides some assurance that fictitious customers are identified.
• Envelopes customers use to return confirmations should also be addressed to audit firm
• Auditor should maintain a record of the confirmations mailed and returned.
• For positive: Send 2nd and 3rd requests for confirmation
• For email/fax/oral confirmation, must verify again with telephone call/written
communication
• Can use internal auditors’ work on confirmation, but must be supervised, reviewed,
evaluated and tested by external auditor.
• Exceptions: Should be carefully examined to determine reason for discrepancy. Usually
due to timing differences.
Type of difference Potential cause
Goods not received by customer Timing difference, goods delivered to wrong customer, invoice sent to wrong customer,
fictitious sale
Payment not recorded in client’s records Timing difference, payment applied to wrong customer account, cash misappropriated
Goods retuned for credit by customer Timing difference
Processing error Incorrect quantity or price, recording error
58
 Amount in dispute Price of goods in dispute, goods do not meet specifications, goods damaged in transit
Alternative procedures
• Send second and third requests
• Examination of subsequent cash receipts. If a significant portion is paid + controls for
recording cash receipts are strong → Can stop. If controls are weak, must trace from AR
subsi ledger to cash receipts journal and bank statement.
• Examination of customer orders, shipping documents and duplicate sales invoices
• Examination of other client documentation: Includes the original customer order, shipping
documents and duplicate sales invoice. Also, correspondences between client and
customer.
• Investigate whether customer exists

59
15: Auditing the supply chain &
inventory
(i) SUPPLY CHAIN

• Receiving department PO quantity is omitted to ensure that the receiving clerk actually counts
and records the stock. Physically checks quality and quantity and description.

60
• 3 way match: PO, receiving report, supplier’s invoice, before preparing payment voucher.
Check description, quantity, and amount billed, and freight charges etc. Check for arithmetic
errors in invoice.
• Purchase, receive, record, pay must ALL be separated.
IASB:
Expenses: are decreases in economic benefits during the accounting period in the form of
outflows or depletions of assets or incurrences of liabilities that result in decreases in equity, other
than those relating to distributions to equity participants.
Liability: is a present obligation of the entity arising from past events, the settlement of which is
expected to result in an outflow from the entity of resources embodying economic benefits.

Type of Transaction Account Affected

Purchase transaction Accounts Payable
Inventory
Purchases/COGS
Various asset and expense accounts
Cash disbursement transaction Cash
Accounts payable
Cash discounts
Various asset and expense accounts
Purchase return transaction Purchase returns
Purchase allowances
Accounts payable
Various asset and expense accounts

Documents and Records

Purchase Requisition Request goods and services for an authorized individual/department
Purchase order Includes the description, quality and quantity of goods/services being purchased.
Also indicates who approved the acquisition and represents authorization.
Receiving report Records receipts of goods. Often a copy of PO with quantities omitted.
Receiving department records date, description, quantity and other info, Quality,
specifications if required. Receiving goods is generally the event that leads to
recognition of the liability by the entity.
Vendor invoice Bill from the vendor. Includes description, quantity, price, terms of trade,
discounts, date billed.
Voucher Controls payment. Serves as basis for recording a vendor’s invoice in the voucher
register.
Voucher packet: Voucher + PR + PO + RR + VI to support purchase transaction.
Voucher register/purchase journal Record vouchers/liabilities.
AP subsi ledger Records transactions with and balance owed to a vendor
Vendor statement Periodically sent by vendor to indicate the beg balm current period purchases
and payments, and end bal. May be different from client’s figures due to timing.
Electronic funds transfer listing and cheques
Cash disbursement Records disbursements. Same amount is recorded in voucher register/purchase
journal journal

Functions in the Purchasing Process

Requisition Request must meet authorization procedures
Purchasing By purchasing department. Ensures that goods and services are
acquired in appropriate quantities at lowest price consistent with quality
standards. Multiple vendors, competitive bidding.
Receiving Receiving, counting, inspecting goods. Receiving report forwarded to
AP function
Invoice processing Process invoices to ensure all goods and services received are recorded
as assets or expenses, and corresponding liability is recognized. Match
PO to RR, VI, to terms, quantities, prices and extensions.
Also in charge of purchased goods returned, and charges back to
vendor.
61
Disbursements Authorizes funds transfer and preparing and signing cheques.
Must have adequate supporting documents to verify disbursement is for
legitimate biz purpose, transn properly authorized, acc distribution is
appropriate.
All documentation should be marked ‘cancelled/paid’ by cashier’s
dept.
E-transfers an cheques mailed by treasurer/cashier dept.
Control totals to agree AP with Cash disbursed.
Payments over specified limit should be reviewed.
Accounts Payable Ensure that all VI, disbursements and adjustments are recorded in AP
records.
General ledger Ensure all purchases, disbursements and payables are properly
accumulated, classified and summarized in the accounts.

Segregation of Duties
This function ...Should be Because
separate from
Purchasing Requisition an Fictitious or unauthorized purchases can be made. → Theft of
receiving goods, possibly payment for unauthorized purchases
Invoice- AP Purchase transactions can be processed at the wrong price or
processing terms, or a cash disbursement can be processed for goods or
services not received. → Overpayment/theft of cash
Disbursement AP Unauthorized payments supported by fictitious documents can
be issued, and unauthorized transactions can be recorded. →
Theft of cash.
AP GL Concealment of defalcation that would be normally detected
by reconciling subsi records with GL control account

Inherent Risk Assessment

Industry-related factors 1. Whether supply of raw materials is adequate
2. How volatile raw material prices are
→ Valuation assertion
Misstatements detected Previous experience should be reviewed as starting point for
in prior audits determining inherent risk

Control Risk Assessment (Assume reliance strategy)

Understand and
Set and socument the
document the revenue Plan and perform TOC
control risk for the
process based on a on revenue transactions
revenue process
reliance approach

1. Understand and document the revenue process based on a reliance approach

Control environment
Entity’s organizational structure, methods of assigning authority and responsibility.

Entity’s risk assessment process

How management considers risks that are relevant to the purchasing process, estimates their
significance, assesses the likelihood of their occurrence and decides what actions to take.
Eg of risks: New information system, rapid growth, new technology
62
Control activities
What are the controls that exist to ensure that management’s objectives are being met?

Information systems and communication

For each major class of transactions in the revenue process, auditor needs to obtain the following
knowledge:
• How purchase, cash disbursements and purchase return transactions are initiated
• Accounting records, supporting docs and accounts that are involved in processing
purchased, disbursements and purchase return transactions
• Flow of each type of transaction
• Process used to estimate accrued liabilities

Monitoring of controls
How does the client monitor controls, how personnel are reviewed.
Plan and perform TOC
Identify controls that can be relied upon > Test them to verify that control is operating effectively >
Examine sample of transactions > Consistent with mgmt. policy?
Set and Document CR
TOC supports planned CR: No modification necessary to the planned DR, then proceed with
planned substantive procedures.
TOC does NOT support planned CR: Set a higher CR, lower DR, more substantive procedures
needed than originally planned.
Document the achieved level of CR (Flowcharts, results of TOC, etc)

PURCHASE TRANSACTIONS
Assertion Possible Misstatement Example Control
Occurrence Purchase recorded, Segregation of duties
goods/services not ordered
or received Purchase not recorded
without approved PO and
RR
Accounting for numerical
sequence of RR and
vouchers
Cancellation of documents
Completeness Purchases made but not Accounting for numerical
recorded sequence of PO, RR,
vouchers
RR matched to VI and
entered in purchase journal
Authorization Purchase of goods/services Approval of acquisitions
not authorized consistent with the client’s
authorization monetary
limits
Approved PR and PO
Purchase of goods/services Competitive bidding
at unauthorized prices/on procedures followed
Example TOC
Observe and evaluate
proper segregation of duties
Test a sample of vouchers for
the presence of an
authorized PO and RR. If IT,
test app controls
Review and test client
procedures for accounting
for numerical sequence. If IT,
test app controls
Examine paid vouchers and
supporting docs for
indication of cancellation
Review client’s procedures
for accounting for numerical
sequence. If IT, test app
controls
Trace a sample of receiving
reports to their respective VI
and vouchers
Trace a sample of vouchers
to purchase journal
Review client’s monetary
limits authorization for
acquisitions
Examine them for proper
approval. If IT, examine app
controls
Review client’s competitive
bidding procedures.

63
 unauthorized terms
Accuracy Vendor invoice improperly
priced or incorrectly
calculated
Purchase transactions not
posted to the purchase
journal or AP subsi ledger
Amounts from purchase
journal not posted correctly
to Gl
Cut-off Purchase transactions
recorded in the wrong
period
Classification Purchase transaction not
properly classified
Mathematical accuracy of
vendor invoice verified
PO agreed to RR and VI for
product, quantity and price.
Vouchers reconciled to
daily AP listing
Daily postings to purchase
journal reconciled with
postings to AP subsi records
All RR forwarded to AP dept
daily
Existence of procedures
that require recording the
purchases as soon as
possible after
goods/services are received
Chat of accounts
Recompute the
mathematical accuracy of
VI
Agree the info on a sample
of voucher packets
Examine recon of vouchers
to daily AP report. If IT,
examine app controls
Examine recon. If IT,
examine app controls.
Compare dates on RR and
dates on relevant vouchers
Compare dates on vouchers
with the dates they were
recorded in purchases
journal
Review purchase journal and
GL for reasonableness

CASH DISBURSEMENT TRANSACTIONS

Assertion Possible Misstatement Example Control
Occurrence Cash disbursement Segregation of duties
recorded by not
made
Vendor statements independently
reviewed and reconciled to AP
records
Bank recon prepared and
reviewed regularly
Completeness Cash disbursement Same as above
made but not Management reviews listing of cash
recorded disbursements prior to release
Daily cash disbursements
reconciled to posting to AP subsi
records
Authorization Cash disbursement Segregation of duties
not authorized
Electronic cash disbursements
transfers and cheques prepared
only after all source docs have
been independently approved
Individuals who made electronic
cash disbarments transfers and
issue cheques are authorized
Accuracy Cash disbursement Daily cash disbursement report
recorded at incorrect reconciled to e-cash disb. trans.
amount Performed and cheques issued
Vendor statements recon to AP
records and reviewed
independently
Bank statements regularly
reconciled and independently
reviews
Example TOC
Observe and evaluate
proper segregation of
duties
Review client’s procedures
for reconciling vendor
statements
Review bank recon for
indication of independent
review
Same as above
Examine and test indication
of mgmt. reviews listing of
cash disbursements
Review client’s procedures
for reconciling daily cash
disbursements with posting
to AP. If IT, test app
controls
Evaluate segregation of
duties
Examine indication of
approval on voucher
packet
Review and test client’s
procedures for
authorization
Review recon
Review recon
Review bank recon

64
 Cash disbursement Vendor statements reconciled and Review reconciliation
posted to the wrong independently reviewed
vendor account
Cash disbursements Monthly cash disb journal agreed Review postings from cash
journal not to GL postings disb journal to GL
summarized properly AP subsi records reconciled to GL Review recon
or not properly posted control accounts
to GL accounts
Cut-off Cash disbursement Recon of e-fund transfer and Review recon
recorded in wrong cheques issued with postings to the
period cash disb journal and AP subsi
records
Classification Cash disb charged to Chart of accounts Review cash disb journal for
wrong account reasonableness of account
distribution
Independent approval and review Review GL acc code on
of GL acc on voucher package voucher package for
reasonableness

Substantive Analytical Procedures used in Auditing AP and

Accrued Expenses
• Compare payables turnover and days outstanding in accounts payable to previous years and
industry data
• Compare current year balances in accounts payable and accruals with PY’s balances
• Compare amounts owed to individual vendors in the current year’s AP listing to amounts owed
in PY
• Compare purchase returns and allowances as a percentage of revenue or cost of sales to PY
and industry data

→ All detects under or overstatement of liabilities and expenses

KEY ASSERTION FOR PURCHASES: COMPLETENESS.

Why? Recorded only at the end, after a lot of documents should have been checked → Bound
to have errors.

Substantive Tests for AP and Accrued Expenses

Assertions about Substantive Tests of Transactions
Classes of
Transactions
Occurrence Test a sample of vouchers for the presence of an authorized PO and RR
Completeness Trace sample of vouchers to purchases journal
Authorization Test a sample of purchase requisition for proper authorization
Accuracy Recompute mathematical accuracy of a sample of invoice
Cut-off Compare dates on a sample of vouchers with the dates transactions were recorded
in the purchases journal
Test transactions around year-end to determine if they are recorded in the proper
period
Classification Verify classification of charges for a sample of purchases transactions
Assertions about TOD of account balances
Account Balances
Existence Vouch selected amount from the AP listing an schedules for accruals to ouchre
packets or other supporting documentation
Obtain selected vendor’s statements and reconcile to vendor accounts
Confirmation of selected accounts payable (Manually/CAATs)
Rights and Review voucher packets for presence of purchase requisition, PO, RR and VI.
obligations
Completeness Obtain listing of AP and agree total to GL

65
 Search for unrecorded liabilities by inquiring of mgmt. and examining post-balance
sheet transactions
Obtain selected vendors’ statements and reconcile to vendor accounts
Confirmation of selected AP (Manually/CAATs)
Valuation and Obtain listing of AP and account analysis schedules for accruals; foot listing and
allocation schedules and agree totals to GL (Manually/CAATs)
Trace selected items from AP listing to subsi records and voucher packets
(Manually/CAATs)
Review results of confirmations of selected AP
Obtain selected vendors’ statements and recon to vendor accounts
Assertions about TOD of Disclosures
Presentation and
Disclosure
Occurrence and Inquire about AP and accrued expenses to ensure that the are properly disclosed
rights and
obligations
Completeness Complete financial reporting checklist to ensure that all FS disclosures related to AP
and accrued expenses have been disclosed
Classification and Review of listing of AP for material debits, LT payables, and non-trade payables.
understandability Determine whether such items require separate disclosure on B/S.
Read notes to ensure that required disclosures are understandable.
Accuracy and Read notes and other info to ensure that the info is accurate and properly presented
valuation at the appropriate amounts
*Accounting for numerical sequence tests for both (1) Completeness (ie Look for missing #), and
(2) Occurrence (ie Got two #88! One of the #88 probably hasn’t occurred.

Accounts Payable Confirmations

Used less frequently than AR confirmations as AP can be tested by examining vendor invoices,
monthly vendor statements and payments made by client subsequent to year end.
• Assertions: Completeness.
• If client has strong control to ensure that liabilities are recorded: Auditor focuses on
confirmation of large monetary accounts.
• If auditor has concerns that liabilities are not recorded: Large monetary accounts and small
and zero balance accounts also confirmed as client may owe such vendors for purchases by
the amounts may not have been recorded.
• AP confirmations: Positive confirmation. Zero-balance or blank confirmation: Ask the
customer to fill in the amount or furnish other information
• Usually sent at year end instead of interim date as auditors are concerned about unrecorded
liabilities.
• Discrepancies usually due to (i) Inventory in transit to the client (ii) cash paid by the client but
not yet received by the vendor.

AR confirmation
Test for existence
(Overstatement)
Vendor usually does not recall
what is the amount, so must
give the amount for him to
confirm
Vendor is not obliged to
confirm for you
AP confirmation
Test for completeness (Understatement)
Vendor is the creditor. He wants the payment so he will want
to confirm that the client owes him money
Pick major and regular amounts, including nil balances.
→ Pick through transaction testing. Look through accounting
records, approved vendors list, prior audit/previous experience

Should send confirmation Should not send/don’t need to send

• If internal control is week • If client has good internal control
• If there are very few vendors • If got a lot of vendors
66
 • If don’t have statement of accounts • If have statement of accounts
• When there are new/unusual suppliers
(fictitious? Related party?)
• If goods are sold on special basis etc (eg
Funny return policy) → Confirmations don’t
just confirm amounts but these policies too

Analytical procedures (Summary)

• Trend analysis
o Compare AP balances and accruals with PY
o Compare inventory balances with PT
• Ratio analysis
o Gross margin by product lines
o Inventory turnover days outstanding in inventory
o AP turnover days outstanding in payables

Eg,
If company takes 120 days to pay back when credit terms are 30 days → Signals cash flow
problems
If company pays in 5 days when term is 30,
→ Signals that client is not managing their cash well (Should max out credit days)
→ Suggests maybe there was a a change in credit terms on supplier’s side. Maybe supplier’s
pissed about company taking damn long to pay up during previous months.

Test of unrecorded liabilities (Completeness of AP)

1. Ask management about control activities used to identify unrecorded liabilities at the end of
the period
2. Obtain copies of vendors’ monthly statements and reconcile the amounts to the client’s AP
records **** BEST! THEN DON’T NEED CONFIRMATIONS LIAO
3. Confirm vendors accounts, including accounts with small or zero balances.
4. Vouch large monetary items from the purchases journal and cash disbursements journal for a
limited time after year end (Are there payments after YE that relates to purchases before YE?)
5. Examine the files of unmatched POs, RR, VI for any unrecorded liabilities

Evaluate audit findings

Complete substantive procedures > aggregate identified misstatements > compare to materiality
> determine whether the audit strategy and audit plan are still appropriate > analyze
misstatements identified > reassess CR if necessary > if audit risk is unacceptably high, additional
audit procedures should be performed.
Request management to correct identified misstatements.
If uncorrected misstatements in AP (+ other uncorrected misstatements) are less than materiality,
the auditor may accept that the FS are fairly presented. If they exceed the materiality, the
auditor should conclude that FS are not fairly presented.

(ii) INVENTORY
Documents and Records
Production schedule Prepared based on expected demand.
Receiving report Receipt of goods from vendors.
Materials requisition Prepared by dept personnel as needs for production purposes. A copy of
materials requisitions may be maintained in the raw materials dept, and another
copy accompanies goods to the prodn process.
Inventory master file Contains all important info related to entity’s inventory, including perpetual
inventory records and standard costs used to value the inventory
Production data info Transfer of goods and related cost accumulation at each stage of production.
Cost accumulation and Material, labour and overhead costs are charged to inventory as part of the

67
variance report manufacturing process. Variance report: Actual costs compared to budgeted
costs.
Inventory status report Shows the type and amount of products on hand.
Shipping order Used to remove goods from client’s perpetual inventory records.

Functions in the Purchasing Process

Inventory Authorization of production activity and maintenance of inventory at
management appropriate levels; issuance of purchase requisitions to the purchasing
department
Raw materials stores Custody of raw materials and issuance of raw materials to
manufacturing departments
Must be safeguarded from pilferage or unauthorized use.
Manufacturing Production of goods
Must be adequate control over the physical flow of the goods and
proper accumulation of costs
Finished goods store Custody of finished goods and issuance of goods to the shipping
department
Cost accounting Maintenance of the costs of manufacturing and inventory in cost records
General ledger Proper accumulation, classification, and summarization of inventory and
related costs in the GL.
Reconcile perpetual inventory records to the GL inventory records

Segregation of Duties
Custody of assets x Authorization or approval x Recording or report → All incompatible!
This function
...Should be Because
separate from
Inventory Cost accounting Production and inventory costs can be manipulated. →
management function Over or understatement of inventor and net income
Inventory Cost-accounting Unauthorized shipments can be made ot theft of goods
stores can be covered up
Cost GL Conceal unauthorized shipments. → Theft of goods,
accounting overstatement of inventory
Supervising Inventory Inventory shortages can be covered up through the
physical management and adjustment of the inventory records to the physical
inventory inventory stores inventory → overstatement of inventory

Summary of assertions, possible misstatements, control and TOC for Inventory transactions
Assertion Possible Misstatement Example Control Example TOC
Occurrence Fictitious inventory Segregation of duties Observe and evaluate
proper segregation of duties
Inventory transferred to Review and test procedures
inventory dept using an for the transfer for inventory
approved, prenumbered
receiving report
Inventory transferred to Review and test procedures
manufacturing using for issuing materials to manuf
prenumbered materials depts.
requisitions
Accounting for numerical Review and test client
sequence of materials procedures for accounting
requisitions for numerical sequence
Inventory recorded by not Physical safeguards over Observe the physical
on hand due to theft inventory safeguards over inventory
68
Completeness Purchases made but not
recorded
Consigned goods not
properly accounted for
Authorization Unauthorized production
activity, resulting in excess
levels of inventory
Inventory obsolescence
Accuracy Inventory quantities
recorded incorrectly
Inventory and cost of
goods sold not properly
cost
Inventory obsolescence
Inventory transactions not
posted to the perpetual
inventory records
Amounts for inventory from
purchases journal not
posted correctly to the GL
inventory account
Cut-off Inventory transactions
recorded in the wrong
period
Classification Inventory transactions not
properly classified among
raw materials, WIP, FG
Substantive Analytical Procedures used in testing inventory
and related accounts
• Compare raw material, finished goods, and total inventory turnover to PY and industry
Accounting for numerical
sequence of PO, RR,
vouchers
RR matched to VI and
entered in purchase journal
Procedures to include goods
out on consignment and
exclude goods held on
consignment
Preparation and review of
authorized purchase or
production schedules
Use of material requirements
planning and/or JIT inventory
systems
Review of inventory levels by
design dept
Periodic or annual
comparison of goods on
hand with amounts shown in
perpetual inventory records
Standard costs that are
reviewed by mgmt.
Review of cost accumulation
and variance reports
Inventory management
personnel review inventory for
obsolete, slow-moving or
excess quantities
Perpetual inventory records
reconciled to GL control
account monthly
All receiving reports
processed daily by the IT
dept to record the receipt of
inventory
All shipping docs processed
daily to record the shipment
of finished goods
Materials requisitions and
production data forms used
to process goods through
manufacturing
Review client’s procedures
for accounting for numerical
sequence. If IT, test app
controls
Trace a sample of receiving
reports to their respective VI
and vouchers
Trace a sample of vouchers
to purchase journal
Review and test client’s
procedures for consignment
goods
Review
Review and test procedures
for developing inventory
levels and procedures used
to control them
Review and test procedures
for taking physical inventory
Review and test procedures
used to develop standard
costs
Review and test cost
accumulation and variance
report
Review and test procedures
for identifying these
Review the recon of
perpetual inventory to GL
control account
Review and test procedures
for processing inventory
included on RR into the
perpetual records
Review and test procedures
for removing inventory from
perpetual records based on
shipment of goods
Review the procedures and
forms used to classify
inventory
69
 averages → Detect obsolete/slow moving inventory
• Compare days outstanding in inventory to PY’s and industry average → Detect obsolete/slow
moving inventory
• Compare gross profit percentage by product line with PY’s and industry data → Detect
unrecorded or fictitious inventory
• Compare actual COGS to budgeted amounts → Detect: Over or understated inventory
• Compare current year standard costs with PY’s after considering current conditions → Detect:
Over or understated inventory
• Compare actual manufacturing H costs with budgeted or standard manuf OH costs → Detect:
Inclusion or exclusion of OH costs

Observing Stock Take

• Auditor only required to attend when inventory is material
• Establishes the existence of inventory. Also, accuracy, rights and obligations, and valuation.
• Prior to inventory count, auditor should be familiar with inventory locations, major items in
inventory, and client’s inventory management processes and instructions for counting
inventory
During the count:
• Ensure that no production is scheduled. If scheduled, ensure that proper controls are
established for movement between dept in order to prevent double counting
• Ensure that there is no movement of goods during the count. If movement is necessary, the
auditor and client personnel must ensure that the goods are not double counted and that all
goods are counted.
• Make sure that the client’s count teams are following the inventory count instructions. If the
count teams are not following, the auditor should notify the client representative in charge.
• Ensure that inventory tags are issued sequentially to individually depts.. For many counts, the
goods are market with multicopy inventory tags. The count teams record the type and
quantity of inventory on each tag, and one copy of teach tag is then used to compile the
inventory. If client uses another method, auditor should obtain copies of the listings or files prior
to the start of the count.
• Perform test counts and record a sample of counts in the working papers. Used to evaluate
the accuracy and completeness of client’s inventory compilation
• Obtain tag control info for testing compilation: Includes documentation of the numerical
sequence, copies of the listings.
• Obtain cut-off info, including number of the last shipping and receiving documents issued on
the date of the physical inventory count.
• Observe the condition of the inventory for obsolescence, damage, excess quantities, slow-
moving
• Inquire about goods held on consignment for others or held on a ‘bill-and-hold’ basis. These
should NOT be counted in the inventory.
When not practicable for auditor to be present at stock count, should perform alternative
procedures:
• Inspection of documentation of the subsequent sale of specific inventory items acquired.
• If still unable to perform such procedures, auditor would consider modifying the opinion in
auditor’s report as a result of scope limitation.

Substantive tests and Test of details for Inventory

Assertions about Substantive Tests of Transactions
Classes of
Transactions
Occurrence Vouch a sample of inventory additions (ie Purchases) to receiving reports and
purchase requisitions
Completeness Trace a sample of receiving reports to the inventory records (ie Master file, status
report)
Authorization Test a sample of inventory shipments to ensure there is an approved shipping ticket
and customer sales

70
Accuracy Recompute the mathematical accuracy of a sample of inventory transactions (ie
Price x Quantity)
Audit standard costs or other methods used to price inventory
Trace cots used to price goods in the inventory compilation to standard costs or
vendors’ invoices
Cut-off Trace a sample of time cards before and after period end to the appropriate weekly
inventory report, and trace he weekly inventory report to the GL to verify inventory
transactions are recorded in the proper period
Classification Examine a sample of inventory checks for proper classification into expense accounts
Assertions about TOD of account balances
Account Balances
at Period End
Existence Observe count of physical inventory
Rights and Verify that inventory held on consignment for others is not included in inventory
obligations Verify that ‘bill-and-hold’ goods are not included
Completeness Trace test counts and tag control info to the inventory compilation
Valuation and Obtain a copy of the inventory compilation and agree totals to GL
allocation Trace test counts and tag control info to the inventory compilation
Test mathematical accuracy of extensions and foots the compilation
Inquire of mgmt. concerning obsolete, slow-moving or excess inventory
Review book-to-physical adjustment for possible misstatements
Assertions about TOD of disclosures
presentation and
disclosure
Occurrence, rights Inquire of mgmt. and review any loan agreements and BOD’s minutes for any
and obligations indication that inventory has been pledged or assigned
Inquire of mgmt. about issues related to warranty obligations
Completeness Complete financial reporting checklist to ensure that all FS disclosures related to
inventory are made
Classification and Review inventory compilation for proper classification among raw mterials, WIP and
understandability FG.
Read notes to ensure the required disclosures are understandable
Accuracy and Determine if cost method is accurately disclosed
valuation Read notes and other info to ensure that info is accurate and properly presented at
appropriate amounts

Substantive audit procedures

• Observation of physical inventory
• Test of valuation and allocation
o Pricing list/unit cost test
o Lower of cost and NRV
o Review of inventory obsolescence
• Substantive analytical procedures
• Cut-off testing around balance sheet date to test that sales and purchase are recorded in
correct period
Physical inventory count
SSA 501:
• If inventory is material – auditor to attend physical inventory counting unless impracticable
• Inspect inventory and perform test counts (from count record to physical inventory and vice
versa)
• Test whether final inventory records reflect actual count results
• Ensure proper cutoff
• If count date is before YE, test transactions between count date and YE
AGS 4 – Existence and Valuation of Inventories
• Consider the adequacy and effectiveness of the client’s physical count procedures
• Slow-moving, obsolete & damaged inventory
• Goods held for and by 3rd parties
1. The client’s taking of physical inventory is a control activity
71
2. The auditor uses a combination of observation, inquiry and physical examination
3. The auditor’s goal is to obtain reasonable assurance that the client’s methods of counting
inventory results in an accurate count, which is therefore a test of controls
4. In most circumstances, there are no satisfactory alternative procedures to making or observing
some counts of items in verifying ending inventory
5. Evidential value from the count itself is very low. What’s more important is the test of controls
from the observation. The actual count is not very important.
Inventory manager must be able to answer all your questions!
Why do these boxes look so old? Why are these boxes empty? Why are there no serial numbers
on this count sheet? What are in those boxes high up there?
• Verify that no tags were added to the inventory listing beyond the last tag recorded by the
auditor. Review the inventory listing to ascertain that all tag numbers are included with no
duplicates.
• Refoot the inventory listing
• Agree the “Total cost as at xxDatexx to the GL as at xxDatexx
• Review client’s roll-forward or roll-backwards recon if the count was not performed at YE
• Perform separate inventory cut-off test in conjunction with sales and purchases cut-off
Inventory pricing test/unit cost test
FIFO
Costs for purchased inventory should be traced to appropriate vendor’s invices consistent with
the accounting method being used. Inventory on hand should be priced using the most recent
vendor’s invoices. The auditor must be careful to examine enough invoices to cover all units on
hand.

Weighted-average Method
Inventory unit cost is weighted for each purchase. The auditor must be careful to examine that
the client’s inventory system has been correctly weighted average based on recent purchases.

Possible causes of book-to-physical differences

• Inventory cut off errors
• Unreported scrap r spoilage
• Pilferage or theft
Examples of Disclosure items for inventory and related accounts
• Cost method (FIFO/WACC)
• Components of inventory
• LT purchase contracts
• Consigned inventory
• Purchases from related parties
• Pledged or assigned inventory
• Expenses from write-downs of inventory or losses on LT purchase commitments
• Warranty obligations
Evaluating audit findings
Complete substantive tests > Aggregate all identified misstatements > Compare aggregate to
materiality of the FS or any lesser materiality amount determined appropriate for inventory > If
exceeds, or if nature and circumstances indicate that other misstatements exists, auditor should
determine if the overall audit strategy and audit plan is appropriate. > If audit risk unacceptably
high, additional audit procedures should be performed.
If uncorrected misstatements considered together with other uncorrected misstatements are less
than materiality, auditor may accept that FS are fairly presented. If not, FS not fairly presented.

72
16: Auditing HR, PPE

HUMAN RESOURCES
Major functions
Functions Purpose
HR Authorization of hiring, firing, wage rate and salary adjustments, salaries and
payroll deductions
Supervision Review and approval of employees’ attendance and time info; monitoring of
employee scheduling, productivity and payroll cost variances
Timekeeping Processing of employees’ attendance and time info, and coding of account
distribution
Payroll Computation of gross pay, deductions and net pay; recording and
processing summarization of payments and verification of account distributions
Disbursement Payment of employees’ compensation and benefits
GL Proper accumulation, classification and summarization of payroll in GL

Summary of assertions, possible misstatements, control and TOC for Inventory transactions
Assertion Possible Misstatement Example Control Example TOC
Occurrence Payments made to Segregation of duties Observe and evaluate
fictitious employees proper segregation of duties
Payments made to Changes in employment Test timelines of update of
terminated employees status and salaries promptly changes of personnel and
updated payroll records
Payments made to valid Use of time clocks and pre- Observe use of time clock
employees who have no numbered time cards and inspect time cards for
worked approved by supervisors proper approval

Substantive tests and Test of details for payroll

Assertions about Substantive Tests of Transactions
Classes of
Transactions
Occurrence Vouch a sample of payroll direct deposits to the master employee list to verify validity
Completeness Trace of sample time cards to payroll register
Authorization Test a sample of payroll direct deposits for the presence of an authorized time card
Accuracy Recompute the mathematical accuracy of a sample of direct deposits; CAATs may
be used to test the logic of the computer programs for proper calculation of gross
pay, deductions and net pay
Cut-off Trace a sample of time cards before and after period end to he appropriate weekly
payroll report, and trace the weekly payroll report tot eh GL to verify payroll
transactions and recorded in the proper period
Classification Examine a sample of payroll direct deposits for proper classification into exp accounts

Segregate: HR, Payroll, Supervision

73
 PPE
• Usually represents a material amount in the FS (eg 64% of total assets for SIA in 2012/13)
• There is typically limited activities in PPE, and beg bal have been audited in prior years (except
for new engagements)
→ Auditors usually focus on tests of transactions (additions, disposals, write-offs, impairment) and
analytical procedures (depreciation)
Inherent Risk
• When assets are purchased directly from vendor: Transaction relatively easy to audit
• When transactions involve donated assets, non-monetary exchanges, self-constructed assets
→ More difficult to audit
• When judgment and complexity associated with valuation of long-lived assets, the auditor
would likely assess IR as high
Key controls
Occurrence and Authorization
Control procedures for the occurrence and authorization of PPE are normally part of the
purchasing process. However, large capital asset transactions may be subject to additional
controls. Companies should have an authorization table for approving capital asset transactions.

Assertions about Account Balances TOD of account balances

Existence Physical inspections of major PPE
Completeness Trace physical PPE to PPE listing and agree total of PPE listing to GL
Review lease agreements for capital leases
Valuation and allocation Perform reasonableness test of depreciation
Evaluate valuation of PPEs carried at fair values
Evaluate assets for impairment

74
17: Auditing of Investment & Financing
Processes, Prepaid, Intangibles, Goodwill

INVESTING
Investing and financing
processes will eventually
affect cash.

Investing process
Main accounts affected:
- Investments
- Goodwill and
intangibles
- Amortization
expenses
- Impairment loss
- Dividend

Key assertions
• Do investments recorded exist? (ie Is the investment still there?)
• Are investments properly valued?
• Correctly classified (eg HFT? AFS? HTM?)
→ Look at client’s history on (1) Financial investments, ie investment factors, (2) Minutes of
BOD, ie what did they discuss? What were their intentions? (3) Investment strategy
• Is investment income and/or investment acquisitions or disposals recorded in the correct
period? (ie Cut-off)
• Are investments appropriately disclosed?
→ Complex disclosure rules exist for new financial instruments, hence more risk than normal

Substantive tests for investments

• Confirmation and/or physical observation to establish validity of investments
75
• Vouching tests for current-period acquisitions or dispositions
• Tests for possible impairment
• Substantive analytical procedures to test the reasonableness of investment income
• Review BOD minutes and bank confirmations to determine if investments are used as collateral
– for disclosure

INTANGIBLE ASSETS & GOODWILL

Intangible assets are assets that provide economic benefit for longer than a year but lack
physical substance.
1. Marketing: Trademark, brand name, internet domain names
2. Customer: Customer lists, order backlogs, customer relationships
3. Artistic: Items protected by copyright
4. Contract: Licenses, franchises, broadcast rights
5. Technology: Patented and unpatented technology
TEST OF DETAILS
Valuation and impairment: Complexity and degree of judgment increase the RMM.
Assertions in relation to existence, valuation and allocation for intangible assets are particularly
subjective given the nature of intangible assets.
Auditor may consider the use of experts where issues are outside the auditor’s own expertise.
Eg Bond valuation → Hard to audit → Get experts to do
Use of Experts

Use of management’s expert:

SSA 500.A48: Considers the relevance and reasonableness of that expert’s findings or conclusions,
including:
• Relevance and reasonableness of assumptions and methods
• Relevance, completeness and accuracy of source data

Use of auditor’s expert

SSA 620.12: Evaluate the relevance and reasonableness of that expert’s findings or conclusions,
and their consistency with other audit evidence, including:
• Relevance and reasonableness of assumptions and methods
• Relevance, completeness and accuracy of source data

PREPAID EXPENSES
Assertions about TOD of account balances
Account Balances
at Period End
Existence and Confirm policy with insurance broker, examine supporting documents.
completeness
Rights and Confirm policy beneficiary with the insurance broker
obligations
Valuation Determine unexpired portion of policy and insurance expense
Classification Determine propriety of distribution between manufacturing OH and SG&A expense

FINANCING (BORROWING)
Accounts affected
• Borrowings (bank loans, bonds, notes payable)
• Interest expense, payables

76
• Equity accounts
• Dividend paid and payable
Inherent Risks
IR normally assessed as low to moderate because the volume of transactions are low, the
accounting is not complex, and the client often receives third-party statements or amortization
tables.

For instruments that have characteristics of both debt and equity (ie Are sophisticated) and are in
large amounts, IR should be assessed as high.
Key assertions (borrowings)
• Are all borrowings recorded? (Completeness)
• Are all borrowings properly authorized?
• Are borrowings recorded at amounts actually owed (valuation)?
• Are borrowings classified correctly?
• Are all borrowings recorded in the correct period?
• Are borrowings appropriately disclosed?
Substantive tests for Borrowings
• Confirmations from banks and known creditors to establish validity and completeness of
obligations
• Examination of legal documents to ensure compliance of bank covenant, test valuation and
disclosure of obligations
• Cutoff tests for unrecorded liabilities (especially interest accruals and derivative transactions)
• Substantive analytical procedures to test interest expense
• Assessment of reasonableness and extent of disclosures.

FINANCING (EQUITY)
• Equity is usually a minor portion of the audit unless
o There have been complex transactions like mergers
o The company uses esoteric equity arrangements. (*Esoteric = Only understood by a
small group of people)
• Are all new equity issues, splits, dividends completely recorded and recorded in the right
periods?
• Are treasury shares completely recorded?
• Are all equity transactions appropriately valued?
o Especially for complex transactions that involve deferred compensation, hybrid
securities, or derivatives
• Are all equity transactions and balances appropriately disclosed?
Substantive tests for Equity
• Confirm existence, completeness and valuation of equity with the independent registrar or
transfer agent
• Examine BOD minutes for authorization and details about current-period transactions (share
issue, share buy-back: treasury shares, dividends)
• Perform substantive analytical procedures to test dividend accruals and totals
• Assess reasonableness and extent of disclosures (no. of shares issued, treasury shares, retained
earnings)

Auditing the Income Statement

The audit of revenue and expense accounts depends on the extent of work conducted on the
entity’s control system and related balance sheet accounts. The level of substantive test of details
depends on:
• The results of the TOC in related business processes
o Eg Effective controls in purchases and payment processes → Reduced substantive TOD
77
 on direct expenses processed similarly
• The results of detailed tests of balance sheet accounts
o Eg PPE accumulated depreciation → Depreciation expense
• Performance of substantive analytical procedures on income statement accounts
o Eg Predictable pattern of sales on sales commission
Cash and business processes

Audit Strategy
• Cash accounts are affected by many transactions in different business processes → More
efficient to rely on controls over cash payments and receipts to reduce detailed tests of
transactions → Send bank confirmation cause there is a section for a bank to state how much
loan and contingent liability client owes the bank.
• Substantive tests of cash balances focus on bank confirmations and tests of bank
reconciliations at YE (Key assertion: Existence, due to high susceptibility to fraud)
Review of bank reconciliation
• Ensures that client does regularly (Control)
• Cut-off bank statement → Cannot wait for the next month bank statement. And only when
there is a tight audit schedule for client to sign off.
Fraud related audit procedures
Extended bank Proof of cash Test of kiting
recon
Eg, EmpE steals Prepared by client Auditor will only realize if client practices kiting if
cash from client when requested auditor sees Interbank Transfer Schedule. Bank
then records a by auditor, to statement is not enough. Kiting: Record the in but not
fictitious deposit trace the cash. If the out by taking advantage of the time it takes for
in transit accounts for every the receiving bank to collect funds from the disbursing
single dollar of bank. Eg, Record receipt before YE and record
cash. Usually disbursement only after YE.
requested when
there is a high risk Checking interbank transfer schedule also signals
of fraud weak internal control, like when the $$$ was received
but only recorded in the books 5 days later.

78
Question
Audit Findings
(i) The company had overstated
cash by transferring funds at year
end to another account but
failed to record
(ii) On occasion, customers with
smaller balances send in checks
without specific identification of
the customer except the name
printed on the check. The client
has an automated cash receipts
process, but the employee
opening the envelopes pocketed
the cash and destroyed other
supporting documentation.
(iii) Same as finding (2), but the
employee prepared a turnaround
document that showed either an
additional discount for the
customer or a credit to the
customer's account.
(iv) The controller was temporarily
taking cash for personal purposes
but intended to repay the
company (although the
repayment never occurred).The
cover-up was executed by
understating outstanding checks
in the monthly bank
reconciliation.
(v) The company had temporary
investments in six-month
certificates of deposit at the bank.
The CDs were supposed to yield
an annual interest rate of 12%, but
apparently are yielding only 6%.
(vi) Cash remittances are not
deposited in a timely fashion and
are sometimes lost.
(vii) Substantial bank service
charges have not been recorded
by the client prior to year end.
(viii) A loan has been
negotiated with the bank to
provide funds for a subsidiary
company. The loan was made by
the controller of the division, who
apparently was not authorized to
negotiate the loan.
(ix) A check written to a vendor
had been recorded twice in the
cash disbursements journal to
cover a cash shortage.
Audit procedure to detect
Review of bank transfer schedule
– Look at dates
Send confirmation. Balance may
not be small, even though
transaction may be small.
Analytical procedures as these
discounts will affect sales and
trends.
Bank recon: Why short of items?
Recalculation
Analytical review
How come interest income is
lower than the 12%?
In a retail environment, cash is
banked in promptly. Bank recon
will detect. If banking is sloppy,
recon will not help.
Normal review of cash receipt
Bank recon (Why not balanced
off by bank charge?)
Review of BOD minutes
Bank confirmation
Bank recon (eg One recn, two
payments?)
Control to prevent or detect
Client prepares transfer schedule
and someone receives it, while
someone else controls timely
recording of payment + review of
promptness
Process of sending statement of
accounts. Eg, Still outstanding
even though customer has paid _
independent follow up of
complaints
Supervision
Segregation of duties (One
receiving $ cannot have access
to the accounting function).
Proper approval process for giving
discounts by supervisor
Mgmt account review.
Review
Segregation of duties (Someone
compile, someone else bank in,
someone else approves)
Mgmt review of all investmnts’
income report
Segregation of duties. One who
makes investment report different
from the one who records in GL
Bank recon, segregation of duties
(one receive, one bank in, one
checks banking slip)
Timely review of bank loan
Review of bank statement
Proper approval procedure
Review by financial controller or
internal audit
Regular review of loans
Independent review of bank
reconciliation
Payment control → Stamp paid
serial number of cheques → No
duplications
79
19: Specific Audit Issues: Group,
internal audit, experts, accounting
estimates
Auditing group financial statements
• Is sufficient appropriate audit evidence reasonably be expected to be obtained regarding
(para 12):
o The consolidation process → ie, Consolidation adjustments
o Components’ financial information → Only part that forms the group components! (ie,
Joint ventures/assoc/subsi)
• Decision to accept is also based on whether the group engagement team has unrestricted
access to:
o Management and TCWG of the group
o Component auditors and their work
o Management and TCWG of the components
• Holding co. auditor = Group auditor
• If need to go and see foreign subsi, must be able to obtain free access → Must state outfront
to mgmt. before audit; if they don’t agree, don’t do the audit!

2) Only audit the big ones!
3) GROUP materiality, then assign to
subsidiaries
4) eg Must tell Chna auditors that you’re going
to come down on [Date].
If China auditor doesn’t let group auditor to go
down, might either need to deem it as a (1)
scope limitation or (2) fire the dude lol.
If China dude’s work is unsatisfactory, fire the
dude too lol.

80
Significance:
• Group engagement team may apply
a % (> 15%) to a chosen benchmark.
• Determining benchmark and
percentage involve professional
judgment
• Appropriate benchmarks include:
Group assets, liabilities, cash flows,
profits, turnover.
• Higher/lower than 15% may be
deemed appropriate in the
circumstances

81
• Do work on some that are not significant too.

Relying on work of others:

• Internal auditors: SSA 610
• Component auditors (in a group audit): SSA 600
• Experts (eg IT, legal, valuation specialist): SSA 620

82
Internal Auditors
• IAs help organization accomplish its pbjectives by bringing a systematic, disciplined approach
to evaluate and improve the effectiveness of risk management, control and governance
processes
• IAs report to the mgmt. or (ideally) the entity’s audit committee or BOD
• IAs can be staffed entirely in-house, co-sourced or out-sourced to typically an audit firm
• IAs are not 100% independent

Why outsource IA?

• Entity can focus attention on core biz activities
• Easier to buy in the services of an expert than to recruit
• Specialist consultancy firms can provide a range of skills that is unlikely to be found in in-house
IA staff
• Removes the challenges of recruitment, maintenance and replacement of in-house IA
• Cost-saving in LT
• Outsourcing ensures independence and objectivity
• Maintain confidentiality with external consultants
• Note that Code prohibits the external auditor from assuming audit client responsibility for
internal control activities

Interaction between IA and EA

• Some of the work performed by IA may be directly relevant to the work of EA
• Before a decision to use some work of IA, the EA must evaluate the IA’s objectivity and
competence
• SSA 315 (A101): An entity’s interna audit function is likely to be relevant to the audit if
o Nature of the IA functions’ responsibilities and activities are related the the entity’s FS,
and
o The auditor expects to use the work of the IA to modify the nature or timing, or reduce
the extent, of audit procedures to be performed.
• SSA 610 (8): Factors to consider in determining whether work of IA is likely to be adequate to
EA
o Objectivity (eg Status, reporting relationship)
o Technical competence (eg Professional membership, adequate training)
o Due professional care (eg Proper planning, supervisions, review and documentation of
work done)
o Effectiveness of communication between external and internal auditors
• SSA 610 (11): In order the EA to use specific work of IA, the EA shall evaluate and perform
audit procedures on that work to determine its adequacy for the EA’s purposes, such as:
o Examining items already examined by IA
o Examining other similar items
o Observation of procedures performed by IA
Auditor’s expert SSA 620 (6)
• An individual or organization possessing expertise in a field other than accounting or auditing,
whose work In that field is used by the auditor in obtaining sufficient appropriate evidence
• Can be internal or external to the firm

SSA 620 (12): An auditor should:

• Assess capabilities and competence of the expert
• Assess objectivity of the expert
• Obtain an understanding of the expert’s field of expertise and work performed
• Evaluate the adequacy of the expert’s work, including:
o Relevance and reasonableness of expert’s findings and conclusions, and their
consistency with other audit evidence
o Relevant and reasonableness of assumptions and methods used
o Relevance, completeness and accuracy of source data used

83
Auditing estimates
• FS items that cannot be precisely measured
o Eg Allowance for uncollectible accounts, FV of goodwill, provision of warranty
• The nature and reliability of info available affects the degree of estimation uncertainty, which
in turn affects the RMM of the accounting estimates, including their susceptibility to
unintentional and intentional mgmt. bias.
• Estimation RMM is usually very high!
• Look at subsequent events for estimates. → eg Subsequent warranty payments ot see if
provision for warranty is sufficient.
• Risk assessment procedures should include (among others):
o Obtaining an understanding of data, assumptions, and method used by mgmt. and
relevant controls
o Reviewing the outcome of prior period accounting estimates
• Responses to assessed RMM could include:
o Consideration of events up to the date of auditor’s report
o Testing the estimation process, data, methods and assumptions used by mgmt.
o Testing the operating effectiveness of controls over estimation process
o Developing an independent point estimate or range to evaluate mgmt’s point estimate
o Considering the use of experts
o Evaluating the adequacy of disclosure of estimation uncertainty (for sig risks)

84
20: Audit Completion
(i) Contingencies, (ii) Commitments, (iii) Subsequent events, (iv) Final evidence evaluation
processes, (v) Communication with TCWG

Contingencies
Contingencies: Liabilities that are uncertain because the possible outflow of resources fro the
entity will ultimately be resolves when some future event occurs or fails to occur.

Eg: Pending or threatened litigation, actual or possible claims and assessments, income tax
disputes, product warranties or defects, guarantees of obligations to others, agreements to
repurchase receivables that have been sold.
• Probable: Contingency that more likely than not will occur and that can be measured reliably
should be recognized in the FS and requires disclosure.
• Neither probable nor remote: Contingency les likely that not will occur but where the
likelihood of occurrence is not remote requires disclosure.
• Remote: Contingency where the likelihood of occurrence is remote and does not require
disclosure.
Identifying Contingencies:
General examples of procedures to identify:
• Reading minutes of meetings of TCWG
• Review contracts, loan agreements, leases and correspondences from gov bodies
• Reviewing tax returns, tax liability and tax authorities’ reports
• Confirming or otherwise documenting guarantees and letters of credit obtained from financial
and lending institutions
• Inspecting other docs for possible guarantees or other similar agreements

Specific audit procedures near completion to identify:

1) Inquiry of and discussion with mgmt. about its policies and procedures for identifying,
evaluating and accounting for contingencies.
2) Examining documents in the entity’s records such as correspondence and invoices from
lawyers for pending or threatened lawsuits
3) Obtaining a legal letter that describes and evaluates any litigation, claims or assessments.
4) Obtaining written representation from mgmt. that all litigation, asserted and unasserted claims,
and assessments have been disclosed in accordance with the applicable financial reporting
framework.
Legal Letters
Sent to the client’s lawyers to obtain corroborating evidence provided by management to the
auditor about litigation, claims and assessments.

Examples of types of litigation: Breach of contract, patent infringement, product liability,

violations of government laws and regulations, including [Securities laws, anti-discrimination laws
based on sex, age, race and other characteristics, unfair competition and anti-trust laws, income
tax regulations, environmental protection laws, anti-corruption laws].

Legal letter may request for:

• List of any pending or threatened litigation, or any probable but as yet unasserted calims, on
which the lawyer has devoted substantial attention or for which there is more than a remote
possibility of tan unfavorable claim
• A request that the lawyer describes and evaluates each pending or threatened litifation,
including the progress of the case, the action the entity plans to take, the likelihood of
unfavorable outome, and the amount or tange of potential loss.

85
• A request that the lawyer confirms the reasonableness of mgmt’s assessments and if the
mgmt’s info is considered incomplete or incorrect.
• A request that the lawyer indicates if his or her response is limited in any way and the reasons
for such limitations.

Lawyer may not want to provide info about unasserted claims because of (i) Client-lawyer
privilege, and (ii) concern that disclosing will actually encourage a law suit

Disclosing an unasserted claim Is not required unless it is probable that the claim will be asserted
and there is more than a remote possibility that the outcome will prove to be unfavourable.

Refused to furnish information in a legal letter is a limitation of scope of the audit sufficient to
preclude an unmodified opinion.

Commitments
Identification:
Inquiry of client personnel during the audit of revenue and purchasing processes through a review
of the minutes of board meetings.

Usually need to disclose LT commitments in a note to the FS.

But occasionally need to recognize a loss on a LT: eg, Comparing current market price and
contract price may indicate that the LT commitment will cause a loss.

Subsequent Events
Between date of BS and date of auditor’s report, and facts that become known to the auditor after
the date of the auditor’s report (ISA 560)
Type I Event Type II Event
Events that provide additional evidence about Events that provide evidence about conditions
conditions that existed at the date of BS and that did not exist at the date of the balance
affects the estimates that are part of the FS sheet but arose subsequent to that date.
preparation process Require FS disclosure
Require adjustment of FS
eg
eg • Purchase or disposal of a business by the
• An uncollectable AR resulting from entity
continued deterioration of a customer’s • Sale of enquity capital or bond issue by the
financial condition leading to bankruptcy entity
after BS date • Loss of the entity’s manufacturing facility or
• The sale of inventories after BS date giving assets resulting from a casualty such as a fire
evidence about their NRV at the end of or flood
reporting period • Commencing major litigation arising solely
• Settlement of a law suit after BS date for an out of events that occurred after the BS
amount different from the amount recorded date.
in year-end FS
• Determination after the BS date f the cost of
assets purchased or the proceeds from
assets sold before BS date.
ISA700: Auditor’s report shall be dated no earlier that when (1) all statements that comprise FS
have been prepared and (2) BOD have asserted that they have taken responsibility for those FS.
(ie, audit report date is always after FS date)

86
 Formal subsequent- Subsequent discovery of facts existing at the date of
events period auditor’s report
Auditor actively conducts Don’t need to actively search. In the event where a fact
audit procedures related becomes known to the auditor that, had it been known to
to the current-year audit. the auditor at the date of the audit report, may have
caused the auditor to amend the audit report, the auditor:
(1) Discusses w=the matter with mgmt. and, where
appropriate, TCWG
(3) Determines whether FS need amendment and if so
inquires how mgmt. intends to address the matter in
the FS
If mgmt. amends, auditor needs to privde a new audit
report after carrying out the audit procedures necessary.
New audit report would be dated no earlier than the date
of approval of the amended FS, and will include an
EOM/OM paragraph that draws attention to the note of
the FS discussing the reason for the reason for the revision
and reissue of FS.
Audit procedures for subsequent events up to the date of the audit report
• Obtaining an understanding of any procedures mgmt. has established to ensure that
subsequent events are identified
• Inquiring of mgmt., and where appropriate, TCWG as to whether any subsequent events have
occurred which might affect the FS. Specific inquiries may relate to:
(1) The current status of any items in the FS that were accounted for based on preliminary and
inconclusive data;
(2) Whether new commitments, borrowings or guarantees have been entered into;
(3) Whether there have been any developments regarding contingencies
(4) Whether any events have occurred that are relevant to the measurement of estimates or
provisions made in the FS; and
(5) Whether any events have occurred that are relevant to the recoverability of assets
• Reading minutes of the meetings, of the entity’s owners, management and TCWG, that have
been held after the date of the FS and inquiring about matters discussed at any such meetings
for which minutes are not available
• Reading the entity’s latest subsequent interim FS, if any
• Examining the books of original entity (such as sales journal, purchases journal, cash receipts,
cash disbursement journals, GL etc) for the subsequent events period and investigating any
unusual transactions
• Asking legal counsel about any litigation, claims or assessments against the entity

87
 Final Evidence Evaluation
1. Performance of final analytical procedures: Relook at the numbers now that you have the
evidence. Review adequacy of the evidence gathered in response to unexpected
fluctuations in the account balances identified during the planning of the audit and identifying
any unusual or unexpected relationships not previously considered. → Final smell test!

2. Evaluation of the entity’s ability to continue as a going concern (SSA 570)

Going concern assumption: Entity will continue in business for the foreseeable future.
Audit implications if GC not met:
• Assets may not be realized at book value (eg Inventory or AR not realizable)
• Assets/liabilities may be reclassified as short-term
• Need to provide for costs of biz closure
Management responsibility:
Assess the entity’s ability to continue as a going concern
Auditor’s responsibility:
• Obtain sufficient appropriate evidence on appropriateness of mgmt’s use of GC
assumption
• Conclude whether a material uncertainty exists that may cause significant doubt about
entity’s ability to continue as a going concern
• Determine implications on auditor’s report.
When performing risk assessment procedures and throughout the audit auditor should
consider events or conditions that, individually or collectively, may cast doubt on entity’s
ability to continue as a going concern:
• Financial indicators (eg, Net liability position, negative operating cash flow)
• Operating indicators (eg Loss of key mgmt. or customers)
• Other indicators (eg Non compliance with key regulations)

If such events or conditions exist, auditor should evaluate mitigating factors, including
feasibility and effectivness of mgmt’s action plans, to determine whether a material
uncertainty exists.
Mitigating factors:
1. Asset factor: Are there assets that the co can liquidate?
2. Debt factor: Can co borrow $ somewhere somehow?
3. Equity factor: Funding/shares somehow?
4. Cost factor: Can co reduce costs (eg Cut off any unprofitable biz?)
Implications on auditor’s report:
• If GC assumption is appropriate but material uncertainty exists:
o Adequate disclosure in FS:
Unqualified opinion with EOM that draws attention to the FS disclosure; or
Disclaimer of opinion in situations involving multiple material uncertainties
(extremely rare)
o Inadequate disclosure in FS
Qualified or adverse opinion
• If FC assumption is inappropriate:
o Adverse opinion unless FS prepared on appropriate alternative basis. Eg, FS is
prepared on a non-going concern basis/liquidation basis. → Still must gather
sufficient evidence that FS are fairly presented on these bases.

3. Obtaining a representation letter (SSA 580)

Written representations serve as audit evidence but do not provide sufficient appropriate
evidence on their own, eg:
• To confirm oral representations to aoid misunderstanging
• To provide evidence on matters where other evidence may not exist (eg Plans or
intentions which may affect classification of assets and liabilities)

88
 Should be dated same date or as near as possible to, but not after, date of auditor’s report.

Auditor should exercise professional skepticism over written representations by:

• Critically evaluating its reliability (eg Mgmt’s integrity and competence) & consistency
with other evidence
• Obtaining corroborative evidence

There must not be a gap between what mgmt. has represented & what auditor has covered

4. Review of working papers: Reviewers must ensure that WPs document that the audit was
properly planned and supervised, that the evidence supports the assertions tested, and that
the evidence is sufficient for the type of audit report issued.

5. Final evaluation of audit results: (1) Sufficiency of the audit evidence → If insufficient, must go
gather more (2) Effects of identified misstatements in the FS. Eg, Compare the amount of
remaining uncorrected misstatements, if any, to the amount of materiality.

6. Evaluation of FS presentation and disclosure: Review FS to ensure compliance with applicable

FRS, proper presentation of accounts, and inclusion of all necessary disclosures. Use disclosure
checklist.

7. Obtaining a quality control review of the engagement: Engagement quality control reviewer,
normally a partner, is not part of the engagement team. Evaluate bjectively the significant
judgments that the engagement team made and the conclusions reached in formulating the
auditor’s report.

8. Archiving and retention: Requires auditors to retain audit file for a number of years (usually >5
years). 60 days deadline to wrap up!
Comparative information (SSA 710)
Corresponding figures are comparative information where amounts and other disclosures for the
prior periods are an integral part of the current period FS, and are intended to be read only in
relation to current period figures.

Comparative financial statements are considered separate financial statements and are
included for comparison with the FS of the current period.

Even if prior years were not audited by you, you will be responsible for the reasonableness of the
comparative figures → Thus must do some work on the opening balances.

Auditor needs to ensure:

• Comparative information agrees with amounts and disclosures presented in the prior period
(or is appropriately restated where necessary)
• Accounting policies used for the comparative info is consistent with those of the current period
(or if any changed are properly accounted for and disclosed)
Other information in documents containing audited FS (SSA 720)
• Annual report (financial and non-financial information), directors report, MD&A
• Auditors need to identify any material inconsistencies in the other info with the audited FS
• Material inconsistencies
o If an amendment is required in the FS:
Qualified or adverse opinion is mgmt. refuses to amend FS (SSA 705)
o If an amendment is required in other info and mgmt. refuses to amend the other info:
→ Communicate with TCWG and
→ Include OM para in auditor’s report, or withhold auditor’s report or withdraw from
engagement

89
 Communication with TCWG (SSA 260)
During audit planning:
• Auditor’s responsibilities and compliance with independence requirements
• Planned scope and timing of audit

At audit completion or earlier where appropriate:

• Auditor’s views about significant qualitative aspects of the entity’s accounting practices
(accounting policies, estimates and disclosures)
• Significant difficulties encountered during the audit, including any disagreements with mgmt.
• Significant deficiencies in internal control (SSA 265)
• Any identified or suspected fraud (SSA 240) or non-compliance with laws and regulations (SSA
250)
• Uncorrected misstatements and their effects (SSA 450)
• Going concern issues (SSA 570)
• Expected modifications to the auditor’s report (SSA 705)
→*** All of these need to be supported with factual precision.

90