Mid

Chapter 1: INTRODUCTION AND OVERVIEW OF AUDIT AND ASSURANCE
Assurance engagement an engagement performed by an auditor or consultant to enhance the reliability

of the subject matter.
An assurance engagement is defined as:
• “an engagement in which a practitioner aims to obtain sufficient appropriate evidence in order to
express a conclusion designed to enhance the degree of confidence of the intended users other
than the responsible party about the outcome of the measurement or evaluation of an underlying
subject matter against criteria”
CSAE 3000 C12
Applicable financial reporting framework – The financial framework selected by management to
prepare the company's financial statements (example: IFRS or ASPE)
Assertions – Statements made by management regarding the recognition, measurement, and presentation
and disclosure of items in the financial statements.
Audit risk – the risk the auditor may express the wrong opinion.
Internal control – the processes implemented and maintained by management to help entities achieve
their objectives.
Material – amount or disclosure that is significant enough to make a difference to a user.
Materiality – maximum amount of misstatement (or omission) the auditor can tolerate and still issue a
clean opinion.
Sufficient and appropriate evidence – relates to the quantity and quality of the evidence collected by the
auditor.
Demand for Audit and Assurance Services

The users of the financial statements are not limited to the shareholders or owners of the business
Other users can include:
o Investors: can include current or potential investors. Decisions include to buy, hold, or sell
stake in the organization
o Suppliers: may want to assess whether the entity can pay them back for goods supplied
o Customers: may look into going concern if it is to rely on the entity for goods
o Lenders: to assess whether loan repayments can be made as and when they fall due
o Employees: to assess whether they can pay entitlements, and stability may be assessed for
job security
o Governments: whether the entity is complying with regulations and paying appropriate taxes
o General public: whether they should associate with the entity (future employee, customer, or
supplier) and to determine what it does and plans to do
Sources of Demand for Audit and Assurance Services
Reasons why users demand financial statements include:
• Remoteness: users do not have access to information themselves
• Complexity: users do not have knowledge to be able to assess disclosure choices
• Competing incentives: users may find it difficult to identify when management is presenting biased
information.
• Reliability: as decisions are being made based on information presented, it is important that it be
reliable
Theoretical Frameworks
The demand for audit services can be explained by the following three theories:
• Agency theory: Due to the remoteness of the owners from the entity, the owners have an incentive to
hire an auditor to assess information provided by management
• Information hypothesis: Due to the need for reliable information, users will demand that
information be audited to aid in decision making
• Insurance hypothesis: Investors demand audited financial statements to insure in part against
potential losses
Demand in a Voluntary Setting

It is becoming more common to voluntarily disclose corporate social responsibility (CSR) information in
various forms
This is because stakeholders are demanding information regarding:
o the entity’s impact on the environment and
o actions taken to reduce that impact
Entities are not required to have CSR disclosures assured

Assurance services are provided:
o to meet user demands for high-quality, reliable information and
o to demonstrate a high level of corporate responsibility
Different Assurance Services

The most common assurance services are:
1. Financial statement audit
An engagement designed to express an opinion about whether the financial statements are prepared in
all material respects in accordance with a financial reporting framework (CAS 200, para. 11)
Note the Canadian Securities Administrators (CSA) requires that listed entities (entity listed on a
stock exchange) publish audited financial statements annually
Limitations of an audit:
• There is no guarantee that the financial statements are free from error or fraud
• Judgement is required in the preparation of the financial statements
• The nature of financial reporting, the nature of audit procedures, and the need for the audit to be
performed within a reasonable period and at a reasonable cost (CAS 200)
2. Compliance audit
Involves gathering evidence to ascertain whether rules, policies, procedures, laws, and regulations
have been followed
1. A tax audit is an example of a compliance audit
3. Performance audit
Refers to the economy, efficiency, and effectiveness of an organization’s activities
1. Usually done by internal auditors or can be outsourced to external auditors
4. Comprehensive audit
Combines elements of financial statement audit, compliance audit, and performance audit
1. Often occurs in the public sector
5. Internal audit
Provides assurance about various aspects of an organization’s activities
1. Often contain elements of performance audits, compliance audits, internal control
assessments, and reviews
2. Corporate social responsibility (CSR) assurance
3. Includes voluntary reporting about environmental, employee, and social subject matter
4. Incorporates both financial and non-financial information
5. Auditor must consider the impact of environmental issues on their client’s financial
statements when conducting a financial statement audit
Type of Engagement
Audit Engagement
Objective
To reduce the assurance engagement risk to an acceptably low level so that a positive opinion can be
provided. Reasonable assurance means a high, but not absolute, level of assurance.
Procedures
Sufficient appropriate evidence is obtained as part of a systematic process that includes:
 obtaining an understanding of the assurance engagement circumstances
 assessing risks
 responding to assessed risks
 performing further evidence-gathering procedures using a combination of inspection, observation,
confirmation, recalculation, re-performance, analytical procedures, and inquiry
Financial reporting framework

Must be in accordance with Canadian GAAP or other appropriate financial reporting framework.
Level of assurance
High assurance
Report
Independent Auditor’s Report
Cost and time

Most time-consuming, highest cost
Review Engagement
Objective
To reduce the assurance engagement risk to an acceptable level to allow the practitioner to conclude and
express limited assurance in that nothing has come to their attention.
Procedures
Sufficient appropriate evidence is obtained by:
 obtaining an understanding of the entity and identifying where material misstatements are likely
 performing primarily inquiry and analytic procedures to address high-risk areas and to address all
material items in the financial statements

Must be in accordance with Canadian GAAP or other appropriate financial reporting framework.
Level of assurance
Limited assurance
Report
Independent Practitioner’s Review Engagement Report
Cost and time

May take less time, as less work required; lower cost
Compilation Engagement
Objective
To compile a set of financial statements based on information provided, including disclosure with respect
to the basis of accounting used to prepare the financial statements.
Procedures
Performance requirements include:
 obtaining a knowledge of the business, the accounting systems, and the policies used to prepare
the financial statements as needed to conduct the engagement
 discussing with management the assumptions the auditor helped make in preparing the financial
statements
 reading the financial statements to consider if they are misleading
 formatting the financial statements and checking the mathematical accuracy

GAAP not required but must include a note to disclose the basis of accounting used to prepare the
financial statements.
Level of assurance
NO assurance
Report
Compilation Engagement Report
Cost and time

Least amount of work, lowest cost
Compilation - Compilation Engagement Report the communication issued when the practitioner
performs a compilation engagement.
Compilation engagement - engagement that provides no assurance, where the practitioner compiles the
financial information in accordance with a basis of accounting disclosed in the financial statements.
Review - Review engagement - engagement in which the practitioner does adequate work to provide
limited assurance
Different Levels of Assurance

Auditors can provide varying levels of assurance when conducting assurance engagements
1. Reasonable assurance – gathering sufficient evidence to form a positive expression of opinion
regarding whether the information being assured is presented fairly
o Provides high but not absolute assurance
o May include a “key audit matters” section
o Refer to Figure 1.3 in text for an example audit report

2. Limited assurance – gathering sufficient evidence to form a conclusion regarding the reliability
of the information being assured
o The practitioner expresses a conclusion on whether anything has come to their attention
to lead them to believe the information being assured is not in accordance with the
financial reporting framework
3. Limited assurance – gathering sufficient evidence to form a conclusion on the financial
statements to enhance the intended user’s confidence
o A review of a company’s financial statements (referred to as a review engagement) is an
example of a review engagement report. Refer to Figure 1.4 in text for an example report.
4. No assurance – practitioner reports on factual findings and does not express any opinion
o An example includes a compilation engagement
o Here a practitioner compiles the financial information as provided by the client ensuring
mathematical accuracy
o The practitioner attaches a report to this set of financial statements called a Compilation
Engagement Report
o Refer to figure on next slide for an example report
o Which level of assurance should Cloud 9 accept?
Different Audit Opinions

• Audit opinions are contained in audit reports provided by the auditor
• Most common is an unmodified audit report and contains an unmodified or clean opinion.
- Unmodified opinion a clean audit opinion; the auditor concludes that the financial statements are
fairly presented.
- Qualified opinion an “except for” opinion provided where there is a material scope limitation or
a material (significant) misstatement not pervasive to the overall financial statements.
- Adverse opinion - opinion provided when the auditor concludes that there is a pervasive material
misstatement in the financial statements.
- Disclaimer of opinion - opinion provided when the impact of a scope limitation is so extreme
that an auditor is unable to obtain sufficient appropriate evidence to base an opinion.
-
• All other reports are modified opinions
• A report can be an unqualified modified report when an emphasis of matter is added
- Emphasis of matter what results when an auditor issues an unmodified audit opinion when there
is a significant issue that is adequately disclosed and there is a need to draw the attention of the
user to it in the audit report.
•
• An emphasis of matter is used so that the reader can pay appropriate attention to the issue raised, but
does not change the auditor’s opinion (CAS 706)
• All other audit reports are modified (See Table 1.3 in text)
• A qualified opinion is given when the auditor concludes that the financial statements contain a
material misstatement.
• Can include a qualified or “except for” opinion. This is when issue(s) are material but not pervasive.
• Adverse opinion would arise when the financial statements are misstated, and the misstatement is
material and pervasive.
• Disclaimer of opinion would arise when there is an inability to obtain sufficient appropriate audit
evidence and the possible effects are material and pervasive.
Preparers and Auditors

It is the responsibility of management and those charged with governance to prepare the financial
statements. The information should include the following attributes:
• Relevant: has an impact on the decisions made by users regarding the performance of the entity
• Reliable: Information is free from material misstatements (errors or fraud)
Attributes of financial statements:
• Comparable: Information needs to be comparable through time. Comparable against the same entity
over time and against other entities
• Understandable: Users need to be able to interpret the information presented in order to make
decisions
• Fair presentation: requires the consistent and faithful application of accounting standards or an
applicable framework when preparing the statements.
Auditor has responsibilities relating to the audit.
• Professional scepticism: maintaining independence of the entity by having a questioning mind and
thoroughly investigating all evidence presented
• Professional judgement: use of expertise, knowledge, and training obtained by the auditor
• Due care: being diligent, applying technical and statute-backed standards, and documenting each
stage of the audit process
Assurance services are provided by accounting and consulting firms.
There are three tiers of assurance providers in Canada:
Tier 1. The ‘Big-4’, which is Deloitte, EY, KPMG, and PricewaterhouseCoopers (PwC)
Tier 2. National accounting firms comprised of firms with significant presence nationally and most have
international affiliations
Tier 3. Made up of regional and local accounting firms
The Role of Regulators and Regulations

There are a number of regulators that impact the audit process. They include:
• Auditing and Assurance Standards Board (AASB)
o Responsible for the formulation of high-quality auditing and assurance standards
o AASB adopted the International Standards on Auditing (ISAs) issued by the International
Auditing and Assurance Standards Board (IAASB)
• Auditing and Assurance Standards Board (AASB)
o A redraft of these standards including a “clarity” format are now referred to as Canadian
Auditing Standards (CASs)
o Responsible for issuing CASs plus standards for:
o assurance engagements (CSAEs)
o review engagements
o compilation engagements
• Canadian Securities Administrators (CSA)

o Joint effort of provinces’ and territories’ securities regulators
o Regulates listed entity disclosure requirements
o Requires annual filing of audited financial statements in accordance with Canadian

GAAP
o CEOs and CFOs required to certify that the annual statements are fairly presented
• Canadian Public Accountability Board (CPAB)

o Objective is to promote high-quality audits
o Auditors required by CSA to be a member in good standing and pass CPAB inspection
• Toronto Stock Exchange (TSX)

o Largest stock exchange in Canada
o Requires those listed to follow Securities Act of Ontario, the relevant provincial securities
acts, and the CSA
• Chartered Professional Accountants of Canada (CPA Canada)
o The national body of the accounting profession in Canada
o Includes professionals in public practice, industry, academia, and government
o Requires extensive study and mentored work experience to join as a member
• Canadian Business Corporations Act (CBCA)

o For federally incorporated companies, CBCA requires audited financial statements for
those companies listed on Canadian stock exchanges
o Requires the use of Canadian generally accepted accounting principles
o Audits must be conducted in accordance with Canadian generally accepted auditing

standards as defined by the CPA Canada Handbook
Audit Expectation Gap

• Is the difference between the expectations of assurance providers and financial statement or other
users
• Can be caused by unrealistic expectations including:
o The auditor providing complete assurance
o The auditor guaranteeing future viability of entity
o An unqualified opinion denotes complete accuracy
o The auditor will find all frauds
o The auditor has checked all transactions
We know these cannot be met by the auditor as the auditor provides reasonable assurance, not a guarantee
• The expectation gap can be reduced by:
o Auditors performing their duties appropriately, complying with standards, and meeting
the minimum standards of performance.
o Undertaking peer reviews of work performed
o Reviewing and updating auditing standards
o Educating the public

o Enhanced reporting explaining audit processes and levels of opinion auditors provide.
o Providers reporting accurately the level of assurance being provided.

Chapter 2: ETHICS, LEGAL LIABILITY, AND CLIENT ACCEPTANCE
Fundamental Principles of Professional Ethics
• All professional accountants in Canada must abide by a code of professional conduct
• These principles are to act with:
o Professional behaviour
o Integrity and due care
o Professional competence
o Confidentiality
o Objectivity
Professional behaviour
• Comply with rules and regulations and do not harm reputation of the profession
• Do not claim to provide services they cannot provide, or qualifications they do not possess, or
experience they do not have
• Do not undermine reputation of, or quality of work produced by, others
Integrity and due care
• To be straightforward and honest
• Act diligently, taking care to complete each task thoroughly, document all work, and finish on
a timely basis
Professional competence
• Maintain knowledge and skill at a level required by the professional body
• Keep up to date with changes in regulations and standards
• Maintain competence through continuing education and work experience
Confidentiality
• Refrain from disclosing information to people outside the workplace that is learned as a result of
employment
• Exception: if legal requirement to disclose
• Not allowed to use confidential information to their advantage or advantage of another person
Objectivity
• Not allow personal feelings or prejudices to influence professional judgement
• Be unbiased
• Not allow conflict of interest or influence of others to impair decision process
Specific Rules Incorporating the Principles of Professional Ethics
Fees and Pricing
Fee quotes cannot be provided to a client without adequate knowledge of the work to be performed. Fees
quoted should not be significantly lower than the fees charged by a predecessor firm. If fees quoted are
significantly lower than those of the predecessor, it may suggest the quality of the audit work or the
independence of the auditor may be compromised. Contingency fees (based on outcome of service) are
not permitted for engagements where independence is required, for compilation engagements, and for the
preparation of income tax returns.
Advertising
Advertising must be in good taste and it should not bring disrepute to the profession. Advertising cannot
be false or misleading or make unsubstantiated claims. For example, a firm should not imply that it is
better than competing firms.
Contact with Predecessor
Firm Names
Professional Conduct
Professional Judgement and Professional Skepticism

• Just like analyzing ethical issues, auditors use a framework when making professional
judgements.
• The Centre for Audit Quality suggests a five-step process as follows:
Improving Professional Scepticism

• Being alert to contradictory evidence, evidence that may suggest fraud ,or evidence that could be
altered
• Awareness of unconscious cognitive biases such as:
o Availability bias
o Confirmation bias
o Overconfidence bias
o Anchoring bias
Independence
• Independence is the ability to act with integrity and objectivity
• Lack of auditor independence impacts on credibility and reliability of the financial statements
• The auditor must be, and be seen to be, independent
Auditor Independence
Independence in fact
• ability to act independently with integrity, objectivity, and professional scepticism
• ability to make a decision free from bias, personal beliefs, and client pressures
Independence in appearance
• belief that independence of mind has been achieved
Threats to independence
• Self-interest
• Self-review
• Advocacy
• Familiarity
• Intimidation
Self-interest threat
 Can occur if the audit firm or its staff have financial interest in audit client
 Examples:
o Bank account held with the client
o Shares owned in the client
o A loan to or from the client
o Fee dependence, where the fees from a client form a significant proportion of all fees of the
firm
o Close business relationship with the client
Self-review threat
 Can occur when the assurance team need to form an opinion on their own work or work done by
others in their firm
 Examples:
o Assurance team member has recently been an employee or director of the client
o Preparing information for the client that is then assured
o Performing services for the client that are then assured
Advocacy threat
 Can occur when an audit firm or assurance staff act, or is believed to act, on behalf of assurance
client
 Can lead to questioning of auditor’s objectivity
 Examples:
o Encouraging others to buy shares sold by client
o Representing the client in third-party negotiation
o Representing the client in a legal dispute
Familiarity threat
 Can occur when close relationship exists or develops between assurance firm and client, or
between firm and client personnel
 Assurance staff can become too sensitive to needs of client and lose objectivity
 Examples:
o Long association between assurance firm and client
o Long association between assurance firm members and client personnel
o Assurance team member with a close relative holding a senior position of influence at the
client
 Former partner of assurance firm holding senior position at the client
 Acceptance of gifts by members of assurance team from their client (other than minor tokens)
 Acceptance of hospitality by members of assurance team from client (other than minor gestures)
Intimidation threat
 Can occur when member of assurance team feels threatened by the client’s staff or directors
 Assurance team member unable to act objectively, fearing negative consequences
 Examples:
o Threat that client will use different assurance firm next year
o Undue pressure to reduce audit hours to reduce fees paid
Additional requirements for public companies with market capitalization and a book value of total assets
great than $10 million include:
 Mandatory partner rotation

 Audit committee must pre-approve all services provided to the client
Additional requirements:
 Auditor cannot perform certain prohibited services–examples include actuarial, human resources,
and tax calculations
 If engagement team member accepts employment in financial reporting role with client, firm
refrains from being the auditor of client for one year from last filing of financial statements
Safeguards to independence
 Created by profession, legislation, and regulation
o Quality control standards
o Education and code of ethics
o Legislative requirement to be independent
 Created by clients and accounting firms

o Created by clients
 Corporate governance
 Policies and procedures
o Created by accounting firms
 Quality control procedures and education

 Client acceptance and continuance
Auditor’s Relationships with Others

Shareholders
 Audit report addressed to them
 Attendance at AGM
 Formal responsibility for auditor appointment
Board of directors
 Represents shareholders
 Executive and non-executive directors
 Large companies have committees made up of several directors to deal with specific issues
Audit committee
 The audit committee pre-approves audit and non-audit services, but not the audit report because the
auditor is independent.
 A special committee of the board of directors
 Acts on behalf of board in financial reporting and audit matters
 Canadian Securities Administrators require all listed companies to have an audit committee
 Aid to auditor independence

o Non-executive directors, majority independent
o At least three independent directors must be financially literate
o Meets with external and internal auditors
 Internal auditors
o Viewed by external auditor as part of client
o External auditor can modify the nature and timing of their procedures and reduce the extent
of their testing if there is an effective internal audit function (CAS 610).
o Modifications by external auditor depends on internal auditor’s:
 Objectivity
 Technical competence
 Due professional care
 Communication with external auditors
Legal Liability
 External auditor must exercise due care, being diligent in applying standards and documenting work
 Auditor can be found negligent and liable for damages under tort law if it is established that:
o A duty of care was owed by the auditor
o There was a breach of the duty of care
o A loss was suffered as a consequence of that breach
 Legal liability to clients:

o Liability under either contract or tort law
o Negligence: failed in performance of audit by being careless and breaching duty of care
o Contract: failed to live up to their responsibilities agreeing to act as the auditor and explicit in
engagement letter
 Contributory Negligence
o Where a plaintiff (party suing) and the defendant (the auditor) can be proven to have been
negligent, each party must be held responsible in proportion to their guilt
 Legal liability to third parties

o Third party is anyone other than the client and its shareholders who uses the financial
statements to make a decision
o No contract between auditor and third parties
o Need to establish that:
o A duty of care was owed to the third party and
o The auditor’s negligence was responsible for the third party’s loss
 Legal liability to third parties

o Ultramares Corp. vs. Touche (1931)
o Auditors not liable for ordinary negligence to parties that they do not have a contractual
relationship with
o Hedley Byrne & Co vs. Heller and Partners Ltd. (1964)
 Expanded concept of liability beyond the contractual one to those third parties
provided the auditors knew beforehand this party would be relying on their opinion
o Haig vs. Bamford (1977)
 Although the auditor did not know the name of the investor, they knew the financial
statements were being passed on to unidentified members of a limited class for use in
a transaction
o Hercules Management vs. Ernst & Young (1997)
 Ruled the audited financial statements were prepared to evaluate management

stewardship and not for individuals making investment decisions
 Overall:
o To determine care owed to third parties, the third party must establish that:
o A duty of care existed and was breached and
o Third party relied upon the audit report and there were quantifiable damages
Auditor can take steps to avoid litigation:

o Hire competent staff, regular training
o Comply with ethical and auditor regulations
o Implement policies and procedures:
 Client acceptance
 Staff allocation
 Ethical and independence issue identification dealt with on a timely basis
 Adequate work documentation
 Gather adequate and appropriate evidence to support opinion
o Meet with audit committee to discuss significant issues arising in audit
o Follow up any significant weaknesses in client’s internal control procedures from previous
year’s audit
Client Acceptance and Continuance
• The first stage in any audit is client acceptance or continuance decision
• Guidance provided in CSQC1
Step 1: Assess client integrity
Step 2: Assess audit firm’s ability to meet ethical requirements, service client
Step 3: Prepare client engagement letter
Client integrity - Auditor should consider:
 Reputation of client, management, directors, key stakeholders
 Client’s reason for switching auditor
 Client’s attitude to risk exposure and management
 Client’s attitude to using internal controls to mitigate risks
 Appropriateness of the client’s interpretation of accounting rules
 Client’s willingness to allow auditor full access to information required to form an opinion
 Client’s attitude and willingness to pay fair amount for audit work
Auditor can obtain information from:
 Communication with prior auditor, client personnel, third parties
 Review of press articles and Internet or background search
 Review of prior-period financial statements
Ethical requirements
 Consider if any threats to fundamental principles arise from appointment

 Auditor must ensure it has sufficient staff available with required knowledge to complete audit
(professional competence and due care)
 Consider potential safeguards and remedies
 Decline appointment if threat insurmountable
Engagement letter (CAS 210)
 Prepared by auditor, acknowledged by client (need to update each year)

 Explains scope of audit
 Summarizes the responsibilities of both management and the auditor
 Identifies the applicable financial reporting framework
 References the expected form/content of audit report
 See Figure 2.6 in text for example

Chapter 3: AUDIT PLANNING 1
Phases of an Audit
The main phases of an audit are (1) risk assessment, (2) risk response, and (3) reporting
1. Risk assessment involves gaining an understanding of the client, identifying factors that may
impact the risk of a material misstatement in the financial statements, performing a risk and
materiality assessment, and developing an audit strategy
2. Risk response involves detailed tests of controls and substantive testing of transactions and
accounts
3. Reporting involves evaluating results of detailed testing in light of the auditor’s understanding of
their client and forming an opinion on the fair presentation of the client’s financial statements
4. In the risk assessment phase, planning is governed by CAS 300
5. Auditor must plan the audit to reduce audit risk to an acceptably low level
1. Audit risk is the risk that an auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated
6. A well-planned audit ensures that sufficient appropriate evidence is gathered for accounts at most
risk of material misstatement
Preliminary risk identification Chat

Gaining an Understanding of the Client
According to CAS 315, gaining an understanding of the client is necessary to assess the risk that the
financial statements contain a material misstatement due to:
 The nature of the client’s business

 The industry in which the client operates
 The level of competition within that industry
 The client’s customers and suppliers
 The regulatory environment in which the client operates
Entity level – understanding the client in detail to be able to assess both entity-level risks and financial
statement accounts that require closer examination
o Typical areas of examination relate to the nature of the entity’s business
Entity Level
 Major customers
o How many customers?
o Are they likely to pay accounts on timely basis?
o Are there long term contracts with customers?
 Major suppliers
o Are they reputable? Supply quality goods on timely basis? Overseas or domestic?
o Does client pay supplier accounts on timely basis?
 Employment contracts, relations with employees

o Nature and complexity of payment, unionization
o How happy are staff? Risk of disruption?
 Sources of financing
o Reliability of funding, structure of debt
o Ability to meet interest and principal payments
o Restrictions in debt contracts
 Ownership structure
o Rights of shareholders, dividend policy and payments
Industry level
 Understanding the client’s position in the industry, competitive pressures, government support,
overall demand for products
 What risks to client arise from nature of industry and client’s position within it?
 Compare client to national and international competitors
 Auditor may have special industry expertise and knowledge
 Competitive pressure on client’s profits, ability to withstand industry downturn
 Client’s reputation relative to competitors, risk of losing business and profits
 Level of government support for industry and impact of government regulation
 Overall level of demand for industry goods and services – impact on revenue, impact of technological
changes
Economy level
 How do overall economic conditions affect client?
o Interest rate changes, financial crises
o Shareholder expectations of increasing profits in good times
o What are specific pressures on client to understate or overstate profits in these conditions?
Related parties
 Identification and appropriate disclosure of a client’s related parties
o Examples of related parties include parent companies, subsidiaries, joint ventures, associates,
company management, and close family members of key management
 Lack of independence may lead to transactions outside of the normal course of business
 This increases the susceptibility of the financial statements to fraud or error
 Specific requirements for the auditor (CAS 550) include:

o A team discussion of susceptibility of the financial statements to fraud or errors as a result of
these relationships
o Ask management to identify all related parties including details of the nature, type, and
purpose of transactions
o Obtain an understanding of management’s processes and procedures to ensure related party
transactions are identified, authorized, accounted for, and disclosed
o When inspecting documents, watch for indications of related party transactions that may not
have been previously identified or disclosed

o Identify and assess the risk that transactions may not be in the normal course of operations,
and for those identified, inspect any related documents to determine the business rationale
Fraud Risk
 Auditor must assess risk of material misstatement due to fraud (CAS 240)
 Auditor adopts attitude of professional scepticism
o Maintaining an independent questioning mind
o Search thoroughly for corroborating evidence to validate information provided by the client
o Don’t just rely on past experience with client
 Indicators (red flags) of possible fraud:

o Key finance personnel refusing to take leave
o Overly dominant management
o Poor compensation practices
o Inadequate training programs
o Complex business structure
o No, or ineffective, internal audit
o High turnover of auditors
o Unusual transactions
o Weak internal controls
Two types of fraud

1. Financial reporting fraud
o Improper asset values, unrecorded liabilities
o Delaying expenses, bringing forward revenues
o Delaying revenues, bringing forward expenses
o Fictitious revenues, understating expenses
o Inappropriate application of accounting principles
2. Misappropriation of assets fraud

o Theft of cash by employees
o Using company credit card for personal items
o Failure to remove ex-employees from payroll
o Unauthorized discounts or refunds to customers
o Theft of inventory or other assets
Client governance is responsible for preventing and detecting fraud

Auditor must assess risk of fraud and effectiveness of client attempts to prevent and detect fraud via
internal controls. Consider:
1) incentives and pressures to commit fraud
2) opportunities to perpetrate a fraud
3) attitudes and rationalizations to justify a fraud
Incentives and pressures that client/staff may be inclined to commit fraud
 Competitive pressures, falling demand, falling profits, threat of takeover or bankruptcy

 Rapid growth, low cash flow with high profits
 Pressure to meet market expectations, plans to list on stock exchange or negotiate loans
 About to enter into significant new contracts
 Remuneration tied to profits (e.g., bonus, options)
 Personal financial obligations
 Poor relationships between entity and those with access to cash or other assets
Opportunities for fraud to be committed
 Accounts that rely on estimates and judgement

 High volume of transactions near year end
 Significant related party transactions
 Complex or unusual transactions
 Significant adjusting entries and reversals after year end
 Poor corporate governance, poor internal controls
 High staff turnover
 Lack of mandatory vacations for employees performing key control functions
 Large cash on hand amounts
 Inventory that is small in size, high in value, or in high demand
Attitudes and rationalizations about fraud
 Attitudes are ethical beliefs about right and wrong

 Rationalization refers to ability to justify an act
o Poor tone at the top
o Poor attitudes towards internal controls
o Excessive focus on maximizing profits/share price
o Poor attitude to compliance with accounting regulations
o Changes in behaviour or lifestyle
o Tolerance of petty theft
o Rationalization that other companies “do it too”
In addition to assessing fraud risk factors there are specific procedures the auditor should perform to
comply with CAS240:
 Ask management and those charged with governance (and internal audit if exists) if they are
aware of a known fraud or of a suspected one
 All team members should attend a team planning meeting, which includes a review of significant
fraud risk factors and financial statement elements susceptible to fraud
 Perform preliminary analytics to aid in identifying unusual relationships
 Consider the risk of management override
 Assess the risk of fraud relating to revenue
Going Concern Risk

 Auditor must consider whether it is appropriate to assume that client will remain a going concern
(CAS 570)
o Going concern means belief that company will remain in business for foreseeable future
 Going concern justifies valuing assets on basis they will continue to be used in business and
liabilities paid when due
 Remaining a going concern is the responsibility of management and those charged with
governance
 Auditor must obtain sufficient appropriate evidence to assess validity of going concern
assumption
 Auditor makes professional judgement about going concern risk, based on risk indicators
CAS 570 has list of going concern risk indicators; examples include:
 Significant debt/equity ratio

 Long-term loans due, no alternative financing
 Prolonged losses, inability to pay debts when due
 Loss of significant customer, supplier problems
 Overreliance on a few customers or suppliers
 Adverse financial ratios
 Problems obtaining raw materials, inputs
 Poor growth planning, inadequate risk management
 Being under investigation for non-compliance
 Competitive pressures
 Auditor is required to assess client efforts to identify going concern risk factors
 Auditor should obtain evidence of effect of risk factors on client and its ability to continue as
going concern
 If going concern is in doubt, undertake additional audit procedures:
o Assess cash flow, revenues, expenses, interim results
o Review debt contracts, board meeting minutes
o Discussions with client management and lawyers
o Identification and assessment of mitigating factors
 Auditor should also consider factors that mitigate (reduce) going concern risk
 Mitigating 减少 factors include:
o Bank willing to provide additional financing

o Letter of guarantee from parent company
o Availability of non-core assets or segment of business for sale for cash
o Ability to raise funds through share issue or borrowing
 Which of the following is a factor that indicates the going concern assumption may be at risk?
o the company is non-compliant with legislation
Auditing Estimates and Related Disclosures

 The auditor needs to assess the risk of material misstatement for accounting estimates
 Estimates can have a significant impact on the financial statements
 Examples include inventory obsolescence, revenue recognized for long-term contracts, valuation
of financial assets, impairment of long-lived assets, warranty liabilities
Accounting estimates involve an item where the exact amount is unknown and the recorded amount
includes estimation uncertainly
Estimation uncertainty is the lack of precision with an estimate or related disclosure
Risk Assessment and Estimation Uncertainly
 The higher the estimation uncertainty, the higher the risk of material misstatement and the greater
audit effort required (CAS540)
 Need to consider measurement uncertainty in terms of:
o Complexity
o Subjectivity
o Model uncertainty
o Assumptions
o Data used
Estimates and Entity Level Risk Assessment

 After understanding the types of estimates required by the client, the auditor should gain an
understanding of the processes that management has in place for estimates (CAS540)
 To understand management’s processes, the auditor should determine the following:
o How risks are identified and addressed relating to accounting estimates
o When an expert is needed for an estimate
o The information systems involved in developing the estimates.
o How management selects the models, assumptions, and data used in estimates.
o How management deals with uncertainty.
o If estimates are reviewed after the fact and how and when changes are made
Corporate Governance
 Corporate governance is the rules, systems, and processes within companies used to guide and control
activities
o Used to monitor actions of staff and assess level of risk faced
o Controls used to reduce identified risks and ensure future viability of the company
 CSA has a national policy on Corporate Governance Guidelines, including:

o The requirement to disclose corporate governance practices and why they are appropriate
IT Environment
Auditor should consider particular risks faced by client related to IT (CAS 315), for example:
• Unauthorized access to computers, software, data
o Need security, passwords to prevent distorted data
• Errors in programs
o Can occur if not thoroughly tested before implementation, or mistakes made when changing
programs
o Restrict program change rights to authorized personnel
o Programs need to be suitable for client requirements
• Lack of backup and loss of data

o Client should have appropriate IT installation and security procedures, and training for staff
Client controls to reduce IT risks:

1. General controls
o Relate to many applications and support the effective functioning of application controls
 Procedures for software and hardware purchasing, maintenance

 Passwords, security measures, segregation of duties between staff (e.g., programmers
and users)
2. Application controls
o Manual or automated procedures for processing transactions, designed to prevent or detect
material misstatements, for example:
 Procedures for data entry, data processing and output, reporting
 Reconciliations between input and output data and automated accuracy checks (e.g.,
customer number is valid)
Auditor will identify IT risks, assess adequacy of client’s controls in mitigating risks, plan audit according
to reliance on IT systems
Financial Reporting and Closing Procedures
• The auditor needs to evaluate if the accounting policies are applied consistently and correctly.
• Any policy changes should be made to improve the financial statements, not to manipulate them
• In identifying the financial reporting requirements, including client specific disclosure requirements,
the auditor can identify areas of higher risk of material misstatement
• Client closes accounts when preparing financial statements at year-end
o Revenue and expense accounts should include all transactions for the year, and none that
relate to other periods
o Accrued assets and liabilities should be complete
o Assets and liabilities should include all relevant items
• Auditor faces risk that client closing procedures are inadequate

• Audit procedures to assess adequacy of client closing procedures:
o Assess adequacy of client interim reporting procedures
o Check accuracy of accrual calculations
o Analyze results to assess reasonableness
o Consider pressures on client to overstate profit or report smoothed income
o Trace transactions around year-end to documents to determine appropriate dates

Audit Risk
Audit risk is the risk that an auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated (CAS 200)
• This means the auditor gives an opinion that the financial statements are fairly presented when they
contain a significant error or fraud
• Audit risk can never be zero
• Audit risk is reduced during planning by identifying the key risks and adjusting audit effort
accordingly
Stages in audit risk minimization
1. Identification of accounts and related assertions most at risk of material misstatement (inherent risk)
o Assertions are statements made by management about recognition, measurement,
presentation, and disclosure of items in the financial statements
• For example, all inventory items stated on balance sheet actually exist
o Some risks are more significant than others
• Significant risk is a risk of material misstatement at the upper end of

spectrum of inherent risk or identified as a significant risk in other auditing
standards
o Risks are more significant when they involve:
 Fraud
 Transactions where subjectivity is involved
 Accounting estimates with high estimation uncertainty or complexity
 Complexity in data collection and/or processing
 Account balances or disclosures that involve complex calculations
 Accounting principles subject to different interpretations
 Entity changes such as mergers and acquisitions
2. Assessment of client’s system of internal controls (control risk)
o Does client have controls designed to minimize risk of material misstatement for each
account and related assertions identified as being high risk by the auditor?
3. Auditor plans to undertake detailed testing of each identified account to the extent deemed necessary
o Based on auditor’s assessments of riskiness of account and related assertions, and
effectiveness of the client’s system of internal controls
o Audit risk is a function of the risk of material misstatement and detection risk (CAS 200)
o Risk of material misstatement existing in client’s financial statements and at assertion level
comprises both IR and CR
o AR = IR × CR × DR
AR = audit risk IR = inherent risk

CR = control risk DR = detection risk
• Inherent risk
o Risk that a material misstatement could occur
• Control risk
o Risk that client’s system of internal controls will not prevent or detect such a material
misstatement
• Detection risk
o Risk that the auditor’s testing procedures will not be effective in detecting a material
misstatement, should there be one
• Auditor will plan and perform their audit to reduce audit risk to an acceptably low level (CAS 200)
• There is an inverse relationship between IR and CR combined, and DR
o If IR and CR are high, auditor will set DR as low, and perform more detailed substantive
procedures
o If IR and CR are low, auditor will set DR as high, and reduce reliance on detailed substantive
procedures
Materiality
• Materiality guides audit planning, testing, and assessment of information in the financial statements
• Information is material if it impacts on the decision-making process of users of the financial
statements
• Information could be considered material because of its qualitative or quantitative characteristics
 Qualitative materiality factors
o Nature of the item, for example:
 Fraud
 Non-compliance with laws
 Related party transactions
 Change in accounting method
 Change in operations
 Quantitative materiality factors
o Magnitude of the item
 Express as percentage of relevant base figure
 Quantitative materiality factors

o Magnitude of the item
 Common bases and percentages used for materiality include:
 3-7% of normalized pre-tax profit
 1-3% of total assets
 3-5% of equity
 1-3% of revenues or expenditures
 Use professional judgement based upon knowledge of the client and the needs of the
financial statement users
 Performance materiality is an amount less than planning materiality, to reduce the likelihood that a
misstatement in a particular account balance, class of transactions, or disclosures does not in total
exceed overall materiality
 Based on professional judgement, however 60-75% of overall materiality may be appropriate
 Specific materiality is information that is relevant when some areas of the financial statements are
expected to influence the economic decision made by the users
 Materiality and audit risk are both considered in assessing the risk of a material misstatement
 Auditor should not use audit risk to determine materiality as materiality is focused on the needs of the
users of the financial statements
Audit Strategy
 Auditor must establish an overall audit strategy (CAS 300)
 Audit strategy
o Sets scope, timing, and direction of the audit
o Provides basis for developing detailed audit plan
o Is based on preliminary assessments of IR and CR
When an audit client does not have appropriate controls in place for an identified risk, what step will the
auditors take?
- weaknesses will be reported to those charged with governance.
When an auditor traces each transaction flow from inception to the recording of the transaction in the
general ledger, this is known as
- Walkthrough
• Auditor adopts a predominantly substantive approach when CR is high

o Auditor is still required to obtain understanding of control systems (CAS 315), but generally
no testing of controls
o High reliance on detailed substantive testing of balances and transactions
o Exception where significant risk identified
• Need to gain understanding of relevant controls

• If not deemed adequate to address risks, considered note-worthy deficiency in client’s
system of internal controls
• Auditor adopts a combined audit strategy when assessed CR is low and required DR is high
o Detailed understanding of client’s system of internal controls
o Extensive testing of controls (if cost warranted)
o Reduced reliance on substantive testing of balances and transactions
• Some substantive testing required for all clients

Client Performance Measures (KPI)
• As part of gaining understanding of client, auditor should learn how client measures its own
performance
o Client determine and uses key performance indicators (KPIs) to monitor and assess its
performance and staff performance
o Note KPIs can be written into contracts between client and others
o Auditor needs to understand what client focuses on, and what is potentially at risk of
misstatement
 Profitability
o Profit by division, branch, manager, etc.
o Price earnings ratio (PE)
o Market price per share/earnings per share
o Earnings per share (EPS)
 Profit/no. weighted average ordinary shares
 Decline could signal pressure on management
o Inventory turnover
 Cost of goods sold/inventory
 Decline could signal overvalued stock
 Liquidity
o Ability of company to meet its cash needs in short and long term
o Ratios can be written into debt contracts (as covenants) and restrict client’s actions
o Client potentially under pressure to misstate accounts included in ratios
Analytical Procedures
 Evaluation of financial information by studying plausible links among both financial and non-
financial data (CAS 520)
o Identify fluctuations in accounts that are inconsistent with auditor’s expectations based on their
understanding of the client
o Analytical procedures performed by the auditor can be conducted throughout audit:
 Risk Assessment – risk identification
 Risk Response – estimating account balances
 Reporting – overall review
 Analytical procedures at the risk assessment stage:
o Highlight unusual fluctuations in accounts
o Aid in identification of risk
o Enhance understanding of client
o Identify accounts at risk of material misstatement
o Reduce audit risk by concentrating audit effort where risk of material misstatement is greatest
 Common analytical procedures

o Simple comparisons
 Account balance with previous year, budget
o Trend analysis (horizontal analysis)
 Comparison of account balances over time
 Select base year, restate all accounts in subsequent years as a % of that base
o For both techniques, auditor should factor in client and economic changes, and form
expectations of reasonable changes in balances over time
o Common-size analysis (vertical analysis)
 Comparison of account balances to single line item
 Balance sheet – express each item as % of total assets
 Income statement – express each item as % of sales
 Using analysis over several years, auditor can see how each account contributes
to totals, and how this changes over time
o Ratio analysis
 Assess relationship between various financial statement balances
 Profitability ratios
 Gross profit margin, profit margin, return on assets, return on shareholders’
equity
 Liquidity ratios
 Current ratio, acid-test (quick) ratio, inventory turnover, receivables

turnover
 Solvency ratios
 Debt to equity ratio, times interest earned ratio
 Interpreting results of analysis

o Compare results to previous years’, budgets, competitors
o Discuss significant variation with management
o Consider effects on future viability of company (going concern risk)
o Lack of variation in results could be unexpected if conditions have changed
o Where results are unusual or unexpected, investigate further because it indicates risk of
material misstatement
 Analysis with technology

o Use of audit data analytics and other computer programs to conduct
 Various multidimensional analysis of clients data

 Journal entry summaries
 Validation reports
 Criteria-generated reports
 Times series analysis
Consider data reliability when conducting analytical procedures
 Has client data been audited? Is external data reliable?

 Poor controls would signal higher risk in relying on analytical procedures
 Change in accounting methods could distort data
Consider data reliability when conducting analytical procedures
 Auditor may have access to interim results only

 Reliability of budget setting process – is client continually missing budgeted targets?
 Are industry comparisons valid?
Chapter 5 AUDIT EVIDENCE
Audit Assertions
• Those charged with governance of an entity are responsible for ensuring that the financial
statements provide a fair presentation of the entity and its operations
• Management make assertions about each account and the related disclosures
o Assertions are statements regarding the recognition, measurement, presentation, and
disclosure of items included in the financial statements
• Auditors use assertions for transactions, account balances, and related disclosures when assessing
the risk of material misstatement and designing audit procedures
• Transaction-based assertions focus on the transactions that took place during the period as
opposed to the account balances
Assertions about classes of transactions Events, and Related Disclosures
Occurrence Transactions and events that have been recorded or disclosed have occurred
and pertain to the entity.
Completeness All transactions and events that should have been recorded have been recorded, and all related
disclosures that should have been included are included.
Accuracy Transactions and events have been recorded appropriately and related disclosures have been
appropriately measured and described.
Cut-off Transactions and events have been recorded in the correct accounting period.
Classification Transactions and events have been recorded in the proper accounts.
Presentation Transactions and events are appropriately aggregated or disaggregated and clearly described;
related disclosures are relevant and understandable.
Transaction assertions
 Occurrence
o Auditor gathers evidence that the transaction and disclosures recorded by the client
actually took place and relate to the entity
 Most important where there is risk of overstatement (e.g., revenue)
 Completeness
o Auditor gathers evidence that all transactions and disclosures have been recorded by the
entity
 Most important where there is risk of understatement (e.g., expenses)
 Accuracy
o Auditor gathers evidence that transactions and disclosures are recorded by the client at
the appropriate amounts.
 Most important where there is higher risk of inaccuracy (e.g., complex foreign
exchange transactions)
 Cut-off
o Auditor gathers evidence that the transactions have been recorded by the client in the
correct period.
 Most important for transactions near year end
 Classification
o Auditor gathers evidence that transaction is in correct account
o Presentation
o Auditor ensures events/transactions appropriately aggregated or disaggregated
Assertions about account balances at year end and Related Disclosures at Year End
Existence Assets, liabilities, and equity interests exist.
Rights and obligations The entity holds or controls the rights to assets, and liabilities are the obligations
of the entity.
Completeness All assets, liabilities, and equity interests that should have been recorded have
been recorded, and all related disclosures that should have been included have
been included.
Accuracy, valuation, Assets, liabilities, and equity interests are included in the financial statements at
and allocation appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded, and related disclosures are appropriately measured and
described.
Classification Assets, liabilities, and equity interests have been recorded in the proper accounts.
Presentation Assets, liabilities, and equity interests are appropriately aggregated or

disaggregated and clearly described; related disclosures are relevant and
understandable.
 Existence
o Auditor gathers evidence that recorded asset, liability, and equity items actually exist
 Most important where there is risk of overstatement (e.g., assets)

 Rights and Obligations
o Auditor gathers evidence that recorded assets are owned by entity and that recorded liabilities
represent commitments of the entity
 Most important where there is risk that items are held but not owned (e.g., inventory
on consignment)
 Accuracy, valuation, and allocation

o Auditor gathers evidence that asset, liability, and equity items and related disclosures have
been recorded at appropriate amounts and allocated to the correct accounts by the client
 Most important where there is risk of over- or undervaluation (e.g., inventory at
lower of cost and NRV, adequacy of doubtful accounts or other provisions)
 Classification
o Auditor gathers evidence that assets, liabilities, and equity interests are recorded in proper
accounts
 Presentation
o Auditor ensures assets, liabilities, and equity interests are appropriately aggregated or
disaggregated
Audit Evidence
• Audit evidence is the information that an auditor uses when arriving at their opinion on the fair
presentation of their client’s financial statements (CAS 500)
• Auditor must gather sufficient appropriate evidence
o Sufficiency relates to quantity of evidence
o Appropriateness relates to quality of evidence
o Audit risk determines what evidence is required
High-risk account
Aduit Risk = Inherent Risk X Control risk X Detection Risk X Evidence required
Risk Level high high Low More
Aduit Risk = Inherent Risk X Control risk X Detection Risk X Evidence required
Risk Level Low Low High Less
 Sufficiency of evidence gathered is a matter of professional judgement and will vary from account to
account and client to client
 Appropriateness of evidence refers to relevance and reliability

 Evidence is relevant if it provides confirmation about an assertion most at risk of material
misstatement
 Reliability of evidence refers to information that reflects the true state of information
 In evaluating reliability of information the auditor should consider:

o Source of information, specifically, independence of external third parties
o Expertise of respondent
o Consistency of information
o Source of information and if it is produced in an environment where the internal controls

operate effectively
Types of Audit Evidence
 External confirmations (CAS 505)
o Auditor requests third party to confirm matter in confirmation letter, including:
 Banks: confirm cash balances, securities, loans

 Creditors: confirm amount owed, terms, by client
 Debtors: confirm amount owed to client
 Others: confirm description and quantity of assets held
o Negative form: reply if information incorrect
 Hard to interpret non-response

o Positive form: reply in all circumstances
 Cannot know how well other party checked their records
 Documentary evidence includes:

o Invoices, suppliers’ statements, bank statements, minutes of meetings, correspondence, legal
agreements
o Can be internally or externally generated
 Auditor can
o Verify information in client’s records to supporting external documents to confirm accuracy,
existence, rights and obligations, or
o Trace from documents to client’s records to confirm classification, accuracy, completeness
 Auditor can request party to provide written representation

o Legal letter is sent by client to its lawyers to complete and return directly to auditor
 Can include opinions on legal matters, details of disagreements with client (CAS
501)
 Example Figure 5.4
 Auditor can request party to provide written representation

o Management representation letter contains acknowledgement of management’s
responsibilities, undertaking about legal compliance, confirmation of discussions (CAS 580)
 Auditor still needs to gather other evidence
 Example Figure 5.5
 Verbal evidence
o Auditor documents discussions with client management and staff
o Used to gain understanding of internal controls; corroborate other evidence
 Computational evidence
o Auditor checks mathematical accuracy; re-adding, can include complex re-calculations,
verifying formulas
 Physical evidence
o Gathered by inspecting assets, to assess condition, to reconcile to client’s records
 Electronic evidence
o Includes data held on client’s computer, emails to auditor, and scans and faxes
o No paper trail
o Auditor needs to consider the internal controls in place, including the quality of client’s
computer system when assessing reliability of this evidence
Persuasiveness of Audit Evidence

 Auditor is seeking evidence to corroborate client’s recorded transactions and balances
 Greater corroboration is provided by more persuasive evidence
 Evidence types vary in persuasiveness
 Least to most persuasive:

o Evidence generated internally by client
o Evidence generated externally, held by client
o Externally generated evidence send directly to auditor
 Internally generated evidence:

o Includes records of cheques sent, copies of invoices and statements sent to customers,
purchase orders, company documentation regarding policies and procedures, contracts,
minutes of meetings, journals, ledgers, trial balances, spreadsheets, worksheets,
reconciliations, calculations, and computations
o Could be held in paper or electronic form
o Least persuasive because it is possible that client could manipulate or omit this type of
evidence
 Externally generated, held by client:

o Includes supplier invoices and statements, customer orders, bank statements, contracts, lease
agreements, tax assessments
o Originals are more persuasive than photocopies
o More persuasive than internally generated evidence because it is produced by third parties
o Still possible that client could tamper with evidence
 Externally generated, sent directly to auditor:

o Includes bank confirmations, accounts receivable confirmations, correspondence with client’s
lawyers, expert valuations
o Most reliable type of evidence because it is independent of client
o Client has no opportunity to alter evidence
o More reliable when external party is considered to be more reliable, trustworthy, independent
of client
Using Work of an Expert

 Auditor may engage expert to help in audit when auditor does not possess required skills and
knowledge to assess item
o Expert could be member of audit team, audit firm, client, or independent
o CAS 620 provides guidance
 Is expert required?
 Determining scope of work for expert
 Selecting expert – assessing objectivity, capability of expert
 Assessing work of expert
 Auditor is responsible for drawing conclusions
 Assessing need to use an expert. Consider:
o Knowledge of audit team
o Significance and complexity of item being assessed
o Availability of appropriate alternative corroborating evidence
 The less knowledge held by audit team, the greater risk of material misstatement, and less
corroborating evidence available, the more likely an expert is required
 Scope of work to be carried out

o Auditor must set nature, timing, and extent of work
o Use written instructions covering issues expert will report on, and how work will be used by
auditor
 Assessing competence and capability of expert

o Consider expert’s qualifications, membership in professional body, reputation in the field,
experience
 Assessing objectivity of expert

o More objective if not connected to client
 Assessing the expert’s report

o Report should be understandable to non-expert
o Include process, assumptions, data used by expert
o Auditor considers consistency with other information
 Responsibility for the conclusion

o Auditor responsible for quality of evidence of expert’s work
Using Work of Another Auditor

 Group engagement partner responsible for signing audit report, but may use other auditors,
especially for remote locations
o Consider capacity of component auditors to undertake the work (CAS 600)
o Component auditor’s work must be to same standard as group engagement partner
 Objectivity
 Gathering sufficient, appropriate evidence
Evidence-Gathering Procedures
 Evidence gathering occurs throughout audit
 Guidance about primary evidence-gathering techniques contained in CAS 500

o Inspection of records and documents
 For example, for evidence of authorization, to check amounts

o Inspection of tangible assets
 For example, that they exist, their condition, to trace to records
 Guidance about primary evidence-gathering techniques contained in CAS 500

o Observation of client staff
 For example, that they conduct inventory count correctly

 Provides evidence only for date of observation
 Inquiry
o Useful for gaining understanding, or to corroborate other evidence; auditor will document
conversation
 Recalculations
o To check mathematical accuracy
 Re-performance
o Follow the process used by client
 Analytical procedures
o Relationships between data
 Audit Data Analytics

o Examination of large datasets, using computer software looking for exceptions, patterns, and
trends
Drawing Conclusions
• Does the auditor have sufficient, appropriate evidence on which to base conclusions?
o CAS 500
• Does evidence address significant risks faced by the client?

o CAS 315, CAS 330
Working Papers
 Auditor must document each stage of the audit in working papers (CAS 230)
o Provides evidence of work completed, details evidence gathered to support opinion
o Include in a working paper:
 Client name, audit period

 Title describing contents of paper, file reference
 Details identifying preparer/reviewer and work dates
 Cross references to other documents
Permanent file
 Client information and documentation that apply to more than one audit
o For example, client address, key personnel, long-term contracts
o Main accounting policies, results of prior audits
o Copies of prior period financial statements
Current file
 Client information and documentation that apply to current audit

o Evidence gathered for this audit
Chapter 8 EXECUTION OF THE AUDIT – PERFORMING SUBSTANTIVE PROCEDURES
Overview of Substantive Procedures

 Nature, timing, and extent of audit procedures responds to risk assessment for each significant
account and assertion
o Audit risk model: AR = IR x CR x DR
o Risk of material misstatement (IR, CR) is inverse to the level of DR auditor will accept
o Substantive procedures reduce DR
o If IR and CR are low, auditor will accept a high DR, and a small number of substantive
procedures are required
Linkage between inherent risk, control risk, and substantive testing required to reduce detection
risk
 Risk assessments are required to be performed at assertion level and the financial statement level
o Transaction assertions are related to account balance assertions
 e.g., work done to verify sales occurrence provides some evidence about accounts
receivable existence
 Similar assertions across all types of assertions (transactions, account balances, and
presentation/disclosure) are not exactly the same
 Substantive procedures:
o Audit procedures that are designed to detect material misstatements at the assertion level
o Used to obtain direct evidence as to:

 completeness, accuracy, and validity of data
 reasonableness of the estimates and other information contained in the financial
statements
o Audit program documents substantive procedures the auditor plans to use to identify and
rectify material errors before giving the audit opinion
 Nature, timing, and extent of substantive procedures in audit program determined by:
o Risk of material misstatement
o Nature of substantive test (e.g., access during interim periods)
o Level of assurance necessary (reasonable or limited)
o Type of evidence required (how persuasive)
o Complexity of client’s data systems
o Combination of alternative substantive tests (analytical procedures vs. tests of details)
o Some auditing standards require specific substantive procedures (e.g., CAS 501)
Risk Assessment and Substantive Procedures

 Risk assessment affects degree of focus on certain assertions
o e.g., Warranty provision – risk that some claims are omitted is higher than risk of incorrect
measurement of identified claims
 Affects both extent and timing of tests

o For warranty provision
 More extensive tests of completeness assertion needed than accuracy, valuation, and
allocation assertion
 Completeness tests more likely near year end, whereas accuracy, valuation, and
allocation tests of identified claims could be done at interim date
 Timing of substantive procedures

o Influenced by level of control risk
o Typically at or near year end, exceptions include:
 Accounts that accumulate transactions that mostly remain in year-end balance (e.g.,
additions to fixed asset register)
 Control testing confirms a strong control system
 Roll-forward procedures are suitable due to strong controls and no changes to
controls
 Roll-forward procedures are done between interim date and year end, and
provide evidence that interim testing results continue to apply for the
remainder of the period
Timing of substantive procedures
Substantive Audit Procedures

1. Tests of Details
2. Analytical Procedures
3. Using Technology for Substantive Testing
Tests of Details
 Substantive tests other than analytical procedures
 Designed to verify a balance or transaction back to supporting documentation

o Vouching
o Tracing
 Vouching: taking a balance or transaction from the underlying accounting records and verifying it
by agreeing the details to supporting evidence outside of the accounting records of the company
o Primarily tests existence/occurrence assertion
 Tracing: tracking a source document to the accounting records

o Primarily tests completeness assertion
 Deciding how much of a balance to test:

o Testing decisions require professional judgement
o Consideration is given to the type of evidence available
o Auditor typically does not perform procedures on 100% of the balances within the financial
statements
o Audit sampling typically involved (CAS 530)
o Another key factor is the auditor’s ability to rely on computer-generated data/reports
 Other common tests of transactions can include:

o Tests of client-prepared schedules
o Tests using confirmations
o Tests performed at interim date with roll- forward procedures
o Tests of underlying data to be used as part of analytical procedures
o Tests of income statement accounts for account classification
o Tests of individual transactions by vouching to supporting documentation
Analytical Procedures
 Analytical procedures can be used as:
o Primary (persuasive) tests of a balance
o Corroborative tests in combination with other procedures
o To provide at least some minimal level of support for the conclusion
 Analytical procedures may be the most effective test of a balance, or at least reduce extent of other
substantive tests (CAS 520)
 Types of analytical procedures:

o Absolute data comparisons (prior year, budgets, etc.)
o Ratio analysis (profitability, liquidity, and solvency)
o Trend analysis (over several accounting periods)
o Common-size financial statements
o Break-even analysis
o Pattern analysis and regression (sophisticated techniques)
 Improving reliability of analytical procedures:

o Mitigate risk of accepting account as not misstated when it is materially misstated
o Consider relevance of analytical procedures; they are less useful:
 When client’s operations are diverse

 If industry data is unreliable or not comparable to client
 When severe inflation
 When client’s budget process not well controlled
o Consider reliability of data
 e.g., test reliability of aging of reports
 Do control tests suggest data is reliable?
 Consider controls over non-financial data (e.g., tonnage of a product)
 Summary of analytical procedures approach:

o Identify computation, comparison, to be made
o Assess reliability of any data to be used
o Estimate probable balance or outcome
o Perform computations using internal or external data
o Compare estimated amount with calculation; assess if any difference is significant
o Determine appropriate procedures for investigating reasons for the difference
o Perform procedures
o Draw conclusions
Using Technology for Substantive Testing

 Computer-assisted audit techniques (CAATs) and audit data analytics (ADAs) assist auditors with
their testing in complex tasks
 CAATs and ADAs more useful when client has strong controls
 CAATs and ADAs:

o Software used to interrogate and examine client files (software can be special programs or
spreadsheets)
 Re-adding, performing logic tests, selecting key items, representative samples
 Handle large volumes of data, be more comprehensive
o Software that individual firms use to plan, perform, and evaluate audit procedures, regardless
of whether the client is automated or not
Levels of Evidence
 Evidence from different types of substantive procedures varies in persuasiveness
o Persuasive evidence
 Is suitable as primary test of balance
 Provides a reasonable estimate of balance, enabling auditor to conclude whether or
not the account balance is free from material errors
 No further procedures required
Examples of analytical procedures that provide persuasive evidence

Evidence Analytical Procedure
Material content of work in progress and Relate raw materials put into production and quantities sold to
finished goods normal yield factors
Overheads in closing inventory Relate actual overheads for the period to actual direct labour,
production volumes, or another measure
Finished goods pricing Refer to selling prices less selling costs and “normal” gross
margin
Charges for depreciation Refer to asset balance, effect of additions and disposals, and
average depreciation rate
Accrued payroll Refer to days accrued and average daily payroll or subsequent
period’s gross payroll
Commission expense Refer to commission rates and related sales
Accruals for commissions or royalties Refer to terms of agreements and payment dates
Accrued warranty costs for established products Refer to applicable payroll and previous year’s contribution
rate
Scrap income Relate standard cost scrap factor to weight of material
processed and apply the result to published scrap prices
Interest expense and related accrual Refer to the average debt outstanding, weighted average
interest rate, and payment dates
Investment income Relate average amounts invested to an average interest rate or
yield
Total revenue for a private school Relate school fee per each grade by number of students in the
respective grade
o Corroborative
o Confirms audit findings from other procedures
o Supports management representations or otherwise decreases the level of audit scepticism
o Allows auditor to limit extent of other procedures in the area
o Unexpected results would require auditor to expand other substantive audit procedures to
provide explanation of result
Examples of analytical procedures that provide corroborative evidence
Evidence Analytical Procedures
Trade receivables, sales, and going concern Review the volatility of the customer base (for example, new
customers as a percentage of existing customers) and compare
with expectations
Trade receivables Compare the current period’s receivables as a percentage of net

sales with prior period’s percentages, and consider the
reasonableness of the current period’s percentage in relation to
current economic conditions, credit policies, and collectibility
Prepayments Compare the prepayment account balances with those of prior

periods and investigate any unexpected changes (or the absence of
expected changes)
Property, plant, and equipment Review the reasonableness of the depreciation expense by
referring to the previous year’s balance and the effects of
acquisitions and disposals
Sales commission expense Compare sales commissions or bonuses with related sales
Payroll expense Compare payroll tax expenses with the annual payroll times the
statutory tax rates
 Minimal
o Not persuasive or corroborative
 e.g., simple comparison with previous year to help identify problems, not to reduce
other testing
o Usefulness of procedure to generate more persuasive evidence depends on the circumstances
 e.g., complexity of client and extent of fluctuations in particular account balance

Examples of analytical procedures that provide minimal evidence
Evidence Analytical Procedures
Trade receivables Understand the reason for any large credit

transactions/balances in the ledger
Trade receivables Compare the number and amounts of credit notes issued with
those of prior periods
Property, plant, and equipment Review the property, plant, and equipment and related
accounts in the general ledger for unusual items
Trade payables Compare the number of days’ purchases in trade payables

with those of prior years
Equity Compare the equity account balance with that of prior years
and investigate any unexpected changes (or the absence of
expected changes)
Payroll expense, cost of sales Compare the relationship between direct labour costs and
number of employees with those of prior periods
Auditing Accounting Estimates

 Estimates include estimation uncertainty
 Impacts risk of material misstatement and audit effort
 Audit of estimates often includes reviewing processes and controls, and substantive testing
 Additional work is required if a risk is assessed as significant
 The auditor needs to be unbiased in their assessment of the evidence gathered
 CAS 540 requires inclusion of one or more of the following approaches:
 Obtain evidence from year end to date of audit report
 Develop a point estimate
 Test how management made the estimate and related disclosures

o May include testing of controls over the estimate process
Evaluating and Documenting Results

 Auditor’s understanding of the client’s business helps identify likely fluctuations in financial data
o e.g., seasonal trends, dependent relationships, specific business decisions
o Expectations of likely fluctuations helps auditor to interpret results
 Absence of fluctuation or a large fluctuation could also be suspicious
 Auditor assesses impact of all errors identified during the audit and documented in working papers
o Distinguish between errors (including fraud) and judgemental misstatements
 Differences in judgement between auditor and client
 Likely to be focus of discussions between auditor and client, more likely to

be “range” than exact number
o Decide if one-off event, or systematic errors
 Conclude on results for each audit program step and each significant account and significant assertion
Chapter 6: Sampling and Overview of the Risk Response Phase of the Audit
Audit Sampling
• Sampling is required whenever the auditor does not test an entire group of transactions or all items in
a balance (CAS 530)
• In many cases, there are too many items to test, or auditor decides that it is not necessary to test all
items
• Sample of items tested should be representative of the population
Sampling and Non-Sampling Risk
• Sampling risk is the risk that the sample chosen by the auditor is not representative of the population
available for testing, and causes the auditor to arrive at an inappropriate conclusion
• Two consequences of sampling risk:
o Risk that audit will be ineffective
o Risk that audit will be inefficient
• Tests of controls and sampling risk

o If sample contains fewer deviations than population, auditor over-relies on controls
• Concludes internal controls work effectively

• Audit is ineffective because risk of misstatement is greater than auditor’s assessment
o If sample contains more deviations than population, auditor under-relies on controls
• Concludes internal controls do not work effectively

• Audit is inefficient because auditor does more work than necessary
Sampling risk when testing controls
Sampling Risk Implications for the Audit
The risk that the auditor concludes that the client’s An increased audit risk (that is, the risk that the
system of internal controls is effective when it is auditor will issue an inappropriate audit
ineffective conclusion)
The risk that the auditor concludes that the client’s An increase in audit effort when not required (that
system of internal controls is ineffective when it is is, there is a risk that the audit will be inefficient)
effective
• Substantive tests and sampling risk

o If sample contains no material misstatements, auditor concludes financial statements not
misstated when there is one in the population
• Audit is ineffective because risk of misstatement greater than auditor’s
assessment
o If sample contains more misstatements than population, auditor concludes financial
statement misstated
• Audit is inefficient because auditor does more work than necessary
• Non-sampling risk is the risk that the auditor makes an inappropriate conclusion for a reason
unrelated to sampling issues
• The auditor could:
o Use ineffective audit procedures
o Rely too heavily on unreliable evidence
o Spend too little time testing high-risk accounts or critical controls
Statistical and Non-Statistical Sampling

• Statistical sampling involves random selection and probability theory to evaluate the results,
including sampling risk (CAS 530)
o Allows measurement of sampling risk
o Can be costly to use
• Non-statistical sampling allows auditor to use judgement to select sample items

o More likely used when account is low risk and corroborating evidence available
Sampling Techniques
• Random selection
o Person selecting sample cannot influence choice of items
o Each item has equal chance of being selected
o Sample can be stratified before selecting random sample to increase efficiency
• E.g., stratify (subdivide) population of transactions into different size ranges, then
take different size samples from each stratum
• Systematic selection
o Divide number of items in population by sample size, giving sampling interval (n). Select
starting point, then take every nth item
o Risk that items are listed in way that every nth item is related – can randomly order first
• Haphazard selection
o Auditor does not use methodical technique
o Not random sampling because personal bias could affect choice
• Block selection
o Select items grouped together
o Sequence of items may make this inappropriate

o Non-statistical
• Judgemental selection
o Auditor chooses items based on judgement
o E.g., after a new computer system installed
o Non-statistical
Factors to Consider when Selecting Sample

• Consider knowledge of client, control risk (CR), acceptable detection risk (DR), and planning
materiality (PM)
• Select an appropriate population to test
• Define error for test, set tolerable error and confidence level required
Factors that Influence Sample Size

When determining size of sample for control testing, CAS 530 requires auditor to consider:
1. Larger sample size if auditor intends to rely more heavily on that control to reduce substantive testing
2. Smaller sample size if auditor is willing to tolerate a higher deviation rate for that control
3. Larger sample size if auditor expects the population to have a higher rate of deviation for that control
Sample size for control testing
4. Larger sample size if auditor requires greater confidence that the control is operating effectively (i.e.,
lower control risk)
5. Very little change to sample size if population has more sampling units
Factors that influence the sample size when testing controls

Factor Effect on Sample
Size
1. An increase in the extent to which the auditor’s risk assessment takes into Increase
account plans to test the operating effectiveness of
controls
2. An increase in the tolerable rate of deviation Decrease

3. An increase in the expected rate of deviation of the population to Increase
be tested
4. An increase in the auditor’s desired level of assurance that the tolerable rate of Increase
deviation is not exceeded by the actual rate of deviation in the population
5. An increase in the number of sampling units in the population Negligible
When determining size of sample for substantive testing, CAS 530 requires auditor to consider:
1. Larger sample size if auditor assesses risk of material misstatement as greater (higher IR, CR)
2. Smaller sample size if auditor also using other substantive procedures for same assertion
3. Larger sample size if auditor requires greater confidence from results of tests (requires lower DR)
Sample size for substantive testing
4. Smaller sample size if auditor is willing to accept greater total error (higher tolerable misstatement)
5. Greater sample size if auditor expects to find greater misstatement in population
6. Smaller sample size if auditor using stratification of population
7. Very little change to sample size if population has more sampling units
Factors that influence the sample size when testing transactions and balances
Factor Effect on Sample
Size
1. An increase in the auditor’s assessment of the risk of material Increase

misstatement
2. An increase in the use of other substantive procedures directed at Decrease

the same assertion
3. An increase in the auditor’s desired level of assurance that Increase

tolerable misstatement is not exceeded by actual misstatement
in the population
4. An increase in tolerable misstatement Decrease
5. An increase in the amount of misstatement the auditor expects to Increase

find in the population
6. Stratification of the population when appropriate Decrease
7. The number of sampling units in the population Negligible
Substantive Test Techniques

There are two main techniques applied when the auditor is using substantive testing:
1. Key Item Test – using either statistical basis or professional judgement to identify and select key
items within a balance. Often the focus is selecting the largest transactions within a balance.
2. Representative Sampling – used after key items selected and there is a large population of individual
items significant in total but typically not individually
 Remaining items are selected in a way that the sample is expected to be representative of the
remaining population
 Can use audit risk tables, variables estimation sampling, or attribute sampling to select the
items to test
Evaluating Sample Test Results
 Auditor will consider whether results of tests applied to a sample provide evidence that
o Control tested is effective within entire population (for control tests), or
o Class of transactions or account balance tested is fairly stated (for substantive tests)
 If errors are found in sample, calculate for population

o Deviation rate for control, or
o Misstatement of transactions or account balance
If sample is representative of population
 Conclude deviation from controls in sample is at same rate as deviation from controls in population
o Is deviation rate tolerable? More testing required?
If sample is representative of population
 Project monetary errors in sample to population

o First remove unique errors
o Consider if sample stratified
o Projected error = dollar size of error/dollar size of sample x dollar size of population or stratum
o Is total projected error tolerable? More testing required?
As an auditor, what would you conclude if the tolerable error rate was set at $3,500? What if the tolerable
error rate was $7,500?
Stratum Error Sample Stratum Projected Error
(1) (2) (3) (4) (2)/(3) × (4)
1 $1,586 $20,235 $25,732 $2,017
2 $(658) $8,398 $15,367 $(1,204)
3 $1,721 $12,568 $32,456 $4,444
Total $2,649 $41,201 $73,555 $5,257
Tests of Controls and Substantive Procedures

 Audit plan is based on audit strategy
o Audit strategy is developed after gaining an understanding of the client’s business (inherent
risk) and its internal controls (control risk)
o Therefore, relative emphasis on (1) tests of controls and (2) substantive procedures depends
on client’s audit risk
 Audit risk and audit strategy
Audit Inherent Control Risk Detection Risk Audit Strategy

Risk = Risk
f
High High High Low
No tests of Increased reliance on substantive tests of Substantive strategy

controls transactions and account balances
Low Low Low High
Increased Reduced reliance on substantive tests of Combined strategy

reliance on transactions and account balances
tests of
controls
Tests of Controls
 Preliminary assessment of control risk (CR) is made after gaining an understanding of client during
planning stage
 Tests of controls are performed on controls identified during gaining understanding phase
o To obtain evidence that controls operated effectively and consistently throughout period
 Auditor can reduce reliance on substantive testing only if tests confirm CR not high
Control testing procedures include:
 Inspection of documents for evidence of authorization
 Inspection of documents for evidence that details included have been checked by appropriate client
personnel
 Observation of client personnel performing various tasks, such as opening mail and conducting an
inventory count
Control testing procedures include
 Inquiry of client personnel about how they perform their tasks
 Re-performing control procedures to test their effectiveness
Substantive Procedures
 Types of substantive procedures:
o Substantive tests of transactions
o Substantive tests of balances
o Analytical procedures
 When CR is lower, auditor can rely more on analytical procedures and less on detailed substantive
tests of transactions and balances
o Analytical procedures are more efficient than substantive tests and place greater reliance on
client’s accounting records
 Examples of substantive procedures:

o Confirmation from client’s bank regarding interest rates on borrowings (tests accuracy
assertion for interest expense)
o Recalculate interest expense (accuracy assertion)
o Inspecting documents to verify date of transactions posted around year end (cut-off assertion)
o Inspecting suppliers’ invoices to verify amounts recorded as purchases (completeness

assertion)
o Confirmation of accounts receivable for amount owed (existence assertion)
o Recalculating wages payable (accuracy, valuation, and allocation assertion)
 Examples of analytical procedures:

o Estimate depreciation expense by multiplying average depreciation rate by average asset
balance (accuracy assertion)
o Compare inventory balances for this year and last year (existence, completeness, and
accuracy, valuation, and allocation assertions)
o Estimate movie theatre revenue by multiplying average ticket price x number of seats in
theatre x average proportion of seats sold per session x number of sessions per week x weeks
per year (occurrence and accuracy assertions)
Nature, Timing, and Extent of Audit Testing

 Nature, timing, and extent of testing varies depending on audit strategy adopted and type of testing
(CAS 330)
 Nature of audit testing

o The purpose of the test (control or substantive test; which assertion is being tested), and
o The procedure used (inspection, observation, inquiry, confirmation, recalculation, re-

performance, or analytical procedures)
 Auditor tries to gather most persuasive evidence for assertions most at risk
 Timing of audit testing

o Date that audit evidence relates to, and
o Stage of audit when procedures are performed
o Interim testing usually done for:
 Control testing
 Low-risk accounts
o Year-end testing usually done for:
 High-risk accounts
 Accounts affected by high deviations in control tests
 Cut-off assertion
 Extent of audit testing

o Refers to amount of audit evidence gathered
o Increase extent of control testing when control risk is low
o Reduce extent of substantive testing and increase extent of reliance on analytical procedures
when control testing confirms lower CR
o Do little or no control testing when adopting substantive strategy (i.e., control risk is high)
CHAPTER 7: Understanding and Testing the Client’s System of Internal Controls
Internal Control Defined
 System of internal control encompasses the entity’s resources, systems, processes, culture,
structure, and tasks
 When controls are effective, the entity is more likely to achieve its strategic and operating
objectives
 Internal control is the system designed, implemented, and maintained by those charged with
governance, management, and other personnel to provide reasonable assurance about the
achievement of the entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with applicable laws and regulations
(CAS 315)
Objectives of Internal Controls
 Is an entity’s internal control effective as it relates to recording of transactions and balances?
Effective internal control meets the following objectives:
1. Real – no fictitious or duplicated transactions
o Assertions: occurrence, rights and obligations, and existence
2. Recorded – prevent or detect omission of transactions
o Assertions: accuracy, completeness, and accuracy, valuation, and allocation
3. Valued – correct amounts assigned to transactions
o Assertions: accuracy, and accuracy, valuation, and allocation
4. Classified – transactions charged to correct account
o Assertions: accuracy, classification, and accuracy, valuation, and allocation
5. Summarized – transactions summarized and totalled correctly
o Assertions: accuracy, and accuracy, valuation, and allocation
6. Posted – accumulated totals in transaction file are correctly transferred to the general ledger and
subsidiary ledgers
o Assertions: accuracy, classification, and accuracy, valuation, and allocation
7. Timely – transactions recorded in correct accounting period
o Assertions: cut-off and completeness
 Auditor aims to gain an understanding of how the client uses internal controls to meet these
objectives
 Focusing on these objectives helps auditor select controls for testing to gain greatest assurance
that system of internal controls is operating effectively
 Failure of an entity’s controls to meet any of these objectives is a weakness in internal control
 All internal control systems have inherent limitations

o Human error that results in control breakdown
o Ineffective understanding of control’s purpose
o Collusion by two or more individuals to avoid control
o Software program control being overridden, disabled
o Management decisions about nature and extent of controls being implemented
System of Internal Controls

 Entity-level internal controls potentially impact all entity processes. The system of internal control
comprises:
1. The control environment
o Culture, structure, and discipline of an entity
 How management’s responsibilities are carried out

 Attracts, develops, and retains competent employees
 Independent and active participation by those charged with governance
 Assignment of authority and responsibility, including IT environment
 How the entity holds individuals accountable for meeting internal control objectives
2. The entity’s risk assessment process
o How does the entity identify and respond to business risks?
o Auditor is interested in how management identifies, analyzes, and manages risks relevant to
financial reporting, and how the risks might impact the audit
3. Information systems and communication
o Designed to capture and exchange information to conduct, manage, and control entity’s
operations
o Includes manual and automated systems
o Auditor is interested in systems relevant to financial reporting
4. Control activities
o Policies and procedures that help make sure management’s directives are carried out
 Performance review
 For example, actual vs. budget, investigation of differences
 Information processing
 Manual or automated, to check accuracy, completeness, and authorization of
transactions
 Authorization controls
 Define who can approve transactions
 Account reconciliations
 Preparation and review of account reconciliations on a timely basis
 Physical controls
 Security of assets and records
 Segregation of incompatible duties
 No one employee/group should be in position to both perpetrate and hide
fraud/errors
 Separate authorization/custody/recording
o When understanding the client’s control activities, auditor considers:
 Extent of reliance on IT
 Existence of necessary policies and procedures
 Extent to which controls included in the organization’s policies are being applied
 Clarity of management objectives for financial and operating goals
 Existence of planning and reporting systems for performance, communication and
investigation of variances, and management corrective action
 Extent of segregation of duties
 Software controls over access to data and programs
 Periodic comparison between records and assets
 Safeguards over access to documents, records, and assets
5. Monitoring of controls
 Does management monitor controls and modify as required when conditions change?
 Ongoing monitoring procedures should be part of regular activities, e.g., internal
audit function
 Auditor considers:
 Are there periodic evaluations of internal controls?
 Do client staff regularly obtain evidence of control functioning?
 Extent to which information from external parties corroborate, or contradict, internal
information
 Management acting on internal and external audit recommendations, or respond to
control difficulties on timely basis
 Internal control in small entities

o Difficult to implement formal controls, segregate duties in small entities
o Reliance on owner-manager, heavily involved in daily business
 Personally detect material errors, but

 Potential to override internal controls
o Auditor could increase substantive procedures to compensate for weaker controls
Types of Controls
 Transaction-level controls are designed to reduce the risk of misstatement due to error or fraud and to
ensure that processes are operating effectively
 Controls can include any procedure used and relied upon by the client to prevent errors occurring, or
to detect and correct errors that occur
 Controls have two main objectives:

o To prevent or detect misstatements in the financial statements, or
o To support the automated parts of the business in the functioning of the controls in place
 Controls are classified as:

o Manual controls
o Automated (or application) controls
o IT general controls (ITGCs)
o IT-dependent manual controls
 Test of controls (controls testing)

o Refers to the audit procedures performed to test the operating effectiveness in preventing, or
detecting and correcting, material misstatements at the assertion level
 When controls are designed, consideration is given to what can go wrong with the transaction, often
referred to as WCGWs (what can go wrongs).
 Preventive and detective controls

o Preventive controls can be applied to each transaction during normal processing to avoid errors
occurring
 Commonly automated, e.g., reject duplicate transaction
o Avoiding an error does not always result in physical evidence that the control worked, or worked
effectively, e.g., what evidence is available that:
 the staff member authorizing a stock movement checked the details carefully before
signing the form?
Examples of preventive controls
WCGW Assertion Preventive Control
Sales occur that are not Occurrence, accuracy The computerized accounting program will
collectible. not allow a sale to be processed if a customer
has exceeded its credit limit.
Fictitious employees are paid. Occurrence Amounts cannot be paid to employees

without first matching a valid social
insurance number to the employee master
file.
Sales are recorded at the wrong Accuracy Sales invoices are automatically priced using
amount. a master pricing file.
Transactions are classified and coded Classification The account coding on each purchase order is
to incorrect accounts. checked by the computer using a table of
valid account numbers, and then various
logic tests are performed by the computer.
o Detective controls are necessary to discover fraud or errors that have occurred during the
transaction process
o Usually not applied to transactions during normal flow of processing, but applied outside normal
flow to partially or fully processed transactions
 For example, cheques for payment prepared and held by system until approved for
payment, then processed
o Wide variation in detective controls from client to client, depending on complexity, preferences,
etc.
 Can be informal or formal
o Important that detective controls:
 Completely and accurately capture all relevant data

 Identify all potentially significant errors
 Are performed on a consistent and regular basis
 Include follow-up and correction on timely basis of any misstatements or issues
detected
o Examples of detective controls:
 Management-level analysis and follow-up of reviews: actual vs. budgets, prior

periods, competitors, industry; anomalies in performance indicators
 Reconciliations with follow-up of reconciling, unusual items, to resolution and
correction (e.g., bank reconciliation, subsidiary ledger to control account)
 Review and follow-up of exception reports (automatically generated reports of
transactions outside pre-determined parameters)
• Usually can obtain evidence of detective controls’ operation and effectiveness
Examples of detective controls
WCGW Assertion Detective Control
Cash is received but not recorded in Completeness, Bank reconciliation and follow-up of
the general ledger, payments occurrence, cut-off unexpected outstanding items (for example,
are made but not recorded, or cash unexpected or large deposits not yet cleared
receipts or cash payments are not real by the bank, cheques presented by the bank
or not recorded on a timely basis. but not recorded in the general ledger).
Shipments are not billed and Completeness, The computer performs a daily comparison
recorded, or billings are not related to occurrence of quantities shipped to quantities billed. If
actual shipments of product. differences are revealed, a report is generated
for review and follow-up by the billing
supervisor.
Unrecorded billings and errors in Completeness, Quarterly reviews of credit balances in

classifying sales or cash receipts. occurrence accounts receivable to determine their
causes.
Errors in the number of units, or unit Accuracy The sales manager reviews daily shipments,
prices being calculated or applied total sales, and sales per unit shipped.
incorrectly.
 Manual and automated controls

o Purely manual controls do not rely on IT for operation
 For example, locked cage for inventory

o Could rely on IT information from others
 For example, reconcile inventory count to computer-generated consignment

inventory statements
o Automated controls generally rely on client’s IT
o IT general controls (ITGCs)

 Support functioning of automated controls
 Provide basis for relying on electronic evidence in audit
 Types of ITGCS:
 Program change controls
 Logical access controls
 Other ITGCs, e.g., data backup
 Application controls apply to processing of individual transactions, support
segregation of duties
 For example, edit checks, validations, calculations, interfaces, authorizations
o IT-dependent manual controls
 Has both manual and automated aspects
 For example, management reviews a monthly variance report (automated) and
follows up (manual) on significant variances
 Auditor must consider both aspects – report generation and management
follow up
 Consider controls over report generation – is report accurate and complete? If
not, follow-up is not effective
Selecting and Designing Tests of Controls

 Professional judgement is required to decide
o Which controls to select for testing
 Select controls that will provide most efficient and effective audit evidence
 Increase efficiency by only testing controls that are critical to audit opinion –
those that address the WCGWs most effectively with least amount of testing
 More efficient to test controls that address multiple WCGWs
o How much testing of controls is required
 How much testing?

o Extent of testing based on statistical sampling or professional judgement
o Consider:
 How often is control performed? More often = more testing

 Degree of reliance on control, more = more testing
 Persuasiveness of evidence from testing, more = less testing
 Need to be satisfied that control operated as intended throughout period, interim
testing might be required
 Existence of combination of controls that could provide increased assurance, less
reliance on single control = less testing
 Relative importance of WCGW, and assurance required is based on consideration
of several issues
o Also consider other factors that relate to the likelihood that a control operated as
intended, including:
 Competence and integrity of person performing control
 Quality of control environment, e.g.,
 Chance of control bypass or override

 Changes in accounting system
 Unexplained changes in related account balances
 Auditor’s prior experience with the engagement
o Testing must provide enough evidence to be able to reasonably conclude that control is
effective throughout the period
o Attribute sampling allows conclusion about population in terms of frequency of control
being performed
 For example, attribute being tested could be presence/absence of authorizing
signature on document
 Evidence of one exception (or deviation) in sample
 Investigate cause of exception
 Increase sample and extend testing, or
 Amend decision to rely on control – test other controls and/or increase
substantive testing
o Application controls – test using these methods:
1. Test operating effectiveness

 Test manual follow-up procedures that support the application control
 For example, investigate how client follows up on computer-generated
exception report for sales with no prices in master file
2. Test controls over program changes, and/or access to data files

 Test ITGCs
 For example, test controls to ensure that all changes to pricing master file are
approved
 Techniques used to test controls over program changes or access to data usually
involve inquiry, observation, and examination of physical evidence.
o Timing of tests of controls
 Usually at interim date

 Preferable to test entity-level controls and ITGCs early in audit because results
impact other tests
 Update interim results and evaluation at year end
 Identify relevant changes in environment and controls
Suggested extent of testing

Reasonable Assurance Limited Assurance from Tests
Frequency from Tests of Controls of Controls
> 1,000 instances 25–40 10–20
Daily 25–40 10–20
Weekly 5 2
Monthly 2 1
Quarterly 2 1
Annually 1 1
Other Professional judgement Professional judgement
Application control (effective ITGC’s)

1 1
Documenting Internal Controls

 Common forms of documenting controls:
1. Narratives
 Very useful when controls simple, straightforward

 Auditor uses words to describe each step of transaction from start to finish
2. Flowcharts
 Useful for more complex controls – keep chart simple

 Conveys information visually
3. Combination of flowchart and narrative
 Use both techniques side-by-side

 Narrative used to explain details
4. Checklists and preformatted questionnaires
 Helps identify most common controls that should be present

 Useful for less-experienced auditors
Example narrative for documenting credit sales process:
Sales order is received by fax or email. Check customer details against customer account balance to see if
the customer has exceeded its credit limit. If the customer has exceeded its limit, refer the sales order to
the credit manager (C. Cox) for approval. If approval is denied, refer the order back to the sales manager
to notify or discuss with the customer. If customer has not exceeded its credit limit or the credit manager
(C. Cox) has provided an approval to exceed the limit, process the sale in the sales ledger.
Example flowchart for credit sales process
Example Checklist for Documenting a Credit Sales Process

Process step Performed by IT/reliance on
electronic data
Yes/No?
Customer places sales order and order is input into sales

order program
Credit and/or credit terms approved
Order filled and prepared for shipment
Shipping/delivery documents prepared
Order shipped/delivered to or picked up by customer
Sales invoice prepared
Prices (or deviations from standard prices) approved
Invoice reviewed for accuracy and mailed/delivered to

customer
Sales journal produced
Sales journal summarized and posted to general ledger

and trade receivables detail
Provide any other details that are necessary to understand the initiation, processing, recording, and
reporting of the transactions:
Briefly describe the client’s revenue recognition policy, including standard billing and collection terms:
Briefly describe the client’s credit terms and credit authorization procedures:
Briefly describe the client’s procedures for sales returns and allowances and the issuance of credit
memos:
Techniques for Testing Internal Controls
 Auditor uses combination of techniques when testing controls
 Inquiry
o Auditor questions employee performing control, management about review of control
 Observation
o Auditor observes actual control being performed
o Limitation: employee might be more diligent when observed
 Inspection of physical evidence

o Auditor tests physical evidence to verify control has been performed
o Example: auditor examines sample of invoices to determine if proper related shipping

document attached
 Re-performance
o Auditor re-performs control (e.g., attempts to access an unauthorized area to see if attempt on
exception report)
Results of Auditor’s Testing
 Do results of control testing confirm preliminary evaluation of controls and control risk based on
internal control documentation?
o If so, do not modify planned substantive procedures
o If not,
 Are compensating controls available? Test

 Revise audit risk assessment for related account and the planned audit strategy
 When deciding whether need for additional tests of controls, consider:

o Results of inquiries and observations - could reveal other controls now being relied upon and
need to be tested
o Evidence provided by other tests – substantive tests can provide evidence about continued
functioning of controls
o Changes in overall control environment – change in key personnel could make additional
control tests necessary
Documenting Conclusions
 Results of control testing documented in working papers
o Test performed
o Purpose of test of controls
o Actual controls selected for testing
o Findings/results of testing- exceptions found
o Conclusion tied to specific test purpose
 Document in sufficient detail to allow another auditor to perform same test

o Extent of documentation depends on complexity of client’s operations, systems, and controls
o Review impact of testing controls on rest of audit

Example of test of control working paper
Impact of Control Testing on Level of Substantive Testing
Identifying Strengths and Weaknesses in a System of Internal Controls

 After documentation, auditor must assess control system
o Identify systems strengths and weaknesses that have financial reporting impact
o Identify internal control exceptions where control did not operate as intended
o Draw conclusions about control risk
Management Letters
 CAS 260/265 requires auditors to provide those charged with governance timely observations arising
from the audit that are significant and relevant to the oversight of the financial reporting process
 May take the form of a letter from the auditor to the client, recommendations based on internal
control weaknesses, and other matters discovered during the audit
 Professional judgement required about which matters to include in letter
 Allows management to document their actions in response, and inform those charged with
governance
 Often use interim and final management letters

Management Letters: Example
CHAPTER 9 Audit Data Analytics
Describe Data Analytics
 Data analytics is the science of analysing data to draw conclusions
 Descriptive analytics use data to aid in understanding past data
 Diagnostic analytics use data analytic focused on understanding why something happened
 Predictive analytics use data analytics to mke predictions into the future considering a variety of
scenarios
 Prescriptive analytics use data analytics to examine a variety of solutions to determine the best
outcome
How Data Analytics Are Used
 Audit Data Analytics (A D A) – the examination of large datasets, using computer software, for
exceptions, outliers, trends, and other useful information
 Provide a means of gathering sufficient and appropriate audit evidence
 For example: the ability to quickly prepare a trend analysis over multiple years in greater detail
with drill down capability into the details where needed
 Data visualization involves the presentation of results of an A D A as an image, chart or table
 Visuals can aid in the identification of items requiring further investigation plus it can increase
the effectiveness of communicating audit findings
FIGURE 9.1 Year-over-year visualization
 Dashboards – the display of multiple visuals to monitor business performance

 A D A may be viewed as an evolution of C A A T s that allow the auditor to make effective use of
data visualization techniques to achieve a broader range of audit objectives
When Data Analytics Are Used
 A D A s can be used at any stage
Figure 9.2 When A D A can be used in an audit
 Risk Assessment phase

o Aids auditor in gaining a better understanding of the business including where the risk of
material misstatement may exist
o Including the risk of a material misstatement due to fraud
 Risk Assessment phase

o For example
 the use of a descriptive A D A to gather evidence to support the risk assessment

for the overall entity and to identify significant accounts and relevant assertions
 Use of A D A s to examine unexpected flucuations in greater detail pinpointing
higher risk areas
 Other possible risk assessment A D A s: analyze GL for usual transactions,
create visualization of ratio analysis, price quantity analysis for sales, analyze
change in A R and perform trend analysis
Techniques Used for Data Analytics
TABLE 9.1 Data analytic techniques
Technique Description Helpful for
Visualization Information is presented visually • Risk assessment procedures

• Identification of trends
Matching Searching for items that should or • Fraud identification

should not match
• Exception identification
Clustering Grouping items with similar • Exception identification

characteristics
• Exception reduction
Statistical techniques Regression analysis and data • Substantive analytics

distribution
• Exception identification
Data Considerations
Types of Data
 Structured
o Data that resides in a fixed field within a record or file
o Often includes data captured, processed and maintained in an accounting system – G L

and journals for example
 Unstructured
o Data that do not reside in traditional data bases
o Examples: emails, social media, texts, images
 Obtaining and accessing client data important considerations include:

o The auditor should have direct access to read only data
o The auditor should gain an understanding of what data the client has available
o The auditor should understand the size of the dataset
 It is important for the auditor to understand the quality of data to assess its usability
 Key quality components include:

o Consistency
o Completeness
o Cleansing which involves identifying and correcting missing, incorrect and duplicate
fields and reformatting the data in a consistent format
 C A S 500 requires the auditor to consider the relevance and reliability of the information used as
audit evidence
 For an audit procedure to be relevant it should relate to the account and relevant assertions
 Reliability the extent to which information reflects the true state
 Examples of Data Characteristics that may Affect Relevance and Reliability

Figure 9.3 Examples of data characteristics that may affect data relevance and reliability
Nature
• Financial, non-financial
• Accounting process and control-related
• Product and service categories
• Demographic
• Economic
• Geographic
• Business sector
• Regulatory
• Historic
• Forward-looking
• Time-sensitive
Sources
• Controlled by the accounting department of the audited entity (in-house records) or stored externally
(for example, in the cloud)
• Controlled by persons outside of the accounting department of the audited entity (with various possible
storage media)
• External to, and not controlled by, the audited entity
Format
• Numerical (for example, quantity, currency), text, symbols, other characters
• Structured (for example, data in a fixed field within a record or file)
• Unstructured (for example, text)
Timing
• Point-in-time, period of time

• Rate of change (time lags, continuity)
Extent
• Volume
• Scope (variety of subject matters and sources)
Level of Aggregation
• Financial statement item, account balance, component of an account balance
• Annual, monthly, daily, hourly, some smaller timing frequency
• Consolidated, segmented (for example, by division, location)
• Database files, tables, and fields
 Documentation of the work performed in the working paper file is required regardless if manual
or A D A s
 C P A Canada to Audit Data Analytics outlines the following regarding the documentation of A D
As
o Objectives of the procedures
o Risk of material misstatement that the procedures is intended to address
o Source of data and why selected
As
o A D A related tools and techniques used
o Tables and graphics used including how they were generated
o Steps taken to access data, how extracted and transformed for use
o Evaluation of matters identified as a result of applying A D A including where additional

items were investigated and how filtered
As
o Identifying characteristics of the specific items or materials tested
o Name of the auditor who did the work and the date performed
o Name of the auditor who reviewed the work and the date of the review
 Figure 9.4 The data life cycle
Audit Data Analytics (A D A) Five-Step Process

Five-step process for planning, performing, and evaluating A D A s
1. Plan the A D A
o The auditor needs to have a good understanding of the client, their business, and whether the
system of internal control over data collection is generally effective
o Next determine what type of A D A to perform including what account and assertions to test –
influenced by the preliminary risk assessment and data available
o Then identify the data needed and plan the details of the test including how to document the
test results
TABLE 9.2 Planning the A D A as a risk assessment procedure
Purpose
To examine year-over-year sales to identify trends and unexpected changes that may impact the risk
assessment of the sales account
Account and Assertion
Sales: occurrence, accuracy, and completeness
Data Required
• Sales data from the general ledger for the year under audit and the prior three years
• Quantities of each product sold from the client’s sales database for the year under audit and the
prior three years
ADA to Perform
• To examine sales trends by quarter over four years
• To examine sales by location over four years
• To examine the quantity of products sold over four years
2. Access and Prepare the Data
o Assess the condition and format of the data population identified
o Includes identifying data errors and cleaning them
3. Consider the Data’s Relevance and Reliability

o Reliability of evidence is impacted by how and by who collected the data and whether the
information is produced under a system of effective internal controls
4. Perform the A D A
o If an auditor finds an unexpected trend, outlier and/or exception this is referred to as a
notable item
o Notable items require follow up when performing an audit data analytic
5. Evaluate the Results

o Performing the A D A is important to confirm expectation and identify notable items
o Important to evaluate the results (notable items) and form a conclusion
o Auditor needs to consider where the test met its objective or if it needs to be revised and
reperformed
o CAS230 requirement auditor should document the results of the test
 Additional Issues to Consider

Figure 9.9 Process to identify and address notable items when using an A D A in performing a risk
assessment procedure
o Risk assessment and testing of the general ledger
o A D A s are commonly used to to analyze the generl ledger to support C A S 240 which
requires the audit to assess the risk of fraud
o Identification of journal entries with odd characteristics may indicate a higher risk of
misstatement due to fraud or error
o To review journal entries the 5 step process are used as previously outlined
TABLE 9.3 Planning the A D A testing of the general ledger

Purpose
To analyze the general ledger to extract and test the appropriateness of the underlying journal entries to
assess the risk of material misstatement due to fraud or error
Various accounts
• Existence, occurrence, accuracy, cut-off, completeness
Data Required
• General ledger data for the period under audit to the date of the audit report
ADA to Perform
• Conduct a variety of tests
to identify journal entries with unusual characteristics, such as entries posted during holidays
o Risk assessment and testing of the general ledger
TABLE 9.4 Possible tests to perform to identify inappropriate entries
Review the Journal Entry to Identify the Following Items Assertion
Unbalanced journal entries Completeness
Items posted outside of regular work hours and scheduled processing times (holidays, Occurrence
overnight, weekends)
The nature and volume of entries before and after year end Cut-off
Entries that fall below key approval limits (these should also consider aggregate Existence and
recurring entry totals that would be above a threshold but when split up, fall below occurrence
approval limits)
Entries posted by unauthorized users Existence and
occurrence
Significant value journal entries Accuracy
Items posted or approved by authorized users during their leave periods Existence and
occurrence
Lack of segregation of duties between the individual who posted and approved the Existence and
entry occurrence
Entries that indicate a potential adjustment or reversal (often noted by use of such Accuracy
words in the description)
Entries that are rounded Occurrence
Entries posted to rarely used accounts Classification
Audit Data Analytics as a Substantive Analytical Procedures

Regression Analysis
 Allows the auditor to express a relationship between variables as a mathematical formula
 This formula can be used to develop an expected account balance which can then be compared to
the client’s actual balance
 The auditor need to identify the dependent and independent variable
o Dependent variable = the item to be predicted or the account being audited
o Independent variable = the predictor
 Example: using square feet (independent variable) to predict sales (dependent variable)
 Regression models include:
o Linear regression which presents on dependent and on independent variable as a
mathematical equation
o Multiple regression presents more than one independent variable
o The auditor uses the A D A five-step process to plan the regression analysis
o Example: Prediction of Sales by Month

TABLE 9.6 Planning the A D A regression analysis
Purpose
To predict sales by month for the year under audit and compare with the actual monthly sales to assess if
there is a material misstatement
Sales: occurrence, completeness, accuracy
Data Required
 Sales data by month for the last three years
 Number of kg of coffee purchased by month over the last three years

ADA to Perform
To conduct a linear regression analysis to forecast sales based on the kilograms of coffee purchased
Audit Data Analytics as a Substantive Test

Substantive Testing
 Used to corroborate transactions and balances in the accounting records
 Focus to detect a material misstatement at the account and assertion levels, often using sampling
 ADA may allow auditors to test 100% of the population
 Prior to performing this test the auditor will have tested controls and concluded that the entity has
strong:
o strong IT general controls
o strong IT application controls, and
o strong controls over data interchange and the exchange of electronic information between
the client and its customers/suppliers
o Example – A D A Sales and Accounts Receivable
TABLE 9.8 Planning the A D A test of details on sales and accounts receivable
Purpose
To substantiate the accounts receivable at year end and the revenue during the year
Accounts Receivable: existence
Sales: occurrence
Data Required
• Listing of all sales invoices issued for the year including sales details such
as invoice date, invoice number, and invoice amount
• Cash receipts for the year
• Accounts receivable listing at year end
• Cash receipts from Jan. 1 to March 31 subsequent to year end relating to the prior year
ADA to Perform
• To corroborate service revenue during the year by matching
invoices issued during the year with the cash receipts
• To corroborate the accounts receivable at year end by matching subsequent cash receipts
Features of a Good Visualization
 Visualizations are often used to communicate the results of an A D A
 They assist with the ability to interpret large amounts of data and summarize test results in a way that
can be interpreted more quickly
 Some visualizations are better for certain purposes; examples include:

o Bar charts for comparisons
o Bubble charts for identification of outliers
o Line charts to show changes over time
 A good visualization stands alone without any additional information required
 It also has:
o An appropriate amount of detail – only the details needed in an easy-to-read manner
o Appropriate axis scaling – if a bar chart is too large, small fluctuations may appear
significant, and if too small, significant fluctuations may remain hidden
o A balanced use of colour – typically using a maximum of two colours
 An auditor should
o Understand the goal of the visualization
o Provide the appropriate level of detail
o Ensure the axis is the right scale
o Minimize colour except to highlight key points

Chapter 9: Audit Data Analytics
Terms
Data analytics is the science of analysing data to draw conclusions
Descriptive analytics use data to aid in understanding past data
Diagnostic analytics use data analytic focused on understanding why something happened
Predictive analytics use data analytics to make predictions into the future considering a variety of
scenarios
Prescriptive analytics use data analytics to examine a variety of solutions to determine the best outcome
How Data Analytics Are Used

Audit Data Analytics (A D A) – the examination of large datasets, using computer software, for
exceptions, outliers, trends, and other useful information
Provide a means of gathering sufficient and appropriate audit evidence
For example: the ability to quickly prepare a trend analysis over multiple years in greater detail with drill
down capability into the details where needed
Data visualization involves the presentation of results of an A D A as an image, chart or table
Visuals can aid in the identification of items requiring further investigation plus it can increase the
effectiveness of communicating audit findings
Dashboards – the display of multiple visuals to monitor business performance
A D A may be viewed as an evolution of CAAT’s that allow the auditor to make effective use of data
visualization techniques to achieve a broader range of audit objectives
ADA’s can be used at any stage
Figure 9.2 When A D A can be used in an audit
ADA Benefits
 ADAs improve identification and assessment of risks of material misstatement and contribute to
the performance of substantive procedures when the data volume is large
 ADAs provide management with useful insights as a by-product of the audit since they may
involve looking at entire data populations
 ADAs provide the audit committee with useful insights from the audit while meeting stakeholder
expectations
WHAT TYPES OF ADAS ARE BEING USED AND WHY?
There were 16 different automated audit procedures identified by participants as being ADAs, the most
commonly used among participants included:
 journal entry analysis

 process mapping using transaction logs
 two- and three-way matches of aspects of one or more transaction streams
 general ledger account balance analysis
 general ledger continuity analysis (trial balance completeness test)
 scanning data populations for various attributes (e.g. large items, duplicates)
All participants concurred that their primary objective for using ADAs was to improve the quality of audit
evidence obtained to support the auditor's opinion. improved audit efficiency, while desirable, was not
their main objective.
Risk Assessment phase
 Aids auditor in gaining a better understanding of the business including where the risk of material
misstatement may exist
 Including the risk of a material misstatement due to fraud
o For example
 the use of a descriptive A D A to gather evidence to support the risk assessment

for the overall entity and to identify significant accounts and relevant assertions
 Use of A D A s to examine unexpected flucuations in greater detail pinpointing
higher risk areas
 Other possible risk assessment A D A s: analyze GL for usual transactions,
create visualization of ratio analysis, price quantity analysis for sales, analyze
change in A R and perform trend analysis
Techniques Used for Data Analytics

Technique Description Helpful for
Visualization Information is presented • Risk assessment procedures

visually • Identification of trends
Matching Searching for items that • Fraud identification
should or should not match • Exception identification
Clustering Grouping items with similar • Exception identification
characteristics • Exception reduction
Statistical techniques Regression analysis and data • Substantive analytics
distribution • Exception identification
Data Considerations
Types of Data
Structured
o Data that resides in a fixed field within a record or file
o Often includes data captured, processed and maintained in an accounting system – G L and
journals for example
Unstructured
o Data that do not reside in traditional data bases
o Examples: emails, social media, texts, images
 Obtaining and accessing client data important considerations include:

o The auditor should have direct access to read only data
o The auditor should gain an understanding of what data the client has available
o The auditor should understand the size of the dataset
 It is important for the auditor to understand the quality of data to assess its usability
 Key quality components include:

o Consistency
o Completeness
o Cleansing which involves identifying and correcting missing, incorrect and duplicate
fields and reformatting the data in a consistent format
 C A S 500 requires the auditor to consider the relevance and reliability of the information used as
audit evidence
 For an audit procedure to be relevant it should relate to the account and relevant assertions
 Reliability the extent to which information reflects the true state
 Examples of Data Characteristics that may Affect Relevance and Reliability

Figure 9.3 Examples of data characteristics that may affect data relevance and reliability
Nature
 Financial, non-financial
 Accounting process and control-related
 Product and service categories
 Demographic
 Economic
 Geographic
 Business sector
 Regulatory
 Historic
 Forward-looking
 Time-sensitive
Sources
 Controlled by the accounting department of the audited entity (in-house records) or stored
externally (for example, in the cloud)
 Controlled by persons outside of the accounting department of the audited entity (with various
possible storage media)
 External to, and not controlled by, the audited entity
Format
 Numerical (for example, quantity, currency), text, symbols, other characters

 Structured (for example, data in a fixed field within a record or file)
 Unstructured (for example, text)
Timing
• Point-in-time, period of time
• Rate of change (time lags, continuity)
Extent
 Volume
 Scope (variety of subject matters and sources)
Level of Aggregation
 Financial statement item, account balance, component of an account balance

 Annual, monthly, daily, hourly, some smaller timing frequency
 Consolidated, segmented (for example, by division, location)
 Database files, tables, and fields
 Documentation of the work performed in the working paper file is required regardless if manual
or ADAs
 CPA Canada to Audit Data Analytics outlines the following regarding the documentation of
ADAs
o Objectives of the procedures
o Risk of material misstatement that the procedures is intended to address
o Source of data and why selected
o ADA related tools and techniques used
o Tables and graphics used including how they were generated
o Steps taken to access data, how extracted and transformed for use
o Evaluation of matters identified as a result of applying ADA including where additional
items were investigated and how filtered
o Identifying characteristics of the specific items or materials tested
o Name of the auditor who did the work and the date performed
o Name of the auditor who reviewed the work and the date of the review
Figure 9.4 The data life cycle
Audit Data Analytics (A D A) Five-Step Process

1.Plan the ADA
2. Access the Prepare the data
3. Assess the data’s relevance and reliability
4. Perform the ADA
5. Evaluate the Results
Plan the A D A
 The auditor needs to have a good understanding of the client, their business, and whether the
system of internal control over data collection is generally effective
 Next determine what type of A D A to perform including what account and assertions to test –
influenced by the preliminary risk assessment and data available
 Then identify the data needed and plan the details of the test including how to document the test
results
TABLE 9.2 Planning the A D A as a risk assessment procedure

Purpose
To examine year-over-year sales to identify trends and unexpected changes that may impact the risk
assessment of the sales account
Sales: occurrence, accuracy, and completeness
Data Required
 Sales data from the general ledger for the year under audit and the prior three years
 Quantities of each product sold from the client’s sales database for the year under audit and the
prior three years
ADA to Perform
 To examine sales trends by quarter over four years
 To examine sales by location over four years
 To examine the quantity of products sold over four years
Access and Prepare the Data
 Assess the condition and format of the data population identified
 Includes identifying data errors and cleaning them
Consider the Data’s Relevance and Reliability
 Reliability of evidence is impacted by how and by who collected the data and whether the
information is produced under a system of effective internal controls
Perform the A D A
 If an auditor finds an unexpected trend, outlier and/or exception this is referred to as a notable
item
 Notable items require follow up when performing an audit data analytic
Evaluate the Results
 Performing the A D A is important to confirm expectation and identify notable items
 Important to evaluate the results (notable items) and form a conclusion
 Auditor needs to consider where the test met its objective or if it needs to be revised and
reperformed
 CAS230 requirement auditor should document the results of the test
• Additional Issues to Consider
Figure 9.9 Process to identify and address notable items when using an A D A in performing a risk
assessment procedure
Additional Issues to Consider

 Risk assessment and testing of the general ledger
 A D A s are commonly used to to analyze the generl ledger to support C A S 240 which requires
the audit to assess the risk of fraud
 Identification of journal entries with odd characteristics may indicate a higher risk of
misstatement due to fraud or error
 To review journal entries the 5 step process are used as previously outlined
TABLE 9.3 Planning the A D A testing of the general ledger
Purpose
To analyze the general ledger to extract and test the appropriateness of the underlying journal entries to
assess the risk of material misstatement due to fraud or error

Various accounts
 Existence, occurrence, accuracy, cut-off, completeness

Data Required
 General ledger data for the period under audit to the date of the audit report
ADA to Perform
 Conduct a variety of tests to identify journal entries with unusual characteristics, such as entries
posted during holidays

TABLE 9.4 Possible tests to perform to identify inappropriate entries
Review the Journal Entry to Identify the Following Items Assertion
Unbalanced journal entries Completeness
Items posted outside of regular work hours and scheduled processing times Occurrence
(holidays, overnight, weekends)
The nature and volume of entries before and after year end Cut-off
Entries that fall below key approval limits (these should also consider aggregate Existence and
recurring entry totals that would be above a threshold but when split up, fall occurrence
below approval limits)
Entries posted by unauthorized users Existence and
occurrence
Significant value journal entries Accuracy
Items posted or approved by authorized users during their leave periods Existence and
occurrence
Lack of segregation of duties between the individual who posted and approved Existence and
the entry occurrence
Entries that indicate a potential adjustment or reversal (often noted by use of Accuracy
such words in the description)
Entries that are rounded Occurrence
Entries posted to rarely used accounts Classification
Audit Data Analytics as a Substantive Analytical Procedures

Regression Analysis
 Allows the auditor to express a relationship between variables as a mathematical formula
 This formula can be used to develop an expected account balance which can then be compared to
the client’s actual balance
o The auditor need to identify the dependent and independent variable
 Dependent variable = the item to be predicted or the account being audited
 Independent variable = the predictor
o Example: using square feet (independent variable) to predict sales (dependent variable)
 Regression models include:
o Linear regression which presents on dependent and on independent variable as a
mathematical equation
o Multiple regression presents more than one independent variable
o The auditor uses the A D A five-step process to plan the regression analysis
o Example: Prediction of Sales by Month
TABLE 9.6 Planning the A D A regression analysis
Audit Data Analytics as a Substantive Test

Substantive Testing
 Used to corroborate transactions and balances in the accounting records
 Focus to detect a material misstatement at the account and assertion levels, often using sampling
 ADA may allow auditors to test 100% of the population
 Prior to performing this test the auditor will have tested controls and concluded that the entity has
strong:
o strong IT general controls
o strong IT application controls, and
o strong controls over data interchange and the exchange of electronic information between the
client and its customers/suppliers
o Example – A D A Sales and Accounts Receivable
TABLE 9.8 Planning the A D A test of details on sales and accounts receivable
Features of a Good Visualization

 Visualizations are often used to communicate the results of an A D A
 They assist with the ability to interpret large amounts of data and summarize test results in a way that
can be interpreted more quickly
 Some visualizations are better for certain purposes; examples include:
o Bar charts for comparisons
o Bubble charts for identification of outliers
o Line charts to show changes over time
 A good visualization stands alone without any additional information required
 It also has:
o An appropriate amount of detail – only the details needed in an easy-to-read manner
o Appropriate axis scaling – if a bar chart is too large, small fluctuations may appear
significant, and if too small, significant fluctuations may remain hidden
o A balanced use of colour – typically using a maximum of two colours
 An auditor should
o Understand the goal of the visualization
o Provide the appropriate level of detail
o Ensure the axis is the right scale
o Minimize colour except to highlight key points

Chapter 14: Completing and reporting on the audit
Engagement Wrap-up
 Auditor finalizes any open items before issuing audit report
 Any remaining audit procedures are assigned, due date set for completion
 Audit partner determines if procedures executed as planned and all relevant matters have been
considered appropriately
 Areas covered during wrap-up
1. Review planned procedures for proper and complete execution
2. Determine all necessary matters appropriately considered
3. Clear all outstanding review notes, “to-do” items, incomplete procedures – attention needed?
Resolve items
4. Remove all unnecessary documents, drafts, and cleared review notes from the file
5. For multi-location audits, obtain and review documents from other auditors as required
6. Consider materiality level used in audit – is it still appropriate given factors or conditions found
during audit?
o e.g., significant change in anticipated operating results, numerous unexpected
misstatements
7. Reconsider assessments of internal control at entity level, risk of fraud given results of control
tests, misstatements discovered during audit
o Problems may be too pervasive to continue with audit
8. Revisit planning documentation to determine if all matters in plan have been addressed
9. Perform analytical procedures on the adjusted financial statements to ensure consistent with
knowledge obtained during the audit
10. Final review of financial statements
o Including reconciling client’s final trial balance and other records, review of wording
used, level of disclosure and aggregation.
11. Perform a review for contingent liabilities and commitments to ensure properly accounted for
and/or disclosed
12. Perform subsequent events procedures
o Identify events occurring between year end and date of audit report that might require
adjustment or disclosure
13. Read other material included in the entity’s annual report to ensure consistent with audited
financial statements and other information
14. Complete the file on a timely basis after the audit report has been finalized
o File “archiving” - a finalized file where nothing is to be removed, deleted, or discarded
from the file. If modifications needed, then must document why and who made the
changes
 Auditor must decide if there is sufficient, appropriate audit evidence to support audit opinion -
consider:
o Materiality of misstatements
o Management responses
o Previous experience
o Results of audit procedures performed
o Quality of information obtained
o Persuasiveness of the audit evidence
o Whether evidence obtained supports or contradicts the results of the risk assessment
procedures
 Auditor evaluates audit evidence to decide whether:

o The assessments of the risk of material misstatement at the assertion level are appropriate,
and
o Sufficient evidence has been obtained to reduce the risk of material misstatement in the
financial statements to an acceptably low level
o Audit team discusses progress throughout engagement, modifies planned procedures to
reflect changes to original risk assessments
 When misstatements or control deviations found in planned procedures, consider:

o Reason for the misstatement or deviation
o Impact on risk assessments and other planned procedures
o Need to modify or perform further audit procedures
 Before evaluating any misstatements, consider if planning materiality needs to be revised

o Need to revise materiality level due to:
 New information, e.g., client obtained new loan with more restrictive covenants
 Change in auditor’s understanding of the entity and its operations
 New circumstances, e.g., significantly lower profit than expected
Going Concern
 Going concern assumption underpins accounting on the basis that the entity will remain in
business for the foreseeable future
 It will be able to realize its assets and discharge its liabilities in the normal course of business
Management must assess the entity’s ability to continue as a going concern
 Typically 12 months from the date of the financial statements is the period management is
required to assess all available information in order to make their going concern assessment
 Judgement about the future is based on the information available at the time the judgement was
made
 The size and complexity of entity, nature and condition of its business, degree to which business
affected by external factors all affect judgement regarding outcomes of events or conditions
Auditor considers reasonableness of management’s assessment of going concern and whether disclosures
are required in financial statements (C A S 570)
 Consider reasonableness of management’s procedures to identify going concern issues and

mitigating circumstances
 If going concern is not appropriate, management should prepare financial statements on
liquidation basis
Contingent Liabilities
 Entity required to record or disclose contingent liabilities depending on whether they are “likely“
or “probable” and “measurable”
 Auditor required to search for any litigation and claims that the auditor may not be aware of that
may give rise to a material misstatement (C A S 501)
 Auditor required to
o Inquire of management and others (including in-house counsel) if there are any
unreported contingent liabilities
o Review minutes of meetings for those charged with governance and correspondence
between client and external legal counsel
 Auditor required to
o Review correspondence with tax authorities
o Review legal expense accounts
o Include in management representation letter the fact that all contingent liabilities have
been disclosed
Subsequent Events
 Financial statements are prepared on the basis of conditions existing at year end
o Three other key dates:
 Date financial statements approved
 Date of auditor’s report
 Date financial statements are issued
o Subsequent events: events that occur between year end and the date of auditor’s report,
and facts discovered after date of auditor’s report
Type 1 subsequent events
 Events that provide additional evidence with respect to conditions that existed at year end
 Events that provide evidence with respect to conditions that developed subsequent to year end
 Can affect estimates in financial statements, or indicate that going concern assumption is not
appropriate
 Accounting treatment: adjust financial statements for the effect of these events, where material
o Examples:
 Bankruptcy of customer after year end, which would be considered when

evaluating provision for doubtful debts
 Amount received for insurance claim in negotiation at year end
 Accounting treatment: adjust financial statements for the effect of these events, where material
o Examples:
 Deterioration in operating results after year end that means going concern not
appropriate
 Settlement of a lawsuit after the reporting period for an amount different than the
original estimate
 Do not result in changes to amounts in the financial statements
 Might be so significant to require disclosure
o Do not require accounts to be adjusted
 Examples:
 Uninsured loss of assets due to fire, flood, subsequent to year end
 Purchase of a business, issuance of shares or debt subsequent to year end
 Auditor’s responsibilities for both types

o Prior to signing audit report, auditor completes procedures to identify any events post
year end that might require adjustment or disclosure in accounts
o After signing audit report, if auditor becomes aware of a fact that may materially affect
financial statements:
 Consider if financial statements need revision and discuss matter with client
o After signing audit report
 Take action appropriate in circumstances

 May need to do additional audit procedures, reviewing and approving
revisions to the financial statements
 Inform those who have received previous version of financial statements
that an new auditor’s report has been issued on the revised statements
 New audit report may include an emphasis of matter paragraph or may
be double dated
Subsequent event timeline
 Auditor is concerned only with significant events occurring subsequent to balance sheet date that
might require adjustment, disclosure in accounts
 Audit procedures
o Gain understanding, and make evaluation, of management processes to deal with
subsequent events
o Read board meeting minutes
 Audit procedures:
o Analyze latest interim results and other items deemed necessary such as budgets, cash
flow forecasts, and other reports for events such as accounting decisions, loan
repayments, and compliance
o Enquiring of management, legal counsel, and board members whether any subsequent
events have incurred that might affect the financial statements
o Obtain written representations CAS 580
Misstatements
 Misstatements are differences between a reported financial statement item and the correct
reporting as required by standards
o Differences could relate to item’s amount, classification, presentation, or disclosure
o Misstatements can be unintentional (error) or due to fraud
o Auditor evaluates whether misstatements need to be corrected
 Factors to consider when evaluating:

o Risk of additional misstatements remaining undetected
o Effects of identified misstatements on client’s compliance with debt covenants
o Whether it is an error or judgmental misstatement
o Reversing effect on current year’s financial report of misstatements identified in previous
year
o Likelihood that recurring differences will be more material in future
o Sensitivity of circumstances, e.g., fraud, illegal acts
o Significance of financial statement element affected by misstatement
o Significance of misstatements relative to known user needs
o Effect of misstatements on segment information, or other important portion of client’s
business
o Effects of offsetting misstatements in different financial statement captions, e.g., cash,
prepayments
o Current-year misstatements
 Auditor prepares schedule of uncorrected differences in order to assess overall
effect on the financial statements and on individual items or balances
 Consider effect on future years’ reports
o Prior-year misstatements
 May be immaterial in previous year, could be material this year (C A S 450)
 Consider potential to reverse in next year
 e.g., understating expenses last year due to cut-off error, reverses this
year to an overstatement
o Consider both quantitative and qualitative aspects of misstatements
o Qualitative examples:
o Affects compliance with regulatory requirements or debt covenants
o Affects client’s compliance with contractual requirements of operating and other
agreements
o Affects management’s satisfaction of requirements for award of bonuses and incentive
compensation
o Consider both quantitative and qualitative aspects of misstatements
 Qualitative examples:
 Affects compliance with regulatory requirements or debt covenants
 Affects client’s compliance with contractual requirements of operating
and other agreements
 Affects management’s satisfaction of requirements for award of bonuses
and incentive compensation
 Changes reported profit into loss
 Changes individual line items by material amount
 Changes key ratios monitored by analysts
Evaluating Conclusions, Forming Opinion

 To form an opinion:
1. Evaluate audit evidence obtained
2. Evaluate effects of unrecorded misstatements and qualitative aspects of entity’s accounting
3. Evaluate whether the financial statements are properly prepared and presented according to standards
4. Evaluate fair presentation of financial statements in accordance with the applicable reporting
framework
Components of Audit Report
 Format for audit report on general financial statements governed by CA 700
 Auditor should also consider if CAS 701 is appropriate
 CAS701 makes reference to key audit matters (KAMs)
 KAMs are those matters that in the auditor’s professional judgement were most significant in the
audit of the financial statements of the current period
 KAMs are specific to the entity and the audit
 In Canada, KAMs are mandatory only if required by law or regulation
 CAS701 includes a judgement-based decision- making framework to help auditors determine and
identify KAMs
 It also includes the required elements that must be included in each KAM
 Format for audit report on general financial statements governed by C A S 700
1. Title
2. Addressee
 Format for audit report
3. Opinion paragraph
o Auditor’s opinion, identifying entity, states financial statements have been audited,
identifies the title of each statement included in the complete financial statements, refers
to summary of accounting policies and other notes, and specifies the date and period
covered by the financial statements
4. Basis for Opinion
o Audit was conducting using Canadian generally accepted auditing standards
o Refers to section of report on auditor’s responsibilities
o Affirmative statement regarding auditor’s independence, and fulfilment of ethical

responsibilities
o Audit evidence obtained sufficient and appropriate to provide the basis for the opinion
5. Key audit matters

6. Other information
o For example, annual report
o Explains management and auditor’s responsibilities for this information
o Auditor’s conclusion if information is consistent with financial statements and knowledge

obtained
7. Management’s responsibility for the financial statements
o Establishing and maintaining internal controls
o Fair presentation of financial statements free from material misstatement

o Management’s responsibility for going concern
8. Auditor’s responsibility for the financial statements

o Reasonable assurance financial statements free from material misstatement
o Express an opinion on the financial statements based on the audit
o Statement that reasonable assurance is a high level of assurance but not an guarantee
o Misstatement can arise from fraud or error
o Auditor exercises professional judgement and professional scepticism
o Such details may be presented in an appendix under certain conditions
9. Other reporting responsibilities

10. Name of engagement partner for listed entities and the auditor’s signature, either the firm’s name,
the personal name of the auditor, or both depending on legislative requirement
11. Date of the report
12. Auditor’s address
Components of Audit Report Other Key Enhancements C A S700 (1)
 Other key enhancements CAS700 include:
o Enhanced auditor reporting on going concern
 Description of responsibilities of management and auditor for going concern

 Separate section when a material uncertainty exists – under the heading “Material uncertainty
related to going concern”
o Enhanced auditor reporting on going concern
 Requirement to challenge the adequacy of financial statement disclosure for so-called close
calls with respect to the applicable financial reporting framework when there are events or
conditions that cast doubt on the ability to continue as a going concern
 Enhanced auditor reporting on going concern

o Requirement to challenge the adequacy of financial statement disclosure for so-called close calls
with respect to the applicable financial reporting framework when there are events or conditions
that cast doubt on the ability to continue as a going concern
Modifications to Audit Report
 Auditor may need to modify audit opinion to emphasize a certain matter or to express a qualified,
adverse, or disclaimer of opinion
o C A S 705, C A S 706
 Conditions leading to modified audit report:

o Significant uncertainty exists that should be brought to the reader’s attention
o Inability to obtain appropriate audit evidence or

o The financial statements are materially misstated
 Emphasis of matter
o Does not affect auditor’s opinion
o Applies when resolution of a matter is dependent on future actions or events not under
direct control of the entity, but that may affect the financial statements, and the matter is
disclosed in the financial statements
 Emphasis of matter
o Not a key audit matter, e.g., major catastrophe having impact on entity
 Inability to Obtain Appropriate Audit Evidence

o Could result from auditor’s inability to perform procedures or an imposition by the entity
o Auditor may have timing problems
o Entity’s records could be damaged or not complete
 Inability to Obtain Appropriate Audit Evidence

o Access could be restricted to locations, key personnel
• If problem is material and pervasive to the financial statements, a disclaimer of

opinion is expressed
 Disagreement with those charged with governance, regarding:

o Accounting policies selected
o Method of accounting policy application
o Adequacy of disclosures in financial statements
• If material to the financial statements, a qualified or adverse opinion is expressed
Nature of Matter Giving Rise to the Auditor’s Judgement about Auditor’s Judgement about
Modification the Pervasiveness of the the Pervasiveness of the
Effects or Possible Effects on Effects or Possible Effects on
the Financial Statements: the Financial Statements:
Material but Not Pervasive Material and Pervasive
Financial statements are materially Qualified opinion Adverse opinion
misstated
Inability to obtain sufficient Qualified opinion Disclaimer of opinion
appropriate audit evidence
a
Where the circumstances are so material and pervasive that the auditor has been unable to obtain
sufficient appropriate audit evidence, or where a qualified opinion is inadequate to disclose the
misleading or incomplete nature of the financial statements.
Communication with Those Charged with Governance
 Auditor required to communicate audit matters of governance interest arising from the financial
statement audit with those charged with governance (C A S 260)
 Matters of governance interest may include:

o General approach and overall scope of audit, including risks
o Selection of, changes in, accounting polices that have or could have a material effect on financial
statements
o Potential effect on financial statements of any material risks and exposures
o Misstatements that have or could have a material effect
o Material uncertainties relating to going concern
o Disagreements with management
o Expected modifications to the audit report
o Practical difficulties in performing audit
o Irregularities, suspected non-compliance with laws
o Comments on design and operation of internal controls, suggestions for improvements (also in
management letter)
o Any other matters as agreed
Other Engagements
 An auditor may be asked to perform other reports outside of those involving traditional financial
statements
 A few examples include:
o Reports in accordance with a special purpose framework
o Reports on a specific component of the financial statements
o Review engagements
o Review engagements on interim financial statements
o Assurance engagements
 CSAE 3000 Attestation Engagements Other than Audits or Review of Historical

Financial Statements
 Assurance engagement that involves providing an opinion after evaluating a
subject matter against an explicit statement made by management
 CSAE 3001 Direct Engagements
 An engagement that involves providing an opinion after evaluating a subject
matter against applicable criteria
 Assurance engagement can be reasonable assurance or limited assurance engagements
o Compliance engagement
o Reporting on controls
o Reports on supplementary matters
o Reports on applying specific procedures to financial information other than financial statements
o Reports on the application of accounting principles
o Reports used in an offering document or designated document

Mid

Uploaded by

Copyright:

Available Formats

You might also like

Mid

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mid

Uploaded by

Copyright:

Available Formats

Chapter 1: INTRODUCTION AND OVERVIEW OF AUDIT AND ASSURANCE

Assurance engagement an engagement performed by an auditor or consultant to enhance the reliability

Demand for Audit and Assurance Services

Demand in a Voluntary Setting

o actions taken to reduce that impact

Entities are not required to have CSR disclosures assured

o to demonstrate a high level of corporate responsibility

Different Assurance Services

Financial reporting framework

Cost and time

Financial reporting framework

Cost and time

Financial reporting framework

Cost and time

Different Levels of Assurance

o May include a “key audit matters” section

o Refer to Figure 1.3 in text for an example audit report

o Which level of assurance should Cloud 9 accept?

Different Audit Opinions

Preparers and Auditors

The Role of Regulators and Regulations

o assurance engagements (CSAEs)

• Canadian Securities Administrators (CSA)

o Regulates listed entity disclosure requirements

o Requires annual filing of audited financial statements in accordance with Canadian

• Canadian Public Accountability Board (CPAB)

• Toronto Stock Exchange (TSX)

o Includes professionals in public practice, industry, academia, and government

o Requires extensive study and mentored work experience to join as a member

• Canadian Business Corporations Act (CBCA)

o Audits must be conducted in accordance with Canadian generally accepted auditing

Audit Expectation Gap

o The auditor guaranteeing future viability of entity

o An unqualified opinion denotes complete accuracy

o The auditor will find all frauds

o The auditor has checked all transactions

o Reviewing and updating auditing standards

o Educating the public

o Providers reporting accurately the level of assurance being provided.

o Integrity and due care

Professional Judgement and Professional Skepticism

Improving Professional Scepticism

 Mandatory partner rotation

 Created by clients and accounting firms

 Quality control procedures and education

Auditor’s Relationships with Others

 Aid to auditor independence

o At least three independent directors must be financially literate

o Meets with external and internal auditors

o A loss was suffered as a consequence of that breach

 Legal liability to clients:

 Legal liability to third parties

o Need to establish that:

o A duty of care was owed to the third party and

 Legal liability to third parties

 Ruled the audited financial statements were prepared to evaluate management

Auditor can take steps to avoid litigation: