Professional Documents
Culture Documents
AC341 FA1 - 2022-23 Student Handout
AC341 FA1 - 2022-23 Student Handout
Optional reading
• Gray et al. (2019). Chapters 2 & 4
• Power (1999). Chapters 2 (pp. 15-20)
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Outline
• Reasons for interest in audit: functional and sociological
• The professional and institutional setting of audit
• Theoretical approaches to the study of audit
Why are people interested in corporate
financial audit?
Why are people interested in corporate
financial audit?
• Normative
• Agency
• Institutional
Postulates of Auditing (Flint 1988)
Postulates of auditing are a priori hypotheses about the
nature of auditing. Flint formulated seven postulates:
1. A relationship of accountability between parties must exist
2. The subject matter must be remote/complex and important
3. Audit must be independent and free from investigatory and reporting
constraints
4. The subject matter of audit must be verifiable by evidence
5. The audit process requires special skill and exercise of judgement
6. Credibility which is given to financial statements (or other data) as a result of
audit can be clearly expressed and communicated
7. An audit produces an economic or social benefit
Agency Theory – problems of asymmetric information
• Official audit definitions are often idealised and normative, and fail to
describe accurately what audits can deliver (see Power 1999).
What is the reality of audit for audit staff?
• Projects are undertaken by hierarchical teams.
• Audit managers are responsible for bringing the audit in on
budget (paid overtime vs reputation)
• Promotion depends on performance (trade-off between risk
of mistakes and profitability).
• On the job training, affiliation with firm rather than
professional body.
• Promotion to partner depends on more than technical skill.
• Partners increasingly doing more marketing work due to
regulation requiring more retendering.
A more philosophical view: The Audit Society
“The more one thinks about it, the more apparent it is that the
imperative ‘never trust, always check’ could not be a universalizable
principle of social order… If we start hiring a private detective to follow
the private detective who is following a lover, when does the need for
checking stop?... In the end checking itself requires trust; the two
concepts are not mutually exclusive.’’ (Power, 1999, pg. 2)
Discussion questions
• What is corporate financial audit and why do we need it?
• What new technologies have been introduced to corporate financial
audit over the last 10 years?
• How are these technologies likely to change
• The audit process
• The market for audit?
What is corporate financial audit and
why do we need it?
What have we covered?
Optional reading
• Yoon, Hoogfuin and Zhang (2015). ‘Big data as complementary audit evidence.’ Accounting Horizons 29 (2):
431-438
• Gray et al. (2019). Chapters 13, 14 & 15
• Knechel (2007). ‘The business risk audit: Origins, obstacles and opportunities’ Accounting, Organizations and
Society 32 (4/5): 383-408
• Salterio (2012). ‘Fifteen years in the trenches: Auditor-client negotiations exposed and explored’. Accounting
and Finance 52(2012 Suppl):233-286
• Scoping out the audit of the future (2017). AccountingToday
https://www.accountingtoday.com/news/scoping-out-the-audit-of-the-future
Outline - Financial Audit –2
51
Audit Evidence
• Reasonable assurance is obtained when the auditor has obtained
sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level (para A3)
• ISA (UK and Ireland) 500: Auditors need “to design and perform audit
procedures in such a way as to enable the auditor to obtain sufficient
appropriate audit evidence to be able to draw reasonable conclusions
on which to base the auditor’s opinion..” (para 4)
53
Obtaining audit evidence
Procedures (para 10)
• Risk assessment
• Tests of controls
• Substantive procedures and analytical procedures.
By:
• Inspection (viewing documents, assets)
• Observation (of control processes)
• External confirmation
• Recalculation/reperformance
• Analytical procedures
Reliability and Relevance
Audit evidence tests for
• Existence (of an asset or liability at a given date)
• Validity (the entity has the rights to assets or obligations for
liabilities)
• Occurrence (of transaction or event in relevant period)
• Completeness (no unrecorded assets, liabilities, transactions,
events; no undisclosed items)
• Valuation and measurement (asset or liability at appropriate
carrying value; transaction or event at proper amount and in
proper period)
• Presentation and disclosure
55
Audit evidence is more reliable when:
• it is obtained from independent sources outside the entity.
• there are effective controls over its preparation and maintenance.
• it is obtained directly by the auditor (e.g. observing the application of a
control) rather than indirectly or by inference (for example, asking about the
application of a control).
• it is documentary form rather than oral (for example, a contemporaneously
written record of a meeting is more reliable than a subsequent oral
representation of the matters discussed).
• original documents rather than photocopies or documents that have been
filmed, digitized or otherwise transformed into electronic form.
Challenges in assessing the reliability of audit
evidence
• Non-physical items are hard to value – a reliable measure may be
one that is consistent with a valuation model (Power, 2010) e.g.
pension liabilities, derivatives and non-financial liabilities
57
Materiality ISA (UK and Ireland) 200
• The auditor expresses an opinion “on whether the financial
statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework.”
58
Materiality definition: ISA 200
• In general, misstatements, including omissions, are considered to be material
if, individually or in the aggregate, they could reasonably be expected to
influence the economic decisions of users taken on the basis of the financial
statements.
• Judgments about materiality are made in the light of surrounding
circumstances, and are affected by the auditor’s perception of the financial
information needs of users of the financial statements, and by the size or
nature of a misstatement, or a combination of both.
• The auditor’s opinion deals with the financial statements as a whole and
therefore the auditor is not responsible for the detection of misstatements
that are not material to the financial statements as a whole. (para 6)
Over to you
• How do you think auditors establish materiality?
Outline - Financial Audit –2
62
Changes in Audit Methodology
63
The Audit Risk Model
• Extent of detailed testing and other work carried out in an audit
depends on level of acceptable audit risk using:
• AR - Audit risk = risk that auditors give inappropriate audit opinion
when financial statements are materially misstated (ISA 200) – auditors
aim to keep this within a tolerable level.
• IR - Inherent Risk = susceptibility to material misstatement irrespective
of internal controls
• CR - Control Risk = risk that material misstatement would not be
prevented or detected by internal controls
• DR - Detection risk = risk that auditors’ substantive procedures
do not detect material misstatement
AR = IR x CR x DR
Problems with the Audit Risk Model
AR = IR x CR x DR
65
Increased focus on business risk (Knechel, 2007)
• In the 1980s, risk management was growing and fee pressure existed in audit and “a
shift towards risk and risk management was a logical step in the evolution of audit.”
(pg. 391)
• The audit firm identifies business risks (given the organization’s strategy) and assesses
internal processes for their risk-mitigating capabilities. (pg. 394-395)*
• Business risk audits was viewed as improving audit quality – but also “a tool for
generating opportunities for selling non-audit services?”
Could identifying business risks help identify going concern risk (NB we will discuss going
concern issues in the next video, FA3)
*Knechel (2007). ‘The business risk audit: Origins, obstacles and opportunities’ Accounting,
Organizations and Society 32 (4/5): 383-408 66
Ongoing risk assessment required
“The auditor’s risk identification and assessment process is iterative
and dynamic. The auditor’s understanding of the entity and its
environment, the applicable financial reporting framework, and the
entity’s system of internal control are interdependent with concepts
within the requirements to identify and assess the risks of material
misstatement. In obtaining the understanding required by this ISA (UK),
initial expectations of risks may be developed, which may be further
refined as the auditor progresses through the risk identification and
assessment process.” (paragraph 7, ISA 315, 2020)
Auditor objective with respect to risk
“The objective of the auditor is to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial
statement and assertion levels thereby providing a basis for designing
and implementing responses to the assessed risks of material
misstatement.” (para 11, ISA 315, 2020)
Definitions of risk (ISA 315, 2020)
• Assertions: “Representations, explicit or otherwise, with respect to the recognition, measurement,
presentation and disclosure of information in the financial statements which are inherent in management
representing that the financial statements are prepared in accordance with the applicable financial reporting
framework. “
• Business risk: “risk resulting from significant conditions, events, circumstances, actions or inactions that
could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the
setting of inappropriate objectives and strategies.”
• Inherent risk factors: ”Characteristics of events or conditions that affect susceptibility to misstatement,
whether due to fraud or error, of an assertion about a class of transactions, account balance or disclosure,
before consideration of controls. Such factors may be qualitative or quantitative, and include complexity,
subjectivity, change, uncertainty or susceptibility to misstatement due to management bias or other fraud
risk factors.”
• Risks arising from the use of IT: “Susceptibility of information processing controls to ineffective design or
operation, or risks to the integrity of information (i.e., the completeness, accuracy and validity of transactions
and other information) in the entity’s information system, due to ineffective design or operation of controls
in the entity’s IT processes”. NB: this ties into lecture IC2 about the effect of technology in internal controls
and the Pentland and COSO readings.
(paragraph 12, ISA 315, 2020)
ISA 315 (revised 2020)
• The risk assessment procedures shall include the following:
• Inquiries of management and of other appropriate individuals
within the entity, including individuals within the internal audit
function (if the function exists).
• Analytical procedures.
• Observation and inspection.
• Possible sources of business risk:
– new products or services that may fail
– flaws in a product or service that may result in liabilities and
reputational risk.
• Why focus on business risk? Because most business risks will
eventually have an effect on the financial statements. (Para
A38)
71
Analytical procedures – an example
“The auditor may use a spreadsheet to perform a comparison of actual
recorded amounts to budgeted amounts, or may perform a more
advanced procedure by extracting data from the entity’s information
system, and further analyzing this data using visualization techniques to
identify classes of transactions, account balances or disclosures for
which further specific risk assessment procedures may be warranted.”
77
Audit report opinion
• Unqualified or qualified (ISA 705): additional explanatory
material may be provided (ISA 706: “emphasis of matter
paragraphs”; “other matter paragraphs”) describing e.g.
‘fundamental uncertainty’
• Modified:
• ‘Except for’ opinion: misstatements in the FS are material,
but not pervasive
• Adverse opinion: misstatements are both material and
pervasive to the financial statements (fundamental to users’)
• Disclaimer of opinion: insufficient evidence for opinion
79
• The auditor shall express an unmodified opinion when the auditor
concludes that the financial statements are prepared, in all material
respects, in accordance with the applicable financial reporting
framework.
• If the auditor: (a) concludes that, based on the audit evidence
obtained, the financial statements as a whole are not free from
material misstatement; or (b) is unable to obtain sufficient
appropriate audit evidence to conclude that the financial statements
as a whole are free from material misstatement, the auditor shall
modify the opopinion in the auditor's report in accordance with ISA
(UK) 705 (Revised June 2016).
Content of audit report (ISA 700)
Auditors reporting on companies which apply the UK
Corporate Governance Code to state:
• The scope of the audit and specific risks and materiality
considerations
• Which risks had the greatest effect on:
– The overall audit strategy
– The allocation of resources in the audit
– The efforts of the engagement team
• How they applied the concept of materiality in planning and
performing the audit
82
Issues with audit reporting
A “disappointing aspect…from the perspective of many investors we
have spoken to is the widespread absence of explanations by auditors
of changes in their audit approach, in the level of materiality they
used or in the assessed risks reported from one year to the next.
Although we have found some examples where this type of material is
included, it is very much the exception.”
83
One more issue with the audit process:
The nature of auditor-client relationship
84
Outline - Financial Audit – 2
85
Over to you:
• The impact of technology on the audit process over the last 15 years?
• What types of technology do you think are useful?
• What specific activities might be affected and how?
• How has the overall audit process be changed by new technology?
• Do you think this will affect the quality of the audit?
86
CPA Canada and AICPA, 2019
87
What are the Big 4 +1 doing?
• Deloitte - Omnia AI, a multi-disciplinary practice focused
ondelivery of AI services and solutions.
• EY - machine learning in EY Helix and EY Optix for predictive
analytics, drones for inventory observations and document-
reading and interpretation tools.
• KPMG - Ignite AI toolkit and is working with IBM/Watson.
• PwC - data platforms and is working with H2O.ai, a leading
Silicon Valley company, to develop Audit.ai, which will
provide enhanced capabilities to provide assurance.
• BDO: BDOLexi translation app, using neural network
technology, to manage information in multiple languages
during global audits.
CPA Canada and AICPA (2019)
88
The use of data analytics in the audit of
financial statements’ FRC (2017).
• Analysis of the use of audit data analytics (ADA)
• Data analytics “when used to obtain audit evidence in a financial
statement audit, is the science and art of discovering and analysing
patterns, deviations and inconsistencies, and extracting other useful
information in the data underlying or related to the subject matter of
an audit through analysis, modelling and visualisation for the purpose
of planning and performing the audit.” (para 1.2)
• ADA’s viewed by firms as a way of differentiating their offering to
clients – more pronounced since mandated audit re-tendering (more
in FA5 and FA6)
ADAs used to:
• Compare entity data to externally obtained data (analytical review)
• Test ICs e.g. segregation of duties testing
• Substantive testing:
• Analyse all transactions in a population
• Stratify that population and identify outliers for further examination
• Re-perform calculations relevant to the financial statements
• Match transactions as they pass through a processing cycle
• Manipulate data to assess the impact of different assumptions.
How does ADA contribute to audit
quality?
• Deepens the auditor’s understanding of the entity
• Improves consistency and central oversight in group audits
• Enables focused audit testing on high risk areas (e.g. fraud – and
operationalising scepticism)
• Enables tests on large or complex datasets quickly and accurately
• Enhances communications with audit committees
Key findings
• Use of ADA overstated - Audit firms promote them to meet audit
committee expectations and to win competitive tenders.
• One case where ADA intended only to provide insight to the audit committee.
• Two cases where audit committee reports refer to piloting of ADA by audit firm even
though no audit evidence is actually being produced with the tools.
• ADAs can improve audit quality - Thoughtful use of ADA techniques can
provide audit evidence that is more focused to the audit risks and provide
useful insights to an entity’s management and the audit committee.
• Staff competent in ADAs necessary - dedicated support is required.
Evidence found of auditors not able to understand the extent of the
application of ADA tools.
Big data as complementary audit evidence
(Yoon et. al, 2015)
• Pattern recognition, data mining, visualization, predictive modelling,
and natural language processing are used by auditors.
• Such data analysis can supplement otherwise insufficient or
unreliable evidence (e.g. if the client’s internal information is
inaccessible or unreliable, e.g. mangement sales forecasts).
• Can identify risks of fraud/going concern by text mining of employee
emails.
• GPS data to identify inventory shipments rather than shipping
documents.
93
Advantages/disadvantages of big data (Yoon et.
al, 2015)
• Advantages:
• Timely, cheap, conducted remotely
• Hard to tamper with the data, whole population
• Independent i.e. from external sources (market, news articles, analysts
reports) as benchmarks for analytical review
• Disadvantages
• Data quality and interpretation (unstructured data, potential correlation of
data sources)
• Integration: developing bridges with client data
• Privacy issues and data security
94
Technology in audit, FT August 3, 2015
95
Big data and audit – the pwc view
• We’re spending more time on the logic and rationale behind
our data queries because we’re spending less time on getting
the data in the first place. And, while we’re able to
concentrate more on business processes and testing, we’re
spending much less time at client sites.
• For our talent, this means less rote work (finding documents)
and more substantive experiences (analyzing and testing the
data) earlier on. It also means a greater ability to work where
they want, which is something our millennial talent prizes.
http://www.pwc.com/us/en/press-releases/2016/pwc-audit-through-innovation-press-
release.html
96
KPMG’s investment in data analytics
https://www.accountancyage.com/aa/analysis/2396491/ok-computer-audit-embraces-technological-innovation
97
What does audit technology enable firms to do
more efficiently?
• Analyse larger proportion of the population of transactions
• Better analytical review with comparables
• Analyse entire sets of journal entries to check for anomolies (e.g.
posting at weekends, by unexpected people, or with particular digits
in the transaction value e.g. just below financial authority cut-offs)
• Social media – finding information on potential contingent liabilities
e.g brand damage, environmental issues and pending litigation
98
Blockchain
99
Possible issues with new audit technology
100
Understanding change in Audit Technology
101
Discussion questions
• What is corporate financial audit and why do we need it?
• What new technologies have been introduced to corporate financial
audit over the last 10 years?
• How are these technologies likely to change
• The audit process
• The market for audit?
Bibliography
• Knechel, W. R. (2007). The business risk audit: Origins, obstacles and opportunities.
Accounting, Organizations and Society, 32(4), 383–408.
https://doi.org/10.1016/j.aos.2006.09.005
• Yoon, Hoogfuin and Zhang (2015). ‘Big data as complementary audit evidence.’
Accounting Horizons 29 (2): 431-438 Artificial intelligence and the future of accountancy
(2018) ICAEW, IT Faculty
• CPA Canada and AICPA (2019). ‘A CPA’s introduction to AI: From Algorithms to Deep
Learning – what you need to know’.
• Sikka, P. (2009). Financial Crisis and the Silence of the Auditors. Accounting,
Organizations and Society, 34, 868–873.
• Salterio, S (2012). Fifteen years in the trenches: Auditor–client negotiations exposed and
explored. Accounting and Finance 52 (2012 Suppl.) 233–286