Download Auditing Procedures and Internal Controls: An Overview - Prof. Galloho and more Exams Auditing in PDF only on Docsity!
Auditing Procedures and Internal
Controls
Introduction and Overview of Audit
The Three Parties in an Assurance Engagement
An example of the three parties in an assurance engagement would be: - Auditor, shareholder, general public.
Definition of an Assurance Engagement
An assurance engagement can be defined as an engagement to enhance the reliability of the subject matter.
Corporate Social Responsibility Assurance
Corporate Social Responsibility assurance: - Includes disclosures on environmental, employee, and social reporting. - Includes both financial and non-financial information. - Reporting is voluntary and is becoming more widespread.
Limitations of an Audit
Limitations of an audit are caused by: - The need for the audit to be conducted within a reasonable period of time and at a reasonable cost. - The nature of audit procedures. - The nature of financial reporting.
Reasonable Assurance Engagement
An example of a reasonable assurance engagement is the audit of annual financial statements.
Assurance vs. No Assurance
When auditors are engaged in work where no assurance is provided, it means that an assurance is not provided as the client determines the nature, timing, and extent of the evidence that is gathered and will determine their own outcome.
Review Engagement
In a review engagement, the least likely occurrence during the engagement is substantive audit procedures.
Negative Expression of Opinion
The wording of a negative expression of opinion generally states that there is nothing that has come to the auditor's attention that would lead them to believe that the information being assured is not true and fair.
Emphasis of Matter
An emphasis of matter is included when the auditor's opinion has not changed and the auditor wants to bring the users' attention to a particular matter.
Types of Opinion
The types of opinion are: - Qualified opinion - Disclaimer of opinion - Adverse opinion
An example of an unmodified audit opinion is an unqualified audit opinion with an emphasis of matter.
Comparability
Comparability allows users to: - Assess the performance of the entity over time and with other entities. - Identify trends that may influence their perception of how well the entity is doing.
Responsibilities of Those Charged with Governance
In addition to the preparation of financial statements, it is also the responsibility of those charged with governance to: - Select and apply appropriate accounting policies and make reasonable accounting estimates.
- Establish and maintain internal controls that are effective in preventing and detecting material misstatements. - Identify the financial reporting framework to be used in the preparation and presentation of their financial report.
Professional Scepticism
Professional scepticism does not involve the professional requirement that all management representations be substantiated with supporting documentation.
CLERP9 Disclosures
Under CLERP9, the disclosure of material transactions between auditor and entity during the period under audit is not correct.
Risk Assessment I
Risk Response Phase
The risk response phase of an audit involves the performance of detailed tests of controls and substantive testing of transactions and accounts.
Preliminary Risk Identification
Preliminary risk identification can be affected by corporate governance and fraud risk.
Definition of Audit Risk
Audit risk can be defined as the risk that the auditor expresses an inappropriate opinion at the conclusion of the audit.
Understanding the Client at the Entity Level
Examples of information used by auditors in gaining an understanding of a client at the entity level include whether the client is an importer or exporter of goods.
Auditors' Consideration of Relevant Issues
Auditors do not usually consider relevant issues at the audit committee level when gaining an understanding of their client.
Red Flags for Fraud
Red flags that auditors can use to alert them to the possibility that a fraud may have occurred include a high turnover of key employees.
Assessing the Client's Relationship with Employees
In assessing the client's relationship with its employees, the auditor will consider the level of unionisation among the workforce, how well a client pays its employees, and the attitude of staff to their employer.
Demand for Goods/Services
If a client's products or services are seasonal, this will affect revenue flow.
Relevant Factors at the Economy Level
Relevant factors when gaining an understanding of the client at the economy level include changes in interest rates.
Opportunities to Perpetrate Fraud
Opportunities to perpetrate a fraud do not include rapid growth.
Examples of Misappropriation of Assets Fraud
An example of a misappropriation of assets fraud is unauthorised discounts or refunds to customers.
Auditor's Attitude when Assessing Fraud Risk
When assessing fraud risk, an auditor will adopt an attitude of professional scepticism.
Attitudes and Rationalisation to Justify Fraud
Attitudes and rationalisation to justify a fraud include an excessive focus on profit maximisation.
Assessing the Risk of Fraud
When assessing the risk of fraud, an auditor can consider attitudes and rationalisation to justify a fraud, opportunities to perpetuate a fraud, and incentives and pressures to commit fraud.
Going Concern Assumption
Definition
The going concern assumption is made when it is believed that a company will remain in business for the foreseeable future.
Auditor Responsibilities
If auditors identify risk factors that indicate the going concern assumption may be in doubt, they will undertake procedures to gather evidence regarding each risk factor.
Mitigating Factors
Examples of mitigating factors that reduce the risk that the going concern assumption may be in doubt include: - The ability to raise additional funds via borrowings - The ability to sell an unprofitable segment of the business - A letter of guarantee from a parent company
Detection Risk
By setting high detection risk, an auditor will reduce the level of reliance placed on their detailed substantive procedures.
Significant Risks
When classifying risks as being significant, consideration is given to whether the risk involves significant related party transactions, is related to significant economic or accounting developments, or involves fraud.
Inventory Existence
If there is a risk that management's assertion that recorded inventory exists is not valid, the auditor will spend more time testing for the existence of recorded inventory.
Audit Risk
Definition
Audit risk is the risk that an auditor expresses an inappropriate opinion when a financial report is materially misstated.
Reducing Audit Risk
Audit risk can be reduced at the planning stage of an audit by identifying the key risks faced by the client. It is impossible to completely eliminate audit risk.
Control Risk
Control risk is the risk that a client's system of internal controls will not prevent or detect a material misstatement.
Materiality
Quantitative vs Qualitative
An item that is considered material due to its magnitude is referred to as being quantitatively material, while an item that is considered material due to its nature is referred to as being qualitatively material.
Materiality Thresholds
As a rule of thumb, items greater than 10% of profit before tax, 1% of total assets, or 2% of equity would generally be considered material.
Audit Implications
By setting a lower planning materiality level, an auditor increases the quality and quantity of evidence that needs to be gathered.
Audit Strategies
Tests of Controls
An audit strategy will include increased reliance on tests of controls when inherent risk and control risk are low.
High Inherent and Control Risk
The audit strategy for a client with high inherent risk and high control risk will include no or very limited tests of controls.
Debt Covenants
If a company breaches a debt covenant, it will need to renegotiate or repay the loan.
Key Performance Indicators (KPIs)
KPIs reflect the success factors of an organisation and some are common to many clients, such as return on assets.
Analytical Procedures
Purposes
Analytical procedures are conducted at the risk assessment phase of the audit to aid in the identification of risk and enhance the understanding of a client. They are used throughout all phases of an audit.
Reliability of Information
Information generated by an accounting system with ineffective internal controls is generally not considered to be reliable for analytical procedures.
Liquidity Ratios
An example of a liquidity ratio is cost of sales divided by average inventory.
A control within a software program being overridden or disabled Human error that results in a breakdown in internal control
Control Environment
The control environment does not refer to the policies and procedures that help make sure management's directives are carried out. It sets the tone of an entity and the foundation for all other components of internal control.
Elements of the control environment include:
Participation by those charged with governance Commitment to competence
Risk Assessment
For identified risks, management:
Estimates their significance Assesses the likelihood of their occurrence Decides upon actions to manage them
Control Activities
Control activities are policies and procedures that help make sure management's directives are carried out. They include:
Performance reviews Information processing Physical controls Segregation of duties
Documenting Internal Controls
The most common ways of auditors documenting their understanding of internal controls include:
Preformatted questionnaires Flowcharts Narratives
Internal Control Exceptions
An internal control exception is an observed condition that provides evidence that the control being tested did not operate as indicated.
Management Letter
The purpose of the management letter is to inform the client of the auditor's recommendations for improving its internal controls.
Sampling
When Sampling is Not Required
Sampling is not required when an audit procedure is conducted on an entire group of transactions.
Sampling Risk and Non-Sampling Risk
Sampling risk is the risk that the auditor concludes that their client's internal controls are ineffective when they are effective, or vice versa. Non-sampling risk arises when an auditor uses an inappropriate audit procedure.
Advantages of Non-Statistical Sampling
It is lower cost than statistical sampling. It allows an auditor to select a sample that they believe is appropriate. It requires less staff training.
Statistical Sampling
Statistical sampling involves random selection and probability to evaluate results.
Factors Influencing Sample Size
When testing controls, factors that influence the sample size include:
An increase in the tolerable rate of deviation Stratification of the population when appropriate An increase in the auditor's assessment of the risk of material misstatement
Tolerable Error
When testing controls, the tolerable error is the minimum rate of deviation that an auditor will accept.
Tolerable Rates and Errors in Auditing
Tolerable Rate of Deviation
The tolerable rate of deviation is the maximum rate of deviation from a prescribed control procedure that an auditor is willing to accept before concluding that the control is ineffective.
Evaluating Sample Test Results
Stratification of the Population
The auditor will consider whether the population was stratified before being sampled when evaluating the sample test results. This information can provide additional context for interpreting the results.
Unique Errors
If an error is considered to be unique, it will be removed before projecting the remaining errors to the population. This ensures that the projected error is representative of the population.
Projection of Errors
If the auditor discovers errors when testing transactions or account balances, they will need to project the error to the population being tested.
Exceeding Tolerable Rate
If the rate of deviation exceeds the tolerable rate, the auditor will extend their testing to obtain more evidence about the effectiveness of the control.
Factors Affecting Risk of Misstatement
Estimation and Complex Calculations
Accounts that require estimation or complex calculations are at a higher risk of misstatement compared to those that use simple valuation techniques.
Evaluating Projected Errors
Projected Error vs. Tolerable Error
If the total projected error in an account balance was less than the tolerable error, the auditor would conclude that the errors detected are not material.
Factors Influencing Substantive Sample Size
Increase in Risk of Material Misstatement
An increase in the auditor's assessment of the risk of material misstatement will lead to an increase in the sample size for substantive testing.
Stratification of the Population
Stratification of the population, when appropriate, can also influence the sample size for substantive testing.
Tolerable Rate of Deviation
An increase in the tolerable rate of deviation is not a factor that influences the sample size for substantive testing.
Purpose of Tests of Controls
Tests of controls are conducted to establish that: 1. Controls operate effectively throughout the period. 2. There are no material misstatements in the financial statements.
Control Risk
Control risk is the risk that a client's system of internal controls will not prevent or detect a material misstatement.
Types of Substantive Audit Procedures
Substantive audit procedures include: 1. Analytical procedures 2. Detailed tests of transactions 3. Detailed tests of balances
Objectives of Detailed Substantive Procedures
When conducting detailed substantive procedures, auditors search for evidence that all transactions have been recorded in the correct accounts.
Audit Strategy with High Control Risk
When control risk is high, the audit strategy is to do little or no tests of controls and increase reliance on substantive testing of transactions and account balances.
Timing of Audit Procedures for High-Risk
Accounts
For high-risk accounts, the timing of most audit procedures will be at, or after, year-end.
Vouching
Vouching involves tracking a source document through to the underlying accounting records and agreeing the details of a transaction to supporting evidence outside of the company's accounting records.
Roll-forward Procedures
Roll-forward procedures are performed to update the audit findings from the time of the interim procedures through to year-end.
Purpose of Vouching
The primary purpose of vouching is to ensure that the balances or transactions are not overstated.
Tracing
Tracing is primarily directed towards verifying the completeness assertion.
Analytical Procedures
Analytical procedures may not be used in testing internal controls.
Variables Estimation Sampling
Variables estimation sampling is used if the auditor expects more than a few errors in an account balance.
Analytical Procedures - First Step
The first step an auditor performs when performing analytical procedures is to identify the computation, comparison or relationship to be made or investigated.
Analytical Procedures - Types
Confirmation analysis is not a type of analytical procedure.
Levels of Evidence
The levels of evidence obtained when performing substantive procedures include general, minimal, corroborative, and persuasive.
Substantive Testing of Balance Sheet Items
Timing of Substantive Procedures
The additional opportunities for influencing the timing of the work include auditing activity in the period to date, auditing events occurring prior to year-end, and leveraging off the activities of the internal audit function.
Inherent and Control Risk Assessment
When the assessment of inherent and control risk is low, there are lots of controls that have been tested and found to be effective, and the level of substantive procedures is limited.
Trivial or Immaterial Accounts
Accounts that are clearly trivial or immaterial are usually only subjected to analytical procedures.
Substantive Tests of Cash
The substantive tests of cash account balances that are always performed include examining the client's bank reconciliations, testing cut-off of cash receipts, cash payments and transfers at year-end, and confirming cash held by others.
Substantive Tests of Trade Receivables
The substantive test of the trade receivables balance that is always performed is evaluating the adequacy of the provision for doubtful debts.
Audit Assertions - Trade Receivables
The two audit assertions considered most important to the auditor concluding there are no material misstatements in trade receivables at year- end are existence and valuation and allocation.
Rights and Obligations Assertion
The rights and obligations assertion relates to the audit objective that the entity owns, or has the legal right to, all of the inventory on the balance sheet.
Observing Stocktake
Observing the client's stocktake enables the auditor to establish that items belonging to the client are accurately counted and recorded, count tags, sheets or cards are properly controlled, and the client's personnel are complying with the instructions for stocktakes.
Key Objective of Substantive Procedures
The key objective when performing substantive procedures is to determine whether there are material misstatements within the balance being investigated.
Substantive Testing of Income Statement
Items
Substantive Procedures for Income Statement Accounts
The type of substantive procedure auditors ordinarily use when testing income statement accounts is analytical procedures.
Substantive Procedures Terminology
Substantive procedures are also known as tests of details.
Audit Risk
The risk that an auditor expresses an inappropriate audit opinion when a financial report is materially misstated is known as audit risk.
Analytical Procedures
Analytical procedures involve the investigation of identified fluctuations and relationships that are inconsistent with other information, and evaluations of financial information made by a study of plausible relationships among financial and non-financial data.
Inherent and Control Risk Assessment
When the inherent risk and control risk assessment is high, the amount of substantive testing is significant.
Control Risk
Control risk is the risk that a client's system of internal controls will not prevent or detect a material misstatement.
Significance of Sales Revenue
Sales revenue is typically significant due to its size, the overall inherent risk associated with revenue, and the volume of transactions that flow through the account.
Substantive Procedures and Inherent/Control Risk
The level of substantive procedures will be limited when the inherent and control risk assessment is low.
Testing Sales Cut-off
A simple way of testing which period a sale should be recorded in is to vouch the sale to the delivery documentation for the sale of goods.
Audit Assertions - Sales Revenue
The three audit assertions that are important to ensure the auditor has gained sufficient and appropriate audit evidence for sales revenue are occurrence, accuracy, and cut-off.
Occurrence Assertion - Sales Revenue
The occurrence assertion for sales relates to the audit objective that all sales included in the income statement represent the exchange of goods or services with customers during the period.
Completeness Assertion - Sales Revenue
Testing the postings of the sales ledger to the general ledger and the trade receivables sub-ledger relates to the completeness assertion.
Substantive Procedures - Sales Revenue
Examples of substantive procedures in auditing revenue that are always performed include comparing the monthly income statements to budget and investigating any unexpected fluctuations, and testing the cut-off of revenues.
Audit Assertions - Cost of Sales and Expenses
The key audit assertions when auditing cost of sales and expenses include accuracy, cut-off, and completeness.
Audit Assertions and Substantive Tests
Comparing Supplier/Creditor Invoices to the Initial Record
of Entry
The comparison of supplier/creditor invoices to the initial record of entry relates to the completeness assertion. This procedure helps ensure that all transactions have been properly recorded and included in the financial statements.
