Audit Planning, Understanding the Client, Assessing Risks, and Responding Chapter 06...

Audit Planning, Understanding the Client, Assessing Risks, and Responding

Chapter 06

McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

6-2

Obtaining ClientsObtaining Clients Submit a proposal

Contact the audit committee Make fee arrangements

Communicate with the predecessor auditor Topics

• Integrity of management• Disagreements over accounting principles• Communications to those charged with governance regarding

fraud and noncompliance with laws• Communication to management and those charged with

governance concerning internal control significant deficiencies and material weaknesses.

• Predecessor’s understanding of reason for change of auditors• Other

Overall procedure is important for evaluation of management integrity

6-3

The Audit Process--The Audit Process--StepsSteps

After obtaining a client, the audit process includes:

1. Plan the audit2. Obtain an understanding of the client and its environment,

including internal control3. Assess the risks of material misstatement and design

further audit procedures4. Perform further audit procedures5. Complete the audit6. Form an opinion and issue the audit report

This chapter emphasizes obtaining a client and steps 1-3.

6-4

Stages of an Stages of an Audit--DiagramAudit--Diagram

6-5

1. Plan the Audit1. Plan the Audit

Establish an understanding with the client This is ordinarily accomplished through use of

an engagement letter Related, determine that

• The firm meets professional independence requirements

• There are no issues relating to management integrity

• The client understands the terms of the engagement

6-6

Items Included in Items Included in Engagement LettersEngagement Letters

Name of the entity Management responsibilities

Financial statements Establishing effective internal control over financial reporting Compliance with laws and regulations Making records available to the auditors Providing written representations at end of the audit, including that

adjustments discovered by the auditors and not recorded to the financials are not material

Auditor responsibilities Conducting an audit in accordance with GAAS Obtaining an understanding of internal control to plan audit

and to determine the nature, timing and extent of procedures Making communications required by GAAS

6-7

Engagement Letters--Optional ItemsEngagement Letters--Optional Items

Arrangements regarding Conduct of the audit (e.g., timing, client assistance) Use of specialists or internal auditors Obtaining information from predecessor auditors Fees and billing

Other services to be provided, such as examination of internal control over financial reporting

Limitation of or other arrangements regarding liability of auditors or client

Conditions under which access to the auditors’ working papers may be granted to others

6-8

Audit Planning—Overall Audit Planning—Overall

Develop an overall audit strategy and an audit plan

Plan use of client’s staff Plan involvement of other CPAs Arrange for specialists On first year audits:

Communicate with predecessor auditors Establish opening balances on the financial

statements

6-9

2. Obtain an Understanding of the 2. Obtain an Understanding of the Client and its EnvironmentClient and its Environment

Perform risk assessment procedures, including Inquiries of management and others within the entity Analytical procedures Observation and inspection relating to client activities,

operations, documents, reports and premises. Other procedures, such as inquiries of others outside the

company (e.g., legal counsel, valuation experts) and reviewing information from external sources such as analysts, banks, rating organizations, journals.

6-10

Understanding the Client’s BusinessUnderstanding the Client’s Business—Nature of the Client—Nature of the Client

Competitive position Organizational structure Accounting policies and procedures Ownership Capital structure Product and service lines Critical business processes Internal control

6-11

Understanding the Client’s Business,Understanding the Client’s Business,Industry, Regulatory, and Other FactorsIndustry, Regulatory, and Other Factors

Competitive environment Supplier and customer relationships Technology developments Major laws and regulations Economic conditions Attractiveness of the industry

Barriers to entry Strength of competitors Bargaining power of suppliers of raw materials and labor Bargaining power of customers

6-12

Understanding the Client’s Business—Understanding the Client’s Business—Objectives, Strategies & Business RisksObjectives, Strategies & Business Risks

Objectives—Overall plans Operating and financial strategies—

Operational actions to achieve objectives

Business risks—Threats to achieving objectives

6-13

Understanding the Client’s Business—Understanding the Client’s Business—Measuring and Reviewing PerformanceMeasuring and Reviewing Performance

Budgets Key performance indicators Variance analysis Segment performance reports Balanced scorecard External parties

6-14

Understanding the Client’s Business – Understanding the Client’s Business – Internal ControlInternal Control

Need knowledge and understanding of how a client’s internal control works: What controls exists Who performs them How various types of transactions are

processed and recorded What accounting records and supporting

documentation exist

6-15

Understanding the Client’s BusinessUnderstanding the Client’s Business—Sources of Information—Sources of Information

Inquiries of management Industry Accounting and Auditing Guides Industry Risk Alerts Trade journals and news stories Government publications Prior company annual reports and SEC filings Prior tax returns Electronic sources

Ex. www.fasb.org, web pages for company Tour of plant and offices Analytical procedures The statement of cash flows and obtaining an

understanding of the client

6-16

Determining MaterialityDetermining Materiality

Use professional judgment and based on reasonable person

Considers both Quantitative and qualitative factors

Materiality used in Planning the audit

• At the overall financial statement level• Allocate to individual accounts

Evaluating audit findings

6-17

Materiality DefinitionsMateriality Definitions FASB (included in SASs)—The magnitude of an

omission or misstatement of financial information that, in the light of surrounding circumstances, makes it probable that he judgment of a reasonable person relying on the information could have been changed or influenced by the omission or misstatement.

PCAOB interpretation of federal securities laws—A fact is material if there is a substantial likelihood that the… fact would have been viewed by the reasonable investor as having significantly altered the “total mix” of information made available.

6-18

3. Assess the Risks of Material Misstatement and 3. Assess the Risks of Material Misstatement and Design Further Audit ProceduresDesign Further Audit Procedures

Overall approach What could go wrong? How likely is it that it will go wrong? What are the likely amounts involved?

Particularly consider Inherent risks Risks of material misstatement due to fraud

(fraud risks) Design further audit procedures

6-19

Assessing Fraud RisksAssessing Fraud Risks

Two types Fraudulent financial reporting (management fraud) Misappropriation of assets (defalcations)

Procedures to assess fraud risks Discussion among engagement team Inquiries of management and other personnel Risk assessment analytical procedures (to aid in

planning the audit) Considering fraud risk factors

• Incentives• Opportunity• Attitude

6-20

Assessing Fraud Risks –Assessing Fraud Risks –Identifying Fraud RisksIdentifying Fraud Risks

Considerations in identifying fraud risks Type Significance Likelihood that it will result in a material

misstatement Pervasiveness

6-21

Responding to Fraud RisksResponding to Fraud Risks Overall response

Professional skepticism and audit evidence Assigning personnel and supervision Accounting principles Predictability of auditing procedures

Alterations in audit procedures More reliable evidence Shifting timing to year end Increasing sample sizes

Response to the possibility of management override Examining journal entries Review accounting estimates for biases Evaluating the business rationale for significant

unusual transactions

6-22

Consideration of Fraud Consideration of Fraud Throughout the AuditThroughout the Audit

Evaluating the results of audit tests Discovery of fraud

Communication to appropriate level of management

If fraud involves senior management or material misstatement communicate to audit committee

6-23

Design Further Audit Procedures Design Further Audit Procedures (1/2)(1/2)

Types Tests of controls Analytical procedures Tests of details of transactions and balances

Audit procedures

Inspection Observation Inquiry Confirmation Recalculation Reperformance

6-24

Design Further Audit Procedures Design Further Audit Procedures (2/2)(2/2)

Further audit procedures should include Substantive procedures for all relevant assertions Tests of controls when the auditors’ risk assessment includes an

expectation that controls are operating effectively, or when substantive procedures alone are not sufficient

Procedures should be linked with the assessed risks of material misstatement at the relevant assertion level

Overall responses when assessed risks of material misstatement are high

Heightened professional skepticism Assigning more experienced staff Assigning staff with specialized skills Providing more supervision

6-25

Audit DocumentationAudit Documentation

Audit Documentation Risk assessment

• Discussion of the audit team, elements of understanding, assessment of risk of material misstatement and risks identified

Procedure results• Overall responses, nature, timing and extent of further audit procedures,

linkage of procedures with assessed risks, results of audit procedures, conclusions reached about operating effectiveness of controls, significant risk identified, circumstances in which substantive procedures alone will not provide sufficient evidence

Consideration of fraud• Similar to risk assessment as document discussion, procedures used to

identify fraud risks, fraud risk and response, any other conditions that caused fraud-related procedures and communications with management or audit committee.

6-26

Audit TrailAudit Trail

A trail of evidence that links source documents, journal entries and ledger entries

Auditor may follow the audit trail in either of two directions related to the direction of testing Test for existence or occurrence Test for completeness

6-27

Direction of Audit Testing

6-28

Transaction cyclesTransaction cycles

Auditors’ consideration of internal control is often organized around client’s major transaction cycles (examples) Revenue cycle Acquisition cycle Conversion cycle Payroll cycle Investing cycle Financing cycle

6-29

Transactions Affecting Accounts Receivable

6-30

Audit ProgramAudit Program

Systems portion Deals with client’s internal control Evidence of test of controls and assessing

control risk Substantive test portion

Deals with financial statement account balances

Indirect and direct verification of income statement accounts

6-31

Indirect Verification of Income Indirect Verification of Income Statement AccountsStatement Accounts

6-32

Objectives of Substantive Programs Objectives of Substantive Programs for Asset Accountsfor Asset Accounts

Establish the existence of assets Establish that the company has rights to the

assets Establish the completeness of recorded assets Verify the cutoff of transactions Determine the appropriate valuation of the assets

and accuracy of related transactions Determine the appropriate financial statement

presentation and disclosure of the assets

6-33

Relationship Relationship of Financial of Financial Statement Statement Assertions Assertions to the Auditto the Audit

6-34

Relationships Relationships among Audit among Audit Objectives, Objectives,

Risks of Risks of Material Material

Misstatement, Misstatement, and Audit and Audit

ProceduresProcedures