1Chapter 1

The Demand for Audit and Other Assurance Services

 Review Questions

1-1 The relationship among audit services, attestation services, and

assurance services is reflected in Figure 1-3 on page 13 of the text. An
assurance service is an independent professional service to improve the quality
of information for decision makers. An attestation service is a form of assurance
service in which the CPA firm issues a report about the reliability of an assertion
that is the responsibility of another party. Audit services are a form of attestation
service in which the auditor expresses a written conclusion about the degree of
correspondence between information and established criteria.
The most common form of audit service is an audit of historical financial
statements, in which the auditor expresses a conclusion as to whether the
financial statements are presented in conformity with generally accepted
accounting principles. An example of an attestation service is a report on the
effectiveness of an entity’s internal control over financial reporting. There are
many possible forms of assurance services, including services related to
business performance measurement, health care performance, and information
system reliability.

1-2 An independent audit is a means of satisfying the need for reliable

information on the part of decision makers. Factors of a complex society which
contribute to this need are:

1. Remoteness of information
a. Owners (stockholders) divorced from management
b. Directors not involved in day-to-day operations or decisions
c. Dispersion of the business among numerous geographic
locations and complex corporate structures
2. Biases and motives of provider
a. Information will be biased in favor of the provider when his or
her goals are inconsistent with the decision maker's goals.
3. Voluminous data
a. Possibly millions of transactions processed daily via
sophisticated computerized systems
b. Multiple product lines
c. Multiple transaction locations
4. Complex exchange transactions
a. New and changing business relationships lead to innovative
accounting and reporting problems
b. Potential impact of transactions not quantifiable, leading to
increased disclosures

1-1
1-3 1. Risk-free interest rate This is approximately the rate the bank could
earn by investing in U.S. treasury notes for the same length of time
as the business loan.
2. Business risk for the customer This risk reflects the possibility that the
business will not be able to repay its loan because of economic or
business conditions such as a recession, poor management
decisions, or unexpected competition in the industry.
3. Information risk This risk reflects the possibility that the information
upon which the business risk decision was made was inaccurate. A
likely cause of the information risk is the possibility of inaccurate
financial statements.

Auditing has no effect on either the risk-free interest rate or business risk.
However, auditing can significantly reduce information risk.

1-4 The four primary causes of information risk are remoteness of information,
biases and motives of the provider, voluminous data, and the existence of
complex exchange transactions.
The three main ways to reduce information risk are:

1. User verifies the information.

2. User shares the information risk with management.
3. Audited financial statements are provided.

The advantages and disadvantages of each are as follows:

ADVANTAGES DISADVANTAGES

USER VERIFIES 1. User obtains information 1. High cost of obtaining

INFORMATION desired. information.
2. User can be more 2. Inconvenience to the
confident of the person providing the
qualifications and activities information because
of the person getting the large number of users
information. would be on
premises.

USER SHARES 1. No audit costs incurred. 1. User may not be able

INFORMATION to collect on losses.
RISK WITH
MANAGEMENT

AUDITED 1. Multiple users obtain the 1. May not meet needs

FINANCIAL information. of certain users.
STATEMENTS 2. Information risk can usually 2. Cost may be higher
ARE PROVIDED be reduced sufficiently to than the benefits in
satisfy users at reasonable some situations, such
cost. as for a small
3. Minimal inconvenience to company.
management by having
only one auditor.
1-2
1-5 To do an audit, there must be information in a verifiable form and some
standards (criteria) by which the auditor can evaluate the information. Examples
of established criteria include generally accepted accounting principles and the
Internal Revenue Code. Determining the degree of correspondence between
information and established criteria is determining whether a given set of
information is in accordance with the established criteria. The information for
Jones Company's tax return is the federal tax returns filed by the company. The
established criteria are found in the Internal Revenue Code and all
interpretations. For the audit of Jones Company's financial statements the
information is the financial statements being audited and the established criteria
are generally accepted accounting principles.

1-6 The primary evidence the internal revenue agent will use in the audit of
the Jones Company's tax return include all available documentation and other
information available in Jones' office or from other sources. For example, when
the internal revenue agent audits taxable income, a major source of information
will be bank statements, the cash receipts journal and deposit slips. The internal
revenue agent is likely to emphasize unrecorded receipts and revenues. For
expenses, major sources of evidence are likely to be cancelled checks, vendors'
invoices and other supporting documentation.

1-7 This apparent paradox arises from the distinction between the function of
auditing and the function of accounting. The accounting function is the recording,
classifying and summarizing of economic events to provide relevant information
to decision makers. The rules of accounting are the criteria used by the auditor
for evaluating the presentation of economic events for financial statements and
he or she must therefore have an understanding of generally accepted
accounting principles (GAAP), as well as auditing standards. The accountant
need not, and frequently does not, understand what auditors do, unless he or she
is involved in doing audits, or has been trained as an auditor.

1-3
1-8

AUDITS OF
OPERATIONAL COMPLIANCE FINANCIAL
AUDITS AUDITS STATEMENTS

PURPOSE To evaluate To determine To determine

whether whether the client is whether the
operating following specific overall financial
procedures are procedures set by statements are
efficient and higher authority presented in
effective accordance with
specified criteria
(usually GAAP)
USERS OF Management of Authority setting Different groups
AUDIT organization down procedures, for different
REPORT internal or external purposes —
many outside
entities
NATURE Highly Not standardized, Highly
nonstandard; but specific and standardized
often subjective usually objective
PERFORMED
BY:

CPAs Frequently Occasionally Almost

universally
GAO
AUDITORS Frequently Frequently Occasionally
IRS
AUDITORS Never Universally Never
INTERNAL
AUDITORS Frequently Frequently Frequently

1-9 Five examples of specific operational audits that could be conducted by an

internal auditor in a manufacturing company are:

1. Examine employee time cards and personnel records to determine if

sufficient information is available to maximize the effective use of
personnel.
2. Review the processing of sales invoices to determine if it could be
done more efficiently.
3. Review the acquisitions of goods, including costs, to determine if they
are being purchased at the lowest possible cost considering the
quality needed.
4. Review and evaluate the efficiency of the manufacturing process.
5. Review the processing of cash receipts to determine if they are
deposited as quickly as possible.

1-4
1-10 When using a strategic systems auditing approach in an audit of historical
financial statements, an auditor must have a thorough understanding of the client
and its environment. This knowledge should include the client’s regulatory and
operating environment, business strategies and processes, and measurement
indicators. The strategic systems approach is also useful in other assurance or
consulting engagements. For example, an auditor who is performing an
assurance service on information technology would need to understand the
client’s business strategies and processes related to information technology,
including such things as purchases and sales via the Internet. Similarly, a
practitioner performing a consulting engagement to evaluate the efficiency and
effectiveness of a client’s manufacturing process would likely start with an
analysis of various measurement indicators, including ratio analysis and
benchmarking against key competitors.

1-11 The major differences in the scope of audit responsibilities are:

1. CPAs perform audits in accordance with auditing standards of

published financial statements prepared in accordance with
generally accepted accounting principles.
2. GAO auditors perform compliance or operational audits in order to
assure the Congress of the expenditure of public funds in
accordance with its directives and the law.
3. IRS agents perform compliance audits to enforce the federal tax laws
as defined by Congress, interpreted by the courts, and regulated by
the IRS.
4. Internal auditors perform compliance or operational audits in order to
assure management or the board of directors that controls and
policies are properly and consistently developed, applied and
evaluated.

1-12 The four parts of the Uniform CPA Examination are: Auditing and
Attestation, Financial Accounting and Reporting, Regulation, and Business
Environment and Concepts.

1-13 It is important for CPAs to be knowledgeable about e-commerce

technologies because more of their clients are rapidly expanding their use of e-
commerce. Examples of commonly used e-commerce technologies include
purchases and sales of goods through the Internet, automatic inventory
reordering via direct connection to inventory suppliers, and online banking. CPAs
who perform audits or provide other assurance services about information
generated with these technologies need a basic knowledge and understanding of
information technology and e-commerce in order to identify and respond to risks
in the financial and other information generated by these technologies.

 Multiple Choice Questions From CPA Examinations

1-14 a. (3) b. (2) c. (2) d. (3)

1-15 a. (2) b. (3) c. (4) d. (3)

1-5
 Discussion Questions And Problems

1-16 a. The relationship among audit services, attestation services and

assurance services is reflected in Figure 1-3 on page 13 of the text.
Audit services are a form of attestation service, and attestation
services are a form of assurance service. In a diagram, audit
services are located within the attestation service area, and
attestation services are located within the assurance service area.
b. 1. (1) Audit of historical financial statements
2. (2) An attestation service other than an audit service; or
(3) An assurance service that is not an attestation service
(WebTrust developed from the AICPA Special
Committee on Assurance Services, but the service
meets the criteria for an attestation service.)
3. (2) An attestation service other than an audit service
4. (2) An attestation service other than an audit service
5. (2) An attestation service other than an audit service
6. (2) An attestation service that is not an audit
service (Review services are a form of attestation, but
are performed according to Statements on Standards
for Accounting and Review Services.)
7. (2) An attestation service other than an audit service
8. (2) An attestation service other than an audit service
9. (3) An assurance service that is not an attestation service

1-17 a. The interest rate for the loan that requires a review report is lower
than the loan that did not require a review because of lower
information risk. A review report provides moderate assurance to
financial statement users, which lowers information risk. An audit
report provides further assurance and lower information risk. As a
result of reduced information risk, the interest rate is lowest for the
loan with the audit report.
b. Given these circumstances, Vial-tek should select the loan from City
First Bank that requires an annual audit. In this situation, the
additional cost of the audit is less than the reduction in interest due
to lower information risk. The following is the calculation of total
costs for each loan:

CPA COST OF ANNUAL ANNUAL

LENDER SERVICE CPA INTEREST LOAN
SERVICES COST

Existing loan None 0 $ 142,500 $ 142,500

First National Bank Review $ 12,000 $ 127,500 $ 139,500
City First Bank Audit $ 20,000 $ 112,500 $ 132,500

1-6
1-17 (continued)
c. Vial-tek may desire to have an audit because of the many other
positive benefits that an audit provides. The audit will provide Vial-
tek’s management with assurance about annual financial
information used for decision-making purposes. The audit may
detect errors or fraud, and provide management with information
about the effectiveness of controls. In addition, the audit may result
in recommendations to management that will improve efficiency or
effectiveness.
d. Under a strategic systems audit approach, the auditor must have a
thorough understanding of the client and its environment, including
the client’s e-commerce technologies, industry, regulatory and
operating environment, suppliers, customers, creditors, and
business strategies and processes. This thorough analysis helps
the auditor identify risks associated with the client’s strategies that
may affect whether the financial statements are fairly stated. When
applying the strategic systems audit approach, the auditor often
discovers ways to help the client improve business operations,
thereby providing added value to the audit function.

1-18 a. The services provided by Consumers Union are very similar to

assurance services provided by CPA firms. The services provided
by Consumers Union and assurance services provided by CPA
firms are designed to improve the quality of information for decision
makers. CPAs are valued for their independence, and the reports
provided by Consumers Union are valued because Consumers
Union is independent of the products tested.
b. The concepts of information risk for the buyer of an automobile and for
the user of financial statements are essentially the same. They are
both concerned with the problem of unreliable information being
provided. In the case of the auditor, the user is concerned about
unreliable information being provided in the financial statements.
The buyer of an automobile is likely to be concerned about the
manufacturer or dealer providing unreliable information.
c. The four causes of information risk are essentially the same for a buyer
of an automobile and a user of financial statements:
(1) Remoteness of information It is difficult for a user to obtain
much information about either an automobile manufacturer
or the automobile itself without incurring considerable cost.
The automobile buyer does have the advantage of possibly
knowing other users who are satisfied or dissatisfied with a
similar automobile.
(2) Biases and motives of provider There is a conflict between
the automobile buyer and the manufacturer. The buyer
wants to buy a high quality product at minimum cost
whereas the seller wants to maximize the selling price and
quantity sold.
(3) Voluminous data There is a large amount of available
information about automobiles that users might like to have
in order to evaluate an automobile. Either that information is
not available or too costly to obtain.
1-7
1-18 (continued)

(4) Complex exchange transactions The acquisition of an

automobile is expensive and certainly a complex decision
because of all the components that go into making a good
automobile and choosing between a large number of
alternatives.
d. The three ways users of financial statements and buyers of
automobiles reduce information risk are also similar:
(1) User verifies information him or herself That can be
obtained by driving different automobiles, examining the
specifications of the automobiles, talking to other users and
doing research in various magazines.
(2) User shares information risk with management The
manufacturer of a product has a responsibility to meet its
warranties and to provide a reasonable product. The buyer
of an automobile can return the automobile for correction of
defects. In some cases a refund may be obtained.
(3) Examine the information prepared by Consumer Reports
This is similar to an audit in the sense that independent
information is provided by an independent party. The
information provided by Consumer Reports is comparable to
that provided by a CPA firm that audited financial
statements.

1-19 a. The following parts of the definition of auditing are related to the
narrative:
(1) Virms is being asked to issue a report about qualitative and
quantitative information for trucks. The trucks are therefore
the information with which the auditor is concerned.
(2) There are four established criteria which must be evaluated
and reported by Virms: existence of the trucks on the night
of June 30, 2005, ownership of each truck by Regional
Delivery Service, physical condition of each truck and fair
market value of each truck.
(3) Susan Virms will accumulate and evaluate four types of
evidence:
(a) Count the trucks to determine their existence.
(b) Use registrations documents held by Oatley for
comparison to the serial number on each truck to
determine ownership.
(c) Examine the trucks to determine each truck's physical
condition.
(d) Examine the blue book to determine the fair market
value of each truck.
(4) Susan Virms, CPA, appears qualified, as a competent,
independent person. She is a CPA, and she spends most of
her time auditing used automobile and truck dealerships and
has extensive specialized knowledge about used trucks that
is consistent with the nature of the engagement.

1-8
1.19 (continued)

(5) The report results are to include:

(a) which of the 35 trucks are parked in Regional's
parking lot the night of June 30.
(b) whether all of the trucks are owned by Regional
Delivery Service.
(c) the condition of each truck, using established
guidelines.
(d) fair market value of each truck using the current blue
book for trucks.
b. The only parts of the audit that will be difficult for Virms are:
(1) Evaluating the condition, using the guidelines of poor, good,
and excellent. It is highly subjective to do so. If she uses a
different criterion than the "blue book," the fair market value
will not be meaningful. Her experience will be essential in
using this guideline.
(2) Determining the fair market value, unless it is clearly defined
in the blue book for each condition.

1-20 a. The major advantages and disadvantages of a career as an IRS agent,

CPA, GAO auditor, or an internal auditor are:

EMPLOYMENT ADVANTAGES DISADVANTAGES

INTERNAL 1. Extensive training in 1. Experience limited to

REVENUE individual, corporate, gift, taxes.
AGENT trust and other taxes is 2. No experience with
available with concentration operational or financial
in area chosen. statement auditing.
2. Hands-on experience with 3. Training is not extensive
sophisticated selection with any business
techniques. enterprise.
CPA 1. Extensive training in audit of 1. Exposure to taxes and to
financial statements, the business enterprise
compliance auditing and may not be as in-depth as
operational auditing. the internal revenue agent
2. Opportunity for experience in or the internal auditor.
auditing, tax consulting, and 2. Likely to be less exposed
management consulting to operational auditing
practices. than is likely for internal
3. Experience in a diversity of auditors.
enterprises and industries
with the opportunity to
specialize in a specific
industry.
GAO AUDITOR 1. Increasing opportunity for 1. Little exposure to diversity
experience in operational of enterprises and
auditing. industries.
2. Exposure to highly 2. Bureaucracy of federal
sophisticated statistical government.
sampling and computer
auditing techniques.

1-9
1-20 (continued)

EMPLOYMENT ADVANTAGES DISADVANTAGES

INTERNAL 1. Extensive exposure to all 1. Little exposure to taxation

AUDITOR segments of the enterprise and the audit thereof.
with which employed. 2. Experience is limited to
2. Constant exposure to one one enterprise, usually
industry presenting within one or a limited
opportunity for expertise in number of industries.
that industry.
3. Likely to have exposure to
compliance, financial and
operational auditing.

(b) Other auditing careers that are available are:

 Auditors within many of the branches of the federal
government (e.g., Atomic Energy Commission)
 Auditors for many state and local government units (e.g.,
state insurance or bank auditors)

1-21 The most likely type of auditor and the type of audit for each of the
examples are:

EXAMPLE TYPE OF AUDITOR TYPE OF AUDIT

1. IRS Compliance
2. GAO Operational
3. Internal auditor or CPA Operational
4. CPA or Internal auditor Financial statements
5. GAO Operational
6. CPA Financial statements
7. GAO Financial statements
8. IRS Compliance
9. CPA Financial statements
10. Internal auditor or CPA Compliance
11. Internal auditor or CPA Financial statements
12. GAO Compliance

1-22 a. The conglomerate should either engage the management advisory

services division of a CPA firm or its own internal auditors to
conduct the operational audit.
b. The auditors will encounter problems in establishing criteria for
evaluating the actual quantitative events and in setting the scope to
include all operations in which significant inefficiencies might exist.
In writing the report, the auditors must choose proper wording to
state that no financial audit was performed, that the procedures
were limited in scope and that the results reported do not
necessarily include all the inefficiencies that might exist.

1-10
1-23 a. The CPA firm for the Internet company described in this problem
could address these customer concerns by performing a WebTrust
attestation engagement. The WebTrust assurance service was
created by the profession to respond to the growing need for
assurance resulting from the growth of business transacted over
the Internet.
b. The appropriate WebTrust principle for each of the customer concerns
noted in the problem is as follows:
1. Accuracy of product descriptions and adherence to stated
return policies: (3) Processing Integrity.
2. Credit card and other personal information: (1) Online
Privacy and (2) Security.
3. Selling information to other companies: (1) Online Privacy
and (2) Security.
4. System failure: (4) Availability.

 Internet Problem Solution: Assurance Services

1-1 This problem requires students to work with the AICPA assurance
services Web site.

1. Considering the assurance needs of customers and the capabilities of

CPAs, the Special Committee on Assurance Services developed
business plans for six assurance services. Chapter 1 of the
textbook discussed several of these services. Go to the service
description for the assurance service that most interests you (any
one of the six). What are the major aspects or sections of the
associated business plan (i.e., does the plan address market
potential, competition, etc.?)

Answer: Each business plan provides background information,

describes the service, assesses market potential, discusses issues
such as competition and why CPAs should offer the service,
identifies practice tools available and steps that CPAs must take to
begin offering the services.

2. The Special Committee's report on Assurance Services discusses

competencies needed by assurance providers today and in the
coming decade. Briefly describe the 5 general competencies
needed in the next decade (Hint: See the “About Assurance
Services” link. Then follow the “Assurance Services and Academia”
link.)

Answer: The Committee identified the following five major

imperatives regarding future competencies, each of which implies
increasing emphasis on the competencies noted:

1-11
1-1 (continued)
Customer focus. Assurance service providers need to understand
user decision processes and how information should enter into
those processes. Increased emphasis is needed on: understanding
user needs, communication skills, relationship management,
responsiveness and timeliness.

Migration to higher value-added information activities. To provide

more value to client/decision makers and others, assurance service
providers need to focus less on activities involved in the conversion
of business events into information (e.g., collecting, classifying, and
summarizing activities) and more on activities involved in the
transformation of information into knowledge (e.g., analyzing,
interpreting, and evaluating activities) that effectively drives
decision processes. This will require: analytical skills, business
advisory skills, business knowledge, model building (including
sensitivity analysis), understanding the client’s business processes,
measurement theory (development of operational definitions of
concepts, design of appropriate measurement techniques, etc.).

Information technology (IT). Assurance services deal in

information. Hence, the profound changes occurring in information
technology will shape virtually all aspects of assurance services. As
information specialists, assurance service providers need to
embrace information technology in all of its complex dimensions.
Embracing IT means understanding how it is transforming all
aspects of business. It also means learning how to effectively use
new developments in hardware, software, communications,
memory, encryption, etc., in everything assurance service providers
do as information specialists, not only in dealing with clients, but
also in dealing with each other as individuals, teams, firms, state
societies, and national professional organizations.

Pace of change and complexity. Assurance services will take place

in an environment of rapid change and increasing complexity.
Assurance service providers need to invest heavily in life-long
learning in order to maintain up-to-date knowledge and skills. They
will require: intellectual capability, learning and rejuvenation.

Competition. Growth in new assurance services will depend less

on franchise/regulation and more on market forces. Assurance
service providers need to develop their marketing skills — the
ability to see clients’ latent information and assurance needs and
rapidly design and deploy cost-effective services to meet those
needs — in order to effectively compete for market-driven
assurance services. Required skills include: marketing and selling,
understanding customer needs, designing and deploying effective
solutions.

1-12
1-1 (continued)

(Note: Internet problems address current issues using Internet sources. Because
Internet sites are subject to change, Internet problems and solutions are subject to
change. Current information on Internet problems is available at
www.prenhall.com/arens).

1-13