CH 1 Intro to Auditing CH 2: Roles and Responsibilities

1-2, 1-6, 1-7 2-1, 2-2, 2-11, 2-12

- Importance of Auditing: is a systematic process of objectively obtaining Public accounting – accountants provide assurance services for use by general public.
and evaluating evidence regarding assertions about economic actions and
events to ascertain the degree of correspondence between the assertions CPA must comply with professional ethics code which requires integrity, objectivity,
and established criteria and communicating the results to interested professional competency, due care, confidentiality
parties.
SOX:
- Auditing VS. Accounting Internal controls gained increasing importance, as they refer to the system of policies and procedures needed to
maintain adherence to a company’s objectives; especially, the accuracy of recordkeeping and safeguarding of assets.
Audit committees monitor management’s financial reporting responsibilities, including meeting with the external
- Role auditing in information risk reduction to users of F. stat auditors and dealing with various audit and accounting matters that may arise during an audit.
Audit Risk: The risk of insufficient evidence being gathered on the facts Corporate governance describes how well a company is run in the interests of shareholders and other
concerning the entity’s economic circumstances. stakeholders.
Accounting Risk: The risk that errors associated with forecasts used in
GAAP accounting estimates are not properly disclosed. -GAAS General Standards: identify the objectives and key principles of the financial
statement audit.
A) Competence: refers to adequate technical training and proficiency. Competence allows
- International auditing and its impact on Canadian Auditing Standards
the auditor to:
1) recognize underlying assertions made by management,
- Agency theory and accountability 2) decide which evidence is relevant to support assertion,
3) select and perform procedures for obtaining evidence, and
- Auditee, client 4) evaluate evidence for reality and conformity to GAAP
B) Objectivity and Independence
- Audit objectives: The purpose of an audit is to enhance the degree of 1) Independence in fact is the mental attitude, or state of mind of the auditor.
confidence of intended users in the financial statements. This is achieved 2) Independence in appearance is covered by rules of professional conduct.
by the expression of an opinion by the auditor on whether the financial
statements are prepared, in all material respects, in accordance with an Five threats to independence:
applicable financial reporting framework.” 1) self-review providing assurance on their own work
2) self-interest benefiting from a financial interest in a client
- Professional scepticism, professional judgment 3) Advocacy promoting a client’s position or opinion
4) Familiarity becoming too sympathetic to a client’s interests
- Types of audits and authors 5) intimidation being deterred from acting objectively by actual or perceived threats from a
client
- Audit firm Organization
C) Due professional care: competent and independent, exercise proper care in planning
- Attestation services
and supervising the audit, understanding the auditee’s control structure, and obtaining
1) Attest engagement: A practitioner is engaged to issue or does issue an
sufficient appropriate evidence
examination, a review, or an agreed-upon procedures report on subject
matter or an assertion about subject matter that is the responsibility of
-GAAS: Examination Standards
another party (e.g. management)
- conduct an audit in accordance with Canadian Audit Standards (CASs) and the Canadian
2) Direct reporting engagement: A type of assurance engagement in
Audit Practice Notes (CAPNs)
which the assertions are implied and not written down in some form
- scope of an audit the auditor should comply with each CAS relevant to the audit.
- reasonable assurance that the financial statements taken as a whole are free from
- Expectation Gap (users of fin st. versus auditors)
material misstatement, whether due to fraud or error. 90%–99% .
- audit risk and materiality risk that an auditor expresses an inappropriate audit opinion
- Business Risk (CAS 700): Business risks result from significant conditions,
when the financial statements are materially misstated is audit risk
events, circumstances or actions that might adversely affect the entity’s
-planning and Supervision Obtaining knowledge of the auditee’s business. Dealing with
ability to achieve its objectives and execute its strategies.” (CAS 700)
differences of opinion
- internal control assessment This consists of a company’s control environment, accounting
- Information Risk (materiality, material misstatement): Financial system, and control procedures.
statements will fail to appropriately reflect economic substance of -Sufficient Appropriate Evidential: obtain enough evidence to justify opinions. Appropriate
business activities, including business risks and uncertainties. evidence is both reliable and relevant

-GAAS: Reporting Standards

-GAAP
-Consistency No reference to consistency is made in the unmodified audit report
-Adequate Disclosure
-Report Content
Unmodified opinion audit report — good, as the auditor is not calling attention to anything
that may be wrong in the statements; there are no reservations.
Modified opinion audit report — bad, as the auditor reports a departure from GAAP, or a
limitation in the scope of the audit.

-Assurance Standards:
Assertion: A statement about some aspect of a subject matter. (triangle- three party)
-Unwritten — direct reporting engagements
-Written assertions— attest engagements: Audits and reviews

-Quality control standards: Actions taken to evaluate compliance with professional

standards as defined in the CPA Canada Handbook and provincial rules of professional
conduct.
Elements of quality control:
• Leadership responsibilities for quality within the firm 
• Relevant ethical requirements
• Acceptance and continuance of client relationships
• Human resources
• Engagement performance
• Monitoring

Ch 3: Auditors’ Ethical and Legal Responsibilities CH4: Reports on Audited Financial Statements
3-1, 3-3, DC 3-3, DC 3-4, DC 3-6 4-1, 4-2, 4-7, 4-12, 4-13, 4-15, 4-16, 4-22,
Auditors have three areas of responsibility to society.
1)Moral Responsibilities
2)Professional Responsibilities -Forming an audit opinion is the ultimate goal of audits
3)Legal Responsibilities • Unmodified / Unqualified or Clean Opinion: Required by securities regulations
• Modified opinion
– Due to GAAP violations that affect fair presentation OR
Ethical dilemma is a problem that arises when a reason to act in a certain – Due to scope limitations that impair auditor’s ability to fully comply with GAAS
way is offset by a reason to not act in that way. -Qualified opinion “except for…” or
-Denial of opinion “I am unable to express an opinion….”.
Critical thinking can help identify and resolve ethical dilemmas.
– A reservation paragraph is added after the scope paragraph to describe the
departure from GAAP. (major variations on standard audit report)
Ethical behaviour behavior that produces the greatest good. – “Except for” opinion with reference to reservation paragraph.
– Introductory and scope paragraphs are unchanged.
Professional judgment in auditing is essentially critical thinking on
accounting issues and the evidence related to them. This reasoning • Disclaimer of opinion no opinion because it was impossible to get the audit
should be documented. evidence required
– Identifying the crucial issues • Adverse audit report: Departures from GAAP in the statements are:
– Gathering information on all the significant - “super-material”
assertions - pervasive, affecting numerous accounts and financial statement
– Identifying possible alternative courses of action relationships.
– Evaluating the alternative courses of actions - Reservation paragraph added describing the situation
– Deciding on the best course of action - Adverse opinion “…statements do not present fairly...

Professional scepticism is an inclination to question all material

assertions made by management whether oral, written, or contained in
-Audit: is based on obtaining reasonable assurance, high level of assurance
the accounting records.
-Reviews: lower level of assurance or moderate level of assurance
- Compilations: no level of assurance
Code of ethics:
Professional behaviour — to serve the public interest and maintain the
good reputation of the profession. Association is a term used within the profession to indicate a public accountant’s
Integrity and due care — to perform professional services with integrity involvement with an enterprise or with information issued by that enterprise. Association
and using due care can arise in three ways:
Professional competence – Through some action, the PA becomes associated with information issued
Confidentiality by the enterprise.
Objectivity – Without the PA’s knowledge or consent, the enterprise indicates that the
PA was involved with information issued by them.
Due care: – A third party assumes that the PA is involved with information issued by an
To the contractual party (client). enterprise.
To the financial stakeholders (owners).
The standard unmodified report contains five basic segments:
1. the opinion segment,
Negligence is failure to perform a duty with requisite standard care. 2. the basis for opinion segment,
Plaintiff must demonstrate: 3. the key audit matters segment, such as
-There is a legal duty of care owed the plaintiff.  difficulties in auditing going-concern issues;
-There must be a breach in that duty.  accounting estimates with significant risks; and
-There must be proof that damage resulted.  issues of significant public interest, such as financial
-There must be a reasonably proximate connection between the breach institutions and charities.
of duty and the resulting damages.
4. the management (or other preparer) and governance responsibility
segment: they are responsible of preparation & fair presentation of
f.stat.
o the auditor responsibility segment.
 Auditors were independent.
 Due professional care was exercised.
 The work was planned and supervised
 Sufficient understanding of controls was obtained.
 Sufficient appropriate evidence was obtained.
 Auditors were trained and proficient.

Significant matter paragraphs: CAS 706 draw users attentions to examples:

-an accounting contingency
-a material uncertainty about the going-concern assumption, for example,

4) Recalculation / Reperformance: Performing independent Ch 8: Audit Evidence and Assurance

calculations or recalculating the client’s calculations. Computation 8-1, 8-4, 8-5, 8-6, 8-7, 8-2, DC 8-2, DC 8-6
produces highly reliable mathematical evidence. Computation
addresses existence and valuation for calculated amounts.
-Essential of audit evidence: Auditors use evidence to achieve an acceptably low level of audit
Reperformance is applied in control testing, the auditor independently risk
executes an internal control procedure Control tests only give indirect evidence that the financial statements are not misstated.
For example: Substantive procedures examine evidence about dollar amounts and details for specific
Recompute sales tax as a percentage of total sale amount on a sample assertions in financial statement items
of invoices (substantive verification of account balance).
-Designing audit procedures: decide the nature of the evidence technique, how many items
5) Analysis: Evaluation of financial items in determining other audit
should be tested, which items to test, and when the procedures should be performed
programs and performing analytic procedures that compare
recorded amounts to expectations. Analysis is used in planning, Audit Technique Type of Audit Evidence
execution, and completion of the audit.
For example: Inspection (test of ctrl)- (Substantive), • Documents prepared by independent parties
 Compare inventory turnover rate to previous year (assessing risk (dual purpose) • Documents prepared by the auditee
and/or corroborating substantive verification findings). • Physical inspection of tangible assets
 Compare current year to prior year.
 Compare current year to budget. Observation (test of ctrl) (Substantive) • Auditor’s observations
 Evaluate current year balances against other current year balances. (dual purpose)
 Compare financial ratios to industry standards.
 Study relationship of balances and non-financial information. Confirmation (Substantive) • Statements by independent parties

6) Inquiry: Involves the collection of oral evidence from the client and Recalculation / reperformance (test of • Auditor’s calculations or performance
independent third parties. Audit standards now put more reliance ctrl) (Substantive) (dual purpose)
on inquiry as a means to understanding strategy and risks and
controls. Analysis • Data interrelationships
For example:
Inquire about frequency of bank reconciliation procedures Inquiry (test of ctrl) (dual purpose) • Statements by auditee personnel
(understanding controls for risk assessment).

Dual-purpose audit procedures: procedures that are designed to meet 1) Inspection: Looking at records, documents, or assets having physical substance.
the purpose of a control test and the purpose of a substantive test. • Reliable evidence for existence, supports valuation.
• Documents can be prepared by independent outside parties
Business Information Sources and Methods • Documents can also be prepared by the entity under audit.
For continuing audits, information about the client is available in the For example:
permanent files.
• Read the terms of the lease agreement for the lessee (understanding business)
 The auditor will interview client management and directors
• Test counts of a sample of physical inventory quantities on hand at year-end
to learn of any changes in the business or industry.
(substantive verification of account balance).
 The auditor will assess relevance of prior period
information for the current audit.
Vouching: Information is selected from an account or other summary of information and the
1)Obtaining Information from Observation and Research Databases: auditor goes back through the control system to find the source documentation. Vouching
can study and review research databases, published materials, guides, supports existence. (backward)
and other reference materials on the industry and the client (exhibit 8-
2) Tracing: Auditor selects source documents and proceeds (forward) through the control system
to the final recording of the transaction. Tracing supports completeness.
2) Obtaining Information from Internal Auditors and Experts: Internal
auditors can assist by providing information about systems and Scanning: Does not produce direct evidence, but can raise questions. Computers can be used to
controls. scan electronic data files. Scanning can be used to reduce sampling risk by scanning the items
not selected.
Sufficient Appropriate Evidence in Auditing For example: (same example above)
- Accounting records are evidence but are not sufficient appropriate
evidence for an audit opinion. 2) Observation: Looking at the application of policy or procedures by others.
-Corroborating evidence needs to be obtained.
 Reliable evidence as to performance at the time of observation.
1)Appropriateness of Evidence  Produces a general awareness of events.
evidence must be relevant and reliable. For example:
Relevant: audit evidence must relate to one of the management  Observe petty cash control procedures (understanding controls and control testing).
assertions (exhibit 8-3)  Observe auditee’s inventory-counting procedures (understanding controls and
Reliable: reliability of audit evidence depends on nature and source. control testing).
(Exhibit 8-4)
The following hierarchy of evidence can be used to judge reliability 3) External Confirmation: Consists of (written) enquiry to verify accounting records.
Most reliable  Confirmation with independent parties for a variety of transactions and balances.
Physical inspection  Confirmation can produce evidence regarding existence, ownership, valuation and
Confirmation cut-off.
External documentation For example:
Recalculation / reperformance  Obtain written confirmation of accounts receivable balance from a sample of
Less reliable customers (substantive verification of account balance).
External-internal documentation  Obtain written confirmation of loan amount, interest, collateral, and payment dates
Internal documentation (with good internal controls) from lender (substantive verification of account balance).
Observation
Analytical procedures with specific data Confirmation procedures:
– Confirmations should be printed on the client’s letterhead, signed by a client
officer.
Least reliable
– Auditor needs to ensure that the address on the confirmation is legitimate.
Internal documentation (if poor internal controls)
– The recipient should be able to provide the information.
Inquiry
– The auditor must mail the confirmations.
Broad analytical procedures
– Responses must be returned directly to the auditor.
Positive confirmations: request a reply in all cases. Follow-up is required for all exceptions
2) Sufficiency of Evidence: Test of sufficiency is whether you can
persuade someone else that you have collected enough evidence to
reported, and for all unreturned confirmations.
support your conclusion. In order to reduce audit risk, only detection Negative confirmations: request a reply only where information is incorrect.
risk can be affected by the auditor, so more evidence is required to Only exceptions need to be followed up.
support an opinion.
Audit planning:
The planning memorandum is a summarization of the preliminary
analytical review and the materiality and risk assessment with
specific directions about the effect on the audit.

-All planning becomes the basis for the audit program. The audit
program specifies procedures the auditor will use to guide the
work of inherent control and control risk assessment and to
obtain sufficient competent evidence as a basis for the audit
report.

-Three main types of audit programs:

1) Risk assessment program

This lists the specific procedures for gaining understanding of the
auditee’s business transaction processing systems and controls, as
well as for assessing the (inherent risks) and the (control risks).
2)Internal control program:
A specification of procedures for obtaining and understanding the
client’s business and control systems (assess IR and CR).
3)Balance audit program:
A specification of substantive procedures for gathering direct
evidence on assertions about dollar amounts and accounts.

-Auditor will make a decision on the audit approach: substantive

or combined

-Decide audit procedure: (six techniques), amount of work tp be

done and sample
- inspection, observation, confirmation,
recalculation/reperformance, analysis and inquiry.
-The timing of audit procedure

Audit Documentation (Working Papers)

- Working papers should contain support for the decisions
made in the course of the audit.
- The auditor is the owner of the working papers.

Permanent file: Permanent file papers: information of continuing

interest. Information that will be used year after year.
 Copies from corporate charter or partnership agreements.
 Contracts, including leases, bonds, other agreements.
 Minutes from shareholders meetings.
 Continuing schedules for share capital, RE, capital assets.
Current file:
-Audit administrative papers: Documentation of early planning
phases
- Engagement letter
– Staff assignments
– Organization charts
– Meeting notes
– Overall Audit strategy
– Internal control questionnaire
– Audit plan and programs
– Working trial balance
– Adjusting and reclassification entries
– Review notes

-Audit evidence papers: evidence obtained, and decisions made.

Each section contains a lead sheet that shows the dollar amounts
reported in the financial statements.
-The audit evidence papers must show assertions that were
audited, the evidence gathered about them and the final decision
reached.
-Each page in the file must have:
Index: A page number that allows a working paper to be removed
and replaced properly.
Cross-referencing: Connects information between pages in the
working paper file.
Heading: Includes the entity under audit, period being audited,
and a descriptive title.

Audit Working Paper Software

-integration with client database (extraction of trial balance or
transactions), and
-facilitation of analysis, links to other databases, and websites.
 Audit Engagement Acceptance and Continuance
Ch 5: Preliminary Audit Planning: Understanding (a) to accept a new client, and
the Auditee’s Business (b) whether to resign from audit engagements
1. Evaluate auditor independence and ability to comply with other relevant ethical
-Is the auditor independent of the company, both in fact and in appearance? requirements
-Does the auditor have the competence and available resources to comply with
GAAS for this company? 2. A) Obtain information from the prospective auditee’s management in order to understand
-Are those charged with governance willing and able to accept their responsibilities the business and its risks,
to fairly present the financial statements?
2. B) to assess whether the organization’s managers able to accept responsibility for preparing
If the engagement is accepted, an audit engagement letter is prepared: financial statements in accordance with an acceptable financial reporting framework and for
 Nature of the audit implementing adequate controls to reduce risk of error and fraud.
 Management’s responsibilities
 Auditor’s responsibilities 3. Consider whether the firm has the competence and resources to perform the audit

4. Consider whether the engagement requires special attention or involves unusual risks
1) Understanding the auditee business
5. For new audits, communicate with the previous auditor
2) Risk Assessment: Risk of material misstatement in the financial statements is
used to describe the possibility that business or environmental risks have resulted
Determining Auditability
in the financial statements not being a fair representation of the company’s
-Whether the financial statements presented in accordance with GAAP.
economic realities.
-Whether management understands its responsibility for preparing the financial statements,
 The auditor’s risk assessments will identify the key risk areas in the
and for designing and implementing adequate internal controls.
audit.
-Management’s commitment to providing written representations or other scope limitations
 The audit team will emphasize those areas
Auditee Retention
3) Materiality refers to a monetary amount that auditors believe financial
– The public accounting firm will have more first-hand experience with
statement users would find significant, or material, to their decision making.
the auditee.
– Used for planning how to perform the audit
– Annual retention reviews take into account changes for the auditee.
– Used for concluding whether financial statements are materially
misstated
Communication Between Predecessor and Successor Auditors
4)Documentation of the planning process: Record all deliberations and decisions Auditor’s Risk From Accepting An Audit Engagement
in planning in the document called Overall Audit Strategy – How widely distributed are the audited financial statements?
Overall Audit Strategy: – How strong is the financial condition of the auditee?
-The preliminary planning activities are the basis for the overall audit strategy. – How trustworthy is auditee’s management?
-The audit strategy guides development of the detailed audit plan, which details – How complex is the financial reporting required?
the nature, extent and timing of the audit procedures. – How knowledgeable are the people using the financial statements
-The auditor shall establish an overall audit strategy that sets the scope, timing, likely to be?
and direction of the audit, and that guides the development of the audit plan.

Independent Financial Stat Audit Process: Engagement Letter: When a new audit client is accepted an engagement letter must be
obtained.
– The engagement letter forms the contract for the audit.
Steps: Elements Standards require the auditor and management to agree on the terms of the
audit engagement.
Pre-engagement activities – A new engagement letter should be obtained every year of a
continuing audit.
Risk
Preliminary audit planning: Risk Identification
Assessment
Risk assessment procedures to plan audit
Staff Assignment
Time Budget
Internal control documentation and testing
Understanding the Auditee’s Business, Environment and Risks
Response to
– It helps to assess the risk that financial statements might contain
Assessed Sampling decisions
material misstatements. Used to establish and overall audit strategy, design the audit plan and
Risks
Substantive procedures audit programs. (exhibit 5-3)

Concluding Review audit findings Business environment risks: related to Industry, regulatory, economy-related, and other
& Reporting external factors
Form opinion and issue report Business operational risks: related to Strategy and related business processes, investments,
financing, and performance measures

Communications among audit team members throughout the process Analytical Procedures Requirements
Documentation of the audit decisions and findings  Compare current-year account balances with one or more comparable periods.
Revisions to risk assessments and planned responses if appropriate due to  Compare current-year account balances and financial relationships with similar information
knowledge obtained during audit process for the auditee’s industry.
Communications with those charged with the auditee’s governance and its  Compare current-year account balances with the company’s anticipated results.
management  Evaluate the relationships of current-year balances to other current-year balances for
conformity to predictable patterns.
Independent Audit Engagement Characteristics  Study the relationships of current-year balances to relevant nonfinancial information.
it is important for the auditors to understand what kind of entity is being audited, Preliminary Analytical Procedures
who the people are who are charged with governance of the entity, the  Review of accounting misstatements discovered in prior years
stakeholders to whom they are accountable, and the client’s reasons for wanting  Conversations with the auditee personnel
an audit.  Review of corporate charter and bylaws (or partnership agreement)
Acceptance Decision: Pre-engagement Activities  Review of contracts, agreements, and legal proceedings
Risk management:  Reading and study of the minutes of meetings
Auditors try to reduce the risk (probability of something going wrong) by carefully  Horizontal analysis: examination of numbers and ratios across two or more years.
managing the engagement.  Vertical analysis: examination of amounts expressed each year as proportions of a
Quality management:
base (sales or total assets).
Auditors manage audit in accordance with quality control standards.
Materiality Levels for Audit Planning
Materiality is one of the first important judgments the auditor must make, since it affects every
other planning, examination, and reporting decision.
-Materiality is the largest amount of uncorrected misstatement that might exist in financial
statements that still fairly present the company’s financial position and results of operations.
Performance materiality: leave room for error and reduce the probability that the total
 misstatement exceeds materiality.
Materiality Judgment Criteria: Small misstatements may be material in some cases.
For example:
 masks a change in earnings or other trends,
 hides a failure to meet analysts’ consensus expectations for the auditee,
 changes a loss into net income or vice versa,
 concerns a segment of the business that is considered significant,
 affects the auditee’s compliance with regulatory requirements,
 involves concealment of an unlawful transaction or fraud, or
 has the effect of increasing management compensation
Quantitative guidelines:
5% of income from continuing operations,
5% of net income before bonus,
½ to 2% of revenues or expenses for non-for profit entities,
½ to 1% of net asset value for the mutual fund industry, or
1% of revenue for the real estate industry.

Ch 6: Assessing Risks In an Audit Engagement Ch 7: Internal Control Over Financial Reporting

The Essentials of Assessing Risks in an Audit Engagement
AR = IR x CR x DR
Internal control consists of the following:
Auditors usually like to limit audit risk to less than 5%.
a. the control environment,
Risk of material misstatement (IR × CR) is the auditor’s assessment of the probability
b. the entity’s risk assessment process,
that one or more assertions in the elements of the financial statements are materially
c. the information system and business processes relevant to financial reporting and
misstated due to inherent and control risks.
communication,
d. control activities
Inherent risk (IR) is the probability that material misstatements affecting one or more
e. the monitoring of control
financial statement assertions could have occurred in the first place, before any controls
were applied (characteristics of the client’s business, types of transactions, and
Control environment: characterized by management attitudes, structure, effective
effectiveness of accountants)
communication of control objectives and supervision of personnel and activities.
Control risk (CR) is the probability that management’s internal control policies and
- Good corporate citizenship
procedures will fail to prevent material misstatements from occurring in the first place,
or fail to detect and correct them once they have occurred. (study and evaluation of the  Commitment to truth and fair dealing
company’s control system)  Commitment to quality and competence
- Control testing or compliance testing are detailed procedures used to assess control  Leadership by example
risk.  Compliance with laws, regulations, rules, and organizational policy
- Control risk should not be assessed so low that auditors rely entirely on controls, and  Respect for the privacy of auditee, organization, and employee information
thus do no substantive work. Preventive controls vs Detective controls
Detection risk (DR) is the probability that the auditor’s procedures will fail to detect a
misstatement that has occurred (due to inherent risk) and has not been corrected by Communication: Communications policies show the importance of employees reporting and
the company’s internal controls (due to control risk). acting on control exceptions immediately and establish appropriate channels for reporting
- Auditors can control this risk by conducting substantive (balance audit) tests. these to appropriate levels within the organization.
 Substantive tests include audit of details of transactions and balances, and
analytical procedures applied to dollar amounts in the accounts. Risk Assessment Process
The risk assessment process is how management identifies risks related to misstatements in
the financial statements.
 Substantive procedures provide a direct assessment of the monetary
amount of misstatement in the auditee’s proposed accounting. (Note: Management will also evaluate the significance and likelihood of those risks, and decide
control testing procedures only provide indirect evidence about whether how to manage those risks efficiently and effectively.
material misstatement might have arisen due to control deficiencies)

Information System, Business Processes and Communication

 At least some substantive procedures must be performed in every audit to  identify and record all valid transactions,
comply with the CASs  describe transactions in a manner that permits proper classification,
 measure the value of transactions,
Compare:  determine the time period in which transactions should be reported, and
AR = IR x CR x DR = 0.50 x 1.0 x 1.0 = 0.50  present the transactions properly in the financial statements.
AR = IR x CR x DR = 0.50 x 0.20 x 1.0 = 0.10
Controls Activities: are policies and procedures that ensure the achievement of the entity’s
- Audit risk is lowered by assessing control risk and determining effectiveness of goals, including financial reporting goals.
controls General controls relevant to the audit include performance reviews (e.g.
-But the audit risk is still too high control environment)
-The auditor needs to do enough detection work to reduce detection risk from 1.0 to a Application controls include checks on accuracy, completeness, and
level that leaves only a 5% risk of giving the wrong audit opinion.  authorization of transaction processing (e.g. authorization of cheques prior to
data input)
Materiality refers to the magnitude of a misstatement; audit risk refers to the level of
assurance that material misstatement does not exist. Monitoring of Controls includes considering whether they are operating as intended.
Monitoring: may include reviews of reconciliations, internal audit evaluations, and legal
Business Risk-Based Approach to Auditing department evaluations of compliance.
Controls are modified as required to accommodate changes in business conditions.
There are two parts of business analysis:
 Strategic analysis
To assess the risk of material misstatement at the financial statement level, the auditor
 Business process analysis
needs a detailed knowledge of internal control components relevant to financial reporting.
At the end of the business analysis, the auditor should be able to determine if there are
Gained mainly by making enquiries of auditee personnel.
any weaknesses in the client’s risk management process that could lead to
misstatement on the financial statements.
The auditor gathers information about:
Business risk is an event of action that will adversely affect an organization’s ability to  The organizational structure.
achieve its objectives and execute its strategies  Methods used to communicate responsibility and authority.
 Methods used to supervise accounting information systems.
 The accounting information system itself.
Strategic Analysis
 Gain an understanding from senior client management about: Fraud Risk Assessment
 What is the entity’s strategy? How does it generate revenues and profits? Frauds are intentional acts by one or more individuals among management, those charged
 Does the strategy appear to be successful now and for the future?
with governance, employees, or third parties, involving the use of deception to obtain an
 What are the business risks/threats that can prevent the entity from achieving its
strategic goals? unjust or illegal advantage.
 What business processes, internal controls, and information systems does the entity
management use to manage these risks? Errors are unintentional misstatements or omissions of amounts or disclosures in financial
 What risks can affect the financial statements? statements.
Enterprise risk management is a process, effected by an entity’s board of directors, management, and
other personnel, applied in strategy setting and across the enterprise, designed to identify potential Auditors are mainly concerned with:
events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable
assurance regarding the achievement of entity objectives.
Fraudulent financial reporting
 Misappropriation of assets

Business Process Analysis illegal act (CAS 240 and 250) is an act of non-compliance with the laws and regulations of
Business process analysis deepens the auditor’s understanding of the client’s operations.
the country or countries in which the auditee organization operates. Auditors are concerned
It may also highlight risks and possible note disclosures.
Business processes should also be designed to ensure compliance with laws and regulations. with suspicions of illegal acts that can directly or ultimately affect financial statements.
-More involvement in e-commerce and more complex information systems create new business risks.
-The auditor needs to understand how e-commerce and IT integrate into the business processes.
 The auditors’ knowledge of the business and enquiries of management help to
identify laws and regulations that, if violated and not reported, could result in
Financial Performance Analysis material misstatements.
 Examine significant accounting policies
 In addition, auditors should enquire and obtain representations about
 Interrelationship between ratios
 Any evidence of earnings manipulation awareness and disclosure of possibly illegal acts.
 Consider quality of earnings  Material, possibly illegal, acts should be communicated to the audit committee
Communication with the Audit Committee and appropriate levels of management.
o Impact on earnings of implementing changes in accounting policies
o Effect of significant accounting policies in controversial areas
Fraud auditing is defined as a proactive approach to detect financial frauds using accounting
o Estimates, judgments, and uncertainties
o Existence of acceptable alternative policies and methods records and information, analytical relationships, and an awareness of fraud perpetration
o Unusual transactions and concealment schemes.
o Timing of transactions that affect the recognition of revenues or avoid
recognition of expenses
Financial Statement Assertions and Audit Objectives Auditor responsibility to consider Fraud:
Assertions are claims management makes in financial statements. The auditor shall make inquiries of management regarding:
 Managements accounting system produces a trial balance. a) Management’s assessment of the risk that the financial statements may be
 Management arranges the trial balance in financial statements, making assertions. materially misstated due to fraud, including the nature, extent and frequency
 Auditors take the assertions as focal points for audit work.
of such assessments;
The practical audit objectives are to obtain and evaluate evidence about assertions made by
management in financial statements. b) Management’s process for identifying and responding to the risks of fraud in
Five principal assertions cover the claims made by management in the financial statements: the entity, including any specific risks of fraud that management has identified
 Existence (occurrence) or that have been brought to its attention, or classes of transactions, account
 Completeness balances, or disclosures for which a risk of fraud is likely to exist;
 Ownership (rights and obligations) c) Management’s communication, if any, to those charged with governance
 Valuation (measurement and allocation)
regarding its processes for identifying and responding to the risks of fraud in
 Presentation (classification and disclosure)
Existence: the entity; and
-assets, liabilities and equities actually exist, d) Management’s communication, if any, to employees regarding its views on
-that revenue and expense transactions actually occurred as of a proper date, and business practices and ethical behaviour.
-there are cut-off considerations to existence: no transactions from the next period should be
recorded at the statement date How does the auditor justify that the fraud risk is low?
Completeness:
If the auditors cannot justify that the fraud risk is low, then they need to raise the matter
-No items belonging to the financial statement have been missed.
-There are cut-off considerations: with the audit committee.
All transactions from the period are actually recorded in the period.  Perform analytical procedures of revenues, make enquiries, and scan for
Ownership: Establish with evidence that amounts reported as assets of the company represent unusual entries (especially at year-end),
property rights and the amounts reported as liabilities represent obligations.  The audit team should have brainstorming sessions to identify and share
Valuation: Determine whether proper values have been assigned to assets, liabilities, equities, information on fraud risk factors during the audit.
revenues, and expenses.
 Identify biases in management accounting estimates and be able to understand
Presentation: Determine whether the accounting principles are properly selected and applied and
whether disclosures are adequate the business rationale of transactions.

Immaterial errors are supposed to be reported to management at least one level above the
Misstatement at the Assertion Level: They are the focal point for all audit procedures. people involved.
The auditor uses the assertion to ask “what could go wrong?” and how likely it is to happen
Evidence produced by each procedure must relate to one or more of the specific assertions.
The auditors should inform the audit committee of all suspected fraud and illegal acts,
except those that are “clearly inconsequential.” Those involving senior management are
Audit Risk Assessment: never inconsequential.
Audit risk: The probability that an auditor will fail to express a reservation that financial statements are
materially misstated is audit risk.
The “Fraud Triangle”
 Audit risk is greater if there is poor planning or poor execution of the audit.
 Audit risk is inversely proportionate to risk of getting sued. Fraud Incentive
 Audit risk is dependent on user reliance. Fraud Opportunity
Fraud Rationalization
Auditing by process: For fraud to occur, all three types of factors need to be present.
To simplify the audit plan, auditors typically group the accounts into several accounting processes.
(1) revenues and collection
(2) acquisition and expenditure
(3) production and conversion
(4) finance and investment
The purpose of using business processes is to group together related accounts by transactions that
normally affect them.